diff --git a/.github/workflows/swift-autobuilder.yml b/.github/workflows/swift-autobuilder.yml new file mode 100644 index 00000000000..c10af57ce03 --- /dev/null +++ b/.github/workflows/swift-autobuilder.yml @@ -0,0 +1,27 @@ +name: "Swift: Build and test Xcode autobuilder" + +on: + pull_request: + paths: + - "swift/xcode-autobuilder/**" + - "misc/bazel/**" + - "*.bazel*" + - .github/workflows/swift-autobuilder.yml + branches: + - main + +jobs: + autobuilder: + runs-on: macos-latest + steps: + - uses: actions/checkout@v3 + - uses: bazelbuild/setup-bazelisk@v2 + - uses: actions/setup-python@v4 + with: + python-version-file: 'swift/.python-version' + - name: Build the Xcode autobuilder + run: | + bazel build //swift/xcode-autobuilder + - name: Test the Xcode autobuilder + run: | + bazel test //swift/xcode-autobuilder/tests diff --git a/.github/workflows/swift-codegen.yml b/.github/workflows/swift-codegen.yml index 0ce0cc91c21..89e8fad7f7c 100644 --- a/.github/workflows/swift-codegen.yml +++ b/.github/workflows/swift-codegen.yml @@ -10,6 +10,9 @@ on: - .github/actions/fetch-codeql/action.yml branches: - main +defaults: + run: + working-directory: swift jobs: codegen: @@ -18,7 +21,9 @@ jobs: - uses: actions/checkout@v3 - uses: ./.github/actions/fetch-codeql - uses: bazelbuild/setup-bazelisk@v2 - - uses: actions/setup-python@v3 + - uses: actions/setup-python@v4 + with: + python-version-file: 'swift/.python-version' - uses: pre-commit/action@v3.0.0 name: Check that python code is properly formatted with: diff --git a/.github/workflows/swift-integration-tests.yml b/.github/workflows/swift-integration-tests.yml index b81969f3502..a043d1b2d34 100644 --- a/.github/workflows/swift-integration-tests.yml +++ b/.github/workflows/swift-integration-tests.yml @@ -28,7 +28,9 @@ jobs: - uses: actions/checkout@v3 - uses: ./.github/actions/fetch-codeql - uses: bazelbuild/setup-bazelisk@v2 - - uses: actions/setup-python@v3 + - uses: actions/setup-python@v4 + with: + python-version-file: 'swift/.python-version' - name: Build Swift extractor run: | bazel run //swift:create-extractor-pack diff --git a/.github/workflows/swift-qltest.yml b/.github/workflows/swift-qltest.yml index ab74e96cd57..d50e1748de0 100644 --- a/.github/workflows/swift-qltest.yml +++ b/.github/workflows/swift-qltest.yml @@ -33,6 +33,9 @@ jobs: - uses: actions/checkout@v3 - uses: ./.github/actions/fetch-codeql - uses: bazelbuild/setup-bazelisk@v2 + - uses: actions/setup-python@v4 + with: + python-version-file: 'swift/.python-version' - name: Build Swift extractor run: | bazel run //swift:create-extractor-pack diff --git a/CODEOWNERS b/CODEOWNERS index d5ec29f0b93..6065852559b 100644 --- a/CODEOWNERS +++ b/CODEOWNERS @@ -20,9 +20,9 @@ /java/ql/src/semmle/code/java/dataflow/internal/tainttracking2/TaintTrackingImpl.qll @github/codeql-java @github/codeql-go # CodeQL tools and associated docs -/docs/codeql-cli/ @github/codeql-cli-reviewers -/docs/codeql-for-visual-studio-code/ @github/codeql-vscode-reviewers -/docs/ql-language-reference/ @github/codeql-frontend-reviewers +/docs/codeql/codeql-cli/ @github/codeql-cli-reviewers +/docs/codeql/codeql-for-visual-studio-code/ @github/codeql-vscode-reviewers +/docs/codeql/ql-language-reference/ @github/codeql-frontend-reviewers /docs/query-*-style-guide.md @github/codeql-analysis-reviewers # QL for QL reviewers diff --git a/config/identical-files.json b/config/identical-files.json index c168f540f1e..832fac7741c 100644 --- a/config/identical-files.json +++ b/config/identical-files.json @@ -70,7 +70,6 @@ "python/ql/lib/semmle/python/dataflow/new/internal/tainttracking3/TaintTrackingImpl.qll", "python/ql/lib/semmle/python/dataflow/new/internal/tainttracking4/TaintTrackingImpl.qll", "ruby/ql/lib/codeql/ruby/dataflow/internal/tainttracking1/TaintTrackingImpl.qll", - "ruby/ql/lib/codeql/ruby/dataflow/internal/tainttrackingforregexp/TaintTrackingImpl.qll", "swift/ql/lib/codeql/swift/dataflow/internal/tainttracking1/TaintTrackingImpl.qll" ], "DataFlow Java/C++/C#/Python Consistency checks": [ diff --git a/cpp/ql/lib/experimental/semmle/code/cpp/ir/dataflow/internal/DataFlowImpl.qll b/cpp/ql/lib/experimental/semmle/code/cpp/ir/dataflow/internal/DataFlowImpl.qll index 9053019a6d0..b5631b26b0b 100644 --- a/cpp/ql/lib/experimental/semmle/code/cpp/ir/dataflow/internal/DataFlowImpl.qll +++ b/cpp/ql/lib/experimental/semmle/code/cpp/ir/dataflow/internal/DataFlowImpl.qll @@ -838,13 +838,13 @@ private module Stage1 implements StageSig { * by `revFlow`. */ pragma[nomagic] - predicate revFlowIsReadAndStored(Content c, Configuration conf) { + additional predicate revFlowIsReadAndStored(Content c, Configuration conf) { revFlowConsCand(c, conf) and revFlowStore(c, _, _, conf) } pragma[nomagic] - predicate viableReturnPosOutNodeCandFwd1( + additional predicate viableReturnPosOutNodeCandFwd1( DataFlowCall call, ReturnPosition pos, NodeEx out, Configuration config ) { fwdFlowReturnPosition(pos, _, config) and @@ -860,7 +860,7 @@ private module Stage1 implements StageSig { } pragma[nomagic] - predicate viableParamArgNodeCandFwd1( + additional predicate viableParamArgNodeCandFwd1( DataFlowCall call, ParamNodeEx p, ArgNodeEx arg, Configuration config ) { viableParamArgEx(call, p, arg) and @@ -907,7 +907,7 @@ private module Stage1 implements StageSig { ) } - predicate revFlowState(FlowState state, Configuration config) { + additional predicate revFlowState(FlowState state, Configuration config) { exists(NodeEx node | sinkNode(node, state, config) and revFlow(node, _, pragma[only_bind_into](config)) and @@ -999,7 +999,7 @@ private module Stage1 implements StageSig { ) } - predicate stats( + additional predicate stats( boolean fwd, int nodes, int fields, int conscand, int states, int tuples, Configuration config ) { fwd = true and @@ -1260,7 +1260,7 @@ private module MkStage { * argument. */ pragma[nomagic] - predicate fwdFlow( + additional predicate fwdFlow( NodeEx node, FlowState state, Cc cc, ApOption argAp, Ap ap, Configuration config ) { fwdFlow0(node, state, cc, argAp, ap, config) and @@ -1484,7 +1484,7 @@ private module MkStage { * the access path of the returned value. */ pragma[nomagic] - predicate revFlow( + additional predicate revFlow( NodeEx node, FlowState state, boolean toReturn, ApOption returnAp, Ap ap, Configuration config ) { revFlow0(node, state, toReturn, returnAp, ap, config) and @@ -1662,7 +1662,7 @@ private module MkStage { ) } - predicate revFlow(NodeEx node, FlowState state, Configuration config) { + additional predicate revFlow(NodeEx node, FlowState state, Configuration config) { revFlow(node, state, _, _, _, config) } @@ -1675,11 +1675,13 @@ private module MkStage { // use an alias as a workaround for bad functionality-induced joins pragma[nomagic] - predicate revFlowAlias(NodeEx node, Configuration config) { revFlow(node, _, _, _, _, config) } + additional predicate revFlowAlias(NodeEx node, Configuration config) { + revFlow(node, _, _, _, _, config) + } // use an alias as a workaround for bad functionality-induced joins pragma[nomagic] - predicate revFlowAlias(NodeEx node, FlowState state, Ap ap, Configuration config) { + additional predicate revFlowAlias(NodeEx node, FlowState state, Ap ap, Configuration config) { revFlow(node, state, ap, config) } @@ -1700,7 +1702,7 @@ private module MkStage { ) } - predicate consCand(TypedContent tc, Ap ap, Configuration config) { + additional predicate consCand(TypedContent tc, Ap ap, Configuration config) { revConsCand(tc, ap, config) and validAp(ap, config) } @@ -1742,7 +1744,7 @@ private module MkStage { ) } - predicate stats( + additional predicate stats( boolean fwd, int nodes, int fields, int conscand, int states, int tuples, Configuration config ) { fwd = true and diff --git a/cpp/ql/lib/experimental/semmle/code/cpp/ir/dataflow/internal/DataFlowImpl2.qll b/cpp/ql/lib/experimental/semmle/code/cpp/ir/dataflow/internal/DataFlowImpl2.qll index 9053019a6d0..b5631b26b0b 100644 --- a/cpp/ql/lib/experimental/semmle/code/cpp/ir/dataflow/internal/DataFlowImpl2.qll +++ b/cpp/ql/lib/experimental/semmle/code/cpp/ir/dataflow/internal/DataFlowImpl2.qll @@ -838,13 +838,13 @@ private module Stage1 implements StageSig { * by `revFlow`. */ pragma[nomagic] - predicate revFlowIsReadAndStored(Content c, Configuration conf) { + additional predicate revFlowIsReadAndStored(Content c, Configuration conf) { revFlowConsCand(c, conf) and revFlowStore(c, _, _, conf) } pragma[nomagic] - predicate viableReturnPosOutNodeCandFwd1( + additional predicate viableReturnPosOutNodeCandFwd1( DataFlowCall call, ReturnPosition pos, NodeEx out, Configuration config ) { fwdFlowReturnPosition(pos, _, config) and @@ -860,7 +860,7 @@ private module Stage1 implements StageSig { } pragma[nomagic] - predicate viableParamArgNodeCandFwd1( + additional predicate viableParamArgNodeCandFwd1( DataFlowCall call, ParamNodeEx p, ArgNodeEx arg, Configuration config ) { viableParamArgEx(call, p, arg) and @@ -907,7 +907,7 @@ private module Stage1 implements StageSig { ) } - predicate revFlowState(FlowState state, Configuration config) { + additional predicate revFlowState(FlowState state, Configuration config) { exists(NodeEx node | sinkNode(node, state, config) and revFlow(node, _, pragma[only_bind_into](config)) and @@ -999,7 +999,7 @@ private module Stage1 implements StageSig { ) } - predicate stats( + additional predicate stats( boolean fwd, int nodes, int fields, int conscand, int states, int tuples, Configuration config ) { fwd = true and @@ -1260,7 +1260,7 @@ private module MkStage { * argument. */ pragma[nomagic] - predicate fwdFlow( + additional predicate fwdFlow( NodeEx node, FlowState state, Cc cc, ApOption argAp, Ap ap, Configuration config ) { fwdFlow0(node, state, cc, argAp, ap, config) and @@ -1484,7 +1484,7 @@ private module MkStage { * the access path of the returned value. */ pragma[nomagic] - predicate revFlow( + additional predicate revFlow( NodeEx node, FlowState state, boolean toReturn, ApOption returnAp, Ap ap, Configuration config ) { revFlow0(node, state, toReturn, returnAp, ap, config) and @@ -1662,7 +1662,7 @@ private module MkStage { ) } - predicate revFlow(NodeEx node, FlowState state, Configuration config) { + additional predicate revFlow(NodeEx node, FlowState state, Configuration config) { revFlow(node, state, _, _, _, config) } @@ -1675,11 +1675,13 @@ private module MkStage { // use an alias as a workaround for bad functionality-induced joins pragma[nomagic] - predicate revFlowAlias(NodeEx node, Configuration config) { revFlow(node, _, _, _, _, config) } + additional predicate revFlowAlias(NodeEx node, Configuration config) { + revFlow(node, _, _, _, _, config) + } // use an alias as a workaround for bad functionality-induced joins pragma[nomagic] - predicate revFlowAlias(NodeEx node, FlowState state, Ap ap, Configuration config) { + additional predicate revFlowAlias(NodeEx node, FlowState state, Ap ap, Configuration config) { revFlow(node, state, ap, config) } @@ -1700,7 +1702,7 @@ private module MkStage { ) } - predicate consCand(TypedContent tc, Ap ap, Configuration config) { + additional predicate consCand(TypedContent tc, Ap ap, Configuration config) { revConsCand(tc, ap, config) and validAp(ap, config) } @@ -1742,7 +1744,7 @@ private module MkStage { ) } - predicate stats( + additional predicate stats( boolean fwd, int nodes, int fields, int conscand, int states, int tuples, Configuration config ) { fwd = true and diff --git a/cpp/ql/lib/experimental/semmle/code/cpp/ir/dataflow/internal/DataFlowImpl3.qll b/cpp/ql/lib/experimental/semmle/code/cpp/ir/dataflow/internal/DataFlowImpl3.qll index 9053019a6d0..b5631b26b0b 100644 --- a/cpp/ql/lib/experimental/semmle/code/cpp/ir/dataflow/internal/DataFlowImpl3.qll +++ b/cpp/ql/lib/experimental/semmle/code/cpp/ir/dataflow/internal/DataFlowImpl3.qll @@ -838,13 +838,13 @@ private module Stage1 implements StageSig { * by `revFlow`. */ pragma[nomagic] - predicate revFlowIsReadAndStored(Content c, Configuration conf) { + additional predicate revFlowIsReadAndStored(Content c, Configuration conf) { revFlowConsCand(c, conf) and revFlowStore(c, _, _, conf) } pragma[nomagic] - predicate viableReturnPosOutNodeCandFwd1( + additional predicate viableReturnPosOutNodeCandFwd1( DataFlowCall call, ReturnPosition pos, NodeEx out, Configuration config ) { fwdFlowReturnPosition(pos, _, config) and @@ -860,7 +860,7 @@ private module Stage1 implements StageSig { } pragma[nomagic] - predicate viableParamArgNodeCandFwd1( + additional predicate viableParamArgNodeCandFwd1( DataFlowCall call, ParamNodeEx p, ArgNodeEx arg, Configuration config ) { viableParamArgEx(call, p, arg) and @@ -907,7 +907,7 @@ private module Stage1 implements StageSig { ) } - predicate revFlowState(FlowState state, Configuration config) { + additional predicate revFlowState(FlowState state, Configuration config) { exists(NodeEx node | sinkNode(node, state, config) and revFlow(node, _, pragma[only_bind_into](config)) and @@ -999,7 +999,7 @@ private module Stage1 implements StageSig { ) } - predicate stats( + additional predicate stats( boolean fwd, int nodes, int fields, int conscand, int states, int tuples, Configuration config ) { fwd = true and @@ -1260,7 +1260,7 @@ private module MkStage { * argument. */ pragma[nomagic] - predicate fwdFlow( + additional predicate fwdFlow( NodeEx node, FlowState state, Cc cc, ApOption argAp, Ap ap, Configuration config ) { fwdFlow0(node, state, cc, argAp, ap, config) and @@ -1484,7 +1484,7 @@ private module MkStage { * the access path of the returned value. */ pragma[nomagic] - predicate revFlow( + additional predicate revFlow( NodeEx node, FlowState state, boolean toReturn, ApOption returnAp, Ap ap, Configuration config ) { revFlow0(node, state, toReturn, returnAp, ap, config) and @@ -1662,7 +1662,7 @@ private module MkStage { ) } - predicate revFlow(NodeEx node, FlowState state, Configuration config) { + additional predicate revFlow(NodeEx node, FlowState state, Configuration config) { revFlow(node, state, _, _, _, config) } @@ -1675,11 +1675,13 @@ private module MkStage { // use an alias as a workaround for bad functionality-induced joins pragma[nomagic] - predicate revFlowAlias(NodeEx node, Configuration config) { revFlow(node, _, _, _, _, config) } + additional predicate revFlowAlias(NodeEx node, Configuration config) { + revFlow(node, _, _, _, _, config) + } // use an alias as a workaround for bad functionality-induced joins pragma[nomagic] - predicate revFlowAlias(NodeEx node, FlowState state, Ap ap, Configuration config) { + additional predicate revFlowAlias(NodeEx node, FlowState state, Ap ap, Configuration config) { revFlow(node, state, ap, config) } @@ -1700,7 +1702,7 @@ private module MkStage { ) } - predicate consCand(TypedContent tc, Ap ap, Configuration config) { + additional predicate consCand(TypedContent tc, Ap ap, Configuration config) { revConsCand(tc, ap, config) and validAp(ap, config) } @@ -1742,7 +1744,7 @@ private module MkStage { ) } - predicate stats( + additional predicate stats( boolean fwd, int nodes, int fields, int conscand, int states, int tuples, Configuration config ) { fwd = true and diff --git a/cpp/ql/lib/experimental/semmle/code/cpp/ir/dataflow/internal/DataFlowImpl4.qll b/cpp/ql/lib/experimental/semmle/code/cpp/ir/dataflow/internal/DataFlowImpl4.qll index 9053019a6d0..b5631b26b0b 100644 --- a/cpp/ql/lib/experimental/semmle/code/cpp/ir/dataflow/internal/DataFlowImpl4.qll +++ b/cpp/ql/lib/experimental/semmle/code/cpp/ir/dataflow/internal/DataFlowImpl4.qll @@ -838,13 +838,13 @@ private module Stage1 implements StageSig { * by `revFlow`. */ pragma[nomagic] - predicate revFlowIsReadAndStored(Content c, Configuration conf) { + additional predicate revFlowIsReadAndStored(Content c, Configuration conf) { revFlowConsCand(c, conf) and revFlowStore(c, _, _, conf) } pragma[nomagic] - predicate viableReturnPosOutNodeCandFwd1( + additional predicate viableReturnPosOutNodeCandFwd1( DataFlowCall call, ReturnPosition pos, NodeEx out, Configuration config ) { fwdFlowReturnPosition(pos, _, config) and @@ -860,7 +860,7 @@ private module Stage1 implements StageSig { } pragma[nomagic] - predicate viableParamArgNodeCandFwd1( + additional predicate viableParamArgNodeCandFwd1( DataFlowCall call, ParamNodeEx p, ArgNodeEx arg, Configuration config ) { viableParamArgEx(call, p, arg) and @@ -907,7 +907,7 @@ private module Stage1 implements StageSig { ) } - predicate revFlowState(FlowState state, Configuration config) { + additional predicate revFlowState(FlowState state, Configuration config) { exists(NodeEx node | sinkNode(node, state, config) and revFlow(node, _, pragma[only_bind_into](config)) and @@ -999,7 +999,7 @@ private module Stage1 implements StageSig { ) } - predicate stats( + additional predicate stats( boolean fwd, int nodes, int fields, int conscand, int states, int tuples, Configuration config ) { fwd = true and @@ -1260,7 +1260,7 @@ private module MkStage { * argument. */ pragma[nomagic] - predicate fwdFlow( + additional predicate fwdFlow( NodeEx node, FlowState state, Cc cc, ApOption argAp, Ap ap, Configuration config ) { fwdFlow0(node, state, cc, argAp, ap, config) and @@ -1484,7 +1484,7 @@ private module MkStage { * the access path of the returned value. */ pragma[nomagic] - predicate revFlow( + additional predicate revFlow( NodeEx node, FlowState state, boolean toReturn, ApOption returnAp, Ap ap, Configuration config ) { revFlow0(node, state, toReturn, returnAp, ap, config) and @@ -1662,7 +1662,7 @@ private module MkStage { ) } - predicate revFlow(NodeEx node, FlowState state, Configuration config) { + additional predicate revFlow(NodeEx node, FlowState state, Configuration config) { revFlow(node, state, _, _, _, config) } @@ -1675,11 +1675,13 @@ private module MkStage { // use an alias as a workaround for bad functionality-induced joins pragma[nomagic] - predicate revFlowAlias(NodeEx node, Configuration config) { revFlow(node, _, _, _, _, config) } + additional predicate revFlowAlias(NodeEx node, Configuration config) { + revFlow(node, _, _, _, _, config) + } // use an alias as a workaround for bad functionality-induced joins pragma[nomagic] - predicate revFlowAlias(NodeEx node, FlowState state, Ap ap, Configuration config) { + additional predicate revFlowAlias(NodeEx node, FlowState state, Ap ap, Configuration config) { revFlow(node, state, ap, config) } @@ -1700,7 +1702,7 @@ private module MkStage { ) } - predicate consCand(TypedContent tc, Ap ap, Configuration config) { + additional predicate consCand(TypedContent tc, Ap ap, Configuration config) { revConsCand(tc, ap, config) and validAp(ap, config) } @@ -1742,7 +1744,7 @@ private module MkStage { ) } - predicate stats( + additional predicate stats( boolean fwd, int nodes, int fields, int conscand, int states, int tuples, Configuration config ) { fwd = true and diff --git a/cpp/ql/lib/experimental/semmle/code/cpp/ir/dataflow/internal/DataFlowPrivate.qll b/cpp/ql/lib/experimental/semmle/code/cpp/ir/dataflow/internal/DataFlowPrivate.qll index d6b2d455dd2..69e08a9a5d2 100644 --- a/cpp/ql/lib/experimental/semmle/code/cpp/ir/dataflow/internal/DataFlowPrivate.qll +++ b/cpp/ql/lib/experimental/semmle/code/cpp/ir/dataflow/internal/DataFlowPrivate.qll @@ -137,7 +137,7 @@ private newtype TReturnKind = exists(IndirectReturnNode return, ReturnIndirectionInstruction returnInd | returnInd.hasIndex(argumentIndex) and return.getAddressOperand() = returnInd.getSourceAddressOperand() and - indirectionIndex = return.getIndirectionIndex() - 1 // We subtract one because the return loads the value. + indirectionIndex = return.getIndirectionIndex() ) } @@ -197,7 +197,7 @@ class ReturnIndirectionNode extends IndirectReturnNode, ReturnNode { exists(int argumentIndex, ReturnIndirectionInstruction returnInd | returnInd.hasIndex(argumentIndex) and this.getAddressOperand() = returnInd.getSourceAddressOperand() and - result = TIndirectReturnKind(argumentIndex, this.getIndirectionIndex() - 1) and + result = TIndirectReturnKind(argumentIndex, this.getIndirectionIndex()) and hasNonInitializeParameterDef(returnInd.getIRVariable()) ) or @@ -241,7 +241,7 @@ private Instruction getANonConversionUse(Operand operand) { /** * Gets the operand that represents the first use of the value of `call` following - * a sequnce of conversion-like instructions. + * a sequence of conversion-like instructions. */ predicate operandForfullyConvertedCall(Operand operand, CallInstruction call) { exists(getANonConversionUse(operand)) and @@ -254,7 +254,7 @@ predicate operandForfullyConvertedCall(Operand operand, CallInstruction call) { /** * Gets the instruction that represents the first use of the value of `call` following - * a sequnce of conversion-like instructions. + * a sequence of conversion-like instructions. * * This predicate only holds if there is no suitable operand (i.e., no operand of a non- * conversion instruction) to use to represent the value of `call` after conversions. @@ -365,7 +365,7 @@ predicate jumpStep(Node n1, Node n2) { predicate storeStep(Node node1, Content c, PostFieldUpdateNode node2) { exists(int indirectionIndex1, int numberOfLoads, StoreInstruction store | nodeHasInstruction(node1, store, pragma[only_bind_into](indirectionIndex1)) and - node2.getIndirectionIndex() = 0 and + node2.getIndirectionIndex() = 1 and numberOfLoadsFromOperand(node2.getFieldAddress(), store.getDestinationAddressOperand(), numberOfLoads) | @@ -465,20 +465,20 @@ predicate clearsContent(Node n, Content c) { predicate expectsContent(Node n, ContentSet c) { none() } /** Gets the type of `n` used for type pruning. */ -IRType getNodeType(Node n) { +DataFlowType getNodeType(Node n) { suppressUnusedNode(n) and - result instanceof IRVoidType // stub implementation + result instanceof VoidType // stub implementation } /** Gets a string representation of a type returned by `getNodeType`. */ -string ppReprType(IRType t) { none() } // stub implementation +string ppReprType(DataFlowType t) { none() } // stub implementation /** * Holds if `t1` and `t2` are compatible, that is, whether data can flow from * a node of type `t1` to a node of type `t2`. */ pragma[inline] -predicate compatibleTypes(IRType t1, IRType t2) { +predicate compatibleTypes(DataFlowType t1, DataFlowType t2) { any() // stub implementation } @@ -502,7 +502,7 @@ class DataFlowCallable = Cpp::Declaration; class DataFlowExpr = Expr; -class DataFlowType = IRType; +class DataFlowType = Type; /** A function call relevant for data flow. */ class DataFlowCall extends CallInstruction { diff --git a/cpp/ql/lib/experimental/semmle/code/cpp/ir/dataflow/internal/DataFlowUtil.qll b/cpp/ql/lib/experimental/semmle/code/cpp/ir/dataflow/internal/DataFlowUtil.qll index 08d5f270e5a..dc462fecc94 100644 --- a/cpp/ql/lib/experimental/semmle/code/cpp/ir/dataflow/internal/DataFlowUtil.qll +++ b/cpp/ql/lib/experimental/semmle/code/cpp/ir/dataflow/internal/DataFlowUtil.qll @@ -38,13 +38,12 @@ private module Cached { TVariableNode(Variable var) or TPostFieldUpdateNode(FieldAddress operand, int indirectionIndex) { indirectionIndex = - [0 .. Ssa::countIndirectionsForCppType(operand.getObjectAddress().getResultLanguageType()) - - 1] + [1 .. Ssa::countIndirectionsForCppType(operand.getObjectAddress().getResultLanguageType())] } or TSsaPhiNode(Ssa::PhiNode phi) or TIndirectArgumentOutNode(ArgumentOperand operand, int indirectionIndex) { Ssa::isModifiableByCall(operand) and - indirectionIndex = [0 .. Ssa::countIndirectionsForCppType(operand.getLanguageType()) - 1] + indirectionIndex = [1 .. Ssa::countIndirectionsForCppType(operand.getLanguageType())] } or TIndirectOperand(Operand op, int indirectionIndex) { Ssa::hasIndirectOperand(op, indirectionIndex) @@ -113,7 +112,7 @@ class Node extends TIRDataFlowNode { Declaration getFunction() { none() } // overridden in subclasses /** Gets the type of this node. */ - IRType getType() { none() } // overridden in subclasses + DataFlowType getType() { none() } // overridden in subclasses /** Gets the instruction corresponding to this node, if any. */ Instruction asInstruction() { result = this.(InstructionNode).getInstruction() } @@ -230,7 +229,13 @@ class Node extends TIRDataFlowNode { Expr asIndirectArgument() { result = this.asIndirectArgument(_) } /** Gets the positional parameter corresponding to this node, if any. */ - Parameter asParameter() { result = asParameter(0) } + Parameter asParameter() { result = this.asParameter(0) } + + /** + * Gets the uninitialized local variable corresponding to this node, if + * any. + */ + LocalVariable asUninitialized() { result = this.(UninitializedNode).getLocalVariable() } /** * Gets the positional parameter corresponding to the node that represents @@ -273,7 +278,7 @@ class Node extends TIRDataFlowNode { /** * Gets an upper bound on the type of this node. */ - IRType getTypeBound() { result = this.getType() } + DataFlowType getTypeBound() { result = this.getType() } /** Gets the location of this element. */ cached @@ -322,7 +327,7 @@ class InstructionNode extends Node, TInstructionNode { override Declaration getFunction() { result = instr.getEnclosingFunction() } - override IRType getType() { result = instr.getResultIRType() } + override DataFlowType getType() { result = instr.getResultType() } final override Location getLocationImpl() { result = instr.getLocation() } @@ -348,13 +353,32 @@ class OperandNode extends Node, TOperandNode { override Declaration getFunction() { result = op.getUse().getEnclosingFunction() } - override IRType getType() { result = op.getIRType() } + override DataFlowType getType() { result = op.getType() } final override Location getLocationImpl() { result = op.getLocation() } override string toStringImpl() { result = this.getOperand().toString() } } +/** + * Returns `t`, but stripped of the `n` outermost pointers, references, etc. + * + * For example, `stripPointers(int*&, 2)` is `int` and `stripPointers(int*, 0)` is `int*`. + */ +private Type stripPointers(Type t, int n) { + result = t and n = 0 + or + result = stripPointers(t.(PointerType).getBaseType(), n - 1) + or + result = stripPointers(t.(ArrayType).getBaseType(), n - 1) + or + result = stripPointers(t.(ReferenceType).getBaseType(), n - 1) + or + result = stripPointers(t.(PointerToMemberType).getBaseType(), n - 1) + or + result = stripPointers(t.(FunctionPointerIshType).getBaseType(), n - 1) +} + /** * INTERNAL: do not use. * @@ -370,8 +394,6 @@ class PostFieldUpdateNode extends TPostFieldUpdateNode, PartialDefinitionNode { override Declaration getEnclosingCallable() { result = this.getFunction() } - override IRType getType() { result = fieldAddress.getIRType() } - FieldAddress getFieldAddress() { result = fieldAddress } Field getUpdatedField() { result = fieldAddress.getField() } @@ -379,10 +401,8 @@ class PostFieldUpdateNode extends TPostFieldUpdateNode, PartialDefinitionNode { int getIndirectionIndex() { result = indirectionIndex } override Node getPreUpdateNode() { - // + 1 because we're storing into an lvalue, and the original node should be the rvalue of - // the same address. hasOperandAndIndex(result, pragma[only_bind_into](fieldAddress).getObjectAddressOperand(), - indirectionIndex + 1) + indirectionIndex) } override Expr getDefinedExpr() { @@ -411,7 +431,7 @@ class SsaPhiNode extends Node, TSsaPhiNode { override Declaration getFunction() { result = phi.getBasicBlock().getEnclosingFunction() } - override IRType getType() { result instanceof IRVoidType } + override DataFlowType getType() { result = this.getAnInput().getType() } final override Location getLocationImpl() { result = phi.getBasicBlock().getLocation() } @@ -454,8 +474,6 @@ class SideEffectOperandNode extends Node, IndirectOperand { override Function getFunction() { result = call.getEnclosingFunction() } - override IRType getType() { result instanceof IRVoidType } - Expr getArgument() { result = call.getArgument(argumentIndex).getUnconvertedResultExpression() } } @@ -478,8 +496,6 @@ class IndirectParameterNode extends Node, IndirectInstruction { override Function getFunction() { result = this.getInstruction().getEnclosingFunction() } - override IRType getType() { result instanceof IRVoidType } - override string toStringImpl() { result = this.getParameter().toString() + " indirection" or @@ -504,8 +520,6 @@ class IndirectReturnNode extends IndirectOperand { Operand getAddressOperand() { result = operand } override Declaration getEnclosingCallable() { result = this.getFunction() } - - override IRType getType() { result instanceof IRVoidType } } /** @@ -536,9 +550,7 @@ class IndirectArgumentOutNode extends Node, TIndirectArgumentOutNode, PostUpdate override Function getFunction() { result = this.getCallInstruction().getEnclosingFunction() } - override IRType getType() { result instanceof IRVoidType } - - override Node getPreUpdateNode() { hasOperandAndIndex(result, operand, indirectionIndex + 1) } + override Node getPreUpdateNode() { hasOperandAndIndex(result, operand, indirectionIndex) } override string toStringImpl() { // This string should be unique enough to be helpful but common enough to @@ -594,6 +606,38 @@ class IndirectReturnOutNode extends Node { int getIndirectionIndex() { result = indirectionIndex } } +private PointerType getGLValueType(Type t, int indirectionIndex) { + result.getBaseType() = stripPointers(t, indirectionIndex - 1) +} + +bindingset[isGLValue] +private DataFlowType getTypeImpl(Type t, int indirectionIndex, boolean isGLValue) { + if isGLValue = true + then + result = getGLValueType(t, indirectionIndex) + or + // Ideally, the above case would cover all glvalue cases. However, consider the case where + // the database consists only of: + // ``` + // void test() { + // int* x; + // x = nullptr; + // } + // ``` + // and we want to compute the type of `*x` in the assignment `x = nullptr`. Here, `x` is an lvalue + // of type int* (which morally is an int**). So when we call `getTypeImpl` it will be with the + // parameters: + // - t = int* + // - indirectionIndex = 1 (when we want to model the dataflow node corresponding to *x) + // - isGLValue = true + // In this case, `getTypeImpl(t, indirectionIndex, isGLValue)` should give back `int**`. In this + // case, however, `int**` does not exist in the database. So instead we return int* (which is + // wrong, but at least we have a type). + not exists(getGLValueType(t, indirectionIndex)) and + result = stripPointers(t, indirectionIndex - 1) + else result = stripPointers(t, indirectionIndex) +} + /** * INTERNAL: Do not use. * @@ -615,7 +659,11 @@ class IndirectOperand extends Node, TIndirectOperand { override Declaration getEnclosingCallable() { result = this.getFunction() } - override IRType getType() { result = this.getOperand().getIRType() } + override DataFlowType getType() { + exists(boolean isGLValue | if operand.isGLValue() then isGLValue = true else isGLValue = false | + result = getTypeImpl(operand.getType().getUnspecifiedType(), indirectionIndex, isGLValue) + ) + } final override Location getLocationImpl() { result = this.getOperand().getLocation() } @@ -624,6 +672,25 @@ class IndirectOperand extends Node, TIndirectOperand { } } +/** + * The value of an uninitialized local variable, viewed as a node in a data + * flow graph. + */ +class UninitializedNode extends Node { + LocalVariable v; + + UninitializedNode() { + exists(Ssa::Def def | + def.getDefiningInstruction() instanceof UninitializedInstruction and + Ssa::nodeToDefOrUse(this, def) and + v = def.getSourceVariable().getBaseVariable().(Ssa::BaseIRVariable).getIRVariable().getAst() + ) + } + + /** Gets the uninitialized local variable corresponding to this node. */ + LocalVariable getLocalVariable() { result = v } +} + /** * INTERNAL: Do not use. * @@ -645,7 +712,11 @@ class IndirectInstruction extends Node, TIndirectInstruction { override Declaration getEnclosingCallable() { result = this.getFunction() } - override IRType getType() { result = this.getInstruction().getResultIRType() } + override DataFlowType getType() { + exists(boolean isGLValue | if instr.isGLValue() then isGLValue = true else isGLValue = false | + result = getTypeImpl(instr.getResultType().getUnspecifiedType(), indirectionIndex, isGLValue) + ) + } final override Location getLocationImpl() { result = this.getInstruction().getLocation() } @@ -675,7 +746,7 @@ predicate exprNodeShouldBeOperand(Node node, Expr e) { /** * Holds if `load` is a `LoadInstruction` that is the result of evaluating `e` - * and `node` is an `IndirctOperandNode` that should map `node.asExpr()` to `e`. + * and `node` is an `IndirectOperandNode` that should map `node.asExpr()` to `e`. * * We map `e` to `node.asExpr()` when `node` semantically represents the * same value as `load`. A subsequent flow step will flow `node` to @@ -859,6 +930,8 @@ abstract class PostUpdateNode extends Node { * Gets the node before the state update. */ abstract Node getPreUpdateNode(); + + final override DataFlowType getType() { result = this.getPreUpdateNode().getType() } } /** @@ -922,7 +995,7 @@ class VariableNode extends Node, TVariableNode { result = v } - override IRType getType() { result.getCanonicalLanguageType().hasUnspecifiedType(v.getType(), _) } + override DataFlowType getType() { result = v.getType() } final override Location getLocationImpl() { result = v.getLocation() } @@ -1075,7 +1148,7 @@ predicate simpleLocalFlowStep(Node nodeFrom, Node nodeTo) { store.getDestinationAddressOperand() = address ) or - Ssa::outNodeHasAddressAndIndex(nodeFrom, address, indirectionIndex - 1) + Ssa::outNodeHasAddressAndIndex(nodeFrom, address, indirectionIndex) ) } diff --git a/cpp/ql/lib/experimental/semmle/code/cpp/ir/dataflow/internal/ModelUtil.qll b/cpp/ql/lib/experimental/semmle/code/cpp/ir/dataflow/internal/ModelUtil.qll index c302c6ef878..27edf7ce02c 100644 --- a/cpp/ql/lib/experimental/semmle/code/cpp/ir/dataflow/internal/ModelUtil.qll +++ b/cpp/ql/lib/experimental/semmle/code/cpp/ir/dataflow/internal/ModelUtil.qll @@ -41,7 +41,7 @@ Node callOutput(CallInstruction call, FunctionOutput output) { // The side effect of a call on the value pointed to by an argument or qualifier exists(int index, int indirectionIndex | result.(IndirectArgumentOutNode).getArgumentIndex() = index and - result.(IndirectArgumentOutNode).getIndirectionIndex() + 1 = indirectionIndex and + result.(IndirectArgumentOutNode).getIndirectionIndex() = indirectionIndex and result.(IndirectArgumentOutNode).getCallInstruction() = call and output.isParameterDerefOrQualifierObject(index, indirectionIndex) ) diff --git a/cpp/ql/lib/experimental/semmle/code/cpp/ir/dataflow/internal/PrintIRLocalFlow.qll b/cpp/ql/lib/experimental/semmle/code/cpp/ir/dataflow/internal/PrintIRLocalFlow.qll index 7359656e5a4..a14b2b00651 100644 --- a/cpp/ql/lib/experimental/semmle/code/cpp/ir/dataflow/internal/PrintIRLocalFlow.qll +++ b/cpp/ql/lib/experimental/semmle/code/cpp/ir/dataflow/internal/PrintIRLocalFlow.qll @@ -100,7 +100,7 @@ private string getNodeProperty(DataFlow::Node node, string key) { or // Is there partial flow from a source to this node? // This property will only be emitted if partial flow is enabled by overriding - // `DataFlow::Configration::explorationLimit()`. + // `DataFlow::Configuration::explorationLimit()`. key = "pflow" and result = strictconcat(DataFlow::PartialPathNode sourceNode, DataFlow::PartialPathNode destNode, int dist, diff --git a/cpp/ql/lib/experimental/semmle/code/cpp/ir/dataflow/internal/SsaInternalsCommon.qll b/cpp/ql/lib/experimental/semmle/code/cpp/ir/dataflow/internal/SsaInternalsCommon.qll index 36ab036c4e5..2e0a20fcfdc 100644 --- a/cpp/ql/lib/experimental/semmle/code/cpp/ir/dataflow/internal/SsaInternalsCommon.qll +++ b/cpp/ql/lib/experimental/semmle/code/cpp/ir/dataflow/internal/SsaInternalsCommon.qll @@ -11,7 +11,9 @@ private import DataFlowUtil * corresponding `(Indirect)OperandNode`. */ predicate ignoreOperand(Operand operand) { - operand = any(Instruction instr | ignoreInstruction(instr)).getAnOperand() + operand = any(Instruction instr | ignoreInstruction(instr)).getAnOperand() or + operand = any(Instruction instr | ignoreInstruction(instr)).getAUse() or + operand instanceof MemoryOperand } /** diff --git a/cpp/ql/lib/experimental/semmle/code/cpp/ir/dataflow/internal/ssa0/SsaInternals.qll b/cpp/ql/lib/experimental/semmle/code/cpp/ir/dataflow/internal/ssa0/SsaInternals.qll index 3a89f1d170f..06c4a7f751c 100644 --- a/cpp/ql/lib/experimental/semmle/code/cpp/ir/dataflow/internal/ssa0/SsaInternals.qll +++ b/cpp/ql/lib/experimental/semmle/code/cpp/ir/dataflow/internal/ssa0/SsaInternals.qll @@ -36,7 +36,7 @@ private module SourceVariables { override string toString() { result = var.toString() } - override DataFlowType getType() { result = var.getIRType() } + override DataFlowType getType() { result = var.getType() } } class BaseCallVariable extends BaseSourceVariable, TBaseCallVariable { @@ -48,7 +48,7 @@ private module SourceVariables { override string toString() { result = call.toString() } - override DataFlowType getType() { result = call.getResultIRType() } + override DataFlowType getType() { result = call.getResultType() } } private newtype TSourceVariable = diff --git a/cpp/ql/lib/experimental/semmle/code/cpp/semantic/analysis/SignAnalysisCommon.qll b/cpp/ql/lib/experimental/semmle/code/cpp/semantic/analysis/SignAnalysisCommon.qll index 10944b55fbc..27c3083fecc 100644 --- a/cpp/ql/lib/experimental/semmle/code/cpp/semantic/analysis/SignAnalysisCommon.qll +++ b/cpp/ql/lib/experimental/semmle/code/cpp/semantic/analysis/SignAnalysisCommon.qll @@ -71,7 +71,7 @@ abstract class CustomSignDef extends SignDef { * Concrete implementations extend one of the following subclasses: * - `ConstantSignExpr`, for expressions with a compile-time constant value. * - `FlowSignExpr`, for expressions whose sign can be computed from the signs of their operands. - * - `CustomsignExpr`, for expressions shose sign can be computed by a language-specific + * - `CustomsignExpr`, for expressions whose sign can be computed by a language-specific * implementation. * * If the same expression matches more than one of the above subclasses, the sign is computed as diff --git a/cpp/ql/lib/experimental/semmle/code/cpp/semantic/analysis/SignAnalysisSpecific.qll b/cpp/ql/lib/experimental/semmle/code/cpp/semantic/analysis/SignAnalysisSpecific.qll index e44281af85b..0f482790d4d 100644 --- a/cpp/ql/lib/experimental/semmle/code/cpp/semantic/analysis/SignAnalysisSpecific.qll +++ b/cpp/ql/lib/experimental/semmle/code/cpp/semantic/analysis/SignAnalysisSpecific.qll @@ -11,7 +11,7 @@ private import experimental.semmle.code.cpp.semantic.Semantic predicate ignoreTypeRestrictions(SemExpr e) { none() } /** - * Workaround to track the sign of cetain expressions even if the type of the expression is not + * Workaround to track the sign of certain expressions even if the type of the expression is not * numeric. */ predicate trackUnknownNonNumericExpr(SemExpr e) { none() } diff --git a/cpp/ql/lib/semmle/code/cpp/Linkage.qll b/cpp/ql/lib/semmle/code/cpp/Linkage.qll index 766ddd188c1..e604ce06dee 100644 --- a/cpp/ql/lib/semmle/code/cpp/Linkage.qll +++ b/cpp/ql/lib/semmle/code/cpp/Linkage.qll @@ -1,5 +1,5 @@ /** - * Proivdes the `LinkTarget` class representing linker invocations during the build process. + * Provides the `LinkTarget` class representing linker invocations during the build process. */ import semmle.code.cpp.Class diff --git a/cpp/ql/lib/semmle/code/cpp/Variable.qll b/cpp/ql/lib/semmle/code/cpp/Variable.qll index b0e0647d24b..c82f3689c85 100644 --- a/cpp/ql/lib/semmle/code/cpp/Variable.qll +++ b/cpp/ql/lib/semmle/code/cpp/Variable.qll @@ -144,7 +144,7 @@ class Variable extends Declaration, @variable { * `Variable.getInitializer()` to get the variable's initializer, * or use `Variable.getAnAssignedValue()` to get an expression that * is the right-hand side of an assignment or an initialization of - * the varible. + * the variable. */ Assignment getAnAssignment() { result.getLValue() = this.getAnAccess() } @@ -173,7 +173,7 @@ class Variable extends Declaration, @variable { } /** - * Holds if this variable is declated as part of a structured binding + * Holds if this variable is declared as part of a structured binding * declaration. For example, `x` in `auto [x, y] = ...`. */ predicate isStructuredBinding() { is_structured_binding(underlyingElement(this)) } diff --git a/cpp/ql/lib/semmle/code/cpp/commons/Printf.qll b/cpp/ql/lib/semmle/code/cpp/commons/Printf.qll index b093a73e429..32872eea915 100644 --- a/cpp/ql/lib/semmle/code/cpp/commons/Printf.qll +++ b/cpp/ql/lib/semmle/code/cpp/commons/Printf.qll @@ -76,7 +76,7 @@ class TypeBoundsAnalysis extends BufferWriteEstimationReason, TTypeBoundsAnalysi /** * The estimation comes from non trivial bounds found via actual flow analysis, - * but a widening aproximation might have been used for variables in loops. + * but a widening approximation might have been used for variables in loops. * For example * ``` * for (int i = 0; i < 10; ++i) { @@ -141,7 +141,7 @@ class AttributeFormattingFunction extends FormattingFunction { * - `""` is a `vprintf` variant, `outputParamIndex` is `-1`. * - `"f"` is a `vfprintf` variant, `outputParamIndex` indicates the output stream parameter. * - `"s"` is a `vsprintf` variant, `outputParamIndex` indicates the output buffer parameter. - * - `"?"` if the type cannot be deteremined. `outputParamIndex` is `-1`. + * - `"?"` if the type cannot be determined. `outputParamIndex` is `-1`. */ predicate primitiveVariadicFormatter( TopLevelFunction f, string type, int formatParamIndex, int outputParamIndex @@ -198,7 +198,7 @@ private predicate callsVariadicFormatter( * - `""` is a `vprintf` variant, `outputParamIndex` is `-1`. * - `"f"` is a `vfprintf` variant, `outputParamIndex` indicates the output stream parameter. * - `"s"` is a `vsprintf` variant, `outputParamIndex` indicates the output buffer parameter. - * - `"?"` if the type cannot be deteremined. `outputParamIndex` is `-1`. + * - `"?"` if the type cannot be determined. `outputParamIndex` is `-1`. */ predicate variadicFormatter(Function f, string type, int formatParamIndex, int outputParamIndex) { primitiveVariadicFormatter(f, type, formatParamIndex, outputParamIndex) diff --git a/cpp/ql/lib/semmle/code/cpp/controlflow/BasicBlocks.qll b/cpp/ql/lib/semmle/code/cpp/controlflow/BasicBlocks.qll index ebea83e47e5..53f7c71a7d3 100644 --- a/cpp/ql/lib/semmle/code/cpp/controlflow/BasicBlocks.qll +++ b/cpp/ql/lib/semmle/code/cpp/controlflow/BasicBlocks.qll @@ -12,7 +12,7 @@ private import internal.ConstantExprs * relation). The refinement manifests itself in two changes: * * - The successor relation on `BasicBlock`s uses `successors_adapted` - * (instead of `successors_extended` used by `PrimtiveBasicBlock`s). Consequently, + * (instead of `successors_extended` used by `PrimitiveBasicBlock`s). Consequently, * some edges between `BasicBlock`s may be removed. Example: * ``` * x = 1; // s1 diff --git a/cpp/ql/lib/semmle/code/cpp/controlflow/StackVariableReachability.qll b/cpp/ql/lib/semmle/code/cpp/controlflow/StackVariableReachability.qll index 373ab8b79e2..3af5f2dbf0c 100644 --- a/cpp/ql/lib/semmle/code/cpp/controlflow/StackVariableReachability.qll +++ b/cpp/ql/lib/semmle/code/cpp/controlflow/StackVariableReachability.qll @@ -149,7 +149,7 @@ private predicate bbLoopEntryConditionAlwaysTrueAt(BasicBlock bb, int i, Control /** * Basic block `pred` contains all or part of the condition belonging to a loop, * and there is an edge from `pred` to `succ` that concludes the condition. - * If the edge corrseponds with the loop condition being found to be `true`, then + * If the edge corresponds with the loop condition being found to be `true`, then * `skipsLoop` is `false`. Otherwise the edge corresponds with the loop condition * being found to be `false` and `skipsLoop` is `true`. Non-concluding edges * within a complex loop condition are not matched by this predicate. diff --git a/cpp/ql/lib/semmle/code/cpp/dataflow/internal/DataFlowImpl.qll b/cpp/ql/lib/semmle/code/cpp/dataflow/internal/DataFlowImpl.qll index 9053019a6d0..b5631b26b0b 100644 --- a/cpp/ql/lib/semmle/code/cpp/dataflow/internal/DataFlowImpl.qll +++ b/cpp/ql/lib/semmle/code/cpp/dataflow/internal/DataFlowImpl.qll @@ -838,13 +838,13 @@ private module Stage1 implements StageSig { * by `revFlow`. */ pragma[nomagic] - predicate revFlowIsReadAndStored(Content c, Configuration conf) { + additional predicate revFlowIsReadAndStored(Content c, Configuration conf) { revFlowConsCand(c, conf) and revFlowStore(c, _, _, conf) } pragma[nomagic] - predicate viableReturnPosOutNodeCandFwd1( + additional predicate viableReturnPosOutNodeCandFwd1( DataFlowCall call, ReturnPosition pos, NodeEx out, Configuration config ) { fwdFlowReturnPosition(pos, _, config) and @@ -860,7 +860,7 @@ private module Stage1 implements StageSig { } pragma[nomagic] - predicate viableParamArgNodeCandFwd1( + additional predicate viableParamArgNodeCandFwd1( DataFlowCall call, ParamNodeEx p, ArgNodeEx arg, Configuration config ) { viableParamArgEx(call, p, arg) and @@ -907,7 +907,7 @@ private module Stage1 implements StageSig { ) } - predicate revFlowState(FlowState state, Configuration config) { + additional predicate revFlowState(FlowState state, Configuration config) { exists(NodeEx node | sinkNode(node, state, config) and revFlow(node, _, pragma[only_bind_into](config)) and @@ -999,7 +999,7 @@ private module Stage1 implements StageSig { ) } - predicate stats( + additional predicate stats( boolean fwd, int nodes, int fields, int conscand, int states, int tuples, Configuration config ) { fwd = true and @@ -1260,7 +1260,7 @@ private module MkStage { * argument. */ pragma[nomagic] - predicate fwdFlow( + additional predicate fwdFlow( NodeEx node, FlowState state, Cc cc, ApOption argAp, Ap ap, Configuration config ) { fwdFlow0(node, state, cc, argAp, ap, config) and @@ -1484,7 +1484,7 @@ private module MkStage { * the access path of the returned value. */ pragma[nomagic] - predicate revFlow( + additional predicate revFlow( NodeEx node, FlowState state, boolean toReturn, ApOption returnAp, Ap ap, Configuration config ) { revFlow0(node, state, toReturn, returnAp, ap, config) and @@ -1662,7 +1662,7 @@ private module MkStage { ) } - predicate revFlow(NodeEx node, FlowState state, Configuration config) { + additional predicate revFlow(NodeEx node, FlowState state, Configuration config) { revFlow(node, state, _, _, _, config) } @@ -1675,11 +1675,13 @@ private module MkStage { // use an alias as a workaround for bad functionality-induced joins pragma[nomagic] - predicate revFlowAlias(NodeEx node, Configuration config) { revFlow(node, _, _, _, _, config) } + additional predicate revFlowAlias(NodeEx node, Configuration config) { + revFlow(node, _, _, _, _, config) + } // use an alias as a workaround for bad functionality-induced joins pragma[nomagic] - predicate revFlowAlias(NodeEx node, FlowState state, Ap ap, Configuration config) { + additional predicate revFlowAlias(NodeEx node, FlowState state, Ap ap, Configuration config) { revFlow(node, state, ap, config) } @@ -1700,7 +1702,7 @@ private module MkStage { ) } - predicate consCand(TypedContent tc, Ap ap, Configuration config) { + additional predicate consCand(TypedContent tc, Ap ap, Configuration config) { revConsCand(tc, ap, config) and validAp(ap, config) } @@ -1742,7 +1744,7 @@ private module MkStage { ) } - predicate stats( + additional predicate stats( boolean fwd, int nodes, int fields, int conscand, int states, int tuples, Configuration config ) { fwd = true and diff --git a/cpp/ql/lib/semmle/code/cpp/dataflow/internal/DataFlowImpl2.qll b/cpp/ql/lib/semmle/code/cpp/dataflow/internal/DataFlowImpl2.qll index 9053019a6d0..b5631b26b0b 100644 --- a/cpp/ql/lib/semmle/code/cpp/dataflow/internal/DataFlowImpl2.qll +++ b/cpp/ql/lib/semmle/code/cpp/dataflow/internal/DataFlowImpl2.qll @@ -838,13 +838,13 @@ private module Stage1 implements StageSig { * by `revFlow`. */ pragma[nomagic] - predicate revFlowIsReadAndStored(Content c, Configuration conf) { + additional predicate revFlowIsReadAndStored(Content c, Configuration conf) { revFlowConsCand(c, conf) and revFlowStore(c, _, _, conf) } pragma[nomagic] - predicate viableReturnPosOutNodeCandFwd1( + additional predicate viableReturnPosOutNodeCandFwd1( DataFlowCall call, ReturnPosition pos, NodeEx out, Configuration config ) { fwdFlowReturnPosition(pos, _, config) and @@ -860,7 +860,7 @@ private module Stage1 implements StageSig { } pragma[nomagic] - predicate viableParamArgNodeCandFwd1( + additional predicate viableParamArgNodeCandFwd1( DataFlowCall call, ParamNodeEx p, ArgNodeEx arg, Configuration config ) { viableParamArgEx(call, p, arg) and @@ -907,7 +907,7 @@ private module Stage1 implements StageSig { ) } - predicate revFlowState(FlowState state, Configuration config) { + additional predicate revFlowState(FlowState state, Configuration config) { exists(NodeEx node | sinkNode(node, state, config) and revFlow(node, _, pragma[only_bind_into](config)) and @@ -999,7 +999,7 @@ private module Stage1 implements StageSig { ) } - predicate stats( + additional predicate stats( boolean fwd, int nodes, int fields, int conscand, int states, int tuples, Configuration config ) { fwd = true and @@ -1260,7 +1260,7 @@ private module MkStage { * argument. */ pragma[nomagic] - predicate fwdFlow( + additional predicate fwdFlow( NodeEx node, FlowState state, Cc cc, ApOption argAp, Ap ap, Configuration config ) { fwdFlow0(node, state, cc, argAp, ap, config) and @@ -1484,7 +1484,7 @@ private module MkStage { * the access path of the returned value. */ pragma[nomagic] - predicate revFlow( + additional predicate revFlow( NodeEx node, FlowState state, boolean toReturn, ApOption returnAp, Ap ap, Configuration config ) { revFlow0(node, state, toReturn, returnAp, ap, config) and @@ -1662,7 +1662,7 @@ private module MkStage { ) } - predicate revFlow(NodeEx node, FlowState state, Configuration config) { + additional predicate revFlow(NodeEx node, FlowState state, Configuration config) { revFlow(node, state, _, _, _, config) } @@ -1675,11 +1675,13 @@ private module MkStage { // use an alias as a workaround for bad functionality-induced joins pragma[nomagic] - predicate revFlowAlias(NodeEx node, Configuration config) { revFlow(node, _, _, _, _, config) } + additional predicate revFlowAlias(NodeEx node, Configuration config) { + revFlow(node, _, _, _, _, config) + } // use an alias as a workaround for bad functionality-induced joins pragma[nomagic] - predicate revFlowAlias(NodeEx node, FlowState state, Ap ap, Configuration config) { + additional predicate revFlowAlias(NodeEx node, FlowState state, Ap ap, Configuration config) { revFlow(node, state, ap, config) } @@ -1700,7 +1702,7 @@ private module MkStage { ) } - predicate consCand(TypedContent tc, Ap ap, Configuration config) { + additional predicate consCand(TypedContent tc, Ap ap, Configuration config) { revConsCand(tc, ap, config) and validAp(ap, config) } @@ -1742,7 +1744,7 @@ private module MkStage { ) } - predicate stats( + additional predicate stats( boolean fwd, int nodes, int fields, int conscand, int states, int tuples, Configuration config ) { fwd = true and diff --git a/cpp/ql/lib/semmle/code/cpp/dataflow/internal/DataFlowImpl3.qll b/cpp/ql/lib/semmle/code/cpp/dataflow/internal/DataFlowImpl3.qll index 9053019a6d0..b5631b26b0b 100644 --- a/cpp/ql/lib/semmle/code/cpp/dataflow/internal/DataFlowImpl3.qll +++ b/cpp/ql/lib/semmle/code/cpp/dataflow/internal/DataFlowImpl3.qll @@ -838,13 +838,13 @@ private module Stage1 implements StageSig { * by `revFlow`. */ pragma[nomagic] - predicate revFlowIsReadAndStored(Content c, Configuration conf) { + additional predicate revFlowIsReadAndStored(Content c, Configuration conf) { revFlowConsCand(c, conf) and revFlowStore(c, _, _, conf) } pragma[nomagic] - predicate viableReturnPosOutNodeCandFwd1( + additional predicate viableReturnPosOutNodeCandFwd1( DataFlowCall call, ReturnPosition pos, NodeEx out, Configuration config ) { fwdFlowReturnPosition(pos, _, config) and @@ -860,7 +860,7 @@ private module Stage1 implements StageSig { } pragma[nomagic] - predicate viableParamArgNodeCandFwd1( + additional predicate viableParamArgNodeCandFwd1( DataFlowCall call, ParamNodeEx p, ArgNodeEx arg, Configuration config ) { viableParamArgEx(call, p, arg) and @@ -907,7 +907,7 @@ private module Stage1 implements StageSig { ) } - predicate revFlowState(FlowState state, Configuration config) { + additional predicate revFlowState(FlowState state, Configuration config) { exists(NodeEx node | sinkNode(node, state, config) and revFlow(node, _, pragma[only_bind_into](config)) and @@ -999,7 +999,7 @@ private module Stage1 implements StageSig { ) } - predicate stats( + additional predicate stats( boolean fwd, int nodes, int fields, int conscand, int states, int tuples, Configuration config ) { fwd = true and @@ -1260,7 +1260,7 @@ private module MkStage { * argument. */ pragma[nomagic] - predicate fwdFlow( + additional predicate fwdFlow( NodeEx node, FlowState state, Cc cc, ApOption argAp, Ap ap, Configuration config ) { fwdFlow0(node, state, cc, argAp, ap, config) and @@ -1484,7 +1484,7 @@ private module MkStage { * the access path of the returned value. */ pragma[nomagic] - predicate revFlow( + additional predicate revFlow( NodeEx node, FlowState state, boolean toReturn, ApOption returnAp, Ap ap, Configuration config ) { revFlow0(node, state, toReturn, returnAp, ap, config) and @@ -1662,7 +1662,7 @@ private module MkStage { ) } - predicate revFlow(NodeEx node, FlowState state, Configuration config) { + additional predicate revFlow(NodeEx node, FlowState state, Configuration config) { revFlow(node, state, _, _, _, config) } @@ -1675,11 +1675,13 @@ private module MkStage { // use an alias as a workaround for bad functionality-induced joins pragma[nomagic] - predicate revFlowAlias(NodeEx node, Configuration config) { revFlow(node, _, _, _, _, config) } + additional predicate revFlowAlias(NodeEx node, Configuration config) { + revFlow(node, _, _, _, _, config) + } // use an alias as a workaround for bad functionality-induced joins pragma[nomagic] - predicate revFlowAlias(NodeEx node, FlowState state, Ap ap, Configuration config) { + additional predicate revFlowAlias(NodeEx node, FlowState state, Ap ap, Configuration config) { revFlow(node, state, ap, config) } @@ -1700,7 +1702,7 @@ private module MkStage { ) } - predicate consCand(TypedContent tc, Ap ap, Configuration config) { + additional predicate consCand(TypedContent tc, Ap ap, Configuration config) { revConsCand(tc, ap, config) and validAp(ap, config) } @@ -1742,7 +1744,7 @@ private module MkStage { ) } - predicate stats( + additional predicate stats( boolean fwd, int nodes, int fields, int conscand, int states, int tuples, Configuration config ) { fwd = true and diff --git a/cpp/ql/lib/semmle/code/cpp/dataflow/internal/DataFlowImpl4.qll b/cpp/ql/lib/semmle/code/cpp/dataflow/internal/DataFlowImpl4.qll index 9053019a6d0..b5631b26b0b 100644 --- a/cpp/ql/lib/semmle/code/cpp/dataflow/internal/DataFlowImpl4.qll +++ b/cpp/ql/lib/semmle/code/cpp/dataflow/internal/DataFlowImpl4.qll @@ -838,13 +838,13 @@ private module Stage1 implements StageSig { * by `revFlow`. */ pragma[nomagic] - predicate revFlowIsReadAndStored(Content c, Configuration conf) { + additional predicate revFlowIsReadAndStored(Content c, Configuration conf) { revFlowConsCand(c, conf) and revFlowStore(c, _, _, conf) } pragma[nomagic] - predicate viableReturnPosOutNodeCandFwd1( + additional predicate viableReturnPosOutNodeCandFwd1( DataFlowCall call, ReturnPosition pos, NodeEx out, Configuration config ) { fwdFlowReturnPosition(pos, _, config) and @@ -860,7 +860,7 @@ private module Stage1 implements StageSig { } pragma[nomagic] - predicate viableParamArgNodeCandFwd1( + additional predicate viableParamArgNodeCandFwd1( DataFlowCall call, ParamNodeEx p, ArgNodeEx arg, Configuration config ) { viableParamArgEx(call, p, arg) and @@ -907,7 +907,7 @@ private module Stage1 implements StageSig { ) } - predicate revFlowState(FlowState state, Configuration config) { + additional predicate revFlowState(FlowState state, Configuration config) { exists(NodeEx node | sinkNode(node, state, config) and revFlow(node, _, pragma[only_bind_into](config)) and @@ -999,7 +999,7 @@ private module Stage1 implements StageSig { ) } - predicate stats( + additional predicate stats( boolean fwd, int nodes, int fields, int conscand, int states, int tuples, Configuration config ) { fwd = true and @@ -1260,7 +1260,7 @@ private module MkStage { * argument. */ pragma[nomagic] - predicate fwdFlow( + additional predicate fwdFlow( NodeEx node, FlowState state, Cc cc, ApOption argAp, Ap ap, Configuration config ) { fwdFlow0(node, state, cc, argAp, ap, config) and @@ -1484,7 +1484,7 @@ private module MkStage { * the access path of the returned value. */ pragma[nomagic] - predicate revFlow( + additional predicate revFlow( NodeEx node, FlowState state, boolean toReturn, ApOption returnAp, Ap ap, Configuration config ) { revFlow0(node, state, toReturn, returnAp, ap, config) and @@ -1662,7 +1662,7 @@ private module MkStage { ) } - predicate revFlow(NodeEx node, FlowState state, Configuration config) { + additional predicate revFlow(NodeEx node, FlowState state, Configuration config) { revFlow(node, state, _, _, _, config) } @@ -1675,11 +1675,13 @@ private module MkStage { // use an alias as a workaround for bad functionality-induced joins pragma[nomagic] - predicate revFlowAlias(NodeEx node, Configuration config) { revFlow(node, _, _, _, _, config) } + additional predicate revFlowAlias(NodeEx node, Configuration config) { + revFlow(node, _, _, _, _, config) + } // use an alias as a workaround for bad functionality-induced joins pragma[nomagic] - predicate revFlowAlias(NodeEx node, FlowState state, Ap ap, Configuration config) { + additional predicate revFlowAlias(NodeEx node, FlowState state, Ap ap, Configuration config) { revFlow(node, state, ap, config) } @@ -1700,7 +1702,7 @@ private module MkStage { ) } - predicate consCand(TypedContent tc, Ap ap, Configuration config) { + additional predicate consCand(TypedContent tc, Ap ap, Configuration config) { revConsCand(tc, ap, config) and validAp(ap, config) } @@ -1742,7 +1744,7 @@ private module MkStage { ) } - predicate stats( + additional predicate stats( boolean fwd, int nodes, int fields, int conscand, int states, int tuples, Configuration config ) { fwd = true and diff --git a/cpp/ql/lib/semmle/code/cpp/dataflow/internal/DataFlowImplLocal.qll b/cpp/ql/lib/semmle/code/cpp/dataflow/internal/DataFlowImplLocal.qll index 9053019a6d0..b5631b26b0b 100644 --- a/cpp/ql/lib/semmle/code/cpp/dataflow/internal/DataFlowImplLocal.qll +++ b/cpp/ql/lib/semmle/code/cpp/dataflow/internal/DataFlowImplLocal.qll @@ -838,13 +838,13 @@ private module Stage1 implements StageSig { * by `revFlow`. */ pragma[nomagic] - predicate revFlowIsReadAndStored(Content c, Configuration conf) { + additional predicate revFlowIsReadAndStored(Content c, Configuration conf) { revFlowConsCand(c, conf) and revFlowStore(c, _, _, conf) } pragma[nomagic] - predicate viableReturnPosOutNodeCandFwd1( + additional predicate viableReturnPosOutNodeCandFwd1( DataFlowCall call, ReturnPosition pos, NodeEx out, Configuration config ) { fwdFlowReturnPosition(pos, _, config) and @@ -860,7 +860,7 @@ private module Stage1 implements StageSig { } pragma[nomagic] - predicate viableParamArgNodeCandFwd1( + additional predicate viableParamArgNodeCandFwd1( DataFlowCall call, ParamNodeEx p, ArgNodeEx arg, Configuration config ) { viableParamArgEx(call, p, arg) and @@ -907,7 +907,7 @@ private module Stage1 implements StageSig { ) } - predicate revFlowState(FlowState state, Configuration config) { + additional predicate revFlowState(FlowState state, Configuration config) { exists(NodeEx node | sinkNode(node, state, config) and revFlow(node, _, pragma[only_bind_into](config)) and @@ -999,7 +999,7 @@ private module Stage1 implements StageSig { ) } - predicate stats( + additional predicate stats( boolean fwd, int nodes, int fields, int conscand, int states, int tuples, Configuration config ) { fwd = true and @@ -1260,7 +1260,7 @@ private module MkStage { * argument. */ pragma[nomagic] - predicate fwdFlow( + additional predicate fwdFlow( NodeEx node, FlowState state, Cc cc, ApOption argAp, Ap ap, Configuration config ) { fwdFlow0(node, state, cc, argAp, ap, config) and @@ -1484,7 +1484,7 @@ private module MkStage { * the access path of the returned value. */ pragma[nomagic] - predicate revFlow( + additional predicate revFlow( NodeEx node, FlowState state, boolean toReturn, ApOption returnAp, Ap ap, Configuration config ) { revFlow0(node, state, toReturn, returnAp, ap, config) and @@ -1662,7 +1662,7 @@ private module MkStage { ) } - predicate revFlow(NodeEx node, FlowState state, Configuration config) { + additional predicate revFlow(NodeEx node, FlowState state, Configuration config) { revFlow(node, state, _, _, _, config) } @@ -1675,11 +1675,13 @@ private module MkStage { // use an alias as a workaround for bad functionality-induced joins pragma[nomagic] - predicate revFlowAlias(NodeEx node, Configuration config) { revFlow(node, _, _, _, _, config) } + additional predicate revFlowAlias(NodeEx node, Configuration config) { + revFlow(node, _, _, _, _, config) + } // use an alias as a workaround for bad functionality-induced joins pragma[nomagic] - predicate revFlowAlias(NodeEx node, FlowState state, Ap ap, Configuration config) { + additional predicate revFlowAlias(NodeEx node, FlowState state, Ap ap, Configuration config) { revFlow(node, state, ap, config) } @@ -1700,7 +1702,7 @@ private module MkStage { ) } - predicate consCand(TypedContent tc, Ap ap, Configuration config) { + additional predicate consCand(TypedContent tc, Ap ap, Configuration config) { revConsCand(tc, ap, config) and validAp(ap, config) } @@ -1742,7 +1744,7 @@ private module MkStage { ) } - predicate stats( + additional predicate stats( boolean fwd, int nodes, int fields, int conscand, int states, int tuples, Configuration config ) { fwd = true and diff --git a/cpp/ql/lib/semmle/code/cpp/exprs/BuiltInOperations.qll b/cpp/ql/lib/semmle/code/cpp/exprs/BuiltInOperations.qll index f5ead5b6f5f..fa6589f7e27 100644 --- a/cpp/ql/lib/semmle/code/cpp/exprs/BuiltInOperations.qll +++ b/cpp/ql/lib/semmle/code/cpp/exprs/BuiltInOperations.qll @@ -1137,7 +1137,7 @@ class BuiltInOperationIsArray extends BuiltInOperation, @isarray { * A C++ `__array_rank` built-in operation (used by some implementations of the * `` header). * - * If known, returns the number of dimentsions of an arrary type. + * If known, returns the number of dimensions of an arrary type. * ``` * template * struct rank diff --git a/cpp/ql/lib/semmle/code/cpp/exprs/Call.qll b/cpp/ql/lib/semmle/code/cpp/exprs/Call.qll index dba3d16997f..332cda770bb 100644 --- a/cpp/ql/lib/semmle/code/cpp/exprs/Call.qll +++ b/cpp/ql/lib/semmle/code/cpp/exprs/Call.qll @@ -494,7 +494,7 @@ class VacuousDestructorCall extends Expr, @vacuous_destructor_call { * An initialization of a base class or member variable performed as part * of a constructor's explicit initializer list or implicit actions. * - * This is a QL root class for reprenting various types of constructor + * This is a QL root class for representing various types of constructor * initializations. */ class ConstructorInit extends Expr, @ctorinit { diff --git a/cpp/ql/lib/semmle/code/cpp/exprs/Cast.qll b/cpp/ql/lib/semmle/code/cpp/exprs/Cast.qll index 3cb8946c198..e3ce623d217 100644 --- a/cpp/ql/lib/semmle/code/cpp/exprs/Cast.qll +++ b/cpp/ql/lib/semmle/code/cpp/exprs/Cast.qll @@ -779,7 +779,7 @@ class AlignofExprOperator extends AlignofOperator { /** * A C++11 `alignof` expression whose operand is a type name. * ``` - * bool proper_alignment = (alingof(T) == alignof(T[0]); + * bool proper_alignment = (alignof(T) == alignof(T[0]); * ``` */ class AlignofTypeOperator extends AlignofOperator { diff --git a/cpp/ql/lib/semmle/code/cpp/exprs/Expr.qll b/cpp/ql/lib/semmle/code/cpp/exprs/Expr.qll index 68973293425..9261cc4a13f 100644 --- a/cpp/ql/lib/semmle/code/cpp/exprs/Expr.qll +++ b/cpp/ql/lib/semmle/code/cpp/exprs/Expr.qll @@ -451,7 +451,7 @@ class Expr extends StmtParent, @expr { // For performance, we avoid a full transitive closure over `getConversion`. // Since there can be several implicit conversions before and after an // explicit conversion, use `getImplicitlyConverted` to step over them - // cheaply. Then, if there is an explicit conversion following the implict + // cheaply. Then, if there is an explicit conversion following the implicit // conversion sequence, recurse to handle multiple explicit conversions. if this.getImplicitlyConverted().hasExplicitConversion() then result = this.getImplicitlyConverted().getConversion().getExplicitlyConverted() diff --git a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowImpl.qll b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowImpl.qll index 9053019a6d0..b5631b26b0b 100644 --- a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowImpl.qll +++ b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowImpl.qll @@ -838,13 +838,13 @@ private module Stage1 implements StageSig { * by `revFlow`. */ pragma[nomagic] - predicate revFlowIsReadAndStored(Content c, Configuration conf) { + additional predicate revFlowIsReadAndStored(Content c, Configuration conf) { revFlowConsCand(c, conf) and revFlowStore(c, _, _, conf) } pragma[nomagic] - predicate viableReturnPosOutNodeCandFwd1( + additional predicate viableReturnPosOutNodeCandFwd1( DataFlowCall call, ReturnPosition pos, NodeEx out, Configuration config ) { fwdFlowReturnPosition(pos, _, config) and @@ -860,7 +860,7 @@ private module Stage1 implements StageSig { } pragma[nomagic] - predicate viableParamArgNodeCandFwd1( + additional predicate viableParamArgNodeCandFwd1( DataFlowCall call, ParamNodeEx p, ArgNodeEx arg, Configuration config ) { viableParamArgEx(call, p, arg) and @@ -907,7 +907,7 @@ private module Stage1 implements StageSig { ) } - predicate revFlowState(FlowState state, Configuration config) { + additional predicate revFlowState(FlowState state, Configuration config) { exists(NodeEx node | sinkNode(node, state, config) and revFlow(node, _, pragma[only_bind_into](config)) and @@ -999,7 +999,7 @@ private module Stage1 implements StageSig { ) } - predicate stats( + additional predicate stats( boolean fwd, int nodes, int fields, int conscand, int states, int tuples, Configuration config ) { fwd = true and @@ -1260,7 +1260,7 @@ private module MkStage { * argument. */ pragma[nomagic] - predicate fwdFlow( + additional predicate fwdFlow( NodeEx node, FlowState state, Cc cc, ApOption argAp, Ap ap, Configuration config ) { fwdFlow0(node, state, cc, argAp, ap, config) and @@ -1484,7 +1484,7 @@ private module MkStage { * the access path of the returned value. */ pragma[nomagic] - predicate revFlow( + additional predicate revFlow( NodeEx node, FlowState state, boolean toReturn, ApOption returnAp, Ap ap, Configuration config ) { revFlow0(node, state, toReturn, returnAp, ap, config) and @@ -1662,7 +1662,7 @@ private module MkStage { ) } - predicate revFlow(NodeEx node, FlowState state, Configuration config) { + additional predicate revFlow(NodeEx node, FlowState state, Configuration config) { revFlow(node, state, _, _, _, config) } @@ -1675,11 +1675,13 @@ private module MkStage { // use an alias as a workaround for bad functionality-induced joins pragma[nomagic] - predicate revFlowAlias(NodeEx node, Configuration config) { revFlow(node, _, _, _, _, config) } + additional predicate revFlowAlias(NodeEx node, Configuration config) { + revFlow(node, _, _, _, _, config) + } // use an alias as a workaround for bad functionality-induced joins pragma[nomagic] - predicate revFlowAlias(NodeEx node, FlowState state, Ap ap, Configuration config) { + additional predicate revFlowAlias(NodeEx node, FlowState state, Ap ap, Configuration config) { revFlow(node, state, ap, config) } @@ -1700,7 +1702,7 @@ private module MkStage { ) } - predicate consCand(TypedContent tc, Ap ap, Configuration config) { + additional predicate consCand(TypedContent tc, Ap ap, Configuration config) { revConsCand(tc, ap, config) and validAp(ap, config) } @@ -1742,7 +1744,7 @@ private module MkStage { ) } - predicate stats( + additional predicate stats( boolean fwd, int nodes, int fields, int conscand, int states, int tuples, Configuration config ) { fwd = true and diff --git a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowImpl2.qll b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowImpl2.qll index 9053019a6d0..b5631b26b0b 100644 --- a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowImpl2.qll +++ b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowImpl2.qll @@ -838,13 +838,13 @@ private module Stage1 implements StageSig { * by `revFlow`. */ pragma[nomagic] - predicate revFlowIsReadAndStored(Content c, Configuration conf) { + additional predicate revFlowIsReadAndStored(Content c, Configuration conf) { revFlowConsCand(c, conf) and revFlowStore(c, _, _, conf) } pragma[nomagic] - predicate viableReturnPosOutNodeCandFwd1( + additional predicate viableReturnPosOutNodeCandFwd1( DataFlowCall call, ReturnPosition pos, NodeEx out, Configuration config ) { fwdFlowReturnPosition(pos, _, config) and @@ -860,7 +860,7 @@ private module Stage1 implements StageSig { } pragma[nomagic] - predicate viableParamArgNodeCandFwd1( + additional predicate viableParamArgNodeCandFwd1( DataFlowCall call, ParamNodeEx p, ArgNodeEx arg, Configuration config ) { viableParamArgEx(call, p, arg) and @@ -907,7 +907,7 @@ private module Stage1 implements StageSig { ) } - predicate revFlowState(FlowState state, Configuration config) { + additional predicate revFlowState(FlowState state, Configuration config) { exists(NodeEx node | sinkNode(node, state, config) and revFlow(node, _, pragma[only_bind_into](config)) and @@ -999,7 +999,7 @@ private module Stage1 implements StageSig { ) } - predicate stats( + additional predicate stats( boolean fwd, int nodes, int fields, int conscand, int states, int tuples, Configuration config ) { fwd = true and @@ -1260,7 +1260,7 @@ private module MkStage { * argument. */ pragma[nomagic] - predicate fwdFlow( + additional predicate fwdFlow( NodeEx node, FlowState state, Cc cc, ApOption argAp, Ap ap, Configuration config ) { fwdFlow0(node, state, cc, argAp, ap, config) and @@ -1484,7 +1484,7 @@ private module MkStage { * the access path of the returned value. */ pragma[nomagic] - predicate revFlow( + additional predicate revFlow( NodeEx node, FlowState state, boolean toReturn, ApOption returnAp, Ap ap, Configuration config ) { revFlow0(node, state, toReturn, returnAp, ap, config) and @@ -1662,7 +1662,7 @@ private module MkStage { ) } - predicate revFlow(NodeEx node, FlowState state, Configuration config) { + additional predicate revFlow(NodeEx node, FlowState state, Configuration config) { revFlow(node, state, _, _, _, config) } @@ -1675,11 +1675,13 @@ private module MkStage { // use an alias as a workaround for bad functionality-induced joins pragma[nomagic] - predicate revFlowAlias(NodeEx node, Configuration config) { revFlow(node, _, _, _, _, config) } + additional predicate revFlowAlias(NodeEx node, Configuration config) { + revFlow(node, _, _, _, _, config) + } // use an alias as a workaround for bad functionality-induced joins pragma[nomagic] - predicate revFlowAlias(NodeEx node, FlowState state, Ap ap, Configuration config) { + additional predicate revFlowAlias(NodeEx node, FlowState state, Ap ap, Configuration config) { revFlow(node, state, ap, config) } @@ -1700,7 +1702,7 @@ private module MkStage { ) } - predicate consCand(TypedContent tc, Ap ap, Configuration config) { + additional predicate consCand(TypedContent tc, Ap ap, Configuration config) { revConsCand(tc, ap, config) and validAp(ap, config) } @@ -1742,7 +1744,7 @@ private module MkStage { ) } - predicate stats( + additional predicate stats( boolean fwd, int nodes, int fields, int conscand, int states, int tuples, Configuration config ) { fwd = true and diff --git a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowImpl3.qll b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowImpl3.qll index 9053019a6d0..b5631b26b0b 100644 --- a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowImpl3.qll +++ b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowImpl3.qll @@ -838,13 +838,13 @@ private module Stage1 implements StageSig { * by `revFlow`. */ pragma[nomagic] - predicate revFlowIsReadAndStored(Content c, Configuration conf) { + additional predicate revFlowIsReadAndStored(Content c, Configuration conf) { revFlowConsCand(c, conf) and revFlowStore(c, _, _, conf) } pragma[nomagic] - predicate viableReturnPosOutNodeCandFwd1( + additional predicate viableReturnPosOutNodeCandFwd1( DataFlowCall call, ReturnPosition pos, NodeEx out, Configuration config ) { fwdFlowReturnPosition(pos, _, config) and @@ -860,7 +860,7 @@ private module Stage1 implements StageSig { } pragma[nomagic] - predicate viableParamArgNodeCandFwd1( + additional predicate viableParamArgNodeCandFwd1( DataFlowCall call, ParamNodeEx p, ArgNodeEx arg, Configuration config ) { viableParamArgEx(call, p, arg) and @@ -907,7 +907,7 @@ private module Stage1 implements StageSig { ) } - predicate revFlowState(FlowState state, Configuration config) { + additional predicate revFlowState(FlowState state, Configuration config) { exists(NodeEx node | sinkNode(node, state, config) and revFlow(node, _, pragma[only_bind_into](config)) and @@ -999,7 +999,7 @@ private module Stage1 implements StageSig { ) } - predicate stats( + additional predicate stats( boolean fwd, int nodes, int fields, int conscand, int states, int tuples, Configuration config ) { fwd = true and @@ -1260,7 +1260,7 @@ private module MkStage { * argument. */ pragma[nomagic] - predicate fwdFlow( + additional predicate fwdFlow( NodeEx node, FlowState state, Cc cc, ApOption argAp, Ap ap, Configuration config ) { fwdFlow0(node, state, cc, argAp, ap, config) and @@ -1484,7 +1484,7 @@ private module MkStage { * the access path of the returned value. */ pragma[nomagic] - predicate revFlow( + additional predicate revFlow( NodeEx node, FlowState state, boolean toReturn, ApOption returnAp, Ap ap, Configuration config ) { revFlow0(node, state, toReturn, returnAp, ap, config) and @@ -1662,7 +1662,7 @@ private module MkStage { ) } - predicate revFlow(NodeEx node, FlowState state, Configuration config) { + additional predicate revFlow(NodeEx node, FlowState state, Configuration config) { revFlow(node, state, _, _, _, config) } @@ -1675,11 +1675,13 @@ private module MkStage { // use an alias as a workaround for bad functionality-induced joins pragma[nomagic] - predicate revFlowAlias(NodeEx node, Configuration config) { revFlow(node, _, _, _, _, config) } + additional predicate revFlowAlias(NodeEx node, Configuration config) { + revFlow(node, _, _, _, _, config) + } // use an alias as a workaround for bad functionality-induced joins pragma[nomagic] - predicate revFlowAlias(NodeEx node, FlowState state, Ap ap, Configuration config) { + additional predicate revFlowAlias(NodeEx node, FlowState state, Ap ap, Configuration config) { revFlow(node, state, ap, config) } @@ -1700,7 +1702,7 @@ private module MkStage { ) } - predicate consCand(TypedContent tc, Ap ap, Configuration config) { + additional predicate consCand(TypedContent tc, Ap ap, Configuration config) { revConsCand(tc, ap, config) and validAp(ap, config) } @@ -1742,7 +1744,7 @@ private module MkStage { ) } - predicate stats( + additional predicate stats( boolean fwd, int nodes, int fields, int conscand, int states, int tuples, Configuration config ) { fwd = true and diff --git a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowImpl4.qll b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowImpl4.qll index 9053019a6d0..b5631b26b0b 100644 --- a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowImpl4.qll +++ b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowImpl4.qll @@ -838,13 +838,13 @@ private module Stage1 implements StageSig { * by `revFlow`. */ pragma[nomagic] - predicate revFlowIsReadAndStored(Content c, Configuration conf) { + additional predicate revFlowIsReadAndStored(Content c, Configuration conf) { revFlowConsCand(c, conf) and revFlowStore(c, _, _, conf) } pragma[nomagic] - predicate viableReturnPosOutNodeCandFwd1( + additional predicate viableReturnPosOutNodeCandFwd1( DataFlowCall call, ReturnPosition pos, NodeEx out, Configuration config ) { fwdFlowReturnPosition(pos, _, config) and @@ -860,7 +860,7 @@ private module Stage1 implements StageSig { } pragma[nomagic] - predicate viableParamArgNodeCandFwd1( + additional predicate viableParamArgNodeCandFwd1( DataFlowCall call, ParamNodeEx p, ArgNodeEx arg, Configuration config ) { viableParamArgEx(call, p, arg) and @@ -907,7 +907,7 @@ private module Stage1 implements StageSig { ) } - predicate revFlowState(FlowState state, Configuration config) { + additional predicate revFlowState(FlowState state, Configuration config) { exists(NodeEx node | sinkNode(node, state, config) and revFlow(node, _, pragma[only_bind_into](config)) and @@ -999,7 +999,7 @@ private module Stage1 implements StageSig { ) } - predicate stats( + additional predicate stats( boolean fwd, int nodes, int fields, int conscand, int states, int tuples, Configuration config ) { fwd = true and @@ -1260,7 +1260,7 @@ private module MkStage { * argument. */ pragma[nomagic] - predicate fwdFlow( + additional predicate fwdFlow( NodeEx node, FlowState state, Cc cc, ApOption argAp, Ap ap, Configuration config ) { fwdFlow0(node, state, cc, argAp, ap, config) and @@ -1484,7 +1484,7 @@ private module MkStage { * the access path of the returned value. */ pragma[nomagic] - predicate revFlow( + additional predicate revFlow( NodeEx node, FlowState state, boolean toReturn, ApOption returnAp, Ap ap, Configuration config ) { revFlow0(node, state, toReturn, returnAp, ap, config) and @@ -1662,7 +1662,7 @@ private module MkStage { ) } - predicate revFlow(NodeEx node, FlowState state, Configuration config) { + additional predicate revFlow(NodeEx node, FlowState state, Configuration config) { revFlow(node, state, _, _, _, config) } @@ -1675,11 +1675,13 @@ private module MkStage { // use an alias as a workaround for bad functionality-induced joins pragma[nomagic] - predicate revFlowAlias(NodeEx node, Configuration config) { revFlow(node, _, _, _, _, config) } + additional predicate revFlowAlias(NodeEx node, Configuration config) { + revFlow(node, _, _, _, _, config) + } // use an alias as a workaround for bad functionality-induced joins pragma[nomagic] - predicate revFlowAlias(NodeEx node, FlowState state, Ap ap, Configuration config) { + additional predicate revFlowAlias(NodeEx node, FlowState state, Ap ap, Configuration config) { revFlow(node, state, ap, config) } @@ -1700,7 +1702,7 @@ private module MkStage { ) } - predicate consCand(TypedContent tc, Ap ap, Configuration config) { + additional predicate consCand(TypedContent tc, Ap ap, Configuration config) { revConsCand(tc, ap, config) and validAp(ap, config) } @@ -1742,7 +1744,7 @@ private module MkStage { ) } - predicate stats( + additional predicate stats( boolean fwd, int nodes, int fields, int conscand, int states, int tuples, Configuration config ) { fwd = true and diff --git a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/PrintIRLocalFlow.qll b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/PrintIRLocalFlow.qll index 7359656e5a4..a14b2b00651 100644 --- a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/PrintIRLocalFlow.qll +++ b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/PrintIRLocalFlow.qll @@ -100,7 +100,7 @@ private string getNodeProperty(DataFlow::Node node, string key) { or // Is there partial flow from a source to this node? // This property will only be emitted if partial flow is enabled by overriding - // `DataFlow::Configration::explorationLimit()`. + // `DataFlow::Configuration::explorationLimit()`. key = "pflow" and result = strictconcat(DataFlow::PartialPathNode sourceNode, DataFlow::PartialPathNode destNode, int dist, diff --git a/cpp/ql/lib/semmle/code/cpp/ir/implementation/aliased_ssa/Instruction.qll b/cpp/ql/lib/semmle/code/cpp/ir/implementation/aliased_ssa/Instruction.qll index 8e863ddf635..7afe954023b 100644 --- a/cpp/ql/lib/semmle/code/cpp/ir/implementation/aliased_ssa/Instruction.qll +++ b/cpp/ql/lib/semmle/code/cpp/ir/implementation/aliased_ssa/Instruction.qll @@ -742,7 +742,7 @@ class NoOpInstruction extends Instruction { * The `ReturnInstruction` for a function will have a control-flow successor edge to a block * containing the `ExitFunction` instruction for that function. * - * There are two differet return instructions: `ReturnValueInstruction`, for returning a value from + * There are two different return instructions: `ReturnValueInstruction`, for returning a value from * a non-`void`-returning function, and `ReturnVoidInstruction`, for returning from a * `void`-returning function. */ @@ -1331,7 +1331,7 @@ class CheckedConvertOrThrowInstruction extends UnaryInstruction { * * If the operand holds a null address, the result is a null address. * - * This instruction is used to represent `dyanmic_cast` in C++, which returns the pointer to + * This instruction is used to represent `dynamic_cast` in C++, which returns the pointer to * the most-derived object. */ class CompleteObjectAddressInstruction extends UnaryInstruction { diff --git a/cpp/ql/lib/semmle/code/cpp/ir/implementation/aliased_ssa/internal/SSAConstruction.qll b/cpp/ql/lib/semmle/code/cpp/ir/implementation/aliased_ssa/internal/SSAConstruction.qll index d65ee10f402..efc927a05e6 100644 --- a/cpp/ql/lib/semmle/code/cpp/ir/implementation/aliased_ssa/internal/SSAConstruction.qll +++ b/cpp/ql/lib/semmle/code/cpp/ir/implementation/aliased_ssa/internal/SSAConstruction.qll @@ -64,7 +64,7 @@ private module Cached { or instr = reusedPhiInstruction(_) and // Check that the phi instruction is *not* degenerate, but we can't use - // getDegeneratePhiOperand in the first stage with phi instyructions + // getDegeneratePhiOperand in the first stage with phi instructions not exists( unique(OldIR::PhiInputOperand operand | operand = instr.(OldIR::PhiInstruction).getAnInputOperand() and @@ -718,7 +718,7 @@ module DefUse { } /** - * Gets the rank index of a hyphothetical use one instruction past the end of + * Gets the rank index of a hypothetical use one instruction past the end of * the block. This index can be used to determine if a definition reaches the * end of the block, even if the definition is the last instruction in the * block. diff --git a/cpp/ql/lib/semmle/code/cpp/ir/implementation/internal/TOperand.qll b/cpp/ql/lib/semmle/code/cpp/ir/implementation/internal/TOperand.qll index bc69754fe32..607b88fa58d 100644 --- a/cpp/ql/lib/semmle/code/cpp/ir/implementation/internal/TOperand.qll +++ b/cpp/ql/lib/semmle/code/cpp/ir/implementation/internal/TOperand.qll @@ -172,7 +172,7 @@ deprecated module UnaliasedSSAOperands = UnaliasedSsaOperands; /** * Provides wrappers for the constructors of each branch of `TOperand` that is used by the - * asliased SSA stage. + * aliased SSA stage. * These wrappers are not parameterized because it is not possible to invoke an IPA constructor via * a class alias. */ diff --git a/cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/Instruction.qll b/cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/Instruction.qll index 8e863ddf635..7afe954023b 100644 --- a/cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/Instruction.qll +++ b/cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/Instruction.qll @@ -742,7 +742,7 @@ class NoOpInstruction extends Instruction { * The `ReturnInstruction` for a function will have a control-flow successor edge to a block * containing the `ExitFunction` instruction for that function. * - * There are two differet return instructions: `ReturnValueInstruction`, for returning a value from + * There are two different return instructions: `ReturnValueInstruction`, for returning a value from * a non-`void`-returning function, and `ReturnVoidInstruction`, for returning from a * `void`-returning function. */ @@ -1331,7 +1331,7 @@ class CheckedConvertOrThrowInstruction extends UnaryInstruction { * * If the operand holds a null address, the result is a null address. * - * This instruction is used to represent `dyanmic_cast` in C++, which returns the pointer to + * This instruction is used to represent `dynamic_cast` in C++, which returns the pointer to * the most-derived object. */ class CompleteObjectAddressInstruction extends UnaryInstruction { diff --git a/cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/internal/TranslatedCall.qll b/cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/internal/TranslatedCall.qll index f8960cd205d..7d015654056 100644 --- a/cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/internal/TranslatedCall.qll +++ b/cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/internal/TranslatedCall.qll @@ -542,7 +542,7 @@ class TranslatedArgumentExprSideEffect extends TranslatedArgumentSideEffect, * The IR translation of an argument side effect for `*this` on a call, where there is no `Expr` * object that represents the `this` argument. * - * The applies only to constructor calls, as the AST has explioit qualifier `Expr`s for all other + * The applies only to constructor calls, as the AST has exploit qualifier `Expr`s for all other * calls to non-static member functions. */ class TranslatedStructorQualifierSideEffect extends TranslatedArgumentSideEffect, diff --git a/cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/internal/TranslatedExpr.qll b/cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/internal/TranslatedExpr.qll index 56da47325ee..df5a974c45b 100644 --- a/cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/internal/TranslatedExpr.qll +++ b/cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/internal/TranslatedExpr.qll @@ -2177,7 +2177,7 @@ abstract class TranslatedConditionalExpr extends TranslatedNonConstantExpr { /** * The IR translation of the ternary conditional operator (`a ? b : c`). * For this version, we expand the condition as a `TranslatedCondition`, rather than a - * `TranslatedExpr`, to simplify the control flow in the presence of short-ciruit logical operators. + * `TranslatedExpr`, to simplify the control flow in the presence of short-circuit logical operators. */ class TranslatedTernaryConditionalExpr extends TranslatedConditionalExpr, ConditionContext { TranslatedTernaryConditionalExpr() { not expr.isTwoOperand() } diff --git a/cpp/ql/lib/semmle/code/cpp/ir/implementation/unaliased_ssa/Instruction.qll b/cpp/ql/lib/semmle/code/cpp/ir/implementation/unaliased_ssa/Instruction.qll index 8e863ddf635..7afe954023b 100644 --- a/cpp/ql/lib/semmle/code/cpp/ir/implementation/unaliased_ssa/Instruction.qll +++ b/cpp/ql/lib/semmle/code/cpp/ir/implementation/unaliased_ssa/Instruction.qll @@ -742,7 +742,7 @@ class NoOpInstruction extends Instruction { * The `ReturnInstruction` for a function will have a control-flow successor edge to a block * containing the `ExitFunction` instruction for that function. * - * There are two differet return instructions: `ReturnValueInstruction`, for returning a value from + * There are two different return instructions: `ReturnValueInstruction`, for returning a value from * a non-`void`-returning function, and `ReturnVoidInstruction`, for returning from a * `void`-returning function. */ @@ -1331,7 +1331,7 @@ class CheckedConvertOrThrowInstruction extends UnaryInstruction { * * If the operand holds a null address, the result is a null address. * - * This instruction is used to represent `dyanmic_cast` in C++, which returns the pointer to + * This instruction is used to represent `dynamic_cast` in C++, which returns the pointer to * the most-derived object. */ class CompleteObjectAddressInstruction extends UnaryInstruction { diff --git a/cpp/ql/lib/semmle/code/cpp/ir/implementation/unaliased_ssa/internal/SSAConstruction.qll b/cpp/ql/lib/semmle/code/cpp/ir/implementation/unaliased_ssa/internal/SSAConstruction.qll index d65ee10f402..efc927a05e6 100644 --- a/cpp/ql/lib/semmle/code/cpp/ir/implementation/unaliased_ssa/internal/SSAConstruction.qll +++ b/cpp/ql/lib/semmle/code/cpp/ir/implementation/unaliased_ssa/internal/SSAConstruction.qll @@ -64,7 +64,7 @@ private module Cached { or instr = reusedPhiInstruction(_) and // Check that the phi instruction is *not* degenerate, but we can't use - // getDegeneratePhiOperand in the first stage with phi instyructions + // getDegeneratePhiOperand in the first stage with phi instructions not exists( unique(OldIR::PhiInputOperand operand | operand = instr.(OldIR::PhiInstruction).getAnInputOperand() and @@ -718,7 +718,7 @@ module DefUse { } /** - * Gets the rank index of a hyphothetical use one instruction past the end of + * Gets the rank index of a hypothetical use one instruction past the end of * the block. This index can be used to determine if a definition reaches the * end of the block, even if the definition is the last instruction in the * block. diff --git a/cpp/ql/lib/semmle/code/cpp/ir/internal/IRUtilities.qll b/cpp/ql/lib/semmle/code/cpp/ir/internal/IRUtilities.qll index 1415cdc9c5b..bfd850384ac 100644 --- a/cpp/ql/lib/semmle/code/cpp/ir/internal/IRUtilities.qll +++ b/cpp/ql/lib/semmle/code/cpp/ir/internal/IRUtilities.qll @@ -12,7 +12,7 @@ private Type getDecayedType(Type type) { } /** - * Holds if the sepcified variable is a structured binding with a non-reference + * Holds if the specified variable is a structured binding with a non-reference * type. */ predicate isNonReferenceStructuredBinding(Variable v) { diff --git a/cpp/ql/lib/semmle/code/cpp/metrics/MetricFile.qll b/cpp/ql/lib/semmle/code/cpp/metrics/MetricFile.qll index b3838ce4a5a..d9d7d286938 100644 --- a/cpp/ql/lib/semmle/code/cpp/metrics/MetricFile.qll +++ b/cpp/ql/lib/semmle/code/cpp/metrics/MetricFile.qll @@ -209,7 +209,7 @@ private predicate aClassFile(Class c, File file) { c.getDefinitionLocation().get pragma[noopt] private predicate dependsOnFileSimple(MetricFile source, MetricFile dest) { - // class derives from classs + // class derives from another class exists(Class fromClass, Class toClass | aClassFile(fromClass, source) and fromClass.derivesFrom(toClass) and diff --git a/cpp/ql/lib/semmle/code/cpp/rangeanalysis/RangeAnalysisUtils.qll b/cpp/ql/lib/semmle/code/cpp/rangeanalysis/RangeAnalysisUtils.qll index 410a39716dc..4717e79d9d3 100644 --- a/cpp/ql/lib/semmle/code/cpp/rangeanalysis/RangeAnalysisUtils.qll +++ b/cpp/ql/lib/semmle/code/cpp/rangeanalysis/RangeAnalysisUtils.qll @@ -173,7 +173,7 @@ predicate eqOpWithSwapAndNegate(EqualityOperation cmp, Expr a, Expr b, boolean i /** * Holds if `cmp` is an unconverted conversion of `a` to a Boolean that - * evalutes to `isEQ` iff `a` is 0. + * evaluates to `isEQ` iff `a` is 0. * * Note that `a` can be `cmp` itself or a conversion thereof. */ diff --git a/cpp/ql/lib/semmle/code/cpp/security/Encryption.qll b/cpp/ql/lib/semmle/code/cpp/security/Encryption.qll index 00be9a3deb5..054b2087e53 100644 --- a/cpp/ql/lib/semmle/code/cpp/security/Encryption.qll +++ b/cpp/ql/lib/semmle/code/cpp/security/Encryption.qll @@ -51,14 +51,14 @@ string getInsecureAlgorithmRegex() { /** * Holds if `name` looks like it might be related to operations with an - * insecure encyption algorithm. + * insecure encryption algorithm. */ bindingset[name] predicate isInsecureEncryption(string name) { name.regexpMatch(getInsecureAlgorithmRegex()) } /** * Holds if there is additional evidence that `name` looks like it might be - * related to operations with an encyption algorithm, besides the name of a + * related to operations with an encryption algorithm, besides the name of a * specific algorithm. This can be used in conjunction with * `isInsecureEncryption` to produce a stronger heuristic. */ diff --git a/cpp/ql/lib/semmle/code/cpp/security/TaintTrackingImpl.qll b/cpp/ql/lib/semmle/code/cpp/security/TaintTrackingImpl.qll index 01230e6880c..532cf53e2d4 100644 --- a/cpp/ql/lib/semmle/code/cpp/security/TaintTrackingImpl.qll +++ b/cpp/ql/lib/semmle/code/cpp/security/TaintTrackingImpl.qll @@ -1,7 +1,7 @@ /** * DEPRECATED: we now use `semmle.code.cpp.ir.dataflow.DefaultTaintTracking`, * which is based on the IR but designed to behave similarly to this old - * libarary. + * library. * * Provides the implementation of `semmle.code.cpp.security.TaintTracking`. Do * not import this file directly. diff --git a/cpp/ql/lib/semmle/code/cpp/valuenumbering/HashCons.qll b/cpp/ql/lib/semmle/code/cpp/valuenumbering/HashCons.qll index 0073154dd3c..d3c212fb8a7 100644 --- a/cpp/ql/lib/semmle/code/cpp/valuenumbering/HashCons.qll +++ b/cpp/ql/lib/semmle/code/cpp/valuenumbering/HashCons.qll @@ -104,7 +104,7 @@ private newtype HC_Alloc = HC_HasAlloc(HashCons hc) { mk_HasAlloc(hc, _) } /** - * Used to implement optional extent expression on `new[]` exprtessions + * Used to implement optional extent expression on `new[]` expressions */ private newtype HC_Extent = HC_NoExtent() or @@ -116,7 +116,7 @@ private newtype HC_Args = HC_ArgCons(HashCons hc, int i, HC_Args list) { mk_ArgCons(hc, i, list, _) } /** - * Used to implement hash-consing of struct initizializers. + * Used to implement hash-consing of struct initializers. */ private newtype HC_Fields = HC_EmptyFields(Class c) { exists(ClassAggregateLiteral cal | c = cal.getUnspecifiedType()) } or diff --git a/cpp/ql/src/Best Practices/Likely Errors/CommaBeforeMisleadingIndentation.cpp b/cpp/ql/src/Best Practices/Likely Errors/CommaBeforeMisleadingIndentation.cpp new file mode 100644 index 00000000000..77246363fba --- /dev/null +++ b/cpp/ql/src/Best Practices/Likely Errors/CommaBeforeMisleadingIndentation.cpp @@ -0,0 +1,32 @@ +/* + * In this example, the developer intended to use a semicolon but accidentally used a comma: + */ + +enum privileges entitlements = NONE; + +if (is_admin) + entitlements = FULL, // BAD + +restrict_privileges(entitlements); + +/* + * The use of a comma means that the first example is equivalent to this second example: + */ + +enum privileges entitlements = NONE; + +if (is_admin) { + entitlements = FULL; + restrict_privileges(entitlements); +} + +/* + * The indentation of the first example suggests that the developer probably intended the following code: + */ + +enum privileges entitlements = NONE; + +if (is_admin) + entitlements = FULL; // GOOD + +restrict_privileges(entitlements); diff --git a/cpp/ql/src/Best Practices/Likely Errors/CommaBeforeMisleadingIndentation.qhelp b/cpp/ql/src/Best Practices/Likely Errors/CommaBeforeMisleadingIndentation.qhelp new file mode 100644 index 00000000000..d0aa29ca700 --- /dev/null +++ b/cpp/ql/src/Best Practices/Likely Errors/CommaBeforeMisleadingIndentation.qhelp @@ -0,0 +1,39 @@ + + + + +

+If the expression after the comma operator starts at an earlier column than the expression before the comma, then +this suspicious indentation possibly indicates a logic error, caused by a typo that may escape visual inspection. +

+ +This query has medium precision because CodeQL currently does not distinguish between tabs and spaces in whitespace. +If a file contains mixed tabs and spaces, alerts may highlight code that is correctly indented for one value of tab size but not for other tab sizes. + + + + +

+To ensure that your code is easy to read and review, use standard indentation around the comma operator. Always begin the right-hand-side operand at the same level of +indentation (column number) as the left-hand-side operand. This makes it easier for other developers to see the intended behavior of your code. +

+

+Use whitespace consistently to communicate your coding intentions. Where possible, avoid mixing tabs and spaces within a file. If you need to mix them, use them consistently. +

+ + + +

+This example shows three different ways of writing the same code. The first example contains a comma instead of a semicolon which means that the final line is part of the if statement, even though the indentation suggests that it is intended to be separate. The second example looks different but is functionally the same as the first example. It is more likely that the developer intended to write the third example. +

+ + + + +
  • Wikipedia: Comma operator
    • +
  • Wikipedia: Indentation style — Tabs, spaces, and size of indentations
    • +     + +     diff --git a/cpp/ql/src/Best Practices/Likely Errors/CommaBeforeMisleadingIndentation.ql b/cpp/ql/src/Best Practices/Likely Errors/CommaBeforeMisleadingIndentation.ql new file mode 100644 index 00000000000..b23234d4627 --- /dev/null +++ b/cpp/ql/src/Best Practices/Likely Errors/CommaBeforeMisleadingIndentation.ql @@ -0,0 +1,53 @@ +/** + * @name Comma before misleading indentation + * @description If expressions before and after a comma operator use different indentation, it is easy to misread the purpose of the code. + * @kind problem + * @id cpp/comma-before-misleading-indentation + * @problem.severity warning + * @security-severity 7.8 + * @precision medium + * @tags maintainability + * readability + * security + * external/cwe/cwe-1078 + * external/cwe/cwe-670 + */ + +import cpp +import semmle.code.cpp.commons.Exclusions + +/** Gets the sub-expression of 'e' with the earliest-starting Location */ +Expr normalizeExpr(Expr e) { + result = + min(Expr child | + child.getParentWithConversions*() = e.getFullyConverted() and + not child.getParentWithConversions*() = any(Call c).getAnArgument() + | + child order by child.getLocation().getStartColumn(), count(child.getParentWithConversions*()) + ) +} + +predicate isParenthesized(CommaExpr ce) { + ce.getParent*().(Expr).isParenthesised() + or + ce.isUnevaluated() // sizeof(), decltype(), alignof(), noexcept(), typeid() + or + ce.getParent*() = [any(IfStmt i).getCondition(), any(SwitchStmt s).getExpr()] + or + ce.getParent*() = [any(Loop l).getCondition(), any(ForStmt f).getUpdate()] + or + ce.getEnclosingStmt() = any(ForStmt f).getInitialization() +} + +from CommaExpr ce, Expr left, Expr right, Location leftLoc, Location rightLoc +where + ce.fromSource() and + not isFromMacroDefinition(ce) and + left = normalizeExpr(ce.getLeftOperand()) and + right = normalizeExpr(ce.getRightOperand()) and + leftLoc = left.getLocation() and + rightLoc = right.getLocation() and + not isParenthesized(ce) and + leftLoc.getEndLine() < rightLoc.getStartLine() and + leftLoc.getStartColumn() > rightLoc.getStartColumn() +select right, "The indentation level may be misleading for some tab sizes." diff --git a/cpp/ql/src/Best Practices/Unused Entities/UnusedStaticFunctions.ql b/cpp/ql/src/Best Practices/Unused Entities/UnusedStaticFunctions.ql index 418250d15ac..514cfac9a81 100644 --- a/cpp/ql/src/Best Practices/Unused Entities/UnusedStaticFunctions.ql +++ b/cpp/ql/src/Best Practices/Unused Entities/UnusedStaticFunctions.ql @@ -13,16 +13,32 @@ import cpp +pragma[noinline] +predicate possiblyIncompleteFile(File f) { + exists(Diagnostic d | d.getFile() = f and d.getSeverity() >= 3) +} + predicate immediatelyReachableFunction(Function f) { - not f.isStatic() or - exists(BlockExpr be | be.getFunction() = f) or - f instanceof MemberFunction or - f instanceof TemplateFunction or - f.getFile() instanceof HeaderFile or - f.getAnAttribute().hasName("constructor") or - f.getAnAttribute().hasName("destructor") or - f.getAnAttribute().hasName("used") or + not f.isStatic() + or + exists(BlockExpr be | be.getFunction() = f) + or + f instanceof MemberFunction + or + f instanceof TemplateFunction + or + f.getFile() instanceof HeaderFile + or + f.getAnAttribute().hasName("constructor") + or + f.getAnAttribute().hasName("destructor") + or + f.getAnAttribute().hasName("used") + or f.getAnAttribute().hasName("unused") + or + // a compiler error in the same file suggests we may be missing data + possiblyIncompleteFile(f.getFile()) } predicate immediatelyReachableVariable(Variable v) { diff --git a/cpp/ql/src/Best Practices/Unused Entities/UnusedStaticVariables.qhelp b/cpp/ql/src/Best Practices/Unused Entities/UnusedStaticVariables.qhelp index 6e0c263e4fa..b8838c26c52 100644 --- a/cpp/ql/src/Best Practices/Unused Entities/UnusedStaticVariables.qhelp +++ b/cpp/ql/src/Best Practices/Unused Entities/UnusedStaticVariables.qhelp @@ -11,7 +11,7 @@ caused by an unhandled case.

    -

    Check that the unused static variable does not indicate a defect, for example, an unhandled case. If the static variable is genuinuely not needed, +

    Check that the unused static variable does not indicate a defect, for example, an unhandled case. If the static variable is genuinely not needed, then removing it will make code more readable. If the static variable is needed then you should update the code to fix the defect.

     diff --git a/cpp/ql/src/CHANGELOG.md b/cpp/ql/src/CHANGELOG.md index 8da02215877..14b2976282b 100644 --- a/cpp/ql/src/CHANGELOG.md +++ b/cpp/ql/src/CHANGELOG.md @@ -125,7 +125,7 @@ * The `security` tag has been added to the `cpp/return-stack-allocated-memory` query. As a result, its results will now appear by default. * The "Uncontrolled data in arithmetic expression" (cpp/uncontrolled-arithmetic) query has been enhanced to reduce false positive results and its @precision increased to high. -* A new `cpp/very-likely-overruning-write` query has been added to the default query suite for C/C++. The query reports some results that were formerly flagged by `cpp/overruning-write`. +* A new `cpp/very-likely-overrunning-write` query has been added to the default query suite for C/C++. The query reports some results that were formerly flagged by `cpp/overrunning-write`. ### Minor Analysis Improvements diff --git a/cpp/ql/src/Critical/DescriptorMayNotBeClosed.qhelp b/cpp/ql/src/Critical/DescriptorMayNotBeClosed.qhelp index 2016e05d936..41473d68371 100644 --- a/cpp/ql/src/Critical/DescriptorMayNotBeClosed.qhelp +++ b/cpp/ql/src/Critical/DescriptorMayNotBeClosed.qhelp @@ -19,7 +19,7 @@ This can occur when an operation performed on the open descriptor fails, and the

    In the example below, the sockfd socket may remain open if an error is triggered. -The code should be updated to ensure that the socket is always closed when when the function ends. +The code should be updated to ensure that the socket is always closed when the function ends.

    diff --git a/cpp/ql/src/Critical/MemoryMayNotBeFreed.ql b/cpp/ql/src/Critical/MemoryMayNotBeFreed.ql index b004aa835b9..d2afdad1306 100644 --- a/cpp/ql/src/Critical/MemoryMayNotBeFreed.ql +++ b/cpp/ql/src/Critical/MemoryMayNotBeFreed.ql @@ -63,7 +63,7 @@ predicate verifiedRealloc(FunctionCall reallocCall, Variable v, ControlFlowNode node.(AnalysedExpr).getNonNullSuccessor(newV) = verified and // note: this case uses naive flow logic (getAnAssignedValue). // special case: if the result of the 'realloc' is assigned to the - // same variable, we don't descriminate properly between the old + // same variable, we don't discriminate properly between the old // and the new allocation; better to not consider this a free at // all in that case. newV != v diff --git a/cpp/ql/src/Documentation/DocumentApi.qhelp b/cpp/ql/src/Documentation/DocumentApi.qhelp index 9bc19d35056..4154e5cebc4 100644 --- a/cpp/ql/src/Documentation/DocumentApi.qhelp +++ b/cpp/ql/src/Documentation/DocumentApi.qhelp @@ -15,7 +15,7 @@ As an exception, because their purpose is usually obvious, it is not necessary t

    -Add comments to document the purpose of the function. In particular, ensure that the public API of the function is carefully documented. This reduces the chance that a future change to the function will introduce a defect by changing the API and breaking the expections of the calling functions. +Add comments to document the purpose of the function. In particular, ensure that the public API of the function is carefully documented. This reduces the chance that a future change to the function will introduce a defect by changing the API and breaking the expectations of the calling functions.

    diff --git a/cpp/ql/src/Likely Bugs/Arithmetic/ComparisonPrecedence.qhelp b/cpp/ql/src/Likely Bugs/Arithmetic/ComparisonPrecedence.qhelp index aef03996053..5cae8407887 100644 --- a/cpp/ql/src/Likely Bugs/Arithmetic/ComparisonPrecedence.qhelp +++ b/cpp/ql/src/Likely Bugs/Arithmetic/ComparisonPrecedence.qhelp @@ -6,7 +6,7 @@

    -This rule finds comparison expressions that use 2 or more comparison operators and are not completely paranthesized. +This rule finds comparison expressions that use 2 or more comparison operators and are not completely parenthesized. It is best to fully parenthesize complex comparison expressions to explicitly define the order of the comparison operators.

    diff --git a/cpp/ql/src/Likely Bugs/ContinueInFalseLoop.ql b/cpp/ql/src/Likely Bugs/ContinueInFalseLoop.ql index 293595d60d8..5b16fc7cf8f 100644 --- a/cpp/ql/src/Likely Bugs/ContinueInFalseLoop.ql +++ b/cpp/ql/src/Likely Bugs/ContinueInFalseLoop.ql @@ -23,7 +23,7 @@ DoStmt getAFalseLoop() { /** * Gets a `do` ... `while` loop surrounding a statement. This is blocked by a * `switch` statement, since a `continue` inside a `switch` inside a loop may be - * jusitifed (`continue` breaks out of the loop whereas `break` only escapes the + * justified (`continue` breaks out of the loop whereas `break` only escapes the * `switch`). */ DoStmt enclosingLoop(Stmt s) { diff --git a/cpp/ql/src/Likely Bugs/Likely Typos/IncorrectNotOperatorUsage.qhelp b/cpp/ql/src/Likely Bugs/Likely Typos/IncorrectNotOperatorUsage.qhelp index 37b78dd368c..bac09fe9cf1 100644 --- a/cpp/ql/src/Likely Bugs/Likely Typos/IncorrectNotOperatorUsage.qhelp +++ b/cpp/ql/src/Likely Bugs/Likely Typos/IncorrectNotOperatorUsage.qhelp @@ -6,9 +6,9 @@

    This rule finds logical-not operator usage as an operator for in a bit-wise operation.

    -

    Due to the nature of logical operation result value, only the lowest bit could possibly be set, and it is unlikely to be intent in bitwise opeartions. Violations are often indicative of a typo, using a logical-not (!) opeartor instead of the bit-wise not (~) operator.

    +

    Due to the nature of logical operation result value, only the lowest bit could possibly be set, and it is unlikely to be intent in bitwise operations. Violations are often indicative of a typo, using a logical-not (!) operator instead of the bit-wise not (~) operator.

    This rule is restricted to analyze bit-wise and (&) and bit-wise or (|) operation in order to provide better precision.

    -

    This rule ignores instances where a double negation (!!) is explicitly used as the opeartor of the bitwise operation, as this is a commonly used as a mechanism to normalize an integer value to either 1 or 0.

    +

    This rule ignores instances where a double negation (!!) is explicitly used as the operator of the bitwise operation, as this is a commonly used as a mechanism to normalize an integer value to either 1 or 0.

    NOTE: It is not recommended to use this rule in kernel code or older C code as it will likely find several false positive instances.

     diff --git a/cpp/ql/src/Likely Bugs/Likely Typos/IncorrectNotOperatorUsage.ql b/cpp/ql/src/Likely Bugs/Likely Typos/IncorrectNotOperatorUsage.ql index 9c0230d7514..8f7b9a4554f 100644 --- a/cpp/ql/src/Likely Bugs/Likely Typos/IncorrectNotOperatorUsage.ql +++ b/cpp/ql/src/Likely Bugs/Likely Typos/IncorrectNotOperatorUsage.ql @@ -17,7 +17,7 @@ import cpp /** * It's common in some projects to use "a double negation" to normalize the boolean * result to either 1 or 0. - * This predciate is intended to filter explicit usage of a double negation as it typically + * This predicate is intended to filter explicit usage of a double negation as it typically * indicates the explicit purpose to normalize the result for bit-wise or arithmetic purposes. */ predicate doubleNegationNormalization(NotExpr notexpr) { notexpr.getAnOperand() instanceof NotExpr } diff --git a/cpp/ql/src/Likely Bugs/Memory Management/NtohlArrayNoBound.ql b/cpp/ql/src/Likely Bugs/Memory Management/NtohlArrayNoBound.ql index f563e5b5f9e..5d03ccc44ea 100644 --- a/cpp/ql/src/Likely Bugs/Memory Management/NtohlArrayNoBound.ql +++ b/cpp/ql/src/Likely Bugs/Memory Management/NtohlArrayNoBound.ql @@ -3,7 +3,7 @@ * @name Untrusted network-to-host usage * @description Using the result of a network-to-host byte order function, such as ntohl, as an * array bound or length value without checking it may result in buffer overflows or - * other vulnerabilties. + * other vulnerabilities. * @kind problem * @problem.severity error */ diff --git a/cpp/ql/src/Likely Bugs/Memory Management/PointerOverflow.qhelp b/cpp/ql/src/Likely Bugs/Memory Management/PointerOverflow.qhelp index 5cc0ae21af9..fe25fae8f4a 100644 --- a/cpp/ql/src/Likely Bugs/Memory Management/PointerOverflow.qhelp +++ b/cpp/ql/src/Likely Bugs/Memory Management/PointerOverflow.qhelp @@ -49,7 +49,7 @@ pointer overflow.

    While it's not the subject of this query, the expression ptr + i < -ptr_end is also an invalid range check. It's undefined behavor in +ptr_end is also an invalid range check. It's undefined behavior in C/C++ to create a pointer that points more than one past the end of an allocation.

    diff --git a/cpp/ql/src/Likely Bugs/Memory Management/ReturnStackAllocatedMemory.ql b/cpp/ql/src/Likely Bugs/Memory Management/ReturnStackAllocatedMemory.ql index ed1d4084993..26c8ae4c258 100644 --- a/cpp/ql/src/Likely Bugs/Memory Management/ReturnStackAllocatedMemory.ql +++ b/cpp/ql/src/Likely Bugs/Memory Management/ReturnStackAllocatedMemory.ql @@ -44,7 +44,7 @@ class ReturnStackAllocatedMemoryConfig extends MustFlowConfiguration { // Holds if `sink` is a node that represents the `StoreInstruction` that is subsequently used in // a `ReturnValueInstruction`. // We use the `StoreInstruction` instead of the instruction that defines the - // `ReturnValueInstruction`'s source value oprand because the former has better location information. + // `ReturnValueInstruction`'s source value operand because the former has better location information. exists(StoreInstruction store | store.getDestinationAddress().(VariableAddressInstruction).getIRVariable() instanceof IRReturnVariable and diff --git a/cpp/ql/src/Likely Bugs/Memory Management/SuspiciousCallToStrncat.qhelp b/cpp/ql/src/Likely Bugs/Memory Management/SuspiciousCallToStrncat.qhelp index 13c1e6d2710..3ffc326585f 100644 --- a/cpp/ql/src/Likely Bugs/Memory Management/SuspiciousCallToStrncat.qhelp +++ b/cpp/ql/src/Likely Bugs/Memory Management/SuspiciousCallToStrncat.qhelp @@ -12,7 +12,7 @@ the third argument to the entire size of the destination buffer. Executing a call of this type may cause a buffer overflow unless the buffer is known to be empty.

    Similarly, calls of the form strncat(dest, src, sizeof (dest) - strlen (dest)) allow one -byte to be written ouside the dest buffer.

    +byte to be written outside the dest buffer.

    Buffer overflows can lead to anything from a segmentation fault to a security vulnerability.

    diff --git a/cpp/ql/src/Likely Bugs/Memory Management/SuspiciousCallToStrncat.ql b/cpp/ql/src/Likely Bugs/Memory Management/SuspiciousCallToStrncat.ql index 644c48622a2..0d46332a40a 100644 --- a/cpp/ql/src/Likely Bugs/Memory Management/SuspiciousCallToStrncat.ql +++ b/cpp/ql/src/Likely Bugs/Memory Management/SuspiciousCallToStrncat.ql @@ -24,7 +24,7 @@ import semmle.code.cpp.valuenumbering.GlobalValueNumbering * Holds if `call` is a call to `strncat` such that `sizeArg` and `destArg` are the size and * destination arguments, respectively. */ -predicate interestringCallWithArgs(Call call, Expr sizeArg, Expr destArg) { +predicate interestingCallWithArgs(Call call, Expr sizeArg, Expr destArg) { exists(StrcatFunction strcat | strcat = call.getTarget() and sizeArg = call.getArgument(strcat.getParamSize()) and @@ -37,7 +37,7 @@ predicate interestringCallWithArgs(Call call, Expr sizeArg, Expr destArg) { * argument `destArg`, and `destArg` is the size of the buffer pointed to by `destArg`. */ predicate case1(FunctionCall fc, Expr sizeArg, VariableAccess destArg) { - interestringCallWithArgs(fc, sizeArg, destArg) and + interestingCallWithArgs(fc, sizeArg, destArg) and exists(VariableAccess va | va = sizeArg.(BufferSizeExpr).getArg() and destArg.getTarget() = va.getTarget() @@ -49,7 +49,7 @@ predicate case1(FunctionCall fc, Expr sizeArg, VariableAccess destArg) { * argument `destArg`, and `sizeArg` computes the value `sizeof (dest) - strlen (dest)`. */ predicate case2(FunctionCall fc, Expr sizeArg, VariableAccess destArg) { - interestringCallWithArgs(fc, sizeArg, destArg) and + interestingCallWithArgs(fc, sizeArg, destArg) and exists(SubExpr sub, int n | // The destination buffer is an array of size n destArg.getUnspecifiedType().(ArrayType).getSize() = n and diff --git a/cpp/ql/src/Likely Bugs/Underspecified Functions/ImplicitFunctionDeclaration.c b/cpp/ql/src/Likely Bugs/Underspecified Functions/ImplicitFunctionDeclaration.c index a4c943f556c..c386a171e6b 100644 --- a/cpp/ql/src/Likely Bugs/Underspecified Functions/ImplicitFunctionDeclaration.c +++ b/cpp/ql/src/Likely Bugs/Underspecified Functions/ImplicitFunctionDeclaration.c @@ -1,4 +1,4 @@ -/* '#include ' was forgotton */ +/* '#include ' was forgotten */ int main(void) { /* 'int malloc()' assumed */ diff --git a/cpp/ql/src/Metrics/Classes/CLackOfCohesionCK.qhelp b/cpp/ql/src/Metrics/Classes/CLackOfCohesionCK.qhelp index f283056d2a8..1af359e5c50 100644 --- a/cpp/ql/src/Metrics/Classes/CLackOfCohesionCK.qhelp +++ b/cpp/ql/src/Metrics/Classes/CLackOfCohesionCK.qhelp @@ -6,7 +6,7 @@

    This metric provides an indication of the lack of cohesion of a class, using a method proposed by Chidamber and Kemerer in 1994. The idea -behind measuring a class's cohesion is that most funcions in well-designed +behind measuring a class's cohesion is that most functions in well-designed classes will access the same fields. Types that exhibit a lack of cohesion are often trying to take on multiple responsibilities, and should be split into several smaller classes. diff --git a/cpp/ql/src/Metrics/Namespaces/StableNamespaces.qhelp b/cpp/ql/src/Metrics/Namespaces/StableNamespaces.qhelp index 44bdc327634..13eef3113da 100644 --- a/cpp/ql/src/Metrics/Namespaces/StableNamespaces.qhelp +++ b/cpp/ql/src/Metrics/Namespaces/StableNamespaces.qhelp @@ -11,7 +11,7 @@ by changes to other packages. If this metric value is high, a package is easily influenced. If the values is low, the impact of changes to other packages is likely to be minimal. Instability is estimated as the number of outgoing dependencies relative to the total - number of depencies.

    + number of dependencies.

     diff --git a/cpp/ql/src/Metrics/Namespaces/UnstableNamespaces.qhelp b/cpp/ql/src/Metrics/Namespaces/UnstableNamespaces.qhelp index bac1609760b..2f6620f95aa 100644 --- a/cpp/ql/src/Metrics/Namespaces/UnstableNamespaces.qhelp +++ b/cpp/ql/src/Metrics/Namespaces/UnstableNamespaces.qhelp @@ -11,7 +11,7 @@ by changes to other packages. If this metric value is high, a package is easily influenced. If the values is low, the impact of changes to other packages is likely to be minimal. Instability is estimated as the number of outgoing dependencies relative to the total - number of depencies.

    + number of dependencies.

    diff --git a/cpp/ql/src/Security/CWE/CWE-120/OverrunWrite.ql b/cpp/ql/src/Security/CWE/CWE-120/OverrunWrite.ql index 438e87a501a..00c8636369b 100644 --- a/cpp/ql/src/Security/CWE/CWE-120/OverrunWrite.ql +++ b/cpp/ql/src/Security/CWE/CWE-120/OverrunWrite.ql @@ -26,7 +26,7 @@ where dest = bw.getDest() and destSize = getBufferSize(dest, _) and estimated = bw.getMaxDataLimited(reason) and - // we exclude ValueFlowAnalysis as it is reported in cpp/very-likely-overruning-write + // we exclude ValueFlowAnalysis as it is reported in cpp/very-likely-overrunning-write not reason instanceof ValueFlowAnalysis and // we can deduce that too much data may be copied (even without // long '%f' conversions) diff --git a/cpp/ql/src/Security/CWE/CWE-190/Bounded.qll b/cpp/ql/src/Security/CWE/CWE-190/Bounded.qll index b6b0d608d2a..ff5c347e5e2 100644 --- a/cpp/ql/src/Security/CWE/CWE-190/Bounded.qll +++ b/cpp/ql/src/Security/CWE/CWE-190/Bounded.qll @@ -31,7 +31,7 @@ predicate bounded(Expr e) { ) and not convertedExprMightOverflow(e) or - // Optimitically assume that a remainder expression always yields a much smaller value. + // Optimistically assume that a remainder expression always yields a much smaller value. e = any(RemExpr rem).getLeftOperand() or e = any(AssignRemExpr rem).getLValue() @@ -44,7 +44,7 @@ predicate bounded(Expr e) { boundedBitwiseAnd(e, andExpr, andExpr.getAnOperand(), andExpr.getAnOperand()) ) or - // Optimitically assume that a division always yields a much smaller value. + // Optimistically assume that a division always yields a much smaller value. e = any(DivExpr div).getLeftOperand() or e = any(AssignDivExpr div).getLValue() diff --git a/cpp/ql/src/Security/CWE/CWE-732/UnsafeDaclSecurityDescriptor.qhelp b/cpp/ql/src/Security/CWE/CWE-732/UnsafeDaclSecurityDescriptor.qhelp index 519d21fd8c1..11d824c2d41 100644 --- a/cpp/ql/src/Security/CWE/CWE-732/UnsafeDaclSecurityDescriptor.qhelp +++ b/cpp/ql/src/Security/CWE/CWE-732/UnsafeDaclSecurityDescriptor.qhelp @@ -5,7 +5,7 @@

    This query indicates that a call is setting the DACL field in a SECURITY_DESCRIPTOR to null.

    -

    When using SetSecurityDescriptorDacl to set a discretionary access control (DACL), setting the bDaclPresent argument to TRUE indicates the prescence of a DACL in the security description in the argument pDacl.

    +

    When using SetSecurityDescriptorDacl to set a discretionary access control (DACL), setting the bDaclPresent argument to TRUE indicates the presence of a DACL in the security description in the argument pDacl.

    When the pDacl parameter does not point to a DACL (i.e. it is NULL) and the bDaclPresent flag is TRUE, a NULL DACL is specified.

    A NULL DACL grants full access to any user who requests it; normal security checking is not performed with respect to the object.

     diff --git a/cpp/ql/src/change-notes/2022-09-21-unused-static-function.md b/cpp/ql/src/change-notes/2022-09-21-unused-static-function.md new file mode 100644 index 00000000000..80bd25b7179 --- /dev/null +++ b/cpp/ql/src/change-notes/2022-09-21-unused-static-function.md @@ -0,0 +1,4 @@ +--- +category: minorAnalysis +--- +* Fixed false positives from the "Unused static function" (`cpp/unused-static-function`) query in files that had errors during compilation. diff --git a/cpp/ql/src/change-notes/2022-09-30-comma-before-missing-indentation.md b/cpp/ql/src/change-notes/2022-09-30-comma-before-missing-indentation.md new file mode 100644 index 00000000000..dad3b0b3377 --- /dev/null +++ b/cpp/ql/src/change-notes/2022-09-30-comma-before-missing-indentation.md @@ -0,0 +1,4 @@ +--- +category: newQuery +--- +* Added a new medium-precision query, `cpp/comma-before-misleading-indentation`, which detects instances of whitespace that have readability issues. diff --git a/cpp/ql/src/change-notes/released/0.0.8.md b/cpp/ql/src/change-notes/released/0.0.8.md index 268d87d92a7..c9739887dd5 100644 --- a/cpp/ql/src/change-notes/released/0.0.8.md +++ b/cpp/ql/src/change-notes/released/0.0.8.md @@ -4,7 +4,7 @@ * The `security` tag has been added to the `cpp/return-stack-allocated-memory` query. As a result, its results will now appear by default. * The "Uncontrolled data in arithmetic expression" (cpp/uncontrolled-arithmetic) query has been enhanced to reduce false positive results and its @precision increased to high. -* A new `cpp/very-likely-overruning-write` query has been added to the default query suite for C/C++. The query reports some results that were formerly flagged by `cpp/overruning-write`. +* A new `cpp/very-likely-overrunning-write` query has been added to the default query suite for C/C++. The query reports some results that were formerly flagged by `cpp/overrunning-write`. ### Minor Analysis Improvements diff --git a/cpp/ql/src/definitions.ql b/cpp/ql/src/definitions.ql index 84ef77fdc9d..c12277eaf23 100644 --- a/cpp/ql/src/definitions.ql +++ b/cpp/ql/src/definitions.ql @@ -13,6 +13,6 @@ where def = definitionOf(e, kind) and // We need to exclude definitions for elements inside template instantiations, // as these often lead to multiple links to definitions from the same source location. - // LGTM does not support this bevaviour. + // LGTM does not support this behaviour. not e.isFromTemplateInstantiation(_) select e, def, kind diff --git a/cpp/ql/src/experimental/Best Practices/WrongUintAccess.ql b/cpp/ql/src/experimental/Best Practices/WrongUintAccess.ql index ee1cca9b6e9..e13ea7091ba 100644 --- a/cpp/ql/src/experimental/Best Practices/WrongUintAccess.ql +++ b/cpp/ql/src/experimental/Best Practices/WrongUintAccess.ql @@ -1,7 +1,7 @@ /** * @id cpp/wrong-uint-access * @name Wrong Uint - * @descripion Acess an array of size lower than 256 with a uint16. + * @description Access an array of size lower than 256 with a uint16. * @kind problem * @problem.severity recommendation * @tags efficiency @@ -21,5 +21,5 @@ where ) and defLine.getArraySize() <= 256 select useExpr, - "Using a " + useExpr.getArrayOffset().getType() + " to acess the array $@ of size " + + "Using a " + useExpr.getArrayOffset().getType() + " to access the array $@ of size " + defLine.getArraySize() + ".", var, var.getName() diff --git a/cpp/ql/src/experimental/Security/CWE/CWE-078/WordexpTainted.c b/cpp/ql/src/experimental/Security/CWE/CWE-078/WordexpTainted.c new file mode 100644 index 00000000000..63cd5488f44 --- /dev/null +++ b/cpp/ql/src/experimental/Security/CWE/CWE-078/WordexpTainted.c @@ -0,0 +1,19 @@ + +int main(int argc, char** argv) { + char *filePath = argv[2]; + + { + // BAD: the user-controlled string is injected + // directly into `wordexp` which performs command substitution + + wordexp_t we; + wordexp(filePath, &we, 0); + } + + { + // GOOD: command substitution is disabled + + wordexp_t we; + wordexp(filePath, &we, WRDE_NOCMD); + } +} diff --git a/cpp/ql/src/experimental/Security/CWE/CWE-078/WordexpTainted.qhelp b/cpp/ql/src/experimental/Security/CWE/CWE-078/WordexpTainted.qhelp new file mode 100644 index 00000000000..6dd9662c57d --- /dev/null +++ b/cpp/ql/src/experimental/Security/CWE/CWE-078/WordexpTainted.qhelp @@ -0,0 +1,42 @@ + + + +

    The code passes user input to wordexp. This leaves the code +vulnerable to attack by command injection, because wordexp performs command substitution. +Command substitution is a feature that replaces $(command) or `command` with the +output of the given command, allowing the user to run arbitrary code on the system. +

    + +     + + +

    When calling wordexp, pass the WRDE_NOCMD flag to prevent command substitution.

    + +     + +

    The following example passes a user-supplied file path to wordexp in two ways. The +first way uses wordexp with no specified flags. As such, it is vulnerable to command +injection. +The second way uses wordexp with the WRDE_NOCMD flag. As such, no command substitution +is performed, making this safe from command injection.

    + + +     + + +
  • CERT C Coding Standard: +STR02-C. +Sanitize data passed to complex subsystems.
    • +
  • +OWASP: +Command Injection. +
    • + + + + +     +     diff --git a/cpp/ql/src/experimental/Security/CWE/CWE-078/WordexpTainted.ql b/cpp/ql/src/experimental/Security/CWE/CWE-078/WordexpTainted.ql new file mode 100644 index 00000000000..40b61ff60f6 --- /dev/null +++ b/cpp/ql/src/experimental/Security/CWE/CWE-078/WordexpTainted.ql @@ -0,0 +1,57 @@ +/** + * @name Uncontrolled data used in `wordexp` command + * @description Using user-supplied data in a `wordexp` command, without + * disabling command substitution, can make code vulnerable + * to command injection. + * @kind path-problem + * @problem.severity error + * @precision high + * @id cpp/wordexp-injection + * @tags security + * external/cwe/cwe-078 + */ + +import cpp +import semmle.code.cpp.ir.dataflow.TaintTracking +import semmle.code.cpp.security.FlowSources +import DataFlow::PathGraph + +/** + * The `wordexp` function, which can perform command substitution. + */ +private class WordexpFunction extends Function { + WordexpFunction() { hasGlobalName("wordexp") } +} + +/** + * Holds if `fc` disables command substitution by containing `WRDE_NOCMD` as a flag argument. + */ +private predicate isCommandSubstitutionDisabled(FunctionCall fc) { + fc.getArgument(2).getValue().toInt().bitAnd(4) = 4 + /* 4 = WRDE_NOCMD. Check whether the flag is set. */ +} + +/** + * A configuration to track user-supplied data to the `wordexp` function. + */ +class WordexpTaintConfiguration extends TaintTracking::Configuration { + WordexpTaintConfiguration() { this = "WordexpTaintConfiguration" } + + override predicate isSource(DataFlow::Node source) { source instanceof FlowSource } + + override predicate isSink(DataFlow::Node sink) { + exists(FunctionCall fc | fc.getTarget() instanceof WordexpFunction | + fc.getArgument(0) = sink.asExpr() and + not isCommandSubstitutionDisabled(fc) + ) + } + + override predicate isSanitizer(DataFlow::Node node) { + node.asExpr().getUnspecifiedType() instanceof IntegralType + } +} + +from WordexpTaintConfiguration conf, DataFlow::PathNode sourceNode, DataFlow::PathNode sinkNode +where conf.hasFlowPath(sourceNode, sinkNode) +select sinkNode.getNode(), sourceNode, sinkNode, + "Using user-supplied data in a `wordexp` command, without disabling command substitution, can make code vulnerable to command injection." diff --git a/cpp/ql/src/experimental/Security/CWE/CWE-273/PrivilegeDroppingOutoforder.ql b/cpp/ql/src/experimental/Security/CWE/CWE-273/PrivilegeDroppingOutoforder.ql index 3c079728bcc..0491d711833 100644 --- a/cpp/ql/src/experimental/Security/CWE/CWE-273/PrivilegeDroppingOutoforder.ql +++ b/cpp/ql/src/experimental/Security/CWE/CWE-273/PrivilegeDroppingOutoforder.ql @@ -1,7 +1,7 @@ /** * @name LinuxPrivilegeDroppingOutoforder * @description A syscall commonly associated with privilege dropping is being called out of order. - * Normally a process drops group ID and sets supplimental groups for the target user + * Normally a process drops group ID and sets supplemental groups for the target user * before setting the target user ID. This can have security impact if the return code * from these methods is not checked. * @kind problem diff --git a/cpp/ql/src/experimental/Security/CWE/CWE-362/double-fetch.ql b/cpp/ql/src/experimental/Security/CWE/CWE-362/double-fetch.ql index 7169f3bead3..39ab8c1ead4 100644 --- a/cpp/ql/src/experimental/Security/CWE/CWE-362/double-fetch.ql +++ b/cpp/ql/src/experimental/Security/CWE/CWE-362/double-fetch.ql @@ -2,7 +2,7 @@ * @name Linux kernel double-fetch vulnerability detection * @description Double-fetch is a very common vulnerability pattern * in linux kernel, attacker can exploit double-fetch - * issues to obatain root privilege. + * issues to obtain root privilege. * Double-fetch is caused by fetching data from user * mode by calling copy_from_user twice, CVE-2016-6480 * is quite a good example for your information. diff --git a/cpp/ql/src/experimental/Security/CWE/CWE-561/FindIncorrectlyUsedSwitch.ql b/cpp/ql/src/experimental/Security/CWE/CWE-561/FindIncorrectlyUsedSwitch.ql index 7fc26e54ae9..2de9cf5fc78 100644 --- a/cpp/ql/src/experimental/Security/CWE/CWE-561/FindIncorrectlyUsedSwitch.ql +++ b/cpp/ql/src/experimental/Security/CWE/CWE-561/FindIncorrectlyUsedSwitch.ql @@ -84,7 +84,7 @@ predicate isConditionBig(SwitchStmt swtmp) { } /** Holds if there are labels inside the block with names similar to `default` or `case`. */ -predicate isWrongLableName(SwitchStmt swtmp) { +predicate isWrongLabelName(SwitchStmt swtmp) { not swtmp.hasDefaultCase() and exists(LabelStmt lb | ( @@ -147,7 +147,7 @@ where isConditionBig(sw) and msg = "The range of condition values is wider than the choices." ) or - isWrongLableName(sw) and msg = "Possibly erroneous label name." + isWrongLabelName(sw) and msg = "Possibly erroneous label name." or isCodeBeforeCase(sw) and msg = "Code before case will not be executed." select sw, msg diff --git a/cpp/ql/src/experimental/Security/CWE/CWE-703/FindIncorrectlyUsedExceptions.ql b/cpp/ql/src/experimental/Security/CWE/CWE-703/FindIncorrectlyUsedExceptions.ql index a88cd107b33..97c1e410066 100644 --- a/cpp/ql/src/experimental/Security/CWE/CWE-703/FindIncorrectlyUsedExceptions.ql +++ b/cpp/ql/src/experimental/Security/CWE/CWE-703/FindIncorrectlyUsedExceptions.ql @@ -24,7 +24,7 @@ where texp.getEnclosingStmt().getParentStmt*() = ts.getStmt() and not ts.getACatchClause().isEmpty() ) and - msg = "DllMain contains an exeption not wrapped in a try..catch block." + msg = "DllMain contains an exception not wrapped in a try..catch block." or texp.getExpr().isParenthesised() and texp.getExpr().(CommaExpr).getLeftOperand().isConstant() and diff --git a/cpp/ql/src/experimental/Security/CWE/CWE-754/ImproperCheckReturnValueScanf.qhelp b/cpp/ql/src/experimental/Security/CWE/CWE-754/ImproperCheckReturnValueScanf.qhelp index ab40910f5d3..69402cc08ae 100644 --- a/cpp/ql/src/experimental/Security/CWE/CWE-754/ImproperCheckReturnValueScanf.qhelp +++ b/cpp/ql/src/experimental/Security/CWE/CWE-754/ImproperCheckReturnValueScanf.qhelp @@ -12,7 +12,7 @@ The user should check the return value of `scanf` and related functions and chec

    -

    The first first example below is correct, as value of `i` is only read once it is checked that `scanf` has read one item. The second example is incorrect, as the return value of `scanf` is not checked, and as `scanf` might have failed to read any item before returning.

    +

    The first example below is correct, as value of `i` is only read once it is checked that `scanf` has read one item. The second example is incorrect, as the return value of `scanf` is not checked, and as `scanf` might have failed to read any item before returning.

     diff --git a/cpp/ql/src/external/CodeDuplication.qll b/cpp/ql/src/external/CodeDuplication.qll index e50323f7087..be2dc162e74 100644 --- a/cpp/ql/src/external/CodeDuplication.qll +++ b/cpp/ql/src/external/CodeDuplication.qll @@ -292,7 +292,7 @@ deprecated predicate duplicateFiles(File f, File other, int percent) { } /** - * DEPRECATED: Information on duplciate classes is no longer available. + * DEPRECATED: Information on duplicate classes is no longer available. * * Holds if most member functions of `c` (`numDup` out of `total`) are * duplicates of member functions in `other`. @@ -313,7 +313,7 @@ deprecated predicate mostlyDuplicateClassBase(Class c, Class other, int numDup, } /** - * DEPRECATED: Information on duplciate classes is no longer available. + * DEPRECATED: Information on duplicate classes is no longer available. * * Holds if most member functions of `c` are duplicates of member functions in * `other`. Provides the human-readable `message` to describe the amount of diff --git a/cpp/ql/src/jsf/4.07 Header Files/AV Rule 35.qhelp b/cpp/ql/src/jsf/4.07 Header Files/AV Rule 35.qhelp index 771d7e23e52..bc51714ec69 100644 --- a/cpp/ql/src/jsf/4.07 Header Files/AV Rule 35.qhelp +++ b/cpp/ql/src/jsf/4.07 Header Files/AV Rule 35.qhelp @@ -5,12 +5,12 @@

    Some header files, such as those which define structures or classes, cannot be included more than once within a translation unit, as doing so would -cause a redefinition error. Such headers must be guarded to prevent ill-effects from multiple inclusion. Simlarly, if header files include other +cause a redefinition error. Such headers must be guarded to prevent ill-effects from multiple inclusion. Similarly, if header files include other header files, and this inclusion graph contains a cycle, then at least one file within the cycle must contain header guards in order to break the cycle. Because of cases like these, all headers should be guarded as a matter of good practice, even if they do not strictly need to be.

    -Furthermore, most modern compilers contain optimisations which are triggered by header guards. If the header guard strictly conforms to the pattern +Furthermore, most modern compilers contain optimizations which are triggered by header guards. If the header guard strictly conforms to the pattern that compilers expect, then inclusions of that header other than the first have absolutely no effect: the file isn't re-read from disk, nor is it re-tokenised or re-preprocessed. This can result in a noticeable, albeit minor, improvement to compilation time.

    diff --git a/cpp/ql/src/jsf/4.13 Functions/AV Rule 119.ql b/cpp/ql/src/jsf/4.13 Functions/AV Rule 119.ql index 5eef707432e..0192041dfe8 100644 --- a/cpp/ql/src/jsf/4.13 Functions/AV Rule 119.ql +++ b/cpp/ql/src/jsf/4.13 Functions/AV Rule 119.ql @@ -14,4 +14,4 @@ from Function f where f.fromSource() and f.calls+(f) -select f, "Functions shall not call theselves, either directly or indirectly." +select f, "Functions shall not call themselves, either directly or indirectly." diff --git a/cpp/ql/src/jsf/4.21 Operators/AV Rule 160.ql b/cpp/ql/src/jsf/4.21 Operators/AV Rule 160.ql index 068715dbf8f..6f22e04b9e9 100644 --- a/cpp/ql/src/jsf/4.21 Operators/AV Rule 160.ql +++ b/cpp/ql/src/jsf/4.21 Operators/AV Rule 160.ql @@ -41,4 +41,4 @@ where not ae.getParent() instanceof ExprStmt and not ae instanceof ForStmtSideEffectExpr select ae, - "AV Rule 160: An assignment expression shall be used only as the exprression in an expression statement." + "AV Rule 160: An assignment expression shall be used only as the expression in an expression statement." diff --git a/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-078/WordexpTainted.expected b/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-078/WordexpTainted.expected new file mode 100644 index 00000000000..a8d7a480c81 --- /dev/null +++ b/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-078/WordexpTainted.expected @@ -0,0 +1,11 @@ +edges +| test.cpp:23:20:23:23 | argv | test.cpp:29:13:29:20 | (const char *)... | +| test.cpp:23:20:23:23 | argv | test.cpp:29:13:29:20 | filePath | +nodes +| test.cpp:23:20:23:23 | argv | semmle.label | argv | +| test.cpp:29:13:29:20 | (const char *)... | semmle.label | (const char *)... | +| test.cpp:29:13:29:20 | filePath | semmle.label | filePath | +subpaths +#select +| test.cpp:29:13:29:20 | (const char *)... | test.cpp:23:20:23:23 | argv | test.cpp:29:13:29:20 | (const char *)... | Using user-supplied data in a `wordexp` command, without disabling command substitution, can make code vulnerable to command injection. | +| test.cpp:29:13:29:20 | filePath | test.cpp:23:20:23:23 | argv | test.cpp:29:13:29:20 | filePath | Using user-supplied data in a `wordexp` command, without disabling command substitution, can make code vulnerable to command injection. | diff --git a/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-078/WordexpTainted.qlref b/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-078/WordexpTainted.qlref new file mode 100644 index 00000000000..ecff539f3e6 --- /dev/null +++ b/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-078/WordexpTainted.qlref @@ -0,0 +1 @@ +experimental/Security/CWE/CWE-078/WordexpTainted.ql \ No newline at end of file diff --git a/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-078/test.cpp b/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-078/test.cpp new file mode 100644 index 00000000000..0ae98b8f163 --- /dev/null +++ b/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-078/test.cpp @@ -0,0 +1,45 @@ +#ifdef _MSC_VER +#define restrict __restrict +#else +#define restrict __restrict__ +#endif + +typedef unsigned long size_t; + +typedef struct { + size_t we_wordc; + char **we_wordv; + size_t we_offs; +} wordexp_t; + +enum { + WRDE_APPEND = (1 << 1), + WRDE_NOCMD = (1 << 2) +}; + +int wordexp(const char *restrict s, wordexp_t *restrict p, int flags); + +int main(int argc, char** argv) { + char *filePath = argv[2]; + + { + // BAD: the user string is injected directly into `wordexp` which performs command substitution + + wordexp_t we; + wordexp(filePath, &we, 0); + } + + { + // GOOD: command substitution is disabled + + wordexp_t we; + wordexp(filePath, &we, WRDE_NOCMD); + } + + { + // GOOD: command substitution is disabled + + wordexp_t we; + wordexp(filePath, &we, WRDE_NOCMD | WRDE_APPEND); + } +} diff --git a/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-703/semmle/tests/FindIncorrectlyUsedExceptions.expected b/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-703/semmle/tests/FindIncorrectlyUsedExceptions.expected index af032eb387e..3bb6a86801f 100644 --- a/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-703/semmle/tests/FindIncorrectlyUsedExceptions.expected +++ b/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-703/semmle/tests/FindIncorrectlyUsedExceptions.expected @@ -1,3 +1,3 @@ | test.cpp:35:3:35:33 | call to runtime_error | Object creation of exception type on stack. Did you forget the throw keyword? | | test.cpp:41:3:41:11 | call to funcTest1 | There is an exception in the function that requires your attention. | -| test.cpp:42:3:42:9 | call to DllMain | DllMain contains an exeption not wrapped in a try..catch block. | +| test.cpp:42:3:42:9 | call to DllMain | DllMain contains an exception not wrapped in a try..catch block. | diff --git a/cpp/ql/test/query-tests/Best Practices/Likely Errors/CommaBeforeMisleadingIndentation/CommaBeforeMisleadingIndentation.expected b/cpp/ql/test/query-tests/Best Practices/Likely Errors/CommaBeforeMisleadingIndentation/CommaBeforeMisleadingIndentation.expected new file mode 100644 index 00000000000..e993345aa39 --- /dev/null +++ b/cpp/ql/test/query-tests/Best Practices/Likely Errors/CommaBeforeMisleadingIndentation/CommaBeforeMisleadingIndentation.expected @@ -0,0 +1,5 @@ +| test.cpp:49:2:49:8 | (void)... | The indentation level may be misleading for some tab sizes. | +| test.cpp:52:2:52:15 | (void)... | The indentation level may be misleading for some tab sizes. | +| test.cpp:160:3:160:9 | (void)... | The indentation level may be misleading for some tab sizes. | +| test.cpp:166:5:166:7 | ... ++ | The indentation level may be misleading for some tab sizes. | +| test.cpp:176:6:178:6 | ... ? ... : ... | The indentation level may be misleading for some tab sizes. | diff --git a/cpp/ql/test/query-tests/Best Practices/Likely Errors/CommaBeforeMisleadingIndentation/CommaBeforeMisleadingIndentation.qlref b/cpp/ql/test/query-tests/Best Practices/Likely Errors/CommaBeforeMisleadingIndentation/CommaBeforeMisleadingIndentation.qlref new file mode 100644 index 00000000000..02b5f38e358 --- /dev/null +++ b/cpp/ql/test/query-tests/Best Practices/Likely Errors/CommaBeforeMisleadingIndentation/CommaBeforeMisleadingIndentation.qlref @@ -0,0 +1 @@ +Best Practices/Likely Errors/CommaBeforeMisleadingIndentation.ql diff --git a/cpp/ql/test/query-tests/Best Practices/Likely Errors/CommaBeforeMisleadingIndentation/test.cpp b/cpp/ql/test/query-tests/Best Practices/Likely Errors/CommaBeforeMisleadingIndentation/test.cpp new file mode 100644 index 00000000000..dbf792db338 --- /dev/null +++ b/cpp/ql/test/query-tests/Best Practices/Likely Errors/CommaBeforeMisleadingIndentation/test.cpp @@ -0,0 +1,208 @@ +// clang-format off + +typedef unsigned size_t; + +struct X { + int foo(int y) { return y; } +} x; + +#define FOO(x) ( \ + (x), \ + (x) \ +) + +#define BAR(x, y) ((x), (y)) + +#define BAZ //printf + +struct Foo { + int i, i_array[3]; + int j; + virtual int foo(int) = 0; + virtual int bar(int, int) = 0; + int test(int (*baz)(int)); + + struct Tata { + struct Titi { + void tutu() {} + long toto() { return 42; } + } titi; + + Titi *operator->() { return &titi; } + } *tata; +}; + +int Foo::test(int (*baz)(int)) +{ + // Comma in simple if statement (prototypical example): + + if (i) + (void)i, // GOOD + j++; + + if (i) + this->foo(i), // GOOD + foo(i); + + if (i) + (void)i, // BAD + (void)j; + + if (1) FOO(i), + (void)x.foo(j); // BAD + + // Parenthesized comma (borderline example): + + foo(i++), j++; // GOOD + (foo(i++), j++); // GOOD + (foo(i++), // GOOD + j++); + (foo(i++), + foo(i++), + j++, // GOOD (?) -- Currently explicitly excluded + j++); + + x.foo(i++), j++; // GOOD + (x.foo(i++), j++); // GOOD + (x.foo(i++), // GOOD + j++); + (x.foo(i++), + x.foo(i++), + j++, // GOOD (?) -- Currently explicitly excluded + j++); + + FOO(i++), j++; // GOOD + (FOO(i++), j++); // GOOD + (FOO(i++), // GOOD + j++); + (FOO(i++), + FOO(i++), + j++, // GOOD (?) -- Currently explicitly excluded + j++); + + (void)(i++), j++; // GOOD + ((void)(i++), j++); // GOOD + ((void)(i++), // GOOD + j++); + ((void)(i++), + (void)(i++), + j++, // GOOD (?) -- Currently explicitly excluded + j++); + + // Comma in argument list doesn't count: + + bar(i++, j++); // GOOD + bar(i++, + j++); // GOOD + bar(i++ + , j++); // GOOD + bar(i++, + j++); // GOOD: common pattern and unlikely to be misread. + + BAR(i++, j++); // GOOD + BAR(i++, + j++); // GOOD + BAR(i++ + , j++); // GOOD + BAR(i++, + j++); // GOOD: common pattern and unlikely to be misread. + + using T = decltype(x.foo(i++), // GOOD + j++); + (void)sizeof(x.foo(i++), // GOOD + j++); + using U = decltype(x.foo(i++), // GOOD? Unlikely to be misread + j++); + (void)sizeof(x.foo(i++), // GOOD? Unlikely to be misread + j++); + + BAZ("%d %d\n", i, + j); // GOOD -- Currently explicitly excluded + + // Comma in loops + + while (i = foo(j++), // GOOD + i != j && i != 42 && + !foo(j)) { + i = j = i + j; + } + + while (i = foo(j++), // GOOD??? Currently ignoring loop heads + i != j && i != 42 && !foo(j)) { + i = j = i + j; + } + + for (i = 0, // GOOD? Currently ignoring loop heads. + j = 1; + i + j < 10; + i++, j++); + + for (i = 0, + j = 1; i < 10; i += 2, // GOOD? Currently ignoring loop heads. + j++) {} + + // Comma in if-conditions: + + if (i = foo(j++), + i == j) // GOOD(?) -- Currently ignoring if-conditions for the same reason as other parenthesized commas. + i = 0; + + // Mixed tabs and spaces (ugly case): + + for (i = 0, // GOOD if tab >= 4 spaces else BAD -- Currently ignoring loop heads. + j = 0; + i + j < 10; + i++, // GOOD if tab >= 4 spaces else BAD -- Currently ignoring loop heads. + j++); + + if (i) + (void)i, // GOOD if tab >= 4 spaces else BAD -- can't exclude w/o source code text :/ + (void)j; + + // LHS ends on same line RHS begins on: + + if (1) foo( + i++ + ), j++; // GOOD? [FALSE POSITIVE] + + if (1) baz( + i++ + ), j++; // GOOD... when calling a function pointer..!? + + // Weird cases: + + if (foo(j)) + return i++ + , i++ // GOOD(?) [FALSE POSITIVE] -- can't exclude w/o source code text :/ + ? 1 + : 2; + + int quux = + (tata->titi.tutu(), + foo(tata->titi.toto())); // GOOD + + (*tata)->toto(), // GOOD + i_array[i] += (int)(*tata)->toto(); + + return quux; +} + +// Comma in variadic template splice: + +namespace std { + template + struct index_sequence {}; +} + +template +struct zip_index {}; + +template +int& at(zip_index) { throw 1; } + +template +void for_each_input(Fn&& fn, std::index_sequence) { + (fn(zip_index{}, at(zip_index{})), ...); // GOOD +} + +// clang-format on diff --git a/cpp/ql/test/query-tests/Best Practices/Unused Entities/UnusedStaticFunctions/extraction_error.c b/cpp/ql/test/query-tests/Best Practices/Unused Entities/UnusedStaticFunctions/extraction_error.c new file mode 100644 index 00000000000..66eedf743fb --- /dev/null +++ b/cpp/ql/test/query-tests/Best Practices/Unused Entities/UnusedStaticFunctions/extraction_error.c @@ -0,0 +1,15 @@ +// semmle-extractor-options: --expect_errors + +static void my_function1_called() {} // GOOD +static void my_function2_called_after_error() {} // GOOD +static void my_function3_not_called() {} // BAD [NOT DETECTED] + +int main(void) { + my_function1_called(); + +--- compilation stops here because this line is not valid C code --- + + my_function2_called_after_error(); + + return 0; +} diff --git a/cpp/ql/test/query-tests/Best Practices/Unused Entities/UnusedStaticFunctions/unused_static_functions.cpp b/cpp/ql/test/query-tests/Best Practices/Unused Entities/UnusedStaticFunctions/unused_static_functions.cpp index 2984d8f0b1a..c0d83b52a57 100644 --- a/cpp/ql/test/query-tests/Best Practices/Unused Entities/UnusedStaticFunctions/unused_static_functions.cpp +++ b/cpp/ql/test/query-tests/Best Practices/Unused Entities/UnusedStaticFunctions/unused_static_functions.cpp @@ -33,3 +33,16 @@ static void f6(void); static void f5(void) { f6(); } static void f6(void) { f5(); } +// f7 and f8 are reachable from `function_caller` +static int f7() { return 1; } // GOOD +static void f8() { } // GOOD + +void function_caller() +{ + auto my_lambda = []() { + return f7(); + }(); + + f8(); +} + diff --git a/csharp/extractor/Semmle.Extraction.CIL/Context.Factories.cs b/csharp/extractor/Semmle.Extraction.CIL/Context.Factories.cs index 5ce1a58491f..a2fb43759df 100644 --- a/csharp/extractor/Semmle.Extraction.CIL/Context.Factories.cs +++ b/csharp/extractor/Semmle.Extraction.CIL/Context.Factories.cs @@ -218,7 +218,7 @@ namespace Semmle.Extraction.CIL public PdbSourceFile CreateSourceFile(PDB.ISourceFile file) => sourceFiles[file]; /// - /// Creates a folder entitiy with the given path. + /// Creates a folder entity with the given path. /// /// The path of the folder. /// A folder entity. diff --git a/csharp/extractor/Semmle.Extraction.CIL/Entities/Base/UnlabelledEntity.cs b/csharp/extractor/Semmle.Extraction.CIL/Entities/Base/UnlabelledEntity.cs index 8f3d340d104..de563080d4b 100644 --- a/csharp/extractor/Semmle.Extraction.CIL/Entities/Base/UnlabelledEntity.cs +++ b/csharp/extractor/Semmle.Extraction.CIL/Entities/Base/UnlabelledEntity.cs @@ -5,7 +5,7 @@ namespace Semmle.Extraction.CIL { /// /// An entity that has contents to extract. There is no need to populate - /// a key as it's done in the contructor. + /// a key as it's done in the constructor. /// internal abstract class UnlabelledEntity : Extraction.UnlabelledEntity, IExtractedEntity { diff --git a/csharp/extractor/Semmle.Extraction.CIL/Entities/IMember.cs b/csharp/extractor/Semmle.Extraction.CIL/Entities/IMember.cs index 1e2cc7aacac..37c0af7702b 100644 --- a/csharp/extractor/Semmle.Extraction.CIL/Entities/IMember.cs +++ b/csharp/extractor/Semmle.Extraction.CIL/Entities/IMember.cs @@ -1,7 +1,7 @@ namespace Semmle.Extraction.CIL.Entities { /// - /// An entity represting a member. + /// An entity representing a member. /// Used to type tuples correctly. /// internal interface IMember : IExtractedEntity diff --git a/csharp/extractor/Semmle.Extraction.CSharp/Entities/CachedSymbol.cs b/csharp/extractor/Semmle.Extraction.CSharp/Entities/CachedSymbol.cs index e03f945175b..bf7c2ca42b1 100644 --- a/csharp/extractor/Semmle.Extraction.CSharp/Entities/CachedSymbol.cs +++ b/csharp/extractor/Semmle.Extraction.CSharp/Entities/CachedSymbol.cs @@ -66,7 +66,7 @@ namespace Semmle.Extraction.CSharp.Entities } /// - /// The location which is stored in the database and is used when highlighing source code. + /// The location which is stored in the database and is used when highlighting source code. /// It's generally short, e.g. a method name. /// public override Microsoft.CodeAnalysis.Location? ReportingLocation => Symbol.Locations.FirstOrDefault(); diff --git a/csharp/extractor/Semmle.Extraction.CSharp/Entities/EventAccessor.cs b/csharp/extractor/Semmle.Extraction.CSharp/Entities/EventAccessor.cs index b578f51e0e0..e18d72350d8 100644 --- a/csharp/extractor/Semmle.Extraction.CSharp/Entities/EventAccessor.cs +++ b/csharp/extractor/Semmle.Extraction.CSharp/Entities/EventAccessor.cs @@ -42,7 +42,7 @@ namespace Semmle.Extraction.CSharp.Entities } else { - Context.ModelError(Symbol, $"Undhandled event accessor kind {Symbol.ToDisplayString()}"); + Context.ModelError(Symbol, $"Unhandled event accessor kind {Symbol.ToDisplayString()}"); return; } diff --git a/csharp/extractor/Semmle.Extraction.CSharp/Entities/Expression.cs b/csharp/extractor/Semmle.Extraction.CSharp/Entities/Expression.cs index 5c3a48c05ae..6e0380da693 100644 --- a/csharp/extractor/Semmle.Extraction.CSharp/Entities/Expression.cs +++ b/csharp/extractor/Semmle.Extraction.CSharp/Entities/Expression.cs @@ -74,7 +74,7 @@ namespace Semmle.Extraction.CSharp.Entities bool IExpressionParentEntity.IsTopLevelParent => false; /// - /// Gets a string represention of a constant value. + /// Gets a string representation of a constant value. /// /// The value. /// The string representation. diff --git a/csharp/extractor/Semmle.Extraction.CSharp/Entities/Modifier.cs b/csharp/extractor/Semmle.Extraction.CSharp/Entities/Modifier.cs index a94f0b54747..4ed4f2b6fb2 100644 --- a/csharp/extractor/Semmle.Extraction.CSharp/Entities/Modifier.cs +++ b/csharp/extractor/Semmle.Extraction.CSharp/Entities/Modifier.cs @@ -23,7 +23,7 @@ namespace Semmle.Extraction.CSharp.Entities trapFile.modifiers(Label, Symbol); } - public static string AccessbilityModifier(Accessibility access) + public static string AccessibilityModifier(Accessibility access) { switch (access) { @@ -48,7 +48,7 @@ namespace Semmle.Extraction.CSharp.Entities case Accessibility.Public: case Accessibility.Protected: case Accessibility.Internal: - HasModifier(cx, trapFile, type, Modifier.AccessbilityModifier(access)); + HasModifier(cx, trapFile, type, Modifier.AccessibilityModifier(access)); break; case Accessibility.NotApplicable: break; @@ -131,7 +131,7 @@ namespace Semmle.Extraction.CSharp.Entities public static Modifier Create(Context cx, Accessibility access) { - var modifier = AccessbilityModifier(access); + var modifier = AccessibilityModifier(access); return ModifierFactory.Instance.CreateEntity(cx, (typeof(Modifier), modifier), modifier); } diff --git a/csharp/extractor/Semmle.Extraction.CSharp/SymbolExtensions.cs b/csharp/extractor/Semmle.Extraction.CSharp/SymbolExtensions.cs index 26a104286a8..6018b9903c1 100644 --- a/csharp/extractor/Semmle.Extraction.CSharp/SymbolExtensions.cs +++ b/csharp/extractor/Semmle.Extraction.CSharp/SymbolExtensions.cs @@ -10,7 +10,7 @@ namespace Semmle.Extraction.CSharp { /// /// An ITypeSymbol with nullability annotations. - /// Although a similar class has been implemented in Rolsyn, + /// Although a similar class has been implemented in Roslyn, /// https://github.com/dotnet/roslyn/blob/090e52e27c38ad8f1ea4d033114c2a107604ddaa/src/Compilers/CSharp/Portable/Symbols/TypeWithAnnotations.cs /// it is an internal struct that has not yet been exposed on the public interface. /// @@ -80,8 +80,8 @@ namespace Semmle.Extraction.CSharp public static IEnumerable GetSourceLevelModifiers(this ISymbol symbol) { var methodModifiers = symbol.GetModifiers(md => md.Modifiers); - var typeModifers = symbol.GetModifiers(cd => cd.Modifiers); - return methodModifiers.Concat(typeModifers).Select(m => m.Text); + var typeModifiers = symbol.GetModifiers(cd => cd.Modifiers); + return methodModifiers.Concat(typeModifiers).Select(m => m.Text); } /// diff --git a/csharp/extractor/Semmle.Extraction/Entities/Base/IEntity.cs b/csharp/extractor/Semmle.Extraction/Entities/Base/IEntity.cs index dcf8dcbc373..f103296107d 100644 --- a/csharp/extractor/Semmle.Extraction/Entities/Base/IEntity.cs +++ b/csharp/extractor/Semmle.Extraction/Entities/Base/IEntity.cs @@ -26,7 +26,7 @@ namespace Semmle.Extraction Label Label { get; set; } /// - /// Writes the unique identifier of this entitiy to a trap file. + /// Writes the unique identifier of this entity to a trap file. /// /// The trapfile to write to. void WriteId(EscapingTextWriter trapFile); diff --git a/csharp/extractor/Semmle.Util/Enumerators.cs b/csharp/extractor/Semmle.Util/Enumerators.cs index 3d77e2522b6..16fad6cfa54 100644 --- a/csharp/extractor/Semmle.Util/Enumerators.cs +++ b/csharp/extractor/Semmle.Util/Enumerators.cs @@ -8,7 +8,7 @@ namespace Semmle.Util /// Create an enumerable with a single element. /// /// - /// The type of the enumerble/element. + /// The type of the enumerable/element. /// The element. /// An enumerable containing a single element. public static IEnumerable Singleton(T t) diff --git a/csharp/extractor/Semmle.Util/FuzzyDictionary.cs b/csharp/extractor/Semmle.Util/FuzzyDictionary.cs index 9f61fa1ffa9..53a84d98a08 100644 --- a/csharp/extractor/Semmle.Util/FuzzyDictionary.cs +++ b/csharp/extractor/Semmle.Util/FuzzyDictionary.cs @@ -17,7 +17,7 @@ namespace Semmle.Util /// The algorithm locates the closest match to a string based on a "distance function". /// /// Whilst many distance functions are possible, a bespoke algorithm is used here, - /// for efficiency and suitablility for the domain. + /// for efficiency and suitability for the domain. /// /// The distance is defined as the Hamming Distance of the numbers in the string. /// Each string is split into the base "form" (stripped of numbers) and a vector of diff --git a/csharp/old-change-notes/2020-08-26-implicit-array-lengths.md b/csharp/old-change-notes/2020-08-26-implicit-array-lengths.md index 7152975b292..e13a60e0f61 100644 --- a/csharp/old-change-notes/2020-08-26-implicit-array-lengths.md +++ b/csharp/old-change-notes/2020-08-26-implicit-array-lengths.md @@ -1,5 +1,5 @@ lgtm,codescanning -* Inferring the lengths of implicitely sized arrays is fixed. Previously, multi +* Inferring the lengths of implicitly sized arrays is fixed. Previously, multi dimensional arrays were always extracted with the same length for each dimension. With the fix, the array sizes `2` and `1` are extracted for `new int[,]{{1},{2}}`. Previously `2` and `2` were extracted. diff --git a/csharp/ql/campaigns/Solorigate/lib/Solorigate.qll b/csharp/ql/campaigns/Solorigate/lib/Solorigate.qll index 6947fc05bb1..51559093b07 100644 --- a/csharp/ql/campaigns/Solorigate/lib/Solorigate.qll +++ b/csharp/ql/campaigns/Solorigate/lib/Solorigate.qll @@ -124,7 +124,7 @@ string solorigateSuspiciousLiterals() { "fc00::", "fe00::", "fec0::", "ffc0::", "ff00::", "HKCC", "HKCR", "HKCU", "HKDD", "HKEY_CLASSES_ROOT", "HKEY_CURRENT_CONFIG", "HKEY_CURRENT_USER", "HKEY_DYN_DATA", "HKEY_LOCAL_MACHINE", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography", - "HKEY_PERFOMANCE_DATA", "HKEY_USERS", "HKLM", "HKPD", "HKU", "If-None-Match", + "HKEY_PERFORMANCE_DATA", "HKEY_USERS", "HKLM", "HKPD", "HKU", "If-None-Match", "Microsoft-CryptoAPI/", "Nodes", "Volumes", "Interfaces", "Components", "opensans", "Organization", "OSArchitecture", "ParentProcessID", "PathName", "ReportWatcherPostpone", "ReportWatcherRetry", "S-1-5-", "SeRestorePrivilege", "SeShutdownPrivilege", diff --git a/csharp/ql/lib/experimental/code/csharp/Cryptography/NonCryptographicHashes.qll b/csharp/ql/lib/experimental/code/csharp/Cryptography/NonCryptographicHashes.qll index 28de629816d..b7371fafb3e 100644 --- a/csharp/ql/lib/experimental/code/csharp/Cryptography/NonCryptographicHashes.qll +++ b/csharp/ql/lib/experimental/code/csharp/Cryptography/NonCryptographicHashes.qll @@ -10,7 +10,9 @@ import csharp private import DataFlow private import semmle.code.csharp.dataflow.TaintTracking2 -predicate maybeANonCryptogrphicHash(Callable callable, Variable v, Expr xor, Expr mul, LoopStmt loop) { +predicate maybeANonCryptographicHash( + Callable callable, Variable v, Expr xor, Expr mul, LoopStmt loop +) { callable = loop.getEnclosingCallable() and ( maybeUsedInFnvFunction(v, xor, mul, loop) or @@ -75,7 +77,7 @@ private predicate maybeUsedInElfHashFunction(Variable v, Operation xor, Operatio */ predicate isCallableAPotentialNonCryptographicHashFunction(Callable callable, Parameter param) { exists(Variable v, Expr op1, Expr op2, LoopStmt loop | - maybeANonCryptogrphicHash(callable, v, op1, op2, loop) and + maybeANonCryptographicHash(callable, v, op1, op2, loop) and callable.getAParameter() = param and exists(ParameterNode p, ExprNode n | p.getParameter() = param and diff --git a/csharp/ql/lib/semmle/code/cil/DataFlow.qll b/csharp/ql/lib/semmle/code/cil/DataFlow.qll index 55f8eb89432..9057cccf49b 100644 --- a/csharp/ql/lib/semmle/code/cil/DataFlow.qll +++ b/csharp/ql/lib/semmle/code/cil/DataFlow.qll @@ -20,16 +20,18 @@ class DataFlowNode extends @cil_dataflow_node { * Holds if this node flows to `sink` in one step. * `tt` is the tainting that occurs during this step. */ - predicate getALocalFlowSucc(DataFlowNode sink, TaintType tt) { + deprecated predicate getALocalFlowSucc(DataFlowNode sink, TaintType tt) { localExactStep(this, sink) and tt = TExactValue() or localTaintStep(this, sink) and tt = TTaintedValue() } - private predicate flowsToStep(DataFlowNode sink) { this.getALocalFlowSucc(sink, TExactValue()) } + deprecated private predicate flowsToStep(DataFlowNode sink) { + this.getALocalFlowSucc(sink, TExactValue()) + } /** Holds if this node flows to `sink` in zero or more steps. */ - predicate flowsTo(DataFlowNode sink) { this.flowsToStep*(sink) } + deprecated predicate flowsTo(DataFlowNode sink) { this.flowsToStep*(sink) } /** Gets the method that contains this dataflow node. */ Method getMethod() { none() } @@ -38,12 +40,12 @@ class DataFlowNode extends @cil_dataflow_node { Location getLocation() { none() } } -private newtype TTaintType = +deprecated private newtype TTaintType = TExactValue() or TTaintedValue() /** Describes how data is tainted. */ -class TaintType extends TTaintType { +deprecated class TaintType extends TTaintType { string toString() { this = TExactValue() and result = "exact" or @@ -52,12 +54,12 @@ class TaintType extends TTaintType { } /** A taint type where the data is untainted. */ -class Untainted extends TaintType, TExactValue { } +deprecated class Untainted extends TaintType, TExactValue { } /** A taint type where the data is tainted. */ -class Tainted extends TaintType, TTaintedValue { } +deprecated class Tainted extends TaintType, TTaintedValue { } -private predicate localFlowPhiInput(DataFlowNode input, Ssa::PhiNode phi) { +deprecated private predicate localFlowPhiInput(DataFlowNode input, Ssa::PhiNode phi) { exists(Ssa::Definition def, BasicBlock bb, int i | phi.hasLastInputRef(def, bb, i) | def.definesAt(_, bb, i) and input = def.getVariableUpdate().getSource() @@ -76,7 +78,7 @@ private predicate localFlowPhiInput(DataFlowNode input, Ssa::PhiNode phi) { ) } -private predicate localExactStep(DataFlowNode src, DataFlowNode sink) { +deprecated private predicate localExactStep(DataFlowNode src, DataFlowNode sink) { src = sink.(Opcodes::Dup).getAnOperand() or exists(Ssa::Definition def, VariableUpdate vu | @@ -103,7 +105,7 @@ private predicate localExactStep(DataFlowNode src, DataFlowNode sink) { src = sink.(ConditionalBranch).getAnOperand() } -private predicate localTaintStep(DataFlowNode src, DataFlowNode sink) { +deprecated private predicate localTaintStep(DataFlowNode src, DataFlowNode sink) { src = sink.(BinaryArithmeticExpr).getAnOperand() or src = sink.(Opcodes::Neg).getOperand() or src = sink.(UnaryBitwiseOperation).getOperand() diff --git a/csharp/ql/lib/semmle/code/cil/Method.qll b/csharp/ql/lib/semmle/code/cil/Method.qll index f4f65bbaca1..da1c46b5dfd 100644 --- a/csharp/ql/lib/semmle/code/cil/Method.qll +++ b/csharp/ql/lib/semmle/code/cil/Method.qll @@ -270,7 +270,7 @@ class Setter extends Accessor { */ class TrivialSetter extends Method { TrivialSetter() { - exists(MethodImplementation impl | impl = this.getImplementation() | + exists(MethodImplementation impl | impl = this.getAnImplementation() | impl.getInstruction(0) instanceof ThisAccess and impl.getInstruction(1).(ParameterReadAccess).getTarget().getIndex() = 1 and impl.getInstruction(2) instanceof FieldWriteAccess diff --git a/csharp/ql/lib/semmle/code/cil/Ssa.qll b/csharp/ql/lib/semmle/code/cil/Ssa.qll index 50338d3284d..ec419c1773a 100644 --- a/csharp/ql/lib/semmle/code/cil/Ssa.qll +++ b/csharp/ql/lib/semmle/code/cil/Ssa.qll @@ -24,10 +24,10 @@ module Ssa { } /** Gets a first read of this SSA definition. */ - final ReadAccess getAFirstRead() { result = SsaImpl::getAFirstRead(this) } + deprecated final ReadAccess getAFirstRead() { result = SsaImpl::getAFirstRead(this) } /** Holds if `first` and `second` are adjacent reads of this SSA definition. */ - final predicate hasAdjacentReads(ReadAccess first, ReadAccess second) { + deprecated final predicate hasAdjacentReads(ReadAccess first, ReadAccess second) { SsaImpl::hasAdjacentReads(this, first, second) } @@ -58,8 +58,9 @@ module Ssa { * index `i` in basic block `bb` can reach this phi node without going through * other references. */ - final predicate hasLastInputRef(Definition def, BasicBlock bb, int i) { - SsaImpl::hasLastInputRef(this, def, bb, i) + deprecated final predicate hasLastInputRef(Definition def, BasicBlock bb, int i) { + SsaImpl::lastRefRedef(def, bb, i, this) and + def = SsaImpl::getAPhiInput(this) } } } diff --git a/csharp/ql/lib/semmle/code/cil/Stubs.qll b/csharp/ql/lib/semmle/code/cil/Stubs.qll index 692b7750f1f..afe95d3ae77 100644 --- a/csharp/ql/lib/semmle/code/cil/Stubs.qll +++ b/csharp/ql/lib/semmle/code/cil/Stubs.qll @@ -29,14 +29,17 @@ private module Cached { cached predicate bestImplementation(MethodImplementation mi) { - not assemblyIsStubImpl(mi.getLocation()) and - not exists(MethodImplementation better | mi.getMethod() = better.getMethod() | - mi.getNumberOfInstructions() < better.getNumberOfInstructions() - or - mi.getNumberOfInstructions() = better.getNumberOfInstructions() and - mi.getLocation().getFile().toString() > better.getLocation().getFile().toString() - ) and - exists(mi.getAnInstruction()) + exists(Assembly asm | + asm = mi.getLocation() and + (assemblyIsStubImpl(asm) implies asm.getFile().extractedQlTest()) and + not exists(MethodImplementation better | mi.getMethod() = better.getMethod() | + mi.getNumberOfInstructions() < better.getNumberOfInstructions() + or + mi.getNumberOfInstructions() = better.getNumberOfInstructions() and + asm.getFile().toString() > better.getLocation().getFile().toString() + ) and + exists(mi.getAnInstruction()) + ) } } diff --git a/csharp/ql/lib/semmle/code/cil/internal/SsaImpl.qll b/csharp/ql/lib/semmle/code/cil/internal/SsaImpl.qll index 9ca724cb08d..683ee6268aa 100644 --- a/csharp/ql/lib/semmle/code/cil/internal/SsaImpl.qll +++ b/csharp/ql/lib/semmle/code/cil/internal/SsaImpl.qll @@ -68,9 +68,8 @@ private module Cached { Definition getAPhiInput(PhiNode phi) { phiHasInputFromBlock(phi, result, _) } cached - predicate hasLastInputRef(Definition phi, Definition def, BasicBlock bb, int i) { - lastRefRedef(def, bb, i, phi) and - def = getAPhiInput(phi) + predicate lastRefBeforeRedef(Definition def, BasicBlock bb, int i, Definition next) { + lastRefRedef(def, bb, i, next) } } diff --git a/csharp/ql/lib/semmle/code/csharp/AnnotatedType.qll b/csharp/ql/lib/semmle/code/csharp/AnnotatedType.qll index 8afdbd0d4a3..57221e47aa9 100644 --- a/csharp/ql/lib/semmle/code/csharp/AnnotatedType.qll +++ b/csharp/ql/lib/semmle/code/csharp/AnnotatedType.qll @@ -191,7 +191,7 @@ private module Annotations { NoNullability() { not nullability_parent(_, _, nullability) } } - /** A type with annotated nullablity, `?`. */ + /** A type with annotated nullability, `?`. */ class AnnotatedNullability extends Nullability { AnnotatedNullability() { nullability instanceof @annotated } diff --git a/csharp/ql/lib/semmle/code/csharp/Assignable.qll b/csharp/ql/lib/semmle/code/csharp/Assignable.qll index ede365ccf75..975f69edaa9 100644 --- a/csharp/ql/lib/semmle/code/csharp/Assignable.qll +++ b/csharp/ql/lib/semmle/code/csharp/Assignable.qll @@ -111,6 +111,7 @@ class AssignableRead extends AssignableAccess { * - The reads of `i` on lines 7 and 8 are next to the read on line 6. * - The read of `this.Field` on line 11 is next to the read on line 10. */ + pragma[nomagic] AssignableRead getANextRead() { forex(ControlFlow::Node cfn | cfn = result.getAControlFlowNode() | cfn = this.getAnAdjacentReadSameVar() @@ -124,7 +125,7 @@ class AssignableRead extends AssignableAccess { * * This is the transitive closure of `getANextRead()`. */ - AssignableRead getAReachableRead() { result = this.getANextRead+() } + deprecated AssignableRead getAReachableRead() { result = this.getANextRead+() } } /** @@ -479,6 +480,7 @@ class AssignableDefinition extends TAssignableDefinition { * Subsequent reads can be found by following the steps defined by * `AssignableRead.getANextRead()`. */ + pragma[nomagic] AssignableRead getAFirstRead() { forex(ControlFlow::Node cfn | cfn = result.getAControlFlowNode() | exists(Ssa::ExplicitDefinition def | result = def.getAFirstReadAtNode(cfn) | @@ -494,7 +496,7 @@ class AssignableDefinition extends TAssignableDefinition { * * This is the equivalent with `getAFirstRead().getANextRead*()`. */ - AssignableRead getAReachableRead() { result = this.getAFirstRead().getANextRead*() } + deprecated AssignableRead getAReachableRead() { result = this.getAFirstRead().getANextRead*() } /** Gets a textual representation of this assignable definition. */ string toString() { none() } diff --git a/csharp/ql/lib/semmle/code/csharp/Conversion.qll b/csharp/ql/lib/semmle/code/csharp/Conversion.qll index d62055b6a17..81282769acf 100644 --- a/csharp/ql/lib/semmle/code/csharp/Conversion.qll +++ b/csharp/ql/lib/semmle/code/csharp/Conversion.qll @@ -517,7 +517,7 @@ predicate convNullableType(ValueOrRefType fromType, NullableType toType) { /** * Holds if `fromType` is `NullType`, and `toType` is a type that can represent * the `null` value, such as a reference type, `Nullable` or a type parameter - * with contraints that restrict it to a reference type. + * with constraints that restrict it to a reference type. */ // This is a deliberate, small Cartesian product, so we have manually lifted it to force the // evaluator to evaluate it in its entirety, rather than trying to optimize it in context. diff --git a/csharp/ql/lib/semmle/code/csharp/Location.qll b/csharp/ql/lib/semmle/code/csharp/Location.qll index 22d87f42424..8b4fabb44e7 100644 --- a/csharp/ql/lib/semmle/code/csharp/Location.qll +++ b/csharp/ql/lib/semmle/code/csharp/Location.qll @@ -125,7 +125,7 @@ class Version extends string { /** * Gets the minor version, for example `3` in `1.2.3.4`. - * If the minor version is unspecifed, then the result is `0`. + * If the minor version is unspecified, then the result is `0`. */ bindingset[this] int getMinor() { result = this.getField(3) } diff --git a/csharp/ql/lib/semmle/code/csharp/Property.qll b/csharp/ql/lib/semmle/code/csharp/Property.qll index 1bd65425845..94aecf65637 100644 --- a/csharp/ql/lib/semmle/code/csharp/Property.qll +++ b/csharp/ql/lib/semmle/code/csharp/Property.qll @@ -136,7 +136,7 @@ class Property extends DotNet::Property, DeclarationWithGetSetAccessors, @proper * } * ``` * - * Note that this information is only avaiable for properties in source + * Note that this information is only available for properties in source * code. */ predicate isAutoImplemented() { diff --git a/csharp/ql/lib/semmle/code/csharp/commons/Disposal.qll b/csharp/ql/lib/semmle/code/csharp/commons/Disposal.qll index 090599a60a7..f3c1c7a3c78 100644 --- a/csharp/ql/lib/semmle/code/csharp/commons/Disposal.qll +++ b/csharp/ql/lib/semmle/code/csharp/commons/Disposal.qll @@ -11,15 +11,19 @@ private predicate isDisposeMethod(DotNet::Callable method) { method.getNumberOfParameters() = 0 } -private predicate cilVariableReadFlowsTo(CIL::Variable variable, CIL::DataFlowNode n) { - n = variable.getARead() +private predicate cilVariableReadFlowsToNode(CIL::Variable variable, DataFlow::Node n) { + n.asExpr() = variable.getARead() or - exists(CIL::DataFlowNode mid | - cilVariableReadFlowsTo(variable, mid) and - mid.getALocalFlowSucc(n, any(CIL::Untainted u)) + exists(DataFlow::Node mid | + cilVariableReadFlowsToNode(variable, mid) and + DataFlow::localFlowStep(mid, n) ) } +private predicate cilVariableReadFlowsTo(CIL::Variable variable, CIL::DataFlowNode n) { + cilVariableReadFlowsToNode(variable, DataFlow::exprNode(n)) +} + private predicate disposedCilVariable(CIL::Variable variable) { // `variable` is the `this` parameter on a dispose method. isDisposeMethod(variable.(CIL::ThisParameter).getMethod()) diff --git a/csharp/ql/lib/semmle/code/csharp/commons/GeneratedCode.qll b/csharp/ql/lib/semmle/code/csharp/commons/GeneratedCode.qll index 38d559d8ffd..7da80a79ffd 100644 --- a/csharp/ql/lib/semmle/code/csharp/commons/GeneratedCode.qll +++ b/csharp/ql/lib/semmle/code/csharp/commons/GeneratedCode.qll @@ -44,7 +44,7 @@ class GeneratedNamespaceFile extends GeneratedCodeFile { } } -/** A file contining comments suggesting it contains generated code. */ +/** A file continuing comments suggesting it contains generated code. */ class GeneratedCommentFile extends GeneratedCodeFile { GeneratedCommentFile() { this = any(GeneratedCodeComment c).getLocation().getFile() } } diff --git a/csharp/ql/lib/semmle/code/csharp/controlflow/Guards.qll b/csharp/ql/lib/semmle/code/csharp/controlflow/Guards.qll index 2f104dae88c..5b210a4004d 100644 --- a/csharp/ql/lib/semmle/code/csharp/controlflow/Guards.qll +++ b/csharp/ql/lib/semmle/code/csharp/controlflow/Guards.qll @@ -1470,7 +1470,7 @@ module Internal { ) } - private predicate firstReadSameVarUniquePredecesssor( + private predicate firstReadSameVarUniquePredecessor( PreSsa::Definition def, AssignableRead read ) { read = def.getAFirstRead() and @@ -1603,7 +1603,7 @@ module Internal { g1 = def.getARead() and isGuard(g1, v1) and v2 = v1 and - if v1.isReferentialProperty() then firstReadSameVarUniquePredecesssor(def, g1) else any() + if v1.isReferentialProperty() then firstReadSameVarUniquePredecessor(def, g1) else any() ) or exists(PreSsa::Definition def, AbstractValue v | @@ -1684,7 +1684,7 @@ module Internal { mid = e.(Cast).getExpr() ) or - exists(PreSsa::Definition def | emptyDef(def) | firstReadSameVarUniquePredecesssor(def, e)) + exists(PreSsa::Definition def | emptyDef(def) | firstReadSameVarUniquePredecessor(def, e)) or exists(MethodCall mc | mc.getTarget().getAnUltimateImplementee().getUnboundDeclaration() = @@ -1708,7 +1708,7 @@ module Internal { ) or exists(PreSsa::Definition def | nonEmptyDef(def) | - firstReadSameVarUniquePredecesssor(def, e) + firstReadSameVarUniquePredecessor(def, e) ) or exists(MethodCall mc | diff --git a/csharp/ql/lib/semmle/code/csharp/controlflow/internal/ControlFlowGraphImplShared.qll b/csharp/ql/lib/semmle/code/csharp/controlflow/internal/ControlFlowGraphImplShared.qll index 7d0dd10c084..dbd90ba0ae1 100644 --- a/csharp/ql/lib/semmle/code/csharp/controlflow/internal/ControlFlowGraphImplShared.qll +++ b/csharp/ql/lib/semmle/code/csharp/controlflow/internal/ControlFlowGraphImplShared.qll @@ -885,7 +885,7 @@ module TestOutput { /** * Gets a string used to resolve ties in node and edge ordering. */ - string getOrderDisambuigation() { result = "" } + string getOrderDisambiguation() { result = "" } } query predicate nodes(RelevantNode n, string attr, string val) { @@ -900,7 +900,7 @@ module TestOutput { order by l.getFile().getBaseName(), l.getFile().getAbsolutePath(), l.getStartLine(), l.getStartColumn(), l.getEndLine(), l.getEndColumn(), p.toString(), - p.getOrderDisambuigation() + p.getOrderDisambiguation() ) ).toString() } @@ -923,7 +923,7 @@ module TestOutput { order by l.getFile().getBaseName(), l.getFile().getAbsolutePath(), l.getStartLine(), l.getStartColumn(), l.getEndLine(), l.getEndColumn(), t.toString(), s.toString(), - s.getOrderDisambuigation() + s.getOrderDisambiguation() ) ).toString() } diff --git a/csharp/ql/lib/semmle/code/csharp/controlflow/internal/PreBasicBlocks.qll b/csharp/ql/lib/semmle/code/csharp/controlflow/internal/PreBasicBlocks.qll index de44808b18e..095c4e69498 100644 --- a/csharp/ql/lib/semmle/code/csharp/controlflow/internal/PreBasicBlocks.qll +++ b/csharp/ql/lib/semmle/code/csharp/controlflow/internal/PreBasicBlocks.qll @@ -3,7 +3,7 @@ * * Provides a basic block implementation on control flow elements. That is, * a "pre-CFG" where the nodes are (unsplit) control flow elements and the - * successor releation is `succ = succ(pred, _)`. + * successor relation is `succ = succ(pred, _)`. * * The logic is duplicated from the implementation in `BasicBlocks.qll`, and * being an internal class, all predicate documentation has been removed. diff --git a/csharp/ql/lib/semmle/code/csharp/controlflow/internal/Splitting.qll b/csharp/ql/lib/semmle/code/csharp/controlflow/internal/Splitting.qll index 02fb893cb7f..f7c84dbac5f 100644 --- a/csharp/ql/lib/semmle/code/csharp/controlflow/internal/Splitting.qll +++ b/csharp/ql/lib/semmle/code/csharp/controlflow/internal/Splitting.qll @@ -911,7 +911,7 @@ module BooleanSplitting { * ``` * * the branch taken in the condition on line 2 can be recorded, and the - * recorded value will detmine the branch taken in the condition on line 4. + * recorded value will determine the branch taken in the condition on line 4. */ abstract predicate correlatesConditions(ConditionBlock cb1, ConditionBlock cb2, boolean inverted); diff --git a/csharp/ql/lib/semmle/code/csharp/controlflow/internal/SuccessorType.qll b/csharp/ql/lib/semmle/code/csharp/controlflow/internal/SuccessorType.qll index 154ab9423b9..d6ea2161bbb 100644 --- a/csharp/ql/lib/semmle/code/csharp/controlflow/internal/SuccessorType.qll +++ b/csharp/ql/lib/semmle/code/csharp/controlflow/internal/SuccessorType.qll @@ -126,7 +126,7 @@ module SuccessorTypes { * } * ``` * - * has a control flow graph containing macthing successors: + * has a control flow graph containing matching successors: * * ``` * switch @@ -230,7 +230,7 @@ module SuccessorTypes { * } * ``` * - * The node `return x;` is a `break` succedssor of the node `break;`. + * The node `return x;` is a `break` successor of the node `break;`. */ class BreakSuccessor extends SuccessorType, TBreakSuccessor { override string toString() { result = "break" } diff --git a/csharp/ql/lib/semmle/code/csharp/dataflow/FlowSummary.qll b/csharp/ql/lib/semmle/code/csharp/dataflow/FlowSummary.qll index 08a9a8a5421..8695563f160 100644 --- a/csharp/ql/lib/semmle/code/csharp/dataflow/FlowSummary.qll +++ b/csharp/ql/lib/semmle/code/csharp/dataflow/FlowSummary.qll @@ -97,7 +97,7 @@ module SummaryComponentStack { result = push(SummaryComponent::element(), container) } - /** Gets a stack representing a propery `p` of `object`. */ + /** Gets a stack representing a property `p` of `object`. */ SummaryComponentStack propertyOf(Property p, SummaryComponentStack object) { result = push(SummaryComponent::property(p), object) } diff --git a/csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowImpl.qll b/csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowImpl.qll index 9053019a6d0..b5631b26b0b 100644 --- a/csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowImpl.qll +++ b/csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowImpl.qll @@ -838,13 +838,13 @@ private module Stage1 implements StageSig { * by `revFlow`. */ pragma[nomagic] - predicate revFlowIsReadAndStored(Content c, Configuration conf) { + additional predicate revFlowIsReadAndStored(Content c, Configuration conf) { revFlowConsCand(c, conf) and revFlowStore(c, _, _, conf) } pragma[nomagic] - predicate viableReturnPosOutNodeCandFwd1( + additional predicate viableReturnPosOutNodeCandFwd1( DataFlowCall call, ReturnPosition pos, NodeEx out, Configuration config ) { fwdFlowReturnPosition(pos, _, config) and @@ -860,7 +860,7 @@ private module Stage1 implements StageSig { } pragma[nomagic] - predicate viableParamArgNodeCandFwd1( + additional predicate viableParamArgNodeCandFwd1( DataFlowCall call, ParamNodeEx p, ArgNodeEx arg, Configuration config ) { viableParamArgEx(call, p, arg) and @@ -907,7 +907,7 @@ private module Stage1 implements StageSig { ) } - predicate revFlowState(FlowState state, Configuration config) { + additional predicate revFlowState(FlowState state, Configuration config) { exists(NodeEx node | sinkNode(node, state, config) and revFlow(node, _, pragma[only_bind_into](config)) and @@ -999,7 +999,7 @@ private module Stage1 implements StageSig { ) } - predicate stats( + additional predicate stats( boolean fwd, int nodes, int fields, int conscand, int states, int tuples, Configuration config ) { fwd = true and @@ -1260,7 +1260,7 @@ private module MkStage { * argument. */ pragma[nomagic] - predicate fwdFlow( + additional predicate fwdFlow( NodeEx node, FlowState state, Cc cc, ApOption argAp, Ap ap, Configuration config ) { fwdFlow0(node, state, cc, argAp, ap, config) and @@ -1484,7 +1484,7 @@ private module MkStage { * the access path of the returned value. */ pragma[nomagic] - predicate revFlow( + additional predicate revFlow( NodeEx node, FlowState state, boolean toReturn, ApOption returnAp, Ap ap, Configuration config ) { revFlow0(node, state, toReturn, returnAp, ap, config) and @@ -1662,7 +1662,7 @@ private module MkStage { ) } - predicate revFlow(NodeEx node, FlowState state, Configuration config) { + additional predicate revFlow(NodeEx node, FlowState state, Configuration config) { revFlow(node, state, _, _, _, config) } @@ -1675,11 +1675,13 @@ private module MkStage { // use an alias as a workaround for bad functionality-induced joins pragma[nomagic] - predicate revFlowAlias(NodeEx node, Configuration config) { revFlow(node, _, _, _, _, config) } + additional predicate revFlowAlias(NodeEx node, Configuration config) { + revFlow(node, _, _, _, _, config) + } // use an alias as a workaround for bad functionality-induced joins pragma[nomagic] - predicate revFlowAlias(NodeEx node, FlowState state, Ap ap, Configuration config) { + additional predicate revFlowAlias(NodeEx node, FlowState state, Ap ap, Configuration config) { revFlow(node, state, ap, config) } @@ -1700,7 +1702,7 @@ private module MkStage { ) } - predicate consCand(TypedContent tc, Ap ap, Configuration config) { + additional predicate consCand(TypedContent tc, Ap ap, Configuration config) { revConsCand(tc, ap, config) and validAp(ap, config) } @@ -1742,7 +1744,7 @@ private module MkStage { ) } - predicate stats( + additional predicate stats( boolean fwd, int nodes, int fields, int conscand, int states, int tuples, Configuration config ) { fwd = true and diff --git a/csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowImpl2.qll b/csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowImpl2.qll index 9053019a6d0..b5631b26b0b 100644 --- a/csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowImpl2.qll +++ b/csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowImpl2.qll @@ -838,13 +838,13 @@ private module Stage1 implements StageSig { * by `revFlow`. */ pragma[nomagic] - predicate revFlowIsReadAndStored(Content c, Configuration conf) { + additional predicate revFlowIsReadAndStored(Content c, Configuration conf) { revFlowConsCand(c, conf) and revFlowStore(c, _, _, conf) } pragma[nomagic] - predicate viableReturnPosOutNodeCandFwd1( + additional predicate viableReturnPosOutNodeCandFwd1( DataFlowCall call, ReturnPosition pos, NodeEx out, Configuration config ) { fwdFlowReturnPosition(pos, _, config) and @@ -860,7 +860,7 @@ private module Stage1 implements StageSig { } pragma[nomagic] - predicate viableParamArgNodeCandFwd1( + additional predicate viableParamArgNodeCandFwd1( DataFlowCall call, ParamNodeEx p, ArgNodeEx arg, Configuration config ) { viableParamArgEx(call, p, arg) and @@ -907,7 +907,7 @@ private module Stage1 implements StageSig { ) } - predicate revFlowState(FlowState state, Configuration config) { + additional predicate revFlowState(FlowState state, Configuration config) { exists(NodeEx node | sinkNode(node, state, config) and revFlow(node, _, pragma[only_bind_into](config)) and @@ -999,7 +999,7 @@ private module Stage1 implements StageSig { ) } - predicate stats( + additional predicate stats( boolean fwd, int nodes, int fields, int conscand, int states, int tuples, Configuration config ) { fwd = true and @@ -1260,7 +1260,7 @@ private module MkStage { * argument. */ pragma[nomagic] - predicate fwdFlow( + additional predicate fwdFlow( NodeEx node, FlowState state, Cc cc, ApOption argAp, Ap ap, Configuration config ) { fwdFlow0(node, state, cc, argAp, ap, config) and @@ -1484,7 +1484,7 @@ private module MkStage { * the access path of the returned value. */ pragma[nomagic] - predicate revFlow( + additional predicate revFlow( NodeEx node, FlowState state, boolean toReturn, ApOption returnAp, Ap ap, Configuration config ) { revFlow0(node, state, toReturn, returnAp, ap, config) and @@ -1662,7 +1662,7 @@ private module MkStage { ) } - predicate revFlow(NodeEx node, FlowState state, Configuration config) { + additional predicate revFlow(NodeEx node, FlowState state, Configuration config) { revFlow(node, state, _, _, _, config) } @@ -1675,11 +1675,13 @@ private module MkStage { // use an alias as a workaround for bad functionality-induced joins pragma[nomagic] - predicate revFlowAlias(NodeEx node, Configuration config) { revFlow(node, _, _, _, _, config) } + additional predicate revFlowAlias(NodeEx node, Configuration config) { + revFlow(node, _, _, _, _, config) + } // use an alias as a workaround for bad functionality-induced joins pragma[nomagic] - predicate revFlowAlias(NodeEx node, FlowState state, Ap ap, Configuration config) { + additional predicate revFlowAlias(NodeEx node, FlowState state, Ap ap, Configuration config) { revFlow(node, state, ap, config) } @@ -1700,7 +1702,7 @@ private module MkStage { ) } - predicate consCand(TypedContent tc, Ap ap, Configuration config) { + additional predicate consCand(TypedContent tc, Ap ap, Configuration config) { revConsCand(tc, ap, config) and validAp(ap, config) } @@ -1742,7 +1744,7 @@ private module MkStage { ) } - predicate stats( + additional predicate stats( boolean fwd, int nodes, int fields, int conscand, int states, int tuples, Configuration config ) { fwd = true and diff --git a/csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowImpl3.qll b/csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowImpl3.qll index 9053019a6d0..b5631b26b0b 100644 --- a/csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowImpl3.qll +++ b/csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowImpl3.qll @@ -838,13 +838,13 @@ private module Stage1 implements StageSig { * by `revFlow`. */ pragma[nomagic] - predicate revFlowIsReadAndStored(Content c, Configuration conf) { + additional predicate revFlowIsReadAndStored(Content c, Configuration conf) { revFlowConsCand(c, conf) and revFlowStore(c, _, _, conf) } pragma[nomagic] - predicate viableReturnPosOutNodeCandFwd1( + additional predicate viableReturnPosOutNodeCandFwd1( DataFlowCall call, ReturnPosition pos, NodeEx out, Configuration config ) { fwdFlowReturnPosition(pos, _, config) and @@ -860,7 +860,7 @@ private module Stage1 implements StageSig { } pragma[nomagic] - predicate viableParamArgNodeCandFwd1( + additional predicate viableParamArgNodeCandFwd1( DataFlowCall call, ParamNodeEx p, ArgNodeEx arg, Configuration config ) { viableParamArgEx(call, p, arg) and @@ -907,7 +907,7 @@ private module Stage1 implements StageSig { ) } - predicate revFlowState(FlowState state, Configuration config) { + additional predicate revFlowState(FlowState state, Configuration config) { exists(NodeEx node | sinkNode(node, state, config) and revFlow(node, _, pragma[only_bind_into](config)) and @@ -999,7 +999,7 @@ private module Stage1 implements StageSig { ) } - predicate stats( + additional predicate stats( boolean fwd, int nodes, int fields, int conscand, int states, int tuples, Configuration config ) { fwd = true and @@ -1260,7 +1260,7 @@ private module MkStage { * argument. */ pragma[nomagic] - predicate fwdFlow( + additional predicate fwdFlow( NodeEx node, FlowState state, Cc cc, ApOption argAp, Ap ap, Configuration config ) { fwdFlow0(node, state, cc, argAp, ap, config) and @@ -1484,7 +1484,7 @@ private module MkStage { * the access path of the returned value. */ pragma[nomagic] - predicate revFlow( + additional predicate revFlow( NodeEx node, FlowState state, boolean toReturn, ApOption returnAp, Ap ap, Configuration config ) { revFlow0(node, state, toReturn, returnAp, ap, config) and @@ -1662,7 +1662,7 @@ private module MkStage { ) } - predicate revFlow(NodeEx node, FlowState state, Configuration config) { + additional predicate revFlow(NodeEx node, FlowState state, Configuration config) { revFlow(node, state, _, _, _, config) } @@ -1675,11 +1675,13 @@ private module MkStage { // use an alias as a workaround for bad functionality-induced joins pragma[nomagic] - predicate revFlowAlias(NodeEx node, Configuration config) { revFlow(node, _, _, _, _, config) } + additional predicate revFlowAlias(NodeEx node, Configuration config) { + revFlow(node, _, _, _, _, config) + } // use an alias as a workaround for bad functionality-induced joins pragma[nomagic] - predicate revFlowAlias(NodeEx node, FlowState state, Ap ap, Configuration config) { + additional predicate revFlowAlias(NodeEx node, FlowState state, Ap ap, Configuration config) { revFlow(node, state, ap, config) } @@ -1700,7 +1702,7 @@ private module MkStage { ) } - predicate consCand(TypedContent tc, Ap ap, Configuration config) { + additional predicate consCand(TypedContent tc, Ap ap, Configuration config) { revConsCand(tc, ap, config) and validAp(ap, config) } @@ -1742,7 +1744,7 @@ private module MkStage { ) } - predicate stats( + additional predicate stats( boolean fwd, int nodes, int fields, int conscand, int states, int tuples, Configuration config ) { fwd = true and diff --git a/csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowImpl4.qll b/csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowImpl4.qll index 9053019a6d0..b5631b26b0b 100644 --- a/csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowImpl4.qll +++ b/csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowImpl4.qll @@ -838,13 +838,13 @@ private module Stage1 implements StageSig { * by `revFlow`. */ pragma[nomagic] - predicate revFlowIsReadAndStored(Content c, Configuration conf) { + additional predicate revFlowIsReadAndStored(Content c, Configuration conf) { revFlowConsCand(c, conf) and revFlowStore(c, _, _, conf) } pragma[nomagic] - predicate viableReturnPosOutNodeCandFwd1( + additional predicate viableReturnPosOutNodeCandFwd1( DataFlowCall call, ReturnPosition pos, NodeEx out, Configuration config ) { fwdFlowReturnPosition(pos, _, config) and @@ -860,7 +860,7 @@ private module Stage1 implements StageSig { } pragma[nomagic] - predicate viableParamArgNodeCandFwd1( + additional predicate viableParamArgNodeCandFwd1( DataFlowCall call, ParamNodeEx p, ArgNodeEx arg, Configuration config ) { viableParamArgEx(call, p, arg) and @@ -907,7 +907,7 @@ private module Stage1 implements StageSig { ) } - predicate revFlowState(FlowState state, Configuration config) { + additional predicate revFlowState(FlowState state, Configuration config) { exists(NodeEx node | sinkNode(node, state, config) and revFlow(node, _, pragma[only_bind_into](config)) and @@ -999,7 +999,7 @@ private module Stage1 implements StageSig { ) } - predicate stats( + additional predicate stats( boolean fwd, int nodes, int fields, int conscand, int states, int tuples, Configuration config ) { fwd = true and @@ -1260,7 +1260,7 @@ private module MkStage { * argument. */ pragma[nomagic] - predicate fwdFlow( + additional predicate fwdFlow( NodeEx node, FlowState state, Cc cc, ApOption argAp, Ap ap, Configuration config ) { fwdFlow0(node, state, cc, argAp, ap, config) and @@ -1484,7 +1484,7 @@ private module MkStage { * the access path of the returned value. */ pragma[nomagic] - predicate revFlow( + additional predicate revFlow( NodeEx node, FlowState state, boolean toReturn, ApOption returnAp, Ap ap, Configuration config ) { revFlow0(node, state, toReturn, returnAp, ap, config) and @@ -1662,7 +1662,7 @@ private module MkStage { ) } - predicate revFlow(NodeEx node, FlowState state, Configuration config) { + additional predicate revFlow(NodeEx node, FlowState state, Configuration config) { revFlow(node, state, _, _, _, config) } @@ -1675,11 +1675,13 @@ private module MkStage { // use an alias as a workaround for bad functionality-induced joins pragma[nomagic] - predicate revFlowAlias(NodeEx node, Configuration config) { revFlow(node, _, _, _, _, config) } + additional predicate revFlowAlias(NodeEx node, Configuration config) { + revFlow(node, _, _, _, _, config) + } // use an alias as a workaround for bad functionality-induced joins pragma[nomagic] - predicate revFlowAlias(NodeEx node, FlowState state, Ap ap, Configuration config) { + additional predicate revFlowAlias(NodeEx node, FlowState state, Ap ap, Configuration config) { revFlow(node, state, ap, config) } @@ -1700,7 +1702,7 @@ private module MkStage { ) } - predicate consCand(TypedContent tc, Ap ap, Configuration config) { + additional predicate consCand(TypedContent tc, Ap ap, Configuration config) { revConsCand(tc, ap, config) and validAp(ap, config) } @@ -1742,7 +1744,7 @@ private module MkStage { ) } - predicate stats( + additional predicate stats( boolean fwd, int nodes, int fields, int conscand, int states, int tuples, Configuration config ) { fwd = true and diff --git a/csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowImpl5.qll b/csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowImpl5.qll index 9053019a6d0..b5631b26b0b 100644 --- a/csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowImpl5.qll +++ b/csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowImpl5.qll @@ -838,13 +838,13 @@ private module Stage1 implements StageSig { * by `revFlow`. */ pragma[nomagic] - predicate revFlowIsReadAndStored(Content c, Configuration conf) { + additional predicate revFlowIsReadAndStored(Content c, Configuration conf) { revFlowConsCand(c, conf) and revFlowStore(c, _, _, conf) } pragma[nomagic] - predicate viableReturnPosOutNodeCandFwd1( + additional predicate viableReturnPosOutNodeCandFwd1( DataFlowCall call, ReturnPosition pos, NodeEx out, Configuration config ) { fwdFlowReturnPosition(pos, _, config) and @@ -860,7 +860,7 @@ private module Stage1 implements StageSig { } pragma[nomagic] - predicate viableParamArgNodeCandFwd1( + additional predicate viableParamArgNodeCandFwd1( DataFlowCall call, ParamNodeEx p, ArgNodeEx arg, Configuration config ) { viableParamArgEx(call, p, arg) and @@ -907,7 +907,7 @@ private module Stage1 implements StageSig { ) } - predicate revFlowState(FlowState state, Configuration config) { + additional predicate revFlowState(FlowState state, Configuration config) { exists(NodeEx node | sinkNode(node, state, config) and revFlow(node, _, pragma[only_bind_into](config)) and @@ -999,7 +999,7 @@ private module Stage1 implements StageSig { ) } - predicate stats( + additional predicate stats( boolean fwd, int nodes, int fields, int conscand, int states, int tuples, Configuration config ) { fwd = true and @@ -1260,7 +1260,7 @@ private module MkStage { * argument. */ pragma[nomagic] - predicate fwdFlow( + additional predicate fwdFlow( NodeEx node, FlowState state, Cc cc, ApOption argAp, Ap ap, Configuration config ) { fwdFlow0(node, state, cc, argAp, ap, config) and @@ -1484,7 +1484,7 @@ private module MkStage { * the access path of the returned value. */ pragma[nomagic] - predicate revFlow( + additional predicate revFlow( NodeEx node, FlowState state, boolean toReturn, ApOption returnAp, Ap ap, Configuration config ) { revFlow0(node, state, toReturn, returnAp, ap, config) and @@ -1662,7 +1662,7 @@ private module MkStage { ) } - predicate revFlow(NodeEx node, FlowState state, Configuration config) { + additional predicate revFlow(NodeEx node, FlowState state, Configuration config) { revFlow(node, state, _, _, _, config) } @@ -1675,11 +1675,13 @@ private module MkStage { // use an alias as a workaround for bad functionality-induced joins pragma[nomagic] - predicate revFlowAlias(NodeEx node, Configuration config) { revFlow(node, _, _, _, _, config) } + additional predicate revFlowAlias(NodeEx node, Configuration config) { + revFlow(node, _, _, _, _, config) + } // use an alias as a workaround for bad functionality-induced joins pragma[nomagic] - predicate revFlowAlias(NodeEx node, FlowState state, Ap ap, Configuration config) { + additional predicate revFlowAlias(NodeEx node, FlowState state, Ap ap, Configuration config) { revFlow(node, state, ap, config) } @@ -1700,7 +1702,7 @@ private module MkStage { ) } - predicate consCand(TypedContent tc, Ap ap, Configuration config) { + additional predicate consCand(TypedContent tc, Ap ap, Configuration config) { revConsCand(tc, ap, config) and validAp(ap, config) } @@ -1742,7 +1744,7 @@ private module MkStage { ) } - predicate stats( + additional predicate stats( boolean fwd, int nodes, int fields, int conscand, int states, int tuples, Configuration config ) { fwd = true and diff --git a/csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowImplForContentDataFlow.qll b/csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowImplForContentDataFlow.qll index 9053019a6d0..b5631b26b0b 100644 --- a/csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowImplForContentDataFlow.qll +++ b/csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowImplForContentDataFlow.qll @@ -838,13 +838,13 @@ private module Stage1 implements StageSig { * by `revFlow`. */ pragma[nomagic] - predicate revFlowIsReadAndStored(Content c, Configuration conf) { + additional predicate revFlowIsReadAndStored(Content c, Configuration conf) { revFlowConsCand(c, conf) and revFlowStore(c, _, _, conf) } pragma[nomagic] - predicate viableReturnPosOutNodeCandFwd1( + additional predicate viableReturnPosOutNodeCandFwd1( DataFlowCall call, ReturnPosition pos, NodeEx out, Configuration config ) { fwdFlowReturnPosition(pos, _, config) and @@ -860,7 +860,7 @@ private module Stage1 implements StageSig { } pragma[nomagic] - predicate viableParamArgNodeCandFwd1( + additional predicate viableParamArgNodeCandFwd1( DataFlowCall call, ParamNodeEx p, ArgNodeEx arg, Configuration config ) { viableParamArgEx(call, p, arg) and @@ -907,7 +907,7 @@ private module Stage1 implements StageSig { ) } - predicate revFlowState(FlowState state, Configuration config) { + additional predicate revFlowState(FlowState state, Configuration config) { exists(NodeEx node | sinkNode(node, state, config) and revFlow(node, _, pragma[only_bind_into](config)) and @@ -999,7 +999,7 @@ private module Stage1 implements StageSig { ) } - predicate stats( + additional predicate stats( boolean fwd, int nodes, int fields, int conscand, int states, int tuples, Configuration config ) { fwd = true and @@ -1260,7 +1260,7 @@ private module MkStage { * argument. */ pragma[nomagic] - predicate fwdFlow( + additional predicate fwdFlow( NodeEx node, FlowState state, Cc cc, ApOption argAp, Ap ap, Configuration config ) { fwdFlow0(node, state, cc, argAp, ap, config) and @@ -1484,7 +1484,7 @@ private module MkStage { * the access path of the returned value. */ pragma[nomagic] - predicate revFlow( + additional predicate revFlow( NodeEx node, FlowState state, boolean toReturn, ApOption returnAp, Ap ap, Configuration config ) { revFlow0(node, state, toReturn, returnAp, ap, config) and @@ -1662,7 +1662,7 @@ private module MkStage { ) } - predicate revFlow(NodeEx node, FlowState state, Configuration config) { + additional predicate revFlow(NodeEx node, FlowState state, Configuration config) { revFlow(node, state, _, _, _, config) } @@ -1675,11 +1675,13 @@ private module MkStage { // use an alias as a workaround for bad functionality-induced joins pragma[nomagic] - predicate revFlowAlias(NodeEx node, Configuration config) { revFlow(node, _, _, _, _, config) } + additional predicate revFlowAlias(NodeEx node, Configuration config) { + revFlow(node, _, _, _, _, config) + } // use an alias as a workaround for bad functionality-induced joins pragma[nomagic] - predicate revFlowAlias(NodeEx node, FlowState state, Ap ap, Configuration config) { + additional predicate revFlowAlias(NodeEx node, FlowState state, Ap ap, Configuration config) { revFlow(node, state, ap, config) } @@ -1700,7 +1702,7 @@ private module MkStage { ) } - predicate consCand(TypedContent tc, Ap ap, Configuration config) { + additional predicate consCand(TypedContent tc, Ap ap, Configuration config) { revConsCand(tc, ap, config) and validAp(ap, config) } @@ -1742,7 +1744,7 @@ private module MkStage { ) } - predicate stats( + additional predicate stats( boolean fwd, int nodes, int fields, int conscand, int states, int tuples, Configuration config ) { fwd = true and diff --git a/csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowPrivate.qll b/csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowPrivate.qll index 5d455e6b387..dbea34f039b 100644 --- a/csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowPrivate.qll +++ b/csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowPrivate.qll @@ -17,6 +17,7 @@ private import semmle.code.csharp.frameworks.EntityFramework private import semmle.code.csharp.frameworks.NHibernate private import semmle.code.csharp.frameworks.system.Collections private import semmle.code.csharp.frameworks.system.threading.Tasks +private import semmle.code.cil.Ssa::Ssa as CilSsa /** Gets the callable in which this node occurs. */ DataFlowCallable nodeGetEnclosingCallable(NodeImpl n) { result = n.getEnclosingCallableImpl() } @@ -177,6 +178,12 @@ predicate hasNodePath(ControlFlowReachabilityConfiguration conf, ExprNode n1, No ) } +/** Gets the CIL data-flow node for `node`, if any. */ +CIL::DataFlowNode asCilDataFlowNode(Node node) { + result = node.asParameter() or + result = node.asExpr() +} + /** Provides predicates related to local data flow. */ module LocalFlow { private class LocalExprStepConfiguration extends ControlFlowReachabilityConfiguration { @@ -281,15 +288,6 @@ module LocalFlow { } } - private CIL::DataFlowNode asCilDataFlowNode(Node node) { - result = node.asParameter() or - result = node.asExpr() - } - - private predicate localFlowStepCil(Node nodeFrom, Node nodeTo) { - asCilDataFlowNode(nodeFrom).getALocalFlowSucc(asCilDataFlowNode(nodeTo), any(CIL::Untainted t)) - } - /** * An uncertain SSA definition. Either an uncertain explicit definition or an * uncertain qualifier definition. @@ -341,7 +339,7 @@ module LocalFlow { /** * Holds if there is a local flow step from `nodeFrom` to `nodeTo` involving - * SSA definition `def. + * SSA definition `def`. */ predicate localSsaFlowStep(Ssa::Definition def, Node nodeFrom, Node nodeTo) { // Flow from SSA definition/parameter to first read @@ -386,6 +384,76 @@ module LocalFlow { ) } + private module CilFlow { + private import semmle.code.cil.internal.SsaImpl as CilSsaImpl + + /** + * Holds if `nodeFrom` is a last node referencing SSA definition `def`, which + * can reach `next`. + */ + private predicate localFlowCilSsaInput( + Node nodeFrom, CilSsa::Definition def, CilSsa::Definition next + ) { + exists(CIL::BasicBlock bb, int i | CilSsaImpl::lastRefBeforeRedef(def, bb, i, next) | + def.definesAt(_, bb, i) and + def = nodeFrom.(CilSsaDefinitionNode).getDefinition() + or + nodeFrom = TCilExprNode(bb.getNode(i).(CIL::ReadAccess)) + ) + } + + /** + * Holds if there is a local flow step from `nodeFrom` to `nodeTo` involving + * CIL SSA definition `def`. + */ + private predicate localCilSsaFlowStep(CilSsa::Definition def, Node nodeFrom, Node nodeTo) { + // Flow into SSA definition + exists(CIL::VariableUpdate vu | + vu = def.getVariableUpdate() and + vu.getSource() = asCilDataFlowNode(nodeFrom) and + def = nodeTo.(CilSsaDefinitionNode).getDefinition() + ) + or + // Flow from SSA definition to first read + def = nodeFrom.(CilSsaDefinitionNode).getDefinition() and + nodeTo = TCilExprNode(CilSsaImpl::getAFirstRead(def)) + or + // Flow from read to next read + exists(CIL::ReadAccess readFrom, CIL::ReadAccess readTo | + CilSsaImpl::hasAdjacentReads(def, readFrom, readTo) and + nodeTo = TCilExprNode(readTo) and + nodeFrom = TCilExprNode(readFrom) + ) + or + // Flow into phi node + exists(CilSsa::PhiNode phi | + localFlowCilSsaInput(nodeFrom, def, phi) and + phi = nodeTo.(CilSsaDefinitionNode).getDefinition() and + def = CilSsaImpl::getAPhiInput(phi) + ) + } + + private predicate localExactStep(CIL::DataFlowNode src, CIL::DataFlowNode sink) { + src = sink.(CIL::Opcodes::Dup).getAnOperand() + or + src = sink.(CIL::Conversion).getExpr() + or + src = sink.(CIL::WriteAccess).getExpr() + or + src = sink.(CIL::Method).getAnImplementation().getAnInstruction().(CIL::Return) + or + src = sink.(CIL::Return).getExpr() + or + src = sink.(CIL::ConditionalBranch).getAnOperand() + } + + predicate localFlowStepCil(Node nodeFrom, Node nodeTo) { + localExactStep(asCilDataFlowNode(nodeFrom), asCilDataFlowNode(nodeTo)) + or + localCilSsaFlowStep(_, nodeFrom, nodeTo) + } + } + predicate localFlowStepCommon(Node nodeFrom, Node nodeTo) { exists(Ssa::Definition def | localSsaFlowStep(def, nodeFrom, nodeTo) and @@ -398,7 +466,7 @@ module LocalFlow { or ThisFlow::adjacentThisRefs(nodeFrom.(PostUpdateNode).getPreUpdateNode(), nodeTo) or - localFlowStepCil(nodeFrom, nodeTo) + CilFlow::localFlowStepCil(nodeFrom, nodeTo) } /** @@ -634,7 +702,7 @@ private predicate arrayStore(Expr e, Expr src, Expr a, boolean postUpdate) { e = a and postUpdate = false or - // Member initalizer, `new C { Array = { [i] = src } }` + // Member initializer, `new C { Array = { [i] = src } }` exists(MemberInitializer mi | mi = a.(ObjectInitializer).getAMemberInitializer() and mi.getLValue() instanceof ArrayAccess and @@ -719,6 +787,7 @@ private module Cached { cfn.getElement() instanceof Expr } or TCilExprNode(CIL::Expr e) { e.getImplementation() instanceof CIL::BestImplementation } or + TCilSsaDefinitionNode(CilSsa::Definition def) or TSsaDefinitionNode(Ssa::Definition def) { // Handled by `TExplicitParameterNode` below not def.(Ssa::ExplicitDefinition).getADefinition() instanceof @@ -867,6 +936,28 @@ predicate nodeIsHidden(Node n) { n.asExpr() = any(WithExpr we).getInitializer() } +/** A CIL SSA definition, viewed as a node in a data flow graph. */ +class CilSsaDefinitionNode extends NodeImpl, TCilSsaDefinitionNode { + CilSsa::Definition def; + + CilSsaDefinitionNode() { this = TCilSsaDefinitionNode(def) } + + /** Gets the underlying SSA definition. */ + CilSsa::Definition getDefinition() { result = def } + + override DataFlowCallable getEnclosingCallableImpl() { + result.asCallable() = def.getBasicBlock().getFirstNode().getImplementation().getMethod() + } + + override CIL::Type getTypeImpl() { result = def.getSourceVariable().getType() } + + override ControlFlow::Node getControlFlowNodeImpl() { none() } + + override Location getLocationImpl() { result = def.getBasicBlock().getLocation() } + + override string toStringImpl() { result = def.toString() } +} + /** An SSA definition, viewed as a node in a data flow graph. */ class SsaDefinitionNode extends NodeImpl, TSsaDefinitionNode { Ssa::Definition def; @@ -1581,6 +1672,8 @@ predicate jumpStep(Node pred, Node succ) { jrk.getTarget() = call.getATarget(_) and succ = getAnOutNode(call, jrk.getTargetReturnKind()) ) + or + FlowSummaryImpl::Private::Steps::summaryJumpStep(pred, succ) } private class StoreStepConfiguration extends ControlFlowReachabilityConfiguration { @@ -1945,8 +2038,8 @@ private module PostUpdateNodes { ExprPostUpdateNode() { this = TExprPostUpdateNode(cfn) } override ExprNode getPreUpdateNode() { - // For compund arguments, such as `m(b ? x : y)`, we want the leaf nodes - // `[post] x` and `[post] y` to have two pre-update nodes: (1) the compund argument, + // For compound arguments, such as `m(b ? x : y)`, we want the leaf nodes + // `[post] x` and `[post] y` to have two pre-update nodes: (1) the compound argument, // `if b then x else y`; and the (2) the underlying expressions; `x` and `y`, // respectively. // diff --git a/csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowPublic.qll b/csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowPublic.qll index a70bffabfdb..f6520147e19 100644 --- a/csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowPublic.qll +++ b/csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowPublic.qll @@ -161,7 +161,7 @@ predicate localFlow(Node source, Node sink) { localFlowStep*(source, sink) } * local (intra-procedural) steps. */ pragma[inline] -predicate localExprFlow(Expr e1, Expr e2) { localFlow(exprNode(e1), exprNode(e2)) } +predicate localExprFlow(DotNet::Expr e1, DotNet::Expr e2) { localFlow(exprNode(e1), exprNode(e2)) } /** * A data flow node that jumps between callables. This can be extended in diff --git a/csharp/ql/lib/semmle/code/csharp/dataflow/internal/FlowSummaryImpl.qll b/csharp/ql/lib/semmle/code/csharp/dataflow/internal/FlowSummaryImpl.qll index a13c7cd1224..275569b4c02 100644 --- a/csharp/ql/lib/semmle/code/csharp/dataflow/internal/FlowSummaryImpl.qll +++ b/csharp/ql/lib/semmle/code/csharp/dataflow/internal/FlowSummaryImpl.qll @@ -61,6 +61,20 @@ module Public { /** Gets a summary component for a return of kind `rk`. */ SummaryComponent return(ReturnKind rk) { result = TReturnSummaryComponent(rk) } + + /** Gets a summary component for synthetic global `sg`. */ + SummaryComponent syntheticGlobal(SyntheticGlobal sg) { + result = TSyntheticGlobalSummaryComponent(sg) + } + + /** + * A synthetic global. This represents some form of global state, which + * summaries can read and write individually. + */ + abstract class SyntheticGlobal extends string { + bindingset[this] + SyntheticGlobal() { any() } + } } /** @@ -256,6 +270,7 @@ module Private { TParameterSummaryComponent(ArgumentPosition pos) or TArgumentSummaryComponent(ParameterPosition pos) or TReturnSummaryComponent(ReturnKind rk) or + TSyntheticGlobalSummaryComponent(SummaryComponent::SyntheticGlobal sg) or TWithoutContentSummaryComponent(ContentSet c) or TWithContentSummaryComponent(ContentSet c) @@ -563,6 +578,11 @@ module Private { getCallbackReturnType(getNodeType(summaryNodeInputState(pragma[only_bind_out](c), s.tail())), rk) ) + or + exists(SummaryComponent::SyntheticGlobal sg | + head = TSyntheticGlobalSummaryComponent(sg) and + result = getSyntheticGlobalType(sg) + ) ) or n = summaryNodeOutputState(c, s) and @@ -582,6 +602,11 @@ module Private { getCallbackParameterType(getNodeType(summaryNodeInputState(pragma[only_bind_out](c), s.tail())), pos) ) + or + exists(SummaryComponent::SyntheticGlobal sg | + head = TSyntheticGlobalSummaryComponent(sg) and + result = getSyntheticGlobalType(sg) + ) ) ) } @@ -692,6 +717,18 @@ module Private { ) } + /** + * Holds if there is a jump step from `pred` to `succ`, which is synthesized + * from a flow summary. + */ + predicate summaryJumpStep(Node pred, Node succ) { + exists(SummaryComponentStack s | + s = SummaryComponentStack::singleton(SummaryComponent::syntheticGlobal(_)) and + pred = summaryNodeOutputState(_, s) and + succ = summaryNodeInputState(_, s) + ) + } + /** * Holds if values stored inside content `c` are cleared at `n`. `n` is a * synthesized summary node, so in order for values to be cleared at calls @@ -871,18 +908,28 @@ module Private { AccessPathRange() { relevantSpec(this) } } - /** Holds if specification component `c` parses as parameter `n`. */ + /** Holds if specification component `token` parses as parameter `pos`. */ predicate parseParam(AccessPathToken token, ArgumentPosition pos) { token.getName() = "Parameter" and pos = parseParamBody(token.getAnArgument()) } - /** Holds if specification component `c` parses as argument `n`. */ + /** Holds if specification component `token` parses as argument `pos`. */ predicate parseArg(AccessPathToken token, ParameterPosition pos) { token.getName() = "Argument" and pos = parseArgBody(token.getAnArgument()) } + /** Holds if specification component `token` parses as synthetic global `sg`. */ + predicate parseSynthGlobal(AccessPathToken token, string sg) { + token.getName() = "SyntheticGlobal" and + sg = token.getAnArgument() + } + + private class SyntheticGlobalFromAccessPath extends SummaryComponent::SyntheticGlobal { + SyntheticGlobalFromAccessPath() { parseSynthGlobal(_, this) } + } + private SummaryComponent interpretComponent(AccessPathToken token) { exists(ParameterPosition pos | parseArg(token, pos) and result = SummaryComponent::argument(pos) @@ -894,6 +941,10 @@ module Private { or token = "ReturnValue" and result = SummaryComponent::return(getReturnValueKind()) or + exists(string sg | + parseSynthGlobal(token, sg) and result = SummaryComponent::syntheticGlobal(sg) + ) + or result = interpretComponentSpecific(token) } diff --git a/csharp/ql/lib/semmle/code/csharp/dataflow/internal/FlowSummaryImplSpecific.qll b/csharp/ql/lib/semmle/code/csharp/dataflow/internal/FlowSummaryImplSpecific.qll index 864fda40cf7..93cd70f63c2 100644 --- a/csharp/ql/lib/semmle/code/csharp/dataflow/internal/FlowSummaryImplSpecific.qll +++ b/csharp/ql/lib/semmle/code/csharp/dataflow/internal/FlowSummaryImplSpecific.qll @@ -91,6 +91,12 @@ DataFlowType getCallbackReturnType(DataFlowType t, ReturnKind rk) { ) } +/** Gets the type of synthetic global `sg`. */ +DataFlowType getSyntheticGlobalType(SummaryComponent::SyntheticGlobal sg) { + exists(sg) and + result = Gvn::getGlobalValueNumber(any(ObjectType t)) +} + bindingset[provenance] private boolean isGenerated(string provenance) { provenance = "generated" and result = true diff --git a/csharp/ql/lib/semmle/code/csharp/dataflow/internal/SsaImpl.qll b/csharp/ql/lib/semmle/code/csharp/dataflow/internal/SsaImpl.qll index 0655ffee6f9..9ff6888d6e4 100644 --- a/csharp/ql/lib/semmle/code/csharp/dataflow/internal/SsaImpl.qll +++ b/csharp/ql/lib/semmle/code/csharp/dataflow/internal/SsaImpl.qll @@ -803,14 +803,14 @@ private module CapturedVariableImpl { * Holds if `c` is a relevant part of the call graph for * `updatesCapturedVariable` based on following edges in forward direction. */ - private predicate reachbleFromSource(Callable c) { + private predicate reachableFromSource(Callable c) { source(_, _, _, c, _) or - exists(Callable mid | reachbleFromSource(mid) | callEdge(mid, c)) + exists(Callable mid | reachableFromSource(mid) | callEdge(mid, c)) } private predicate sink(Callable c, CapturedWrittenLocalScopeVariable captured) { - reachbleFromSource(c) and + reachableFromSource(c) and relevantDefinition(c, captured, _) } @@ -932,14 +932,14 @@ private module CapturedVariableLivenessImpl { * Holds if `c` is a relevant part of the call graph for * `readsCapturedVariable` based on following edges in forward direction. */ - private predicate reachbleFromSource(Callable c) { + private predicate reachableFromSource(Callable c) { source(_, _, _, c, _) or - exists(Callable mid | reachbleFromSource(mid) | callEdge(mid, c)) + exists(Callable mid | reachableFromSource(mid) | callEdge(mid, c)) } private predicate sink(Callable c, CapturedReadLocalScopeVariable captured) { - reachbleFromSource(c) and + reachableFromSource(c) and capturerReads(c, captured) } diff --git a/csharp/ql/lib/semmle/code/csharp/dataflow/internal/Steps.qll b/csharp/ql/lib/semmle/code/csharp/dataflow/internal/Steps.qll index 77a21025840..6d5443d480b 100644 --- a/csharp/ql/lib/semmle/code/csharp/dataflow/internal/Steps.qll +++ b/csharp/ql/lib/semmle/code/csharp/dataflow/internal/Steps.qll @@ -53,12 +53,12 @@ module Steps { private predicate flowIn(Parameter p, Expr pred, AssignableRead succ) { exists(AssignableDefinitions::ImplicitParameterDefinition def, Call c | succ = getARead(def) | - pred = getArgumentForOverridderParameter(c, p) and + pred = getArgumentForOverriderParameter(c, p) and p.getUnboundDeclaration() = def.getParameter() ) } - private Expr getArgumentForOverridderParameter(Call call, Parameter p) { + private Expr getArgumentForOverriderParameter(Call call, Parameter p) { exists(Parameter base, Callable callable | result = call.getArgumentForParameter(base) | base = callable.getAParameter() and isOverriderParameter(callable, p, base.getPosition()) diff --git a/csharp/ql/lib/semmle/code/csharp/dataflow/internal/TaintTrackingPrivate.qll b/csharp/ql/lib/semmle/code/csharp/dataflow/internal/TaintTrackingPrivate.qll index ec29d704248..4f823907f94 100644 --- a/csharp/ql/lib/semmle/code/csharp/dataflow/internal/TaintTrackingPrivate.qll +++ b/csharp/ql/lib/semmle/code/csharp/dataflow/internal/TaintTrackingPrivate.qll @@ -26,13 +26,14 @@ predicate defaultTaintSanitizer(DataFlow::Node node) { none() } bindingset[node] predicate defaultImplicitTaintRead(DataFlow::Node node, DataFlow::Content c) { none() } -private CIL::DataFlowNode asCilDataFlowNode(DataFlow::Node node) { - result = node.asParameter() or - result = node.asExpr() +private predicate localCilTaintStep(CIL::DataFlowNode src, CIL::DataFlowNode sink) { + src = sink.(CIL::BinaryArithmeticExpr).getAnOperand() or + src = sink.(CIL::Opcodes::Neg).getOperand() or + src = sink.(CIL::UnaryBitwiseOperation).getOperand() } private predicate localTaintStepCil(DataFlow::Node nodeFrom, DataFlow::Node nodeTo) { - asCilDataFlowNode(nodeFrom).getALocalFlowSucc(asCilDataFlowNode(nodeTo), any(CIL::Tainted t)) + localCilTaintStep(asCilDataFlowNode(nodeFrom), asCilDataFlowNode(nodeTo)) } private class LocalTaintExprStepConfiguration extends ControlFlowReachabilityConfiguration { diff --git a/csharp/ql/lib/semmle/code/csharp/exprs/Access.qll b/csharp/ql/lib/semmle/code/csharp/exprs/Access.qll index 9d7cf3a5867..3e3c8ca79e8 100644 --- a/csharp/ql/lib/semmle/code/csharp/exprs/Access.qll +++ b/csharp/ql/lib/semmle/code/csharp/exprs/Access.qll @@ -174,7 +174,9 @@ class VariableAccess extends AssignableAccess, @variable_access_expr { class VariableRead extends VariableAccess, AssignableRead { override VariableRead getANextRead() { result = AssignableRead.super.getANextRead() } - override VariableRead getAReachableRead() { result = AssignableRead.super.getAReachableRead() } + deprecated override VariableRead getAReachableRead() { + result = AssignableRead.super.getAReachableRead() + } } /** @@ -200,7 +202,7 @@ class LocalScopeVariableAccess extends VariableAccess, @local_scope_variable_acc class LocalScopeVariableRead extends LocalScopeVariableAccess, VariableRead { override LocalScopeVariableRead getANextRead() { result = VariableRead.super.getANextRead() } - override LocalScopeVariableRead getAReachableRead() { + deprecated override LocalScopeVariableRead getAReachableRead() { result = VariableRead.super.getAReachableRead() } } @@ -242,7 +244,7 @@ class ParameterAccess extends LocalScopeVariableAccess, @parameter_access_expr { class ParameterRead extends ParameterAccess, LocalScopeVariableRead { override ParameterRead getANextRead() { result = LocalScopeVariableRead.super.getANextRead() } - override ParameterRead getAReachableRead() { + deprecated override ParameterRead getAReachableRead() { result = LocalScopeVariableRead.super.getAReachableRead() } } @@ -297,7 +299,7 @@ class LocalVariableAccess extends LocalScopeVariableAccess, @local_variable_acce class LocalVariableRead extends LocalVariableAccess, LocalScopeVariableRead { override LocalVariableRead getANextRead() { result = LocalScopeVariableRead.super.getANextRead() } - override LocalVariableRead getAReachableRead() { + deprecated override LocalVariableRead getAReachableRead() { result = LocalScopeVariableRead.super.getAReachableRead() } } @@ -442,7 +444,9 @@ class PropertyAccess extends AssignableMemberAccess, PropertyAccessExpr { class PropertyRead extends PropertyAccess, AssignableRead { override PropertyRead getANextRead() { result = AssignableRead.super.getANextRead() } - override PropertyRead getAReachableRead() { result = AssignableRead.super.getAReachableRead() } + deprecated override PropertyRead getAReachableRead() { + result = AssignableRead.super.getAReachableRead() + } } /** @@ -581,7 +585,9 @@ class IndexerAccess extends AssignableMemberAccess, ElementAccess, IndexerAccess class IndexerRead extends IndexerAccess, ElementRead { override IndexerRead getANextRead() { result = ElementRead.super.getANextRead() } - override IndexerRead getAReachableRead() { result = ElementRead.super.getAReachableRead() } + deprecated override IndexerRead getAReachableRead() { + result = ElementRead.super.getAReachableRead() + } } /** diff --git a/csharp/ql/lib/semmle/code/csharp/exprs/BitwiseOperation.qll b/csharp/ql/lib/semmle/code/csharp/exprs/BitwiseOperation.qll index 0ae16bb5065..a23da710465 100644 --- a/csharp/ql/lib/semmle/code/csharp/exprs/BitwiseOperation.qll +++ b/csharp/ql/lib/semmle/code/csharp/exprs/BitwiseOperation.qll @@ -74,7 +74,7 @@ class BitwiseOrExpr extends BinaryBitwiseOperation, @bit_or_expr { } /** - * A bitwise exlusive-or operation, for example `x ^ y`. + * A bitwise exclusive-or operation, for example `x ^ y`. */ class BitwiseXorExpr extends BinaryBitwiseOperation, @bit_xor_expr { override string getOperator() { result = "^" } diff --git a/csharp/ql/lib/semmle/code/csharp/exprs/Call.qll b/csharp/ql/lib/semmle/code/csharp/exprs/Call.qll index 1aa67410c59..edd7aa3932d 100644 --- a/csharp/ql/lib/semmle/code/csharp/exprs/Call.qll +++ b/csharp/ql/lib/semmle/code/csharp/exprs/Call.qll @@ -417,7 +417,7 @@ class ConstructorInitializer extends Call, @constructor_init_expr { } /** - * Holds if this initialier is a `this` initializer, for example `this(0)` + * Holds if this initializer is a `this` initializer, for example `this(0)` * in * * ```csharp @@ -431,7 +431,7 @@ class ConstructorInitializer extends Call, @constructor_init_expr { predicate isThis() { this.getTargetType() = this.getConstructorType() } /** - * Holds if this initialier is a `base` initializer, for example `base(0)` + * Holds if this initializer is a `base` initializer, for example `base(0)` * in * * ```csharp diff --git a/csharp/ql/lib/semmle/code/csharp/exprs/Creation.qll b/csharp/ql/lib/semmle/code/csharp/exprs/Creation.qll index b999dfbc0e7..2f090d3fd06 100644 --- a/csharp/ql/lib/semmle/code/csharp/exprs/Creation.qll +++ b/csharp/ql/lib/semmle/code/csharp/exprs/Creation.qll @@ -389,7 +389,7 @@ class ArrayCreation extends Expr, @array_creation_expr { /** Holds if this array creation has an initializer. */ predicate hasInitializer() { exists(this.getInitializer()) } - /** Gets the array initializer of this array cration, if any. */ + /** Gets the array initializer of this array creation, if any. */ ArrayInitializer getInitializer() { result = this.getChild(-1) } /** Holds if the type of the created array is inferred from its initializer. */ diff --git a/csharp/ql/lib/semmle/code/csharp/exprs/Expr.qll b/csharp/ql/lib/semmle/code/csharp/exprs/Expr.qll index 87fbcb8c3a9..03a24b37345 100644 --- a/csharp/ql/lib/semmle/code/csharp/exprs/Expr.qll +++ b/csharp/ql/lib/semmle/code/csharp/exprs/Expr.qll @@ -192,7 +192,7 @@ class Operation extends Expr, @op_expr { } /** - * A unary operation. Either a unary arithemtic operation + * A unary operation. Either a unary arithmetic operation * (`UnaryArithmeticOperation`), a unary bitwise operation * (`UnaryBitwiseOperation`), a `sizeof` operation (`SizeofExpr`), a pointer * indirection operation (`PointerIndirectionExpr`), an address-of operation @@ -206,7 +206,7 @@ class UnaryOperation extends Operation, @un_op { } /** - * A binary operation. Either a binary arithemtic operation + * A binary operation. Either a binary arithmetic operation * (`BinaryArithmeticOperation`), a binary bitwise operation * (`BinaryBitwiseOperation`), a comparison operation (`ComparisonOperation`), * or a binary logical operation (`BinaryLogicalOperation`). @@ -776,7 +776,7 @@ class SizeofExpr extends UnaryOperation, @sizeof_expr { * struct A { * public void M() { } * - * unsafe int DirectDerefence() { + * unsafe int DirectDereference() { * int n = 10; * int *pn = &n; * return *pn; @@ -788,7 +788,7 @@ class SizeofExpr extends UnaryOperation, @sizeof_expr { * pa->M(); * } * - * unsafe void ArrayDerefence() { + * unsafe void ArrayDereference() { * char* cp = stackalloc char[10]; * cp[1] = 'a'; * } @@ -813,7 +813,7 @@ class PointerIndirectionExpr extends UnaryOperation, @pointer_indirection_expr { * * ```csharp * class A { - * unsafe int DirectDerefence() { + * unsafe int DirectDereference() { * int n = 10; * int *pn = &n; * return *pn; diff --git a/csharp/ql/lib/semmle/code/csharp/frameworks/Format.qll b/csharp/ql/lib/semmle/code/csharp/frameworks/Format.qll index 54fa60e03f2..373194ef366 100644 --- a/csharp/ql/lib/semmle/code/csharp/frameworks/Format.qll +++ b/csharp/ql/lib/semmle/code/csharp/frameworks/Format.qll @@ -71,6 +71,20 @@ class FormatMethod extends Method { } } +pragma[nomagic] +private predicate parameterReadPostDominatesEntry(ParameterRead pr) { + pr.getAControlFlowNode().postDominates(pr.getEnclosingCallable().getEntryPoint()) and + getParameterType(pr.getTarget()) instanceof ObjectType +} + +pragma[nomagic] +private predicate alwaysPassedToFormatItemParameter(ParameterRead pr) { + pr = any(StringFormatItemParameter other).getAnAssignedArgument() and + parameterReadPostDominatesEntry(pr) + or + alwaysPassedToFormatItemParameter(pr.getANextRead()) +} + /** * A parameter that is used as a format item for `string.Format()`. Either a * format item parameter of `string.Format()`, or a parameter of a method that @@ -85,15 +99,9 @@ class StringFormatItemParameter extends Parameter { ) or // Parameter of a source method that forwards to `string.Format()` - exists( - AssignableDefinitions::ImplicitParameterDefinition def, ParameterRead pr, - StringFormatItemParameter other - | + exists(AssignableDefinitions::ImplicitParameterDefinition def | def.getParameter() = this and - pr = def.getAReachableRead() and - pr.getAControlFlowNode().postDominates(this.getCallable().getEntryPoint()) and - other.getAnAssignedArgument() = pr and - getParameterType(this) instanceof ObjectType + alwaysPassedToFormatItemParameter(def.getAFirstRead()) ) } } diff --git a/csharp/ql/lib/semmle/code/csharp/frameworks/System.qll b/csharp/ql/lib/semmle/code/csharp/frameworks/System.qll index 652ec19a86a..297ae087e23 100644 --- a/csharp/ql/lib/semmle/code/csharp/frameworks/System.qll +++ b/csharp/ql/lib/semmle/code/csharp/frameworks/System.qll @@ -1243,7 +1243,7 @@ predicate implementsDispose(ValueOrRefType t) { getInvokedDisposeMethod(t).getDe /** * Gets the dispose method that will be invoked on a value `x` - * of type `t` when `x.Dipsose()` is called. + * of type `t` when `x.Dispose()` is called. * * Either the dispose method is (an override of) `IDisposable.Dispose()`, * or an implementation of a method `Dispose(bool)` which is called diff --git a/csharp/ql/lib/semmle/code/csharp/frameworks/microsoft/AspNetCore.qll b/csharp/ql/lib/semmle/code/csharp/frameworks/microsoft/AspNetCore.qll index aaed35ef73f..d9624b60dcc 100644 --- a/csharp/ql/lib/semmle/code/csharp/frameworks/microsoft/AspNetCore.qll +++ b/csharp/ql/lib/semmle/code/csharp/frameworks/microsoft/AspNetCore.qll @@ -416,7 +416,7 @@ class MicrosoftAspNetCoreBuilderEndpointRouteBuilderExtensions extends Class { /** Gets the `MapDelete` extension method. */ Method getMapDeleteMethod() { result = this.getAMethod("MapDelete") } - /** Get a `Map` like extenion methods. */ + /** Get a `Map` like extension methods. */ Method getAMapMethod() { result = [ diff --git a/csharp/ql/lib/semmle/code/csharp/frameworks/system/security/Cryptography.qll b/csharp/ql/lib/semmle/code/csharp/frameworks/system/security/Cryptography.qll index 3a02ded5edd..9cddf3e428b 100644 --- a/csharp/ql/lib/semmle/code/csharp/frameworks/system/security/Cryptography.qll +++ b/csharp/ql/lib/semmle/code/csharp/frameworks/system/security/Cryptography.qll @@ -20,7 +20,7 @@ class SystemSecurityCryptographyClass extends Class { } /** Data flow for `System.Security.Cryptography.AsnEncodedDataCollection`. */ -private class SystemSecurityCryptographyAsnEncondedDataCollectionFlowModelCsv extends SummaryModelCsv { +private class SystemSecurityCryptographyAsnEncodedDataCollectionFlowModelCsv extends SummaryModelCsv { override predicate row(string row) { row = [ diff --git a/csharp/ql/lib/semmle/code/csharp/security/xml/InsecureXMLQuery.qll b/csharp/ql/lib/semmle/code/csharp/security/xml/InsecureXMLQuery.qll index e885fdb2778..53fe605b963 100644 --- a/csharp/ql/lib/semmle/code/csharp/security/xml/InsecureXMLQuery.qll +++ b/csharp/ql/lib/semmle/code/csharp/security/xml/InsecureXMLQuery.qll @@ -130,7 +130,7 @@ module XmlSettings { | not isSafeDtdSetting(dtdVal) and evidence = dtdVal ) and - reason = "DTD procesing enabled in settings" + reason = "DTD processing enabled in settings" or not exists(getAValueForProp(creation, "ProhibitDtd")) and reason = "DTD processing is enabled by default in versions before 4.0" and diff --git a/csharp/ql/src/API Abuse/DisposeNotCalledOnException.ql b/csharp/ql/src/API Abuse/DisposeNotCalledOnException.ql index abb962449b9..3349ee93251 100644 --- a/csharp/ql/src/API Abuse/DisposeNotCalledOnException.ql +++ b/csharp/ql/src/API Abuse/DisposeNotCalledOnException.ql @@ -22,12 +22,22 @@ private class DisposeCall extends MethodCall { DisposeCall() { this.getTarget() instanceof DisposeMethod } } -private predicate localFlowStep(DataFlow::Node nodeFrom, DataFlow::Node nodeTo) { - DataFlow::localFlowStep(nodeFrom, nodeTo) and - not exists(AssignableDefinition def, UsingStmt us | - nodeTo.asExpr() = def.getAReachableRead() and +pragma[nomagic] +private predicate isDisposedAccess(AssignableRead ar) { + exists(AssignableDefinition def, UsingStmt us | + ar = def.getAFirstRead() and def.getTargetAccess() = us.getAVariableDeclExpr().getAccess() ) + or + exists(AssignableRead mid | + isDisposedAccess(mid) and + ar = mid.getANextRead() + ) +} + +private predicate localFlowStep(DataFlow::Node nodeFrom, DataFlow::Node nodeTo) { + DataFlow::localFlowStep(nodeFrom, nodeTo) and + not isDisposedAccess(nodeTo.asExpr()) } private predicate reachesDisposeCall(DisposeCall disposeCall, DataFlow::Node node) { diff --git a/csharp/ql/src/Bad Practices/Implementation Hiding/AbstractToConcreteCollection.qhelp b/csharp/ql/src/Bad Practices/Implementation Hiding/AbstractToConcreteCollection.qhelp index bac228017c8..2d0c1849914 100644 --- a/csharp/ql/src/Bad Practices/Implementation Hiding/AbstractToConcreteCollection.qhelp +++ b/csharp/ql/src/Bad Practices/Implementation Hiding/AbstractToConcreteCollection.qhelp @@ -18,7 +18,7 @@ more difficult to change which implementation you are using at a later date.

    -
  • C# Corner, C# Interface Based Development.
    • +
  • C# Corner, C# Interface Based Development.
    •  diff --git a/csharp/ql/src/Bad Practices/Magic Constants/MagicConstantsNumbers.cs b/csharp/ql/src/Bad Practices/Magic Constants/MagicConstantsNumbers.cs index 9e4673c9e0a..33eb8363b87 100644 --- a/csharp/ql/src/Bad Practices/Magic Constants/MagicConstantsNumbers.cs +++ b/csharp/ql/src/Bad Practices/Magic Constants/MagicConstantsNumbers.cs @@ -5,7 +5,7 @@ class Circle { return Math.Pow(radius, 2) * 3.14; } - public double circumfrence() + public double circumference() { return radius * 2 * 3.14; } diff --git a/csharp/ql/src/Bad Practices/Magic Constants/MagicNumbersUseConstant.cs b/csharp/ql/src/Bad Practices/Magic Constants/MagicNumbersUseConstant.cs index 1d2b9dc7f2e..218d0a1ba11 100644 --- a/csharp/ql/src/Bad Practices/Magic Constants/MagicNumbersUseConstant.cs +++ b/csharp/ql/src/Bad Practices/Magic Constants/MagicNumbersUseConstant.cs @@ -6,7 +6,7 @@ class Circle { return Math.Pow(radius, 2) * 3.14; // BAD: use the "Pi" constant } - public double circumfrence() + public double circumference() { return radius * 2 * 3.14; // BAD: use the "Pi" constant } diff --git a/csharp/ql/src/Likely Bugs/ConstantComparison.qhelp b/csharp/ql/src/Likely Bugs/ConstantComparison.qhelp index e1d6f9d5f9f..5e52142c84e 100644 --- a/csharp/ql/src/Likely Bugs/ConstantComparison.qhelp +++ b/csharp/ql/src/Likely Bugs/ConstantComparison.qhelp @@ -5,7 +5,7 @@

    Comparisons which always yield the same result are unnecessary and may indicate a bug in the - logic. This can can happen when the data type of one of the operands has a limited range of values. + logic. This can happen when the data type of one of the operands has a limited range of values. For example unsigned integers are always greater than or equal to zero, and byte values are always less than 256.

    diff --git a/csharp/ql/src/Likely Bugs/MishandlingJapaneseEra.qhelp b/csharp/ql/src/Likely Bugs/MishandlingJapaneseEra.qhelp index a2000deb2d5..c77c656a655 100644 --- a/csharp/ql/src/Likely Bugs/MishandlingJapaneseEra.qhelp +++ b/csharp/ql/src/Likely Bugs/MishandlingJapaneseEra.qhelp @@ -9,7 +9,7 @@

    -

    Use speific era when creating DateTime and DateTimeOffset structs from previously stored date in Japanese calendar

    +

    Use specific era when creating DateTime and DateTimeOffset structs from previously stored date in Japanese calendar

    Don't store dates in Japanese format

    Don't use hard-coded era start date for date calculations converting dates from Japanese date format

    Use JapaneseCalendar class for date formatting only

    diff --git a/csharp/ql/src/Likely Bugs/ThreadUnsafeICryptoTransformLambda.qhelp b/csharp/ql/src/Likely Bugs/ThreadUnsafeICryptoTransformLambda.qhelp index 1ccdceb7412..325a4531afe 100644 --- a/csharp/ql/src/Likely Bugs/ThreadUnsafeICryptoTransformLambda.qhelp +++ b/csharp/ql/src/Likely Bugs/ThreadUnsafeICryptoTransformLambda.qhelp @@ -6,7 +6,7 @@     -

    Create new instances of the object that implements or has a field of type System.Security.Cryptography.ICryptoTransform to avoid sharing it accross multiple threads.

    +

    Create new instances of the object that implements or has a field of type System.Security.Cryptography.ICryptoTransform to avoid sharing it across multiple threads.

     diff --git a/csharp/ql/src/Security Features/Encryption using ECB.qhelp b/csharp/ql/src/Security Features/Encryption using ECB.qhelp index 0315813d7bc..db66106f834 100644 --- a/csharp/ql/src/Security Features/Encryption using ECB.qhelp +++ b/csharp/ql/src/Security Features/Encryption using ECB.qhelp @@ -4,7 +4,7 @@

    ECB should not be used as a mode for encryption. It has dangerous weaknesses. Data is encrypted the same way every time -meaning the same plaintext input will always produce the same cyphertext. This makes encrypted messages vulnerable +meaning the same plaintext input will always produce the same ciphertext. This makes encrypted messages vulnerable to replay attacks.

     diff --git a/csharp/ql/src/Telemetry/ExternalApi.qll b/csharp/ql/src/Telemetry/ExternalApi.qll index 685eda64e50..d4cc0ae43cc 100644 --- a/csharp/ql/src/Telemetry/ExternalApi.qll +++ b/csharp/ql/src/Telemetry/ExternalApi.qll @@ -17,8 +17,10 @@ private import semmle.code.csharp.security.dataflow.flowsources.Remote class TestLibrary extends RefType { TestLibrary() { this.getNamespace() - .getName() - .matches(["NUnit.Framework%", "Xunit%", "Microsoft.VisualStudio.TestTools.UnitTesting%"]) + .getQualifiedName() + .matches([ + "NUnit.Framework%", "Xunit%", "Microsoft.VisualStudio.TestTools.UnitTesting%", "Moq%" + ]) } } @@ -114,29 +116,39 @@ class ExternalApi extends DotNet::Callable { int resultLimit() { result = 1000 } /** - * Holds if the relevant usage count of `api` is `usages`. + * Holds if it is relevant to count usages of `api`. */ -signature predicate relevantUsagesSig(ExternalApi api, int usages); +signature predicate relevantApi(ExternalApi api); /** * Given a predicate to count relevant API usages, this module provides a predicate * for restricting the number or returned results based on a certain limit. */ -module Results { - private int getOrder(ExternalApi api) { - api = - rank[result](ExternalApi a, int usages | - getRelevantUsages(a, usages) +module Results { + private int getUsages(string apiInfo) { + result = + strictcount(DispatchCall c, ExternalApi api | + c = api.getACall() and + apiInfo = api.getInfo() and + getRelevantUsages(api) + ) + } + + private int getOrder(string apiInfo) { + apiInfo = + rank[result](string info, int usages | + usages = getUsages(info) | - a order by usages desc, a.getInfo() + info order by usages desc, info ) } /** - * Holds if `api` is being used `usages` times and if it is - * in the top results (guarded by resultLimit). + * Holds if there exists an API with `apiInfo` that is being used `usages` times + * and if it is in the top results (guarded by resultLimit). */ - predicate restrict(ExternalApi api, int usages) { - getRelevantUsages(api, usages) and getOrder(api) <= resultLimit() + predicate restrict(string apiInfo, int usages) { + usages = getUsages(apiInfo) and + getOrder(apiInfo) <= resultLimit() } } diff --git a/csharp/ql/src/Telemetry/SupportedExternalSinks.ql b/csharp/ql/src/Telemetry/SupportedExternalSinks.ql index 74d36bc4cec..4eb42c4628f 100644 --- a/csharp/ql/src/Telemetry/SupportedExternalSinks.ql +++ b/csharp/ql/src/Telemetry/SupportedExternalSinks.ql @@ -10,12 +10,11 @@ private import csharp private import semmle.code.csharp.dispatch.Dispatch private import ExternalApi -private predicate getRelevantUsages(ExternalApi api, int usages) { +private predicate relevant(ExternalApi api) { not api.isUninteresting() and - api.isSink() and - usages = strictcount(DispatchCall c | c = api.getACall()) + api.isSink() } -from ExternalApi api, int usages -where Results::restrict(api, usages) -select api.getInfo() as info, usages order by usages desc +from string info, int usages +where Results::restrict(info, usages) +select info, usages order by usages desc diff --git a/csharp/ql/src/Telemetry/SupportedExternalSources.ql b/csharp/ql/src/Telemetry/SupportedExternalSources.ql index 9e57adb9b22..0d0b38a4754 100644 --- a/csharp/ql/src/Telemetry/SupportedExternalSources.ql +++ b/csharp/ql/src/Telemetry/SupportedExternalSources.ql @@ -10,12 +10,11 @@ private import csharp private import semmle.code.csharp.dispatch.Dispatch private import ExternalApi -private predicate getRelevantUsages(ExternalApi api, int usages) { +private predicate relevant(ExternalApi api) { not api.isUninteresting() and - api.isSource() and - usages = strictcount(DispatchCall c | c = api.getACall()) + api.isSource() } -from ExternalApi api, int usages -where Results::restrict(api, usages) -select api.getInfo() as info, usages order by usages desc +from string info, int usages +where Results::restrict(info, usages) +select info, usages order by usages desc diff --git a/csharp/ql/src/Telemetry/SupportedExternalTaint.ql b/csharp/ql/src/Telemetry/SupportedExternalTaint.ql index 5e8a816b3f6..3eccf73b58b 100644 --- a/csharp/ql/src/Telemetry/SupportedExternalTaint.ql +++ b/csharp/ql/src/Telemetry/SupportedExternalTaint.ql @@ -10,12 +10,11 @@ private import csharp private import semmle.code.csharp.dispatch.Dispatch private import ExternalApi -private predicate getRelevantUsages(ExternalApi api, int usages) { +private predicate relevant(ExternalApi api) { not api.isUninteresting() and - api.hasSummary() and - usages = strictcount(DispatchCall c | c = api.getACall()) + api.hasSummary() } -from ExternalApi api, int usages -where Results::restrict(api, usages) -select api.getInfo() as info, usages order by usages desc +from string info, int usages +where Results::restrict(info, usages) +select info, usages order by usages desc diff --git a/csharp/ql/src/Telemetry/UnsupportedExternalAPIs.ql b/csharp/ql/src/Telemetry/UnsupportedExternalAPIs.ql index 69b8793abc1..4823a4e2dbc 100644 --- a/csharp/ql/src/Telemetry/UnsupportedExternalAPIs.ql +++ b/csharp/ql/src/Telemetry/UnsupportedExternalAPIs.ql @@ -12,13 +12,12 @@ private import semmle.code.csharp.dataflow.internal.FlowSummaryImpl as FlowSumma private import semmle.code.csharp.dataflow.internal.NegativeSummary private import ExternalApi -private predicate getRelevantUsages(ExternalApi api, int usages) { +private predicate relevant(ExternalApi api) { not api.isUninteresting() and not api.isSupported() and - not api instanceof FlowSummaryImpl::Public::NegativeSummarizedCallable and - usages = strictcount(DispatchCall c | c = api.getACall()) + not api instanceof FlowSummaryImpl::Public::NegativeSummarizedCallable } -from ExternalApi api, int usages -where Results::restrict(api, usages) -select api.getInfo() as info, usages order by usages desc +from string info, int usages +where Results::restrict(info, usages) +select info, usages order by usages desc diff --git a/csharp/ql/src/Useless code/DefaultToStringQuery.qll b/csharp/ql/src/Useless code/DefaultToStringQuery.qll index 9ba8be009da..9185756b0a9 100644 --- a/csharp/ql/src/Useless code/DefaultToStringQuery.qll +++ b/csharp/ql/src/Useless code/DefaultToStringQuery.qll @@ -6,6 +6,7 @@ import semmle.code.csharp.frameworks.System * Holds if expression `e`, of type `t`, invokes `ToString()` either explicitly * or implicitly. */ +pragma[nomagic] predicate invokesToString(Expr e, ValueOrRefType t) { // Explicit invocation exists(MethodCall mc | mc.getQualifier() = e | @@ -20,20 +21,24 @@ predicate invokesToString(Expr e, ValueOrRefType t) { // Implicit invocation via forwarder method t = e.stripCasts().getType() and not t instanceof StringType and - exists(Parameter p | - alwaysInvokesToStringOnParameter(p) and + exists(AssignableDefinitions::ImplicitParameterDefinition def, Parameter p | + def.getParameter() = p and + alwaysInvokesToString(def.getAFirstRead()) and e = p.getAnAssignedArgument() ) } -pragma[noinline] -private predicate alwaysInvokesToStringOnParameter(Parameter p) { - exists(AssignableDefinitions::ImplicitParameterDefinition def, ParameterRead pr | - def.getParameter() = p and - pr = def.getAReachableRead() and - pr.getAControlFlowNode().postDominates(p.getCallable().getEntryPoint()) and - invokesToString(pr, _) - ) +pragma[nomagic] +private predicate parameterReadPostDominatesEntry(ParameterRead pr) { + pr.getAControlFlowNode().postDominates(pr.getEnclosingCallable().getEntryPoint()) +} + +pragma[nomagic] +private predicate alwaysInvokesToString(ParameterRead pr) { + parameterReadPostDominatesEntry(pr) and + invokesToString(pr, _) + or + alwaysInvokesToString(pr.getANextRead()) } /** diff --git a/csharp/ql/src/experimental/Security Features/CWE-327/Azure/UnsafeUsageOfClientSideEncryptionVersion.cs b/csharp/ql/src/experimental/Security Features/CWE-327/Azure/UnsafeUsageOfClientSideEncryptionVersion.cs index bee97118ea8..0810516ee40 100644 --- a/csharp/ql/src/experimental/Security Features/CWE-327/Azure/UnsafeUsageOfClientSideEncryptionVersion.cs +++ b/csharp/ql/src/experimental/Security Features/CWE-327/Azure/UnsafeUsageOfClientSideEncryptionVersion.cs @@ -17,7 +17,7 @@ var client = new BlobClient(myConnectionString, new SpecializedBlobClientOptions { KeyEncryptionKey = myKey, KeyResolver = myKeyResolver, - KeyWrapAlgorihm = myKeyWrapAlgorithm + KeyWrapAlgorithm = myKeyWrapAlgorithm } }); @@ -28,7 +28,7 @@ var client = new BlobClient(myConnectionString, new SpecializedBlobClientOptions { KeyEncryptionKey = myKey, KeyResolver = myKeyResolver, - KeyWrapAlgorihm = myKeyWrapAlgorithm + KeyWrapAlgorithm = myKeyWrapAlgorithm } }); @@ -39,6 +39,6 @@ var client = new BlobClient(myConnectionString, new SpecializedBlobClientOptions { KeyEncryptionKey = myKey, KeyResolver = myKeyResolver, - KeyWrapAlgorihm = myKeyWrapAlgorithm + KeyWrapAlgorithm = myKeyWrapAlgorithm } }); \ No newline at end of file diff --git a/csharp/ql/src/experimental/Security Features/JsonWebTokenHandler/security-validation-disabled.ql b/csharp/ql/src/experimental/Security Features/JsonWebTokenHandler/security-validation-disabled.ql index cfc745e5314..9c2a5d3983f 100644 --- a/csharp/ql/src/experimental/Security Features/JsonWebTokenHandler/security-validation-disabled.ql +++ b/csharp/ql/src/experimental/Security Features/JsonWebTokenHandler/security-validation-disabled.ql @@ -1,6 +1,6 @@ /** * @name Security sensitive JsonWebTokenHandler validations are disabled - * @description Check if secruity sensitive token validations for `JsonWebTokenHandler` are being disabled. + * @description Check if security sensitive token validations for `JsonWebTokenHandler` are being disabled. * @kind problem * @tags security * JsonWebTokenHandler diff --git a/csharp/ql/src/experimental/Security Features/backdoor/PotentialTimeBomb.ql b/csharp/ql/src/experimental/Security Features/backdoor/PotentialTimeBomb.ql index cc900c745b4..9de38f673ab 100644 --- a/csharp/ql/src/experimental/Security Features/backdoor/PotentialTimeBomb.ql +++ b/csharp/ql/src/experimental/Security Features/backdoor/PotentialTimeBomb.ql @@ -61,7 +61,7 @@ class DateTimeStruct extends Struct { /** * holds if the Callable is used for DateTime arithmetic operations */ - Callable getATimeSpanArtithmeticCallable() { + Callable getATimeSpanArithmeticCallable() { (result = this.getAnOperator() or result = this.getAMethod()) and result.getName() in [ "Add", "AddDays", "AddHours", "AddMilliseconds", "AddMinutes", "AddMonths", "AddSeconds", @@ -96,7 +96,7 @@ private class FlowsFromGetLastWriteTimeConfigToTimeSpanArithmeticCallable extend override predicate isSink(DataFlow::Node sink) { exists(Call call, DateTimeStruct dateTime | call.getAChild*() = sink.asExpr() and - call = dateTime.getATimeSpanArtithmeticCallable().getACall() + call = dateTime.getATimeSpanArithmeticCallable().getACall() ) } } @@ -111,7 +111,7 @@ private class FlowsFromTimeSpanArithmeticToTimeComparisonCallable extends TaintT override predicate isSource(DataFlow::Node source) { exists(DateTimeStruct dateTime, Call call | source.asExpr() = call | - call = dateTime.getATimeSpanArtithmeticCallable().getACall() + call = dateTime.getATimeSpanArithmeticCallable().getACall() ) } @@ -157,7 +157,7 @@ predicate isPotentialTimeBomb( | pathSource.getNode() = exprNode(getLastWriteTimeMethodCall) and config1.hasFlow(exprNode(getLastWriteTimeMethodCall), sink) and - timeArithmeticCall = dateTime.getATimeSpanArtithmeticCallable().getACall() and + timeArithmeticCall = dateTime.getATimeSpanArithmeticCallable().getACall() and timeArithmeticCall.getAChild*() = sink.asExpr() and config2.hasFlow(exprNode(timeArithmeticCall), sink2) and timeComparisonCall = dateTime.getAComparisonCallable().getACall() and diff --git a/csharp/ql/src/experimental/ir/implementation/raw/Instruction.qll b/csharp/ql/src/experimental/ir/implementation/raw/Instruction.qll index 8e863ddf635..7afe954023b 100644 --- a/csharp/ql/src/experimental/ir/implementation/raw/Instruction.qll +++ b/csharp/ql/src/experimental/ir/implementation/raw/Instruction.qll @@ -742,7 +742,7 @@ class NoOpInstruction extends Instruction { * The `ReturnInstruction` for a function will have a control-flow successor edge to a block * containing the `ExitFunction` instruction for that function. * - * There are two differet return instructions: `ReturnValueInstruction`, for returning a value from + * There are two different return instructions: `ReturnValueInstruction`, for returning a value from * a non-`void`-returning function, and `ReturnVoidInstruction`, for returning from a * `void`-returning function. */ @@ -1331,7 +1331,7 @@ class CheckedConvertOrThrowInstruction extends UnaryInstruction { * * If the operand holds a null address, the result is a null address. * - * This instruction is used to represent `dyanmic_cast` in C++, which returns the pointer to + * This instruction is used to represent `dynamic_cast` in C++, which returns the pointer to * the most-derived object. */ class CompleteObjectAddressInstruction extends UnaryInstruction { diff --git a/csharp/ql/src/experimental/ir/implementation/raw/internal/TranslatedElement.qll b/csharp/ql/src/experimental/ir/implementation/raw/internal/TranslatedElement.qll index 7fc54f80b80..4c5ab431dd5 100644 --- a/csharp/ql/src/experimental/ir/implementation/raw/internal/TranslatedElement.qll +++ b/csharp/ql/src/experimental/ir/implementation/raw/internal/TranslatedElement.qll @@ -512,7 +512,7 @@ abstract class TranslatedElement extends TTranslatedElement { /** * If the instruction specified by `tag` has a result of type `UnknownType`, - * gets the size of the result in bytes. If the result does not have a knonwn + * gets the size of the result in bytes. If the result does not have a known * constant size, this predicate does not hold. */ int getInstructionResultSize(InstructionTag tag) { none() } diff --git a/csharp/ql/src/experimental/ir/implementation/raw/internal/TranslatedStmt.qll b/csharp/ql/src/experimental/ir/implementation/raw/internal/TranslatedStmt.qll index d95a73e4e42..1afc48d0409 100644 --- a/csharp/ql/src/experimental/ir/implementation/raw/internal/TranslatedStmt.qll +++ b/csharp/ql/src/experimental/ir/implementation/raw/internal/TranslatedStmt.qll @@ -403,7 +403,7 @@ class TranslatedGeneralCatchClause extends TranslatedClause { /** * The IR translation of a throw statement that throws an exception, - * as oposed to just rethrowing one. + * as opposed to just rethrowing one. */ class TranslatedThrowExceptionStmt extends TranslatedStmt, InitializationContext { override ThrowStmt stmt; diff --git a/csharp/ql/src/experimental/ir/implementation/unaliased_ssa/Instruction.qll b/csharp/ql/src/experimental/ir/implementation/unaliased_ssa/Instruction.qll index 8e863ddf635..7afe954023b 100644 --- a/csharp/ql/src/experimental/ir/implementation/unaliased_ssa/Instruction.qll +++ b/csharp/ql/src/experimental/ir/implementation/unaliased_ssa/Instruction.qll @@ -742,7 +742,7 @@ class NoOpInstruction extends Instruction { * The `ReturnInstruction` for a function will have a control-flow successor edge to a block * containing the `ExitFunction` instruction for that function. * - * There are two differet return instructions: `ReturnValueInstruction`, for returning a value from + * There are two different return instructions: `ReturnValueInstruction`, for returning a value from * a non-`void`-returning function, and `ReturnVoidInstruction`, for returning from a * `void`-returning function. */ @@ -1331,7 +1331,7 @@ class CheckedConvertOrThrowInstruction extends UnaryInstruction { * * If the operand holds a null address, the result is a null address. * - * This instruction is used to represent `dyanmic_cast` in C++, which returns the pointer to + * This instruction is used to represent `dynamic_cast` in C++, which returns the pointer to * the most-derived object. */ class CompleteObjectAddressInstruction extends UnaryInstruction { diff --git a/csharp/ql/src/experimental/ir/implementation/unaliased_ssa/internal/SSAConstruction.qll b/csharp/ql/src/experimental/ir/implementation/unaliased_ssa/internal/SSAConstruction.qll index d65ee10f402..efc927a05e6 100644 --- a/csharp/ql/src/experimental/ir/implementation/unaliased_ssa/internal/SSAConstruction.qll +++ b/csharp/ql/src/experimental/ir/implementation/unaliased_ssa/internal/SSAConstruction.qll @@ -64,7 +64,7 @@ private module Cached { or instr = reusedPhiInstruction(_) and // Check that the phi instruction is *not* degenerate, but we can't use - // getDegeneratePhiOperand in the first stage with phi instyructions + // getDegeneratePhiOperand in the first stage with phi instructions not exists( unique(OldIR::PhiInputOperand operand | operand = instr.(OldIR::PhiInstruction).getAnInputOperand() and @@ -718,7 +718,7 @@ module DefUse { } /** - * Gets the rank index of a hyphothetical use one instruction past the end of + * Gets the rank index of a hypothetical use one instruction past the end of * the block. This index can be used to determine if a definition reaches the * end of the block, even if the definition is the last instruction in the * block. diff --git a/csharp/ql/src/meta/frameworks/UnsupportedExternalAPIs.ql b/csharp/ql/src/meta/frameworks/UnsupportedExternalAPIs.ql index 1b19740e3ae..6332dfc515c 100644 --- a/csharp/ql/src/meta/frameworks/UnsupportedExternalAPIs.ql +++ b/csharp/ql/src/meta/frameworks/UnsupportedExternalAPIs.ql @@ -1,6 +1,6 @@ /** * @name Usage of unsupported external library API - * @description A call to an unsuppported external library API. + * @description A call to an unsupported external library API. * @kind problem * @problem.severity recommendation * @tags meta diff --git a/csharp/ql/src/utils/model-generator/internal/CaptureModels.qll b/csharp/ql/src/utils/model-generator/internal/CaptureModels.qll index 82c6fbd1bbb..82ac94c8fc4 100644 --- a/csharp/ql/src/utils/model-generator/internal/CaptureModels.qll +++ b/csharp/ql/src/utils/model-generator/internal/CaptureModels.qll @@ -247,7 +247,7 @@ string captureSource(DataFlowTargetApi api) { * A TaintTracking Configuration used for tracking flow through APIs. * The sources are the parameters of the API and the fields of the enclosing type. * - * This can be used to generate Sink summaries for APIs, if the API propgates a parameter (or enclosing type field) + * This can be used to generate Sink summaries for APIs, if the API propagates a parameter (or enclosing type field) * into an existing known sink (then the API itself becomes a sink). */ private class PropagateToSinkConfiguration extends PropagateToSinkConfigurationSpecific { diff --git a/csharp/ql/src/utils/model-generator/internal/CaptureModelsSpecific.qll b/csharp/ql/src/utils/model-generator/internal/CaptureModelsSpecific.qll index 3b0a33336c0..bd8b227e76f 100644 --- a/csharp/ql/src/utils/model-generator/internal/CaptureModelsSpecific.qll +++ b/csharp/ql/src/utils/model-generator/internal/CaptureModelsSpecific.qll @@ -131,7 +131,7 @@ private CS::Parameter getParameter(DataFlowImplCommon::ReturnNodeExt node, Param } /** - * Gets the CSV string represention of the the return node `node`. + * Gets the CSV string representation of the the return node `node`. */ string returnNodeAsOutput(DataFlowImplCommon::ReturnNodeExt node) { if node.getKind() instanceof DataFlowImplCommon::ValueReturnKind diff --git a/docs/codeql/codeql-cli/creating-codeql-query-suites.rst b/docs/codeql/codeql-cli/creating-codeql-query-suites.rst index c65e1c42ad4..b95412a6dc2 100644 --- a/docs/codeql/codeql-cli/creating-codeql-query-suites.rst +++ b/docs/codeql/codeql-cli/creating-codeql-query-suites.rst @@ -359,20 +359,6 @@ definition using ``query compile``, or use the queries in an analysis using ``database analyze``. For more information about analyzing CodeQL databases, see ":doc:`Analyzing databases with the CodeQL CLI `." -Viewing the query suites used on LGTM.com ------------------------------------------ - -The query suite definitions used to select queries to run on LGTM.com can be -found in the CodeQL repository. For example, to view the CodeQL queries for -JavaScript, visit -https://github.com/github/codeql/tree/main/javascript/ql/src/codeql-suites. - -These suite definitions apply reusable filter patterns to the queries -located in the standard CodeQL packs for each supported language. For more -information, see the `suite-helpers -`__ in the CodeQL -repository. - Further reading --------------- diff --git a/docs/codeql/codeql-cli/getting-started-with-the-codeql-cli.rst b/docs/codeql/codeql-cli/getting-started-with-the-codeql-cli.rst index b3ad59da2b5..af2fc646e95 100644 --- a/docs/codeql/codeql-cli/getting-started-with-the-codeql-cli.rst +++ b/docs/codeql/codeql-cli/getting-started-with-the-codeql-cli.rst @@ -143,6 +143,7 @@ up to create and analyze databases: - ``codeql/cpp-queries`` - ``codeql/csharp-queries`` + - ``codeql/go-queries`` - ``codeql/java-queries`` - ``codeql/javascript-queries`` - ``codeql/python-queries`` @@ -210,13 +211,9 @@ see ":doc:`About CodeQL packs `." There are different versions of the CodeQL queries available for different users. Check out the correct version for your use case: - - For the queries used on `LGTM.com `__, check out the - ``lgtm.com`` branch. You should use this branch for databases you've built - using the CodeQL CLI, fetched from code scanning on GitHub, or recently downloaded from LGTM.com. - The queries on the ``lgtm.com`` branch are more likely to be compatible - with the ``latest`` CLI, so you'll be less likely to have to upgrade - newly-created databases than if you use the ``main`` branch. Older databases - may need to be upgraded before you can analyze them. + - For the queries that are intended to be used with the latest CodeQL CLI release, check out the + branch tagged ``codeql-cli/latest``. You should use this branch for databases you've built + using the CodeQL CLI, fetched from code scanning on GitHub, or recently downloaded from GitHub.com. - For the most up to date CodeQL queries, check out the ``main`` branch. This branch represents the very latest version of CodeQL's analysis. @@ -268,7 +265,7 @@ Using two versions of the CodeQL CLI If you want to use the latest CodeQL features to execute queries or CodeQL tests, but also want to prepare databases that are compatible with a specific version of -LGTM Enterprise, you may need to install two versions of the CLI. The +CodeQL code scanning on GitHub Enterprise Server, you may need to install two versions of the CLI. The recommended directory setup depends on which versions you want to install: - If both versions are 2.0.2 (or newer), you can unpack both CLI archives in the diff --git a/docs/codeql/codeql-for-visual-studio-code/setting-up-codeql-in-visual-studio-code.rst b/docs/codeql/codeql-for-visual-studio-code/setting-up-codeql-in-visual-studio-code.rst index 5592992373b..f120518bd3f 100644 --- a/docs/codeql/codeql-for-visual-studio-code/setting-up-codeql-in-visual-studio-code.rst +++ b/docs/codeql/codeql-for-visual-studio-code/setting-up-codeql-in-visual-studio-code.rst @@ -21,7 +21,7 @@ You can install the CodeQL extension using any of the normal methods for install * Go to the `Visual Studio Code Marketplace `__ in your browser and click **Install**. * In the Extensions view (**Ctrl+Shift+X** or **Cmd+Shift+X**), search for ``CodeQL``, then select **Install**. -* Download the `CodeQL VSIX file `__. Then, in the Extensions view, click **More actions** > **Install from VSIX**, and select the CodeQL VSIX file. +* Download the `CodeQL VSIX file `__. Then, in the Extensions view, click the ellipsis representing the **Views and More Actions...** menu, select **Install from VSIX**, then select the CodeQL VSIX file. Configuring access to the CodeQL CLI ------------------------------------ diff --git a/docs/codeql/codeql-language-guides/codeql-library-for-ruby.rst b/docs/codeql/codeql-language-guides/codeql-library-for-ruby.rst index ad6ecdb591c..7db0028eb03 100644 --- a/docs/codeql/codeql-language-guides/codeql-library-for-ruby.rst +++ b/docs/codeql/codeql-language-guides/codeql-library-for-ruby.rst @@ -1,4 +1,4 @@ -.. codeql-library-for-ruby: +.. _codeql-library-for-ruby: CodeQL library for Ruby ======================= diff --git a/docs/codeql/ql-language-reference/expressions.rst b/docs/codeql/ql-language-reference/expressions.rst index eb1907b1a2c..2091c7628a3 100644 --- a/docs/codeql/ql-language-reference/expressions.rst +++ b/docs/codeql/ql-language-reference/expressions.rst @@ -571,7 +571,7 @@ If there had been two different prices for apples too, the monotonic Charles wants to buy a banana, which is not for sale at all. In the default case, the sum produced for Charles includes the cost of the -apple he *can* buy, but there's no line for Charles in the monontonic +apple he *can* buy, but there's no line for Charles in the monotonic ``sum`` output, because there *is no way* for Charles to buy one apple plus one banana. @@ -586,7 +586,7 @@ case: As long as there's no price for bananas, no output is produced for him. This means that if we later do learn of a banana price, we don't need to *remove* any output tuple already produced. The importance of this is that the monotonic aggregate behavior works well -with a fixpoint-based semantics for recursion, so it will be meaningul +with a fixpoint-based semantics for recursion, so it will be meaningful to let the ``getPrice`` predicate be mutually recursive with the count aggregate itself. (On the other hand, ``getFruit`` still cannot be allowed to be recursive, because adding another fruit to someone's diff --git a/docs/codeql/ql-language-reference/signatures.rst b/docs/codeql/ql-language-reference/signatures.rst index f7f08eaf3d6..619ed2c0ff5 100644 --- a/docs/codeql/ql-language-reference/signatures.rst +++ b/docs/codeql/ql-language-reference/signatures.rst @@ -22,8 +22,8 @@ Predicate signatures are defined much like predicates themselves, but they do no In detail, a predicate signature definition consists of: #. The keyword ``signature``. -#. The keyword ``predicate`` (allows subsitution with a :ref:`predicate without result `), - or the type of the result (allows subsitution with a :ref:`predicate with result `). +#. The keyword ``predicate`` (allows substitution with a :ref:`predicate without result `), + or the type of the result (allows substitution with a :ref:`predicate with result `). #. The name of the predicate signature. This is an `identifier `_ starting with a lowercase letter. #. The arguments to the predicate signature, if any, separated by commas. diff --git a/docs/codeql/support/reusables/frameworks.rst b/docs/codeql/support/reusables/frameworks.rst index fc5410648cf..b83b26f486a 100644 --- a/docs/codeql/support/reusables/frameworks.rst +++ b/docs/codeql/support/reusables/frameworks.rst @@ -221,11 +221,17 @@ and the CodeQL library pack ``codeql/python-all`` (`changelog `__, `source `__) +and the CodeQL library pack ``codeql/ruby-all`` (`changelog `__, `source `__). + +.. csv-table:: + :header-rows: 1 + :class: fullWidthTable + :widths: auto + + Name, Category + excon, HTTP client + faraday, HTTP client + http_client, HTTP client + httparty, HTTP client + libxml-ruby, XML processing library + nokogiri, XML processing library + open-uri, HTTP client + posix-spawn, Utility library + rest-client, HTTP client + Ruby on Rails, Web framework + rubyzip, Compression library + typhoeus, HTTP client + diff --git a/docs/codeql/support/reusables/versions-compilers.rst b/docs/codeql/support/reusables/versions-compilers.rst index fbf6b67ffb6..797c9980e0a 100644 --- a/docs/codeql/support/reusables/versions-compilers.rst +++ b/docs/codeql/support/reusables/versions-compilers.rst @@ -22,7 +22,7 @@ Eclipse compiler for Java (ECJ) [5]_",``.java`` JavaScript,ECMAScript 2022 or lower,Not applicable,"``.js``, ``.jsx``, ``.mjs``, ``.es``, ``.es6``, ``.htm``, ``.html``, ``.xhtm``, ``.xhtml``, ``.vue``, ``.hbs``, ``.ejs``, ``.njk``, ``.json``, ``.yaml``, ``.yml``, ``.raml``, ``.xml`` [6]_" Python [7]_,"2.7, 3.5, 3.6, 3.7, 3.8, 3.9, 3.10",Not applicable,``.py`` - Ruby [8]_,"up to 3.0.2",Not applicable,"``.rb``, ``.erb``, ``.gemspec``, ``Gemfile``" + Ruby [8]_,"up to 3.1",Not applicable,"``.rb``, ``.erb``, ``.gemspec``, ``Gemfile``" TypeScript [9]_,"2.6-4.8",Standard TypeScript compiler,"``.ts``, ``.tsx``, ``.mts``, ``.cts``" .. container:: footnote-group diff --git a/docs/codeql/writing-codeql-queries/about-codeql-queries.rst b/docs/codeql/writing-codeql-queries/about-codeql-queries.rst index 61d81bf6f3e..6dc9c126cec 100644 --- a/docs/codeql/writing-codeql-queries/about-codeql-queries.rst +++ b/docs/codeql/writing-codeql-queries/about-codeql-queries.rst @@ -47,15 +47,14 @@ Query metadata Query metadata is used to identify your custom queries when they are added to the GitHub repository or used in your analysis. Metadata provides information about the query's purpose, and also specifies how to interpret and display the query results. For a full list of metadata properties, see ":doc:`Metadata for CodeQL queries `." The exact metadata requirement depends on how you are going to run your query: - If you are contributing a query to the GitHub repository, please read the `query metadata style guide `__. -- If you are adding a custom query to a query pack for analysis using LGTM , see `Writing custom queries to include in LGTM analysis `__. - If you are analyzing a database using the :ref:`CodeQL CLI `, your query metadata must contain ``@kind``. -- If you are running a query in the query console on LGTM or with the CodeQL extension for VS Code, metadata is not mandatory. However, if you want your results to be displayed as either an 'alert' or a 'path', you must specify the correct ``@kind`` property, as explained below. For more information, see `Using the query console `__ on LGTM.com and ":ref:`Analyzing your projects `" in the CodeQL for VS Code help. +- If you are running a query with the CodeQL extension for VS Code, metadata is not mandatory. However, if you want your results to be displayed as either an 'alert' or a 'path', you must specify the correct ``@kind`` property, as explained below. For more information, see ":ref:`Analyzing your projects `" in the CodeQL for VS Code help. .. pull-quote:: Note - Queries that are contributed to the open source repository, added to a query pack in LGTM, or used to analyze a database with the :ref:`CodeQL CLI ` must have a query type (``@kind``) specified. The ``@kind`` property indicates how to interpret and display the results of the query analysis: + Queries that are contributed to the open source repository, or used to analyze a database with the :ref:`CodeQL CLI ` must have a query type (``@kind``) specified. The ``@kind`` property indicates how to interpret and display the results of the query analysis: - Alert query metadata must contain ``@kind problem`` to identify the results as a simple alert. - Path query metadata must contain ``@kind path-problem`` to identify the results as an alert documented by a sequence of code locations. @@ -70,14 +69,16 @@ Import statements Each query generally contains one or more ``import`` statements, which define the :ref:`libraries ` or :ref:`modules ` to import into the query. Libraries and modules provide a way of grouping together related :ref:`types `, :ref:`predicates `, and other modules. The contents of each library or module that you import can then be accessed by the query. Our `open source repository on GitHub `__ contains the standard CodeQL libraries for each supported language. -When writing your own alert queries, you would typically import the standard library for the language of the project that you are querying, using ``import`` followed by a language: +When writing your own alert queries, you would typically import the standard library for the language of the project that you are querying. For more information about importing the standard CodeQL libraries, see the CodeQL library guides: -- C/C++: ``cpp`` -- C#: ``csharp`` -- Go: ``go`` -- Java: ``java`` -- JavaScript/TypeScript: ``javascript`` -- Python: ``python`` +- :ref:`CodeQL library guide for C and C++ ` +- :ref:`CodeQL library guide for C# ` +- :ref:`CodeQL library guide for Go ` +- :ref:`CodeQL library guide for Java ` +- :ref:`CodeQL library guide for JavaScript ` +- :ref:`CodeQL library guide for Python ` +- :ref:`CodeQL library guide for Ruby ` +- :ref:`CodeQL library guide for TypeScript ` There are also libraries containing commonly used predicates, types, and other modules associated with different analyses, including data flow, control flow, and taint-tracking. In order to calculate path graphs, path queries require you to import a data flow library into the query file. For more information, see ":doc:`Creating path queries `." @@ -129,7 +130,7 @@ Contributing queries ******************** Contributions to the standard queries and libraries are very welcome. For more information, see our `contributing guidelines `__. -If you are contributing a query to the open source GitHub repository, writing a custom query for LGTM, or using a custom query in an analysis with the CodeQL CLI, then you need to include extra metadata in your query to ensure that the query results are interpreted and displayed correctly. See the following topics for more information on query metadata: +If you are contributing a query to the open source GitHub repository or using a custom query in an analysis with the CodeQL CLI, then you need to include extra metadata in your query to ensure that the query results are interpreted and displayed correctly. See the following topics for more information on query metadata: - ":doc:`Metadata for CodeQL queries `" - `Query metadata style guide on GitHub `__ diff --git a/docs/codeql/writing-codeql-queries/creating-path-queries.rst b/docs/codeql/writing-codeql-queries/creating-path-queries.rst index c41b67d427c..3be8823470c 100644 --- a/docs/codeql/writing-codeql-queries/creating-path-queries.rst +++ b/docs/codeql/writing-codeql-queries/creating-path-queries.rst @@ -18,7 +18,7 @@ This topic provides information on how to structure a path query file so you can Note - The alerts generated by path queries are displayed by default in `LGTM `__ and included in the results generated using the :ref:`CodeQL CLI `. You can also view the path explanations generated by your path query `directly in LGTM `__ or in the CodeQL :ref:`extension for VS Code `. + The alerts generated by path queries are included in the results generated using the :ref:`CodeQL CLI ` and in `code scanning `__. You can also view the path explanations generated by your path query in the :ref:`CodeQL extension for VS Code `. To learn more about modeling data flow with CodeQL, see ":doc:`About data flow analysis `." @@ -155,7 +155,7 @@ Select clauses for path queries consist of four 'columns', with the following st select element, source, sink, string The ``element`` and ``string`` columns represent the location of the alert and the alert message respectively, as explained in ":doc:`About CodeQL queries `." The second and third columns, ``source`` and ``sink``, are nodes on the path graph selected by the query. -Each result generated by your query is displayed at a single location in the same way as an alert query. Additionally, each result also has an associated path, which can be viewed in LGTM or in the :ref:`CodeQL extension for VS Code `. +Each result generated by your query is displayed at a single location in the same way as an alert query. Additionally, each result also has an associated path, which can be viewed in the :ref:`CodeQL extension for VS Code `. The ``element`` that you select in the first column depends on the purpose of the query and the type of issue that it is designed to find. This is particularly important for security issues. For example, if you believe the ``source`` value to be globally invalid or malicious it may be best to display the alert at the ``source``. In contrast, you should consider displaying the alert at the ``sink`` if you believe it is the element that requires sanitization. diff --git a/docs/codeql/writing-codeql-queries/query-help-files.rst b/docs/codeql/writing-codeql-queries/query-help-files.rst index 60c37fce84f..3dffae2185c 100644 --- a/docs/codeql/writing-codeql-queries/query-help-files.rst +++ b/docs/codeql/writing-codeql-queries/query-help-files.rst @@ -16,10 +16,7 @@ For more information about how to write useful query help in a style that is con You can access the query help for CodeQL queries by visiting `CodeQL query help `__. You can also access the raw query help files in the `GitHub repository `__. For example, see the `JavaScript security queries `__ and `C/C++ critical queries `__. - - For queries run by default on LGTM, there are several different ways to access the query help. For further information, see `Where do I see the query help for a query on LGTM? `__ in the LGTM user help. - - + Overview ======== diff --git a/go/ql/src/Security/CWE-322/InsecureHostKeyCallback.qhelp b/go/ql/src/Security/CWE-322/InsecureHostKeyCallback.qhelp index 02fa1e6bc8d..ce4872fa66c 100644 --- a/go/ql/src/Security/CWE-322/InsecureHostKeyCallback.qhelp +++ b/go/ql/src/Security/CWE-322/InsecureHostKeyCallback.qhelp @@ -30,7 +30,7 @@ When the allow list contains only a single host key then the function Fixe -

    The following example shows the use of InsecureIgnoreHostKey and an insecure host key callback implemention commonly used in non-production code.

    +

    The following example shows the use of InsecureIgnoreHostKey and an insecure host key callback implementation commonly used in non-production code.

    diff --git a/go/ql/src/experimental/CWE-321/HardcodedKeys.qhelp b/go/ql/src/experimental/CWE-321/HardcodedKeys.qhelp index b641cbda184..ddbb4572eae 100644 --- a/go/ql/src/experimental/CWE-321/HardcodedKeys.qhelp +++ b/go/ql/src/experimental/CWE-321/HardcodedKeys.qhelp @@ -18,7 +18,7 @@

    - Generating a cryptograhically secure secret key during application initialization and using this generated key for future JWT signing requests can prevent this vulnerability. + Generating a cryptographically secure secret key during application initialization and using this generated key for future JWT signing requests can prevent this vulnerability.

    diff --git a/go/ql/src/experimental/CWE-369/DivideByZero.qhelp b/go/ql/src/experimental/CWE-369/DivideByZero.qhelp index ae39d1df890..dc5cb2cf205 100644 --- a/go/ql/src/experimental/CWE-369/DivideByZero.qhelp +++ b/go/ql/src/experimental/CWE-369/DivideByZero.qhelp @@ -18,7 +18,7 @@ possibly causing a divide-by-zero panic.

    -This can be fixed by testing the divisor against against zero: +This can be fixed by testing the divisor against zero:

    diff --git a/go/ql/src/experimental/CWE-918/SSRF.qhelp b/go/ql/src/experimental/CWE-918/SSRF.qhelp index 7eeeabb68f6..ea37350698e 100644 --- a/go/ql/src/experimental/CWE-918/SSRF.qhelp +++ b/go/ql/src/experimental/CWE-918/SSRF.qhelp @@ -14,7 +14,7 @@ server side request forgery attacks, where the attacker controls the request tar

    To guard against server side request forgery, it is advisable to avoid putting user input directly into a network request. If using user input is necessary, then it must be validated. It is recommended to only allow -user input consisting of alphanumeric characters. Simply URL-encoding other chracters is not always a solution, +user input consisting of alphanumeric characters. Simply URL-encoding other characters is not always a solution, for example because a downstream entity that is itself vulnerable may decode again before forwarding the request.

    diff --git a/go/ql/test/experimental/CWE-942/CorsMisconfiguration.go b/go/ql/test/experimental/CWE-942/CorsMisconfiguration.go index cac752dbcb2..5e6bf92ddcf 100644 --- a/go/ql/test/experimental/CWE-942/CorsMisconfiguration.go +++ b/go/ql/test/experimental/CWE-942/CorsMisconfiguration.go @@ -120,7 +120,7 @@ func main() { } }) http.HandleFunc("/", func(w http.ResponseWriter, req *http.Request) { - // OK-ish: the input origin header is validated agains a whitelist. + // OK-ish: the input origin header is validated against a whitelist. responseHeader := w.Header() { origin := req.Header.Get("origin") @@ -137,7 +137,7 @@ func main() { }) http.HandleFunc("/", func(w http.ResponseWriter, req *http.Request) { originSuffix := ".example.com" - // OK-ish: the input origin header is validated agains a suffix. + // OK-ish: the input origin header is validated against a suffix. origin := req.Header.Get("Origin") if origin != "" && (originSuffix == "" || strings.HasSuffix(origin, originSuffix)) { w.Header().Set("Access-Control-Allow-Origin", origin) @@ -152,7 +152,7 @@ func main() { }) http.HandleFunc("/", func(w http.ResponseWriter, req *http.Request) { originSuffix := ".example.com" - // OK-ish: the input origin header is validated agains a whitelist. + // OK-ish: the input origin header is validated against a whitelist. origin := req.Header.Get("Origin") if origin != "" && (originSuffix == "" || AccessControlAllowOrigins[origin]) { w.Header().Set("Access-Control-Allow-Origin", origin) @@ -166,7 +166,7 @@ func main() { } }) http.HandleFunc("/", func(w http.ResponseWriter, req *http.Request) { - // OK-ish: the input origin header is validated agains a whitelist. + // OK-ish: the input origin header is validated against a whitelist. origin := req.Header.Get("origin") if origin != "" && origin != "null" { if len(AccessControlAllowOrigins) == 0 || AccessControlAllowOrigins[origin] { @@ -178,7 +178,7 @@ func main() { } }) // http.HandleFunc("/", func(w http.ResponseWriter, req *http.Request) { - // // OK-ish: the input origin header is validated agains a whitelist. + // // OK-ish: the input origin header is validated against a whitelist. // origin := req.Header.Get("origin") // if origin != "" && origin != "null" { // if _, ok := AccessControlAllowOrigins[origin]; ok { @@ -190,7 +190,7 @@ func main() { // } // }) http.HandleFunc("/", func(w http.ResponseWriter, req *http.Request) { - // OK-ish: the input origin header is validated agains a whitelist. + // OK-ish: the input origin header is validated against a whitelist. if origin := req.Header.Get("Origin"); cors[origin] { w.Header().Set("Access-Control-Allow-Origin", origin) } else if len(origin) > 0 && cors["*"] { @@ -202,7 +202,7 @@ func main() { w.Header().Set("Access-Control-Allow-Credentials", "true") }) http.HandleFunc("/", func(w http.ResponseWriter, req *http.Request) { - // OK-ish: the input origin header is validated agains a whitelist. + // OK-ish: the input origin header is validated against a whitelist. origin := req.Header.Get("origin") for _, v := range GetAllowOrigin() { if v == origin { diff --git a/go/ql/test/query-tests/Security/CWE-918/websocket.go b/go/ql/test/query-tests/Security/CWE-918/websocket.go index db613fe5fa5..328200770ae 100644 --- a/go/ql/test/query-tests/Security/CWE-918/websocket.go +++ b/go/ql/test/query-tests/Security/CWE-918/websocket.go @@ -96,7 +96,7 @@ func test() { http.HandleFunc("/ex5", func(w http.ResponseWriter, r *http.Request) { untrustedInput := r.Referer() - // good as input is tested againt regex + // good as input is tested against regex if m, _ := regexp.MatchString("ws://localhost:12345/*", untrustedInput); m { nhooyr.Dial(context.TODO(), untrustedInput, nil) } diff --git a/java/downgrades/709f1d1fd04ffd9bbcf242f17b120f8a389949bd/hasModifier.ql b/java/downgrades/709f1d1fd04ffd9bbcf242f17b120f8a389949bd/hasModifier.ql new file mode 100644 index 00000000000..0d1c2f3514b --- /dev/null +++ b/java/downgrades/709f1d1fd04ffd9bbcf242f17b120f8a389949bd/hasModifier.ql @@ -0,0 +1,19 @@ +class Modifier extends @modifier { + string toString() { none() } +} + +class TypeVariable extends @typevariable { + string toString() { none() } +} + +class Modified extends @modifiable { + Modified() { hasModifier(this, _) } + + string toString() { none() } +} + +from Modified m1, Modifier m2 +where + hasModifier(m1, m2) and + not m1 instanceof TypeVariable +select m1, m2 diff --git a/java/downgrades/709f1d1fd04ffd9bbcf242f17b120f8a389949bd/modifiers.ql b/java/downgrades/709f1d1fd04ffd9bbcf242f17b120f8a389949bd/modifiers.ql new file mode 100644 index 00000000000..baa997f7fd8 --- /dev/null +++ b/java/downgrades/709f1d1fd04ffd9bbcf242f17b120f8a389949bd/modifiers.ql @@ -0,0 +1,11 @@ +class Modifier extends @modifier { + string toString() { none() } + + string getName() { modifiers(this, result) } +} + +from Modifier m, string s +where + s = m.getName() and + not s in ["in", "out", "reified"] +select m, m.getName() diff --git a/java/downgrades/709f1d1fd04ffd9bbcf242f17b120f8a389949bd/old.dbscheme b/java/downgrades/709f1d1fd04ffd9bbcf242f17b120f8a389949bd/old.dbscheme new file mode 100644 index 00000000000..709f1d1fd04 --- /dev/null +++ b/java/downgrades/709f1d1fd04ffd9bbcf242f17b120f8a389949bd/old.dbscheme @@ -0,0 +1,1240 @@ +/** + * An invocation of the compiler. Note that more than one file may be + * compiled per invocation. For example, this command compiles three + * source files: + * + * javac A.java B.java C.java + * + * The `id` simply identifies the invocation, while `cwd` is the working + * directory from which the compiler was invoked. + */ +compilations( + /** + * An invocation of the compiler. Note that more than one file may + * be compiled per invocation. For example, this command compiles + * three source files: + * + * javac A.java B.java C.java + */ + unique int id : @compilation, + int kind: int ref, + string cwd : string ref, + string name : string ref +); + +case @compilation.kind of + 1 = @javacompilation +| 2 = @kotlincompilation +; + +compilation_started( + int id : @compilation ref +) + +/** + * The arguments that were passed to the extractor for a compiler + * invocation. If `id` is for the compiler invocation + * + * javac A.java B.java C.java + * + * then typically there will be rows for + * + * num | arg + * --- | --- + * 0 | *path to extractor* + * 1 | `--javac-args` + * 2 | A.java + * 3 | B.java + * 4 | C.java + */ +#keyset[id, num] +compilation_args( + int id : @compilation ref, + int num : int ref, + string arg : string ref +); + +/** + * The source files that are compiled by a compiler invocation. + * If `id` is for the compiler invocation + * + * javac A.java B.java C.java + * + * then there will be rows for + * + * num | arg + * --- | --- + * 0 | A.java + * 1 | B.java + * 2 | C.java + */ +#keyset[id, num] +compilation_compiling_files( + int id : @compilation ref, + int num : int ref, + int file : @file ref +); + +/** + * For each file recorded in `compilation_compiling_files`, + * there will be a corresponding row in + * `compilation_compiling_files_completed` once extraction + * of that file is complete. The `result` will indicate the + * extraction result: + * + * 0: Successfully extracted + * 1: Errors were encountered, but extraction recovered + * 2: Errors were encountered, and extraction could not recover + */ +#keyset[id, num] +compilation_compiling_files_completed( + int id : @compilation ref, + int num : int ref, + int result : int ref +); + +/** + * The time taken by the extractor for a compiler invocation. + * + * For each file `num`, there will be rows for + * + * kind | seconds + * ---- | --- + * 1 | CPU seconds used by the extractor frontend + * 2 | Elapsed seconds during the extractor frontend + * 3 | CPU seconds used by the extractor backend + * 4 | Elapsed seconds during the extractor backend + */ +#keyset[id, num, kind] +compilation_time( + int id : @compilation ref, + int num : int ref, + /* kind: + 1 = frontend_cpu_seconds + 2 = frontend_elapsed_seconds + 3 = extractor_cpu_seconds + 4 = extractor_elapsed_seconds + */ + int kind : int ref, + float seconds : float ref +); + +/** + * An error or warning generated by the extractor. + * The diagnostic message `diagnostic` was generated during compiler + * invocation `compilation`, and is the `file_number_diagnostic_number`th + * message generated while extracting the `file_number`th file of that + * invocation. + */ +#keyset[compilation, file_number, file_number_diagnostic_number] +diagnostic_for( + unique int diagnostic : @diagnostic ref, + int compilation : @compilation ref, + int file_number : int ref, + int file_number_diagnostic_number : int ref +); + +/** + * The `cpu_seconds` and `elapsed_seconds` are the CPU time and elapsed + * time (respectively) that the original compilation (not the extraction) + * took for compiler invocation `id`. + */ +compilation_compiler_times( + unique int id : @compilation ref, + float cpu_seconds : float ref, + float elapsed_seconds : float ref +); + +/** + * If extraction was successful, then `cpu_seconds` and + * `elapsed_seconds` are the CPU time and elapsed time (respectively) + * that extraction took for compiler invocation `id`. + * The `result` will indicate the extraction result: + * + * 0: Successfully extracted + * 1: Errors were encountered, but extraction recovered + * 2: Errors were encountered, and extraction could not recover + */ +compilation_finished( + unique int id : @compilation ref, + float cpu_seconds : float ref, + float elapsed_seconds : float ref, + int result : int ref +); + +diagnostics( + unique int id: @diagnostic, + string generated_by: string ref, // TODO: Sync this with the other languages? + int severity: int ref, + string error_tag: string ref, + string error_message: string ref, + string full_error_message: string ref, + int location: @location_default ref +); + +/* + * External artifacts + */ + +externalData( + int id : @externalDataElement, + string path : string ref, + int column: int ref, + string value : string ref +); + +snapshotDate( + unique date snapshotDate : date ref +); + +sourceLocationPrefix( + string prefix : string ref +); + +/* + * Duplicate code + */ + +duplicateCode( + unique int id : @duplication, + string relativePath : string ref, + int equivClass : int ref +); + +similarCode( + unique int id : @similarity, + string relativePath : string ref, + int equivClass : int ref +); + +@duplication_or_similarity = @duplication | @similarity + +tokens( + int id : @duplication_or_similarity ref, + int offset : int ref, + int beginLine : int ref, + int beginColumn : int ref, + int endLine : int ref, + int endColumn : int ref +); + +/* + * SMAP + */ + +smap_header( + int outputFileId: @file ref, + string outputFilename: string ref, + string defaultStratum: string ref +); + +smap_files( + int outputFileId: @file ref, + string stratum: string ref, + int inputFileNum: int ref, + string inputFileName: string ref, + int inputFileId: @file ref +); + +smap_lines( + int outputFileId: @file ref, + string stratum: string ref, + int inputFileNum: int ref, + int inputStartLine: int ref, + int inputLineCount: int ref, + int outputStartLine: int ref, + int outputLineIncrement: int ref +); + +/* + * Locations and files + */ + +@location = @location_default ; + +locations_default( + unique int id: @location_default, + int file: @file ref, + int beginLine: int ref, + int beginColumn: int ref, + int endLine: int ref, + int endColumn: int ref +); + +hasLocation( + int locatableid: @locatable ref, + int id: @location ref +); + +@sourceline = @locatable ; + +#keyset[element_id] +numlines( + int element_id: @sourceline ref, + int num_lines: int ref, + int num_code: int ref, + int num_comment: int ref +); + +files( + unique int id: @file, + string name: string ref +); + +folders( + unique int id: @folder, + string name: string ref +); + +@container = @folder | @file + +containerparent( + int parent: @container ref, + unique int child: @container ref +); + +/* + * Java + */ + +cupackage( + unique int id: @file ref, + int packageid: @package ref +); + +#keyset[fileid,keyName] +jarManifestMain( + int fileid: @file ref, + string keyName: string ref, + string value: string ref +); + +#keyset[fileid,entryName,keyName] +jarManifestEntries( + int fileid: @file ref, + string entryName: string ref, + string keyName: string ref, + string value: string ref +); + +packages( + unique int id: @package, + string nodeName: string ref +); + +primitives( + unique int id: @primitive, + string nodeName: string ref +); + +modifiers( + unique int id: @modifier, + string nodeName: string ref +); + +/** + * An errortype is used when the extractor is unable to extract a type + * correctly for some reason. + */ +error_type( + unique int id: @errortype +); + +classes( + unique int id: @class, + string nodeName: string ref, + int parentid: @package ref, + int sourceid: @class ref +); + +file_class( + int id: @class ref +); + +class_object( + unique int id: @class ref, + unique int instance: @field ref +); + +type_companion_object( + unique int id: @classorinterface ref, + unique int instance: @field ref, + unique int companion_object: @class ref +); + +kt_nullable_types( + unique int id: @kt_nullable_type, + int classid: @reftype ref +) + +kt_notnull_types( + unique int id: @kt_notnull_type, + int classid: @reftype ref +) + +kt_type_alias( + unique int id: @kt_type_alias, + string name: string ref, + int kttypeid: @kt_type ref +) + +@kt_type = @kt_nullable_type | @kt_notnull_type + +isRecord( + unique int id: @class ref +); + +interfaces( + unique int id: @interface, + string nodeName: string ref, + int parentid: @package ref, + int sourceid: @interface ref +); + +fielddecls( + unique int id: @fielddecl, + int parentid: @reftype ref +); + +#keyset[fieldId] #keyset[fieldDeclId,pos] +fieldDeclaredIn( + int fieldId: @field ref, + int fieldDeclId: @fielddecl ref, + int pos: int ref +); + +fields( + unique int id: @field, + string nodeName: string ref, + int typeid: @type ref, + int parentid: @reftype ref, + int sourceid: @field ref +); + +fieldsKotlinType( + unique int id: @field ref, + int kttypeid: @kt_type ref +); + +constrs( + unique int id: @constructor, + string nodeName: string ref, + string signature: string ref, + int typeid: @type ref, + int parentid: @reftype ref, + int sourceid: @constructor ref +); + +constrsKotlinType( + unique int id: @constructor ref, + int kttypeid: @kt_type ref +); + +methods( + unique int id: @method, + string nodeName: string ref, + string signature: string ref, + int typeid: @type ref, + int parentid: @reftype ref, + int sourceid: @method ref +); + +methodsKotlinType( + unique int id: @method ref, + int kttypeid: @kt_type ref +); + +#keyset[parentid,pos] +params( + unique int id: @param, + int typeid: @type ref, + int pos: int ref, + int parentid: @callable ref, + int sourceid: @param ref +); + +paramsKotlinType( + unique int id: @param ref, + int kttypeid: @kt_type ref +); + +paramName( + unique int id: @param ref, + string nodeName: string ref +); + +isVarargsParam( + int param: @param ref +); + +exceptions( + unique int id: @exception, + int typeid: @type ref, + int parentid: @callable ref +); + +isAnnotType( + int interfaceid: @interface ref +); + +isAnnotElem( + int methodid: @method ref +); + +annotValue( + int parentid: @annotation ref, + int id2: @method ref, + unique int value: @expr ref +); + +isEnumType( + int classid: @class ref +); + +isEnumConst( + int fieldid: @field ref +); + +#keyset[parentid,pos] +typeVars( + unique int id: @typevariable, + string nodeName: string ref, + int pos: int ref, + int kind: int ref, // deprecated + int parentid: @classorinterfaceorcallable ref +); + +wildcards( + unique int id: @wildcard, + string nodeName: string ref, + int kind: int ref +); + +#keyset[parentid,pos] +typeBounds( + unique int id: @typebound, + int typeid: @reftype ref, + int pos: int ref, + int parentid: @boundedtype ref +); + +#keyset[parentid,pos] +typeArgs( + int argumentid: @reftype ref, + int pos: int ref, + int parentid: @classorinterfaceorcallable ref +); + +isParameterized( + int memberid: @member ref +); + +isRaw( + int memberid: @member ref +); + +erasure( + unique int memberid: @member ref, + int erasureid: @member ref +); + +#keyset[classid] #keyset[parent] +isAnonymClass( + int classid: @class ref, + int parent: @classinstancexpr ref +); + +#keyset[typeid] #keyset[parent] +isLocalClassOrInterface( + int typeid: @classorinterface ref, + int parent: @localtypedeclstmt ref +); + +isDefConstr( + int constructorid: @constructor ref +); + +#keyset[exprId] +lambdaKind( + int exprId: @lambdaexpr ref, + int bodyKind: int ref +); + +arrays( + unique int id: @array, + string nodeName: string ref, + int elementtypeid: @type ref, + int dimension: int ref, + int componenttypeid: @type ref +); + +enclInReftype( + unique int child: @reftype ref, + int parent: @reftype ref +); + +extendsReftype( + int id1: @reftype ref, + int id2: @classorinterface ref +); + +implInterface( + int id1: @classorarray ref, + int id2: @interface ref +); + +permits( + int id1: @classorinterface ref, + int id2: @classorinterface ref +); + +hasModifier( + int id1: @modifiable ref, + int id2: @modifier ref +); + +imports( + unique int id: @import, + int holder: @classorinterfaceorpackage ref, + string name: string ref, + int kind: int ref +); + +#keyset[parent,idx] +stmts( + unique int id: @stmt, + int kind: int ref, + int parent: @stmtparent ref, + int idx: int ref, + int bodydecl: @callable ref +); + +@stmtparent = @callable | @stmt | @switchexpr | @whenexpr| @stmtexpr; + +case @stmt.kind of + 0 = @block +| 1 = @ifstmt +| 2 = @forstmt +| 3 = @enhancedforstmt +| 4 = @whilestmt +| 5 = @dostmt +| 6 = @trystmt +| 7 = @switchstmt +| 8 = @synchronizedstmt +| 9 = @returnstmt +| 10 = @throwstmt +| 11 = @breakstmt +| 12 = @continuestmt +| 13 = @emptystmt +| 14 = @exprstmt +| 15 = @labeledstmt +| 16 = @assertstmt +| 17 = @localvariabledeclstmt +| 18 = @localtypedeclstmt +| 19 = @constructorinvocationstmt +| 20 = @superconstructorinvocationstmt +| 21 = @case +| 22 = @catchclause +| 23 = @yieldstmt +| 24 = @errorstmt +| 25 = @whenbranch +; + +#keyset[parent,idx] +exprs( + unique int id: @expr, + int kind: int ref, + int typeid: @type ref, + int parent: @exprparent ref, + int idx: int ref +); + +exprsKotlinType( + unique int id: @expr ref, + int kttypeid: @kt_type ref +); + +callableEnclosingExpr( + unique int id: @expr ref, + int callable_id: @callable ref +); + +statementEnclosingExpr( + unique int id: @expr ref, + int statement_id: @stmt ref +); + +isParenthesized( + unique int id: @expr ref, + int parentheses: int ref +); + +case @expr.kind of + 1 = @arrayaccess +| 2 = @arraycreationexpr +| 3 = @arrayinit +| 4 = @assignexpr +| 5 = @assignaddexpr +| 6 = @assignsubexpr +| 7 = @assignmulexpr +| 8 = @assigndivexpr +| 9 = @assignremexpr +| 10 = @assignandexpr +| 11 = @assignorexpr +| 12 = @assignxorexpr +| 13 = @assignlshiftexpr +| 14 = @assignrshiftexpr +| 15 = @assignurshiftexpr +| 16 = @booleanliteral +| 17 = @integerliteral +| 18 = @longliteral +| 19 = @floatingpointliteral +| 20 = @doubleliteral +| 21 = @characterliteral +| 22 = @stringliteral +| 23 = @nullliteral +| 24 = @mulexpr +| 25 = @divexpr +| 26 = @remexpr +| 27 = @addexpr +| 28 = @subexpr +| 29 = @lshiftexpr +| 30 = @rshiftexpr +| 31 = @urshiftexpr +| 32 = @andbitexpr +| 33 = @orbitexpr +| 34 = @xorbitexpr +| 35 = @andlogicalexpr +| 36 = @orlogicalexpr +| 37 = @ltexpr +| 38 = @gtexpr +| 39 = @leexpr +| 40 = @geexpr +| 41 = @eqexpr +| 42 = @neexpr +| 43 = @postincexpr +| 44 = @postdecexpr +| 45 = @preincexpr +| 46 = @predecexpr +| 47 = @minusexpr +| 48 = @plusexpr +| 49 = @bitnotexpr +| 50 = @lognotexpr +| 51 = @castexpr +| 52 = @newexpr +| 53 = @conditionalexpr +| 54 = @parexpr // deprecated +| 55 = @instanceofexpr +| 56 = @localvariabledeclexpr +| 57 = @typeliteral +| 58 = @thisaccess +| 59 = @superaccess +| 60 = @varaccess +| 61 = @methodaccess +| 62 = @unannotatedtypeaccess +| 63 = @arraytypeaccess +| 64 = @packageaccess +| 65 = @wildcardtypeaccess +| 66 = @declannotation +| 67 = @uniontypeaccess +| 68 = @lambdaexpr +| 69 = @memberref +| 70 = @annotatedtypeaccess +| 71 = @typeannotation +| 72 = @intersectiontypeaccess +| 73 = @switchexpr +| 74 = @errorexpr +| 75 = @whenexpr +| 76 = @getclassexpr +| 77 = @safecastexpr +| 78 = @implicitcastexpr +| 79 = @implicitnotnullexpr +| 80 = @implicitcoerciontounitexpr +| 81 = @notinstanceofexpr +| 82 = @stmtexpr +| 83 = @stringtemplateexpr +| 84 = @notnullexpr +| 85 = @unsafecoerceexpr +| 86 = @valueeqexpr +| 87 = @valueneexpr +| 88 = @propertyref +; + +/** Holds if this `when` expression was written as an `if` expression. */ +when_if(unique int id: @whenexpr ref); + +/** Holds if this `when` branch was written as an `else` branch. */ +when_branch_else(unique int id: @whenbranch ref); + +@classinstancexpr = @newexpr | @lambdaexpr | @memberref | @propertyref + +@annotation = @declannotation | @typeannotation +@typeaccess = @unannotatedtypeaccess | @annotatedtypeaccess + +@assignment = @assignexpr + | @assignop; + +@unaryassignment = @postincexpr + | @postdecexpr + | @preincexpr + | @predecexpr; + +@assignop = @assignaddexpr + | @assignsubexpr + | @assignmulexpr + | @assigndivexpr + | @assignremexpr + | @assignandexpr + | @assignorexpr + | @assignxorexpr + | @assignlshiftexpr + | @assignrshiftexpr + | @assignurshiftexpr; + +@literal = @booleanliteral + | @integerliteral + | @longliteral + | @floatingpointliteral + | @doubleliteral + | @characterliteral + | @stringliteral + | @nullliteral; + +@binaryexpr = @mulexpr + | @divexpr + | @remexpr + | @addexpr + | @subexpr + | @lshiftexpr + | @rshiftexpr + | @urshiftexpr + | @andbitexpr + | @orbitexpr + | @xorbitexpr + | @andlogicalexpr + | @orlogicalexpr + | @ltexpr + | @gtexpr + | @leexpr + | @geexpr + | @eqexpr + | @neexpr + | @valueeqexpr + | @valueneexpr; + +@unaryexpr = @postincexpr + | @postdecexpr + | @preincexpr + | @predecexpr + | @minusexpr + | @plusexpr + | @bitnotexpr + | @lognotexpr + | @notnullexpr; + +@caller = @classinstancexpr + | @methodaccess + | @constructorinvocationstmt + | @superconstructorinvocationstmt; + +callableBinding( + unique int callerid: @caller ref, + int callee: @callable ref +); + +memberRefBinding( + unique int id: @expr ref, + int callable: @callable ref +); + +propertyRefGetBinding( + unique int id: @expr ref, + int getter: @callable ref +); + +propertyRefFieldBinding( + unique int id: @expr ref, + int field: @field ref +); + +propertyRefSetBinding( + unique int id: @expr ref, + int setter: @callable ref +); + +@exprparent = @stmt | @expr | @whenbranch | @callable | @field | @fielddecl | @class | @interface | @param | @localvar | @typevariable; + +variableBinding( + unique int expr: @varaccess ref, + int variable: @variable ref +); + +@variable = @localscopevariable | @field; + +@localscopevariable = @localvar | @param; + +localvars( + unique int id: @localvar, + string nodeName: string ref, + int typeid: @type ref, + int parentid: @localvariabledeclexpr ref +); + +localvarsKotlinType( + unique int id: @localvar ref, + int kttypeid: @kt_type ref +); + +@namedexprorstmt = @breakstmt + | @continuestmt + | @labeledstmt + | @literal; + +namestrings( + string name: string ref, + string value: string ref, + unique int parent: @namedexprorstmt ref +); + +/* + * Modules + */ + +#keyset[name] +modules( + unique int id: @module, + string name: string ref +); + +isOpen( + int id: @module ref +); + +#keyset[fileId] +cumodule( + int fileId: @file ref, + int moduleId: @module ref +); + +@directive = @requires + | @exports + | @opens + | @uses + | @provides + +#keyset[directive] +directives( + int id: @module ref, + int directive: @directive ref +); + +requires( + unique int id: @requires, + int target: @module ref +); + +isTransitive( + int id: @requires ref +); + +isStatic( + int id: @requires ref +); + +exports( + unique int id: @exports, + int target: @package ref +); + +exportsTo( + int id: @exports ref, + int target: @module ref +); + +opens( + unique int id: @opens, + int target: @package ref +); + +opensTo( + int id: @opens ref, + int target: @module ref +); + +uses( + unique int id: @uses, + string serviceInterface: string ref +); + +provides( + unique int id: @provides, + string serviceInterface: string ref +); + +providesWith( + int id: @provides ref, + string serviceImpl: string ref +); + +/* + * Javadoc + */ + +javadoc( + unique int id: @javadoc +); + +isNormalComment( + int commentid : @javadoc ref +); + +isEolComment( + int commentid : @javadoc ref +); + +hasJavadoc( + int documentableid: @member ref, + int javadocid: @javadoc ref +); + +#keyset[parentid,idx] +javadocTag( + unique int id: @javadocTag, + string name: string ref, + int parentid: @javadocParent ref, + int idx: int ref +); + +#keyset[parentid,idx] +javadocText( + unique int id: @javadocText, + string text: string ref, + int parentid: @javadocParent ref, + int idx: int ref +); + +@javadocParent = @javadoc | @javadocTag; +@javadocElement = @javadocTag | @javadocText; + +@classorinterface = @interface | @class; +@classorinterfaceorpackage = @classorinterface | @package; +@classorinterfaceorcallable = @classorinterface | @callable; +@boundedtype = @typevariable | @wildcard; +@reftype = @classorinterface | @array | @boundedtype | @errortype; +@classorarray = @class | @array; +@type = @primitive | @reftype; +@callable = @method | @constructor; + +/** A program element that has a name. */ +@element = @package | @modifier | @annotation | @errortype | + @locatableElement; + +@locatableElement = @file | @primitive | @class | @interface | @method | @constructor | @param | @exception | @field | + @boundedtype | @array | @localvar | @expr | @stmt | @import | @fielddecl | @kt_type | @kt_type_alias | + @kt_property; + +@modifiable = @member_modifiable| @param | @localvar | @typevariable; + +@member_modifiable = @class | @interface | @method | @constructor | @field | @kt_property; + +@member = @method | @constructor | @field | @reftype ; + +/** A program element that has a location. */ +@locatable = @typebound | @javadoc | @javadocTag | @javadocText | @xmllocatable | @ktcomment | + @locatableElement; + +@top = @element | @locatable | @folder; + +/* + * XML Files + */ + +xmlEncoding( + unique int id: @file ref, + string encoding: string ref +); + +xmlDTDs( + unique int id: @xmldtd, + string root: string ref, + string publicId: string ref, + string systemId: string ref, + int fileid: @file ref +); + +xmlElements( + unique int id: @xmlelement, + string name: string ref, + int parentid: @xmlparent ref, + int idx: int ref, + int fileid: @file ref +); + +xmlAttrs( + unique int id: @xmlattribute, + int elementid: @xmlelement ref, + string name: string ref, + string value: string ref, + int idx: int ref, + int fileid: @file ref +); + +xmlNs( + int id: @xmlnamespace, + string prefixName: string ref, + string URI: string ref, + int fileid: @file ref +); + +xmlHasNs( + int elementId: @xmlnamespaceable ref, + int nsId: @xmlnamespace ref, + int fileid: @file ref +); + +xmlComments( + unique int id: @xmlcomment, + string text: string ref, + int parentid: @xmlparent ref, + int fileid: @file ref +); + +xmlChars( + unique int id: @xmlcharacters, + string text: string ref, + int parentid: @xmlparent ref, + int idx: int ref, + int isCDATA: int ref, + int fileid: @file ref +); + +@xmlparent = @file | @xmlelement; +@xmlnamespaceable = @xmlelement | @xmlattribute; + +xmllocations( + int xmlElement: @xmllocatable ref, + int location: @location_default ref +); + +@xmllocatable = @xmlcharacters | @xmlelement | @xmlcomment | @xmlattribute | @xmldtd | @file | @xmlnamespace; + +/* + * configuration files with key value pairs + */ + +configs( + unique int id: @config +); + +configNames( + unique int id: @configName, + int config: @config ref, + string name: string ref +); + +configValues( + unique int id: @configValue, + int config: @config ref, + string value: string ref +); + +configLocations( + int locatable: @configLocatable ref, + int location: @location_default ref +); + +@configLocatable = @config | @configName | @configValue; + +ktComments( + unique int id: @ktcomment, + int kind: int ref, + string text : string ref +) + +ktCommentSections( + unique int id: @ktcommentsection, + int comment: @ktcomment ref, + string content : string ref +) + +ktCommentSectionNames( + unique int id: @ktcommentsection ref, + string name : string ref +) + +ktCommentSectionSubjectNames( + unique int id: @ktcommentsection ref, + string subjectname : string ref +) + +#keyset[id, owner] +ktCommentOwners( + int id: @ktcomment ref, + int owner: @top ref +) + +ktExtensionFunctions( + unique int id: @method ref, + int typeid: @type ref, + int kttypeid: @kt_type ref +) + +ktProperties( + unique int id: @kt_property, + string nodeName: string ref +) + +ktPropertyGetters( + unique int id: @kt_property ref, + int getter: @method ref +) + +ktPropertySetters( + unique int id: @kt_property ref, + int setter: @method ref +) + +ktPropertyBackingFields( + unique int id: @kt_property ref, + int backingField: @field ref +) + +ktSyntheticBody( + unique int id: @callable ref, + int kind: int ref + // 1: ENUM_VALUES + // 2: ENUM_VALUEOF +) + +ktLocalFunction( + unique int id: @method ref +) + +ktInitializerAssignment( + unique int id: @assignexpr ref +) + +ktPropertyDelegates( + unique int id: @kt_property ref, + unique int variableId: @variable ref +) + +/** + * If `id` is a compiler generated element, then the kind indicates the + * reason that the compiler generated it. + * See `Element.compilerGeneratedReason()` for an explanation of what + * each `kind` means. + */ +compiler_generated( + unique int id: @element ref, + int kind: int ref +) + +ktFunctionOriginalNames( + unique int id: @method ref, + string name: string ref +) + +ktDataClasses( + unique int id: @class ref +) diff --git a/java/downgrades/709f1d1fd04ffd9bbcf242f17b120f8a389949bd/semmlecode.dbscheme b/java/downgrades/709f1d1fd04ffd9bbcf242f17b120f8a389949bd/semmlecode.dbscheme new file mode 100644 index 00000000000..ecb42310286 --- /dev/null +++ b/java/downgrades/709f1d1fd04ffd9bbcf242f17b120f8a389949bd/semmlecode.dbscheme @@ -0,0 +1,1240 @@ +/** + * An invocation of the compiler. Note that more than one file may be + * compiled per invocation. For example, this command compiles three + * source files: + * + * javac A.java B.java C.java + * + * The `id` simply identifies the invocation, while `cwd` is the working + * directory from which the compiler was invoked. + */ +compilations( + /** + * An invocation of the compiler. Note that more than one file may + * be compiled per invocation. For example, this command compiles + * three source files: + * + * javac A.java B.java C.java + */ + unique int id : @compilation, + int kind: int ref, + string cwd : string ref, + string name : string ref +); + +case @compilation.kind of + 1 = @javacompilation +| 2 = @kotlincompilation +; + +compilation_started( + int id : @compilation ref +) + +/** + * The arguments that were passed to the extractor for a compiler + * invocation. If `id` is for the compiler invocation + * + * javac A.java B.java C.java + * + * then typically there will be rows for + * + * num | arg + * --- | --- + * 0 | *path to extractor* + * 1 | `--javac-args` + * 2 | A.java + * 3 | B.java + * 4 | C.java + */ +#keyset[id, num] +compilation_args( + int id : @compilation ref, + int num : int ref, + string arg : string ref +); + +/** + * The source files that are compiled by a compiler invocation. + * If `id` is for the compiler invocation + * + * javac A.java B.java C.java + * + * then there will be rows for + * + * num | arg + * --- | --- + * 0 | A.java + * 1 | B.java + * 2 | C.java + */ +#keyset[id, num] +compilation_compiling_files( + int id : @compilation ref, + int num : int ref, + int file : @file ref +); + +/** + * For each file recorded in `compilation_compiling_files`, + * there will be a corresponding row in + * `compilation_compiling_files_completed` once extraction + * of that file is complete. The `result` will indicate the + * extraction result: + * + * 0: Successfully extracted + * 1: Errors were encountered, but extraction recovered + * 2: Errors were encountered, and extraction could not recover + */ +#keyset[id, num] +compilation_compiling_files_completed( + int id : @compilation ref, + int num : int ref, + int result : int ref +); + +/** + * The time taken by the extractor for a compiler invocation. + * + * For each file `num`, there will be rows for + * + * kind | seconds + * ---- | --- + * 1 | CPU seconds used by the extractor frontend + * 2 | Elapsed seconds during the extractor frontend + * 3 | CPU seconds used by the extractor backend + * 4 | Elapsed seconds during the extractor backend + */ +#keyset[id, num, kind] +compilation_time( + int id : @compilation ref, + int num : int ref, + /* kind: + 1 = frontend_cpu_seconds + 2 = frontend_elapsed_seconds + 3 = extractor_cpu_seconds + 4 = extractor_elapsed_seconds + */ + int kind : int ref, + float seconds : float ref +); + +/** + * An error or warning generated by the extractor. + * The diagnostic message `diagnostic` was generated during compiler + * invocation `compilation`, and is the `file_number_diagnostic_number`th + * message generated while extracting the `file_number`th file of that + * invocation. + */ +#keyset[compilation, file_number, file_number_diagnostic_number] +diagnostic_for( + unique int diagnostic : @diagnostic ref, + int compilation : @compilation ref, + int file_number : int ref, + int file_number_diagnostic_number : int ref +); + +/** + * The `cpu_seconds` and `elapsed_seconds` are the CPU time and elapsed + * time (respectively) that the original compilation (not the extraction) + * took for compiler invocation `id`. + */ +compilation_compiler_times( + unique int id : @compilation ref, + float cpu_seconds : float ref, + float elapsed_seconds : float ref +); + +/** + * If extraction was successful, then `cpu_seconds` and + * `elapsed_seconds` are the CPU time and elapsed time (respectively) + * that extraction took for compiler invocation `id`. + * The `result` will indicate the extraction result: + * + * 0: Successfully extracted + * 1: Errors were encountered, but extraction recovered + * 2: Errors were encountered, and extraction could not recover + */ +compilation_finished( + unique int id : @compilation ref, + float cpu_seconds : float ref, + float elapsed_seconds : float ref, + int result : int ref +); + +diagnostics( + unique int id: @diagnostic, + string generated_by: string ref, // TODO: Sync this with the other languages? + int severity: int ref, + string error_tag: string ref, + string error_message: string ref, + string full_error_message: string ref, + int location: @location_default ref +); + +/* + * External artifacts + */ + +externalData( + int id : @externalDataElement, + string path : string ref, + int column: int ref, + string value : string ref +); + +snapshotDate( + unique date snapshotDate : date ref +); + +sourceLocationPrefix( + string prefix : string ref +); + +/* + * Duplicate code + */ + +duplicateCode( + unique int id : @duplication, + string relativePath : string ref, + int equivClass : int ref +); + +similarCode( + unique int id : @similarity, + string relativePath : string ref, + int equivClass : int ref +); + +@duplication_or_similarity = @duplication | @similarity + +tokens( + int id : @duplication_or_similarity ref, + int offset : int ref, + int beginLine : int ref, + int beginColumn : int ref, + int endLine : int ref, + int endColumn : int ref +); + +/* + * SMAP + */ + +smap_header( + int outputFileId: @file ref, + string outputFilename: string ref, + string defaultStratum: string ref +); + +smap_files( + int outputFileId: @file ref, + string stratum: string ref, + int inputFileNum: int ref, + string inputFileName: string ref, + int inputFileId: @file ref +); + +smap_lines( + int outputFileId: @file ref, + string stratum: string ref, + int inputFileNum: int ref, + int inputStartLine: int ref, + int inputLineCount: int ref, + int outputStartLine: int ref, + int outputLineIncrement: int ref +); + +/* + * Locations and files + */ + +@location = @location_default ; + +locations_default( + unique int id: @location_default, + int file: @file ref, + int beginLine: int ref, + int beginColumn: int ref, + int endLine: int ref, + int endColumn: int ref +); + +hasLocation( + int locatableid: @locatable ref, + int id: @location ref +); + +@sourceline = @locatable ; + +#keyset[element_id] +numlines( + int element_id: @sourceline ref, + int num_lines: int ref, + int num_code: int ref, + int num_comment: int ref +); + +files( + unique int id: @file, + string name: string ref +); + +folders( + unique int id: @folder, + string name: string ref +); + +@container = @folder | @file + +containerparent( + int parent: @container ref, + unique int child: @container ref +); + +/* + * Java + */ + +cupackage( + unique int id: @file ref, + int packageid: @package ref +); + +#keyset[fileid,keyName] +jarManifestMain( + int fileid: @file ref, + string keyName: string ref, + string value: string ref +); + +#keyset[fileid,entryName,keyName] +jarManifestEntries( + int fileid: @file ref, + string entryName: string ref, + string keyName: string ref, + string value: string ref +); + +packages( + unique int id: @package, + string nodeName: string ref +); + +primitives( + unique int id: @primitive, + string nodeName: string ref +); + +modifiers( + unique int id: @modifier, + string nodeName: string ref +); + +/** + * An errortype is used when the extractor is unable to extract a type + * correctly for some reason. + */ +error_type( + unique int id: @errortype +); + +classes( + unique int id: @class, + string nodeName: string ref, + int parentid: @package ref, + int sourceid: @class ref +); + +file_class( + int id: @class ref +); + +class_object( + unique int id: @class ref, + unique int instance: @field ref +); + +type_companion_object( + unique int id: @classorinterface ref, + unique int instance: @field ref, + unique int companion_object: @class ref +); + +kt_nullable_types( + unique int id: @kt_nullable_type, + int classid: @reftype ref +) + +kt_notnull_types( + unique int id: @kt_notnull_type, + int classid: @reftype ref +) + +kt_type_alias( + unique int id: @kt_type_alias, + string name: string ref, + int kttypeid: @kt_type ref +) + +@kt_type = @kt_nullable_type | @kt_notnull_type + +isRecord( + unique int id: @class ref +); + +interfaces( + unique int id: @interface, + string nodeName: string ref, + int parentid: @package ref, + int sourceid: @interface ref +); + +fielddecls( + unique int id: @fielddecl, + int parentid: @reftype ref +); + +#keyset[fieldId] #keyset[fieldDeclId,pos] +fieldDeclaredIn( + int fieldId: @field ref, + int fieldDeclId: @fielddecl ref, + int pos: int ref +); + +fields( + unique int id: @field, + string nodeName: string ref, + int typeid: @type ref, + int parentid: @reftype ref, + int sourceid: @field ref +); + +fieldsKotlinType( + unique int id: @field ref, + int kttypeid: @kt_type ref +); + +constrs( + unique int id: @constructor, + string nodeName: string ref, + string signature: string ref, + int typeid: @type ref, + int parentid: @reftype ref, + int sourceid: @constructor ref +); + +constrsKotlinType( + unique int id: @constructor ref, + int kttypeid: @kt_type ref +); + +methods( + unique int id: @method, + string nodeName: string ref, + string signature: string ref, + int typeid: @type ref, + int parentid: @reftype ref, + int sourceid: @method ref +); + +methodsKotlinType( + unique int id: @method ref, + int kttypeid: @kt_type ref +); + +#keyset[parentid,pos] +params( + unique int id: @param, + int typeid: @type ref, + int pos: int ref, + int parentid: @callable ref, + int sourceid: @param ref +); + +paramsKotlinType( + unique int id: @param ref, + int kttypeid: @kt_type ref +); + +paramName( + unique int id: @param ref, + string nodeName: string ref +); + +isVarargsParam( + int param: @param ref +); + +exceptions( + unique int id: @exception, + int typeid: @type ref, + int parentid: @callable ref +); + +isAnnotType( + int interfaceid: @interface ref +); + +isAnnotElem( + int methodid: @method ref +); + +annotValue( + int parentid: @annotation ref, + int id2: @method ref, + unique int value: @expr ref +); + +isEnumType( + int classid: @class ref +); + +isEnumConst( + int fieldid: @field ref +); + +#keyset[parentid,pos] +typeVars( + unique int id: @typevariable, + string nodeName: string ref, + int pos: int ref, + int kind: int ref, // deprecated + int parentid: @classorinterfaceorcallable ref +); + +wildcards( + unique int id: @wildcard, + string nodeName: string ref, + int kind: int ref +); + +#keyset[parentid,pos] +typeBounds( + unique int id: @typebound, + int typeid: @reftype ref, + int pos: int ref, + int parentid: @boundedtype ref +); + +#keyset[parentid,pos] +typeArgs( + int argumentid: @reftype ref, + int pos: int ref, + int parentid: @classorinterfaceorcallable ref +); + +isParameterized( + int memberid: @member ref +); + +isRaw( + int memberid: @member ref +); + +erasure( + unique int memberid: @member ref, + int erasureid: @member ref +); + +#keyset[classid] #keyset[parent] +isAnonymClass( + int classid: @class ref, + int parent: @classinstancexpr ref +); + +#keyset[typeid] #keyset[parent] +isLocalClassOrInterface( + int typeid: @classorinterface ref, + int parent: @localtypedeclstmt ref +); + +isDefConstr( + int constructorid: @constructor ref +); + +#keyset[exprId] +lambdaKind( + int exprId: @lambdaexpr ref, + int bodyKind: int ref +); + +arrays( + unique int id: @array, + string nodeName: string ref, + int elementtypeid: @type ref, + int dimension: int ref, + int componenttypeid: @type ref +); + +enclInReftype( + unique int child: @reftype ref, + int parent: @reftype ref +); + +extendsReftype( + int id1: @reftype ref, + int id2: @classorinterface ref +); + +implInterface( + int id1: @classorarray ref, + int id2: @interface ref +); + +permits( + int id1: @classorinterface ref, + int id2: @classorinterface ref +); + +hasModifier( + int id1: @modifiable ref, + int id2: @modifier ref +); + +imports( + unique int id: @import, + int holder: @classorinterfaceorpackage ref, + string name: string ref, + int kind: int ref +); + +#keyset[parent,idx] +stmts( + unique int id: @stmt, + int kind: int ref, + int parent: @stmtparent ref, + int idx: int ref, + int bodydecl: @callable ref +); + +@stmtparent = @callable | @stmt | @switchexpr | @whenexpr| @stmtexpr; + +case @stmt.kind of + 0 = @block +| 1 = @ifstmt +| 2 = @forstmt +| 3 = @enhancedforstmt +| 4 = @whilestmt +| 5 = @dostmt +| 6 = @trystmt +| 7 = @switchstmt +| 8 = @synchronizedstmt +| 9 = @returnstmt +| 10 = @throwstmt +| 11 = @breakstmt +| 12 = @continuestmt +| 13 = @emptystmt +| 14 = @exprstmt +| 15 = @labeledstmt +| 16 = @assertstmt +| 17 = @localvariabledeclstmt +| 18 = @localtypedeclstmt +| 19 = @constructorinvocationstmt +| 20 = @superconstructorinvocationstmt +| 21 = @case +| 22 = @catchclause +| 23 = @yieldstmt +| 24 = @errorstmt +| 25 = @whenbranch +; + +#keyset[parent,idx] +exprs( + unique int id: @expr, + int kind: int ref, + int typeid: @type ref, + int parent: @exprparent ref, + int idx: int ref +); + +exprsKotlinType( + unique int id: @expr ref, + int kttypeid: @kt_type ref +); + +callableEnclosingExpr( + unique int id: @expr ref, + int callable_id: @callable ref +); + +statementEnclosingExpr( + unique int id: @expr ref, + int statement_id: @stmt ref +); + +isParenthesized( + unique int id: @expr ref, + int parentheses: int ref +); + +case @expr.kind of + 1 = @arrayaccess +| 2 = @arraycreationexpr +| 3 = @arrayinit +| 4 = @assignexpr +| 5 = @assignaddexpr +| 6 = @assignsubexpr +| 7 = @assignmulexpr +| 8 = @assigndivexpr +| 9 = @assignremexpr +| 10 = @assignandexpr +| 11 = @assignorexpr +| 12 = @assignxorexpr +| 13 = @assignlshiftexpr +| 14 = @assignrshiftexpr +| 15 = @assignurshiftexpr +| 16 = @booleanliteral +| 17 = @integerliteral +| 18 = @longliteral +| 19 = @floatingpointliteral +| 20 = @doubleliteral +| 21 = @characterliteral +| 22 = @stringliteral +| 23 = @nullliteral +| 24 = @mulexpr +| 25 = @divexpr +| 26 = @remexpr +| 27 = @addexpr +| 28 = @subexpr +| 29 = @lshiftexpr +| 30 = @rshiftexpr +| 31 = @urshiftexpr +| 32 = @andbitexpr +| 33 = @orbitexpr +| 34 = @xorbitexpr +| 35 = @andlogicalexpr +| 36 = @orlogicalexpr +| 37 = @ltexpr +| 38 = @gtexpr +| 39 = @leexpr +| 40 = @geexpr +| 41 = @eqexpr +| 42 = @neexpr +| 43 = @postincexpr +| 44 = @postdecexpr +| 45 = @preincexpr +| 46 = @predecexpr +| 47 = @minusexpr +| 48 = @plusexpr +| 49 = @bitnotexpr +| 50 = @lognotexpr +| 51 = @castexpr +| 52 = @newexpr +| 53 = @conditionalexpr +| 54 = @parexpr // deprecated +| 55 = @instanceofexpr +| 56 = @localvariabledeclexpr +| 57 = @typeliteral +| 58 = @thisaccess +| 59 = @superaccess +| 60 = @varaccess +| 61 = @methodaccess +| 62 = @unannotatedtypeaccess +| 63 = @arraytypeaccess +| 64 = @packageaccess +| 65 = @wildcardtypeaccess +| 66 = @declannotation +| 67 = @uniontypeaccess +| 68 = @lambdaexpr +| 69 = @memberref +| 70 = @annotatedtypeaccess +| 71 = @typeannotation +| 72 = @intersectiontypeaccess +| 73 = @switchexpr +| 74 = @errorexpr +| 75 = @whenexpr +| 76 = @getclassexpr +| 77 = @safecastexpr +| 78 = @implicitcastexpr +| 79 = @implicitnotnullexpr +| 80 = @implicitcoerciontounitexpr +| 81 = @notinstanceofexpr +| 82 = @stmtexpr +| 83 = @stringtemplateexpr +| 84 = @notnullexpr +| 85 = @unsafecoerceexpr +| 86 = @valueeqexpr +| 87 = @valueneexpr +| 88 = @propertyref +; + +/** Holds if this `when` expression was written as an `if` expression. */ +when_if(unique int id: @whenexpr ref); + +/** Holds if this `when` branch was written as an `else` branch. */ +when_branch_else(unique int id: @whenbranch ref); + +@classinstancexpr = @newexpr | @lambdaexpr | @memberref | @propertyref + +@annotation = @declannotation | @typeannotation +@typeaccess = @unannotatedtypeaccess | @annotatedtypeaccess + +@assignment = @assignexpr + | @assignop; + +@unaryassignment = @postincexpr + | @postdecexpr + | @preincexpr + | @predecexpr; + +@assignop = @assignaddexpr + | @assignsubexpr + | @assignmulexpr + | @assigndivexpr + | @assignremexpr + | @assignandexpr + | @assignorexpr + | @assignxorexpr + | @assignlshiftexpr + | @assignrshiftexpr + | @assignurshiftexpr; + +@literal = @booleanliteral + | @integerliteral + | @longliteral + | @floatingpointliteral + | @doubleliteral + | @characterliteral + | @stringliteral + | @nullliteral; + +@binaryexpr = @mulexpr + | @divexpr + | @remexpr + | @addexpr + | @subexpr + | @lshiftexpr + | @rshiftexpr + | @urshiftexpr + | @andbitexpr + | @orbitexpr + | @xorbitexpr + | @andlogicalexpr + | @orlogicalexpr + | @ltexpr + | @gtexpr + | @leexpr + | @geexpr + | @eqexpr + | @neexpr + | @valueeqexpr + | @valueneexpr; + +@unaryexpr = @postincexpr + | @postdecexpr + | @preincexpr + | @predecexpr + | @minusexpr + | @plusexpr + | @bitnotexpr + | @lognotexpr + | @notnullexpr; + +@caller = @classinstancexpr + | @methodaccess + | @constructorinvocationstmt + | @superconstructorinvocationstmt; + +callableBinding( + unique int callerid: @caller ref, + int callee: @callable ref +); + +memberRefBinding( + unique int id: @expr ref, + int callable: @callable ref +); + +propertyRefGetBinding( + unique int id: @expr ref, + int getter: @callable ref +); + +propertyRefFieldBinding( + unique int id: @expr ref, + int field: @field ref +); + +propertyRefSetBinding( + unique int id: @expr ref, + int setter: @callable ref +); + +@exprparent = @stmt | @expr | @whenbranch | @callable | @field | @fielddecl | @class | @interface | @param | @localvar | @typevariable; + +variableBinding( + unique int expr: @varaccess ref, + int variable: @variable ref +); + +@variable = @localscopevariable | @field; + +@localscopevariable = @localvar | @param; + +localvars( + unique int id: @localvar, + string nodeName: string ref, + int typeid: @type ref, + int parentid: @localvariabledeclexpr ref +); + +localvarsKotlinType( + unique int id: @localvar ref, + int kttypeid: @kt_type ref +); + +@namedexprorstmt = @breakstmt + | @continuestmt + | @labeledstmt + | @literal; + +namestrings( + string name: string ref, + string value: string ref, + unique int parent: @namedexprorstmt ref +); + +/* + * Modules + */ + +#keyset[name] +modules( + unique int id: @module, + string name: string ref +); + +isOpen( + int id: @module ref +); + +#keyset[fileId] +cumodule( + int fileId: @file ref, + int moduleId: @module ref +); + +@directive = @requires + | @exports + | @opens + | @uses + | @provides + +#keyset[directive] +directives( + int id: @module ref, + int directive: @directive ref +); + +requires( + unique int id: @requires, + int target: @module ref +); + +isTransitive( + int id: @requires ref +); + +isStatic( + int id: @requires ref +); + +exports( + unique int id: @exports, + int target: @package ref +); + +exportsTo( + int id: @exports ref, + int target: @module ref +); + +opens( + unique int id: @opens, + int target: @package ref +); + +opensTo( + int id: @opens ref, + int target: @module ref +); + +uses( + unique int id: @uses, + string serviceInterface: string ref +); + +provides( + unique int id: @provides, + string serviceInterface: string ref +); + +providesWith( + int id: @provides ref, + string serviceImpl: string ref +); + +/* + * Javadoc + */ + +javadoc( + unique int id: @javadoc +); + +isNormalComment( + int commentid : @javadoc ref +); + +isEolComment( + int commentid : @javadoc ref +); + +hasJavadoc( + int documentableid: @member ref, + int javadocid: @javadoc ref +); + +#keyset[parentid,idx] +javadocTag( + unique int id: @javadocTag, + string name: string ref, + int parentid: @javadocParent ref, + int idx: int ref +); + +#keyset[parentid,idx] +javadocText( + unique int id: @javadocText, + string text: string ref, + int parentid: @javadocParent ref, + int idx: int ref +); + +@javadocParent = @javadoc | @javadocTag; +@javadocElement = @javadocTag | @javadocText; + +@classorinterface = @interface | @class; +@classorinterfaceorpackage = @classorinterface | @package; +@classorinterfaceorcallable = @classorinterface | @callable; +@boundedtype = @typevariable | @wildcard; +@reftype = @classorinterface | @array | @boundedtype | @errortype; +@classorarray = @class | @array; +@type = @primitive | @reftype; +@callable = @method | @constructor; + +/** A program element that has a name. */ +@element = @package | @modifier | @annotation | @errortype | + @locatableElement; + +@locatableElement = @file | @primitive | @class | @interface | @method | @constructor | @param | @exception | @field | + @boundedtype | @array | @localvar | @expr | @stmt | @import | @fielddecl | @kt_type | @kt_type_alias | + @kt_property; + +@modifiable = @member_modifiable| @param | @localvar ; + +@member_modifiable = @class | @interface | @method | @constructor | @field | @kt_property; + +@member = @method | @constructor | @field | @reftype ; + +/** A program element that has a location. */ +@locatable = @typebound | @javadoc | @javadocTag | @javadocText | @xmllocatable | @ktcomment | + @locatableElement; + +@top = @element | @locatable | @folder; + +/* + * XML Files + */ + +xmlEncoding( + unique int id: @file ref, + string encoding: string ref +); + +xmlDTDs( + unique int id: @xmldtd, + string root: string ref, + string publicId: string ref, + string systemId: string ref, + int fileid: @file ref +); + +xmlElements( + unique int id: @xmlelement, + string name: string ref, + int parentid: @xmlparent ref, + int idx: int ref, + int fileid: @file ref +); + +xmlAttrs( + unique int id: @xmlattribute, + int elementid: @xmlelement ref, + string name: string ref, + string value: string ref, + int idx: int ref, + int fileid: @file ref +); + +xmlNs( + int id: @xmlnamespace, + string prefixName: string ref, + string URI: string ref, + int fileid: @file ref +); + +xmlHasNs( + int elementId: @xmlnamespaceable ref, + int nsId: @xmlnamespace ref, + int fileid: @file ref +); + +xmlComments( + unique int id: @xmlcomment, + string text: string ref, + int parentid: @xmlparent ref, + int fileid: @file ref +); + +xmlChars( + unique int id: @xmlcharacters, + string text: string ref, + int parentid: @xmlparent ref, + int idx: int ref, + int isCDATA: int ref, + int fileid: @file ref +); + +@xmlparent = @file | @xmlelement; +@xmlnamespaceable = @xmlelement | @xmlattribute; + +xmllocations( + int xmlElement: @xmllocatable ref, + int location: @location_default ref +); + +@xmllocatable = @xmlcharacters | @xmlelement | @xmlcomment | @xmlattribute | @xmldtd | @file | @xmlnamespace; + +/* + * configuration files with key value pairs + */ + +configs( + unique int id: @config +); + +configNames( + unique int id: @configName, + int config: @config ref, + string name: string ref +); + +configValues( + unique int id: @configValue, + int config: @config ref, + string value: string ref +); + +configLocations( + int locatable: @configLocatable ref, + int location: @location_default ref +); + +@configLocatable = @config | @configName | @configValue; + +ktComments( + unique int id: @ktcomment, + int kind: int ref, + string text : string ref +) + +ktCommentSections( + unique int id: @ktcommentsection, + int comment: @ktcomment ref, + string content : string ref +) + +ktCommentSectionNames( + unique int id: @ktcommentsection ref, + string name : string ref +) + +ktCommentSectionSubjectNames( + unique int id: @ktcommentsection ref, + string subjectname : string ref +) + +#keyset[id, owner] +ktCommentOwners( + int id: @ktcomment ref, + int owner: @top ref +) + +ktExtensionFunctions( + unique int id: @method ref, + int typeid: @type ref, + int kttypeid: @kt_type ref +) + +ktProperties( + unique int id: @kt_property, + string nodeName: string ref +) + +ktPropertyGetters( + unique int id: @kt_property ref, + int getter: @method ref +) + +ktPropertySetters( + unique int id: @kt_property ref, + int setter: @method ref +) + +ktPropertyBackingFields( + unique int id: @kt_property ref, + int backingField: @field ref +) + +ktSyntheticBody( + unique int id: @callable ref, + int kind: int ref + // 1: ENUM_VALUES + // 2: ENUM_VALUEOF +) + +ktLocalFunction( + unique int id: @method ref +) + +ktInitializerAssignment( + unique int id: @assignexpr ref +) + +ktPropertyDelegates( + unique int id: @kt_property ref, + unique int variableId: @variable ref +) + +/** + * If `id` is a compiler generated element, then the kind indicates the + * reason that the compiler generated it. + * See `Element.compilerGeneratedReason()` for an explanation of what + * each `kind` means. + */ +compiler_generated( + unique int id: @element ref, + int kind: int ref +) + +ktFunctionOriginalNames( + unique int id: @method ref, + string name: string ref +) + +ktDataClasses( + unique int id: @class ref +) diff --git a/java/downgrades/709f1d1fd04ffd9bbcf242f17b120f8a389949bd/upgrade.properties b/java/downgrades/709f1d1fd04ffd9bbcf242f17b120f8a389949bd/upgrade.properties new file mode 100644 index 00000000000..0a7ee2789f5 --- /dev/null +++ b/java/downgrades/709f1d1fd04ffd9bbcf242f17b120f8a389949bd/upgrade.properties @@ -0,0 +1,4 @@ +description: Remove type parameters from modifiable entities +compatibility: backwards +hasModifier.rel: run hasModifier.qlo +modifiers.rel: run modifiers.qlo diff --git a/java/kotlin-extractor/src/main/java/com/semmle/extractor/java/OdasaOutput.java b/java/kotlin-extractor/src/main/java/com/semmle/extractor/java/OdasaOutput.java index dbe698d6759..b7b11912325 100644 --- a/java/kotlin-extractor/src/main/java/com/semmle/extractor/java/OdasaOutput.java +++ b/java/kotlin-extractor/src/main/java/com/semmle/extractor/java/OdasaOutput.java @@ -4,11 +4,16 @@ import java.lang.reflect.*; import java.io.File; import java.io.IOException; import java.util.Arrays; +import java.util.Collections; +import java.util.Comparator; import java.util.Enumeration; import java.util.HashMap; import java.util.LinkedHashMap; +import java.util.LinkedList; +import java.util.List; import java.util.Map; import java.util.Objects; +import java.util.regex.Matcher; import java.util.regex.Pattern; import java.util.zip.ZipEntry; import java.util.zip.ZipFile; @@ -29,6 +34,7 @@ import org.jetbrains.org.objectweb.asm.Opcodes; import com.semmle.util.concurrent.LockDirectory; import com.semmle.util.concurrent.LockDirectory.LockingMode; +import com.semmle.util.data.Pair; import com.semmle.util.exception.CatastrophicError; import com.semmle.util.exception.NestedError; import com.semmle.util.exception.ResourceError; @@ -43,6 +49,9 @@ import com.semmle.util.trap.dependencies.TrapSet; import com.semmle.util.trap.pathtransformers.PathTransformer; public class OdasaOutput { + // By default we use lockless TRAP writing, but this can be set + // if we want to use the old TRAP locking for any reason. + private final boolean use_trap_locking = Env.systemEnv().getBoolean("CODEQL_EXTRACTOR_JAVA_TRAP_LOCKING", false); // either these are set ... private final File trapFolder; @@ -260,22 +269,59 @@ public class OdasaOutput { * Any unique suffix needed to distinguish `sym` from other declarations with the same name. * For functions for example, this means its parameter signature. */ - private TrapFileManager getMembersWriterForDecl(File trap, IrDeclaration sym, String signature) { - TrapClassVersion currVersion = TrapClassVersion.fromSymbol(sym, log); - String shortName = sym instanceof IrDeclarationWithName ? ((IrDeclarationWithName)sym).getName().asString() : "(name unknown)"; - if (trap.exists()) { - // Only re-write an existing trap file if we encountered a newer version of the same class. - TrapClassVersion trapVersion = readVersionInfo(trap); - if (!currVersion.isValid()) { - log.warn("Not rewriting trap file for: " + shortName + " " + trapVersion + " " + currVersion + " " + trap); - } else if (currVersion.newerThan(trapVersion)) { - log.trace("Rewriting trap file for: " + shortName + " " + trapVersion + " " + currVersion + " " + trap); - deleteTrapFileAndDependencies(sym, signature); + private TrapFileManager getMembersWriterForDecl(File trap, File trapFileBase, TrapClassVersion trapFileVersion, IrDeclaration sym, String signature) { + if (use_trap_locking) { + TrapClassVersion currVersion = TrapClassVersion.fromSymbol(sym, log); + String shortName = sym instanceof IrDeclarationWithName ? ((IrDeclarationWithName)sym).getName().asString() : "(name unknown)"; + if (trap.exists()) { + // Only re-write an existing trap file if we encountered a newer version of the same class. + TrapClassVersion trapVersion = readVersionInfo(trap); + if (!currVersion.isValid()) { + log.warn("Not rewriting trap file for: " + shortName + " " + trapVersion + " " + currVersion + " " + trap); + } else if (currVersion.newerThan(trapVersion)) { + log.trace("Rewriting trap file for: " + shortName + " " + trapVersion + " " + currVersion + " " + trap); + deleteTrapFileAndDependencies(sym, signature); + } else { + return null; + } } else { - return null; + log.trace("Writing trap file for: " + shortName + " " + currVersion + " " + trap); } } else { - log.trace("Writing trap file for: " + shortName + " " + currVersion + " " + trap); + // If the TRAP file already exists then we + // don't need to write it. + if (trap.exists()) { + log.warn("Not rewriting trap file for " + trap.toString() + " as it exists"); + return null; + } + // If the TRAP file was written in the past, and + // then renamed to its trap-old name, then we + // don't need to rewrite it only to rename it + // again. + File trapFileDir = trap.getParentFile(); + File trapOld = new File(trapFileDir, trap.getName().replace(".trap.gz", ".trap-old.gz")); + if (trapOld.exists()) { + log.warn("Not rewriting trap file for " + trap.toString() + " as the trap-old exists"); + return null; + } + // Otherwise, if any newer TRAP file has already + // been written then we don't need to write + // anything. + if (trapFileBase != null && trapFileVersion != null && trapFileDir.exists()) { + String trapFileBaseName = trapFileBase.getName(); + + for (File f: FileUtil.list(trapFileDir)) { + String name = f.getName(); + Matcher m = selectClassVersionComponents.matcher(name); + if (m.matches() && m.group(1).equals(trapFileBaseName)) { + TrapClassVersion v = new TrapClassVersion(Integer.valueOf(m.group(2)), Integer.valueOf(m.group(3)), Long.valueOf(m.group(4)), m.group(5)); + if (v.newerThan(trapFileVersion)) { + log.warn("Not rewriting trap file for " + trap.toString() + " as " + f.toString() + " exists"); + return null; + } + } + } + } } return trapWriter(trap, sym, signature); } @@ -328,19 +374,24 @@ public class OdasaOutput { } writeTrapDependencies(trapDependenciesForClass); - // Record major/minor version information for extracted class files. - // This is subsequently used to determine whether to re-extract (a newer version of) the same class. - File metadataFile = new File(trapFile.getAbsolutePath().replace(".trap.gz", ".metadata")); - try { - Map versionMap = new LinkedHashMap<>(); - TrapClassVersion tcv = TrapClassVersion.fromSymbol(sym, log); - versionMap.put(MAJOR_VERSION, String.valueOf(tcv.getMajorVersion())); - versionMap.put(MINOR_VERSION, String.valueOf(tcv.getMinorVersion())); - versionMap.put(LAST_MODIFIED, String.valueOf(tcv.getLastModified())); - versionMap.put(EXTRACTOR_NAME, tcv.getExtractorName()); - FileUtil.writePropertiesCSV(metadataFile, versionMap); - } catch (IOException e) { - log.warn("Could not save trap metadata file: " + metadataFile.getAbsolutePath(), e); + + // If we are using TRAP locking then we + // need to write a metadata file. + if (use_trap_locking) { + // Record major/minor version information for extracted class files. + // This is subsequently used to determine whether to re-extract (a newer version of) the same class. + File metadataFile = new File(trapFile.getAbsolutePath().replace(".trap.gz", ".metadata")); + try { + Map versionMap = new LinkedHashMap<>(); + TrapClassVersion tcv = TrapClassVersion.fromSymbol(sym, log); + versionMap.put(MAJOR_VERSION, String.valueOf(tcv.getMajorVersion())); + versionMap.put(MINOR_VERSION, String.valueOf(tcv.getMinorVersion())); + versionMap.put(LAST_MODIFIED, String.valueOf(tcv.getLastModified())); + versionMap.put(EXTRACTOR_NAME, tcv.getExtractorName()); + FileUtil.writePropertiesCSV(metadataFile, versionMap); + } catch (IOException e) { + log.warn("Could not save trap metadata file: " + metadataFile.getAbsolutePath(), e); + } } } private void writeTrapDependencies(TrapDependencies trapDependencies) { @@ -358,6 +409,8 @@ public class OdasaOutput { * Trap file locking. */ + private final Pattern selectClassVersionComponents = Pattern.compile("(.*)#(-?[0-9]+)\\.(-?[0-9]+)-(-?[0-9]+)-(.*)\\.trap\\.gz"); + /** * CAUTION: to avoid the potential for deadlock between multiple concurrent extractor processes, * only one source file {@link TrapLocker} may be open at any time, and the lock must be obtained @@ -414,6 +467,10 @@ public class OdasaOutput { public class TrapLocker implements AutoCloseable { private final IrDeclaration sym; private final File trapFile; + // trapFileBase is used when doing lockless TRAP file writing. + // It is trapFile without the #metadata.trap.gz suffix. + private File trapFileBase = null; + private TrapClassVersion trapFileVersion = null; private final String signature; private TrapLocker(IrDeclaration decl, String signature) { this.sym = decl; @@ -422,7 +479,20 @@ public class OdasaOutput { log.error("Null symbol passed for Kotlin TRAP locker"); trapFile = null; } else { - trapFile = getTrapFileForDecl(sym, signature); + File normalTrapFile = getTrapFileForDecl(sym, signature); + if (use_trap_locking) { + trapFile = normalTrapFile; + } else { + // We encode the metadata into the filename, so that the + // TRAP filenames for different metadatas don't overlap. + trapFileVersion = TrapClassVersion.fromSymbol(sym, log); + String baseName = normalTrapFile.getName().replace(".trap.gz", ""); + // If a class has lots of inner classes, then we get lots of files + // in a single directory. This makes our directory listings later slow. + // To avoid this, rather than using files named .../Foo*, we use .../Foo/Foo*. + trapFileBase = new File(new File(normalTrapFile.getParentFile(), baseName), baseName); + trapFile = new File(trapFileBase.getPath() + '#' + trapFileVersion.toString() + ".trap.gz"); + } } } private TrapLocker(File jarFile) { @@ -437,20 +507,83 @@ public class OdasaOutput { } public TrapFileManager getTrapFileManager() { if (trapFile!=null) { - lockTrapFile(trapFile); - return getMembersWriterForDecl(trapFile, sym, signature); + if (use_trap_locking) { + lockTrapFile(trapFile); + } + return getMembersWriterForDecl(trapFile, trapFileBase, trapFileVersion, sym, signature); } else { return null; } } + @Override public void close() { if (trapFile!=null) { try { - unlockTrapFile(trapFile); + if (use_trap_locking) { + unlockTrapFile(trapFile); + } } catch (NestedError e) { log.warn("Error unlocking trap file " + trapFile.getAbsolutePath(), e); } + + // If we are writing TRAP file locklessly, then now that we + // have finished writing our TRAP file, we want to rename + // and TRAP file that matches our trapFileBase but doesn't + // have the latest metadata. + // Renaming it to trap-old means that it won't be imported, + // but we can still use its presence to avoid future + // invocations rewriting it, and it means that the information + // is in the TRAP directory if we need it for debugging. + if (!use_trap_locking && sym != null) { + File trapFileDir = trapFileBase.getParentFile(); + String trapFileBaseName = trapFileBase.getName(); + + List> pairs = new LinkedList>(); + for (File f: FileUtil.list(trapFileDir)) { + String name = f.getName(); + Matcher m = selectClassVersionComponents.matcher(name); + if (m.matches()) { + if (m.group(1).equals(trapFileBaseName)) { + TrapClassVersion v = new TrapClassVersion(Integer.valueOf(m.group(2)), Integer.valueOf(m.group(3)), Long.valueOf(m.group(4)), m.group(5)); + pairs.add(new Pair(f, v)); + } else { + // Everything in this directory should be for the same TRAP file base + log.error("Unexpected sibling " + m.group(1) + " when extracting " + trapFileBaseName); + } + } + } + if (pairs.isEmpty()) { + log.error("Wrote TRAP file, but no TRAP files exist for " + trapFile.getAbsolutePath()); + } else { + Comparator> comparator = new Comparator>() { + @Override + public int compare(Pair p1, Pair p2) { + TrapClassVersion v1 = p1.snd(); + TrapClassVersion v2 = p2.snd(); + if (v1.equals(v2)) { + return 0; + } else if (v1.newerThan(v2)) { + return 1; + } else { + return -1; + } + } + }; + TrapClassVersion latestVersion = Collections.max(pairs, comparator).snd(); + + for (Pair p: pairs) { + if (!latestVersion.equals(p.snd())) { + File f = p.fst(); + File fOld = new File(f.getParentFile(), f.getName().replace(".trap.gz", ".trap-old.gz")); + // We aren't interested in whether or not this succeeds; + // it may fail because a concurrent extractor has already + // renamed it. + f.renameTo(fOld); + } + } + } + } } } @@ -505,6 +638,17 @@ public class OdasaOutput { this.lastModified = lastModified; this.extractorName = extractorName; } + + @Override + public boolean equals(Object obj) { + if (obj instanceof TrapClassVersion) { + TrapClassVersion other = (TrapClassVersion)obj; + return majorVersion == other.majorVersion && minorVersion == other.minorVersion && lastModified == other.lastModified && extractorName.equals(other.extractorName); + } else { + return false; + } + } + private boolean newerThan(TrapClassVersion tcv) { // Classes being compiled from source have major version 0 but should take precedence // over any classes with the same qualified name loaded from the classpath diff --git a/java/kotlin-extractor/src/main/java/com/semmle/util/expansion/ExpansionEnvironment.java b/java/kotlin-extractor/src/main/java/com/semmle/util/expansion/ExpansionEnvironment.java index a8008ca6299..47bbb1d2029 100644 --- a/java/kotlin-extractor/src/main/java/com/semmle/util/expansion/ExpansionEnvironment.java +++ b/java/kotlin-extractor/src/main/java/com/semmle/util/expansion/ExpansionEnvironment.java @@ -123,7 +123,7 @@ public class ExpansionEnvironment { } /** - * This the old default constructor, which always enables command substutitions. + * This the old default constructor, which always enables command substitutions. * Doing so is a security risk whenever the string you expand may come * from an untrusted source, so you should only do that when you explicitly want * to do it and have decided that it is safe. (And then use the constructor that diff --git a/java/kotlin-extractor/src/main/java/com/semmle/util/files/FileUtil.java b/java/kotlin-extractor/src/main/java/com/semmle/util/files/FileUtil.java index 6c3e754310e..81a9f46a71f 100644 --- a/java/kotlin-extractor/src/main/java/com/semmle/util/files/FileUtil.java +++ b/java/kotlin-extractor/src/main/java/com/semmle/util/files/FileUtil.java @@ -1033,11 +1033,11 @@ public class FileUtil } /** - * Santize path string To handle windows drive letters and cross-platform builds. + * Sanitize path string To handle windows drive letters and cross-platform builds. * @param pathString to be sanitized * @return sanitized path string */ - private static String santizePathString(String pathString) { + private static String sanitizePathString(String pathString) { // Replace ':' by '_', as the extractor does - to handle Windows drive letters pathString = pathString.replace(':', '_'); @@ -1059,7 +1059,7 @@ public class FileUtil */ public static File appendAbsolutePath (File root, String absolutePath) { - absolutePath = santizePathString(absolutePath); + absolutePath = sanitizePathString(absolutePath); return new File(root, absolutePath).getAbsoluteFile(); } @@ -1075,7 +1075,7 @@ public class FileUtil */ public static Path appendAbsolutePath(Path root, String absolutePathString){ - absolutePathString = santizePathString(absolutePathString); + absolutePathString = sanitizePathString(absolutePathString); Path path = Paths.get(absolutePathString); diff --git a/java/kotlin-extractor/src/main/kotlin/ExternalDeclExtractor.kt b/java/kotlin-extractor/src/main/kotlin/ExternalDeclExtractor.kt index 43ba9525190..9a99b05f775 100644 --- a/java/kotlin-extractor/src/main/kotlin/ExternalDeclExtractor.kt +++ b/java/kotlin-extractor/src/main/kotlin/ExternalDeclExtractor.kt @@ -84,7 +84,7 @@ class ExternalDeclExtractor(val logger: FileLogger, val invocationTrapFile: Stri // file information if needed: val ftw = tw.makeFileTrapWriter(binaryPath, irDecl is IrClass) - val fileExtractor = KotlinFileExtractor(logger, ftw, binaryPath, manager, this, primitiveTypeMapping, pluginContext, KotlinFileExtractor.DeclarationStack(), globalExtensionState) + val fileExtractor = KotlinFileExtractor(logger, ftw, null, binaryPath, manager, this, primitiveTypeMapping, pluginContext, KotlinFileExtractor.DeclarationStack(), globalExtensionState) if (irDecl is IrClass) { // Populate a location and compilation-unit package for the file. This is similar to diff --git a/java/kotlin-extractor/src/main/kotlin/KotlinExtractorExtension.kt b/java/kotlin-extractor/src/main/kotlin/KotlinExtractorExtension.kt index a4dc2aaee08..a31bfee0b4f 100644 --- a/java/kotlin-extractor/src/main/kotlin/KotlinExtractorExtension.kt +++ b/java/kotlin-extractor/src/main/kotlin/KotlinExtractorExtension.kt @@ -74,7 +74,7 @@ class KotlinExtractorExtension( // First, if we can find our log directory, then let's try // making a log file there: val extractorLogDir = System.getenv("CODEQL_EXTRACTOR_JAVA_LOG_DIR") - if (extractorLogDir != null || extractorLogDir != "") { + if (extractorLogDir != null && extractorLogDir != "") { // We use a slightly different filename pattern compared // to normal logs. Just the existence of a `-top` log is // a sign that something's gone very wrong. @@ -296,7 +296,9 @@ private fun doFile( context.clear() } - val dbSrcFilePath = Paths.get("$dbSrcDir/$srcFilePath") + val srcFileRelativePath = srcFilePath.replace(':', '_') + + val dbSrcFilePath = Paths.get("$dbSrcDir/$srcFileRelativePath") val dbSrcDirPath = dbSrcFilePath.parent Files.createDirectories(dbSrcDirPath) val srcTmpFile = File.createTempFile(dbSrcFilePath.fileName.toString() + ".", ".src.tmp", dbSrcDirPath.toFile()) @@ -305,7 +307,7 @@ private fun doFile( } srcTmpFile.renameTo(dbSrcFilePath.toFile()) - val trapFileName = "$dbTrapDir/$srcFilePath.trap" + val trapFileName = "$dbTrapDir/$srcFileRelativePath.trap" val trapFileWriter = getTrapFileWriter(compression, logger, trapFileName) if (checkTrapIdentical || !trapFileWriter.exists()) { @@ -322,7 +324,8 @@ private fun doFile( // file information val sftw = tw.makeSourceFileTrapWriter(srcFile, true) val externalDeclExtractor = ExternalDeclExtractor(logger, invocationTrapFile, srcFilePath, primitiveTypeMapping, pluginContext, globalExtensionState, fileTrapWriter) - val fileExtractor = KotlinFileExtractor(logger, sftw, srcFilePath, null, externalDeclExtractor, primitiveTypeMapping, pluginContext, KotlinFileExtractor.DeclarationStack(), globalExtensionState) + val linesOfCode = LinesOfCode(logger, sftw, srcFile) + val fileExtractor = KotlinFileExtractor(logger, sftw, linesOfCode, srcFilePath, null, externalDeclExtractor, primitiveTypeMapping, pluginContext, KotlinFileExtractor.DeclarationStack(), globalExtensionState) fileExtractor.extractFileContents(srcFile, sftw.fileId) externalDeclExtractor.extractExternalClasses() @@ -397,7 +400,7 @@ private abstract class TrapFileWriter(val logger: FileLogger, trapName: String, fun getTempWriter(): BufferedWriter { if (this::tempFile.isInitialized) { - logger.error("Temp writer reinitiailised for $realFile") + logger.error("Temp writer reinitialized for $realFile") } tempFile = File.createTempFile(realFile.getName() + ".", ".trap.tmp" + extension, parentDir) return getWriter(tempFile) diff --git a/java/kotlin-extractor/src/main/kotlin/KotlinFileExtractor.kt b/java/kotlin-extractor/src/main/kotlin/KotlinFileExtractor.kt index 1c34f1d8471..5741aab36d1 100644 --- a/java/kotlin-extractor/src/main/kotlin/KotlinFileExtractor.kt +++ b/java/kotlin-extractor/src/main/kotlin/KotlinFileExtractor.kt @@ -36,6 +36,7 @@ import kotlin.collections.ArrayList open class KotlinFileExtractor( override val logger: FileLogger, override val tw: FileTrapWriter, + val linesOfCode: LinesOfCode?, val filePath: String, dependencyCollector: OdasaOutput.TrapFileManager?, externalClassExtractor: ExternalDeclExtractor, @@ -91,6 +92,8 @@ open class KotlinFileExtractor( if (!declarationStack.isEmpty()) { logger.errorElement("Declaration stack is not empty after processing the file", file) } + + linesOfCode?.linesOfCodeInFile(id) } } @@ -117,11 +120,7 @@ open class KotlinFileExtractor( } private fun shouldExtractDecl(declaration: IrDeclaration, extractPrivateMembers: Boolean) = - extractPrivateMembers || - when(declaration) { - is IrDeclarationWithVisibility -> declaration.visibility.let { it != DescriptorVisibilities.PRIVATE && it != DescriptorVisibilities.PRIVATE_TO_THIS } - else -> true - } + extractPrivateMembers || !isPrivate(declaration) fun extractDeclaration(declaration: IrDeclaration, extractPrivateMembers: Boolean, extractFunctionBodies: Boolean) { with("declaration", declaration) { @@ -203,6 +202,16 @@ open class KotlinFileExtractor( } } + if (tp.isReified) { + addModifiers(id, "reified") + } + + if (tp.variance == Variance.IN_VARIANCE) { + addModifiers(id, "in") + } else if (tp.variance == Variance.OUT_VARIANCE) { + addModifiers(id, "out") + } + return id } } @@ -231,7 +240,7 @@ open class KotlinFileExtractor( // default java visibility (top level) } JavaVisibilities.ProtectedAndPackage -> { - // default java visibility (member level) + addModifiers(id, "protected") } else -> logger.errorElement("Unexpected delegated visibility: $v", elementForLocation) } @@ -354,23 +363,37 @@ open class KotlinFileExtractor( } } + private fun makeTypeParamSubstitution(c: IrClass, argsIncludingOuterClasses: List?) = + when (argsIncludingOuterClasses) { + null -> { x: IrType, _: TypeContext, _: IrPluginContext -> x.toRawType() } + else -> makeGenericSubstitutionFunction(c, argsIncludingOuterClasses) + } + + fun extractDeclarationPrototype(d: IrDeclaration, parentId: Label, argsIncludingOuterClasses: List?, typeParamSubstitutionQ: TypeSubstitution? = null) { + val typeParamSubstitution = typeParamSubstitutionQ ?: + when(val parent = d.parent) { + is IrClass -> makeTypeParamSubstitution(parent, argsIncludingOuterClasses) + else -> { + logger.warnElement("Unable to extract prototype of local declaration", d) + return + } + } + when (d) { + is IrFunction -> extractFunction(d, parentId, extractBody = false, extractMethodAndParameterTypeAccesses = false, typeParamSubstitution, argsIncludingOuterClasses) + is IrProperty -> extractProperty(d, parentId, extractBackingField = false, extractFunctionBodies = false, extractPrivateMembers = false, typeParamSubstitution, argsIncludingOuterClasses) + else -> {} + } + } + // `argsIncludingOuterClasses` can be null to describe a raw generic type. // For non-generic types it will be zero-length list. private fun extractNonPrivateMemberPrototypes(c: IrClass, argsIncludingOuterClasses: List?, id: Label) { with("member prototypes", c) { - val typeParamSubstitution = - when (argsIncludingOuterClasses) { - null -> { x: IrType, _: TypeContext, _: IrPluginContext -> x.toRawType() } - else -> makeGenericSubstitutionFunction(c, argsIncludingOuterClasses) - } + val typeParamSubstitution = makeTypeParamSubstitution(c, argsIncludingOuterClasses) c.declarations.map { if (shouldExtractDecl(it, false)) { - when(it) { - is IrFunction -> extractFunction(it, id, extractBody = false, extractMethodAndParameterTypeAccesses = false, typeParamSubstitution, argsIncludingOuterClasses) - is IrProperty -> extractProperty(it, id, extractBackingField = false, extractFunctionBodies = false, extractPrivateMembers = false, typeParamSubstitution, argsIncludingOuterClasses) - else -> {} - } + extractDeclarationPrototype(it, id, argsIncludingOuterClasses, typeParamSubstitution) } } } @@ -472,6 +495,8 @@ open class KotlinFileExtractor( extractClassModifiers(c, id) extractClassSupertypes(c, id, inReceiverContext = true) // inReceiverContext = true is specified to force extraction of member prototypes of base types + linesOfCode?.linesOfCodeInDeclaration(c, id) + return id } } @@ -568,12 +593,7 @@ open class KotlinFileExtractor( var parent: IrDeclarationParent? = declarationParent while (parent != null) { if (parent is IrClass) { - val parentId = - if (parent.isAnonymousObject) { - useAnonymousClass(parent).javaResult.id.cast() - } else { - useClassInstance(parent, parentClassTypeArguments).typeResult.id - } + val parentId = useClassInstance(parent, parentClassTypeArguments).typeResult.id tw.writeEnclInReftype(innerId, parentId) if (innerClass != null && innerClass.isCompanion) { // If we are a companion then our parent has a @@ -718,6 +738,8 @@ open class KotlinFileExtractor( val locId = tw.getWholeFileLocation() tw.writeHasLocation(clinitId, locId) + addModifiers(clinitId, "static") + // add and return body block: Pair(extractBlockBody(clinitId, locId), clinitId) } @@ -851,7 +873,7 @@ open class KotlinFileExtractor( extractTypeAccess(useType(paramType), locId, paramId, -1) } } - val paramsSignature = allParamTypeResults.joinToString(separator = ",", prefix = "(", postfix = ")") { it.javaResult.signature } + val paramsSignature = allParamTypeResults.joinToString(separator = ",", prefix = "(", postfix = ")") { signatureOrWarn(it.javaResult, f) } val shortName = getDefaultsMethodName(f) if (f.symbol is IrConstructorSymbol) { @@ -1061,6 +1083,14 @@ open class KotlinFileExtractor( } } + private fun signatureOrWarn(t: TypeResult<*>, associatedElement: IrElement?) = + t.signature ?: "".also { + if (associatedElement != null) + logger.warnElement("Needed a signature for a type that doesn't have one", associatedElement) + else + logger.warn("Needed a signature for a type that doesn't have one") + } + private fun forceExtractFunction(f: IrFunction, parentId: Label, extractBody: Boolean, extractMethodAndParameterTypeAccesses: Boolean, typeSubstitution: TypeSubstitution?, classTypeArgsIncludingOuterClasses: List?, extractOrigin: Boolean = true, overriddenAttributes: OverriddenFunctionAttributes? = null): Label { with("function", f) { DeclarationStackAdjuster(f, overriddenAttributes).use { @@ -1097,7 +1127,7 @@ open class KotlinFileExtractor( paramTypes } - val paramsSignature = allParamTypes.joinToString(separator = ",", prefix = "(", postfix = ")") { it.javaResult.signature } + val paramsSignature = allParamTypes.joinToString(separator = ",", prefix = "(", postfix = ")") { signatureOrWarn(it.javaResult, f) } val adjustedReturnType = addJavaLoweringWildcards(getAdjustedReturnType(f), false, (javaCallable as? JavaMethod)?.returnType) val substReturnType = typeSubstitution?.let { it(adjustedReturnType, TypeContext.RETURN, pluginContext) } ?: adjustedReturnType @@ -1148,6 +1178,8 @@ open class KotlinFileExtractor( addModifiers(id, "suspend") } + linesOfCode?.linesOfCodeInDeclaration(f, id) + return id } } @@ -1251,6 +1283,10 @@ open class KotlinFileExtractor( } extractVisibility(p, id, p.visibility) + + if (p.isLateinit) { + addModifiers(id, "lateinit") + } } } } @@ -1406,6 +1442,9 @@ open class KotlinFileExtractor( if (!v.isVar) { addModifiers(varId, "final") } + if (v.isLateinit) { + addModifiers(varId, "lateinit") + } } } @@ -1729,7 +1768,7 @@ open class KotlinFileExtractor( private fun extractsDefaultsCall( syntacticCallTarget: IrFunction, locId: Label, - callsite: IrCall, + resultType: IrType, enclosingCallable: Label, callsiteParent: Label, childIdx: Int, @@ -1744,7 +1783,7 @@ open class KotlinFileExtractor( useFunction(callTarget) } val defaultMethodLabel = getDefaultsMethodLabel(callTarget) - val id = extractMethodAccessWithoutArgs(callsite.type, locId, enclosingCallable, callsiteParent, childIdx, enclosingStmt, defaultMethodLabel) + val id = extractMethodAccessWithoutArgs(resultType, locId, enclosingCallable, callsiteParent, childIdx, enclosingStmt, defaultMethodLabel) if (callTarget.isLocalFunction()) { extractTypeAccess(getLocallyVisibleFunctionLabels(callTarget).type, locId, id, -1, enclosingCallable, enclosingStmt) @@ -1847,7 +1886,8 @@ open class KotlinFileExtractor( fun extractRawMethodAccess( syntacticCallTarget: IrFunction, - callsite: IrCall, + locElement: IrElement, + resultType: IrType, enclosingCallable: Label, callsiteParent: Label, childIdx: Int, @@ -1859,13 +1899,13 @@ open class KotlinFileExtractor( extractClassTypeArguments: Boolean = false, superQualifierSymbol: IrClassSymbol? = null) { - val locId = tw.getLocation(callsite) + val locId = tw.getLocation(locElement) if (valueArguments.any { it == null }) { extractsDefaultsCall( syntacticCallTarget, locId, - callsite, + resultType, enclosingCallable, callsiteParent, childIdx, @@ -1878,7 +1918,7 @@ open class KotlinFileExtractor( extractRawMethodAccess( syntacticCallTarget, locId, - callsite.type, + resultType, enclosingCallable, callsiteParent, childIdx, @@ -2209,7 +2249,7 @@ open class KotlinFileExtractor( return } - extractRawMethodAccess(syntacticCallTarget, c, callable, parent, idx, enclosingStmt, (0 until c.valueArgumentsCount).map { c.getValueArgument(it) }, c.dispatchReceiver, c.extensionReceiver, typeArgs, extractClassTypeArguments, c.superQualifierSymbol) + extractRawMethodAccess(syntacticCallTarget, c, c.type, callable, parent, idx, enclosingStmt, (0 until c.valueArgumentsCount).map { c.getValueArgument(it) }, c.dispatchReceiver, c.extensionReceiver, typeArgs, extractClassTypeArguments, c.superQualifierSymbol) } fun extractSpecialEnumFunction(fnName: String){ @@ -2313,7 +2353,7 @@ open class KotlinFileExtractor( } isFunction(target, "kotlin", "String", "plus", true) -> { findJdkIntrinsicOrWarn("stringPlus", c)?.let { stringPlusFn -> - extractRawMethodAccess(stringPlusFn, c, callable, parent, idx, enclosingStmt, listOf(c.extensionReceiver, c.getValueArgument(0)), null, null) + extractRawMethodAccess(stringPlusFn, c, c.type, callable, parent, idx, enclosingStmt, listOf(c.extensionReceiver, c.getValueArgument(0)), null, null) } } isNumericFunction(target, listOf("plus", "minus", "times", "div", "rem", "and", "or", "xor", "shl", "shr", "ushr")) -> { @@ -2435,7 +2475,10 @@ open class KotlinFileExtractor( } } tw.writeExprsKotlinType(id, type.kotlinResult.id) - unaryopDisp(id) + if (isFunction(target, "kotlin", "Byte or Short", { it == "Byte" || it == "Short" }, "inv")) + unaryopReceiver(id, c.extensionReceiver, "Extension receiver") + else + unaryopDisp(id) } // We need to handle all the builtin operators defines in BuiltInOperatorNames in // compiler/ir/ir.tree/src/org/jetbrains/kotlin/ir/IrBuiltIns.kt @@ -2555,7 +2598,7 @@ open class KotlinFileExtractor( } isFunction(target, "kotlin", "Any", "toString", true) -> { stringValueOfObjectMethod?.let { - extractRawMethodAccess(it, c, callable, parent, idx, enclosingStmt, listOf(c.extensionReceiver), null, null) + extractRawMethodAccess(it, c, c.type, callable, parent, idx, enclosingStmt, listOf(c.extensionReceiver), null, null) } } isBuiltinCallKotlin(c, "enumValues") -> { @@ -2605,6 +2648,24 @@ open class KotlinFileExtractor( || isBuiltinCallKotlin(c, "byteArrayOf") || isBuiltinCallKotlin(c, "booleanArrayOf") -> { + + val isPrimitiveArrayCreation = !isBuiltinCallKotlin(c, "arrayOf") + val elementType = if (isPrimitiveArrayCreation) { + c.type.getArrayElementType(pluginContext.irBuiltIns) + } else { + // TODO: is there any reason not to always use getArrayElementType? + if (c.typeArgumentsCount == 1) { + c.getTypeArgument(0).also { + if (it == null) { + logger.errorElement("Type argument missing in an arrayOf call", c) + } + } + } else { + logger.errorElement("Expected to find one type argument in arrayOf call", c) + null + } + } + val arg = if (c.valueArgumentsCount == 1) c.getValueArgument(0) else { logger.errorElement("Expected to find only one (vararg) argument in ${c.symbol.owner.name.asString()} call", c) null @@ -2615,59 +2676,7 @@ open class KotlinFileExtractor( } } - // If this is [someType]ArrayOf(*x), x, otherwise null - val clonedArray = arg?.let { - if (arg.elements.size == 1) { - val onlyElement = arg.elements[0] - if (onlyElement is IrSpreadElement) - onlyElement.expression - else null - } else null - } - - if (clonedArray != null) { - // This is an array clone: extract is as a call to java.lang.Object.clone - objectCloneMethod?.let { - extractRawMethodAccess(it, c, callable, parent, idx, enclosingStmt, listOf(), clonedArray, null) - } - } else { - // This is array creation: extract it as a call to new ArrayType[] { ... } - val id = tw.getFreshIdLabel() - val type = useType(c.type) - tw.writeExprs_arraycreationexpr(id, type.javaResult.id, parent, idx) - tw.writeExprsKotlinType(id, type.kotlinResult.id) - val locId = tw.getLocation(c) - tw.writeHasLocation(id, locId) - tw.writeCallableEnclosingExpr(id, callable) - - if (isBuiltinCallKotlin(c, "arrayOf")) { - if (c.typeArgumentsCount == 1) { - val typeArgument = c.getTypeArgument(0) - if (typeArgument == null) { - logger.errorElement("Type argument missing in an arrayOf call", c) - } else { - extractTypeAccessRecursive(typeArgument, locId, id, -1, callable, enclosingStmt, TypeContext.GENERIC_ARGUMENT) - } - } else { - logger.errorElement("Expected to find one type argument in arrayOf call", c ) - } - } else { - val elementType = c.type.getArrayElementType(pluginContext.irBuiltIns) - extractTypeAccessRecursive(elementType, locId, id, -1, callable, enclosingStmt) - } - - arg?.let { - val initId = tw.getFreshIdLabel() - tw.writeExprs_arrayinit(initId, type.javaResult.id, id, -2) - tw.writeExprsKotlinType(initId, type.kotlinResult.id) - tw.writeHasLocation(initId, locId) - tw.writeCallableEnclosingExpr(initId, callable) - tw.writeStatementEnclosingExpr(initId, enclosingStmt) - it.elements.forEachIndexed { i, arg -> extractVarargElement(arg, callable, initId, i, enclosingStmt) } - - extractConstantInteger(it.elements.size, locId, id, 0, callable, enclosingStmt) - } - } + extractArrayCreation(arg, c.type, elementType, isPrimitiveArrayCreation, c, parent, idx, callable, enclosingStmt) } isBuiltinCall(c, "", "kotlin.jvm") -> { // Special case for KClass<*>.java, which is used in the Parcelize plugin. In normal cases, this is already rewritten to the property referenced below: @@ -2687,7 +2696,7 @@ open class KotlinFileExtractor( val argType = (ext.type as? IrSimpleType)?.arguments?.firstOrNull()?.typeOrNull val typeArguments = if (argType == null) listOf() else listOf(argType) - extractRawMethodAccess(getter, c, callable, parent, idx, enclosingStmt, listOf(), null, ext, typeArguments) + extractRawMethodAccess(getter, c, c.type, callable, parent, idx, enclosingStmt, listOf(), null, ext, typeArguments) } } isFunction(target, "kotlin", "(some array type)", { isArrayType(it) }, "iterator") -> { @@ -2718,7 +2727,7 @@ open class KotlinFileExtractor( else -> pluginContext.irBuiltIns.anyNType } } - extractRawMethodAccess(iteratorFn, c, callable, parent, idx, enclosingStmt, listOf(c.dispatchReceiver), null, null, typeArgs) + extractRawMethodAccess(iteratorFn, c, c.type, callable, parent, idx, enclosingStmt, listOf(c.dispatchReceiver), null, null, typeArgs) } } } @@ -2807,6 +2816,7 @@ open class KotlinFileExtractor( extractRawMethodAccess( realCallee, c, + c.type, callable, parent, idx, @@ -2834,6 +2844,7 @@ open class KotlinFileExtractor( extractRawMethodAccess( realCallee, c, + c.type, callable, parent, idx, @@ -2851,6 +2862,51 @@ open class KotlinFileExtractor( } } + private fun extractArrayCreation(elementList: IrVararg?, resultType: IrType, elementType: IrType?, allowPrimitiveElementType: Boolean, locElement: IrElement, parent: Label, idx: Int, enclosingCallable: Label, enclosingStmt: Label) { + // If this is [someType]ArrayOf(*x), x, otherwise null + val clonedArray = elementList?.let { + if (it.elements.size == 1) { + val onlyElement = it.elements[0] + if (onlyElement is IrSpreadElement) + onlyElement.expression + else null + } else null + } + + if (clonedArray != null) { + // This is an array clone: extract is as a call to java.lang.Object.clone + objectCloneMethod?.let { + extractRawMethodAccess(it, locElement, resultType, enclosingCallable, parent, idx, enclosingStmt, listOf(), clonedArray, null) + } + } else { + // This is array creation: extract it as a call to new ArrayType[] { ... } + val id = tw.getFreshIdLabel() + val type = useType(resultType) + tw.writeExprs_arraycreationexpr(id, type.javaResult.id, parent, idx) + tw.writeExprsKotlinType(id, type.kotlinResult.id) + val locId = tw.getLocation(locElement) + tw.writeHasLocation(id, locId) + tw.writeCallableEnclosingExpr(id, enclosingCallable) + + if (elementType != null) { + val typeContext = if (allowPrimitiveElementType) TypeContext.OTHER else TypeContext.GENERIC_ARGUMENT + extractTypeAccessRecursive(elementType, locId, id, -1, enclosingCallable, enclosingStmt, typeContext) + } + + if (elementList != null) { + val initId = tw.getFreshIdLabel() + tw.writeExprs_arrayinit(initId, type.javaResult.id, id, -2) + tw.writeExprsKotlinType(initId, type.kotlinResult.id) + tw.writeHasLocation(initId, locId) + tw.writeCallableEnclosingExpr(initId, enclosingCallable) + tw.writeStatementEnclosingExpr(initId, enclosingStmt) + elementList.elements.forEachIndexed { i, arg -> extractVarargElement(arg, enclosingCallable, initId, i, enclosingStmt) } + + extractConstantInteger(elementList.elements.size, locId, id, 0, enclosingCallable, enclosingStmt) + } + } + } + private fun extractNewExpr( methodId: Label, constructedType: TypeResults, @@ -2909,20 +2965,8 @@ open class KotlinFileExtractor( logger.errorElement("Constructor call has non-simple type ${eType.javaClass}", e) return } + val type = useType(eType) val isAnonymous = eType.isAnonymous - val type: TypeResults = if (isAnonymous) { - if (e.typeArgumentsCount > 0) { - logger.warnElement("Unexpected type arguments (${e.typeArgumentsCount}) for anonymous class constructor call", e) - } - val c = eType.classifier.owner - if (c !is IrClass) { - logger.errorElement("Anonymous constructor call type not a class (${c.javaClass})", e) - return - } - useAnonymousClass(c) - } else { - useType(eType) - } val locId = tw.getLocation(e) val valueArgs = (0 until e.valueArgumentsCount).map { e.getValueArgument(it) } // For now, don't try to use default methods for enum constructor calls, @@ -2939,7 +2983,7 @@ open class KotlinFileExtractor( } if (isAnonymous) { - tw.writeIsAnonymClass(type.javaResult.id.cast(), id) + tw.writeIsAnonymClass(type.javaResult.id.cast(), id) } val dr = e.dispatchReceiver @@ -3634,14 +3678,12 @@ open class KotlinFileExtractor( extractTypeOperatorCall(e, callable, exprParent.parent, exprParent.idx, exprParent.enclosingStmt) } is IrVararg -> { - var spread = e.elements.getOrNull(0) as? IrSpreadElement - if (spread == null || e.elements.size != 1) { - logger.errorElement("Unexpected IrVararg", e) - return - } // There are lowered IR cases when the vararg expression is not within a call, such as - // val temp0 = [*expr] - extractExpression(spread.expression, callable, parent) + // val temp0 = [*expr]. + // This AST element can also occur as a collection literal in an annotation class, such as + // annotation class Ann(val strings: Array = []) + val exprParent = parent.expr(e, callable) + extractArrayCreation(e, e.type, e.varargElementType, true, e, exprParent.parent, exprParent.idx, callable, exprParent.enclosingStmt) } is IrGetObjectValue -> { // For `object MyObject { ... }`, the .class has an @@ -4229,9 +4271,11 @@ open class KotlinFileExtractor( * this.dispatchReceiver = dispatchReceiver * } * - * fun get(): R { return this.dispatchReceiver.FN1() } + * override fun get(): R { return this.dispatchReceiver.FN1() } * - * fun set(a0: R): Unit { return this.dispatchReceiver.FN2(a0) } + * override fun set(a0: R): Unit { return this.dispatchReceiver.FN2(a0) } + * + * override fun invoke(): R { return this.get() } * } * ``` * @@ -4269,8 +4313,8 @@ open class KotlinFileExtractor( ) val declarationParent = peekDeclStackAsDeclarationParent(propertyReferenceExpr) ?: return - val prefix = if (kPropertyClass.owner.name.asString().startsWith("KMutableProperty")) "Mutable" else "" - val baseClass = pluginContext.referenceClass(FqName("kotlin.jvm.internal.${prefix}PropertyReference${kPropertyType.arguments.size - 1}"))?.owner?.typeWith() + // The base class could be `Any`. `PropertyReference` is used to keep symmetry with function references. + val baseClass = pluginContext.referenceClass(FqName("kotlin.jvm.internal.PropertyReference"))?.owner?.typeWith() ?: pluginContext.irBuiltIns.anyType val classId = extractGeneratedClass(ids, listOf(baseClass, kPropertyType), locId, propertyReferenceExpr, declarationParent) @@ -4373,10 +4417,16 @@ open class KotlinFileExtractor( callable: Label ) { with("function reference", functionReferenceExpr) { - val target = functionReferenceExpr.reflectionTarget ?: run { - logger.warnElement("Expected to find reflection target for function reference. Using underlying symbol instead.", functionReferenceExpr) - functionReferenceExpr.symbol - } + val target = + if (functionReferenceExpr.origin == IrStatementOrigin.ADAPTED_FUNCTION_REFERENCE) + // For an adaptation (e.g. to adjust the number or type of arguments or results), the symbol field points at the adapter while `.reflectionTarget` points at the source-level target. + functionReferenceExpr.symbol + else + // TODO: Consider whether we could always target the symbol + functionReferenceExpr.reflectionTarget ?: run { + logger.warnElement("Expected to find reflection target for function reference. Using underlying symbol instead.", functionReferenceExpr) + functionReferenceExpr.symbol + } /* * Extract generated class: @@ -4480,7 +4530,10 @@ open class KotlinFileExtractor( val baseClass = pluginContext.referenceClass(FqName("kotlin.jvm.internal.FunctionReference"))?.owner?.typeWith() ?: pluginContext.irBuiltIns.anyType - val classId = extractGeneratedClass(ids, listOf(baseClass, fnInterfaceType), locId, functionReferenceExpr, declarationParent) + val classId = extractGeneratedClass(ids, listOf(baseClass, fnInterfaceType), locId, functionReferenceExpr, declarationParent, { it.valueParameters.size == 1 }) { + // The argument to FunctionReference's constructor is the function arity. + extractConstantInteger(type.arguments.size - 1, locId, it, 0, ids.constructor, it) + } helper.extractReceiverField() @@ -4588,7 +4641,7 @@ open class KotlinFileExtractor( Pair(paramId, paramType) } - val paramsSignature = parameters.joinToString(separator = ",", prefix = "(", postfix = ")") { it.second.javaResult.signature } + val paramsSignature = parameters.joinToString(separator = ",", prefix = "(", postfix = ")") { signatureOrWarn(it.second.javaResult, declarationStack.tryPeek()?.first) } val rt = useType(returnType, TypeContext.RETURN) tw.writeMethods(methodId, name, "$name$paramsSignature", rt.javaResult.id, parentId, methodId) @@ -5029,7 +5082,10 @@ open class KotlinFileExtractor( return } - if (!st.isFunctionOrKFunction() && !st.isSuspendFunctionOrKFunction()) { + fun IrSimpleType.isKProperty() = + classFqName?.asString()?.startsWith("kotlin.reflect.KProperty") == true + + if (!st.isFunctionOrKFunction() && !st.isSuspendFunctionOrKFunction() && !st.isKProperty()) { logger.errorElement("Expected to find expression with function type in SAM conversion.", e) return } @@ -5217,7 +5273,9 @@ open class KotlinFileExtractor( superTypes: List, locId: Label, elementToReportOn: IrElement, - declarationParent: IrDeclarationParent + declarationParent: IrDeclarationParent, + superConstructorSelector: (IrFunction) -> Boolean = { it.valueParameters.isEmpty() }, + extractSuperconstructorArgs: (Label) -> Unit = {} ): Label { // Write class val id = ids.type.javaResult.id.cast() @@ -5242,7 +5300,7 @@ open class KotlinFileExtractor( if (baseClass == null) { logger.warnElement("Cannot find base class", elementToReportOn) } else { - val baseConstructor = baseClass.owner.declarations.findSubType { it.symbol is IrConstructorSymbol } + val baseConstructor = baseClass.owner.declarations.findSubType { it.symbol is IrConstructorSymbol && superConstructorSelector(it) } if (baseConstructor == null) { logger.warnElement("Cannot find base constructor", elementToReportOn) } else { @@ -5253,6 +5311,7 @@ open class KotlinFileExtractor( tw.writeHasLocation(superCallId, locId) tw.writeCallableBinding(superCallId.cast(), baseConstructorId) + extractSuperconstructorArgs(superCallId) } } @@ -5266,7 +5325,7 @@ open class KotlinFileExtractor( } /** - * Extracts the class around a local function or a lambda. + * Extracts the class around a local function or a lambda. The superclass must have a no-arg constructor. */ private fun extractGeneratedClass(localFunction: IrFunction, superTypes: List) : Label { with("generated class", localFunction) { @@ -5301,6 +5360,8 @@ open class KotlinFileExtractor( fun peek() = stack.peek() + fun tryPeek() = if (stack.isEmpty()) null else stack.peek() + fun findOverriddenAttributes(f: IrFunction) = stack.lastOrNull { it.first == f } ?.second diff --git a/java/kotlin-extractor/src/main/kotlin/KotlinUsesExtractor.kt b/java/kotlin-extractor/src/main/kotlin/KotlinUsesExtractor.kt index 1bd27278da0..f7f553f03d9 100644 --- a/java/kotlin-extractor/src/main/kotlin/KotlinUsesExtractor.kt +++ b/java/kotlin-extractor/src/main/kotlin/KotlinUsesExtractor.kt @@ -138,13 +138,13 @@ open class KotlinUsesExtractor( val newTrapWriter = tw.makeFileTrapWriter(filePath, true) val newLoggerTrapWriter = logger.tw.makeFileTrapWriter(filePath, false) val newLogger = FileLogger(logger.loggerBase, newLoggerTrapWriter) - return KotlinFileExtractor(newLogger, newTrapWriter, filePath, dependencyCollector, externalClassExtractor, primitiveTypeMapping, pluginContext, newDeclarationStack, globalExtensionState) + return KotlinFileExtractor(newLogger, newTrapWriter, null, filePath, dependencyCollector, externalClassExtractor, primitiveTypeMapping, pluginContext, newDeclarationStack, globalExtensionState) } val newTrapWriter = tw.makeSourceFileTrapWriter(clsFile, true) val newLoggerTrapWriter = logger.tw.makeSourceFileTrapWriter(clsFile, false) val newLogger = FileLogger(logger.loggerBase, newLoggerTrapWriter) - return KotlinFileExtractor(newLogger, newTrapWriter, clsFile.path, dependencyCollector, externalClassExtractor, primitiveTypeMapping, pluginContext, newDeclarationStack, globalExtensionState) + return KotlinFileExtractor(newLogger, newTrapWriter, null, clsFile.path, dependencyCollector, externalClassExtractor, primitiveTypeMapping, pluginContext, newDeclarationStack, globalExtensionState) } // The Kotlin compiler internal representation of Outer.Inner.InnerInner is InnerInner. This function returns just `R`. @@ -210,10 +210,6 @@ open class KotlinUsesExtractor( // `typeArgs` can be null to describe a raw generic type. // For non-generic types it will be zero-length list. fun useClassInstance(c: IrClass, typeArgs: List?, inReceiverContext: Boolean = false): UseClassInstanceResult { - if (c.isAnonymousObject) { - logger.error("Unexpected access to anonymous class instance") - } - val substituteClass = getJavaEquivalentClass(c) val extractClass = substituteClass ?: c @@ -418,10 +414,11 @@ open class KotlinUsesExtractor( } val fqName = replacedClass.fqNameWhenAvailable - val signature = if (fqName == null) { + val signature = if (replacedClass.isAnonymousObject) { + null + } else if (fqName == null) { logger.error("Unable to find signature/fqName for ${replacedClass.name}") - // TODO: Should we return null here instead? - "" + null } else { fqName.asString() } @@ -465,7 +462,7 @@ open class KotlinUsesExtractor( } } - fun useAnonymousClass(c: IrClass) = + private fun useAnonymousClass(c: IrClass) = tw.lm.anonymousTypeMapping.getOrPut(c) { TypeResults( TypeResult(tw.getFreshIdLabel(), "", ""), @@ -473,14 +470,6 @@ open class KotlinUsesExtractor( ) } - fun getExistingAnonymousClassLabel(c: IrClass): Label? { - if (!c.isAnonymousObject){ - return null - } - - return tw.lm.anonymousTypeMapping[c]?.javaResult?.id - } - fun fakeKotlinType(): Label { val fakeKotlinPackageId: Label = tw.getLabelFor("@\"FakeKotlinPackage\"", { tw.writePackages(it, "fake.kotlin") @@ -497,16 +486,6 @@ open class KotlinUsesExtractor( // `args` can be null to describe a raw generic type. // For non-generic types it will be zero-length list. fun useSimpleTypeClass(c: IrClass, args: List?, hasQuestionMark: Boolean): TypeResults { - if (c.isAnonymousObject) { - args?.let { - if (it.isNotEmpty() && !isUnspecialised(c, it, logger)) { - logger.error("Unexpected specialised instance of generic anonymous class") - } - } - - return useAnonymousClass(c) - } - val classInstanceResult = useClassInstance(c, args) val javaClassId = classInstanceResult.typeResult.id val kotlinQualClassName = getUnquotedClassLabel(c, args).classLabel @@ -795,7 +774,7 @@ open class KotlinUsesExtractor( extractFileClass(dp) } is IrClass -> - if (classTypeArguments != null && !dp.isAnonymousObject) { + if (classTypeArguments != null) { useClassInstance(dp, classTypeArguments, inReceiverContext).typeResult.id } else { val replacedType = tryReplaceParcelizeRawType(dp) @@ -944,7 +923,7 @@ open class KotlinUsesExtractor( private val jvmWildcardAnnotation = FqName("kotlin.jvm.JvmWildcard") - private val jvmWildcardSuppressionAnnotaton = FqName("kotlin.jvm.JvmSuppressWildcards") + private val jvmWildcardSuppressionAnnotation = FqName("kotlin.jvm.JvmSuppressWildcards") private fun arrayExtendsAdditionAllowed(t: IrSimpleType): Boolean = // Note the array special case includes Array<*>, which does permit adding `? extends ...` (making `? extends Object[]` in that case) @@ -977,7 +956,7 @@ open class KotlinUsesExtractor( when { t.hasAnnotation(jvmWildcardAnnotation) -> true !addByDefault -> false - t.hasAnnotation(jvmWildcardSuppressionAnnotaton) -> false + t.hasAnnotation(jvmWildcardSuppressionAnnotation) -> false v == Variance.IN_VARIANCE -> !(t.isNullableAny() || t.isAny()) v == Variance.OUT_VARIANCE -> extendsAdditionAllowed(t) else -> false @@ -1225,9 +1204,9 @@ open class KotlinUsesExtractor( } fun hasWildcardSuppressionAnnotation(d: IrDeclaration) = - d.hasAnnotation(jvmWildcardSuppressionAnnotaton) || + d.hasAnnotation(jvmWildcardSuppressionAnnotation) || // Note not using `parentsWithSelf` as that only works if `d` is an IrDeclarationParent - d.parents.any { (it as? IrAnnotationContainer)?.hasAnnotation(jvmWildcardSuppressionAnnotaton) == true } + d.parents.any { (it as? IrAnnotationContainer)?.hasAnnotation(jvmWildcardSuppressionAnnotation) == true } /** * Class to hold labels for generated classes around local functions, lambdas, function references, and property references. @@ -1319,6 +1298,12 @@ open class KotlinUsesExtractor( } } ?: f + fun isPrivate(d: IrDeclaration) = + when(d) { + is IrDeclarationWithVisibility -> d.visibility.let { it == DescriptorVisibilities.PRIVATE || it == DescriptorVisibilities.PRIVATE_TO_THIS } + else -> false + } + fun useFunction(f: IrFunction, classTypeArgsIncludingOuterClasses: List? = null, noReplace: Boolean = false): Label { return useFunction(f, null, classTypeArgsIncludingOuterClasses, noReplace) } @@ -1330,7 +1315,9 @@ open class KotlinUsesExtractor( } val javaFun = kotlinFunctionToJavaEquivalent(f, noReplace) val label = getFunctionLabel(javaFun, parentId, classTypeArgsIncludingOuterClasses) - val id: Label = tw.getLabelFor(label) + val id: Label = tw.getLabelFor(label) { + extractPrivateSpecialisedDeclaration(f, classTypeArgsIncludingOuterClasses) + } if (isExternalDeclaration(javaFun)) { extractFunctionLaterIfExternalFileMember(javaFun) extractExternalEnclosingClassLater(javaFun) @@ -1338,6 +1325,19 @@ open class KotlinUsesExtractor( return id } + private fun extractPrivateSpecialisedDeclaration(d: IrDeclaration, classTypeArgsIncludingOuterClasses: List?) { + // Note here `classTypeArgsIncludingOuterClasses` being null doesn't signify a raw receiver type but rather that no type args were supplied. + // This is because a call to a private method can only be observed inside Kotlin code, and Kotlin can't represent raw types. + if (this is KotlinFileExtractor && isPrivate(d) && classTypeArgsIncludingOuterClasses != null && classTypeArgsIncludingOuterClasses.isNotEmpty()) { + d.parent.let { + when(it) { + is IrClass -> this.extractDeclarationPrototype(d, useClassInstance(it, classTypeArgsIncludingOuterClasses).typeResult.id, classTypeArgsIncludingOuterClasses) + else -> logger.warnElement("Unable to extract specialised declaration that isn't a member of a class", d) + } + } + } + } + fun getTypeArgumentLabel( arg: IrTypeArgument ): TypeResultWithoutSignature { @@ -1393,20 +1393,24 @@ open class KotlinUsesExtractor( private fun getUnquotedClassLabel(c: IrClass, argsIncludingOuterClasses: List?): ClassLabelResults { val pkg = c.packageFqName?.asString() ?: "" val cls = c.name.asString() - val label = when (val parent = c.parent) { - is IrClass -> { - "${getUnquotedClassLabel(parent, listOf()).classLabel}\$$cls" - } - is IrFunction -> { - "{${useFunction(parent)}}.$cls" - } - is IrField -> { - "{${useField(parent)}}.$cls" - } - else -> { - if (pkg.isEmpty()) cls else "$pkg.$cls" - } - } + val label = + if (c.isAnonymousObject) + "{${useAnonymousClass(c).javaResult.id}}" + else + when (val parent = c.parent) { + is IrClass -> { + "${getUnquotedClassLabel(parent, listOf()).classLabel}\$$cls" + } + is IrFunction -> { + "{${useFunction(parent)}}.$cls" + } + is IrField -> { + "{${useField(parent)}}.$cls" + } + else -> { + if (pkg.isEmpty()) cls else "$pkg.$cls" + } + } val reorderedArgs = orderTypeArgsLeftToRight(c, argsIncludingOuterClasses) val typeArgLabels = reorderedArgs?.map { getTypeArgumentLabel(it) } @@ -1417,20 +1421,17 @@ open class KotlinUsesExtractor( "" else typeArgLabels.takeLast(c.typeParameters.size).joinToString(prefix = "<", postfix = ">", separator = ",") { it.shortName } + val shortNamePrefix = if (c.isAnonymousObject) "" else cls return ClassLabelResults( label + (typeArgLabels?.joinToString(separator = "") { ";{${it.id}}" } ?: "<>"), - cls + typeArgsShortName + shortNamePrefix + typeArgsShortName ) } // `args` can be null to describe a raw generic type. // For non-generic types it will be zero-length list. fun getClassLabel(c: IrClass, argsIncludingOuterClasses: List?): ClassLabelResults { - if (c.isAnonymousObject) { - logger.error("Label generation should not be requested for an anonymous class") - } - val unquotedLabel = getUnquotedClassLabel(c, argsIncludingOuterClasses) return ClassLabelResults( "@\"class;${unquotedLabel.classLabel}\"", @@ -1438,10 +1439,6 @@ open class KotlinUsesExtractor( } fun useClassSource(c: IrClass): Label { - if (c.isAnonymousObject) { - return useAnonymousClass(c).javaResult.id.cast() - } - // For source classes, the label doesn't include any type arguments val classTypeResult = addClassLabel(c, listOf()) return classTypeResult.id @@ -1686,8 +1683,11 @@ open class KotlinUsesExtractor( } } - fun useProperty(p: IrProperty, parentId: Label, classTypeArgsIncludingOuterClasses: List?): Label = - tw.getLabelFor(getPropertyLabel(p, parentId, classTypeArgsIncludingOuterClasses)).also { extractPropertyLaterIfExternalFileMember(p) } + fun useProperty(p: IrProperty, parentId: Label, classTypeArgsIncludingOuterClasses: List?) = + tw.getLabelFor(getPropertyLabel(p, parentId, classTypeArgsIncludingOuterClasses)) { + extractPropertyLaterIfExternalFileMember(p) + extractPrivateSpecialisedDeclaration(p, classTypeArgsIncludingOuterClasses) + } fun getEnumEntryLabel(ee: IrEnumEntry): String { val parentId = useDeclarationParent(ee.parent, false) diff --git a/java/kotlin-extractor/src/main/kotlin/LinesOfCode.kt b/java/kotlin-extractor/src/main/kotlin/LinesOfCode.kt new file mode 100644 index 00000000000..8fb8869443e --- /dev/null +++ b/java/kotlin-extractor/src/main/kotlin/LinesOfCode.kt @@ -0,0 +1,127 @@ +package com.github.codeql + +import com.github.codeql.utils.versions.Psi2Ir +import com.intellij.psi.PsiComment +import com.intellij.psi.PsiElement +import com.intellij.psi.PsiWhiteSpace +import org.jetbrains.kotlin.ir.IrElement +import org.jetbrains.kotlin.ir.declarations.* +import org.jetbrains.kotlin.kdoc.psi.api.KDocElement +import org.jetbrains.kotlin.psi.KtCodeFragment +import org.jetbrains.kotlin.psi.KtVisitor + +class LinesOfCode( + val logger: FileLogger, + val tw: FileTrapWriter, + val file: IrFile +) { + val psi2Ir = Psi2Ir(logger) + + fun linesOfCodeInFile(id: Label) { + val ktFile = psi2Ir.getKtFile(file) + if (ktFile == null) { + return + } + linesOfCodeInPsi(id, ktFile, file) + } + + fun linesOfCodeInDeclaration(d: IrDeclaration, id: Label) { + val p = psi2Ir.findPsiElement(d, file) + if (p == null) { + return + } + linesOfCodeInPsi(id, p, d) + } + + private fun linesOfCodeInPsi(id: Label, root: PsiElement, e: IrElement) { + val document = root.getContainingFile().getViewProvider().getDocument() + if (document == null) { + logger.errorElement("Cannot find document for PSI", e) + tw.writeNumlines(id, 0, 0, 0) + return + } + + val rootRange = root.getTextRange() + val rootFirstLine = document.getLineNumber(rootRange.getStartOffset()) + val rootLastLine = document.getLineNumber(rootRange.getEndOffset()) + if (rootLastLine < rootFirstLine) { + logger.errorElement("PSI ends before it starts", e) + tw.writeNumlines(id, 0, 0, 0) + return + } + val numLines = 1 + rootLastLine - rootFirstLine + val lineContents = Array(numLines) { LineContent() } + + val visitor = + object : KtVisitor() { + override fun visitElement(element: PsiElement) { + val isComment = element is PsiComment + // Comments may include nodes that aren't PsiComments, + // so we don't want to visit them or we'll think they + // are code. + if (!isComment) { + element.acceptChildren(this) + } + + if (element is PsiWhiteSpace) { + return + } + // Leaf nodes are assumed to be tokens, and + // therefore we count any lines that they are on. + // For comments, we actually need to look at the + // outermost node, as the leaves of KDocs don't + // necessarily cover all lines. + if (isComment || element.getChildren().size == 0) { + val range = element.getTextRange() + val startOffset = range.getStartOffset() + val endOffset = range.getEndOffset() + // The PSI doesn't seem to have anything like + // the IR's UNDEFINED_OFFSET and SYNTHETIC_OFFSET, + // but < 0 still seem to represent bad/unknown + // locations. + if (startOffset < 0 || endOffset < 0) { + logger.errorElement("PSI has negative offset", e) + return + } + if (startOffset > endOffset) { + return + } + // We might get e.g. an import list for a file + // with no imports, which claims to have start + // and end offsets of 0. Anything of 0 width + // we therefore just skip. + if (startOffset == endOffset) { + return + } + val firstLine = document.getLineNumber(startOffset) + val lastLine = document.getLineNumber(endOffset) + if (firstLine < rootFirstLine) { + logger.errorElement("PSI element starts before root", e) + return + } else if (lastLine > rootLastLine) { + logger.errorElement("PSI element ends after root", e) + return + } + for (line in firstLine..lastLine) { + val lineContent = lineContents[line - rootFirstLine] + if (isComment) { + lineContent.containsComment = true + } else { + lineContent.containsCode = true + } + } + } + } + } + root.accept(visitor) + val total = lineContents.size + val code = lineContents.count { it.containsCode } + val comment = lineContents.count { it.containsComment } + tw.writeNumlines(id, total, code, comment) + } + + private class LineContent { + var containsComment = false + var containsCode = false + } +} diff --git a/java/kotlin-extractor/src/main/kotlin/comments/CommentExtractor.kt b/java/kotlin-extractor/src/main/kotlin/comments/CommentExtractor.kt index eb09685905c..cae3174ecbd 100644 --- a/java/kotlin-extractor/src/main/kotlin/comments/CommentExtractor.kt +++ b/java/kotlin-extractor/src/main/kotlin/comments/CommentExtractor.kt @@ -127,12 +127,7 @@ class CommentExtractor(private val fileExtractor: KotlinFileExtractor, private v // local functions are not named globally, so we need to get them from the local function label cache label = "local function ${element.name.asString()}" fileExtractor.getExistingLocallyVisibleFunctionLabel(element) - } else if (element is IrClass && element.isAnonymousObject) { - // anonymous objects are not named globally, so we need to get them from the cache - label = "anonymous class ${element.name.asString()}" - fileExtractor.getExistingAnonymousClassLabel(element) - } - else { + } else { label = getLabelForNamedElement(element) ?: return null tw.getExistingLabelFor(label) } @@ -145,12 +140,7 @@ class CommentExtractor(private val fileExtractor: KotlinFileExtractor, private v private fun getLabelForNamedElement(element: IrElement) : String? { when (element) { - is IrClass -> - return if (element.isAnonymousObject) { - null - } else { - fileExtractor.getClassLabel(element, listOf()).classLabel - } + is IrClass -> return fileExtractor.getClassLabel(element, listOf()).classLabel is IrTypeParameter -> return fileExtractor.getTypeParameterLabel(element) is IrFunction -> { return if (element.isLocalFunction()) { diff --git a/java/kotlin-extractor/src/main/kotlin/utils/TypeResults.kt b/java/kotlin-extractor/src/main/kotlin/utils/TypeResults.kt index 428c7dab718..85bbf728b47 100644 --- a/java/kotlin-extractor/src/main/kotlin/utils/TypeResults.kt +++ b/java/kotlin-extractor/src/main/kotlin/utils/TypeResults.kt @@ -12,7 +12,7 @@ package com.github.codeql * `shortName` is a Java primitive name (e.g. "int"), a class short name with Java-style type arguments ("InnerClass" or * "OuterClass" or "OtherClass") or an array ("componentShortName[]"). */ -data class TypeResultGeneric(val id: Label, val signature: SignatureType, val shortName: String) { +data class TypeResultGeneric(val id: Label, val signature: SignatureType?, val shortName: String) { fun cast(): TypeResultGeneric { @Suppress("UNCHECKED_CAST") return this as TypeResultGeneric diff --git a/java/ql/integration-tests/linux-only/kotlin/custom_plugin/diagnostics.expected b/java/ql/integration-tests/linux-only/kotlin/custom_plugin/diagnostics.expected index 183abf9a986..fa16a8a7d81 100644 --- a/java/ql/integration-tests/linux-only/kotlin/custom_plugin/diagnostics.expected +++ b/java/ql/integration-tests/linux-only/kotlin/custom_plugin/diagnostics.expected @@ -1,2 +1,3 @@ | CodeQL Kotlin extractor | 2 | | IrProperty without a getter | d.kt:0:0:0:0 | d.kt:0:0:0:0 | -| CodeQL Kotlin extractor | 2 | | Not rewriting trap file for: Boolean -1.0-0- -1.0-0-null test-db/trap/java/classes/kotlin/Boolean.members.trap.gz | file://:0:0:0:0 | file://:0:0:0:0 | +| CodeQL Kotlin extractor | 2 | | Not rewriting trap file for test-db/trap/java/classes/java/lang/Boolean.members/Boolean.members--kotlin.trap.gz as it exists | file://:0:0:0:0 | file://:0:0:0:0 | +| CodeQL Kotlin extractor | 2 | | Not rewriting trap file for test-db/trap/java/classes/kotlin/Boolean.members/Boolean.members--null.trap.gz as it exists | file://:0:0:0:0 | file://:0:0:0:0 | diff --git a/java/ql/integration-tests/linux-only/kotlin/custom_plugin/diagnostics.ql b/java/ql/integration-tests/linux-only/kotlin/custom_plugin/diagnostics.ql index 57ec32bb048..94e2c43d437 100644 --- a/java/ql/integration-tests/linux-only/kotlin/custom_plugin/diagnostics.ql +++ b/java/ql/integration-tests/linux-only/kotlin/custom_plugin/diagnostics.ql @@ -1,13 +1,14 @@ import java -from string genBy, int severity, string tag, string msg, Location l +from string genBy, int severity, string tag, string msg, string msg2, Location l where diagnostics(_, genBy, severity, tag, msg, _, l) and ( // Different installations get different sets of these messages, // so we filter out all but one that happens everywhere. - msg.matches("Not rewriting trap file for: %") + msg.matches("Not rewriting trap file for %") implies - msg.matches("Not rewriting trap file for: Boolean %") - ) -select genBy, severity, tag, msg, l + msg.matches("Not rewriting trap file for %Boolean.members%") + ) and + msg2 = msg.regexpReplaceAll("#-?[0-9]+\\.-?[0-9]+--?[0-9]+-", "--") +select genBy, severity, tag, msg2, l diff --git a/java/ql/integration-tests/posix-only/kotlin/java_modifiers/libsrc/extlib/A.java b/java/ql/integration-tests/posix-only/kotlin/java_modifiers/libsrc/extlib/A.java new file mode 100644 index 00000000000..aa577f6526b --- /dev/null +++ b/java/ql/integration-tests/posix-only/kotlin/java_modifiers/libsrc/extlib/A.java @@ -0,0 +1,6 @@ +package extlib; + +public class A { + protected void m() {} +} + diff --git a/java/ql/integration-tests/posix-only/kotlin/java_modifiers/test.expected b/java/ql/integration-tests/posix-only/kotlin/java_modifiers/test.expected new file mode 100644 index 00000000000..459a8d9209d --- /dev/null +++ b/java/ql/integration-tests/posix-only/kotlin/java_modifiers/test.expected @@ -0,0 +1,2 @@ +| extlib.jar/extlib/A.class:0:0:0:0 | m | protected | +| test.kt:4:12:4:22 | m | override, protected | diff --git a/java/ql/integration-tests/posix-only/kotlin/java_modifiers/test.kt b/java/ql/integration-tests/posix-only/kotlin/java_modifiers/test.kt new file mode 100644 index 00000000000..49f233036b4 --- /dev/null +++ b/java/ql/integration-tests/posix-only/kotlin/java_modifiers/test.kt @@ -0,0 +1,6 @@ +import extlib.A; + +class B : A() { + override fun m() { } +} + diff --git a/java/ql/integration-tests/posix-only/kotlin/java_modifiers/test.py b/java/ql/integration-tests/posix-only/kotlin/java_modifiers/test.py new file mode 100644 index 00000000000..31c641d7013 --- /dev/null +++ b/java/ql/integration-tests/posix-only/kotlin/java_modifiers/test.py @@ -0,0 +1,10 @@ +from create_database_utils import * +import glob + +# Compile Java untraced. Note the Java source is hidden under `javasrc` so the Kotlin compiler +# will certainly reference the jar, not the source or class file for extlib.Lib + +os.mkdir('build') +runSuccessfully(["javac"] + glob.glob("libsrc/extlib/*.java") + ["-d", "build"]) +runSuccessfully(["jar", "cf", "extlib.jar", "-C", "build", "extlib"]) +run_codeql_database_create(["kotlinc test.kt -cp extlib.jar"], lang="java") diff --git a/java/ql/integration-tests/posix-only/kotlin/java_modifiers/test.ql b/java/ql/integration-tests/posix-only/kotlin/java_modifiers/test.ql new file mode 100644 index 00000000000..3c4cf8ac898 --- /dev/null +++ b/java/ql/integration-tests/posix-only/kotlin/java_modifiers/test.ql @@ -0,0 +1,6 @@ +import java + +query predicate mods(Method m, string modifiers) { + m.getName() = "m" and + modifiers = concat(string s | m.hasModifier(s) | s, ", ") +} diff --git a/java/ql/lib/change-notes/2022-09-29-contentprovider-incomplete-permissions.md b/java/ql/lib/change-notes/2022-09-29-contentprovider-incomplete-permissions.md new file mode 100644 index 00000000000..db4da90e5e9 --- /dev/null +++ b/java/ql/lib/change-notes/2022-09-29-contentprovider-incomplete-permissions.md @@ -0,0 +1,4 @@ +--- +category: feature +--- +* Added a new predicate, `hasIncompletePermissions`, in the `AndroidProviderXmlElement` class. This predicate detects if a provider element does not provide both read and write permissions. diff --git a/java/ql/lib/change-notes/2022-10-11-modifiable-type-variable.md b/java/ql/lib/change-notes/2022-10-11-modifiable-type-variable.md new file mode 100644 index 00000000000..38ce11b96b1 --- /dev/null +++ b/java/ql/lib/change-notes/2022-10-11-modifiable-type-variable.md @@ -0,0 +1,4 @@ +--- +category: minorAnalysis +--- +* The class `TypeVariable` now also extends `Modifiable`. diff --git a/java/ql/lib/change-notes/2022-10-13-stream-collect.md b/java/ql/lib/change-notes/2022-10-13-stream-collect.md new file mode 100644 index 00000000000..bd7f6c3e8d4 --- /dev/null +++ b/java/ql/lib/change-notes/2022-10-13-stream-collect.md @@ -0,0 +1,4 @@ +--- +category: minorAnalysis +--- +* Added support for common patterns involving `Stream.collect` and common collectors like `Collectors.toList()`. diff --git a/java/ql/lib/config/semmlecode.dbscheme b/java/ql/lib/config/semmlecode.dbscheme index ecb42310286..709f1d1fd04 100644 --- a/java/ql/lib/config/semmlecode.dbscheme +++ b/java/ql/lib/config/semmlecode.dbscheme @@ -1033,7 +1033,7 @@ javadocText( @boundedtype | @array | @localvar | @expr | @stmt | @import | @fielddecl | @kt_type | @kt_type_alias | @kt_property; -@modifiable = @member_modifiable| @param | @localvar ; +@modifiable = @member_modifiable| @param | @localvar | @typevariable; @member_modifiable = @class | @interface | @method | @constructor | @field | @kt_property; diff --git a/java/ql/lib/semmle/code/java/Generics.qll b/java/ql/lib/semmle/code/java/Generics.qll index 95471437988..54cab14fe40 100644 --- a/java/ql/lib/semmle/code/java/Generics.qll +++ b/java/ql/lib/semmle/code/java/Generics.qll @@ -137,7 +137,7 @@ abstract class BoundedType extends RefType, @boundedtype { * For example, `T` is a type parameter in * `class X { }` and in ` void m() { }`. */ -class TypeVariable extends BoundedType, @typevariable { +class TypeVariable extends BoundedType, Modifiable, @typevariable { /** Gets the generic type that is parameterized by this type parameter, if any. */ GenericType getGenericType() { typeVars(this, _, _, _, result) } diff --git a/java/ql/lib/semmle/code/java/Member.qll b/java/ql/lib/semmle/code/java/Member.qll index 456e6e8b12a..9aa1f8d31c0 100644 --- a/java/ql/lib/semmle/code/java/Member.qll +++ b/java/ql/lib/semmle/code/java/Member.qll @@ -294,6 +294,48 @@ class Callable extends StmtParent, Member, @callable { constrs(this, _, result, _, _, _) or methods(this, _, result, _, _, _) } + + /** + * Gets this callable's Kotlin proxy that supplies default parameter values, if one exists. + * + * For example, for the Kotlin declaration `fun f(x: Int, y: Int = 0, z: String = "1")`, + * this will get the synthetic proxy method that fills in the default values for `y` and `z` + * if not supplied, and to which the Kotlin extractor dispatches calls to `f` that are missing + * one or more parameter value. Similarly, constructors with one or more default parameter values + * have a corresponding constructor that fills in default values. + */ + Callable getKotlinParameterDefaultsProxy() { + this.getDeclaringType() = result.getDeclaringType() and + exists(int proxyNParams, int extraLeadingParams, RefType lastParamType | + proxyNParams = result.getNumberOfParameters() and + extraLeadingParams = (proxyNParams - this.getNumberOfParameters()) - 2 and + extraLeadingParams >= 0 and + result.getParameterType(proxyNParams - 1) = lastParamType and + result.getParameterType(proxyNParams - 2).(PrimitiveType).hasName("int") and + ( + this instanceof Constructor and + result instanceof Constructor and + extraLeadingParams = 0 and + lastParamType.hasQualifiedName("kotlin.jvm.internal", "DefaultConstructorMarker") + or + this instanceof Method and + result instanceof Method and + this.getName() + "$default" = result.getName() and + extraLeadingParams <= 2 and + lastParamType instanceof TypeObject + ) + | + forall(int paramIdx | paramIdx in [extraLeadingParams .. proxyNParams - 3] | + this.getParameterType(paramIdx - extraLeadingParams).getErasure() = + eraseRaw(result.getParameterType(paramIdx)) + ) + ) + } +} + +/** Gets the erasure of `t1` if it is a raw type, or `t1` itself otherwise. */ +private Type eraseRaw(Type t1) { + if t1 instanceof RawType then result = t1.getErasure() else result = t1 } /** Holds if method `m1` overrides method `m2`. */ diff --git a/java/ql/lib/semmle/code/java/Modifier.qll b/java/ql/lib/semmle/code/java/Modifier.qll index 64c0cd6ec9d..150b65be671 100644 --- a/java/ql/lib/semmle/code/java/Modifier.qll +++ b/java/ql/lib/semmle/code/java/Modifier.qll @@ -67,10 +67,10 @@ abstract class Modifiable extends Element { /** Holds if this element has an `inline` modifier. */ predicate isInline() { this.hasModifier("inline") } - /** Holds if this element has an `noinline` modifier. */ + /** Holds if this element has a `noinline` modifier. */ predicate isNoinline() { this.hasModifier("noinline") } - /** Holds if this element has an `crossinline` modifier. */ + /** Holds if this element has a `crossinline` modifier. */ predicate isCrossinline() { this.hasModifier("crossinline") } /** Holds if this element has a `suspend` modifier. */ @@ -93,4 +93,16 @@ abstract class Modifiable extends Element { /** Holds if this element has a `strictfp` modifier. */ predicate isStrictfp() { this.hasModifier("strictfp") } + + /** Holds if this element has a `lateinit` modifier. */ + predicate isLateinit() { this.hasModifier("lateinit") } + + /** Holds if this element has a `reified` modifier. */ + predicate isReified() { this.hasModifier("reified") } + + /** Holds if this element has an `in` modifier. */ + predicate isIn() { this.hasModifier("in") } + + /** Holds if this element has an `out` modifier. */ + predicate isOut() { this.hasModifier("out") } } diff --git a/java/ql/lib/semmle/code/java/Type.qll b/java/ql/lib/semmle/code/java/Type.qll index b3fb3ce8e88..9a5852d641a 100644 --- a/java/ql/lib/semmle/code/java/Type.qll +++ b/java/ql/lib/semmle/code/java/Type.qll @@ -686,7 +686,7 @@ class SrcRefType extends RefType { /** A class declaration. */ class Class extends ClassOrInterface, @class { /** Holds if this class is an anonymous class. */ - predicate isAnonymous() { isAnonymClass(this, _) } + predicate isAnonymous() { isAnonymClass(this.getSourceDeclaration(), _) } override RefType getSourceDeclaration() { classes(this, _, _, result) } @@ -800,10 +800,13 @@ class AnonymousClass extends NestedClass { } /** Gets the class instance expression where this anonymous class occurs. */ - ClassInstanceExpr getClassInstanceExpr() { isAnonymClass(this, result) } + ClassInstanceExpr getClassInstanceExpr() { isAnonymClass(this.getSourceDeclaration(), result) } override string toString() { - result = "new " + this.getClassInstanceExpr().getTypeName() + "(...) { ... }" + // Include super.toString, i.e. the name given in the database, because for Kotlin anonymous + // classes we can get specialisations of anonymous generic types, and this will supply the + // trailing type arguments. + result = "new " + this.getClassInstanceExpr().getTypeName() + "(...) { ... }" + super.toString() } /** diff --git a/java/ql/lib/semmle/code/java/dataflow/ExternalFlow.qll b/java/ql/lib/semmle/code/java/dataflow/ExternalFlow.qll index a235f43362d..8460c662d5c 100644 --- a/java/ql/lib/semmle/code/java/dataflow/ExternalFlow.qll +++ b/java/ql/lib/semmle/code/java/dataflow/ExternalFlow.qll @@ -75,7 +75,7 @@ import java private import semmle.code.java.dataflow.DataFlow::DataFlow private import internal.DataFlowPrivate private import internal.FlowSummaryImpl::Private::External -private import internal.FlowSummaryImplSpecific +private import internal.FlowSummaryImplSpecific as FlowSummaryImplSpecific private import internal.AccessPathSyntax private import FlowSummary @@ -834,7 +834,7 @@ private module Cached { */ cached predicate sourceNode(Node node, string kind) { - exists(InterpretNode n | isSourceNode(n, kind) and n.asNode() = node) + exists(FlowSummaryImplSpecific::InterpretNode n | isSourceNode(n, kind) and n.asNode() = node) } /** @@ -843,7 +843,7 @@ private module Cached { */ cached predicate sinkNode(Node node, string kind) { - exists(InterpretNode n | isSinkNode(n, kind) and n.asNode() = node) + exists(FlowSummaryImplSpecific::InterpretNode n | isSinkNode(n, kind) and n.asNode() = node) } } diff --git a/java/ql/lib/semmle/code/java/dataflow/FlowSummary.qll b/java/ql/lib/semmle/code/java/dataflow/FlowSummary.qll index 1792c2e9f11..ed9b0de165d 100644 --- a/java/ql/lib/semmle/code/java/dataflow/FlowSummary.qll +++ b/java/ql/lib/semmle/code/java/dataflow/FlowSummary.qll @@ -4,7 +4,6 @@ import java private import internal.FlowSummaryImpl as Impl -private import internal.DataFlowDispatch private import internal.DataFlowUtil // import all instances of SummarizedCallable below @@ -24,6 +23,12 @@ module SummaryComponent { /** Gets a summary component for field `f`. */ SummaryComponent field(Field f) { result = content(any(FieldContent c | c.getField() = f)) } + /** Gets a summary component for `Element`. */ + SummaryComponent element() { result = content(any(CollectionContent c)) } + + /** Gets a summary component for `MapValue`. */ + SummaryComponent mapValue() { result = content(any(MapValueContent c)) } + /** Gets a summary component that represents the return value of a call. */ SummaryComponent return() { result = return(_) } } @@ -42,10 +47,129 @@ module SummaryComponentStack { result = push(SummaryComponent::field(f), object) } + /** Gets a stack representing `Element` of `object`. */ + SummaryComponentStack elementOf(SummaryComponentStack object) { + result = push(SummaryComponent::element(), object) + } + + /** Gets a stack representing `MapValue` of `object`. */ + SummaryComponentStack mapValueOf(SummaryComponentStack object) { + result = push(SummaryComponent::mapValue(), object) + } + /** Gets a singleton stack representing a (normal) return. */ SummaryComponentStack return() { result = singleton(SummaryComponent::return()) } } +/** A synthetic callable with a set of concrete call sites and a flow summary. */ +abstract class SyntheticCallable extends string { + bindingset[this] + SyntheticCallable() { any() } + + /** Gets a call that targets this callable. */ + abstract Call getACall(); + + /** + * Holds if data may flow from `input` to `output` through this callable. + * + * See `SummarizedCallable::propagatesFlow` for details. + */ + predicate propagatesFlow( + SummaryComponentStack input, SummaryComponentStack output, boolean preservesValue + ) { + none() + } + + /** + * Gets the type of the parameter at the specified position with -1 indicating + * the instance parameter. If no types are provided then the types default to + * `Object`. + */ + Type getParameterType(int pos) { none() } + + /** + * Gets the return type of this callable. If no type is provided then the type + * defaults to `Object`. + */ + Type getReturnType() { none() } +} + +private newtype TSummarizedCallableBase = + TSimpleCallable(Callable c) { c.isSourceDeclaration() } or + TSyntheticCallable(SyntheticCallable c) + +/** + * A callable that may have a flow summary. This is either a regular `Callable` + * or a `SyntheticCallable`. + */ +class SummarizedCallableBase extends TSummarizedCallableBase { + /** Gets a textual representation of this callable. */ + string toString() { result = this.asCallable().toString() or result = this.asSyntheticCallable() } + + /** Gets the source location for this callable. */ + Location getLocation() { + result = this.asCallable().getLocation() + or + result.hasLocationInfo("", 0, 0, 0, 0) and + this instanceof TSyntheticCallable + } + + /** Gets this callable cast as a `Callable`. */ + Callable asCallable() { this = TSimpleCallable(result) } + + /** Gets this callable cast as a `SyntheticCallable`. */ + SyntheticCallable asSyntheticCallable() { this = TSyntheticCallable(result) } + + /** Gets a call that targets this callable. */ + Call getACall() { + result.getCallee().getSourceDeclaration() = this.asCallable() + or + result = this.asSyntheticCallable().getACall() + } + + /** + * Gets the type of the parameter at the specified position with -1 indicating + * the instance parameter. + */ + Type getParameterType(int pos) { + result = this.asCallable().getParameterType(pos) + or + pos = -1 and result = this.asCallable().getDeclaringType() + or + result = this.asSyntheticCallable().getParameterType(pos) + or + exists(SyntheticCallable sc | sc = this.asSyntheticCallable() | + Impl::Private::summaryParameterNodeRange(this, pos) and + not exists(sc.getParameterType(pos)) and + result instanceof TypeObject + ) + } + + /** Gets the return type of this callable. */ + Type getReturnType() { + result = this.asCallable().getReturnType() + or + exists(SyntheticCallable sc | sc = this.asSyntheticCallable() | + result = sc.getReturnType() + or + not exists(sc.getReturnType()) and + result instanceof TypeObject + ) + } +} + class SummarizedCallable = Impl::Public::SummarizedCallable; +/** + * An adapter class to add the flow summaries specified on `SyntheticCallable` + * to `SummarizedCallable`. + */ +private class SummarizedSyntheticCallableAdapter extends SummarizedCallable, TSyntheticCallable { + override predicate propagatesFlow( + SummaryComponentStack input, SummaryComponentStack output, boolean preservesValue + ) { + this.asSyntheticCallable().propagatesFlow(input, output, preservesValue) + } +} + class RequiredSummaryComponentStack = Impl::Public::RequiredSummaryComponentStack; diff --git a/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowDispatch.qll b/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowDispatch.qll index a57d1ca32be..22e79a2240d 100644 --- a/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowDispatch.qll +++ b/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowDispatch.qll @@ -9,9 +9,7 @@ private import semmle.code.java.dispatch.internal.Unification private module DispatchImpl { private predicate hasHighConfidenceTarget(Call c) { - exists(SummarizedCallable sc | - sc = c.getCallee().getSourceDeclaration() and not sc.isAutoGenerated() - ) + exists(SummarizedCallable sc | sc.getACall() = c and not sc.isAutoGenerated()) or exists(Callable srcTgt | srcTgt = VirtualDispatch::viableCallable(c) and @@ -30,7 +28,7 @@ private module DispatchImpl { DataFlowCallable viableCallable(DataFlowCall c) { result.asCallable() = sourceDispatch(c.asCall()) or - result.asSummarizedCallable() = c.asCall().getCallee().getSourceDeclaration() + result.asSummarizedCallable().getACall() = c.asCall() } /** @@ -144,7 +142,7 @@ private module DispatchImpl { not Unification::failsUnification(t, t2) ) or - result.asSummarizedCallable() = def + result.asSummarizedCallable().getACall() = ma ) } diff --git a/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImpl.qll b/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImpl.qll index 9053019a6d0..b5631b26b0b 100644 --- a/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImpl.qll +++ b/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImpl.qll @@ -838,13 +838,13 @@ private module Stage1 implements StageSig { * by `revFlow`. */ pragma[nomagic] - predicate revFlowIsReadAndStored(Content c, Configuration conf) { + additional predicate revFlowIsReadAndStored(Content c, Configuration conf) { revFlowConsCand(c, conf) and revFlowStore(c, _, _, conf) } pragma[nomagic] - predicate viableReturnPosOutNodeCandFwd1( + additional predicate viableReturnPosOutNodeCandFwd1( DataFlowCall call, ReturnPosition pos, NodeEx out, Configuration config ) { fwdFlowReturnPosition(pos, _, config) and @@ -860,7 +860,7 @@ private module Stage1 implements StageSig { } pragma[nomagic] - predicate viableParamArgNodeCandFwd1( + additional predicate viableParamArgNodeCandFwd1( DataFlowCall call, ParamNodeEx p, ArgNodeEx arg, Configuration config ) { viableParamArgEx(call, p, arg) and @@ -907,7 +907,7 @@ private module Stage1 implements StageSig { ) } - predicate revFlowState(FlowState state, Configuration config) { + additional predicate revFlowState(FlowState state, Configuration config) { exists(NodeEx node | sinkNode(node, state, config) and revFlow(node, _, pragma[only_bind_into](config)) and @@ -999,7 +999,7 @@ private module Stage1 implements StageSig { ) } - predicate stats( + additional predicate stats( boolean fwd, int nodes, int fields, int conscand, int states, int tuples, Configuration config ) { fwd = true and @@ -1260,7 +1260,7 @@ private module MkStage { * argument. */ pragma[nomagic] - predicate fwdFlow( + additional predicate fwdFlow( NodeEx node, FlowState state, Cc cc, ApOption argAp, Ap ap, Configuration config ) { fwdFlow0(node, state, cc, argAp, ap, config) and @@ -1484,7 +1484,7 @@ private module MkStage { * the access path of the returned value. */ pragma[nomagic] - predicate revFlow( + additional predicate revFlow( NodeEx node, FlowState state, boolean toReturn, ApOption returnAp, Ap ap, Configuration config ) { revFlow0(node, state, toReturn, returnAp, ap, config) and @@ -1662,7 +1662,7 @@ private module MkStage { ) } - predicate revFlow(NodeEx node, FlowState state, Configuration config) { + additional predicate revFlow(NodeEx node, FlowState state, Configuration config) { revFlow(node, state, _, _, _, config) } @@ -1675,11 +1675,13 @@ private module MkStage { // use an alias as a workaround for bad functionality-induced joins pragma[nomagic] - predicate revFlowAlias(NodeEx node, Configuration config) { revFlow(node, _, _, _, _, config) } + additional predicate revFlowAlias(NodeEx node, Configuration config) { + revFlow(node, _, _, _, _, config) + } // use an alias as a workaround for bad functionality-induced joins pragma[nomagic] - predicate revFlowAlias(NodeEx node, FlowState state, Ap ap, Configuration config) { + additional predicate revFlowAlias(NodeEx node, FlowState state, Ap ap, Configuration config) { revFlow(node, state, ap, config) } @@ -1700,7 +1702,7 @@ private module MkStage { ) } - predicate consCand(TypedContent tc, Ap ap, Configuration config) { + additional predicate consCand(TypedContent tc, Ap ap, Configuration config) { revConsCand(tc, ap, config) and validAp(ap, config) } @@ -1742,7 +1744,7 @@ private module MkStage { ) } - predicate stats( + additional predicate stats( boolean fwd, int nodes, int fields, int conscand, int states, int tuples, Configuration config ) { fwd = true and diff --git a/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImpl2.qll b/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImpl2.qll index 9053019a6d0..b5631b26b0b 100644 --- a/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImpl2.qll +++ b/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImpl2.qll @@ -838,13 +838,13 @@ private module Stage1 implements StageSig { * by `revFlow`. */ pragma[nomagic] - predicate revFlowIsReadAndStored(Content c, Configuration conf) { + additional predicate revFlowIsReadAndStored(Content c, Configuration conf) { revFlowConsCand(c, conf) and revFlowStore(c, _, _, conf) } pragma[nomagic] - predicate viableReturnPosOutNodeCandFwd1( + additional predicate viableReturnPosOutNodeCandFwd1( DataFlowCall call, ReturnPosition pos, NodeEx out, Configuration config ) { fwdFlowReturnPosition(pos, _, config) and @@ -860,7 +860,7 @@ private module Stage1 implements StageSig { } pragma[nomagic] - predicate viableParamArgNodeCandFwd1( + additional predicate viableParamArgNodeCandFwd1( DataFlowCall call, ParamNodeEx p, ArgNodeEx arg, Configuration config ) { viableParamArgEx(call, p, arg) and @@ -907,7 +907,7 @@ private module Stage1 implements StageSig { ) } - predicate revFlowState(FlowState state, Configuration config) { + additional predicate revFlowState(FlowState state, Configuration config) { exists(NodeEx node | sinkNode(node, state, config) and revFlow(node, _, pragma[only_bind_into](config)) and @@ -999,7 +999,7 @@ private module Stage1 implements StageSig { ) } - predicate stats( + additional predicate stats( boolean fwd, int nodes, int fields, int conscand, int states, int tuples, Configuration config ) { fwd = true and @@ -1260,7 +1260,7 @@ private module MkStage { * argument. */ pragma[nomagic] - predicate fwdFlow( + additional predicate fwdFlow( NodeEx node, FlowState state, Cc cc, ApOption argAp, Ap ap, Configuration config ) { fwdFlow0(node, state, cc, argAp, ap, config) and @@ -1484,7 +1484,7 @@ private module MkStage { * the access path of the returned value. */ pragma[nomagic] - predicate revFlow( + additional predicate revFlow( NodeEx node, FlowState state, boolean toReturn, ApOption returnAp, Ap ap, Configuration config ) { revFlow0(node, state, toReturn, returnAp, ap, config) and @@ -1662,7 +1662,7 @@ private module MkStage { ) } - predicate revFlow(NodeEx node, FlowState state, Configuration config) { + additional predicate revFlow(NodeEx node, FlowState state, Configuration config) { revFlow(node, state, _, _, _, config) } @@ -1675,11 +1675,13 @@ private module MkStage { // use an alias as a workaround for bad functionality-induced joins pragma[nomagic] - predicate revFlowAlias(NodeEx node, Configuration config) { revFlow(node, _, _, _, _, config) } + additional predicate revFlowAlias(NodeEx node, Configuration config) { + revFlow(node, _, _, _, _, config) + } // use an alias as a workaround for bad functionality-induced joins pragma[nomagic] - predicate revFlowAlias(NodeEx node, FlowState state, Ap ap, Configuration config) { + additional predicate revFlowAlias(NodeEx node, FlowState state, Ap ap, Configuration config) { revFlow(node, state, ap, config) } @@ -1700,7 +1702,7 @@ private module MkStage { ) } - predicate consCand(TypedContent tc, Ap ap, Configuration config) { + additional predicate consCand(TypedContent tc, Ap ap, Configuration config) { revConsCand(tc, ap, config) and validAp(ap, config) } @@ -1742,7 +1744,7 @@ private module MkStage { ) } - predicate stats( + additional predicate stats( boolean fwd, int nodes, int fields, int conscand, int states, int tuples, Configuration config ) { fwd = true and diff --git a/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImpl3.qll b/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImpl3.qll index 9053019a6d0..b5631b26b0b 100644 --- a/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImpl3.qll +++ b/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImpl3.qll @@ -838,13 +838,13 @@ private module Stage1 implements StageSig { * by `revFlow`. */ pragma[nomagic] - predicate revFlowIsReadAndStored(Content c, Configuration conf) { + additional predicate revFlowIsReadAndStored(Content c, Configuration conf) { revFlowConsCand(c, conf) and revFlowStore(c, _, _, conf) } pragma[nomagic] - predicate viableReturnPosOutNodeCandFwd1( + additional predicate viableReturnPosOutNodeCandFwd1( DataFlowCall call, ReturnPosition pos, NodeEx out, Configuration config ) { fwdFlowReturnPosition(pos, _, config) and @@ -860,7 +860,7 @@ private module Stage1 implements StageSig { } pragma[nomagic] - predicate viableParamArgNodeCandFwd1( + additional predicate viableParamArgNodeCandFwd1( DataFlowCall call, ParamNodeEx p, ArgNodeEx arg, Configuration config ) { viableParamArgEx(call, p, arg) and @@ -907,7 +907,7 @@ private module Stage1 implements StageSig { ) } - predicate revFlowState(FlowState state, Configuration config) { + additional predicate revFlowState(FlowState state, Configuration config) { exists(NodeEx node | sinkNode(node, state, config) and revFlow(node, _, pragma[only_bind_into](config)) and @@ -999,7 +999,7 @@ private module Stage1 implements StageSig { ) } - predicate stats( + additional predicate stats( boolean fwd, int nodes, int fields, int conscand, int states, int tuples, Configuration config ) { fwd = true and @@ -1260,7 +1260,7 @@ private module MkStage { * argument. */ pragma[nomagic] - predicate fwdFlow( + additional predicate fwdFlow( NodeEx node, FlowState state, Cc cc, ApOption argAp, Ap ap, Configuration config ) { fwdFlow0(node, state, cc, argAp, ap, config) and @@ -1484,7 +1484,7 @@ private module MkStage { * the access path of the returned value. */ pragma[nomagic] - predicate revFlow( + additional predicate revFlow( NodeEx node, FlowState state, boolean toReturn, ApOption returnAp, Ap ap, Configuration config ) { revFlow0(node, state, toReturn, returnAp, ap, config) and @@ -1662,7 +1662,7 @@ private module MkStage { ) } - predicate revFlow(NodeEx node, FlowState state, Configuration config) { + additional predicate revFlow(NodeEx node, FlowState state, Configuration config) { revFlow(node, state, _, _, _, config) } @@ -1675,11 +1675,13 @@ private module MkStage { // use an alias as a workaround for bad functionality-induced joins pragma[nomagic] - predicate revFlowAlias(NodeEx node, Configuration config) { revFlow(node, _, _, _, _, config) } + additional predicate revFlowAlias(NodeEx node, Configuration config) { + revFlow(node, _, _, _, _, config) + } // use an alias as a workaround for bad functionality-induced joins pragma[nomagic] - predicate revFlowAlias(NodeEx node, FlowState state, Ap ap, Configuration config) { + additional predicate revFlowAlias(NodeEx node, FlowState state, Ap ap, Configuration config) { revFlow(node, state, ap, config) } @@ -1700,7 +1702,7 @@ private module MkStage { ) } - predicate consCand(TypedContent tc, Ap ap, Configuration config) { + additional predicate consCand(TypedContent tc, Ap ap, Configuration config) { revConsCand(tc, ap, config) and validAp(ap, config) } @@ -1742,7 +1744,7 @@ private module MkStage { ) } - predicate stats( + additional predicate stats( boolean fwd, int nodes, int fields, int conscand, int states, int tuples, Configuration config ) { fwd = true and diff --git a/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImpl4.qll b/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImpl4.qll index 9053019a6d0..b5631b26b0b 100644 --- a/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImpl4.qll +++ b/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImpl4.qll @@ -838,13 +838,13 @@ private module Stage1 implements StageSig { * by `revFlow`. */ pragma[nomagic] - predicate revFlowIsReadAndStored(Content c, Configuration conf) { + additional predicate revFlowIsReadAndStored(Content c, Configuration conf) { revFlowConsCand(c, conf) and revFlowStore(c, _, _, conf) } pragma[nomagic] - predicate viableReturnPosOutNodeCandFwd1( + additional predicate viableReturnPosOutNodeCandFwd1( DataFlowCall call, ReturnPosition pos, NodeEx out, Configuration config ) { fwdFlowReturnPosition(pos, _, config) and @@ -860,7 +860,7 @@ private module Stage1 implements StageSig { } pragma[nomagic] - predicate viableParamArgNodeCandFwd1( + additional predicate viableParamArgNodeCandFwd1( DataFlowCall call, ParamNodeEx p, ArgNodeEx arg, Configuration config ) { viableParamArgEx(call, p, arg) and @@ -907,7 +907,7 @@ private module Stage1 implements StageSig { ) } - predicate revFlowState(FlowState state, Configuration config) { + additional predicate revFlowState(FlowState state, Configuration config) { exists(NodeEx node | sinkNode(node, state, config) and revFlow(node, _, pragma[only_bind_into](config)) and @@ -999,7 +999,7 @@ private module Stage1 implements StageSig { ) } - predicate stats( + additional predicate stats( boolean fwd, int nodes, int fields, int conscand, int states, int tuples, Configuration config ) { fwd = true and @@ -1260,7 +1260,7 @@ private module MkStage { * argument. */ pragma[nomagic] - predicate fwdFlow( + additional predicate fwdFlow( NodeEx node, FlowState state, Cc cc, ApOption argAp, Ap ap, Configuration config ) { fwdFlow0(node, state, cc, argAp, ap, config) and @@ -1484,7 +1484,7 @@ private module MkStage { * the access path of the returned value. */ pragma[nomagic] - predicate revFlow( + additional predicate revFlow( NodeEx node, FlowState state, boolean toReturn, ApOption returnAp, Ap ap, Configuration config ) { revFlow0(node, state, toReturn, returnAp, ap, config) and @@ -1662,7 +1662,7 @@ private module MkStage { ) } - predicate revFlow(NodeEx node, FlowState state, Configuration config) { + additional predicate revFlow(NodeEx node, FlowState state, Configuration config) { revFlow(node, state, _, _, _, config) } @@ -1675,11 +1675,13 @@ private module MkStage { // use an alias as a workaround for bad functionality-induced joins pragma[nomagic] - predicate revFlowAlias(NodeEx node, Configuration config) { revFlow(node, _, _, _, _, config) } + additional predicate revFlowAlias(NodeEx node, Configuration config) { + revFlow(node, _, _, _, _, config) + } // use an alias as a workaround for bad functionality-induced joins pragma[nomagic] - predicate revFlowAlias(NodeEx node, FlowState state, Ap ap, Configuration config) { + additional predicate revFlowAlias(NodeEx node, FlowState state, Ap ap, Configuration config) { revFlow(node, state, ap, config) } @@ -1700,7 +1702,7 @@ private module MkStage { ) } - predicate consCand(TypedContent tc, Ap ap, Configuration config) { + additional predicate consCand(TypedContent tc, Ap ap, Configuration config) { revConsCand(tc, ap, config) and validAp(ap, config) } @@ -1742,7 +1744,7 @@ private module MkStage { ) } - predicate stats( + additional predicate stats( boolean fwd, int nodes, int fields, int conscand, int states, int tuples, Configuration config ) { fwd = true and diff --git a/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImpl5.qll b/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImpl5.qll index 9053019a6d0..b5631b26b0b 100644 --- a/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImpl5.qll +++ b/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImpl5.qll @@ -838,13 +838,13 @@ private module Stage1 implements StageSig { * by `revFlow`. */ pragma[nomagic] - predicate revFlowIsReadAndStored(Content c, Configuration conf) { + additional predicate revFlowIsReadAndStored(Content c, Configuration conf) { revFlowConsCand(c, conf) and revFlowStore(c, _, _, conf) } pragma[nomagic] - predicate viableReturnPosOutNodeCandFwd1( + additional predicate viableReturnPosOutNodeCandFwd1( DataFlowCall call, ReturnPosition pos, NodeEx out, Configuration config ) { fwdFlowReturnPosition(pos, _, config) and @@ -860,7 +860,7 @@ private module Stage1 implements StageSig { } pragma[nomagic] - predicate viableParamArgNodeCandFwd1( + additional predicate viableParamArgNodeCandFwd1( DataFlowCall call, ParamNodeEx p, ArgNodeEx arg, Configuration config ) { viableParamArgEx(call, p, arg) and @@ -907,7 +907,7 @@ private module Stage1 implements StageSig { ) } - predicate revFlowState(FlowState state, Configuration config) { + additional predicate revFlowState(FlowState state, Configuration config) { exists(NodeEx node | sinkNode(node, state, config) and revFlow(node, _, pragma[only_bind_into](config)) and @@ -999,7 +999,7 @@ private module Stage1 implements StageSig { ) } - predicate stats( + additional predicate stats( boolean fwd, int nodes, int fields, int conscand, int states, int tuples, Configuration config ) { fwd = true and @@ -1260,7 +1260,7 @@ private module MkStage { * argument. */ pragma[nomagic] - predicate fwdFlow( + additional predicate fwdFlow( NodeEx node, FlowState state, Cc cc, ApOption argAp, Ap ap, Configuration config ) { fwdFlow0(node, state, cc, argAp, ap, config) and @@ -1484,7 +1484,7 @@ private module MkStage { * the access path of the returned value. */ pragma[nomagic] - predicate revFlow( + additional predicate revFlow( NodeEx node, FlowState state, boolean toReturn, ApOption returnAp, Ap ap, Configuration config ) { revFlow0(node, state, toReturn, returnAp, ap, config) and @@ -1662,7 +1662,7 @@ private module MkStage { ) } - predicate revFlow(NodeEx node, FlowState state, Configuration config) { + additional predicate revFlow(NodeEx node, FlowState state, Configuration config) { revFlow(node, state, _, _, _, config) } @@ -1675,11 +1675,13 @@ private module MkStage { // use an alias as a workaround for bad functionality-induced joins pragma[nomagic] - predicate revFlowAlias(NodeEx node, Configuration config) { revFlow(node, _, _, _, _, config) } + additional predicate revFlowAlias(NodeEx node, Configuration config) { + revFlow(node, _, _, _, _, config) + } // use an alias as a workaround for bad functionality-induced joins pragma[nomagic] - predicate revFlowAlias(NodeEx node, FlowState state, Ap ap, Configuration config) { + additional predicate revFlowAlias(NodeEx node, FlowState state, Ap ap, Configuration config) { revFlow(node, state, ap, config) } @@ -1700,7 +1702,7 @@ private module MkStage { ) } - predicate consCand(TypedContent tc, Ap ap, Configuration config) { + additional predicate consCand(TypedContent tc, Ap ap, Configuration config) { revConsCand(tc, ap, config) and validAp(ap, config) } @@ -1742,7 +1744,7 @@ private module MkStage { ) } - predicate stats( + additional predicate stats( boolean fwd, int nodes, int fields, int conscand, int states, int tuples, Configuration config ) { fwd = true and diff --git a/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImpl6.qll b/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImpl6.qll index 9053019a6d0..b5631b26b0b 100644 --- a/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImpl6.qll +++ b/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImpl6.qll @@ -838,13 +838,13 @@ private module Stage1 implements StageSig { * by `revFlow`. */ pragma[nomagic] - predicate revFlowIsReadAndStored(Content c, Configuration conf) { + additional predicate revFlowIsReadAndStored(Content c, Configuration conf) { revFlowConsCand(c, conf) and revFlowStore(c, _, _, conf) } pragma[nomagic] - predicate viableReturnPosOutNodeCandFwd1( + additional predicate viableReturnPosOutNodeCandFwd1( DataFlowCall call, ReturnPosition pos, NodeEx out, Configuration config ) { fwdFlowReturnPosition(pos, _, config) and @@ -860,7 +860,7 @@ private module Stage1 implements StageSig { } pragma[nomagic] - predicate viableParamArgNodeCandFwd1( + additional predicate viableParamArgNodeCandFwd1( DataFlowCall call, ParamNodeEx p, ArgNodeEx arg, Configuration config ) { viableParamArgEx(call, p, arg) and @@ -907,7 +907,7 @@ private module Stage1 implements StageSig { ) } - predicate revFlowState(FlowState state, Configuration config) { + additional predicate revFlowState(FlowState state, Configuration config) { exists(NodeEx node | sinkNode(node, state, config) and revFlow(node, _, pragma[only_bind_into](config)) and @@ -999,7 +999,7 @@ private module Stage1 implements StageSig { ) } - predicate stats( + additional predicate stats( boolean fwd, int nodes, int fields, int conscand, int states, int tuples, Configuration config ) { fwd = true and @@ -1260,7 +1260,7 @@ private module MkStage { * argument. */ pragma[nomagic] - predicate fwdFlow( + additional predicate fwdFlow( NodeEx node, FlowState state, Cc cc, ApOption argAp, Ap ap, Configuration config ) { fwdFlow0(node, state, cc, argAp, ap, config) and @@ -1484,7 +1484,7 @@ private module MkStage { * the access path of the returned value. */ pragma[nomagic] - predicate revFlow( + additional predicate revFlow( NodeEx node, FlowState state, boolean toReturn, ApOption returnAp, Ap ap, Configuration config ) { revFlow0(node, state, toReturn, returnAp, ap, config) and @@ -1662,7 +1662,7 @@ private module MkStage { ) } - predicate revFlow(NodeEx node, FlowState state, Configuration config) { + additional predicate revFlow(NodeEx node, FlowState state, Configuration config) { revFlow(node, state, _, _, _, config) } @@ -1675,11 +1675,13 @@ private module MkStage { // use an alias as a workaround for bad functionality-induced joins pragma[nomagic] - predicate revFlowAlias(NodeEx node, Configuration config) { revFlow(node, _, _, _, _, config) } + additional predicate revFlowAlias(NodeEx node, Configuration config) { + revFlow(node, _, _, _, _, config) + } // use an alias as a workaround for bad functionality-induced joins pragma[nomagic] - predicate revFlowAlias(NodeEx node, FlowState state, Ap ap, Configuration config) { + additional predicate revFlowAlias(NodeEx node, FlowState state, Ap ap, Configuration config) { revFlow(node, state, ap, config) } @@ -1700,7 +1702,7 @@ private module MkStage { ) } - predicate consCand(TypedContent tc, Ap ap, Configuration config) { + additional predicate consCand(TypedContent tc, Ap ap, Configuration config) { revConsCand(tc, ap, config) and validAp(ap, config) } @@ -1742,7 +1744,7 @@ private module MkStage { ) } - predicate stats( + additional predicate stats( boolean fwd, int nodes, int fields, int conscand, int states, int tuples, Configuration config ) { fwd = true and diff --git a/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImplForOnActivityResult.qll b/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImplForOnActivityResult.qll index 9053019a6d0..b5631b26b0b 100644 --- a/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImplForOnActivityResult.qll +++ b/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImplForOnActivityResult.qll @@ -838,13 +838,13 @@ private module Stage1 implements StageSig { * by `revFlow`. */ pragma[nomagic] - predicate revFlowIsReadAndStored(Content c, Configuration conf) { + additional predicate revFlowIsReadAndStored(Content c, Configuration conf) { revFlowConsCand(c, conf) and revFlowStore(c, _, _, conf) } pragma[nomagic] - predicate viableReturnPosOutNodeCandFwd1( + additional predicate viableReturnPosOutNodeCandFwd1( DataFlowCall call, ReturnPosition pos, NodeEx out, Configuration config ) { fwdFlowReturnPosition(pos, _, config) and @@ -860,7 +860,7 @@ private module Stage1 implements StageSig { } pragma[nomagic] - predicate viableParamArgNodeCandFwd1( + additional predicate viableParamArgNodeCandFwd1( DataFlowCall call, ParamNodeEx p, ArgNodeEx arg, Configuration config ) { viableParamArgEx(call, p, arg) and @@ -907,7 +907,7 @@ private module Stage1 implements StageSig { ) } - predicate revFlowState(FlowState state, Configuration config) { + additional predicate revFlowState(FlowState state, Configuration config) { exists(NodeEx node | sinkNode(node, state, config) and revFlow(node, _, pragma[only_bind_into](config)) and @@ -999,7 +999,7 @@ private module Stage1 implements StageSig { ) } - predicate stats( + additional predicate stats( boolean fwd, int nodes, int fields, int conscand, int states, int tuples, Configuration config ) { fwd = true and @@ -1260,7 +1260,7 @@ private module MkStage { * argument. */ pragma[nomagic] - predicate fwdFlow( + additional predicate fwdFlow( NodeEx node, FlowState state, Cc cc, ApOption argAp, Ap ap, Configuration config ) { fwdFlow0(node, state, cc, argAp, ap, config) and @@ -1484,7 +1484,7 @@ private module MkStage { * the access path of the returned value. */ pragma[nomagic] - predicate revFlow( + additional predicate revFlow( NodeEx node, FlowState state, boolean toReturn, ApOption returnAp, Ap ap, Configuration config ) { revFlow0(node, state, toReturn, returnAp, ap, config) and @@ -1662,7 +1662,7 @@ private module MkStage { ) } - predicate revFlow(NodeEx node, FlowState state, Configuration config) { + additional predicate revFlow(NodeEx node, FlowState state, Configuration config) { revFlow(node, state, _, _, _, config) } @@ -1675,11 +1675,13 @@ private module MkStage { // use an alias as a workaround for bad functionality-induced joins pragma[nomagic] - predicate revFlowAlias(NodeEx node, Configuration config) { revFlow(node, _, _, _, _, config) } + additional predicate revFlowAlias(NodeEx node, Configuration config) { + revFlow(node, _, _, _, _, config) + } // use an alias as a workaround for bad functionality-induced joins pragma[nomagic] - predicate revFlowAlias(NodeEx node, FlowState state, Ap ap, Configuration config) { + additional predicate revFlowAlias(NodeEx node, FlowState state, Ap ap, Configuration config) { revFlow(node, state, ap, config) } @@ -1700,7 +1702,7 @@ private module MkStage { ) } - predicate consCand(TypedContent tc, Ap ap, Configuration config) { + additional predicate consCand(TypedContent tc, Ap ap, Configuration config) { revConsCand(tc, ap, config) and validAp(ap, config) } @@ -1742,7 +1744,7 @@ private module MkStage { ) } - predicate stats( + additional predicate stats( boolean fwd, int nodes, int fields, int conscand, int states, int tuples, Configuration config ) { fwd = true and diff --git a/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImplForSerializability.qll b/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImplForSerializability.qll index 9053019a6d0..b5631b26b0b 100644 --- a/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImplForSerializability.qll +++ b/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImplForSerializability.qll @@ -838,13 +838,13 @@ private module Stage1 implements StageSig { * by `revFlow`. */ pragma[nomagic] - predicate revFlowIsReadAndStored(Content c, Configuration conf) { + additional predicate revFlowIsReadAndStored(Content c, Configuration conf) { revFlowConsCand(c, conf) and revFlowStore(c, _, _, conf) } pragma[nomagic] - predicate viableReturnPosOutNodeCandFwd1( + additional predicate viableReturnPosOutNodeCandFwd1( DataFlowCall call, ReturnPosition pos, NodeEx out, Configuration config ) { fwdFlowReturnPosition(pos, _, config) and @@ -860,7 +860,7 @@ private module Stage1 implements StageSig { } pragma[nomagic] - predicate viableParamArgNodeCandFwd1( + additional predicate viableParamArgNodeCandFwd1( DataFlowCall call, ParamNodeEx p, ArgNodeEx arg, Configuration config ) { viableParamArgEx(call, p, arg) and @@ -907,7 +907,7 @@ private module Stage1 implements StageSig { ) } - predicate revFlowState(FlowState state, Configuration config) { + additional predicate revFlowState(FlowState state, Configuration config) { exists(NodeEx node | sinkNode(node, state, config) and revFlow(node, _, pragma[only_bind_into](config)) and @@ -999,7 +999,7 @@ private module Stage1 implements StageSig { ) } - predicate stats( + additional predicate stats( boolean fwd, int nodes, int fields, int conscand, int states, int tuples, Configuration config ) { fwd = true and @@ -1260,7 +1260,7 @@ private module MkStage { * argument. */ pragma[nomagic] - predicate fwdFlow( + additional predicate fwdFlow( NodeEx node, FlowState state, Cc cc, ApOption argAp, Ap ap, Configuration config ) { fwdFlow0(node, state, cc, argAp, ap, config) and @@ -1484,7 +1484,7 @@ private module MkStage { * the access path of the returned value. */ pragma[nomagic] - predicate revFlow( + additional predicate revFlow( NodeEx node, FlowState state, boolean toReturn, ApOption returnAp, Ap ap, Configuration config ) { revFlow0(node, state, toReturn, returnAp, ap, config) and @@ -1662,7 +1662,7 @@ private module MkStage { ) } - predicate revFlow(NodeEx node, FlowState state, Configuration config) { + additional predicate revFlow(NodeEx node, FlowState state, Configuration config) { revFlow(node, state, _, _, _, config) } @@ -1675,11 +1675,13 @@ private module MkStage { // use an alias as a workaround for bad functionality-induced joins pragma[nomagic] - predicate revFlowAlias(NodeEx node, Configuration config) { revFlow(node, _, _, _, _, config) } + additional predicate revFlowAlias(NodeEx node, Configuration config) { + revFlow(node, _, _, _, _, config) + } // use an alias as a workaround for bad functionality-induced joins pragma[nomagic] - predicate revFlowAlias(NodeEx node, FlowState state, Ap ap, Configuration config) { + additional predicate revFlowAlias(NodeEx node, FlowState state, Ap ap, Configuration config) { revFlow(node, state, ap, config) } @@ -1700,7 +1702,7 @@ private module MkStage { ) } - predicate consCand(TypedContent tc, Ap ap, Configuration config) { + additional predicate consCand(TypedContent tc, Ap ap, Configuration config) { revConsCand(tc, ap, config) and validAp(ap, config) } @@ -1742,7 +1744,7 @@ private module MkStage { ) } - predicate stats( + additional predicate stats( boolean fwd, int nodes, int fields, int conscand, int states, int tuples, Configuration config ) { fwd = true and diff --git a/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowNodes.qll b/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowNodes.qll index e4fc3a01aa5..5c16102b066 100644 --- a/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowNodes.qll +++ b/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowNodes.qll @@ -463,11 +463,7 @@ module Private { c.asSummarizedCallable() = sc and pos = pos_ } - Type getTypeImpl() { - result = sc.getParameter(pos_).getType() - or - pos_ = -1 and result = sc.getDeclaringType() - } + Type getTypeImpl() { result = sc.getParameterType(pos_) } } } diff --git a/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowPrivate.qll b/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowPrivate.qll index d3a833d2438..6888899079c 100644 --- a/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowPrivate.qll +++ b/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowPrivate.qll @@ -83,6 +83,8 @@ predicate jumpStep(Node node1, Node node2) { or any(AdditionalValueStep a).step(node1, node2) and node1.getEnclosingCallable() != node2.getEnclosingCallable() + or + FlowSummaryImpl::Private::Steps::summaryJumpStep(node1, node2) } /** @@ -241,12 +243,6 @@ class DataFlowCallable extends TDataFlowCallable { Field asFieldScope() { this = TFieldScope(result) } - RefType getDeclaringType() { - result = this.asCallable().getDeclaringType() or - result = this.asSummarizedCallable().getDeclaringType() or - result = this.asFieldScope().getDeclaringType() - } - string toString() { result = this.asCallable().toString() or result = "Synthetic: " + this.asSummarizedCallable().toString() or diff --git a/java/ql/lib/semmle/code/java/dataflow/internal/FlowSummaryImpl.qll b/java/ql/lib/semmle/code/java/dataflow/internal/FlowSummaryImpl.qll index a13c7cd1224..275569b4c02 100644 --- a/java/ql/lib/semmle/code/java/dataflow/internal/FlowSummaryImpl.qll +++ b/java/ql/lib/semmle/code/java/dataflow/internal/FlowSummaryImpl.qll @@ -61,6 +61,20 @@ module Public { /** Gets a summary component for a return of kind `rk`. */ SummaryComponent return(ReturnKind rk) { result = TReturnSummaryComponent(rk) } + + /** Gets a summary component for synthetic global `sg`. */ + SummaryComponent syntheticGlobal(SyntheticGlobal sg) { + result = TSyntheticGlobalSummaryComponent(sg) + } + + /** + * A synthetic global. This represents some form of global state, which + * summaries can read and write individually. + */ + abstract class SyntheticGlobal extends string { + bindingset[this] + SyntheticGlobal() { any() } + } } /** @@ -256,6 +270,7 @@ module Private { TParameterSummaryComponent(ArgumentPosition pos) or TArgumentSummaryComponent(ParameterPosition pos) or TReturnSummaryComponent(ReturnKind rk) or + TSyntheticGlobalSummaryComponent(SummaryComponent::SyntheticGlobal sg) or TWithoutContentSummaryComponent(ContentSet c) or TWithContentSummaryComponent(ContentSet c) @@ -563,6 +578,11 @@ module Private { getCallbackReturnType(getNodeType(summaryNodeInputState(pragma[only_bind_out](c), s.tail())), rk) ) + or + exists(SummaryComponent::SyntheticGlobal sg | + head = TSyntheticGlobalSummaryComponent(sg) and + result = getSyntheticGlobalType(sg) + ) ) or n = summaryNodeOutputState(c, s) and @@ -582,6 +602,11 @@ module Private { getCallbackParameterType(getNodeType(summaryNodeInputState(pragma[only_bind_out](c), s.tail())), pos) ) + or + exists(SummaryComponent::SyntheticGlobal sg | + head = TSyntheticGlobalSummaryComponent(sg) and + result = getSyntheticGlobalType(sg) + ) ) ) } @@ -692,6 +717,18 @@ module Private { ) } + /** + * Holds if there is a jump step from `pred` to `succ`, which is synthesized + * from a flow summary. + */ + predicate summaryJumpStep(Node pred, Node succ) { + exists(SummaryComponentStack s | + s = SummaryComponentStack::singleton(SummaryComponent::syntheticGlobal(_)) and + pred = summaryNodeOutputState(_, s) and + succ = summaryNodeInputState(_, s) + ) + } + /** * Holds if values stored inside content `c` are cleared at `n`. `n` is a * synthesized summary node, so in order for values to be cleared at calls @@ -871,18 +908,28 @@ module Private { AccessPathRange() { relevantSpec(this) } } - /** Holds if specification component `c` parses as parameter `n`. */ + /** Holds if specification component `token` parses as parameter `pos`. */ predicate parseParam(AccessPathToken token, ArgumentPosition pos) { token.getName() = "Parameter" and pos = parseParamBody(token.getAnArgument()) } - /** Holds if specification component `c` parses as argument `n`. */ + /** Holds if specification component `token` parses as argument `pos`. */ predicate parseArg(AccessPathToken token, ParameterPosition pos) { token.getName() = "Argument" and pos = parseArgBody(token.getAnArgument()) } + /** Holds if specification component `token` parses as synthetic global `sg`. */ + predicate parseSynthGlobal(AccessPathToken token, string sg) { + token.getName() = "SyntheticGlobal" and + sg = token.getAnArgument() + } + + private class SyntheticGlobalFromAccessPath extends SummaryComponent::SyntheticGlobal { + SyntheticGlobalFromAccessPath() { parseSynthGlobal(_, this) } + } + private SummaryComponent interpretComponent(AccessPathToken token) { exists(ParameterPosition pos | parseArg(token, pos) and result = SummaryComponent::argument(pos) @@ -894,6 +941,10 @@ module Private { or token = "ReturnValue" and result = SummaryComponent::return(getReturnValueKind()) or + exists(string sg | + parseSynthGlobal(token, sg) and result = SummaryComponent::syntheticGlobal(sg) + ) + or result = interpretComponentSpecific(token) } diff --git a/java/ql/lib/semmle/code/java/dataflow/internal/FlowSummaryImplSpecific.qll b/java/ql/lib/semmle/code/java/dataflow/internal/FlowSummaryImplSpecific.qll index 1dfca1e6c4c..87cb0dace0e 100644 --- a/java/ql/lib/semmle/code/java/dataflow/internal/FlowSummaryImplSpecific.qll +++ b/java/ql/lib/semmle/code/java/dataflow/internal/FlowSummaryImplSpecific.qll @@ -9,12 +9,9 @@ private import DataFlowUtil private import FlowSummaryImpl::Private private import FlowSummaryImpl::Public private import semmle.code.java.dataflow.ExternalFlow +private import semmle.code.java.dataflow.FlowSummary as FlowSummary -private module FlowSummaries { - private import semmle.code.java.dataflow.FlowSummary as F -} - -class SummarizedCallableBase = Callable; +class SummarizedCallableBase = FlowSummary::SummarizedCallableBase; DataFlowCallable inject(SummarizedCallable c) { result.asSummarizedCallable() = c } @@ -55,6 +52,12 @@ DataFlowType getCallbackReturnType(DataFlowType t, ReturnKind rk) { exists(rk) } +/** Gets the type of synthetic global `sg`. */ +DataFlowType getSyntheticGlobalType(SummaryComponent::SyntheticGlobal sg) { + exists(sg) and + result instanceof TypeObject +} + bindingset[provenance] private boolean isGenerated(string provenance) { provenance = "generated" and result = true @@ -67,14 +70,16 @@ private boolean isGenerated(string provenance) { * `input`, output specification `output`, kind `kind`, and a flag `generated` * stating whether the summary is autogenerated. */ -predicate summaryElement(Callable c, string input, string output, string kind, boolean generated) { +predicate summaryElement( + SummarizedCallableBase c, string input, string output, string kind, boolean generated +) { exists( string namespace, string type, boolean subtypes, string name, string signature, string ext, string provenance | summaryModel(namespace, type, subtypes, name, signature, ext, input, output, kind, provenance) and generated = isGenerated(provenance) and - c = interpretElement(namespace, type, subtypes, name, signature, ext) + c.asCallable() = interpretElement(namespace, type, subtypes, name, signature, ext) ) } @@ -82,11 +87,11 @@ predicate summaryElement(Callable c, string input, string output, string kind, b * Holds if a negative flow summary exists for `c`, which means that there is no * flow through `c`. The flag `generated` states whether the summary is autogenerated. */ -predicate negativeSummaryElement(Callable c, boolean generated) { +predicate negativeSummaryElement(SummarizedCallableBase c, boolean generated) { exists(string namespace, string type, string name, string signature, string provenance | negativeSummaryModel(namespace, type, name, signature, provenance) and generated = isGenerated(provenance) and - c = interpretElement(namespace, type, false, name, signature, "") + c.asCallable() = interpretElement(namespace, type, false, name, signature, "") ) } diff --git a/java/ql/lib/semmle/code/java/deadcode/DeadCode.qll b/java/ql/lib/semmle/code/java/deadcode/DeadCode.qll index 8dbb9bb530e..edeb9e9dccf 100644 --- a/java/ql/lib/semmle/code/java/deadcode/DeadCode.qll +++ b/java/ql/lib/semmle/code/java/deadcode/DeadCode.qll @@ -304,6 +304,15 @@ class RootdefCallable extends Callable { this.getAnAnnotation() instanceof OverrideAnnotation or this.hasModifier("override") + or + // Exclude generated callables, such as `...$default` ones extracted from Kotlin code. + this.isCompilerGenerated() + or + // Exclude Kotlin serialization constructors. + this.(Constructor) + .getParameterType(this.getNumberOfParameters() - 1) + .(RefType) + .hasQualifiedName("kotlinx.serialization.internal", "SerializationConstructorMarker") } } diff --git a/java/ql/lib/semmle/code/java/frameworks/Stream.qll b/java/ql/lib/semmle/code/java/frameworks/Stream.qll index 5f6dcf38f86..0c1347044c5 100644 --- a/java/ql/lib/semmle/code/java/frameworks/Stream.qll +++ b/java/ql/lib/semmle/code/java/frameworks/Stream.qll @@ -1,6 +1,101 @@ /** Definitions related to `java.util.stream`. */ private import semmle.code.java.dataflow.ExternalFlow +private import semmle.code.java.dataflow.FlowSummary + +private class CollectCall extends MethodAccess { + CollectCall() { + this.getMethod() + .getSourceDeclaration() + .hasQualifiedName("java.util.stream", "Stream", "collect") + } +} + +private class Collector extends MethodAccess { + Collector() { + this.getMethod().getDeclaringType().hasQualifiedName("java.util.stream", "Collectors") + } + + predicate hasName(string name) { this.getMethod().hasName(name) } +} + +private class CollectToContainer extends SyntheticCallable { + CollectToContainer() { this = "java.util.stream.collect()+Collectors.[toList,...]" } + + override Call getACall() { + result + .(CollectCall) + .getArgument(0) + .(Collector) + .hasName([ + "maxBy", "minBy", "toCollection", "toList", "toSet", "toUnmodifiableList", + "toUnmodifiableSet" + ]) + } + + override predicate propagatesFlow( + SummaryComponentStack input, SummaryComponentStack output, boolean preservesValue + ) { + input = SummaryComponentStack::elementOf(SummaryComponentStack::qualifier()) and + output = SummaryComponentStack::elementOf(SummaryComponentStack::return()) and + preservesValue = true + } +} + +private class CollectToJoining extends SyntheticCallable { + CollectToJoining() { this = "java.util.stream.collect()+Collectors.joining" } + + override Call getACall() { result.(CollectCall).getArgument(0).(Collector).hasName("joining") } + + override predicate propagatesFlow( + SummaryComponentStack input, SummaryComponentStack output, boolean preservesValue + ) { + input = SummaryComponentStack::elementOf(SummaryComponentStack::qualifier()) and + output = SummaryComponentStack::return() and + preservesValue = false + } + + override Type getReturnType() { result instanceof TypeString } +} + +private class CollectToGroupingBy extends SyntheticCallable { + CollectToGroupingBy() { + this = "java.util.stream.collect()+Collectors.[groupingBy(Function),...]" + } + + override Call getACall() { + exists(Method m | + m = result.(CollectCall).getArgument(0).(Collector).getMethod() and + m.hasName(["groupingBy", "groupingByConcurrent", "partitioningBy"]) and + m.getNumberOfParameters() = 1 + ) + } + + override predicate propagatesFlow( + SummaryComponentStack input, SummaryComponentStack output, boolean preservesValue + ) { + input = SummaryComponentStack::elementOf(SummaryComponentStack::qualifier()) and + output = + SummaryComponentStack::elementOf(SummaryComponentStack::mapValueOf(SummaryComponentStack::return())) and + preservesValue = true + } +} + +private class RequiredComponentStackForCollect extends RequiredSummaryComponentStack { + override predicate required(SummaryComponent head, SummaryComponentStack tail) { + head = SummaryComponent::element() and + tail = SummaryComponentStack::qualifier() + or + head = SummaryComponent::element() and + tail = SummaryComponentStack::return() + or + head = SummaryComponent::element() and + tail = SummaryComponentStack::mapValueOf(SummaryComponentStack::return()) + or + head = SummaryComponent::mapValue() and + tail = SummaryComponentStack::return() + } +} private class StreamModel extends SummaryModelCsv { override predicate row(string s) { @@ -19,7 +114,7 @@ private class StreamModel extends SummaryModelCsv { "java.util.stream;Stream;true;collect;(Supplier,BiConsumer,BiConsumer);;Argument[1].Parameter[0];Argument[2].Parameter[0..1];value;manual", "java.util.stream;Stream;true;collect;(Supplier,BiConsumer,BiConsumer);;Argument[2].Parameter[0..1];Argument[1].Parameter[0];value;manual", "java.util.stream;Stream;true;collect;(Supplier,BiConsumer,BiConsumer);;Argument[-1].Element;Argument[1].Parameter[1];value;manual", - // Missing: collect(Collector collector) + // collect(Collector collector) is handled separately on a case-by-case basis as it is too complex for MaD "java.util.stream;Stream;true;concat;(Stream,Stream);;Argument[0..1].Element;ReturnValue.Element;value;manual", "java.util.stream;Stream;true;distinct;();;Argument[-1].Element;ReturnValue.Element;value;manual", "java.util.stream;Stream;true;dropWhile;(Predicate);;Argument[-1].Element;Argument[0].Parameter[0];value;manual", diff --git a/java/ql/lib/semmle/code/java/security/UnsafeContentUriResolution.qll b/java/ql/lib/semmle/code/java/security/UnsafeContentUriResolution.qll new file mode 100644 index 00000000000..9a12d075e46 --- /dev/null +++ b/java/ql/lib/semmle/code/java/security/UnsafeContentUriResolution.qll @@ -0,0 +1,87 @@ +/** Provides classes to reason about vulnerabilites related to content URIs. */ + +import java +private import semmle.code.java.dataflow.TaintTracking +private import semmle.code.java.frameworks.android.Android +private import semmle.code.java.security.PathSanitizer + +/** A URI that gets resolved by a `ContentResolver`. */ +abstract class ContentUriResolutionSink extends DataFlow::Node { } + +/** A sanitizer for content URIs. */ +abstract class ContentUriResolutionSanitizer extends DataFlow::Node { } + +/** + * A unit class for adding additional taint steps to configurations related to + * content URI resolution vulnerabilities. + */ +class ContentUriResolutionAdditionalTaintStep extends Unit { + /** Holds if the step from `node1` to `node2` should be considered an additional taint step. */ + abstract predicate step(DataFlow::Node node1, DataFlow::Node node2); +} + +/** The URI argument of a call to a `ContentResolver` URI-opening method. */ +private class DefaultContentUriResolutionSink extends ContentUriResolutionSink { + DefaultContentUriResolutionSink() { + exists(MethodAccess ma | + ma.getMethod() instanceof UriOpeningContentResolverMethod and + this.asExpr() = ma.getAnArgument() and + this.getType().(RefType).hasQualifiedName("android.net", "Uri") + ) + } +} + +/** A `ContentResolver` method that resolves a URI. */ +private class UriOpeningContentResolverMethod extends Method { + UriOpeningContentResolverMethod() { + this.hasName([ + "openInputStream", "openOutputStream", "openAssetFile", "openAssetFileDescriptor", + "openFile", "openFileDescriptor", "openTypedAssetFile", "openTypedAssetFileDescriptor", + ]) and + this.getDeclaringType() instanceof AndroidContentResolver + } +} + +private class UninterestingTypeSanitizer extends ContentUriResolutionSanitizer { + UninterestingTypeSanitizer() { + this.getType() instanceof BoxedType or + this.getType() instanceof PrimitiveType or + this.getType() instanceof NumberType + } +} + +private class PathSanitizer extends ContentUriResolutionSanitizer instanceof PathInjectionSanitizer { +} + +private class FilenameOnlySanitizer extends ContentUriResolutionSanitizer { + FilenameOnlySanitizer() { + exists(Method m | this.asExpr().(MethodAccess).getMethod() = m | + m.hasQualifiedName("java.io", "File", "getName") or + m.hasQualifiedName("kotlin.io", "FilesKt", ["getNameWithoutExtension", "getExtension"]) or + m.hasQualifiedName("org.apache.commons.io", "FilenameUtils", "getName") + ) + } +} + +/** + * A `ContentUriResolutionSink` that flows to an image-decoding function. + * Such functions raise exceptions when the input is not a valid image, + * which prevents accessing arbitrary non-image files. + */ +private class DecodedAsAnImageSanitizer extends ContentUriResolutionSanitizer { + DecodedAsAnImageSanitizer() { + exists(Argument decodeArg, MethodAccess decode | + decode.getArgument(0) = decodeArg and + decode + .getMethod() + .hasQualifiedName("android.graphics", "BitmapFactory", + [ + "decodeByteArray", "decodeFile", "decodeFileDescriptor", "decodeResource", + "decodeStream" + ]) + | + TaintTracking::localExprTaint(this.(ContentUriResolutionSink).asExpr().(Argument).getCall(), + decodeArg) + ) + } +} diff --git a/java/ql/lib/semmle/code/java/security/UnsafeContentUriResolutionQuery.qll b/java/ql/lib/semmle/code/java/security/UnsafeContentUriResolutionQuery.qll new file mode 100644 index 00000000000..b362a5dceeb --- /dev/null +++ b/java/ql/lib/semmle/code/java/security/UnsafeContentUriResolutionQuery.qll @@ -0,0 +1,24 @@ +/** Provides taint tracking configurations to be used in unsafe content URI resolution queries. */ + +import java +import semmle.code.java.dataflow.ExternalFlow +import semmle.code.java.dataflow.FlowSources +import semmle.code.java.dataflow.TaintTracking +import semmle.code.java.security.UnsafeContentUriResolution + +/** A taint-tracking configuration to find paths from remote sources to content URI resolutions. */ +class UnsafeContentResolutionConf extends TaintTracking::Configuration { + UnsafeContentResolutionConf() { this = "UnsafeContentResolutionConf" } + + override predicate isSource(DataFlow::Node src) { src instanceof RemoteFlowSource } + + override predicate isSink(DataFlow::Node sink) { sink instanceof ContentUriResolutionSink } + + override predicate isSanitizer(DataFlow::Node sanitizer) { + sanitizer instanceof ContentUriResolutionSanitizer + } + + override predicate isAdditionalTaintStep(DataFlow::Node node1, DataFlow::Node node2) { + any(ContentUriResolutionAdditionalTaintStep s).step(node1, node2) + } +} diff --git a/java/ql/lib/semmle/code/java/security/regexp/ExponentialBackTracking.qll b/java/ql/lib/semmle/code/java/security/regexp/ExponentialBackTracking.qll index d006837466b..4a608890249 100644 --- a/java/ql/lib/semmle/code/java/security/regexp/ExponentialBackTracking.qll +++ b/java/ql/lib/semmle/code/java/security/regexp/ExponentialBackTracking.qll @@ -202,7 +202,7 @@ private predicate isFork(State q, InputSymbol s1, InputSymbol s2, State r1, Stat // // We additionally require that the there exists another InfiniteRepetitionQuantifier `mid` on the path from `q` to itself. // This is done to avoid flagging regular expressions such as `/(a?)*b/` - that only has polynomial runtime, and is detected by `js/polynomial-redos`. - // The below code is therefore a heuritic, that only flags regular expressions such as `/(a*)*b/`, + // The below code is therefore a heuristic, that only flags regular expressions such as `/(a*)*b/`, // and does not flag regular expressions such as `/(a?b?)c/`, but the latter pattern is not used frequently. r1 = r2 and q1 = q2 and diff --git a/java/ql/lib/semmle/code/java/security/regexp/NfaUtils.qll b/java/ql/lib/semmle/code/java/security/regexp/NfaUtils.qll index 5112bdad11e..a6e4db6764e 100644 --- a/java/ql/lib/semmle/code/java/security/regexp/NfaUtils.qll +++ b/java/ql/lib/semmle/code/java/security/regexp/NfaUtils.qll @@ -59,8 +59,8 @@ predicate matchesEpsilon(RegExpTerm t) { /** * A lookahead/lookbehind that matches the empty string. */ -class EmptyPositiveSubPatttern extends RegExpSubPattern { - EmptyPositiveSubPatttern() { +class EmptyPositiveSubPattern extends RegExpSubPattern { + EmptyPositiveSubPattern() { ( this instanceof RegExpPositiveLookahead or @@ -70,6 +70,9 @@ class EmptyPositiveSubPatttern extends RegExpSubPattern { } } +/** DEPRECATED: Use `EmptyPositiveSubPattern` instead. */ +deprecated class EmptyPositiveSubPatttern = EmptyPositiveSubPattern; + /** * A branch in a disjunction that is the root node in a literal, or a literal * whose root node is not a disjunction. @@ -133,7 +136,7 @@ private predicate isCanonicalTerm(RelevantRegExpTerm term, string str) { } /** - * Gets a string reperesentation of the flags used with the regular expression. + * Gets a string representation of the flags used with the regular expression. * Only the flags that are relevant for the canonicalization are included. */ string getCanonicalizationFlags(RegExpTerm root) { @@ -334,7 +337,7 @@ private module CharacterClasses { ) } - private string lowercaseLetter() { result = "abdcefghijklmnopqrstuvwxyz".charAt(_) } + private string lowercaseLetter() { result = "abcdefghijklmnopqrstuvwxyz".charAt(_) } private string upperCaseLetter() { result = "ABCDEFGHIJKLMNOPQRSTUVWXYZ".charAt(_) } @@ -697,9 +700,7 @@ predicate delta(State q1, EdgeLabel lbl, State q2) { lbl = Epsilon() and q2 = Accept(getRoot(dollar)) ) or - exists(EmptyPositiveSubPatttern empty | q1 = before(empty) | - lbl = Epsilon() and q2 = after(empty) - ) + exists(EmptyPositiveSubPattern empty | q1 = before(empty) | lbl = Epsilon() and q2 = after(empty)) } /** @@ -1028,7 +1029,7 @@ module ReDoSPruning { * as the suffix "X" will cause both the regular expressions to be rejected. * * The string `w` is repeated any number of times because it needs to be - * infinitely repeatedable for the attack to work. + * infinitely repeatable for the attack to work. * For the regular expression `/((ab)+)*abab/` the accepting state is not reachable from the fork * using epsilon transitions. But any attempt at repeating `w` will end in a state that accepts all suffixes. */ diff --git a/java/ql/lib/semmle/code/java/security/regexp/SuperlinearBackTracking.qll b/java/ql/lib/semmle/code/java/security/regexp/SuperlinearBackTracking.qll index c818e89ffa6..14a69dc0644 100644 --- a/java/ql/lib/semmle/code/java/security/regexp/SuperlinearBackTracking.qll +++ b/java/ql/lib/semmle/code/java/security/regexp/SuperlinearBackTracking.qll @@ -76,7 +76,7 @@ class StateTuple extends TStateTuple { StateTuple() { this = MkStateTuple(q1, q2, q3) } /** - * Gest a string repesentation of this tuple. + * Gest a string representation of this tuple. */ string toString() { result = "(" + q1 + ", " + q2 + ", " + q3 + ")" } diff --git a/java/ql/lib/semmle/code/xml/AndroidManifest.qll b/java/ql/lib/semmle/code/xml/AndroidManifest.qll index f53da67a650..c18b32751ed 100644 --- a/java/ql/lib/semmle/code/xml/AndroidManifest.qll +++ b/java/ql/lib/semmle/code/xml/AndroidManifest.qll @@ -180,6 +180,17 @@ class AndroidProviderXmlElement extends AndroidComponentXmlElement { attr.getValue() = "true" ) } + + /** + * Holds if the provider element is only protected by either `android:readPermission` or `android:writePermission`. + */ + predicate hasIncompletePermissions() { + ( + this.getAnAttribute().(AndroidPermissionXmlAttribute).isWrite() or + this.getAnAttribute().(AndroidPermissionXmlAttribute).isRead() + ) and + not this.requiresPermissions() + } } /** diff --git a/java/ql/lib/upgrades/ecb42310286011ada450ff65b9b417509863549f/old.dbscheme b/java/ql/lib/upgrades/ecb42310286011ada450ff65b9b417509863549f/old.dbscheme new file mode 100644 index 00000000000..ecb42310286 --- /dev/null +++ b/java/ql/lib/upgrades/ecb42310286011ada450ff65b9b417509863549f/old.dbscheme @@ -0,0 +1,1240 @@ +/** + * An invocation of the compiler. Note that more than one file may be + * compiled per invocation. For example, this command compiles three + * source files: + * + * javac A.java B.java C.java + * + * The `id` simply identifies the invocation, while `cwd` is the working + * directory from which the compiler was invoked. + */ +compilations( + /** + * An invocation of the compiler. Note that more than one file may + * be compiled per invocation. For example, this command compiles + * three source files: + * + * javac A.java B.java C.java + */ + unique int id : @compilation, + int kind: int ref, + string cwd : string ref, + string name : string ref +); + +case @compilation.kind of + 1 = @javacompilation +| 2 = @kotlincompilation +; + +compilation_started( + int id : @compilation ref +) + +/** + * The arguments that were passed to the extractor for a compiler + * invocation. If `id` is for the compiler invocation + * + * javac A.java B.java C.java + * + * then typically there will be rows for + * + * num | arg + * --- | --- + * 0 | *path to extractor* + * 1 | `--javac-args` + * 2 | A.java + * 3 | B.java + * 4 | C.java + */ +#keyset[id, num] +compilation_args( + int id : @compilation ref, + int num : int ref, + string arg : string ref +); + +/** + * The source files that are compiled by a compiler invocation. + * If `id` is for the compiler invocation + * + * javac A.java B.java C.java + * + * then there will be rows for + * + * num | arg + * --- | --- + * 0 | A.java + * 1 | B.java + * 2 | C.java + */ +#keyset[id, num] +compilation_compiling_files( + int id : @compilation ref, + int num : int ref, + int file : @file ref +); + +/** + * For each file recorded in `compilation_compiling_files`, + * there will be a corresponding row in + * `compilation_compiling_files_completed` once extraction + * of that file is complete. The `result` will indicate the + * extraction result: + * + * 0: Successfully extracted + * 1: Errors were encountered, but extraction recovered + * 2: Errors were encountered, and extraction could not recover + */ +#keyset[id, num] +compilation_compiling_files_completed( + int id : @compilation ref, + int num : int ref, + int result : int ref +); + +/** + * The time taken by the extractor for a compiler invocation. + * + * For each file `num`, there will be rows for + * + * kind | seconds + * ---- | --- + * 1 | CPU seconds used by the extractor frontend + * 2 | Elapsed seconds during the extractor frontend + * 3 | CPU seconds used by the extractor backend + * 4 | Elapsed seconds during the extractor backend + */ +#keyset[id, num, kind] +compilation_time( + int id : @compilation ref, + int num : int ref, + /* kind: + 1 = frontend_cpu_seconds + 2 = frontend_elapsed_seconds + 3 = extractor_cpu_seconds + 4 = extractor_elapsed_seconds + */ + int kind : int ref, + float seconds : float ref +); + +/** + * An error or warning generated by the extractor. + * The diagnostic message `diagnostic` was generated during compiler + * invocation `compilation`, and is the `file_number_diagnostic_number`th + * message generated while extracting the `file_number`th file of that + * invocation. + */ +#keyset[compilation, file_number, file_number_diagnostic_number] +diagnostic_for( + unique int diagnostic : @diagnostic ref, + int compilation : @compilation ref, + int file_number : int ref, + int file_number_diagnostic_number : int ref +); + +/** + * The `cpu_seconds` and `elapsed_seconds` are the CPU time and elapsed + * time (respectively) that the original compilation (not the extraction) + * took for compiler invocation `id`. + */ +compilation_compiler_times( + unique int id : @compilation ref, + float cpu_seconds : float ref, + float elapsed_seconds : float ref +); + +/** + * If extraction was successful, then `cpu_seconds` and + * `elapsed_seconds` are the CPU time and elapsed time (respectively) + * that extraction took for compiler invocation `id`. + * The `result` will indicate the extraction result: + * + * 0: Successfully extracted + * 1: Errors were encountered, but extraction recovered + * 2: Errors were encountered, and extraction could not recover + */ +compilation_finished( + unique int id : @compilation ref, + float cpu_seconds : float ref, + float elapsed_seconds : float ref, + int result : int ref +); + +diagnostics( + unique int id: @diagnostic, + string generated_by: string ref, // TODO: Sync this with the other languages? + int severity: int ref, + string error_tag: string ref, + string error_message: string ref, + string full_error_message: string ref, + int location: @location_default ref +); + +/* + * External artifacts + */ + +externalData( + int id : @externalDataElement, + string path : string ref, + int column: int ref, + string value : string ref +); + +snapshotDate( + unique date snapshotDate : date ref +); + +sourceLocationPrefix( + string prefix : string ref +); + +/* + * Duplicate code + */ + +duplicateCode( + unique int id : @duplication, + string relativePath : string ref, + int equivClass : int ref +); + +similarCode( + unique int id : @similarity, + string relativePath : string ref, + int equivClass : int ref +); + +@duplication_or_similarity = @duplication | @similarity + +tokens( + int id : @duplication_or_similarity ref, + int offset : int ref, + int beginLine : int ref, + int beginColumn : int ref, + int endLine : int ref, + int endColumn : int ref +); + +/* + * SMAP + */ + +smap_header( + int outputFileId: @file ref, + string outputFilename: string ref, + string defaultStratum: string ref +); + +smap_files( + int outputFileId: @file ref, + string stratum: string ref, + int inputFileNum: int ref, + string inputFileName: string ref, + int inputFileId: @file ref +); + +smap_lines( + int outputFileId: @file ref, + string stratum: string ref, + int inputFileNum: int ref, + int inputStartLine: int ref, + int inputLineCount: int ref, + int outputStartLine: int ref, + int outputLineIncrement: int ref +); + +/* + * Locations and files + */ + +@location = @location_default ; + +locations_default( + unique int id: @location_default, + int file: @file ref, + int beginLine: int ref, + int beginColumn: int ref, + int endLine: int ref, + int endColumn: int ref +); + +hasLocation( + int locatableid: @locatable ref, + int id: @location ref +); + +@sourceline = @locatable ; + +#keyset[element_id] +numlines( + int element_id: @sourceline ref, + int num_lines: int ref, + int num_code: int ref, + int num_comment: int ref +); + +files( + unique int id: @file, + string name: string ref +); + +folders( + unique int id: @folder, + string name: string ref +); + +@container = @folder | @file + +containerparent( + int parent: @container ref, + unique int child: @container ref +); + +/* + * Java + */ + +cupackage( + unique int id: @file ref, + int packageid: @package ref +); + +#keyset[fileid,keyName] +jarManifestMain( + int fileid: @file ref, + string keyName: string ref, + string value: string ref +); + +#keyset[fileid,entryName,keyName] +jarManifestEntries( + int fileid: @file ref, + string entryName: string ref, + string keyName: string ref, + string value: string ref +); + +packages( + unique int id: @package, + string nodeName: string ref +); + +primitives( + unique int id: @primitive, + string nodeName: string ref +); + +modifiers( + unique int id: @modifier, + string nodeName: string ref +); + +/** + * An errortype is used when the extractor is unable to extract a type + * correctly for some reason. + */ +error_type( + unique int id: @errortype +); + +classes( + unique int id: @class, + string nodeName: string ref, + int parentid: @package ref, + int sourceid: @class ref +); + +file_class( + int id: @class ref +); + +class_object( + unique int id: @class ref, + unique int instance: @field ref +); + +type_companion_object( + unique int id: @classorinterface ref, + unique int instance: @field ref, + unique int companion_object: @class ref +); + +kt_nullable_types( + unique int id: @kt_nullable_type, + int classid: @reftype ref +) + +kt_notnull_types( + unique int id: @kt_notnull_type, + int classid: @reftype ref +) + +kt_type_alias( + unique int id: @kt_type_alias, + string name: string ref, + int kttypeid: @kt_type ref +) + +@kt_type = @kt_nullable_type | @kt_notnull_type + +isRecord( + unique int id: @class ref +); + +interfaces( + unique int id: @interface, + string nodeName: string ref, + int parentid: @package ref, + int sourceid: @interface ref +); + +fielddecls( + unique int id: @fielddecl, + int parentid: @reftype ref +); + +#keyset[fieldId] #keyset[fieldDeclId,pos] +fieldDeclaredIn( + int fieldId: @field ref, + int fieldDeclId: @fielddecl ref, + int pos: int ref +); + +fields( + unique int id: @field, + string nodeName: string ref, + int typeid: @type ref, + int parentid: @reftype ref, + int sourceid: @field ref +); + +fieldsKotlinType( + unique int id: @field ref, + int kttypeid: @kt_type ref +); + +constrs( + unique int id: @constructor, + string nodeName: string ref, + string signature: string ref, + int typeid: @type ref, + int parentid: @reftype ref, + int sourceid: @constructor ref +); + +constrsKotlinType( + unique int id: @constructor ref, + int kttypeid: @kt_type ref +); + +methods( + unique int id: @method, + string nodeName: string ref, + string signature: string ref, + int typeid: @type ref, + int parentid: @reftype ref, + int sourceid: @method ref +); + +methodsKotlinType( + unique int id: @method ref, + int kttypeid: @kt_type ref +); + +#keyset[parentid,pos] +params( + unique int id: @param, + int typeid: @type ref, + int pos: int ref, + int parentid: @callable ref, + int sourceid: @param ref +); + +paramsKotlinType( + unique int id: @param ref, + int kttypeid: @kt_type ref +); + +paramName( + unique int id: @param ref, + string nodeName: string ref +); + +isVarargsParam( + int param: @param ref +); + +exceptions( + unique int id: @exception, + int typeid: @type ref, + int parentid: @callable ref +); + +isAnnotType( + int interfaceid: @interface ref +); + +isAnnotElem( + int methodid: @method ref +); + +annotValue( + int parentid: @annotation ref, + int id2: @method ref, + unique int value: @expr ref +); + +isEnumType( + int classid: @class ref +); + +isEnumConst( + int fieldid: @field ref +); + +#keyset[parentid,pos] +typeVars( + unique int id: @typevariable, + string nodeName: string ref, + int pos: int ref, + int kind: int ref, // deprecated + int parentid: @classorinterfaceorcallable ref +); + +wildcards( + unique int id: @wildcard, + string nodeName: string ref, + int kind: int ref +); + +#keyset[parentid,pos] +typeBounds( + unique int id: @typebound, + int typeid: @reftype ref, + int pos: int ref, + int parentid: @boundedtype ref +); + +#keyset[parentid,pos] +typeArgs( + int argumentid: @reftype ref, + int pos: int ref, + int parentid: @classorinterfaceorcallable ref +); + +isParameterized( + int memberid: @member ref +); + +isRaw( + int memberid: @member ref +); + +erasure( + unique int memberid: @member ref, + int erasureid: @member ref +); + +#keyset[classid] #keyset[parent] +isAnonymClass( + int classid: @class ref, + int parent: @classinstancexpr ref +); + +#keyset[typeid] #keyset[parent] +isLocalClassOrInterface( + int typeid: @classorinterface ref, + int parent: @localtypedeclstmt ref +); + +isDefConstr( + int constructorid: @constructor ref +); + +#keyset[exprId] +lambdaKind( + int exprId: @lambdaexpr ref, + int bodyKind: int ref +); + +arrays( + unique int id: @array, + string nodeName: string ref, + int elementtypeid: @type ref, + int dimension: int ref, + int componenttypeid: @type ref +); + +enclInReftype( + unique int child: @reftype ref, + int parent: @reftype ref +); + +extendsReftype( + int id1: @reftype ref, + int id2: @classorinterface ref +); + +implInterface( + int id1: @classorarray ref, + int id2: @interface ref +); + +permits( + int id1: @classorinterface ref, + int id2: @classorinterface ref +); + +hasModifier( + int id1: @modifiable ref, + int id2: @modifier ref +); + +imports( + unique int id: @import, + int holder: @classorinterfaceorpackage ref, + string name: string ref, + int kind: int ref +); + +#keyset[parent,idx] +stmts( + unique int id: @stmt, + int kind: int ref, + int parent: @stmtparent ref, + int idx: int ref, + int bodydecl: @callable ref +); + +@stmtparent = @callable | @stmt | @switchexpr | @whenexpr| @stmtexpr; + +case @stmt.kind of + 0 = @block +| 1 = @ifstmt +| 2 = @forstmt +| 3 = @enhancedforstmt +| 4 = @whilestmt +| 5 = @dostmt +| 6 = @trystmt +| 7 = @switchstmt +| 8 = @synchronizedstmt +| 9 = @returnstmt +| 10 = @throwstmt +| 11 = @breakstmt +| 12 = @continuestmt +| 13 = @emptystmt +| 14 = @exprstmt +| 15 = @labeledstmt +| 16 = @assertstmt +| 17 = @localvariabledeclstmt +| 18 = @localtypedeclstmt +| 19 = @constructorinvocationstmt +| 20 = @superconstructorinvocationstmt +| 21 = @case +| 22 = @catchclause +| 23 = @yieldstmt +| 24 = @errorstmt +| 25 = @whenbranch +; + +#keyset[parent,idx] +exprs( + unique int id: @expr, + int kind: int ref, + int typeid: @type ref, + int parent: @exprparent ref, + int idx: int ref +); + +exprsKotlinType( + unique int id: @expr ref, + int kttypeid: @kt_type ref +); + +callableEnclosingExpr( + unique int id: @expr ref, + int callable_id: @callable ref +); + +statementEnclosingExpr( + unique int id: @expr ref, + int statement_id: @stmt ref +); + +isParenthesized( + unique int id: @expr ref, + int parentheses: int ref +); + +case @expr.kind of + 1 = @arrayaccess +| 2 = @arraycreationexpr +| 3 = @arrayinit +| 4 = @assignexpr +| 5 = @assignaddexpr +| 6 = @assignsubexpr +| 7 = @assignmulexpr +| 8 = @assigndivexpr +| 9 = @assignremexpr +| 10 = @assignandexpr +| 11 = @assignorexpr +| 12 = @assignxorexpr +| 13 = @assignlshiftexpr +| 14 = @assignrshiftexpr +| 15 = @assignurshiftexpr +| 16 = @booleanliteral +| 17 = @integerliteral +| 18 = @longliteral +| 19 = @floatingpointliteral +| 20 = @doubleliteral +| 21 = @characterliteral +| 22 = @stringliteral +| 23 = @nullliteral +| 24 = @mulexpr +| 25 = @divexpr +| 26 = @remexpr +| 27 = @addexpr +| 28 = @subexpr +| 29 = @lshiftexpr +| 30 = @rshiftexpr +| 31 = @urshiftexpr +| 32 = @andbitexpr +| 33 = @orbitexpr +| 34 = @xorbitexpr +| 35 = @andlogicalexpr +| 36 = @orlogicalexpr +| 37 = @ltexpr +| 38 = @gtexpr +| 39 = @leexpr +| 40 = @geexpr +| 41 = @eqexpr +| 42 = @neexpr +| 43 = @postincexpr +| 44 = @postdecexpr +| 45 = @preincexpr +| 46 = @predecexpr +| 47 = @minusexpr +| 48 = @plusexpr +| 49 = @bitnotexpr +| 50 = @lognotexpr +| 51 = @castexpr +| 52 = @newexpr +| 53 = @conditionalexpr +| 54 = @parexpr // deprecated +| 55 = @instanceofexpr +| 56 = @localvariabledeclexpr +| 57 = @typeliteral +| 58 = @thisaccess +| 59 = @superaccess +| 60 = @varaccess +| 61 = @methodaccess +| 62 = @unannotatedtypeaccess +| 63 = @arraytypeaccess +| 64 = @packageaccess +| 65 = @wildcardtypeaccess +| 66 = @declannotation +| 67 = @uniontypeaccess +| 68 = @lambdaexpr +| 69 = @memberref +| 70 = @annotatedtypeaccess +| 71 = @typeannotation +| 72 = @intersectiontypeaccess +| 73 = @switchexpr +| 74 = @errorexpr +| 75 = @whenexpr +| 76 = @getclassexpr +| 77 = @safecastexpr +| 78 = @implicitcastexpr +| 79 = @implicitnotnullexpr +| 80 = @implicitcoerciontounitexpr +| 81 = @notinstanceofexpr +| 82 = @stmtexpr +| 83 = @stringtemplateexpr +| 84 = @notnullexpr +| 85 = @unsafecoerceexpr +| 86 = @valueeqexpr +| 87 = @valueneexpr +| 88 = @propertyref +; + +/** Holds if this `when` expression was written as an `if` expression. */ +when_if(unique int id: @whenexpr ref); + +/** Holds if this `when` branch was written as an `else` branch. */ +when_branch_else(unique int id: @whenbranch ref); + +@classinstancexpr = @newexpr | @lambdaexpr | @memberref | @propertyref + +@annotation = @declannotation | @typeannotation +@typeaccess = @unannotatedtypeaccess | @annotatedtypeaccess + +@assignment = @assignexpr + | @assignop; + +@unaryassignment = @postincexpr + | @postdecexpr + | @preincexpr + | @predecexpr; + +@assignop = @assignaddexpr + | @assignsubexpr + | @assignmulexpr + | @assigndivexpr + | @assignremexpr + | @assignandexpr + | @assignorexpr + | @assignxorexpr + | @assignlshiftexpr + | @assignrshiftexpr + | @assignurshiftexpr; + +@literal = @booleanliteral + | @integerliteral + | @longliteral + | @floatingpointliteral + | @doubleliteral + | @characterliteral + | @stringliteral + | @nullliteral; + +@binaryexpr = @mulexpr + | @divexpr + | @remexpr + | @addexpr + | @subexpr + | @lshiftexpr + | @rshiftexpr + | @urshiftexpr + | @andbitexpr + | @orbitexpr + | @xorbitexpr + | @andlogicalexpr + | @orlogicalexpr + | @ltexpr + | @gtexpr + | @leexpr + | @geexpr + | @eqexpr + | @neexpr + | @valueeqexpr + | @valueneexpr; + +@unaryexpr = @postincexpr + | @postdecexpr + | @preincexpr + | @predecexpr + | @minusexpr + | @plusexpr + | @bitnotexpr + | @lognotexpr + | @notnullexpr; + +@caller = @classinstancexpr + | @methodaccess + | @constructorinvocationstmt + | @superconstructorinvocationstmt; + +callableBinding( + unique int callerid: @caller ref, + int callee: @callable ref +); + +memberRefBinding( + unique int id: @expr ref, + int callable: @callable ref +); + +propertyRefGetBinding( + unique int id: @expr ref, + int getter: @callable ref +); + +propertyRefFieldBinding( + unique int id: @expr ref, + int field: @field ref +); + +propertyRefSetBinding( + unique int id: @expr ref, + int setter: @callable ref +); + +@exprparent = @stmt | @expr | @whenbranch | @callable | @field | @fielddecl | @class | @interface | @param | @localvar | @typevariable; + +variableBinding( + unique int expr: @varaccess ref, + int variable: @variable ref +); + +@variable = @localscopevariable | @field; + +@localscopevariable = @localvar | @param; + +localvars( + unique int id: @localvar, + string nodeName: string ref, + int typeid: @type ref, + int parentid: @localvariabledeclexpr ref +); + +localvarsKotlinType( + unique int id: @localvar ref, + int kttypeid: @kt_type ref +); + +@namedexprorstmt = @breakstmt + | @continuestmt + | @labeledstmt + | @literal; + +namestrings( + string name: string ref, + string value: string ref, + unique int parent: @namedexprorstmt ref +); + +/* + * Modules + */ + +#keyset[name] +modules( + unique int id: @module, + string name: string ref +); + +isOpen( + int id: @module ref +); + +#keyset[fileId] +cumodule( + int fileId: @file ref, + int moduleId: @module ref +); + +@directive = @requires + | @exports + | @opens + | @uses + | @provides + +#keyset[directive] +directives( + int id: @module ref, + int directive: @directive ref +); + +requires( + unique int id: @requires, + int target: @module ref +); + +isTransitive( + int id: @requires ref +); + +isStatic( + int id: @requires ref +); + +exports( + unique int id: @exports, + int target: @package ref +); + +exportsTo( + int id: @exports ref, + int target: @module ref +); + +opens( + unique int id: @opens, + int target: @package ref +); + +opensTo( + int id: @opens ref, + int target: @module ref +); + +uses( + unique int id: @uses, + string serviceInterface: string ref +); + +provides( + unique int id: @provides, + string serviceInterface: string ref +); + +providesWith( + int id: @provides ref, + string serviceImpl: string ref +); + +/* + * Javadoc + */ + +javadoc( + unique int id: @javadoc +); + +isNormalComment( + int commentid : @javadoc ref +); + +isEolComment( + int commentid : @javadoc ref +); + +hasJavadoc( + int documentableid: @member ref, + int javadocid: @javadoc ref +); + +#keyset[parentid,idx] +javadocTag( + unique int id: @javadocTag, + string name: string ref, + int parentid: @javadocParent ref, + int idx: int ref +); + +#keyset[parentid,idx] +javadocText( + unique int id: @javadocText, + string text: string ref, + int parentid: @javadocParent ref, + int idx: int ref +); + +@javadocParent = @javadoc | @javadocTag; +@javadocElement = @javadocTag | @javadocText; + +@classorinterface = @interface | @class; +@classorinterfaceorpackage = @classorinterface | @package; +@classorinterfaceorcallable = @classorinterface | @callable; +@boundedtype = @typevariable | @wildcard; +@reftype = @classorinterface | @array | @boundedtype | @errortype; +@classorarray = @class | @array; +@type = @primitive | @reftype; +@callable = @method | @constructor; + +/** A program element that has a name. */ +@element = @package | @modifier | @annotation | @errortype | + @locatableElement; + +@locatableElement = @file | @primitive | @class | @interface | @method | @constructor | @param | @exception | @field | + @boundedtype | @array | @localvar | @expr | @stmt | @import | @fielddecl | @kt_type | @kt_type_alias | + @kt_property; + +@modifiable = @member_modifiable| @param | @localvar ; + +@member_modifiable = @class | @interface | @method | @constructor | @field | @kt_property; + +@member = @method | @constructor | @field | @reftype ; + +/** A program element that has a location. */ +@locatable = @typebound | @javadoc | @javadocTag | @javadocText | @xmllocatable | @ktcomment | + @locatableElement; + +@top = @element | @locatable | @folder; + +/* + * XML Files + */ + +xmlEncoding( + unique int id: @file ref, + string encoding: string ref +); + +xmlDTDs( + unique int id: @xmldtd, + string root: string ref, + string publicId: string ref, + string systemId: string ref, + int fileid: @file ref +); + +xmlElements( + unique int id: @xmlelement, + string name: string ref, + int parentid: @xmlparent ref, + int idx: int ref, + int fileid: @file ref +); + +xmlAttrs( + unique int id: @xmlattribute, + int elementid: @xmlelement ref, + string name: string ref, + string value: string ref, + int idx: int ref, + int fileid: @file ref +); + +xmlNs( + int id: @xmlnamespace, + string prefixName: string ref, + string URI: string ref, + int fileid: @file ref +); + +xmlHasNs( + int elementId: @xmlnamespaceable ref, + int nsId: @xmlnamespace ref, + int fileid: @file ref +); + +xmlComments( + unique int id: @xmlcomment, + string text: string ref, + int parentid: @xmlparent ref, + int fileid: @file ref +); + +xmlChars( + unique int id: @xmlcharacters, + string text: string ref, + int parentid: @xmlparent ref, + int idx: int ref, + int isCDATA: int ref, + int fileid: @file ref +); + +@xmlparent = @file | @xmlelement; +@xmlnamespaceable = @xmlelement | @xmlattribute; + +xmllocations( + int xmlElement: @xmllocatable ref, + int location: @location_default ref +); + +@xmllocatable = @xmlcharacters | @xmlelement | @xmlcomment | @xmlattribute | @xmldtd | @file | @xmlnamespace; + +/* + * configuration files with key value pairs + */ + +configs( + unique int id: @config +); + +configNames( + unique int id: @configName, + int config: @config ref, + string name: string ref +); + +configValues( + unique int id: @configValue, + int config: @config ref, + string value: string ref +); + +configLocations( + int locatable: @configLocatable ref, + int location: @location_default ref +); + +@configLocatable = @config | @configName | @configValue; + +ktComments( + unique int id: @ktcomment, + int kind: int ref, + string text : string ref +) + +ktCommentSections( + unique int id: @ktcommentsection, + int comment: @ktcomment ref, + string content : string ref +) + +ktCommentSectionNames( + unique int id: @ktcommentsection ref, + string name : string ref +) + +ktCommentSectionSubjectNames( + unique int id: @ktcommentsection ref, + string subjectname : string ref +) + +#keyset[id, owner] +ktCommentOwners( + int id: @ktcomment ref, + int owner: @top ref +) + +ktExtensionFunctions( + unique int id: @method ref, + int typeid: @type ref, + int kttypeid: @kt_type ref +) + +ktProperties( + unique int id: @kt_property, + string nodeName: string ref +) + +ktPropertyGetters( + unique int id: @kt_property ref, + int getter: @method ref +) + +ktPropertySetters( + unique int id: @kt_property ref, + int setter: @method ref +) + +ktPropertyBackingFields( + unique int id: @kt_property ref, + int backingField: @field ref +) + +ktSyntheticBody( + unique int id: @callable ref, + int kind: int ref + // 1: ENUM_VALUES + // 2: ENUM_VALUEOF +) + +ktLocalFunction( + unique int id: @method ref +) + +ktInitializerAssignment( + unique int id: @assignexpr ref +) + +ktPropertyDelegates( + unique int id: @kt_property ref, + unique int variableId: @variable ref +) + +/** + * If `id` is a compiler generated element, then the kind indicates the + * reason that the compiler generated it. + * See `Element.compilerGeneratedReason()` for an explanation of what + * each `kind` means. + */ +compiler_generated( + unique int id: @element ref, + int kind: int ref +) + +ktFunctionOriginalNames( + unique int id: @method ref, + string name: string ref +) + +ktDataClasses( + unique int id: @class ref +) diff --git a/java/ql/lib/upgrades/ecb42310286011ada450ff65b9b417509863549f/semmlecode.dbscheme b/java/ql/lib/upgrades/ecb42310286011ada450ff65b9b417509863549f/semmlecode.dbscheme new file mode 100644 index 00000000000..709f1d1fd04 --- /dev/null +++ b/java/ql/lib/upgrades/ecb42310286011ada450ff65b9b417509863549f/semmlecode.dbscheme @@ -0,0 +1,1240 @@ +/** + * An invocation of the compiler. Note that more than one file may be + * compiled per invocation. For example, this command compiles three + * source files: + * + * javac A.java B.java C.java + * + * The `id` simply identifies the invocation, while `cwd` is the working + * directory from which the compiler was invoked. + */ +compilations( + /** + * An invocation of the compiler. Note that more than one file may + * be compiled per invocation. For example, this command compiles + * three source files: + * + * javac A.java B.java C.java + */ + unique int id : @compilation, + int kind: int ref, + string cwd : string ref, + string name : string ref +); + +case @compilation.kind of + 1 = @javacompilation +| 2 = @kotlincompilation +; + +compilation_started( + int id : @compilation ref +) + +/** + * The arguments that were passed to the extractor for a compiler + * invocation. If `id` is for the compiler invocation + * + * javac A.java B.java C.java + * + * then typically there will be rows for + * + * num | arg + * --- | --- + * 0 | *path to extractor* + * 1 | `--javac-args` + * 2 | A.java + * 3 | B.java + * 4 | C.java + */ +#keyset[id, num] +compilation_args( + int id : @compilation ref, + int num : int ref, + string arg : string ref +); + +/** + * The source files that are compiled by a compiler invocation. + * If `id` is for the compiler invocation + * + * javac A.java B.java C.java + * + * then there will be rows for + * + * num | arg + * --- | --- + * 0 | A.java + * 1 | B.java + * 2 | C.java + */ +#keyset[id, num] +compilation_compiling_files( + int id : @compilation ref, + int num : int ref, + int file : @file ref +); + +/** + * For each file recorded in `compilation_compiling_files`, + * there will be a corresponding row in + * `compilation_compiling_files_completed` once extraction + * of that file is complete. The `result` will indicate the + * extraction result: + * + * 0: Successfully extracted + * 1: Errors were encountered, but extraction recovered + * 2: Errors were encountered, and extraction could not recover + */ +#keyset[id, num] +compilation_compiling_files_completed( + int id : @compilation ref, + int num : int ref, + int result : int ref +); + +/** + * The time taken by the extractor for a compiler invocation. + * + * For each file `num`, there will be rows for + * + * kind | seconds + * ---- | --- + * 1 | CPU seconds used by the extractor frontend + * 2 | Elapsed seconds during the extractor frontend + * 3 | CPU seconds used by the extractor backend + * 4 | Elapsed seconds during the extractor backend + */ +#keyset[id, num, kind] +compilation_time( + int id : @compilation ref, + int num : int ref, + /* kind: + 1 = frontend_cpu_seconds + 2 = frontend_elapsed_seconds + 3 = extractor_cpu_seconds + 4 = extractor_elapsed_seconds + */ + int kind : int ref, + float seconds : float ref +); + +/** + * An error or warning generated by the extractor. + * The diagnostic message `diagnostic` was generated during compiler + * invocation `compilation`, and is the `file_number_diagnostic_number`th + * message generated while extracting the `file_number`th file of that + * invocation. + */ +#keyset[compilation, file_number, file_number_diagnostic_number] +diagnostic_for( + unique int diagnostic : @diagnostic ref, + int compilation : @compilation ref, + int file_number : int ref, + int file_number_diagnostic_number : int ref +); + +/** + * The `cpu_seconds` and `elapsed_seconds` are the CPU time and elapsed + * time (respectively) that the original compilation (not the extraction) + * took for compiler invocation `id`. + */ +compilation_compiler_times( + unique int id : @compilation ref, + float cpu_seconds : float ref, + float elapsed_seconds : float ref +); + +/** + * If extraction was successful, then `cpu_seconds` and + * `elapsed_seconds` are the CPU time and elapsed time (respectively) + * that extraction took for compiler invocation `id`. + * The `result` will indicate the extraction result: + * + * 0: Successfully extracted + * 1: Errors were encountered, but extraction recovered + * 2: Errors were encountered, and extraction could not recover + */ +compilation_finished( + unique int id : @compilation ref, + float cpu_seconds : float ref, + float elapsed_seconds : float ref, + int result : int ref +); + +diagnostics( + unique int id: @diagnostic, + string generated_by: string ref, // TODO: Sync this with the other languages? + int severity: int ref, + string error_tag: string ref, + string error_message: string ref, + string full_error_message: string ref, + int location: @location_default ref +); + +/* + * External artifacts + */ + +externalData( + int id : @externalDataElement, + string path : string ref, + int column: int ref, + string value : string ref +); + +snapshotDate( + unique date snapshotDate : date ref +); + +sourceLocationPrefix( + string prefix : string ref +); + +/* + * Duplicate code + */ + +duplicateCode( + unique int id : @duplication, + string relativePath : string ref, + int equivClass : int ref +); + +similarCode( + unique int id : @similarity, + string relativePath : string ref, + int equivClass : int ref +); + +@duplication_or_similarity = @duplication | @similarity + +tokens( + int id : @duplication_or_similarity ref, + int offset : int ref, + int beginLine : int ref, + int beginColumn : int ref, + int endLine : int ref, + int endColumn : int ref +); + +/* + * SMAP + */ + +smap_header( + int outputFileId: @file ref, + string outputFilename: string ref, + string defaultStratum: string ref +); + +smap_files( + int outputFileId: @file ref, + string stratum: string ref, + int inputFileNum: int ref, + string inputFileName: string ref, + int inputFileId: @file ref +); + +smap_lines( + int outputFileId: @file ref, + string stratum: string ref, + int inputFileNum: int ref, + int inputStartLine: int ref, + int inputLineCount: int ref, + int outputStartLine: int ref, + int outputLineIncrement: int ref +); + +/* + * Locations and files + */ + +@location = @location_default ; + +locations_default( + unique int id: @location_default, + int file: @file ref, + int beginLine: int ref, + int beginColumn: int ref, + int endLine: int ref, + int endColumn: int ref +); + +hasLocation( + int locatableid: @locatable ref, + int id: @location ref +); + +@sourceline = @locatable ; + +#keyset[element_id] +numlines( + int element_id: @sourceline ref, + int num_lines: int ref, + int num_code: int ref, + int num_comment: int ref +); + +files( + unique int id: @file, + string name: string ref +); + +folders( + unique int id: @folder, + string name: string ref +); + +@container = @folder | @file + +containerparent( + int parent: @container ref, + unique int child: @container ref +); + +/* + * Java + */ + +cupackage( + unique int id: @file ref, + int packageid: @package ref +); + +#keyset[fileid,keyName] +jarManifestMain( + int fileid: @file ref, + string keyName: string ref, + string value: string ref +); + +#keyset[fileid,entryName,keyName] +jarManifestEntries( + int fileid: @file ref, + string entryName: string ref, + string keyName: string ref, + string value: string ref +); + +packages( + unique int id: @package, + string nodeName: string ref +); + +primitives( + unique int id: @primitive, + string nodeName: string ref +); + +modifiers( + unique int id: @modifier, + string nodeName: string ref +); + +/** + * An errortype is used when the extractor is unable to extract a type + * correctly for some reason. + */ +error_type( + unique int id: @errortype +); + +classes( + unique int id: @class, + string nodeName: string ref, + int parentid: @package ref, + int sourceid: @class ref +); + +file_class( + int id: @class ref +); + +class_object( + unique int id: @class ref, + unique int instance: @field ref +); + +type_companion_object( + unique int id: @classorinterface ref, + unique int instance: @field ref, + unique int companion_object: @class ref +); + +kt_nullable_types( + unique int id: @kt_nullable_type, + int classid: @reftype ref +) + +kt_notnull_types( + unique int id: @kt_notnull_type, + int classid: @reftype ref +) + +kt_type_alias( + unique int id: @kt_type_alias, + string name: string ref, + int kttypeid: @kt_type ref +) + +@kt_type = @kt_nullable_type | @kt_notnull_type + +isRecord( + unique int id: @class ref +); + +interfaces( + unique int id: @interface, + string nodeName: string ref, + int parentid: @package ref, + int sourceid: @interface ref +); + +fielddecls( + unique int id: @fielddecl, + int parentid: @reftype ref +); + +#keyset[fieldId] #keyset[fieldDeclId,pos] +fieldDeclaredIn( + int fieldId: @field ref, + int fieldDeclId: @fielddecl ref, + int pos: int ref +); + +fields( + unique int id: @field, + string nodeName: string ref, + int typeid: @type ref, + int parentid: @reftype ref, + int sourceid: @field ref +); + +fieldsKotlinType( + unique int id: @field ref, + int kttypeid: @kt_type ref +); + +constrs( + unique int id: @constructor, + string nodeName: string ref, + string signature: string ref, + int typeid: @type ref, + int parentid: @reftype ref, + int sourceid: @constructor ref +); + +constrsKotlinType( + unique int id: @constructor ref, + int kttypeid: @kt_type ref +); + +methods( + unique int id: @method, + string nodeName: string ref, + string signature: string ref, + int typeid: @type ref, + int parentid: @reftype ref, + int sourceid: @method ref +); + +methodsKotlinType( + unique int id: @method ref, + int kttypeid: @kt_type ref +); + +#keyset[parentid,pos] +params( + unique int id: @param, + int typeid: @type ref, + int pos: int ref, + int parentid: @callable ref, + int sourceid: @param ref +); + +paramsKotlinType( + unique int id: @param ref, + int kttypeid: @kt_type ref +); + +paramName( + unique int id: @param ref, + string nodeName: string ref +); + +isVarargsParam( + int param: @param ref +); + +exceptions( + unique int id: @exception, + int typeid: @type ref, + int parentid: @callable ref +); + +isAnnotType( + int interfaceid: @interface ref +); + +isAnnotElem( + int methodid: @method ref +); + +annotValue( + int parentid: @annotation ref, + int id2: @method ref, + unique int value: @expr ref +); + +isEnumType( + int classid: @class ref +); + +isEnumConst( + int fieldid: @field ref +); + +#keyset[parentid,pos] +typeVars( + unique int id: @typevariable, + string nodeName: string ref, + int pos: int ref, + int kind: int ref, // deprecated + int parentid: @classorinterfaceorcallable ref +); + +wildcards( + unique int id: @wildcard, + string nodeName: string ref, + int kind: int ref +); + +#keyset[parentid,pos] +typeBounds( + unique int id: @typebound, + int typeid: @reftype ref, + int pos: int ref, + int parentid: @boundedtype ref +); + +#keyset[parentid,pos] +typeArgs( + int argumentid: @reftype ref, + int pos: int ref, + int parentid: @classorinterfaceorcallable ref +); + +isParameterized( + int memberid: @member ref +); + +isRaw( + int memberid: @member ref +); + +erasure( + unique int memberid: @member ref, + int erasureid: @member ref +); + +#keyset[classid] #keyset[parent] +isAnonymClass( + int classid: @class ref, + int parent: @classinstancexpr ref +); + +#keyset[typeid] #keyset[parent] +isLocalClassOrInterface( + int typeid: @classorinterface ref, + int parent: @localtypedeclstmt ref +); + +isDefConstr( + int constructorid: @constructor ref +); + +#keyset[exprId] +lambdaKind( + int exprId: @lambdaexpr ref, + int bodyKind: int ref +); + +arrays( + unique int id: @array, + string nodeName: string ref, + int elementtypeid: @type ref, + int dimension: int ref, + int componenttypeid: @type ref +); + +enclInReftype( + unique int child: @reftype ref, + int parent: @reftype ref +); + +extendsReftype( + int id1: @reftype ref, + int id2: @classorinterface ref +); + +implInterface( + int id1: @classorarray ref, + int id2: @interface ref +); + +permits( + int id1: @classorinterface ref, + int id2: @classorinterface ref +); + +hasModifier( + int id1: @modifiable ref, + int id2: @modifier ref +); + +imports( + unique int id: @import, + int holder: @classorinterfaceorpackage ref, + string name: string ref, + int kind: int ref +); + +#keyset[parent,idx] +stmts( + unique int id: @stmt, + int kind: int ref, + int parent: @stmtparent ref, + int idx: int ref, + int bodydecl: @callable ref +); + +@stmtparent = @callable | @stmt | @switchexpr | @whenexpr| @stmtexpr; + +case @stmt.kind of + 0 = @block +| 1 = @ifstmt +| 2 = @forstmt +| 3 = @enhancedforstmt +| 4 = @whilestmt +| 5 = @dostmt +| 6 = @trystmt +| 7 = @switchstmt +| 8 = @synchronizedstmt +| 9 = @returnstmt +| 10 = @throwstmt +| 11 = @breakstmt +| 12 = @continuestmt +| 13 = @emptystmt +| 14 = @exprstmt +| 15 = @labeledstmt +| 16 = @assertstmt +| 17 = @localvariabledeclstmt +| 18 = @localtypedeclstmt +| 19 = @constructorinvocationstmt +| 20 = @superconstructorinvocationstmt +| 21 = @case +| 22 = @catchclause +| 23 = @yieldstmt +| 24 = @errorstmt +| 25 = @whenbranch +; + +#keyset[parent,idx] +exprs( + unique int id: @expr, + int kind: int ref, + int typeid: @type ref, + int parent: @exprparent ref, + int idx: int ref +); + +exprsKotlinType( + unique int id: @expr ref, + int kttypeid: @kt_type ref +); + +callableEnclosingExpr( + unique int id: @expr ref, + int callable_id: @callable ref +); + +statementEnclosingExpr( + unique int id: @expr ref, + int statement_id: @stmt ref +); + +isParenthesized( + unique int id: @expr ref, + int parentheses: int ref +); + +case @expr.kind of + 1 = @arrayaccess +| 2 = @arraycreationexpr +| 3 = @arrayinit +| 4 = @assignexpr +| 5 = @assignaddexpr +| 6 = @assignsubexpr +| 7 = @assignmulexpr +| 8 = @assigndivexpr +| 9 = @assignremexpr +| 10 = @assignandexpr +| 11 = @assignorexpr +| 12 = @assignxorexpr +| 13 = @assignlshiftexpr +| 14 = @assignrshiftexpr +| 15 = @assignurshiftexpr +| 16 = @booleanliteral +| 17 = @integerliteral +| 18 = @longliteral +| 19 = @floatingpointliteral +| 20 = @doubleliteral +| 21 = @characterliteral +| 22 = @stringliteral +| 23 = @nullliteral +| 24 = @mulexpr +| 25 = @divexpr +| 26 = @remexpr +| 27 = @addexpr +| 28 = @subexpr +| 29 = @lshiftexpr +| 30 = @rshiftexpr +| 31 = @urshiftexpr +| 32 = @andbitexpr +| 33 = @orbitexpr +| 34 = @xorbitexpr +| 35 = @andlogicalexpr +| 36 = @orlogicalexpr +| 37 = @ltexpr +| 38 = @gtexpr +| 39 = @leexpr +| 40 = @geexpr +| 41 = @eqexpr +| 42 = @neexpr +| 43 = @postincexpr +| 44 = @postdecexpr +| 45 = @preincexpr +| 46 = @predecexpr +| 47 = @minusexpr +| 48 = @plusexpr +| 49 = @bitnotexpr +| 50 = @lognotexpr +| 51 = @castexpr +| 52 = @newexpr +| 53 = @conditionalexpr +| 54 = @parexpr // deprecated +| 55 = @instanceofexpr +| 56 = @localvariabledeclexpr +| 57 = @typeliteral +| 58 = @thisaccess +| 59 = @superaccess +| 60 = @varaccess +| 61 = @methodaccess +| 62 = @unannotatedtypeaccess +| 63 = @arraytypeaccess +| 64 = @packageaccess +| 65 = @wildcardtypeaccess +| 66 = @declannotation +| 67 = @uniontypeaccess +| 68 = @lambdaexpr +| 69 = @memberref +| 70 = @annotatedtypeaccess +| 71 = @typeannotation +| 72 = @intersectiontypeaccess +| 73 = @switchexpr +| 74 = @errorexpr +| 75 = @whenexpr +| 76 = @getclassexpr +| 77 = @safecastexpr +| 78 = @implicitcastexpr +| 79 = @implicitnotnullexpr +| 80 = @implicitcoerciontounitexpr +| 81 = @notinstanceofexpr +| 82 = @stmtexpr +| 83 = @stringtemplateexpr +| 84 = @notnullexpr +| 85 = @unsafecoerceexpr +| 86 = @valueeqexpr +| 87 = @valueneexpr +| 88 = @propertyref +; + +/** Holds if this `when` expression was written as an `if` expression. */ +when_if(unique int id: @whenexpr ref); + +/** Holds if this `when` branch was written as an `else` branch. */ +when_branch_else(unique int id: @whenbranch ref); + +@classinstancexpr = @newexpr | @lambdaexpr | @memberref | @propertyref + +@annotation = @declannotation | @typeannotation +@typeaccess = @unannotatedtypeaccess | @annotatedtypeaccess + +@assignment = @assignexpr + | @assignop; + +@unaryassignment = @postincexpr + | @postdecexpr + | @preincexpr + | @predecexpr; + +@assignop = @assignaddexpr + | @assignsubexpr + | @assignmulexpr + | @assigndivexpr + | @assignremexpr + | @assignandexpr + | @assignorexpr + | @assignxorexpr + | @assignlshiftexpr + | @assignrshiftexpr + | @assignurshiftexpr; + +@literal = @booleanliteral + | @integerliteral + | @longliteral + | @floatingpointliteral + | @doubleliteral + | @characterliteral + | @stringliteral + | @nullliteral; + +@binaryexpr = @mulexpr + | @divexpr + | @remexpr + | @addexpr + | @subexpr + | @lshiftexpr + | @rshiftexpr + | @urshiftexpr + | @andbitexpr + | @orbitexpr + | @xorbitexpr + | @andlogicalexpr + | @orlogicalexpr + | @ltexpr + | @gtexpr + | @leexpr + | @geexpr + | @eqexpr + | @neexpr + | @valueeqexpr + | @valueneexpr; + +@unaryexpr = @postincexpr + | @postdecexpr + | @preincexpr + | @predecexpr + | @minusexpr + | @plusexpr + | @bitnotexpr + | @lognotexpr + | @notnullexpr; + +@caller = @classinstancexpr + | @methodaccess + | @constructorinvocationstmt + | @superconstructorinvocationstmt; + +callableBinding( + unique int callerid: @caller ref, + int callee: @callable ref +); + +memberRefBinding( + unique int id: @expr ref, + int callable: @callable ref +); + +propertyRefGetBinding( + unique int id: @expr ref, + int getter: @callable ref +); + +propertyRefFieldBinding( + unique int id: @expr ref, + int field: @field ref +); + +propertyRefSetBinding( + unique int id: @expr ref, + int setter: @callable ref +); + +@exprparent = @stmt | @expr | @whenbranch | @callable | @field | @fielddecl | @class | @interface | @param | @localvar | @typevariable; + +variableBinding( + unique int expr: @varaccess ref, + int variable: @variable ref +); + +@variable = @localscopevariable | @field; + +@localscopevariable = @localvar | @param; + +localvars( + unique int id: @localvar, + string nodeName: string ref, + int typeid: @type ref, + int parentid: @localvariabledeclexpr ref +); + +localvarsKotlinType( + unique int id: @localvar ref, + int kttypeid: @kt_type ref +); + +@namedexprorstmt = @breakstmt + | @continuestmt + | @labeledstmt + | @literal; + +namestrings( + string name: string ref, + string value: string ref, + unique int parent: @namedexprorstmt ref +); + +/* + * Modules + */ + +#keyset[name] +modules( + unique int id: @module, + string name: string ref +); + +isOpen( + int id: @module ref +); + +#keyset[fileId] +cumodule( + int fileId: @file ref, + int moduleId: @module ref +); + +@directive = @requires + | @exports + | @opens + | @uses + | @provides + +#keyset[directive] +directives( + int id: @module ref, + int directive: @directive ref +); + +requires( + unique int id: @requires, + int target: @module ref +); + +isTransitive( + int id: @requires ref +); + +isStatic( + int id: @requires ref +); + +exports( + unique int id: @exports, + int target: @package ref +); + +exportsTo( + int id: @exports ref, + int target: @module ref +); + +opens( + unique int id: @opens, + int target: @package ref +); + +opensTo( + int id: @opens ref, + int target: @module ref +); + +uses( + unique int id: @uses, + string serviceInterface: string ref +); + +provides( + unique int id: @provides, + string serviceInterface: string ref +); + +providesWith( + int id: @provides ref, + string serviceImpl: string ref +); + +/* + * Javadoc + */ + +javadoc( + unique int id: @javadoc +); + +isNormalComment( + int commentid : @javadoc ref +); + +isEolComment( + int commentid : @javadoc ref +); + +hasJavadoc( + int documentableid: @member ref, + int javadocid: @javadoc ref +); + +#keyset[parentid,idx] +javadocTag( + unique int id: @javadocTag, + string name: string ref, + int parentid: @javadocParent ref, + int idx: int ref +); + +#keyset[parentid,idx] +javadocText( + unique int id: @javadocText, + string text: string ref, + int parentid: @javadocParent ref, + int idx: int ref +); + +@javadocParent = @javadoc | @javadocTag; +@javadocElement = @javadocTag | @javadocText; + +@classorinterface = @interface | @class; +@classorinterfaceorpackage = @classorinterface | @package; +@classorinterfaceorcallable = @classorinterface | @callable; +@boundedtype = @typevariable | @wildcard; +@reftype = @classorinterface | @array | @boundedtype | @errortype; +@classorarray = @class | @array; +@type = @primitive | @reftype; +@callable = @method | @constructor; + +/** A program element that has a name. */ +@element = @package | @modifier | @annotation | @errortype | + @locatableElement; + +@locatableElement = @file | @primitive | @class | @interface | @method | @constructor | @param | @exception | @field | + @boundedtype | @array | @localvar | @expr | @stmt | @import | @fielddecl | @kt_type | @kt_type_alias | + @kt_property; + +@modifiable = @member_modifiable| @param | @localvar | @typevariable; + +@member_modifiable = @class | @interface | @method | @constructor | @field | @kt_property; + +@member = @method | @constructor | @field | @reftype ; + +/** A program element that has a location. */ +@locatable = @typebound | @javadoc | @javadocTag | @javadocText | @xmllocatable | @ktcomment | + @locatableElement; + +@top = @element | @locatable | @folder; + +/* + * XML Files + */ + +xmlEncoding( + unique int id: @file ref, + string encoding: string ref +); + +xmlDTDs( + unique int id: @xmldtd, + string root: string ref, + string publicId: string ref, + string systemId: string ref, + int fileid: @file ref +); + +xmlElements( + unique int id: @xmlelement, + string name: string ref, + int parentid: @xmlparent ref, + int idx: int ref, + int fileid: @file ref +); + +xmlAttrs( + unique int id: @xmlattribute, + int elementid: @xmlelement ref, + string name: string ref, + string value: string ref, + int idx: int ref, + int fileid: @file ref +); + +xmlNs( + int id: @xmlnamespace, + string prefixName: string ref, + string URI: string ref, + int fileid: @file ref +); + +xmlHasNs( + int elementId: @xmlnamespaceable ref, + int nsId: @xmlnamespace ref, + int fileid: @file ref +); + +xmlComments( + unique int id: @xmlcomment, + string text: string ref, + int parentid: @xmlparent ref, + int fileid: @file ref +); + +xmlChars( + unique int id: @xmlcharacters, + string text: string ref, + int parentid: @xmlparent ref, + int idx: int ref, + int isCDATA: int ref, + int fileid: @file ref +); + +@xmlparent = @file | @xmlelement; +@xmlnamespaceable = @xmlelement | @xmlattribute; + +xmllocations( + int xmlElement: @xmllocatable ref, + int location: @location_default ref +); + +@xmllocatable = @xmlcharacters | @xmlelement | @xmlcomment | @xmlattribute | @xmldtd | @file | @xmlnamespace; + +/* + * configuration files with key value pairs + */ + +configs( + unique int id: @config +); + +configNames( + unique int id: @configName, + int config: @config ref, + string name: string ref +); + +configValues( + unique int id: @configValue, + int config: @config ref, + string value: string ref +); + +configLocations( + int locatable: @configLocatable ref, + int location: @location_default ref +); + +@configLocatable = @config | @configName | @configValue; + +ktComments( + unique int id: @ktcomment, + int kind: int ref, + string text : string ref +) + +ktCommentSections( + unique int id: @ktcommentsection, + int comment: @ktcomment ref, + string content : string ref +) + +ktCommentSectionNames( + unique int id: @ktcommentsection ref, + string name : string ref +) + +ktCommentSectionSubjectNames( + unique int id: @ktcommentsection ref, + string subjectname : string ref +) + +#keyset[id, owner] +ktCommentOwners( + int id: @ktcomment ref, + int owner: @top ref +) + +ktExtensionFunctions( + unique int id: @method ref, + int typeid: @type ref, + int kttypeid: @kt_type ref +) + +ktProperties( + unique int id: @kt_property, + string nodeName: string ref +) + +ktPropertyGetters( + unique int id: @kt_property ref, + int getter: @method ref +) + +ktPropertySetters( + unique int id: @kt_property ref, + int setter: @method ref +) + +ktPropertyBackingFields( + unique int id: @kt_property ref, + int backingField: @field ref +) + +ktSyntheticBody( + unique int id: @callable ref, + int kind: int ref + // 1: ENUM_VALUES + // 2: ENUM_VALUEOF +) + +ktLocalFunction( + unique int id: @method ref +) + +ktInitializerAssignment( + unique int id: @assignexpr ref +) + +ktPropertyDelegates( + unique int id: @kt_property ref, + unique int variableId: @variable ref +) + +/** + * If `id` is a compiler generated element, then the kind indicates the + * reason that the compiler generated it. + * See `Element.compilerGeneratedReason()` for an explanation of what + * each `kind` means. + */ +compiler_generated( + unique int id: @element ref, + int kind: int ref +) + +ktFunctionOriginalNames( + unique int id: @method ref, + string name: string ref +) + +ktDataClasses( + unique int id: @class ref +) diff --git a/java/ql/lib/upgrades/ecb42310286011ada450ff65b9b417509863549f/upgrade.properties b/java/ql/lib/upgrades/ecb42310286011ada450ff65b9b417509863549f/upgrade.properties new file mode 100644 index 00000000000..9d0da86d308 --- /dev/null +++ b/java/ql/lib/upgrades/ecb42310286011ada450ff65b9b417509863549f/upgrade.properties @@ -0,0 +1,2 @@ +description: Make type parameters modifiable +compatibility: backwards diff --git a/java/ql/src/Advisory/Declarations/MissingOverrideAnnotation.ql b/java/ql/src/Advisory/Declarations/MissingOverrideAnnotation.ql index 1ad81badd22..dc73fb8fcdb 100644 --- a/java/ql/src/Advisory/Declarations/MissingOverrideAnnotation.ql +++ b/java/ql/src/Advisory/Declarations/MissingOverrideAnnotation.ql @@ -23,6 +23,8 @@ where m.overrides(overridden) and not m.hasModifier("override") and not m.isOverrideAnnotated() and - not exists(FunctionalExpr mref | mref.asMethod() = m) + not exists(FunctionalExpr mref | mref.asMethod() = m) and + // Ignore generated constructs, such as functions extracted from Kotlin code: + not m.isCompilerGenerated() select m, "This method overrides $@; it is advisable to add an Override annotation.", overridden, overridden.getDeclaringType() + "." + overridden.getName() diff --git a/java/ql/src/Frameworks/Spring/Architecture/Refactoring Opportunities/UnusedBean.qhelp b/java/ql/src/Frameworks/Spring/Architecture/Refactoring Opportunities/UnusedBean.qhelp index 1c32e1cf952..7d4dfcf82a6 100644 --- a/java/ql/src/Frameworks/Spring/Architecture/Refactoring Opportunities/UnusedBean.qhelp +++ b/java/ql/src/Frameworks/Spring/Architecture/Refactoring Opportunities/UnusedBean.qhelp @@ -16,7 +16,7 @@ A bean definition is considered to be used if one or more of the following is tr
  • The bean is injected in to a constructor or method of a live bean due to autowiring. This includes autowiring by annotation (@Autowired or @Inject), and autowiring configured by the autowired attribute within bean configuration files.
    • -
  • The bean is explictly loaded from a factory bean. It is not always possible to determine when +
  • The bean is explicitly loaded from a factory bean. It is not always possible to determine when this occurs, because factory beans are loaded using a String value, which may contain arbitrary values.
  • The bean is called reflectively by the Spring framework. For example, if the class is a Spring diff --git a/java/ql/src/Likely Bugs/Concurrency/DoubleCheckedLockingShared.inc.qhelp b/java/ql/src/Likely Bugs/Concurrency/DoubleCheckedLockingShared.inc.qhelp index 274eb6b1608..28bdebf85b1 100644 --- a/java/ql/src/Likely Bugs/Concurrency/DoubleCheckedLockingShared.inc.qhelp +++ b/java/ql/src/Likely Bugs/Concurrency/DoubleCheckedLockingShared.inc.qhelp @@ -62,7 +62,7 @@ runtime.

    The code above should be rewritten to both use volatile and finish all initialization before f is updated. Additionally, a local -variable can be used to avoid reading the field more times than neccessary. +variable can be used to avoid reading the field more times than necessary.

    diff --git a/java/ql/src/Security/CWE/CWE-200/TempDirLocalInformationDisclosure.qhelp b/java/ql/src/Security/CWE/CWE-200/TempDirLocalInformationDisclosure.qhelp index e3bf61107c4..98a3b8d36da 100644 --- a/java/ql/src/Security/CWE/CWE-200/TempDirLocalInformationDisclosure.qhelp +++ b/java/ql/src/Security/CWE/CWE-200/TempDirLocalInformationDisclosure.qhelp @@ -43,7 +43,7 @@ For example: PosixFilePermissions.asFileAttribute(EnumSet.of(PosixFilePerm -
  • OSWAP: Insecure Temporary File.
    • +
  • OWASP: Insecure Temporary File.
  • CERT: FIO00-J. Do not operate on files in shared directories.
    •  \ No newline at end of file diff --git a/java/ql/src/Security/CWE/CWE-441/UnsafeContentUriResolution.java b/java/ql/src/Security/CWE/CWE-441/UnsafeContentUriResolution.java new file mode 100644 index 00000000000..7a025014c2b --- /dev/null +++ b/java/ql/src/Security/CWE/CWE-441/UnsafeContentUriResolution.java @@ -0,0 +1,41 @@ +import android.content.ContentResolver; +import android.net.Uri; + +public class Example extends Activity { + public void onCreate() { + // BAD: Externally-provided URI directly used in content resolution + { + ContentResolver contentResolver = getContentResolver(); + Uri uri = (Uri) getIntent().getParcelableExtra("URI_EXTRA"); + InputStream is = contentResolver.openInputStream(uri); + copyToExternalCache(is); + } + // BAD: input URI is not normalized, and check can be bypassed with ".." characters + { + ContentResolver contentResolver = getContentResolver(); + Uri uri = (Uri) getIntent().getParcelableExtra("URI_EXTRA"); + String path = uri.getPath(); + if (path.startsWith("/data")) + throw new SecurityException(); + InputStream is = contentResolver.openInputStream(uri); + copyToExternalCache(is); + } + // GOOD: URI is properly validated to block access to internal files + { + ContentResolver contentResolver = getContentResolver(); + Uri uri = (Uri) getIntent().getParcelableExtra("URI_EXTRA"); + String path = uri.getPath(); + java.nio.file.Path normalized = + java.nio.file.FileSystems.getDefault().getPath(path).normalize(); + if (normalized.startsWith("/data")) + throw new SecurityException(); + InputStream is = contentResolver.openInputStream(uri); + copyToExternalCache(is); + } + } + + private void copyToExternalCache(InputStream is) { + // Reads the contents of is and writes a file in the app's external + // cache directory, which can be read publicly by applications in the same device. + } +} diff --git a/java/ql/src/Security/CWE/CWE-441/UnsafeContentUriResolution.qhelp b/java/ql/src/Security/CWE/CWE-441/UnsafeContentUriResolution.qhelp new file mode 100644 index 00000000000..4d9c19f40bd --- /dev/null +++ b/java/ql/src/Security/CWE/CWE-441/UnsafeContentUriResolution.qhelp @@ -0,0 +1,49 @@ + + + +

    + When an Android application wants to access data in a content provider, it uses the ContentResolver + object. ContentResolvers communicate with an instance of a class that implements the + ContentProvider interface via URIs with the content:// scheme. + + The authority part (the first path segment) of the URI, passed as parameter to the ContentResolver, + determines which content provider is contacted for the operation. Specific operations that act on files also + support the file:// scheme, in which case the local filesystem is queried instead. + + If an external component, like a malicious or compromised application, controls the URI for a + ContentResolver operation, it can trick the vulnerable application into accessing its own private + files or non-exported content providers. The attacking application might be able to get access to the file by forcing it to be copied to a public directory, like + external storage, or tamper with the contents by making the application overwrite the file with unexpected data. +

    +     + +

    + If possible, avoid using externally-provided data to determine the URI for a ContentResolver to use. + If that is not an option, validate that the incoming URI can only reference trusted components, like an allow list + of content providers and/or applications, or alternatively make sure that the URI does not reference private + directories like /data/. +

    +     + +

    + This example shows three ways of opening a file using a ContentResolver. In the first case, externally-provided + data from an intent is used directly in the file-reading operation. This allows an attacker to provide a URI + of the form /data/data/(vulnerable app package)/(private file) to trick the application into reading it and + copying it to the external storage. In the second case, an insufficient check is performed on the externally-provided URI, still + leaving room for exploitation. In the third case, the URI is correctly validated before being used, making sure it does not reference + any internal application files. +

    + +     + +
  • + Android developers: + Content provider basics +
    • +
  • + The ContentResolver class +
    • +     +     diff --git a/java/ql/src/Security/CWE/CWE-441/UnsafeContentUriResolution.ql b/java/ql/src/Security/CWE/CWE-441/UnsafeContentUriResolution.ql new file mode 100644 index 00000000000..37550d1822b --- /dev/null +++ b/java/ql/src/Security/CWE/CWE-441/UnsafeContentUriResolution.ql @@ -0,0 +1,23 @@ +/** + * @name Uncontrolled data used in content resolution + * @description Resolving externally-provided content URIs without validation can allow an attacker + * to access unexpected resources. + * @kind path-problem + * @problem.severity warning + * @security-severity 7.5 + * @precision high + * @id java/android/unsafe-content-uri-resolution + * @tags security + * external/cwe/cwe-441 + * external/cwe/cwe-610 + */ + +import java +import semmle.code.java.security.UnsafeContentUriResolutionQuery +import DataFlow::PathGraph + +from DataFlow::PathNode src, DataFlow::PathNode sink +where any(UnsafeContentResolutionConf c).hasFlowPath(src, sink) +select sink.getNode(), src, sink, + "This ContentResolver method that resolves a URI depends on a $@.", src.getNode(), + "user-provided value" diff --git a/java/ql/src/Security/CWE/CWE-925/ImproperIntentVerification.qhelp b/java/ql/src/Security/CWE/CWE-925/ImproperIntentVerification.qhelp index e489e411379..3fda3697dfa 100644 --- a/java/ql/src/Security/CWE/CWE-925/ImproperIntentVerification.qhelp +++ b/java/ql/src/Security/CWE/CWE-925/ImproperIntentVerification.qhelp @@ -26,7 +26,7 @@ Otherwise, a third-party application could impersonate the system this way to ca

    -In the onReceive method of a BroadcastReciever, the action of the received Intent should be checked. The following code demonstrates this. +In the onReceive method of a BroadcastReceiver, the action of the received Intent should be checked. The following code demonstrates this.

    diff --git a/java/ql/src/Security/CWE/CWE-926/ContentProviderIncompletePermissions.qhelp b/java/ql/src/Security/CWE/CWE-926/ContentProviderIncompletePermissions.qhelp new file mode 100644 index 00000000000..5c044d84b5b --- /dev/null +++ b/java/ql/src/Security/CWE/CWE-926/ContentProviderIncompletePermissions.qhelp @@ -0,0 +1,58 @@ + + + +

    The Android manifest file specifies the content providers for the application +using provider elements. The provider element +specifies the explicit permissions an application requires in order to access a +resource using that provider. + + You specify the permissions using + the android:readPermission, android:writePermission, + or android:permission attributes. +If you do not specify the permission required to perform an operation, the application will implicitly have access to perform that operation. + For example, if you specify only android:readPermission, the application must have explicit permission to read data, but requires no permission to write data. +

    + +     + + +

    To prevent permission bypass, you should create provider elements that either + specify both the android:readPermission + and android:writePermission attributes, or specify + the android:permission attribute. +

    +     + + + +

    In the following two (bad) examples, the provider is configured with only + read or write permissions. This allows a malicious application to bypass the permission check by requesting access to the unrestricted operation.

    + + + + + +

    In the following (good) examples, the provider is configured with full permissions, protecting it from a permissions bypass.

    + + + + +     + + +
  • + Android Documentation: + Provider element +
    • +
  • + CVE-2021-41166: Insufficient + permission control in Nextcloud Android app +
    • +
  • + GitHub Security Lab Research: + Insufficient permission control in Nextcloud Android app +
    • +     +     diff --git a/java/ql/src/Security/CWE/CWE-926/ContentProviderIncompletePermissions.ql b/java/ql/src/Security/CWE/CWE-926/ContentProviderIncompletePermissions.ql new file mode 100644 index 00000000000..a8c6cb99131 --- /dev/null +++ b/java/ql/src/Security/CWE/CWE-926/ContentProviderIncompletePermissions.ql @@ -0,0 +1,21 @@ +/** + * @name Missing read or write permission in a content provider + * @description Android content providers which do not configure both read and write permissions can allow permission bypass. + * @kind problem + * @problem.severity warning + * @security-severity 8.2 + * @id java/android/incomplete-provider-permissions + * @tags security + * external/cwe/cwe-926 + * @precision medium + */ + +import java +import semmle.code.xml.AndroidManifest + +from AndroidProviderXmlElement provider +where + not provider.getFile().(AndroidManifestXmlFile).isInBuildDirectory() and + provider.isExported() and + provider.hasIncompletePermissions() +select provider, "Exported provider has incomplete permissions." diff --git a/java/ql/src/Security/CWE/CWE-926/ContentProviderIncompletePermissionsFull.xml b/java/ql/src/Security/CWE/CWE-926/ContentProviderIncompletePermissionsFull.xml new file mode 100644 index 00000000000..95dbb0a92f3 --- /dev/null +++ b/java/ql/src/Security/CWE/CWE-926/ContentProviderIncompletePermissionsFull.xml @@ -0,0 +1,12 @@ + + + + + + + diff --git a/java/ql/src/Security/CWE/CWE-926/ContentProviderIncompletePermissionsReadOnly.xml b/java/ql/src/Security/CWE/CWE-926/ContentProviderIncompletePermissionsReadOnly.xml new file mode 100644 index 00000000000..278dbb1bb0b --- /dev/null +++ b/java/ql/src/Security/CWE/CWE-926/ContentProviderIncompletePermissionsReadOnly.xml @@ -0,0 +1,12 @@ + + + + + + + diff --git a/java/ql/src/Security/CWE/CWE-926/ContentProviderIncompletePermissionsReadWrite.xml b/java/ql/src/Security/CWE/CWE-926/ContentProviderIncompletePermissionsReadWrite.xml new file mode 100644 index 00000000000..1154c6e7534 --- /dev/null +++ b/java/ql/src/Security/CWE/CWE-926/ContentProviderIncompletePermissionsReadWrite.xml @@ -0,0 +1,13 @@ + + + + + + + diff --git a/java/ql/src/Security/CWE/CWE-926/ContentProviderIncompletePermissionsWriteOnly.xml b/java/ql/src/Security/CWE/CWE-926/ContentProviderIncompletePermissionsWriteOnly.xml new file mode 100644 index 00000000000..1428c6f1d03 --- /dev/null +++ b/java/ql/src/Security/CWE/CWE-926/ContentProviderIncompletePermissionsWriteOnly.xml @@ -0,0 +1,12 @@ + + + + + + + diff --git a/java/ql/src/Telemetry/ExternalApi.qll b/java/ql/src/Telemetry/ExternalApi.qll index eaf88555444..c3e11d4b9bc 100644 --- a/java/ql/src/Telemetry/ExternalApi.qll +++ b/java/ql/src/Telemetry/ExternalApi.qll @@ -69,7 +69,7 @@ class ExternalApi extends Callable { /** Holds if this API has a supported summary. */ predicate hasSummary() { - this instanceof SummarizedCallable or + this = any(SummarizedCallable sc).asCallable() or TaintTracking::localAdditionalTaintStep(this.getAnInput(), _) } @@ -105,29 +105,40 @@ deprecated class ExternalAPI = ExternalApi; int resultLimit() { result = 1000 } /** - * Holds if the relevant usage count of `api` is `usages`. + * Holds if it is relevant to count usages of `api`. */ -signature predicate relevantUsagesSig(ExternalApi api, int usages); +signature predicate relevantApi(ExternalApi api); /** * Given a predicate to count relevant API usages, this module provides a predicate * for restricting the number or returned results based on a certain limit. */ -module Results { - private int getOrder(ExternalApi api) { - api = - rank[result](ExternalApi a, int usages | - getRelevantUsages(a, usages) +module Results { + private int getUsages(string apiName) { + result = + strictcount(Call c, ExternalApi api | + c.getCallee().getSourceDeclaration() = api and + not c.getFile() instanceof GeneratedFile and + apiName = api.getApiName() and + getRelevantUsages(api) + ) + } + + private int getOrder(string apiInfo) { + apiInfo = + rank[result](string info, int usages | + usages = getUsages(info) | - a order by usages desc, a.getApiName() + info order by usages desc, info ) } /** - * Holds if `api` is being used `usages` times and if it is - * in the top results (guarded by resultLimit). + * Holds if there exists an API with `apiName` that is being used `usages` times + * and if it is in the top results (guarded by resultLimit). */ - predicate restrict(ExternalApi api, int usages) { - getRelevantUsages(api, usages) and getOrder(api) <= resultLimit() + predicate restrict(string apiName, int usages) { + usages = getUsages(apiName) and + getOrder(apiName) <= resultLimit() } } diff --git a/java/ql/src/Telemetry/SupportedExternalSinks.ql b/java/ql/src/Telemetry/SupportedExternalSinks.ql index 26bdc4a4ba3..7593adeed2a 100644 --- a/java/ql/src/Telemetry/SupportedExternalSinks.ql +++ b/java/ql/src/Telemetry/SupportedExternalSinks.ql @@ -9,16 +9,11 @@ import java import ExternalApi -private predicate getRelevantUsages(ExternalApi api, int usages) { +private predicate relevant(ExternalApi api) { not api.isUninteresting() and - api.isSink() and - usages = - strictcount(Call c | - c.getCallee().getSourceDeclaration() = api and - not c.getFile() instanceof GeneratedFile - ) + api.isSink() } -from ExternalApi api, int usages -where Results::restrict(api, usages) -select api.getApiName() as apiname, usages order by usages desc +from string apiName, int usages +where Results::restrict(apiName, usages) +select apiName, usages order by usages desc diff --git a/java/ql/src/Telemetry/SupportedExternalSources.ql b/java/ql/src/Telemetry/SupportedExternalSources.ql index 3708e6ffbdb..89f9b37cb55 100644 --- a/java/ql/src/Telemetry/SupportedExternalSources.ql +++ b/java/ql/src/Telemetry/SupportedExternalSources.ql @@ -9,16 +9,11 @@ import java import ExternalApi -private predicate getRelevantUsages(ExternalApi api, int usages) { +private predicate relevant(ExternalApi api) { not api.isUninteresting() and - api.isSource() and - usages = - strictcount(Call c | - c.getCallee().getSourceDeclaration() = api and - not c.getFile() instanceof GeneratedFile - ) + api.isSource() } -from ExternalApi api, int usages -where Results::restrict(api, usages) -select api.getApiName() as apiname, usages order by usages desc +from string apiName, int usages +where Results::restrict(apiName, usages) +select apiName, usages order by usages desc diff --git a/java/ql/src/Telemetry/SupportedExternalTaint.ql b/java/ql/src/Telemetry/SupportedExternalTaint.ql index f6e651204cf..3f995138812 100644 --- a/java/ql/src/Telemetry/SupportedExternalTaint.ql +++ b/java/ql/src/Telemetry/SupportedExternalTaint.ql @@ -9,16 +9,11 @@ import java import ExternalApi -private predicate getRelevantUsages(ExternalApi api, int usages) { +private predicate relevant(ExternalApi api) { not api.isUninteresting() and - api.hasSummary() and - usages = - strictcount(Call c | - c.getCallee().getSourceDeclaration() = api and - not c.getFile() instanceof GeneratedFile - ) + api.hasSummary() } -from ExternalApi api, int usages -where Results::restrict(api, usages) -select api.getApiName() as apiname, usages order by usages desc +from string apiName, int usages +where Results::restrict(apiName, usages) +select apiName, usages order by usages desc diff --git a/java/ql/src/Telemetry/UnsupportedExternalAPIs.ql b/java/ql/src/Telemetry/UnsupportedExternalAPIs.ql index a6666637f16..16871f87a53 100644 --- a/java/ql/src/Telemetry/UnsupportedExternalAPIs.ql +++ b/java/ql/src/Telemetry/UnsupportedExternalAPIs.ql @@ -11,17 +11,12 @@ import semmle.code.java.dataflow.internal.FlowSummaryImpl as FlowSummaryImpl import semmle.code.java.dataflow.internal.NegativeSummary import ExternalApi -private predicate getRelevantUsages(ExternalApi api, int usages) { +private predicate relevant(ExternalApi api) { not api.isUninteresting() and not api.isSupported() and - not api instanceof FlowSummaryImpl::Public::NegativeSummarizedCallable and - usages = - strictcount(Call c | - c.getCallee().getSourceDeclaration() = api and - not c.getFile() instanceof GeneratedFile - ) + not api = any(FlowSummaryImpl::Public::NegativeSummarizedCallable nsc).asCallable() } -from ExternalApi api, int usages -where Results::restrict(api, usages) -select api.getApiName() as apiname, usages order by usages desc +from string apiName, int usages +where Results::restrict(apiName, usages) +select apiName, usages order by usages desc diff --git a/java/ql/src/Violations of Best Practice/Naming Conventions/FieldMasksSuperField.ql b/java/ql/src/Violations of Best Practice/Naming Conventions/FieldMasksSuperField.ql index a786facaa1b..faf64b0ae5e 100644 --- a/java/ql/src/Violations of Best Practice/Naming Conventions/FieldMasksSuperField.ql +++ b/java/ql/src/Violations of Best Practice/Naming Conventions/FieldMasksSuperField.ql @@ -12,6 +12,7 @@ */ import java +private import semmle.code.java.frameworks.android.Compose class VisibleInstanceField extends Field { VisibleInstanceField() { @@ -28,6 +29,8 @@ where masked.getName() = masking.getName() and // Exclude intentional masking. not exists(VarAccess va | va.getVariable() = masked | va.getQualifier() instanceof SuperAccess) and - type.fromSource() + type.fromSource() and + // Exclude live literal variables, which is generated code. + not masking.getInitializer() instanceof LiveLiteral select masking, "This field shadows another field called $@ in a superclass.", masked, masked.getName() diff --git a/java/ql/src/change-notes/2022-08-26-unsafe-content-uri-resolution.md b/java/ql/src/change-notes/2022-08-26-unsafe-content-uri-resolution.md new file mode 100644 index 00000000000..21c41265505 --- /dev/null +++ b/java/ql/src/change-notes/2022-08-26-unsafe-content-uri-resolution.md @@ -0,0 +1,4 @@ +--- +category: newQuery +--- +* A new query "Uncontrolled data used in content resolution" (`java/androd/unsafe-content-uri-resolution`) has been added. This query finds paths from user-provided data to URI resolution operations in Android's `ContentResolver` without previous validation or sanitization. \ No newline at end of file diff --git a/java/ql/src/change-notes/2022-09-29-contentprovider-incomplete-permissions.md b/java/ql/src/change-notes/2022-09-29-contentprovider-incomplete-permissions.md new file mode 100644 index 00000000000..bdbd092f037 --- /dev/null +++ b/java/ql/src/change-notes/2022-09-29-contentprovider-incomplete-permissions.md @@ -0,0 +1,4 @@ +--- +category: newQuery +--- +* Added a new query, `java/android/incomplete-provider-permissions`, to detect if an Android ContentProvider is not protected with a correct set of permissions. diff --git a/java/ql/src/experimental/Security/CWE/CWE-094/SpringViewManipulation.qhelp b/java/ql/src/experimental/Security/CWE/CWE-094/SpringViewManipulation.qhelp index dadd20dfdb7..67d348dfdb3 100644 --- a/java/ql/src/experimental/Security/CWE/CWE-094/SpringViewManipulation.qhelp +++ b/java/ql/src/experimental/Security/CWE/CWE-094/SpringViewManipulation.qhelp @@ -8,7 +8,7 @@ including invocation of methods available in the JVM.

    - An unrestricted view name manipulation vulnerability in Spring Framework could lead to attacker-controlled arbitary SpEL expressions being evaluated using attacker-controlled data, which may in turn allow an attacker to run arbitrary code. + An unrestricted view name manipulation vulnerability in Spring Framework could lead to attacker-controlled arbitrary SpEL expressions being evaluated using attacker-controlled data, which may in turn allow an attacker to run arbitrary code.

    Note: two related variants of this problem are detected by different queries, `java/spring-view-manipulation` and `java/spring-view-manipulation-implicit`. The first detects taint flow problems where the return types is always String. While the latter, `java/spring-view-manipulation-implicit` detects cases where the request mapping method has a non-string return type such as void. @@ -19,7 +19,7 @@

    In general, using user input to determine Spring view name should be avoided. If user input must be included in the expression, the controller can be annotated by - a @ReponseBody annotation. In this case, Spring Framework does not interpret + a @ResponseBody annotation. In this case, Spring Framework does not interpret it as a view name, but just returns this string in HTTP Response. The same applies to using a @RestController annotation on a class, as internally it inherits @ResponseBody.

    @@ -31,7 +31,7 @@

    - This can be easily prevented by using the ResponseBody annotation which marks the reponse is already processed preventing exploitation of Spring View Manipulation vulnerabilities. Alternatively, this can also be fixed by adding a HttpServletResponse parameter to the method definition as shown in the example below. + This can be easily prevented by using the ResponseBody annotation which marks the response is already processed preventing exploitation of Spring View Manipulation vulnerabilities. Alternatively, this can also be fixed by adding a HttpServletResponse parameter to the method definition as shown in the example below.

    diff --git a/java/ql/src/experimental/Security/CWE/CWE-299/DisabledRevocationChecking.qhelp b/java/ql/src/experimental/Security/CWE/CWE-299/DisabledRevocationChecking.qhelp index 2b359faf1ed..9883a64bc7a 100644 --- a/java/ql/src/experimental/Security/CWE/CWE-299/DisabledRevocationChecking.qhelp +++ b/java/ql/src/experimental/Security/CWE/CWE-299/DisabledRevocationChecking.qhelp @@ -23,7 +23,7 @@ then revocation checking is not going to happen.

    -

    An application should not disable the default revocationg checking mechanism +

    An application should not disable the default revocation checking mechanism unless it provides a custom revocation checker.

     diff --git a/java/ql/src/experimental/Security/CWE/CWE-327/UnsafeTlsVersion.qhelp b/java/ql/src/experimental/Security/CWE/CWE-327/UnsafeTlsVersion.qhelp index 34240696b4d..6e9225f3b79 100644 --- a/java/ql/src/experimental/Security/CWE/CWE-327/UnsafeTlsVersion.qhelp +++ b/java/ql/src/experimental/Security/CWE/CWE-327/UnsafeTlsVersion.qhelp @@ -3,14 +3,14 @@

    Transport Layer Security (TLS) provides a number of security features such as -confidentiality, integrity, replay prevention and authenticatin. +confidentiality, integrity, replay prevention and authentication. There are several versions of TLS protocols. The latest is TLS 1.3. Unfortunately, older versions were found to be vulnerable to a number of attacks.

     -

    An application should use TLS 1.3. Currenlty, TLS 1.2 is also considered acceptable.

    +

    An application should use TLS 1.3. Currently, TLS 1.2 is also considered acceptable.

     diff --git a/java/ql/src/experimental/Security/CWE/CWE-470/UnsafeReflection.qhelp b/java/ql/src/experimental/Security/CWE/CWE-470/UnsafeReflection.qhelp index b4c66b9ef00..e85a0aef371 100644 --- a/java/ql/src/experimental/Security/CWE/CWE-470/UnsafeReflection.qhelp +++ b/java/ql/src/experimental/Security/CWE/CWE-470/UnsafeReflection.qhelp @@ -3,7 +3,7 @@

    -Allowing users to freely choose the name of a class to instantiate could provide means to attack a vulnerable appplication. +Allowing users to freely choose the name of a class to instantiate could provide means to attack a vulnerable application.

    diff --git a/java/ql/src/experimental/Security/CWE/CWE-502/UnsafeDeserializationRmi.qhelp b/java/ql/src/experimental/Security/CWE/CWE-502/UnsafeDeserializationRmi.qhelp index 02ee7d7dab1..67d1a89f8fa 100644 --- a/java/ql/src/experimental/Security/CWE/CWE-502/UnsafeDeserializationRmi.qhelp +++ b/java/ql/src/experimental/Security/CWE/CWE-502/UnsafeDeserializationRmi.qhelp @@ -50,7 +50,7 @@ whose methods use only primitive types and strings:

    -The next example shows how to set a deserilization filter for a remote object: +The next example shows how to set a deserialization filter for a remote object:

    diff --git a/java/ql/src/experimental/Security/CWE/CWE-665/CorrectJMXConnectorServerFactoryEnvironmentInitialisation.java b/java/ql/src/experimental/Security/CWE/CWE-665/CorrectJMXConnectorServerFactoryEnvironmentInitialization.java similarity index 100% rename from java/ql/src/experimental/Security/CWE/CWE-665/CorrectJMXConnectorServerFactoryEnvironmentInitialisation.java rename to java/ql/src/experimental/Security/CWE/CWE-665/CorrectJMXConnectorServerFactoryEnvironmentInitialization.java diff --git a/java/ql/src/experimental/Security/CWE/CWE-665/CorrectRMIConnectorServerEnvironmentInitalisation.java b/java/ql/src/experimental/Security/CWE/CWE-665/CorrectRMIConnectorServerEnvironmentInitialization.java similarity index 100% rename from java/ql/src/experimental/Security/CWE/CWE-665/CorrectRMIConnectorServerEnvironmentInitalisation.java rename to java/ql/src/experimental/Security/CWE/CWE-665/CorrectRMIConnectorServerEnvironmentInitialization.java diff --git a/java/ql/src/experimental/Security/CWE/CWE-665/InsecureRmiJmxEnvironmentConfiguration.qhelp b/java/ql/src/experimental/Security/CWE/CWE-665/InsecureRmiJmxEnvironmentConfiguration.qhelp index c74d5a9d4b4..51e36dc830c 100644 --- a/java/ql/src/experimental/Security/CWE/CWE-665/InsecureRmiJmxEnvironmentConfiguration.qhelp +++ b/java/ql/src/experimental/Security/CWE/CWE-665/InsecureRmiJmxEnvironmentConfiguration.qhelp @@ -6,7 +6,7 @@

    For special use cases some applications may implement a custom service which handles JMX-RMI connections.

    -

    When creating such a custom service, a developer should pass a certain environment configuration to the JMX-RMI server initalisation, +

    When creating such a custom service, a developer should pass a certain environment configuration to the JMX-RMI server initialization, as otherwise the JMX-RMI service is susceptible to an unsafe deserialization vulnerability.

    This is because the JMX-RMI service allows attackers to supply arbitrary objects to the service authentication @@ -41,11 +41,11 @@ For this reason an initialization with a null environment is also v

    The first example shows how an JMX server is initialized securely with the JMXConnectorServerFactory.newJMXConnectorServer() call.

    - +

    The second example shows how a JMX Server is initialized securely if the RMIConnectorServer class is used.

    - +     diff --git a/java/ql/src/utils/model-generator/internal/CaptureModels.qll b/java/ql/src/utils/model-generator/internal/CaptureModels.qll index 82c6fbd1bbb..82ac94c8fc4 100644 --- a/java/ql/src/utils/model-generator/internal/CaptureModels.qll +++ b/java/ql/src/utils/model-generator/internal/CaptureModels.qll @@ -247,7 +247,7 @@ string captureSource(DataFlowTargetApi api) { * A TaintTracking Configuration used for tracking flow through APIs. * The sources are the parameters of the API and the fields of the enclosing type. * - * This can be used to generate Sink summaries for APIs, if the API propgates a parameter (or enclosing type field) + * This can be used to generate Sink summaries for APIs, if the API propagates a parameter (or enclosing type field) * into an existing known sink (then the API itself becomes a sink). */ private class PropagateToSinkConfiguration extends PropagateToSinkConfigurationSpecific { diff --git a/java/ql/test/kotlin/library-tests/classes/PrintAst.expected b/java/ql/test/kotlin/library-tests/classes/PrintAst.expected index bee30f893cc..3d2fd34f0f5 100644 --- a/java/ql/test/kotlin/library-tests/classes/PrintAst.expected +++ b/java/ql/test/kotlin/library-tests/classes/PrintAst.expected @@ -676,7 +676,7 @@ generic_anonymous.kt: # 7| 0: [MethodAccess] getMember(...) # 7| -1: [MethodAccess] getX$private(...) # 7| -1: [ThisAccess] this -# 15| 3: [Class,GenericType,ParameterizedType] Outer +# 15| 4: [Class,GenericType,ParameterizedType] Outer #-----| -2: (Generic Parameters) # 15| 0: [TypeVariable] T0 # 15| 6: [Constructor] Outer @@ -944,6 +944,7 @@ local_anonymous.kt: # 21| 1: [Constructor] # 21| 5: [BlockStmt] { ... } # 21| 0: [SuperConstructorInvocationStmt] super(...) +# 21| 0: [IntegerLiteral] 1 # 21| 2: [Method] invoke #-----| 4: (Parameters) # 21| 0: [Parameter] a0 diff --git a/java/ql/test/kotlin/library-tests/classes/superTypes.expected b/java/ql/test/kotlin/library-tests/classes/superTypes.expected index 45043a80817..31b8979e0b3 100644 --- a/java/ql/test/kotlin/library-tests/classes/superTypes.expected +++ b/java/ql/test/kotlin/library-tests/classes/superTypes.expected @@ -68,7 +68,9 @@ extendsOrImplements | file:///SuperChain1.class:0:0:0:0 | SuperChain1 | file:///Object.class:0:0:0:0 | Object | extends | | file:///SuperChain2.class:0:0:0:0 | SuperChain2 | file:///SuperChain1.class:0:0:0:0 | SuperChain1 | extends | | generic_anonymous.kt:1:1:9:1 | Generic | file:///Object.class:0:0:0:0 | Object | extends | +| generic_anonymous.kt:1:1:9:1 | Generic<> | file:///Object.class:0:0:0:0 | Object | extends | | generic_anonymous.kt:3:19:5:3 | new Object(...) { ... } | file:///Object.class:0:0:0:0 | Object | extends | +| generic_anonymous.kt:3:19:5:3 | new Object(...) { ... }<> | file:///Object.class:0:0:0:0 | Object | extends | | generic_anonymous.kt:15:1:33:1 | Outer | file:///Object.class:0:0:0:0 | Object | extends | | generic_anonymous.kt:16:5:18:5 | C0 | file:///Object.class:0:0:0:0 | Object | extends | | generic_anonymous.kt:20:5:22:5 | C1 | file:///Object.class:0:0:0:0 | Object | extends | @@ -154,12 +156,17 @@ extendsOrImplements | file:///C1$Local1.class:0:0:0:0 | Local1 | file:///Object.class:0:0:0:0 | Object | | file:///C1$Local2.class:0:0:0:0 | Local2 | file:///Object.class:0:0:0:0 | Object | | file:///Generic.class:0:0:0:0 | Generic | file:///Object.class:0:0:0:0 | Object | +| file:///Generic.class:0:0:0:0 | Generic | generic_anonymous.kt:1:1:9:1 | Generic<> | | file:///Generic.class:0:0:0:0 | Generic | file:///Object.class:0:0:0:0 | Object | +| file:///Generic.class:0:0:0:0 | Generic | generic_anonymous.kt:1:1:9:1 | Generic<> | | file:///SuperChain1.class:0:0:0:0 | SuperChain1 | file:///Object.class:0:0:0:0 | Object | | file:///SuperChain1.class:0:0:0:0 | SuperChain1 | file:///Object.class:0:0:0:0 | Object | | file:///SuperChain2.class:0:0:0:0 | SuperChain2 | file:///SuperChain1.class:0:0:0:0 | SuperChain1 | | generic_anonymous.kt:1:1:9:1 | Generic | file:///Object.class:0:0:0:0 | Object | +| generic_anonymous.kt:1:1:9:1 | Generic | generic_anonymous.kt:1:1:9:1 | Generic<> | +| generic_anonymous.kt:1:1:9:1 | Generic<> | file:///Object.class:0:0:0:0 | Object | | generic_anonymous.kt:3:19:5:3 | new Object(...) { ... } | file:///Object.class:0:0:0:0 | Object | +| generic_anonymous.kt:3:19:5:3 | new Object(...) { ... }<> | file:///Object.class:0:0:0:0 | Object | | generic_anonymous.kt:15:1:33:1 | Outer | file:///Object.class:0:0:0:0 | Object | | generic_anonymous.kt:25:9:31:9 | | file:///Object.class:0:0:0:0 | Object | | generic_anonymous.kt:26:13:26:37 | new Object(...) { ... } | file:///Outer$C0.class:0:0:0:0 | C0 | diff --git a/java/ql/test/kotlin/library-tests/collection-literals/PrintAst.expected b/java/ql/test/kotlin/library-tests/collection-literals/PrintAst.expected new file mode 100644 index 00000000000..99312685a0e --- /dev/null +++ b/java/ql/test/kotlin/library-tests/collection-literals/PrintAst.expected @@ -0,0 +1,84 @@ +test.kt: +# 0| [CompilationUnit] test +# 1| 1: [Interface] Ann +# 1| 1: [Constructor] Ann +#-----| 4: (Parameters) +# 1| 0: [Parameter] arr1 +# 1| 0: [TypeAccess] String[] +# 1| 0: [TypeAccess] String +# 1| 1: [Parameter] arr2 +# 1| 0: [TypeAccess] int[] +# 1| 5: [BlockStmt] { ... } +# 1| 0: [SuperConstructorInvocationStmt] super(...) +# 1| 1: [BlockStmt] { ... } +# 1| 0: [ExprStmt] ; +# 1| 0: [KtInitializerAssignExpr] ...=... +# 1| 0: [VarAccess] arr1 +# 1| 1: [ExprStmt] ; +# 1| 0: [KtInitializerAssignExpr] ...=... +# 1| 0: [VarAccess] arr2 +# 1| 2: [Constructor] Ann +#-----| 4: (Parameters) +# 1| 0: [Parameter] p0 +# 1| 0: [TypeAccess] String[] +# 1| 1: [Parameter] p1 +# 1| 0: [TypeAccess] int[] +# 1| 2: [Parameter] p2 +# 1| 0: [TypeAccess] int +# 1| 3: [Parameter] p3 +# 1| 0: [TypeAccess] DefaultConstructorMarker +# 1| 5: [BlockStmt] { ... } +# 1| 0: [IfStmt] if (...) +# 1| 0: [EQExpr] ... == ... +# 1| 0: [AndBitwiseExpr] ... & ... +# 1| 0: [IntegerLiteral] 1 +# 1| 1: [VarAccess] p2 +# 1| 1: [IntegerLiteral] 0 +# 1| 1: [ExprStmt] ; +# 1| 0: [AssignExpr] ...=... +# 1| 0: [VarAccess] p0 +# 0| 1: [ArrayCreationExpr] new String[] +# 0| -2: [ArrayInit] {...} +# 0| 0: [StringLiteral] hello +# 0| 1: [StringLiteral] world +# 0| -1: [TypeAccess] String +# 0| 0: [IntegerLiteral] 2 +# 1| 1: [IfStmt] if (...) +# 1| 0: [EQExpr] ... == ... +# 1| 0: [AndBitwiseExpr] ... & ... +# 1| 0: [IntegerLiteral] 2 +# 1| 1: [VarAccess] p2 +# 1| 1: [IntegerLiteral] 0 +# 1| 1: [ExprStmt] ; +# 1| 0: [AssignExpr] ...=... +# 1| 0: [VarAccess] p1 +# 0| 1: [ArrayCreationExpr] new int[] +# 0| -2: [ArrayInit] {...} +# 0| 0: [IntegerLiteral] 1 +# 0| 1: [IntegerLiteral] 2 +# 0| 2: [IntegerLiteral] 3 +# 0| -1: [TypeAccess] int +# 0| 0: [IntegerLiteral] 3 +# 1| 2: [ThisConstructorInvocationStmt] this(...) +# 1| 0: [VarAccess] p0 +# 1| 1: [VarAccess] p1 +# 1| 3: [FieldDeclaration] String[] arr1; +# 1| -1: [TypeAccess] String[] +# 1| 0: [TypeAccess] String +# 1| 0: [VarAccess] arr1 +# 1| 4: [Method] arr1 +# 1| 3: [TypeAccess] String[] +# 1| 0: [TypeAccess] String +# 1| 5: [BlockStmt] { ... } +# 1| 0: [ReturnStmt] return ... +# 1| 0: [VarAccess] this.arr1 +# 1| -1: [ThisAccess] this +# 1| 5: [Method] arr2 +# 1| 3: [TypeAccess] int[] +# 1| 5: [BlockStmt] { ... } +# 1| 0: [ReturnStmt] return ... +# 1| 0: [VarAccess] this.arr2 +# 1| -1: [ThisAccess] this +# 1| 6: [FieldDeclaration] int[] arr2; +# 1| -1: [TypeAccess] int[] +# 1| 0: [VarAccess] arr2 diff --git a/java/ql/test/kotlin/library-tests/collection-literals/PrintAst.qlref b/java/ql/test/kotlin/library-tests/collection-literals/PrintAst.qlref new file mode 100644 index 00000000000..c7fd5faf239 --- /dev/null +++ b/java/ql/test/kotlin/library-tests/collection-literals/PrintAst.qlref @@ -0,0 +1 @@ +semmle/code/java/PrintAst.ql \ No newline at end of file diff --git a/java/ql/test/kotlin/library-tests/collection-literals/test.kt b/java/ql/test/kotlin/library-tests/collection-literals/test.kt new file mode 100644 index 00000000000..615b296239a --- /dev/null +++ b/java/ql/test/kotlin/library-tests/collection-literals/test.kt @@ -0,0 +1 @@ +annotation class Ann(val arr1: Array = ["hello", "world"], val arr2: IntArray = [1, 2, 3]) { } diff --git a/java/ql/test/kotlin/library-tests/exprs/CONSISTENCY/javaEquivalent.expected b/java/ql/test/kotlin/library-tests/exprs/CONSISTENCY/javaEquivalent.expected index 328d09f836d..a5d2f9c316b 100644 --- a/java/ql/test/kotlin/library-tests/exprs/CONSISTENCY/javaEquivalent.expected +++ b/java/ql/test/kotlin/library-tests/exprs/CONSISTENCY/javaEquivalent.expected @@ -1,3 +1,11 @@ +| file://:0:0:0:0 | Couldn't find a Java equivalent function to kotlin.Byte.dec in java.lang.Byte | +| file://:0:0:0:0 | Couldn't find a Java equivalent function to kotlin.Byte.dec in java.lang.Byte | +| file://:0:0:0:0 | Couldn't find a Java equivalent function to kotlin.Byte.dec in java.lang.Byte | +| file://:0:0:0:0 | Couldn't find a Java equivalent function to kotlin.Byte.dec in java.lang.Byte | +| file://:0:0:0:0 | Couldn't find a Java equivalent function to kotlin.Byte.inc in java.lang.Byte | +| file://:0:0:0:0 | Couldn't find a Java equivalent function to kotlin.Byte.inc in java.lang.Byte | +| file://:0:0:0:0 | Couldn't find a Java equivalent function to kotlin.Byte.inc in java.lang.Byte | +| file://:0:0:0:0 | Couldn't find a Java equivalent function to kotlin.Byte.inc in java.lang.Byte | | file://:0:0:0:0 | Couldn't find a Java equivalent function to kotlin.Byte.toInt in java.lang.Byte | | file://:0:0:0:0 | Couldn't find a Java equivalent function to kotlin.Byte.toInt in java.lang.Byte | | file://:0:0:0:0 | Couldn't find a Java equivalent function to kotlin.Byte.toInt in java.lang.Byte | @@ -21,6 +29,22 @@ | file://:0:0:0:0 | Couldn't find a Java equivalent function to kotlin.Int.inc in java.lang.Integer | | file://:0:0:0:0 | Couldn't find a Java equivalent function to kotlin.Int.rangeTo in java.lang.Integer | | file://:0:0:0:0 | Couldn't find a Java equivalent function to kotlin.Int.rangeTo in java.lang.Integer | +| file://:0:0:0:0 | Couldn't find a Java equivalent function to kotlin.Long.dec in java.lang.Long | +| file://:0:0:0:0 | Couldn't find a Java equivalent function to kotlin.Long.dec in java.lang.Long | +| file://:0:0:0:0 | Couldn't find a Java equivalent function to kotlin.Long.dec in java.lang.Long | +| file://:0:0:0:0 | Couldn't find a Java equivalent function to kotlin.Long.dec in java.lang.Long | +| file://:0:0:0:0 | Couldn't find a Java equivalent function to kotlin.Long.inc in java.lang.Long | +| file://:0:0:0:0 | Couldn't find a Java equivalent function to kotlin.Long.inc in java.lang.Long | +| file://:0:0:0:0 | Couldn't find a Java equivalent function to kotlin.Long.inc in java.lang.Long | +| file://:0:0:0:0 | Couldn't find a Java equivalent function to kotlin.Long.inc in java.lang.Long | +| file://:0:0:0:0 | Couldn't find a Java equivalent function to kotlin.Short.dec in java.lang.Short | +| file://:0:0:0:0 | Couldn't find a Java equivalent function to kotlin.Short.dec in java.lang.Short | +| file://:0:0:0:0 | Couldn't find a Java equivalent function to kotlin.Short.dec in java.lang.Short | +| file://:0:0:0:0 | Couldn't find a Java equivalent function to kotlin.Short.dec in java.lang.Short | +| file://:0:0:0:0 | Couldn't find a Java equivalent function to kotlin.Short.inc in java.lang.Short | +| file://:0:0:0:0 | Couldn't find a Java equivalent function to kotlin.Short.inc in java.lang.Short | +| file://:0:0:0:0 | Couldn't find a Java equivalent function to kotlin.Short.inc in java.lang.Short | +| file://:0:0:0:0 | Couldn't find a Java equivalent function to kotlin.Short.inc in java.lang.Short | | file://:0:0:0:0 | Couldn't find a Java equivalent function to kotlin.Short.toInt in java.lang.Short | | file://:0:0:0:0 | Couldn't find a Java equivalent function to kotlin.Short.toInt in java.lang.Short | | file://:0:0:0:0 | Couldn't find a Java equivalent function to kotlin.Short.toInt in java.lang.Short | diff --git a/java/ql/test/kotlin/library-tests/exprs/PrintAst.expected b/java/ql/test/kotlin/library-tests/exprs/PrintAst.expected index ff98822407b..ccecb3e5c48 100644 --- a/java/ql/test/kotlin/library-tests/exprs/PrintAst.expected +++ b/java/ql/test/kotlin/library-tests/exprs/PrintAst.expected @@ -2862,6 +2862,14 @@ exprs.kt: # 279| 0: [TypeAccess] int # 279| 1: [Parameter] d # 279| 0: [TypeAccess] double +# 279| 2: [Parameter] b +# 279| 0: [TypeAccess] byte +# 279| 3: [Parameter] s +# 279| 0: [TypeAccess] short +# 279| 4: [Parameter] l +# 279| 0: [TypeAccess] long +# 279| 5: [Parameter] f +# 279| 0: [TypeAccess] float # 279| 5: [BlockStmt] { ... } # 280| 0: [ExprStmt] ; # 280| 0: [ImplicitCoercionToUnitExpr] @@ -2963,6 +2971,306 @@ exprs.kt: # 293| 0: [TypeAccess] Unit # 293| 1: [MethodAccess] dec(...) # 293| -1: [VarAccess] i1 +# 294| 14: [ExprStmt] ; +# 294| 0: [ImplicitCoercionToUnitExpr] +# 294| 0: [TypeAccess] Unit +# 294| 1: [BitNotExpr] ~... +# 294| 0: [VarAccess] i +# 296| 15: [ExprStmt] ; +# 296| 0: [ImplicitCoercionToUnitExpr] +# 296| 0: [TypeAccess] Unit +# 296| 1: [MinusExpr] -... +# 296| 0: [VarAccess] b +# 297| 16: [ExprStmt] ; +# 297| 0: [ImplicitCoercionToUnitExpr] +# 297| 0: [TypeAccess] Unit +# 297| 1: [PlusExpr] +... +# 297| 0: [VarAccess] b +# 298| 17: [LocalVariableDeclStmt] var ...; +# 298| 1: [LocalVariableDeclExpr] b0 +# 298| 0: [IntegerLiteral] 1 +# 299| 18: [LocalVariableDeclStmt] var ...; +# 299| 1: [LocalVariableDeclExpr] b1 +# 299| 0: [IntegerLiteral] 1 +# 300| 19: [ExprStmt] ; +# 300| 0: [ImplicitCoercionToUnitExpr] +# 300| 0: [TypeAccess] Unit +# 300| 1: [StmtExpr] +# 300| 0: [BlockStmt] { ... } +# 300| 0: [LocalVariableDeclStmt] var ...; +# 300| 1: [LocalVariableDeclExpr] tmp2 +# 300| 0: [VarAccess] b0 +# 300| 1: [ExprStmt] ; +# 300| 0: [AssignExpr] ...=... +# 300| 0: [VarAccess] b0 +# 300| 1: [MethodAccess] inc(...) +# 300| -1: [VarAccess] tmp2 +# 300| 2: [ExprStmt] ; +# 300| 0: [VarAccess] tmp2 +# 301| 20: [ExprStmt] ; +# 301| 0: [ImplicitCoercionToUnitExpr] +# 301| 0: [TypeAccess] Unit +# 301| 1: [StmtExpr] +# 301| 0: [BlockStmt] { ... } +# 301| 0: [ExprStmt] ; +# 301| 0: [AssignExpr] ...=... +# 301| 0: [VarAccess] b0 +# 301| 1: [MethodAccess] inc(...) +# 301| -1: [VarAccess] b0 +# 301| 1: [ExprStmt] ; +# 301| 0: [VarAccess] b0 +# 302| 21: [ExprStmt] ; +# 302| 0: [ImplicitCoercionToUnitExpr] +# 302| 0: [TypeAccess] Unit +# 302| 1: [StmtExpr] +# 302| 0: [BlockStmt] { ... } +# 302| 0: [LocalVariableDeclStmt] var ...; +# 302| 1: [LocalVariableDeclExpr] tmp3 +# 302| 0: [VarAccess] b0 +# 302| 1: [ExprStmt] ; +# 302| 0: [AssignExpr] ...=... +# 302| 0: [VarAccess] b0 +# 302| 1: [MethodAccess] dec(...) +# 302| -1: [VarAccess] tmp3 +# 302| 2: [ExprStmt] ; +# 302| 0: [VarAccess] tmp3 +# 303| 22: [ExprStmt] ; +# 303| 0: [ImplicitCoercionToUnitExpr] +# 303| 0: [TypeAccess] Unit +# 303| 1: [StmtExpr] +# 303| 0: [BlockStmt] { ... } +# 303| 0: [ExprStmt] ; +# 303| 0: [AssignExpr] ...=... +# 303| 0: [VarAccess] b0 +# 303| 1: [MethodAccess] dec(...) +# 303| -1: [VarAccess] b0 +# 303| 1: [ExprStmt] ; +# 303| 0: [VarAccess] b0 +# 304| 23: [ExprStmt] ; +# 304| 0: [ImplicitCoercionToUnitExpr] +# 304| 0: [TypeAccess] Unit +# 304| 1: [MethodAccess] inc(...) +# 304| -1: [VarAccess] b0 +# 305| 24: [ExprStmt] ; +# 305| 0: [ImplicitCoercionToUnitExpr] +# 305| 0: [TypeAccess] Unit +# 305| 1: [MethodAccess] dec(...) +# 305| -1: [VarAccess] b0 +# 306| 25: [ExprStmt] ; +# 306| 0: [ImplicitCoercionToUnitExpr] +# 306| 0: [TypeAccess] Unit +# 306| 1: [MethodAccess] inc(...) +# 306| -1: [VarAccess] b1 +# 307| 26: [ExprStmt] ; +# 307| 0: [ImplicitCoercionToUnitExpr] +# 307| 0: [TypeAccess] Unit +# 307| 1: [MethodAccess] dec(...) +# 307| -1: [VarAccess] b1 +# 308| 27: [ExprStmt] ; +# 308| 0: [ImplicitCoercionToUnitExpr] +# 308| 0: [TypeAccess] Unit +# 308| 1: [BitNotExpr] ~... +# 308| 0: [VarAccess] b +# 310| 28: [ExprStmt] ; +# 310| 0: [ImplicitCoercionToUnitExpr] +# 310| 0: [TypeAccess] Unit +# 310| 1: [MinusExpr] -... +# 310| 0: [VarAccess] s +# 311| 29: [ExprStmt] ; +# 311| 0: [ImplicitCoercionToUnitExpr] +# 311| 0: [TypeAccess] Unit +# 311| 1: [PlusExpr] +... +# 311| 0: [VarAccess] s +# 312| 30: [LocalVariableDeclStmt] var ...; +# 312| 1: [LocalVariableDeclExpr] s0 +# 312| 0: [IntegerLiteral] 1 +# 313| 31: [LocalVariableDeclStmt] var ...; +# 313| 1: [LocalVariableDeclExpr] s1 +# 313| 0: [IntegerLiteral] 1 +# 314| 32: [ExprStmt] ; +# 314| 0: [ImplicitCoercionToUnitExpr] +# 314| 0: [TypeAccess] Unit +# 314| 1: [StmtExpr] +# 314| 0: [BlockStmt] { ... } +# 314| 0: [LocalVariableDeclStmt] var ...; +# 314| 1: [LocalVariableDeclExpr] tmp4 +# 314| 0: [VarAccess] s0 +# 314| 1: [ExprStmt] ; +# 314| 0: [AssignExpr] ...=... +# 314| 0: [VarAccess] s0 +# 314| 1: [MethodAccess] inc(...) +# 314| -1: [VarAccess] tmp4 +# 314| 2: [ExprStmt] ; +# 314| 0: [VarAccess] tmp4 +# 315| 33: [ExprStmt] ; +# 315| 0: [ImplicitCoercionToUnitExpr] +# 315| 0: [TypeAccess] Unit +# 315| 1: [StmtExpr] +# 315| 0: [BlockStmt] { ... } +# 315| 0: [ExprStmt] ; +# 315| 0: [AssignExpr] ...=... +# 315| 0: [VarAccess] s0 +# 315| 1: [MethodAccess] inc(...) +# 315| -1: [VarAccess] s0 +# 315| 1: [ExprStmt] ; +# 315| 0: [VarAccess] s0 +# 316| 34: [ExprStmt] ; +# 316| 0: [ImplicitCoercionToUnitExpr] +# 316| 0: [TypeAccess] Unit +# 316| 1: [StmtExpr] +# 316| 0: [BlockStmt] { ... } +# 316| 0: [LocalVariableDeclStmt] var ...; +# 316| 1: [LocalVariableDeclExpr] tmp5 +# 316| 0: [VarAccess] s0 +# 316| 1: [ExprStmt] ; +# 316| 0: [AssignExpr] ...=... +# 316| 0: [VarAccess] s0 +# 316| 1: [MethodAccess] dec(...) +# 316| -1: [VarAccess] tmp5 +# 316| 2: [ExprStmt] ; +# 316| 0: [VarAccess] tmp5 +# 317| 35: [ExprStmt] ; +# 317| 0: [ImplicitCoercionToUnitExpr] +# 317| 0: [TypeAccess] Unit +# 317| 1: [StmtExpr] +# 317| 0: [BlockStmt] { ... } +# 317| 0: [ExprStmt] ; +# 317| 0: [AssignExpr] ...=... +# 317| 0: [VarAccess] s0 +# 317| 1: [MethodAccess] dec(...) +# 317| -1: [VarAccess] s0 +# 317| 1: [ExprStmt] ; +# 317| 0: [VarAccess] s0 +# 318| 36: [ExprStmt] ; +# 318| 0: [ImplicitCoercionToUnitExpr] +# 318| 0: [TypeAccess] Unit +# 318| 1: [MethodAccess] inc(...) +# 318| -1: [VarAccess] s0 +# 319| 37: [ExprStmt] ; +# 319| 0: [ImplicitCoercionToUnitExpr] +# 319| 0: [TypeAccess] Unit +# 319| 1: [MethodAccess] dec(...) +# 319| -1: [VarAccess] s0 +# 320| 38: [ExprStmt] ; +# 320| 0: [ImplicitCoercionToUnitExpr] +# 320| 0: [TypeAccess] Unit +# 320| 1: [MethodAccess] inc(...) +# 320| -1: [VarAccess] s1 +# 321| 39: [ExprStmt] ; +# 321| 0: [ImplicitCoercionToUnitExpr] +# 321| 0: [TypeAccess] Unit +# 321| 1: [MethodAccess] dec(...) +# 321| -1: [VarAccess] s1 +# 322| 40: [ExprStmt] ; +# 322| 0: [ImplicitCoercionToUnitExpr] +# 322| 0: [TypeAccess] Unit +# 322| 1: [BitNotExpr] ~... +# 322| 0: [VarAccess] s +# 324| 41: [ExprStmt] ; +# 324| 0: [ImplicitCoercionToUnitExpr] +# 324| 0: [TypeAccess] Unit +# 324| 1: [MinusExpr] -... +# 324| 0: [VarAccess] l +# 325| 42: [ExprStmt] ; +# 325| 0: [ImplicitCoercionToUnitExpr] +# 325| 0: [TypeAccess] Unit +# 325| 1: [PlusExpr] +... +# 325| 0: [VarAccess] l +# 326| 43: [LocalVariableDeclStmt] var ...; +# 326| 1: [LocalVariableDeclExpr] l0 +# 326| 0: [LongLiteral] 1 +# 327| 44: [LocalVariableDeclStmt] var ...; +# 327| 1: [LocalVariableDeclExpr] l1 +# 327| 0: [LongLiteral] 1 +# 328| 45: [ExprStmt] ; +# 328| 0: [ImplicitCoercionToUnitExpr] +# 328| 0: [TypeAccess] Unit +# 328| 1: [StmtExpr] +# 328| 0: [BlockStmt] { ... } +# 328| 0: [LocalVariableDeclStmt] var ...; +# 328| 1: [LocalVariableDeclExpr] tmp6 +# 328| 0: [VarAccess] l0 +# 328| 1: [ExprStmt] ; +# 328| 0: [AssignExpr] ...=... +# 328| 0: [VarAccess] l0 +# 328| 1: [MethodAccess] inc(...) +# 328| -1: [VarAccess] tmp6 +# 328| 2: [ExprStmt] ; +# 328| 0: [VarAccess] tmp6 +# 329| 46: [ExprStmt] ; +# 329| 0: [ImplicitCoercionToUnitExpr] +# 329| 0: [TypeAccess] Unit +# 329| 1: [StmtExpr] +# 329| 0: [BlockStmt] { ... } +# 329| 0: [ExprStmt] ; +# 329| 0: [AssignExpr] ...=... +# 329| 0: [VarAccess] l0 +# 329| 1: [MethodAccess] inc(...) +# 329| -1: [VarAccess] l0 +# 329| 1: [ExprStmt] ; +# 329| 0: [VarAccess] l0 +# 330| 47: [ExprStmt] ; +# 330| 0: [ImplicitCoercionToUnitExpr] +# 330| 0: [TypeAccess] Unit +# 330| 1: [StmtExpr] +# 330| 0: [BlockStmt] { ... } +# 330| 0: [LocalVariableDeclStmt] var ...; +# 330| 1: [LocalVariableDeclExpr] tmp7 +# 330| 0: [VarAccess] l0 +# 330| 1: [ExprStmt] ; +# 330| 0: [AssignExpr] ...=... +# 330| 0: [VarAccess] l0 +# 330| 1: [MethodAccess] dec(...) +# 330| -1: [VarAccess] tmp7 +# 330| 2: [ExprStmt] ; +# 330| 0: [VarAccess] tmp7 +# 331| 48: [ExprStmt] ; +# 331| 0: [ImplicitCoercionToUnitExpr] +# 331| 0: [TypeAccess] Unit +# 331| 1: [StmtExpr] +# 331| 0: [BlockStmt] { ... } +# 331| 0: [ExprStmt] ; +# 331| 0: [AssignExpr] ...=... +# 331| 0: [VarAccess] l0 +# 331| 1: [MethodAccess] dec(...) +# 331| -1: [VarAccess] l0 +# 331| 1: [ExprStmt] ; +# 331| 0: [VarAccess] l0 +# 332| 49: [ExprStmt] ; +# 332| 0: [ImplicitCoercionToUnitExpr] +# 332| 0: [TypeAccess] Unit +# 332| 1: [MethodAccess] inc(...) +# 332| -1: [VarAccess] l0 +# 333| 50: [ExprStmt] ; +# 333| 0: [ImplicitCoercionToUnitExpr] +# 333| 0: [TypeAccess] Unit +# 333| 1: [MethodAccess] dec(...) +# 333| -1: [VarAccess] l0 +# 334| 51: [ExprStmt] ; +# 334| 0: [ImplicitCoercionToUnitExpr] +# 334| 0: [TypeAccess] Unit +# 334| 1: [MethodAccess] inc(...) +# 334| -1: [VarAccess] l1 +# 335| 52: [ExprStmt] ; +# 335| 0: [ImplicitCoercionToUnitExpr] +# 335| 0: [TypeAccess] Unit +# 335| 1: [MethodAccess] dec(...) +# 335| -1: [VarAccess] l1 +# 336| 53: [ExprStmt] ; +# 336| 0: [ImplicitCoercionToUnitExpr] +# 336| 0: [TypeAccess] Unit +# 336| 1: [BitNotExpr] ~... +# 336| 0: [VarAccess] l +# 338| 54: [ExprStmt] ; +# 338| 0: [ImplicitCoercionToUnitExpr] +# 338| 0: [TypeAccess] Unit +# 338| 1: [PlusExpr] +... +# 338| 0: [VarAccess] f +# 339| 55: [ExprStmt] ; +# 339| 0: [ImplicitCoercionToUnitExpr] +# 339| 0: [TypeAccess] Unit +# 339| 1: [MinusExpr] -... +# 339| 0: [VarAccess] f # 142| 2: [Class] C # 142| 1: [Constructor] C #-----| 4: (Parameters) @@ -4139,6 +4447,7 @@ funcExprs.kt: # 38| 0: [Parameter] # 38| 5: [BlockStmt] { ... } # 38| 0: [SuperConstructorInvocationStmt] super(...) +# 38| 0: [IntegerLiteral] 0 # 38| 1: [ExprStmt] ; # 38| 0: [AssignExpr] ...=... # 38| 0: [VarAccess] this. @@ -4166,6 +4475,7 @@ funcExprs.kt: # 39| 0: [Parameter] # 39| 5: [BlockStmt] { ... } # 39| 0: [SuperConstructorInvocationStmt] super(...) +# 39| 0: [IntegerLiteral] 0 # 39| 1: [ExprStmt] ; # 39| 0: [AssignExpr] ...=... # 39| 0: [VarAccess] this. @@ -4193,6 +4503,7 @@ funcExprs.kt: # 40| 0: [Parameter] # 40| 5: [BlockStmt] { ... } # 40| 0: [SuperConstructorInvocationStmt] super(...) +# 40| 0: [IntegerLiteral] 1 # 40| 1: [ExprStmt] ; # 40| 0: [AssignExpr] ...=... # 40| 0: [VarAccess] this. @@ -4223,6 +4534,7 @@ funcExprs.kt: # 41| 1: [Constructor] # 41| 5: [BlockStmt] { ... } # 41| 0: [SuperConstructorInvocationStmt] super(...) +# 41| 0: [IntegerLiteral] 2 # 41| 2: [Method] invoke #-----| 4: (Parameters) # 41| 0: [Parameter] a0 @@ -4247,6 +4559,7 @@ funcExprs.kt: # 42| 0: [Parameter] # 42| 5: [BlockStmt] { ... } # 42| 0: [SuperConstructorInvocationStmt] super(...) +# 42| 0: [IntegerLiteral] 1 # 42| 1: [ExprStmt] ; # 42| 0: [AssignExpr] ...=... # 42| 0: [VarAccess] this. @@ -4277,6 +4590,7 @@ funcExprs.kt: # 43| 1: [Constructor] # 43| 5: [BlockStmt] { ... } # 43| 0: [SuperConstructorInvocationStmt] super(...) +# 43| 0: [IntegerLiteral] 2 # 43| 2: [Method] invoke #-----| 4: (Parameters) # 43| 0: [Parameter] a0 @@ -4302,6 +4616,7 @@ funcExprs.kt: # 44| 0: [Parameter] # 44| 5: [BlockStmt] { ... } # 44| 0: [SuperConstructorInvocationStmt] super(...) +# 44| 0: [IntegerLiteral] 22 # 44| 1: [ExprStmt] ; # 44| 0: [AssignExpr] ...=... # 44| 0: [VarAccess] this. @@ -4397,6 +4712,7 @@ funcExprs.kt: # 45| 0: [Parameter] # 45| 5: [BlockStmt] { ... } # 45| 0: [SuperConstructorInvocationStmt] super(...) +# 45| 0: [IntegerLiteral] 23 # 45| 1: [ExprStmt] ; # 45| 0: [AssignExpr] ...=... # 45| 0: [VarAccess] this. @@ -4540,6 +4856,7 @@ funcExprs.kt: # 46| 1: [Constructor] # 46| 5: [BlockStmt] { ... } # 46| 0: [SuperConstructorInvocationStmt] super(...) +# 46| 0: [IntegerLiteral] 24 # 46| 2: [Method] invoke #-----| 4: (Parameters) # 46| 0: [Parameter] a0 @@ -4686,6 +5003,7 @@ funcExprs.kt: # 49| 1: [Constructor] # 49| 5: [BlockStmt] { ... } # 49| 0: [SuperConstructorInvocationStmt] super(...) +# 49| 0: [IntegerLiteral] 0 # 49| 2: [Method] invoke # 49| 5: [BlockStmt] { ... } # 49| 0: [ReturnStmt] return ... @@ -4703,6 +5021,7 @@ funcExprs.kt: # 51| 1: [Constructor] # 51| 5: [BlockStmt] { ... } # 51| 0: [SuperConstructorInvocationStmt] super(...) +# 51| 0: [IntegerLiteral] 0 # 51| 2: [Method] invoke # 51| 5: [BlockStmt] { ... } # 51| 0: [ReturnStmt] return ... @@ -5316,6 +5635,7 @@ kFunctionInvoke.kt: # 8| 0: [Parameter] # 8| 5: [BlockStmt] { ... } # 8| 0: [SuperConstructorInvocationStmt] super(...) +# 8| 0: [IntegerLiteral] 1 # 8| 1: [ExprStmt] ; # 8| 0: [AssignExpr] ...=... # 8| 0: [VarAccess] this. @@ -5594,6 +5914,7 @@ samConversion.kt: # 5| 1: [Constructor] # 5| 5: [BlockStmt] { ... } # 5| 0: [SuperConstructorInvocationStmt] super(...) +# 5| 0: [IntegerLiteral] 2 # 5| 2: [Method] invoke #-----| 4: (Parameters) # 5| 0: [Parameter] a0 @@ -5815,6 +6136,7 @@ samConversion.kt: # 41| 1: [Constructor] # 41| 5: [BlockStmt] { ... } # 41| 0: [SuperConstructorInvocationStmt] super(...) +# 41| 0: [IntegerLiteral] 23 # 41| 2: [Method] invoke #-----| 4: (Parameters) # 41| 0: [Parameter] a0 @@ -6432,6 +6754,120 @@ samConversion.kt: # 59| -1: [VarAccess] i0 # 59| 0: [IntegerLiteral] 1 # 59| 1: [IntegerLiteral] 2 +# 74| 6: [Method] propertyRefsTest +# 74| 3: [TypeAccess] Unit +#-----| 4: (Parameters) +# 74| 0: [Parameter] prt +# 74| 0: [TypeAccess] PropertyRefsTest +# 74| 5: [BlockStmt] { ... } +# 75| 0: [LocalVariableDeclStmt] var ...; +# 75| 1: [LocalVariableDeclExpr] test1 +# 75| 0: [CastExpr] (...)... +# 75| 0: [TypeAccess] IntGetter +# 75| 1: [ClassInstanceExpr] new (...) +# 75| -4: [AnonymousClass] new IntGetter(...) { ... } +# 75| 1: [Constructor] +#-----| 4: (Parameters) +# 75| 0: [Parameter] +# 75| 5: [BlockStmt] { ... } +# 75| 0: [SuperConstructorInvocationStmt] super(...) +# 75| 1: [ExprStmt] ; +# 75| 0: [AssignExpr] ...=... +# 75| 0: [VarAccess] this. +# 75| -1: [ThisAccess] this +# 75| 1: [VarAccess] +# 75| 2: [FieldDeclaration] Function0 ; +# 75| -1: [TypeAccess] Function0 +# 75| 0: [TypeAccess] Integer +# 75| 3: [Method] f +# 75| 3: [TypeAccess] int +# 75| 5: [BlockStmt] { ... } +# 75| 0: [ReturnStmt] return ... +# 75| 0: [MethodAccess] invoke(...) +# 75| -1: [VarAccess] +# 75| -3: [TypeAccess] IntGetter +# 75| 0: [PropertyRefExpr] ...::... +# 75| -4: [AnonymousClass] new KProperty0(...) { ... } +# 75| 1: [Constructor] +#-----| 4: (Parameters) +# 75| 0: [Parameter] +# 75| 5: [BlockStmt] { ... } +# 75| 0: [SuperConstructorInvocationStmt] super(...) +# 75| 1: [ExprStmt] ; +# 75| 0: [AssignExpr] ...=... +# 75| 0: [VarAccess] this. +# 75| -1: [ThisAccess] this +# 75| 1: [VarAccess] +# 75| 2: [FieldDeclaration] PropertyRefsTest ; +# 75| -1: [TypeAccess] PropertyRefsTest +# 75| 3: [Method] get +# 75| 5: [BlockStmt] { ... } +# 75| 0: [ReturnStmt] return ... +# 75| 0: [MethodAccess] getX(...) +# 75| -1: [VarAccess] this. +# 75| -1: [ThisAccess] this +# 75| 4: [Method] invoke +# 75| 5: [BlockStmt] { ... } +# 75| 0: [ReturnStmt] return ... +# 75| 0: [MethodAccess] get(...) +# 75| -1: [ThisAccess] this +# 75| -3: [TypeAccess] KProperty0 +# 75| 0: [TypeAccess] Integer +# 75| 0: [VarAccess] prt +# 76| 1: [LocalVariableDeclStmt] var ...; +# 76| 1: [LocalVariableDeclExpr] test2 +# 76| 0: [CastExpr] (...)... +# 76| 0: [TypeAccess] PropertyRefsGetter +# 76| 1: [ClassInstanceExpr] new (...) +# 76| -4: [AnonymousClass] new PropertyRefsGetter(...) { ... } +# 76| 1: [Constructor] +#-----| 4: (Parameters) +# 76| 0: [Parameter] +# 76| 5: [BlockStmt] { ... } +# 76| 0: [SuperConstructorInvocationStmt] super(...) +# 76| 1: [ExprStmt] ; +# 76| 0: [AssignExpr] ...=... +# 76| 0: [VarAccess] this. +# 76| -1: [ThisAccess] this +# 76| 1: [VarAccess] +# 76| 2: [FieldDeclaration] Function1 ; +# 76| -1: [TypeAccess] Function1 +# 76| 0: [TypeAccess] PropertyRefsTest +# 76| 1: [TypeAccess] Integer +# 76| 3: [Method] f +# 76| 3: [TypeAccess] int +#-----| 4: (Parameters) +# 76| 0: [Parameter] prt +# 76| 0: [TypeAccess] PropertyRefsTest +# 76| 5: [BlockStmt] { ... } +# 76| 0: [ReturnStmt] return ... +# 76| 0: [MethodAccess] invoke(...) +# 76| -1: [VarAccess] +# 76| 0: [VarAccess] prt +# 76| -3: [TypeAccess] PropertyRefsGetter +# 76| 0: [PropertyRefExpr] ...::... +# 76| -4: [AnonymousClass] new KProperty1(...) { ... } +# 76| 1: [Constructor] +# 76| 5: [BlockStmt] { ... } +# 76| 0: [SuperConstructorInvocationStmt] super(...) +# 76| 2: [Method] get +#-----| 4: (Parameters) +# 76| 0: [Parameter] a0 +# 76| 5: [BlockStmt] { ... } +# 76| 0: [ReturnStmt] return ... +# 76| 0: [MethodAccess] getX(...) +# 76| -1: [VarAccess] a0 +# 76| 3: [Method] invoke +#-----| 4: (Parameters) +# 76| 0: [Parameter] a0 +# 76| 5: [BlockStmt] { ... } +# 76| 0: [ReturnStmt] return ... +# 76| 0: [MethodAccess] get(...) +# 76| -1: [ThisAccess] this +# 76| 0: [VarAccess] a0 +# 76| -3: [TypeAccess] KProperty1 +# 76| 0: [TypeAccess] PropertyRefsTest +# 76| 1: [TypeAccess] Integer # 16| 2: [Interface] IntPredicate # 17| 1: [Method] accept # 17| 3: [TypeAccess] boolean @@ -6520,6 +6956,32 @@ samConversion.kt: # 54| 0: [TypeAccess] int # 54| 1: [Parameter] j # 54| 0: [TypeAccess] int +# 62| 8: [Class] PropertyRefsTest +# 62| 1: [Constructor] PropertyRefsTest +# 62| 5: [BlockStmt] { ... } +# 62| 0: [SuperConstructorInvocationStmt] super(...) +# 62| 1: [BlockStmt] { ... } +# 63| 0: [ExprStmt] ; +# 63| 0: [KtInitializerAssignExpr] ...=... +# 63| 0: [VarAccess] x +# 63| 2: [Method] getX +# 63| 3: [TypeAccess] int +# 63| 5: [BlockStmt] { ... } +# 63| 0: [ReturnStmt] return ... +# 63| 0: [VarAccess] this.x +# 63| -1: [ThisAccess] this +# 63| 3: [FieldDeclaration] int x; +# 63| -1: [TypeAccess] int +# 63| 0: [IntegerLiteral] 1 +# 66| 9: [Interface] PropertyRefsGetter +# 67| 1: [Method] f +# 67| 3: [TypeAccess] int +#-----| 4: (Parameters) +# 67| 0: [Parameter] prt +# 67| 0: [TypeAccess] PropertyRefsTest +# 70| 10: [Interface] IntGetter +# 71| 1: [Method] f +# 71| 3: [TypeAccess] int whenExpr.kt: # 0| [CompilationUnit] whenExpr # 0| 1: [Class] WhenExprKt diff --git a/java/ql/test/kotlin/library-tests/exprs/exprs.expected b/java/ql/test/kotlin/library-tests/exprs/exprs.expected index 3a512670c8a..1b3e8dc9272 100644 --- a/java/ql/test/kotlin/library-tests/exprs/exprs.expected +++ b/java/ql/test/kotlin/library-tests/exprs/exprs.expected @@ -1738,81 +1738,301 @@ | exprs.kt:276:5:276:26 | ExprsKt | exprs.kt:274:1:277:1 | callToEnumValues | TypeAccess | | exprs.kt:276:5:276:26 | Unit | exprs.kt:274:1:277:1 | callToEnumValues | TypeAccess | | exprs.kt:276:5:276:26 | getEnumValues(...) | exprs.kt:274:1:277:1 | callToEnumValues | MethodAccess | -| exprs.kt:279:1:294:1 | Unit | file://:0:0:0:0 | | TypeAccess | +| exprs.kt:279:1:340:1 | Unit | file://:0:0:0:0 | | TypeAccess | | exprs.kt:279:16:279:21 | int | file://:0:0:0:0 | | TypeAccess | | exprs.kt:279:24:279:32 | double | file://:0:0:0:0 | | TypeAccess | -| exprs.kt:280:5:280:6 | -... | exprs.kt:279:1:294:1 | unaryExprs | MinusExpr | -| exprs.kt:280:5:280:6 | | exprs.kt:279:1:294:1 | unaryExprs | ImplicitCoercionToUnitExpr | -| exprs.kt:280:5:280:6 | Unit | exprs.kt:279:1:294:1 | unaryExprs | TypeAccess | -| exprs.kt:280:6:280:6 | i | exprs.kt:279:1:294:1 | unaryExprs | VarAccess | -| exprs.kt:281:5:281:6 | +... | exprs.kt:279:1:294:1 | unaryExprs | PlusExpr | -| exprs.kt:281:5:281:6 | | exprs.kt:279:1:294:1 | unaryExprs | ImplicitCoercionToUnitExpr | -| exprs.kt:281:5:281:6 | Unit | exprs.kt:279:1:294:1 | unaryExprs | TypeAccess | -| exprs.kt:281:6:281:6 | i | exprs.kt:279:1:294:1 | unaryExprs | VarAccess | -| exprs.kt:282:5:282:6 | -... | exprs.kt:279:1:294:1 | unaryExprs | MinusExpr | -| exprs.kt:282:5:282:6 | | exprs.kt:279:1:294:1 | unaryExprs | ImplicitCoercionToUnitExpr | -| exprs.kt:282:5:282:6 | Unit | exprs.kt:279:1:294:1 | unaryExprs | TypeAccess | -| exprs.kt:282:6:282:6 | d | exprs.kt:279:1:294:1 | unaryExprs | VarAccess | -| exprs.kt:283:5:283:6 | +... | exprs.kt:279:1:294:1 | unaryExprs | PlusExpr | -| exprs.kt:283:5:283:6 | | exprs.kt:279:1:294:1 | unaryExprs | ImplicitCoercionToUnitExpr | -| exprs.kt:283:5:283:6 | Unit | exprs.kt:279:1:294:1 | unaryExprs | TypeAccess | -| exprs.kt:283:6:283:6 | d | exprs.kt:279:1:294:1 | unaryExprs | VarAccess | -| exprs.kt:284:5:284:14 | i0 | exprs.kt:279:1:294:1 | unaryExprs | LocalVariableDeclExpr | -| exprs.kt:284:14:284:14 | 1 | exprs.kt:279:1:294:1 | unaryExprs | IntegerLiteral | -| exprs.kt:285:5:285:14 | i1 | exprs.kt:279:1:294:1 | unaryExprs | LocalVariableDeclExpr | -| exprs.kt:285:14:285:14 | 1 | exprs.kt:279:1:294:1 | unaryExprs | IntegerLiteral | -| exprs.kt:286:5:286:6 | i0 | exprs.kt:279:1:294:1 | unaryExprs | VarAccess | -| exprs.kt:286:5:286:6 | i0 | exprs.kt:279:1:294:1 | unaryExprs | VarAccess | -| exprs.kt:286:5:286:8 | ...=... | exprs.kt:279:1:294:1 | unaryExprs | AssignExpr | -| exprs.kt:286:5:286:8 | | exprs.kt:279:1:294:1 | unaryExprs | StmtExpr | -| exprs.kt:286:5:286:8 | | exprs.kt:279:1:294:1 | unaryExprs | ImplicitCoercionToUnitExpr | -| exprs.kt:286:5:286:8 | Unit | exprs.kt:279:1:294:1 | unaryExprs | TypeAccess | -| exprs.kt:286:5:286:8 | inc(...) | exprs.kt:279:1:294:1 | unaryExprs | MethodAccess | -| exprs.kt:286:5:286:8 | tmp0 | exprs.kt:279:1:294:1 | unaryExprs | LocalVariableDeclExpr | -| exprs.kt:286:5:286:8 | tmp0 | exprs.kt:279:1:294:1 | unaryExprs | VarAccess | -| exprs.kt:286:5:286:8 | tmp0 | exprs.kt:279:1:294:1 | unaryExprs | VarAccess | -| exprs.kt:287:5:287:8 | | exprs.kt:279:1:294:1 | unaryExprs | StmtExpr | -| exprs.kt:287:5:287:8 | | exprs.kt:279:1:294:1 | unaryExprs | ImplicitCoercionToUnitExpr | -| exprs.kt:287:5:287:8 | Unit | exprs.kt:279:1:294:1 | unaryExprs | TypeAccess | -| exprs.kt:287:5:287:8 | inc(...) | exprs.kt:279:1:294:1 | unaryExprs | MethodAccess | -| exprs.kt:287:7:287:8 | ...=... | exprs.kt:279:1:294:1 | unaryExprs | AssignExpr | -| exprs.kt:287:7:287:8 | i0 | exprs.kt:279:1:294:1 | unaryExprs | VarAccess | -| exprs.kt:287:7:287:8 | i0 | exprs.kt:279:1:294:1 | unaryExprs | VarAccess | -| exprs.kt:287:7:287:8 | i0 | exprs.kt:279:1:294:1 | unaryExprs | VarAccess | -| exprs.kt:288:5:288:6 | i0 | exprs.kt:279:1:294:1 | unaryExprs | VarAccess | -| exprs.kt:288:5:288:6 | i0 | exprs.kt:279:1:294:1 | unaryExprs | VarAccess | -| exprs.kt:288:5:288:8 | ...=... | exprs.kt:279:1:294:1 | unaryExprs | AssignExpr | -| exprs.kt:288:5:288:8 | | exprs.kt:279:1:294:1 | unaryExprs | StmtExpr | -| exprs.kt:288:5:288:8 | | exprs.kt:279:1:294:1 | unaryExprs | ImplicitCoercionToUnitExpr | -| exprs.kt:288:5:288:8 | Unit | exprs.kt:279:1:294:1 | unaryExprs | TypeAccess | -| exprs.kt:288:5:288:8 | dec(...) | exprs.kt:279:1:294:1 | unaryExprs | MethodAccess | -| exprs.kt:288:5:288:8 | tmp1 | exprs.kt:279:1:294:1 | unaryExprs | LocalVariableDeclExpr | -| exprs.kt:288:5:288:8 | tmp1 | exprs.kt:279:1:294:1 | unaryExprs | VarAccess | -| exprs.kt:288:5:288:8 | tmp1 | exprs.kt:279:1:294:1 | unaryExprs | VarAccess | -| exprs.kt:289:5:289:8 | | exprs.kt:279:1:294:1 | unaryExprs | StmtExpr | -| exprs.kt:289:5:289:8 | | exprs.kt:279:1:294:1 | unaryExprs | ImplicitCoercionToUnitExpr | -| exprs.kt:289:5:289:8 | Unit | exprs.kt:279:1:294:1 | unaryExprs | TypeAccess | -| exprs.kt:289:5:289:8 | dec(...) | exprs.kt:279:1:294:1 | unaryExprs | MethodAccess | -| exprs.kt:289:7:289:8 | ...=... | exprs.kt:279:1:294:1 | unaryExprs | AssignExpr | -| exprs.kt:289:7:289:8 | i0 | exprs.kt:279:1:294:1 | unaryExprs | VarAccess | -| exprs.kt:289:7:289:8 | i0 | exprs.kt:279:1:294:1 | unaryExprs | VarAccess | -| exprs.kt:289:7:289:8 | i0 | exprs.kt:279:1:294:1 | unaryExprs | VarAccess | -| exprs.kt:290:5:290:6 | i0 | exprs.kt:279:1:294:1 | unaryExprs | VarAccess | -| exprs.kt:290:8:290:12 | | exprs.kt:279:1:294:1 | unaryExprs | ImplicitCoercionToUnitExpr | -| exprs.kt:290:8:290:12 | Unit | exprs.kt:279:1:294:1 | unaryExprs | TypeAccess | -| exprs.kt:290:8:290:12 | inc(...) | exprs.kt:279:1:294:1 | unaryExprs | MethodAccess | -| exprs.kt:291:5:291:6 | i0 | exprs.kt:279:1:294:1 | unaryExprs | VarAccess | -| exprs.kt:291:8:291:12 | | exprs.kt:279:1:294:1 | unaryExprs | ImplicitCoercionToUnitExpr | -| exprs.kt:291:8:291:12 | Unit | exprs.kt:279:1:294:1 | unaryExprs | TypeAccess | -| exprs.kt:291:8:291:12 | dec(...) | exprs.kt:279:1:294:1 | unaryExprs | MethodAccess | -| exprs.kt:292:5:292:6 | i1 | exprs.kt:279:1:294:1 | unaryExprs | VarAccess | -| exprs.kt:292:8:292:12 | | exprs.kt:279:1:294:1 | unaryExprs | ImplicitCoercionToUnitExpr | -| exprs.kt:292:8:292:12 | Unit | exprs.kt:279:1:294:1 | unaryExprs | TypeAccess | -| exprs.kt:292:8:292:12 | inc(...) | exprs.kt:279:1:294:1 | unaryExprs | MethodAccess | -| exprs.kt:293:5:293:6 | i1 | exprs.kt:279:1:294:1 | unaryExprs | VarAccess | -| exprs.kt:293:8:293:12 | | exprs.kt:279:1:294:1 | unaryExprs | ImplicitCoercionToUnitExpr | -| exprs.kt:293:8:293:12 | Unit | exprs.kt:279:1:294:1 | unaryExprs | TypeAccess | -| exprs.kt:293:8:293:12 | dec(...) | exprs.kt:279:1:294:1 | unaryExprs | MethodAccess | +| exprs.kt:279:35:279:41 | byte | file://:0:0:0:0 | | TypeAccess | +| exprs.kt:279:44:279:51 | short | file://:0:0:0:0 | | TypeAccess | +| exprs.kt:279:54:279:60 | long | file://:0:0:0:0 | | TypeAccess | +| exprs.kt:279:63:279:70 | float | file://:0:0:0:0 | | TypeAccess | +| exprs.kt:280:5:280:6 | -... | exprs.kt:279:1:340:1 | unaryExprs | MinusExpr | +| exprs.kt:280:5:280:6 | | exprs.kt:279:1:340:1 | unaryExprs | ImplicitCoercionToUnitExpr | +| exprs.kt:280:5:280:6 | Unit | exprs.kt:279:1:340:1 | unaryExprs | TypeAccess | +| exprs.kt:280:6:280:6 | i | exprs.kt:279:1:340:1 | unaryExprs | VarAccess | +| exprs.kt:281:5:281:6 | +... | exprs.kt:279:1:340:1 | unaryExprs | PlusExpr | +| exprs.kt:281:5:281:6 | | exprs.kt:279:1:340:1 | unaryExprs | ImplicitCoercionToUnitExpr | +| exprs.kt:281:5:281:6 | Unit | exprs.kt:279:1:340:1 | unaryExprs | TypeAccess | +| exprs.kt:281:6:281:6 | i | exprs.kt:279:1:340:1 | unaryExprs | VarAccess | +| exprs.kt:282:5:282:6 | -... | exprs.kt:279:1:340:1 | unaryExprs | MinusExpr | +| exprs.kt:282:5:282:6 | | exprs.kt:279:1:340:1 | unaryExprs | ImplicitCoercionToUnitExpr | +| exprs.kt:282:5:282:6 | Unit | exprs.kt:279:1:340:1 | unaryExprs | TypeAccess | +| exprs.kt:282:6:282:6 | d | exprs.kt:279:1:340:1 | unaryExprs | VarAccess | +| exprs.kt:283:5:283:6 | +... | exprs.kt:279:1:340:1 | unaryExprs | PlusExpr | +| exprs.kt:283:5:283:6 | | exprs.kt:279:1:340:1 | unaryExprs | ImplicitCoercionToUnitExpr | +| exprs.kt:283:5:283:6 | Unit | exprs.kt:279:1:340:1 | unaryExprs | TypeAccess | +| exprs.kt:283:6:283:6 | d | exprs.kt:279:1:340:1 | unaryExprs | VarAccess | +| exprs.kt:284:5:284:14 | i0 | exprs.kt:279:1:340:1 | unaryExprs | LocalVariableDeclExpr | +| exprs.kt:284:14:284:14 | 1 | exprs.kt:279:1:340:1 | unaryExprs | IntegerLiteral | +| exprs.kt:285:5:285:14 | i1 | exprs.kt:279:1:340:1 | unaryExprs | LocalVariableDeclExpr | +| exprs.kt:285:14:285:14 | 1 | exprs.kt:279:1:340:1 | unaryExprs | IntegerLiteral | +| exprs.kt:286:5:286:6 | i0 | exprs.kt:279:1:340:1 | unaryExprs | VarAccess | +| exprs.kt:286:5:286:6 | i0 | exprs.kt:279:1:340:1 | unaryExprs | VarAccess | +| exprs.kt:286:5:286:8 | ...=... | exprs.kt:279:1:340:1 | unaryExprs | AssignExpr | +| exprs.kt:286:5:286:8 | | exprs.kt:279:1:340:1 | unaryExprs | StmtExpr | +| exprs.kt:286:5:286:8 | | exprs.kt:279:1:340:1 | unaryExprs | ImplicitCoercionToUnitExpr | +| exprs.kt:286:5:286:8 | Unit | exprs.kt:279:1:340:1 | unaryExprs | TypeAccess | +| exprs.kt:286:5:286:8 | inc(...) | exprs.kt:279:1:340:1 | unaryExprs | MethodAccess | +| exprs.kt:286:5:286:8 | tmp0 | exprs.kt:279:1:340:1 | unaryExprs | LocalVariableDeclExpr | +| exprs.kt:286:5:286:8 | tmp0 | exprs.kt:279:1:340:1 | unaryExprs | VarAccess | +| exprs.kt:286:5:286:8 | tmp0 | exprs.kt:279:1:340:1 | unaryExprs | VarAccess | +| exprs.kt:287:5:287:8 | | exprs.kt:279:1:340:1 | unaryExprs | StmtExpr | +| exprs.kt:287:5:287:8 | | exprs.kt:279:1:340:1 | unaryExprs | ImplicitCoercionToUnitExpr | +| exprs.kt:287:5:287:8 | Unit | exprs.kt:279:1:340:1 | unaryExprs | TypeAccess | +| exprs.kt:287:5:287:8 | inc(...) | exprs.kt:279:1:340:1 | unaryExprs | MethodAccess | +| exprs.kt:287:7:287:8 | ...=... | exprs.kt:279:1:340:1 | unaryExprs | AssignExpr | +| exprs.kt:287:7:287:8 | i0 | exprs.kt:279:1:340:1 | unaryExprs | VarAccess | +| exprs.kt:287:7:287:8 | i0 | exprs.kt:279:1:340:1 | unaryExprs | VarAccess | +| exprs.kt:287:7:287:8 | i0 | exprs.kt:279:1:340:1 | unaryExprs | VarAccess | +| exprs.kt:288:5:288:6 | i0 | exprs.kt:279:1:340:1 | unaryExprs | VarAccess | +| exprs.kt:288:5:288:6 | i0 | exprs.kt:279:1:340:1 | unaryExprs | VarAccess | +| exprs.kt:288:5:288:8 | ...=... | exprs.kt:279:1:340:1 | unaryExprs | AssignExpr | +| exprs.kt:288:5:288:8 | | exprs.kt:279:1:340:1 | unaryExprs | StmtExpr | +| exprs.kt:288:5:288:8 | | exprs.kt:279:1:340:1 | unaryExprs | ImplicitCoercionToUnitExpr | +| exprs.kt:288:5:288:8 | Unit | exprs.kt:279:1:340:1 | unaryExprs | TypeAccess | +| exprs.kt:288:5:288:8 | dec(...) | exprs.kt:279:1:340:1 | unaryExprs | MethodAccess | +| exprs.kt:288:5:288:8 | tmp1 | exprs.kt:279:1:340:1 | unaryExprs | LocalVariableDeclExpr | +| exprs.kt:288:5:288:8 | tmp1 | exprs.kt:279:1:340:1 | unaryExprs | VarAccess | +| exprs.kt:288:5:288:8 | tmp1 | exprs.kt:279:1:340:1 | unaryExprs | VarAccess | +| exprs.kt:289:5:289:8 | | exprs.kt:279:1:340:1 | unaryExprs | StmtExpr | +| exprs.kt:289:5:289:8 | | exprs.kt:279:1:340:1 | unaryExprs | ImplicitCoercionToUnitExpr | +| exprs.kt:289:5:289:8 | Unit | exprs.kt:279:1:340:1 | unaryExprs | TypeAccess | +| exprs.kt:289:5:289:8 | dec(...) | exprs.kt:279:1:340:1 | unaryExprs | MethodAccess | +| exprs.kt:289:7:289:8 | ...=... | exprs.kt:279:1:340:1 | unaryExprs | AssignExpr | +| exprs.kt:289:7:289:8 | i0 | exprs.kt:279:1:340:1 | unaryExprs | VarAccess | +| exprs.kt:289:7:289:8 | i0 | exprs.kt:279:1:340:1 | unaryExprs | VarAccess | +| exprs.kt:289:7:289:8 | i0 | exprs.kt:279:1:340:1 | unaryExprs | VarAccess | +| exprs.kt:290:5:290:6 | i0 | exprs.kt:279:1:340:1 | unaryExprs | VarAccess | +| exprs.kt:290:8:290:12 | | exprs.kt:279:1:340:1 | unaryExprs | ImplicitCoercionToUnitExpr | +| exprs.kt:290:8:290:12 | Unit | exprs.kt:279:1:340:1 | unaryExprs | TypeAccess | +| exprs.kt:290:8:290:12 | inc(...) | exprs.kt:279:1:340:1 | unaryExprs | MethodAccess | +| exprs.kt:291:5:291:6 | i0 | exprs.kt:279:1:340:1 | unaryExprs | VarAccess | +| exprs.kt:291:8:291:12 | | exprs.kt:279:1:340:1 | unaryExprs | ImplicitCoercionToUnitExpr | +| exprs.kt:291:8:291:12 | Unit | exprs.kt:279:1:340:1 | unaryExprs | TypeAccess | +| exprs.kt:291:8:291:12 | dec(...) | exprs.kt:279:1:340:1 | unaryExprs | MethodAccess | +| exprs.kt:292:5:292:6 | i1 | exprs.kt:279:1:340:1 | unaryExprs | VarAccess | +| exprs.kt:292:8:292:12 | | exprs.kt:279:1:340:1 | unaryExprs | ImplicitCoercionToUnitExpr | +| exprs.kt:292:8:292:12 | Unit | exprs.kt:279:1:340:1 | unaryExprs | TypeAccess | +| exprs.kt:292:8:292:12 | inc(...) | exprs.kt:279:1:340:1 | unaryExprs | MethodAccess | +| exprs.kt:293:5:293:6 | i1 | exprs.kt:279:1:340:1 | unaryExprs | VarAccess | +| exprs.kt:293:8:293:12 | | exprs.kt:279:1:340:1 | unaryExprs | ImplicitCoercionToUnitExpr | +| exprs.kt:293:8:293:12 | Unit | exprs.kt:279:1:340:1 | unaryExprs | TypeAccess | +| exprs.kt:293:8:293:12 | dec(...) | exprs.kt:279:1:340:1 | unaryExprs | MethodAccess | +| exprs.kt:294:5:294:5 | i | exprs.kt:279:1:340:1 | unaryExprs | VarAccess | +| exprs.kt:294:7:294:11 | | exprs.kt:279:1:340:1 | unaryExprs | ImplicitCoercionToUnitExpr | +| exprs.kt:294:7:294:11 | Unit | exprs.kt:279:1:340:1 | unaryExprs | TypeAccess | +| exprs.kt:294:7:294:11 | ~... | exprs.kt:279:1:340:1 | unaryExprs | BitNotExpr | +| exprs.kt:296:5:296:6 | -... | exprs.kt:279:1:340:1 | unaryExprs | MinusExpr | +| exprs.kt:296:5:296:6 | | exprs.kt:279:1:340:1 | unaryExprs | ImplicitCoercionToUnitExpr | +| exprs.kt:296:5:296:6 | Unit | exprs.kt:279:1:340:1 | unaryExprs | TypeAccess | +| exprs.kt:296:6:296:6 | b | exprs.kt:279:1:340:1 | unaryExprs | VarAccess | +| exprs.kt:297:5:297:6 | +... | exprs.kt:279:1:340:1 | unaryExprs | PlusExpr | +| exprs.kt:297:5:297:6 | | exprs.kt:279:1:340:1 | unaryExprs | ImplicitCoercionToUnitExpr | +| exprs.kt:297:5:297:6 | Unit | exprs.kt:279:1:340:1 | unaryExprs | TypeAccess | +| exprs.kt:297:6:297:6 | b | exprs.kt:279:1:340:1 | unaryExprs | VarAccess | +| exprs.kt:298:5:298:20 | b0 | exprs.kt:279:1:340:1 | unaryExprs | LocalVariableDeclExpr | +| exprs.kt:298:20:298:20 | 1 | exprs.kt:279:1:340:1 | unaryExprs | IntegerLiteral | +| exprs.kt:299:5:299:20 | b1 | exprs.kt:279:1:340:1 | unaryExprs | LocalVariableDeclExpr | +| exprs.kt:299:20:299:20 | 1 | exprs.kt:279:1:340:1 | unaryExprs | IntegerLiteral | +| exprs.kt:300:5:300:6 | b0 | exprs.kt:279:1:340:1 | unaryExprs | VarAccess | +| exprs.kt:300:5:300:6 | b0 | exprs.kt:279:1:340:1 | unaryExprs | VarAccess | +| exprs.kt:300:5:300:8 | ...=... | exprs.kt:279:1:340:1 | unaryExprs | AssignExpr | +| exprs.kt:300:5:300:8 | | exprs.kt:279:1:340:1 | unaryExprs | StmtExpr | +| exprs.kt:300:5:300:8 | | exprs.kt:279:1:340:1 | unaryExprs | ImplicitCoercionToUnitExpr | +| exprs.kt:300:5:300:8 | Unit | exprs.kt:279:1:340:1 | unaryExprs | TypeAccess | +| exprs.kt:300:5:300:8 | inc(...) | exprs.kt:279:1:340:1 | unaryExprs | MethodAccess | +| exprs.kt:300:5:300:8 | tmp2 | exprs.kt:279:1:340:1 | unaryExprs | LocalVariableDeclExpr | +| exprs.kt:300:5:300:8 | tmp2 | exprs.kt:279:1:340:1 | unaryExprs | VarAccess | +| exprs.kt:300:5:300:8 | tmp2 | exprs.kt:279:1:340:1 | unaryExprs | VarAccess | +| exprs.kt:301:5:301:8 | | exprs.kt:279:1:340:1 | unaryExprs | StmtExpr | +| exprs.kt:301:5:301:8 | | exprs.kt:279:1:340:1 | unaryExprs | ImplicitCoercionToUnitExpr | +| exprs.kt:301:5:301:8 | Unit | exprs.kt:279:1:340:1 | unaryExprs | TypeAccess | +| exprs.kt:301:5:301:8 | inc(...) | exprs.kt:279:1:340:1 | unaryExprs | MethodAccess | +| exprs.kt:301:7:301:8 | ...=... | exprs.kt:279:1:340:1 | unaryExprs | AssignExpr | +| exprs.kt:301:7:301:8 | b0 | exprs.kt:279:1:340:1 | unaryExprs | VarAccess | +| exprs.kt:301:7:301:8 | b0 | exprs.kt:279:1:340:1 | unaryExprs | VarAccess | +| exprs.kt:301:7:301:8 | b0 | exprs.kt:279:1:340:1 | unaryExprs | VarAccess | +| exprs.kt:302:5:302:6 | b0 | exprs.kt:279:1:340:1 | unaryExprs | VarAccess | +| exprs.kt:302:5:302:6 | b0 | exprs.kt:279:1:340:1 | unaryExprs | VarAccess | +| exprs.kt:302:5:302:8 | ...=... | exprs.kt:279:1:340:1 | unaryExprs | AssignExpr | +| exprs.kt:302:5:302:8 | | exprs.kt:279:1:340:1 | unaryExprs | StmtExpr | +| exprs.kt:302:5:302:8 | | exprs.kt:279:1:340:1 | unaryExprs | ImplicitCoercionToUnitExpr | +| exprs.kt:302:5:302:8 | Unit | exprs.kt:279:1:340:1 | unaryExprs | TypeAccess | +| exprs.kt:302:5:302:8 | dec(...) | exprs.kt:279:1:340:1 | unaryExprs | MethodAccess | +| exprs.kt:302:5:302:8 | tmp3 | exprs.kt:279:1:340:1 | unaryExprs | LocalVariableDeclExpr | +| exprs.kt:302:5:302:8 | tmp3 | exprs.kt:279:1:340:1 | unaryExprs | VarAccess | +| exprs.kt:302:5:302:8 | tmp3 | exprs.kt:279:1:340:1 | unaryExprs | VarAccess | +| exprs.kt:303:5:303:8 | | exprs.kt:279:1:340:1 | unaryExprs | StmtExpr | +| exprs.kt:303:5:303:8 | | exprs.kt:279:1:340:1 | unaryExprs | ImplicitCoercionToUnitExpr | +| exprs.kt:303:5:303:8 | Unit | exprs.kt:279:1:340:1 | unaryExprs | TypeAccess | +| exprs.kt:303:5:303:8 | dec(...) | exprs.kt:279:1:340:1 | unaryExprs | MethodAccess | +| exprs.kt:303:7:303:8 | ...=... | exprs.kt:279:1:340:1 | unaryExprs | AssignExpr | +| exprs.kt:303:7:303:8 | b0 | exprs.kt:279:1:340:1 | unaryExprs | VarAccess | +| exprs.kt:303:7:303:8 | b0 | exprs.kt:279:1:340:1 | unaryExprs | VarAccess | +| exprs.kt:303:7:303:8 | b0 | exprs.kt:279:1:340:1 | unaryExprs | VarAccess | +| exprs.kt:304:5:304:6 | b0 | exprs.kt:279:1:340:1 | unaryExprs | VarAccess | +| exprs.kt:304:8:304:12 | | exprs.kt:279:1:340:1 | unaryExprs | ImplicitCoercionToUnitExpr | +| exprs.kt:304:8:304:12 | Unit | exprs.kt:279:1:340:1 | unaryExprs | TypeAccess | +| exprs.kt:304:8:304:12 | inc(...) | exprs.kt:279:1:340:1 | unaryExprs | MethodAccess | +| exprs.kt:305:5:305:6 | b0 | exprs.kt:279:1:340:1 | unaryExprs | VarAccess | +| exprs.kt:305:8:305:12 | | exprs.kt:279:1:340:1 | unaryExprs | ImplicitCoercionToUnitExpr | +| exprs.kt:305:8:305:12 | Unit | exprs.kt:279:1:340:1 | unaryExprs | TypeAccess | +| exprs.kt:305:8:305:12 | dec(...) | exprs.kt:279:1:340:1 | unaryExprs | MethodAccess | +| exprs.kt:306:5:306:6 | b1 | exprs.kt:279:1:340:1 | unaryExprs | VarAccess | +| exprs.kt:306:8:306:12 | | exprs.kt:279:1:340:1 | unaryExprs | ImplicitCoercionToUnitExpr | +| exprs.kt:306:8:306:12 | Unit | exprs.kt:279:1:340:1 | unaryExprs | TypeAccess | +| exprs.kt:306:8:306:12 | inc(...) | exprs.kt:279:1:340:1 | unaryExprs | MethodAccess | +| exprs.kt:307:5:307:6 | b1 | exprs.kt:279:1:340:1 | unaryExprs | VarAccess | +| exprs.kt:307:8:307:12 | | exprs.kt:279:1:340:1 | unaryExprs | ImplicitCoercionToUnitExpr | +| exprs.kt:307:8:307:12 | Unit | exprs.kt:279:1:340:1 | unaryExprs | TypeAccess | +| exprs.kt:307:8:307:12 | dec(...) | exprs.kt:279:1:340:1 | unaryExprs | MethodAccess | +| exprs.kt:308:5:308:5 | b | exprs.kt:279:1:340:1 | unaryExprs | VarAccess | +| exprs.kt:308:7:308:11 | | exprs.kt:279:1:340:1 | unaryExprs | ImplicitCoercionToUnitExpr | +| exprs.kt:308:7:308:11 | Unit | exprs.kt:279:1:340:1 | unaryExprs | TypeAccess | +| exprs.kt:308:7:308:11 | ~... | exprs.kt:279:1:340:1 | unaryExprs | BitNotExpr | +| exprs.kt:310:5:310:6 | -... | exprs.kt:279:1:340:1 | unaryExprs | MinusExpr | +| exprs.kt:310:5:310:6 | | exprs.kt:279:1:340:1 | unaryExprs | ImplicitCoercionToUnitExpr | +| exprs.kt:310:5:310:6 | Unit | exprs.kt:279:1:340:1 | unaryExprs | TypeAccess | +| exprs.kt:310:6:310:6 | s | exprs.kt:279:1:340:1 | unaryExprs | VarAccess | +| exprs.kt:311:5:311:6 | +... | exprs.kt:279:1:340:1 | unaryExprs | PlusExpr | +| exprs.kt:311:5:311:6 | | exprs.kt:279:1:340:1 | unaryExprs | ImplicitCoercionToUnitExpr | +| exprs.kt:311:5:311:6 | Unit | exprs.kt:279:1:340:1 | unaryExprs | TypeAccess | +| exprs.kt:311:6:311:6 | s | exprs.kt:279:1:340:1 | unaryExprs | VarAccess | +| exprs.kt:312:5:312:21 | s0 | exprs.kt:279:1:340:1 | unaryExprs | LocalVariableDeclExpr | +| exprs.kt:312:21:312:21 | 1 | exprs.kt:279:1:340:1 | unaryExprs | IntegerLiteral | +| exprs.kt:313:5:313:21 | s1 | exprs.kt:279:1:340:1 | unaryExprs | LocalVariableDeclExpr | +| exprs.kt:313:21:313:21 | 1 | exprs.kt:279:1:340:1 | unaryExprs | IntegerLiteral | +| exprs.kt:314:5:314:6 | s0 | exprs.kt:279:1:340:1 | unaryExprs | VarAccess | +| exprs.kt:314:5:314:6 | s0 | exprs.kt:279:1:340:1 | unaryExprs | VarAccess | +| exprs.kt:314:5:314:8 | ...=... | exprs.kt:279:1:340:1 | unaryExprs | AssignExpr | +| exprs.kt:314:5:314:8 | | exprs.kt:279:1:340:1 | unaryExprs | StmtExpr | +| exprs.kt:314:5:314:8 | | exprs.kt:279:1:340:1 | unaryExprs | ImplicitCoercionToUnitExpr | +| exprs.kt:314:5:314:8 | Unit | exprs.kt:279:1:340:1 | unaryExprs | TypeAccess | +| exprs.kt:314:5:314:8 | inc(...) | exprs.kt:279:1:340:1 | unaryExprs | MethodAccess | +| exprs.kt:314:5:314:8 | tmp4 | exprs.kt:279:1:340:1 | unaryExprs | LocalVariableDeclExpr | +| exprs.kt:314:5:314:8 | tmp4 | exprs.kt:279:1:340:1 | unaryExprs | VarAccess | +| exprs.kt:314:5:314:8 | tmp4 | exprs.kt:279:1:340:1 | unaryExprs | VarAccess | +| exprs.kt:315:5:315:8 | | exprs.kt:279:1:340:1 | unaryExprs | StmtExpr | +| exprs.kt:315:5:315:8 | | exprs.kt:279:1:340:1 | unaryExprs | ImplicitCoercionToUnitExpr | +| exprs.kt:315:5:315:8 | Unit | exprs.kt:279:1:340:1 | unaryExprs | TypeAccess | +| exprs.kt:315:5:315:8 | inc(...) | exprs.kt:279:1:340:1 | unaryExprs | MethodAccess | +| exprs.kt:315:7:315:8 | ...=... | exprs.kt:279:1:340:1 | unaryExprs | AssignExpr | +| exprs.kt:315:7:315:8 | s0 | exprs.kt:279:1:340:1 | unaryExprs | VarAccess | +| exprs.kt:315:7:315:8 | s0 | exprs.kt:279:1:340:1 | unaryExprs | VarAccess | +| exprs.kt:315:7:315:8 | s0 | exprs.kt:279:1:340:1 | unaryExprs | VarAccess | +| exprs.kt:316:5:316:6 | s0 | exprs.kt:279:1:340:1 | unaryExprs | VarAccess | +| exprs.kt:316:5:316:6 | s0 | exprs.kt:279:1:340:1 | unaryExprs | VarAccess | +| exprs.kt:316:5:316:8 | ...=... | exprs.kt:279:1:340:1 | unaryExprs | AssignExpr | +| exprs.kt:316:5:316:8 | | exprs.kt:279:1:340:1 | unaryExprs | StmtExpr | +| exprs.kt:316:5:316:8 | | exprs.kt:279:1:340:1 | unaryExprs | ImplicitCoercionToUnitExpr | +| exprs.kt:316:5:316:8 | Unit | exprs.kt:279:1:340:1 | unaryExprs | TypeAccess | +| exprs.kt:316:5:316:8 | dec(...) | exprs.kt:279:1:340:1 | unaryExprs | MethodAccess | +| exprs.kt:316:5:316:8 | tmp5 | exprs.kt:279:1:340:1 | unaryExprs | LocalVariableDeclExpr | +| exprs.kt:316:5:316:8 | tmp5 | exprs.kt:279:1:340:1 | unaryExprs | VarAccess | +| exprs.kt:316:5:316:8 | tmp5 | exprs.kt:279:1:340:1 | unaryExprs | VarAccess | +| exprs.kt:317:5:317:8 | | exprs.kt:279:1:340:1 | unaryExprs | StmtExpr | +| exprs.kt:317:5:317:8 | | exprs.kt:279:1:340:1 | unaryExprs | ImplicitCoercionToUnitExpr | +| exprs.kt:317:5:317:8 | Unit | exprs.kt:279:1:340:1 | unaryExprs | TypeAccess | +| exprs.kt:317:5:317:8 | dec(...) | exprs.kt:279:1:340:1 | unaryExprs | MethodAccess | +| exprs.kt:317:7:317:8 | ...=... | exprs.kt:279:1:340:1 | unaryExprs | AssignExpr | +| exprs.kt:317:7:317:8 | s0 | exprs.kt:279:1:340:1 | unaryExprs | VarAccess | +| exprs.kt:317:7:317:8 | s0 | exprs.kt:279:1:340:1 | unaryExprs | VarAccess | +| exprs.kt:317:7:317:8 | s0 | exprs.kt:279:1:340:1 | unaryExprs | VarAccess | +| exprs.kt:318:5:318:6 | s0 | exprs.kt:279:1:340:1 | unaryExprs | VarAccess | +| exprs.kt:318:8:318:12 | | exprs.kt:279:1:340:1 | unaryExprs | ImplicitCoercionToUnitExpr | +| exprs.kt:318:8:318:12 | Unit | exprs.kt:279:1:340:1 | unaryExprs | TypeAccess | +| exprs.kt:318:8:318:12 | inc(...) | exprs.kt:279:1:340:1 | unaryExprs | MethodAccess | +| exprs.kt:319:5:319:6 | s0 | exprs.kt:279:1:340:1 | unaryExprs | VarAccess | +| exprs.kt:319:8:319:12 | | exprs.kt:279:1:340:1 | unaryExprs | ImplicitCoercionToUnitExpr | +| exprs.kt:319:8:319:12 | Unit | exprs.kt:279:1:340:1 | unaryExprs | TypeAccess | +| exprs.kt:319:8:319:12 | dec(...) | exprs.kt:279:1:340:1 | unaryExprs | MethodAccess | +| exprs.kt:320:5:320:6 | s1 | exprs.kt:279:1:340:1 | unaryExprs | VarAccess | +| exprs.kt:320:8:320:12 | | exprs.kt:279:1:340:1 | unaryExprs | ImplicitCoercionToUnitExpr | +| exprs.kt:320:8:320:12 | Unit | exprs.kt:279:1:340:1 | unaryExprs | TypeAccess | +| exprs.kt:320:8:320:12 | inc(...) | exprs.kt:279:1:340:1 | unaryExprs | MethodAccess | +| exprs.kt:321:5:321:6 | s1 | exprs.kt:279:1:340:1 | unaryExprs | VarAccess | +| exprs.kt:321:8:321:12 | | exprs.kt:279:1:340:1 | unaryExprs | ImplicitCoercionToUnitExpr | +| exprs.kt:321:8:321:12 | Unit | exprs.kt:279:1:340:1 | unaryExprs | TypeAccess | +| exprs.kt:321:8:321:12 | dec(...) | exprs.kt:279:1:340:1 | unaryExprs | MethodAccess | +| exprs.kt:322:5:322:5 | s | exprs.kt:279:1:340:1 | unaryExprs | VarAccess | +| exprs.kt:322:7:322:11 | | exprs.kt:279:1:340:1 | unaryExprs | ImplicitCoercionToUnitExpr | +| exprs.kt:322:7:322:11 | Unit | exprs.kt:279:1:340:1 | unaryExprs | TypeAccess | +| exprs.kt:322:7:322:11 | ~... | exprs.kt:279:1:340:1 | unaryExprs | BitNotExpr | +| exprs.kt:324:5:324:6 | -... | exprs.kt:279:1:340:1 | unaryExprs | MinusExpr | +| exprs.kt:324:5:324:6 | | exprs.kt:279:1:340:1 | unaryExprs | ImplicitCoercionToUnitExpr | +| exprs.kt:324:5:324:6 | Unit | exprs.kt:279:1:340:1 | unaryExprs | TypeAccess | +| exprs.kt:324:6:324:6 | l | exprs.kt:279:1:340:1 | unaryExprs | VarAccess | +| exprs.kt:325:5:325:6 | +... | exprs.kt:279:1:340:1 | unaryExprs | PlusExpr | +| exprs.kt:325:5:325:6 | | exprs.kt:279:1:340:1 | unaryExprs | ImplicitCoercionToUnitExpr | +| exprs.kt:325:5:325:6 | Unit | exprs.kt:279:1:340:1 | unaryExprs | TypeAccess | +| exprs.kt:325:6:325:6 | l | exprs.kt:279:1:340:1 | unaryExprs | VarAccess | +| exprs.kt:326:5:326:20 | l0 | exprs.kt:279:1:340:1 | unaryExprs | LocalVariableDeclExpr | +| exprs.kt:326:20:326:20 | 1 | exprs.kt:279:1:340:1 | unaryExprs | LongLiteral | +| exprs.kt:327:5:327:20 | l1 | exprs.kt:279:1:340:1 | unaryExprs | LocalVariableDeclExpr | +| exprs.kt:327:20:327:20 | 1 | exprs.kt:279:1:340:1 | unaryExprs | LongLiteral | +| exprs.kt:328:5:328:6 | l0 | exprs.kt:279:1:340:1 | unaryExprs | VarAccess | +| exprs.kt:328:5:328:6 | l0 | exprs.kt:279:1:340:1 | unaryExprs | VarAccess | +| exprs.kt:328:5:328:8 | ...=... | exprs.kt:279:1:340:1 | unaryExprs | AssignExpr | +| exprs.kt:328:5:328:8 | | exprs.kt:279:1:340:1 | unaryExprs | StmtExpr | +| exprs.kt:328:5:328:8 | | exprs.kt:279:1:340:1 | unaryExprs | ImplicitCoercionToUnitExpr | +| exprs.kt:328:5:328:8 | Unit | exprs.kt:279:1:340:1 | unaryExprs | TypeAccess | +| exprs.kt:328:5:328:8 | inc(...) | exprs.kt:279:1:340:1 | unaryExprs | MethodAccess | +| exprs.kt:328:5:328:8 | tmp6 | exprs.kt:279:1:340:1 | unaryExprs | LocalVariableDeclExpr | +| exprs.kt:328:5:328:8 | tmp6 | exprs.kt:279:1:340:1 | unaryExprs | VarAccess | +| exprs.kt:328:5:328:8 | tmp6 | exprs.kt:279:1:340:1 | unaryExprs | VarAccess | +| exprs.kt:329:5:329:8 | | exprs.kt:279:1:340:1 | unaryExprs | StmtExpr | +| exprs.kt:329:5:329:8 | | exprs.kt:279:1:340:1 | unaryExprs | ImplicitCoercionToUnitExpr | +| exprs.kt:329:5:329:8 | Unit | exprs.kt:279:1:340:1 | unaryExprs | TypeAccess | +| exprs.kt:329:5:329:8 | inc(...) | exprs.kt:279:1:340:1 | unaryExprs | MethodAccess | +| exprs.kt:329:7:329:8 | ...=... | exprs.kt:279:1:340:1 | unaryExprs | AssignExpr | +| exprs.kt:329:7:329:8 | l0 | exprs.kt:279:1:340:1 | unaryExprs | VarAccess | +| exprs.kt:329:7:329:8 | l0 | exprs.kt:279:1:340:1 | unaryExprs | VarAccess | +| exprs.kt:329:7:329:8 | l0 | exprs.kt:279:1:340:1 | unaryExprs | VarAccess | +| exprs.kt:330:5:330:6 | l0 | exprs.kt:279:1:340:1 | unaryExprs | VarAccess | +| exprs.kt:330:5:330:6 | l0 | exprs.kt:279:1:340:1 | unaryExprs | VarAccess | +| exprs.kt:330:5:330:8 | ...=... | exprs.kt:279:1:340:1 | unaryExprs | AssignExpr | +| exprs.kt:330:5:330:8 | | exprs.kt:279:1:340:1 | unaryExprs | StmtExpr | +| exprs.kt:330:5:330:8 | | exprs.kt:279:1:340:1 | unaryExprs | ImplicitCoercionToUnitExpr | +| exprs.kt:330:5:330:8 | Unit | exprs.kt:279:1:340:1 | unaryExprs | TypeAccess | +| exprs.kt:330:5:330:8 | dec(...) | exprs.kt:279:1:340:1 | unaryExprs | MethodAccess | +| exprs.kt:330:5:330:8 | tmp7 | exprs.kt:279:1:340:1 | unaryExprs | LocalVariableDeclExpr | +| exprs.kt:330:5:330:8 | tmp7 | exprs.kt:279:1:340:1 | unaryExprs | VarAccess | +| exprs.kt:330:5:330:8 | tmp7 | exprs.kt:279:1:340:1 | unaryExprs | VarAccess | +| exprs.kt:331:5:331:8 | | exprs.kt:279:1:340:1 | unaryExprs | StmtExpr | +| exprs.kt:331:5:331:8 | | exprs.kt:279:1:340:1 | unaryExprs | ImplicitCoercionToUnitExpr | +| exprs.kt:331:5:331:8 | Unit | exprs.kt:279:1:340:1 | unaryExprs | TypeAccess | +| exprs.kt:331:5:331:8 | dec(...) | exprs.kt:279:1:340:1 | unaryExprs | MethodAccess | +| exprs.kt:331:7:331:8 | ...=... | exprs.kt:279:1:340:1 | unaryExprs | AssignExpr | +| exprs.kt:331:7:331:8 | l0 | exprs.kt:279:1:340:1 | unaryExprs | VarAccess | +| exprs.kt:331:7:331:8 | l0 | exprs.kt:279:1:340:1 | unaryExprs | VarAccess | +| exprs.kt:331:7:331:8 | l0 | exprs.kt:279:1:340:1 | unaryExprs | VarAccess | +| exprs.kt:332:5:332:6 | l0 | exprs.kt:279:1:340:1 | unaryExprs | VarAccess | +| exprs.kt:332:8:332:12 | | exprs.kt:279:1:340:1 | unaryExprs | ImplicitCoercionToUnitExpr | +| exprs.kt:332:8:332:12 | Unit | exprs.kt:279:1:340:1 | unaryExprs | TypeAccess | +| exprs.kt:332:8:332:12 | inc(...) | exprs.kt:279:1:340:1 | unaryExprs | MethodAccess | +| exprs.kt:333:5:333:6 | l0 | exprs.kt:279:1:340:1 | unaryExprs | VarAccess | +| exprs.kt:333:8:333:12 | | exprs.kt:279:1:340:1 | unaryExprs | ImplicitCoercionToUnitExpr | +| exprs.kt:333:8:333:12 | Unit | exprs.kt:279:1:340:1 | unaryExprs | TypeAccess | +| exprs.kt:333:8:333:12 | dec(...) | exprs.kt:279:1:340:1 | unaryExprs | MethodAccess | +| exprs.kt:334:5:334:6 | l1 | exprs.kt:279:1:340:1 | unaryExprs | VarAccess | +| exprs.kt:334:8:334:12 | | exprs.kt:279:1:340:1 | unaryExprs | ImplicitCoercionToUnitExpr | +| exprs.kt:334:8:334:12 | Unit | exprs.kt:279:1:340:1 | unaryExprs | TypeAccess | +| exprs.kt:334:8:334:12 | inc(...) | exprs.kt:279:1:340:1 | unaryExprs | MethodAccess | +| exprs.kt:335:5:335:6 | l1 | exprs.kt:279:1:340:1 | unaryExprs | VarAccess | +| exprs.kt:335:8:335:12 | | exprs.kt:279:1:340:1 | unaryExprs | ImplicitCoercionToUnitExpr | +| exprs.kt:335:8:335:12 | Unit | exprs.kt:279:1:340:1 | unaryExprs | TypeAccess | +| exprs.kt:335:8:335:12 | dec(...) | exprs.kt:279:1:340:1 | unaryExprs | MethodAccess | +| exprs.kt:336:5:336:5 | l | exprs.kt:279:1:340:1 | unaryExprs | VarAccess | +| exprs.kt:336:7:336:11 | | exprs.kt:279:1:340:1 | unaryExprs | ImplicitCoercionToUnitExpr | +| exprs.kt:336:7:336:11 | Unit | exprs.kt:279:1:340:1 | unaryExprs | TypeAccess | +| exprs.kt:336:7:336:11 | ~... | exprs.kt:279:1:340:1 | unaryExprs | BitNotExpr | +| exprs.kt:338:5:338:6 | +... | exprs.kt:279:1:340:1 | unaryExprs | PlusExpr | +| exprs.kt:338:5:338:6 | | exprs.kt:279:1:340:1 | unaryExprs | ImplicitCoercionToUnitExpr | +| exprs.kt:338:5:338:6 | Unit | exprs.kt:279:1:340:1 | unaryExprs | TypeAccess | +| exprs.kt:338:6:338:6 | f | exprs.kt:279:1:340:1 | unaryExprs | VarAccess | +| exprs.kt:339:5:339:6 | -... | exprs.kt:279:1:340:1 | unaryExprs | MinusExpr | +| exprs.kt:339:5:339:6 | | exprs.kt:279:1:340:1 | unaryExprs | ImplicitCoercionToUnitExpr | +| exprs.kt:339:5:339:6 | Unit | exprs.kt:279:1:340:1 | unaryExprs | TypeAccess | +| exprs.kt:339:6:339:6 | f | exprs.kt:279:1:340:1 | unaryExprs | VarAccess | | funcExprs.kt:1:1:1:46 | Unit | file://:0:0:0:0 | | TypeAccess | | funcExprs.kt:1:26:1:37 | Function0 | file://:0:0:0:0 | | TypeAccess | | funcExprs.kt:1:26:1:37 | Integer | file://:0:0:0:0 | | TypeAccess | @@ -2487,6 +2707,7 @@ | funcExprs.kt:38:5:38:39 | functionExpression0a(...) | funcExprs.kt:21:1:52:1 | call | MethodAccess | | funcExprs.kt:38:26:38:34 | FuncRef | funcExprs.kt:21:1:52:1 | call | TypeAccess | | funcExprs.kt:38:26:38:34 | new FuncRef(...) | funcExprs.kt:21:1:52:1 | call | ClassInstanceExpr | +| funcExprs.kt:38:26:38:38 | 0 | funcExprs.kt:38:26:38:38 | | IntegerLiteral | | funcExprs.kt:38:26:38:38 | ...::... | funcExprs.kt:21:1:52:1 | call | MemberRefExpr | | funcExprs.kt:38:26:38:38 | ...=... | funcExprs.kt:38:26:38:38 | | AssignExpr | | funcExprs.kt:38:26:38:38 | | funcExprs.kt:38:26:38:38 | | VarAccess | @@ -2501,6 +2722,7 @@ | funcExprs.kt:39:5:39:37 | FuncExprsKt | funcExprs.kt:21:1:52:1 | call | TypeAccess | | funcExprs.kt:39:5:39:37 | functionExpression0a(...) | funcExprs.kt:21:1:52:1 | call | MethodAccess | | funcExprs.kt:39:26:39:32 | Companion | funcExprs.kt:21:1:52:1 | call | VarAccess | +| funcExprs.kt:39:26:39:36 | 0 | funcExprs.kt:39:26:39:36 | | IntegerLiteral | | funcExprs.kt:39:26:39:36 | ...::... | funcExprs.kt:21:1:52:1 | call | MemberRefExpr | | funcExprs.kt:39:26:39:36 | ...=... | funcExprs.kt:39:26:39:36 | | AssignExpr | | funcExprs.kt:39:26:39:36 | | funcExprs.kt:39:26:39:36 | | VarAccess | @@ -2517,6 +2739,7 @@ | funcExprs.kt:40:26:40:26 | 5 | funcExprs.kt:21:1:52:1 | call | IntegerLiteral | | funcExprs.kt:40:29:40:37 | FuncRef | funcExprs.kt:21:1:52:1 | call | TypeAccess | | funcExprs.kt:40:29:40:37 | new FuncRef(...) | funcExprs.kt:21:1:52:1 | call | ClassInstanceExpr | +| funcExprs.kt:40:29:40:41 | 1 | funcExprs.kt:40:29:40:41 | | IntegerLiteral | | funcExprs.kt:40:29:40:41 | ...::... | funcExprs.kt:21:1:52:1 | call | MemberRefExpr | | funcExprs.kt:40:29:40:41 | ...=... | funcExprs.kt:40:29:40:41 | | AssignExpr | | funcExprs.kt:40:29:40:41 | | funcExprs.kt:40:29:40:41 | | VarAccess | @@ -2533,6 +2756,7 @@ | funcExprs.kt:41:5:41:40 | FuncExprsKt | funcExprs.kt:21:1:52:1 | call | TypeAccess | | funcExprs.kt:41:5:41:40 | functionExpression1c(...) | funcExprs.kt:21:1:52:1 | call | MethodAccess | | funcExprs.kt:41:26:41:26 | 5 | funcExprs.kt:21:1:52:1 | call | IntegerLiteral | +| funcExprs.kt:41:29:41:39 | 2 | funcExprs.kt:41:29:41:39 | | IntegerLiteral | | funcExprs.kt:41:29:41:39 | ...::... | funcExprs.kt:21:1:52:1 | call | MemberRefExpr | | funcExprs.kt:41:29:41:39 | FuncRef | funcExprs.kt:21:1:52:1 | call | TypeAccess | | funcExprs.kt:41:29:41:39 | Function2 | funcExprs.kt:21:1:52:1 | call | TypeAccess | @@ -2545,6 +2769,7 @@ | funcExprs.kt:42:5:42:34 | functionExpression1a(...) | funcExprs.kt:21:1:52:1 | call | MethodAccess | | funcExprs.kt:42:26:42:26 | 5 | funcExprs.kt:21:1:52:1 | call | IntegerLiteral | | funcExprs.kt:42:29:42:29 | 3 | funcExprs.kt:21:1:52:1 | call | IntegerLiteral | +| funcExprs.kt:42:29:42:33 | 1 | funcExprs.kt:42:29:42:33 | | IntegerLiteral | | funcExprs.kt:42:29:42:33 | ...::... | funcExprs.kt:21:1:52:1 | call | MemberRefExpr | | funcExprs.kt:42:29:42:33 | ...=... | funcExprs.kt:42:29:42:33 | | AssignExpr | | funcExprs.kt:42:29:42:33 | | funcExprs.kt:42:29:42:33 | | VarAccess | @@ -2562,6 +2787,7 @@ | funcExprs.kt:43:5:43:35 | FuncExprsKt | funcExprs.kt:21:1:52:1 | call | TypeAccess | | funcExprs.kt:43:5:43:35 | functionExpression3(...) | funcExprs.kt:21:1:52:1 | call | MethodAccess | | funcExprs.kt:43:25:43:25 | 5 | funcExprs.kt:21:1:52:1 | call | IntegerLiteral | +| funcExprs.kt:43:28:43:34 | 2 | funcExprs.kt:43:28:43:34 | | IntegerLiteral | | funcExprs.kt:43:28:43:34 | ...::... | funcExprs.kt:21:1:52:1 | call | MemberRefExpr | | funcExprs.kt:43:28:43:34 | FuncExprsKt | funcExprs.kt:43:28:43:34 | invoke | TypeAccess | | funcExprs.kt:43:28:43:34 | Function2 | funcExprs.kt:21:1:52:1 | call | TypeAccess | @@ -2576,6 +2802,7 @@ | funcExprs.kt:44:26:44:26 | 5 | funcExprs.kt:21:1:52:1 | call | IntegerLiteral | | funcExprs.kt:44:29:44:37 | FuncRef | funcExprs.kt:21:1:52:1 | call | TypeAccess | | funcExprs.kt:44:29:44:37 | new FuncRef(...) | funcExprs.kt:21:1:52:1 | call | ClassInstanceExpr | +| funcExprs.kt:44:29:44:42 | 22 | funcExprs.kt:44:29:44:42 | | IntegerLiteral | | funcExprs.kt:44:29:44:42 | ...::... | funcExprs.kt:21:1:52:1 | call | MemberRefExpr | | funcExprs.kt:44:29:44:42 | ...=... | funcExprs.kt:44:29:44:42 | | AssignExpr | | funcExprs.kt:44:29:44:42 | | funcExprs.kt:44:29:44:42 | | VarAccess | @@ -2659,6 +2886,7 @@ | funcExprs.kt:45:29:45:42 | 20 | funcExprs.kt:45:29:45:42 | invoke | IntegerLiteral | | funcExprs.kt:45:29:45:42 | 21 | funcExprs.kt:45:29:45:42 | invoke | IntegerLiteral | | funcExprs.kt:45:29:45:42 | 22 | funcExprs.kt:45:29:45:42 | invoke | IntegerLiteral | +| funcExprs.kt:45:29:45:42 | 23 | funcExprs.kt:45:29:45:42 | | IntegerLiteral | | funcExprs.kt:45:29:45:42 | (...)... | funcExprs.kt:45:29:45:42 | invoke | CastExpr | | funcExprs.kt:45:29:45:42 | (...)... | funcExprs.kt:45:29:45:42 | invoke | CastExpr | | funcExprs.kt:45:29:45:42 | (...)... | funcExprs.kt:45:29:45:42 | invoke | CastExpr | @@ -2789,6 +3017,7 @@ | funcExprs.kt:46:30:46:41 | 21 | funcExprs.kt:46:30:46:41 | invoke | IntegerLiteral | | funcExprs.kt:46:30:46:41 | 22 | funcExprs.kt:46:30:46:41 | invoke | IntegerLiteral | | funcExprs.kt:46:30:46:41 | 23 | funcExprs.kt:46:30:46:41 | invoke | IntegerLiteral | +| funcExprs.kt:46:30:46:41 | 24 | funcExprs.kt:46:30:46:41 | | IntegerLiteral | | funcExprs.kt:46:30:46:41 | (...)... | funcExprs.kt:46:30:46:41 | invoke | CastExpr | | funcExprs.kt:46:30:46:41 | (...)... | funcExprs.kt:46:30:46:41 | invoke | CastExpr | | funcExprs.kt:46:30:46:41 | (...)... | funcExprs.kt:46:30:46:41 | invoke | CastExpr | @@ -2893,6 +3122,7 @@ | funcExprs.kt:48:24:48:24 | 5 | funcExprs.kt:48:5:48:24 | local | IntegerLiteral | | funcExprs.kt:49:5:49:33 | FuncExprsKt | funcExprs.kt:21:1:52:1 | call | TypeAccess | | funcExprs.kt:49:5:49:33 | functionExpression0a(...) | funcExprs.kt:21:1:52:1 | call | MethodAccess | +| funcExprs.kt:49:26:49:32 | 0 | funcExprs.kt:49:26:49:32 | | IntegerLiteral | | funcExprs.kt:49:26:49:32 | ...::... | funcExprs.kt:21:1:52:1 | call | MemberRefExpr | | funcExprs.kt:49:26:49:32 | Function0 | funcExprs.kt:21:1:52:1 | call | TypeAccess | | funcExprs.kt:49:26:49:32 | Integer | funcExprs.kt:21:1:52:1 | call | TypeAccess | @@ -2902,6 +3132,7 @@ | funcExprs.kt:51:5:51:17 | FuncExprsKt | funcExprs.kt:21:1:52:1 | call | TypeAccess | | funcExprs.kt:51:5:51:17 | FuncRef | funcExprs.kt:21:1:52:1 | call | TypeAccess | | funcExprs.kt:51:5:51:17 | fn(...) | funcExprs.kt:21:1:52:1 | call | MethodAccess | +| funcExprs.kt:51:8:51:16 | 0 | funcExprs.kt:51:8:51:16 | | IntegerLiteral | | funcExprs.kt:51:8:51:16 | ...::... | funcExprs.kt:21:1:52:1 | call | MemberRefExpr | | funcExprs.kt:51:8:51:16 | FuncRef | funcExprs.kt:21:1:52:1 | call | TypeAccess | | funcExprs.kt:51:8:51:16 | FuncRef | funcExprs.kt:51:8:51:16 | invoke | TypeAccess | @@ -3283,6 +3514,7 @@ | kFunctionInvoke.kt:7:18:7:26 | String | file://:0:0:0:0 | | TypeAccess | | kFunctionInvoke.kt:8:5:8:47 | toCall | kFunctionInvoke.kt:7:1:10:1 | useRef | LocalVariableDeclExpr | | kFunctionInvoke.kt:8:44:8:44 | a | kFunctionInvoke.kt:7:1:10:1 | useRef | VarAccess | +| kFunctionInvoke.kt:8:44:8:47 | 1 | kFunctionInvoke.kt:8:44:8:47 | | IntegerLiteral | | kFunctionInvoke.kt:8:44:8:47 | ...::... | kFunctionInvoke.kt:7:1:10:1 | useRef | MemberRefExpr | | kFunctionInvoke.kt:8:44:8:47 | ...=... | kFunctionInvoke.kt:8:44:8:47 | | AssignExpr | | kFunctionInvoke.kt:8:44:8:47 | | kFunctionInvoke.kt:8:44:8:47 | | VarAccess | @@ -3424,6 +3656,7 @@ | samConversion.kt:5:14:5:32 | new (...) | samConversion.kt:1:1:14:1 | main | ClassInstanceExpr | | samConversion.kt:5:14:5:32 | this | samConversion.kt:5:14:5:32 | | ThisAccess | | samConversion.kt:5:14:5:32 | this. | samConversion.kt:5:14:5:32 | | VarAccess | +| samConversion.kt:5:27:5:31 | 2 | samConversion.kt:5:27:5:31 | | IntegerLiteral | | samConversion.kt:5:27:5:31 | ...::... | samConversion.kt:1:1:14:1 | main | MemberRefExpr | | samConversion.kt:5:27:5:31 | Function2 | samConversion.kt:1:1:14:1 | main | TypeAccess | | samConversion.kt:5:27:5:31 | Integer | samConversion.kt:1:1:14:1 | main | TypeAccess | @@ -3592,6 +3825,7 @@ | samConversion.kt:41:13:41:16 | 20 | samConversion.kt:41:13:41:16 | invoke | IntegerLiteral | | samConversion.kt:41:13:41:16 | 21 | samConversion.kt:41:13:41:16 | invoke | IntegerLiteral | | samConversion.kt:41:13:41:16 | 22 | samConversion.kt:41:13:41:16 | invoke | IntegerLiteral | +| samConversion.kt:41:13:41:16 | 23 | samConversion.kt:41:13:41:16 | | IntegerLiteral | | samConversion.kt:41:13:41:16 | (...)... | samConversion.kt:41:13:41:16 | invoke | CastExpr | | samConversion.kt:41:13:41:16 | (...)... | samConversion.kt:41:13:41:16 | invoke | CastExpr | | samConversion.kt:41:13:41:16 | (...)... | samConversion.kt:41:13:41:16 | invoke | CastExpr | @@ -4028,6 +4262,72 @@ | samConversion.kt:59:8:59:15 | fn1(...) | samConversion.kt:57:9:60:1 | test | MethodAccess | | samConversion.kt:59:12:59:12 | 1 | samConversion.kt:57:9:60:1 | test | IntegerLiteral | | samConversion.kt:59:14:59:14 | 2 | samConversion.kt:57:9:60:1 | test | IntegerLiteral | +| samConversion.kt:63:5:63:13 | ...=... | samConversion.kt:62:1:64:1 | PropertyRefsTest | KtInitializerAssignExpr | +| samConversion.kt:63:5:63:13 | int | file://:0:0:0:0 | | TypeAccess | +| samConversion.kt:63:5:63:13 | int | file://:0:0:0:0 | | TypeAccess | +| samConversion.kt:63:5:63:13 | this | samConversion.kt:63:5:63:13 | getX | ThisAccess | +| samConversion.kt:63:5:63:13 | this.x | samConversion.kt:63:5:63:13 | getX | VarAccess | +| samConversion.kt:63:5:63:13 | x | samConversion.kt:62:1:64:1 | PropertyRefsTest | VarAccess | +| samConversion.kt:63:13:63:13 | 1 | samConversion.kt:62:1:64:1 | PropertyRefsTest | IntegerLiteral | +| samConversion.kt:67:5:67:37 | int | file://:0:0:0:0 | | TypeAccess | +| samConversion.kt:67:11:67:31 | PropertyRefsTest | file://:0:0:0:0 | | TypeAccess | +| samConversion.kt:71:5:71:16 | int | file://:0:0:0:0 | | TypeAccess | +| samConversion.kt:74:1:77:1 | Unit | file://:0:0:0:0 | | TypeAccess | +| samConversion.kt:74:22:74:42 | PropertyRefsTest | file://:0:0:0:0 | | TypeAccess | +| samConversion.kt:75:5:75:33 | test1 | samConversion.kt:74:1:77:1 | propertyRefsTest | LocalVariableDeclExpr | +| samConversion.kt:75:17:75:33 | (...)... | samConversion.kt:74:1:77:1 | propertyRefsTest | CastExpr | +| samConversion.kt:75:17:75:33 | ...=... | samConversion.kt:75:17:75:33 | | AssignExpr | +| samConversion.kt:75:17:75:33 | | samConversion.kt:75:17:75:33 | | VarAccess | +| samConversion.kt:75:17:75:33 | | samConversion.kt:75:17:75:33 | f | VarAccess | +| samConversion.kt:75:17:75:33 | Function0 | file://:0:0:0:0 | | TypeAccess | +| samConversion.kt:75:17:75:33 | IntGetter | samConversion.kt:74:1:77:1 | propertyRefsTest | TypeAccess | +| samConversion.kt:75:17:75:33 | IntGetter | samConversion.kt:74:1:77:1 | propertyRefsTest | TypeAccess | +| samConversion.kt:75:17:75:33 | Integer | file://:0:0:0:0 | | TypeAccess | +| samConversion.kt:75:17:75:33 | int | file://:0:0:0:0 | | TypeAccess | +| samConversion.kt:75:17:75:33 | invoke(...) | samConversion.kt:75:17:75:33 | f | MethodAccess | +| samConversion.kt:75:17:75:33 | new (...) | samConversion.kt:74:1:77:1 | propertyRefsTest | ClassInstanceExpr | +| samConversion.kt:75:17:75:33 | this | samConversion.kt:75:17:75:33 | | ThisAccess | +| samConversion.kt:75:17:75:33 | this. | samConversion.kt:75:17:75:33 | | VarAccess | +| samConversion.kt:75:27:75:29 | prt | samConversion.kt:74:1:77:1 | propertyRefsTest | VarAccess | +| samConversion.kt:75:27:75:32 | ...::... | samConversion.kt:74:1:77:1 | propertyRefsTest | PropertyRefExpr | +| samConversion.kt:75:27:75:32 | ...=... | samConversion.kt:75:27:75:32 | | AssignExpr | +| samConversion.kt:75:27:75:32 | | samConversion.kt:75:27:75:32 | | VarAccess | +| samConversion.kt:75:27:75:32 | Integer | samConversion.kt:74:1:77:1 | propertyRefsTest | TypeAccess | +| samConversion.kt:75:27:75:32 | KProperty0 | samConversion.kt:74:1:77:1 | propertyRefsTest | TypeAccess | +| samConversion.kt:75:27:75:32 | PropertyRefsTest | file://:0:0:0:0 | | TypeAccess | +| samConversion.kt:75:27:75:32 | get(...) | samConversion.kt:75:27:75:32 | invoke | MethodAccess | +| samConversion.kt:75:27:75:32 | getX(...) | samConversion.kt:75:27:75:32 | get | MethodAccess | +| samConversion.kt:75:27:75:32 | this | samConversion.kt:75:27:75:32 | | ThisAccess | +| samConversion.kt:75:27:75:32 | this | samConversion.kt:75:27:75:32 | get | ThisAccess | +| samConversion.kt:75:27:75:32 | this | samConversion.kt:75:27:75:32 | invoke | ThisAccess | +| samConversion.kt:75:27:75:32 | this. | samConversion.kt:75:27:75:32 | | VarAccess | +| samConversion.kt:75:27:75:32 | this. | samConversion.kt:75:27:75:32 | get | VarAccess | +| samConversion.kt:76:5:76:55 | test2 | samConversion.kt:74:1:77:1 | propertyRefsTest | LocalVariableDeclExpr | +| samConversion.kt:76:17:76:55 | (...)... | samConversion.kt:74:1:77:1 | propertyRefsTest | CastExpr | +| samConversion.kt:76:17:76:55 | ...=... | samConversion.kt:76:17:76:55 | | AssignExpr | +| samConversion.kt:76:17:76:55 | | samConversion.kt:76:17:76:55 | | VarAccess | +| samConversion.kt:76:17:76:55 | | samConversion.kt:76:17:76:55 | f | VarAccess | +| samConversion.kt:76:17:76:55 | Function1 | file://:0:0:0:0 | | TypeAccess | +| samConversion.kt:76:17:76:55 | Integer | file://:0:0:0:0 | | TypeAccess | +| samConversion.kt:76:17:76:55 | PropertyRefsGetter | samConversion.kt:74:1:77:1 | propertyRefsTest | TypeAccess | +| samConversion.kt:76:17:76:55 | PropertyRefsGetter | samConversion.kt:74:1:77:1 | propertyRefsTest | TypeAccess | +| samConversion.kt:76:17:76:55 | PropertyRefsTest | file://:0:0:0:0 | | TypeAccess | +| samConversion.kt:76:17:76:55 | PropertyRefsTest | file://:0:0:0:0 | | TypeAccess | +| samConversion.kt:76:17:76:55 | int | file://:0:0:0:0 | | TypeAccess | +| samConversion.kt:76:17:76:55 | invoke(...) | samConversion.kt:76:17:76:55 | f | MethodAccess | +| samConversion.kt:76:17:76:55 | new (...) | samConversion.kt:74:1:77:1 | propertyRefsTest | ClassInstanceExpr | +| samConversion.kt:76:17:76:55 | prt | samConversion.kt:76:17:76:55 | f | VarAccess | +| samConversion.kt:76:17:76:55 | this | samConversion.kt:76:17:76:55 | | ThisAccess | +| samConversion.kt:76:17:76:55 | this. | samConversion.kt:76:17:76:55 | | VarAccess | +| samConversion.kt:76:36:76:54 | ...::... | samConversion.kt:74:1:77:1 | propertyRefsTest | PropertyRefExpr | +| samConversion.kt:76:36:76:54 | Integer | samConversion.kt:74:1:77:1 | propertyRefsTest | TypeAccess | +| samConversion.kt:76:36:76:54 | KProperty1 | samConversion.kt:74:1:77:1 | propertyRefsTest | TypeAccess | +| samConversion.kt:76:36:76:54 | PropertyRefsTest | samConversion.kt:74:1:77:1 | propertyRefsTest | TypeAccess | +| samConversion.kt:76:36:76:54 | a0 | samConversion.kt:76:36:76:54 | get | VarAccess | +| samConversion.kt:76:36:76:54 | a0 | samConversion.kt:76:36:76:54 | invoke | VarAccess | +| samConversion.kt:76:36:76:54 | get(...) | samConversion.kt:76:36:76:54 | invoke | MethodAccess | +| samConversion.kt:76:36:76:54 | getX(...) | samConversion.kt:76:36:76:54 | get | MethodAccess | +| samConversion.kt:76:36:76:54 | this | samConversion.kt:76:36:76:54 | invoke | ThisAccess | | whenExpr.kt:1:1:9:1 | int | file://:0:0:0:0 | | TypeAccess | | whenExpr.kt:1:14:1:19 | int | file://:0:0:0:0 | | TypeAccess | | whenExpr.kt:2:10:8:3 | | whenExpr.kt:1:1:9:1 | testWhen | StmtExpr | diff --git a/java/ql/test/kotlin/library-tests/exprs/exprs.kt b/java/ql/test/kotlin/library-tests/exprs/exprs.kt index 97d0131321f..94d4954a3e0 100644 --- a/java/ql/test/kotlin/library-tests/exprs/exprs.kt +++ b/java/ql/test/kotlin/library-tests/exprs/exprs.kt @@ -1,6 +1,6 @@ import java.awt.Polygon import java.awt.Rectangle - +import kotlin.experimental.inv fun topLevelMethod(x: Int, y: Int, byx: Byte, byy: Byte, sx: Short, sy: Short, @@ -276,7 +276,7 @@ fun callToEnumValues() { getEnumValues() } -fun unaryExprs(i: Int, d: Double) { +fun unaryExprs(i: Int, d: Double, b: Byte, s: Short, l: Long, f: Float) { -i +i -d @@ -291,4 +291,50 @@ fun unaryExprs(i: Int, d: Double) { i0.dec() i1.inc() i1.dec() + i.inv() + + -b + +b + var b0: Byte = 1 + val b1: Byte = 1 + b0++ + ++b0 + b0-- + --b0 + b0.inc() + b0.dec() + b1.inc() + b1.dec() + b.inv() + + -s + +s + var s0: Short = 1 + val s1: Short = 1 + s0++ + ++s0 + s0-- + --s0 + s0.inc() + s0.dec() + s1.inc() + s1.dec() + s.inv() + + -l + +l + var l0: Long = 1 + val l1: Long = 1 + l0++ + ++l0 + l0-- + --l0 + l0.inc() + l0.dec() + l1.inc() + l1.dec() + l.inv() + + +f + -f } diff --git a/java/ql/test/kotlin/library-tests/exprs/funcExprs.expected b/java/ql/test/kotlin/library-tests/exprs/funcExprs.expected index 7e636762d16..250829dd507 100644 --- a/java/ql/test/kotlin/library-tests/exprs/funcExprs.expected +++ b/java/ql/test/kotlin/library-tests/exprs/funcExprs.expected @@ -241,6 +241,12 @@ anon_class_member_modifiers | samConversion.kt:46:32:46:44 | new Function1(...) { ... } | samConversion.kt:46:32:46:44 | invoke | override, public | | samConversion.kt:58:14:58:45 | new InterfaceFn1Sus(...) { ... } | samConversion.kt:58:14:58:45 | fn1 | override, public, suspend | | samConversion.kt:58:30:58:45 | new Function2(...) { ... } | samConversion.kt:58:30:58:45 | invoke | override, public, suspend | +| samConversion.kt:75:17:75:33 | new IntGetter(...) { ... } | samConversion.kt:75:17:75:33 | f | override, public | +| samConversion.kt:75:27:75:32 | new KProperty0(...) { ... } | samConversion.kt:75:27:75:32 | get | override, public | +| samConversion.kt:75:27:75:32 | new KProperty0(...) { ... } | samConversion.kt:75:27:75:32 | invoke | override, public | +| samConversion.kt:76:17:76:55 | new PropertyRefsGetter(...) { ... } | samConversion.kt:76:17:76:55 | f | override, public | +| samConversion.kt:76:36:76:54 | new KProperty1(...) { ... } | samConversion.kt:76:36:76:54 | get | override, public | +| samConversion.kt:76:36:76:54 | new KProperty1(...) { ... } | samConversion.kt:76:36:76:54 | invoke | override, public | nonOverrideInvoke | funcExprs.kt:36:29:36:117 | ...->... | funcExprs.kt:36:29:36:117 | invoke | 23 | | funcExprs.kt:90:15:90:69 | ...->... | funcExprs.kt:90:15:90:69 | invoke | 23 | diff --git a/java/ql/test/kotlin/library-tests/exprs/samConversion.kt b/java/ql/test/kotlin/library-tests/exprs/samConversion.kt index 2856f839778..1952ab342c9 100644 --- a/java/ql/test/kotlin/library-tests/exprs/samConversion.kt +++ b/java/ql/test/kotlin/library-tests/exprs/samConversion.kt @@ -58,3 +58,20 @@ suspend fun test() { val i0 = InterfaceFn1Sus { a, b -> Unit } i0.fn1(1,2) } + +class PropertyRefsTest { + val x = 1 +} + +fun interface PropertyRefsGetter { + fun f(prt: PropertyRefsTest): Int +} + +fun interface IntGetter { + fun f(): Int +} + +fun propertyRefsTest(prt: PropertyRefsTest) { + val test1 = IntGetter(prt::x) + val test2 = PropertyRefsGetter(PropertyRefsTest::x) +} diff --git a/java/ql/test/kotlin/library-tests/exprs/unaryOp.expected b/java/ql/test/kotlin/library-tests/exprs/unaryOp.expected index 8000df1d009..452828db6ae 100644 --- a/java/ql/test/kotlin/library-tests/exprs/unaryOp.expected +++ b/java/ql/test/kotlin/library-tests/exprs/unaryOp.expected @@ -9,3 +9,15 @@ | exprs.kt:281:5:281:6 | +... | exprs.kt:281:6:281:6 | i | | exprs.kt:282:5:282:6 | -... | exprs.kt:282:6:282:6 | d | | exprs.kt:283:5:283:6 | +... | exprs.kt:283:6:283:6 | d | +| exprs.kt:294:7:294:11 | ~... | exprs.kt:294:5:294:5 | i | +| exprs.kt:296:5:296:6 | -... | exprs.kt:296:6:296:6 | b | +| exprs.kt:297:5:297:6 | +... | exprs.kt:297:6:297:6 | b | +| exprs.kt:308:7:308:11 | ~... | exprs.kt:308:5:308:5 | b | +| exprs.kt:310:5:310:6 | -... | exprs.kt:310:6:310:6 | s | +| exprs.kt:311:5:311:6 | +... | exprs.kt:311:6:311:6 | s | +| exprs.kt:322:7:322:11 | ~... | exprs.kt:322:5:322:5 | s | +| exprs.kt:324:5:324:6 | -... | exprs.kt:324:6:324:6 | l | +| exprs.kt:325:5:325:6 | +... | exprs.kt:325:6:325:6 | l | +| exprs.kt:336:7:336:11 | ~... | exprs.kt:336:5:336:5 | l | +| exprs.kt:338:5:338:6 | +... | exprs.kt:338:6:338:6 | f | +| exprs.kt:339:5:339:6 | -... | exprs.kt:339:6:339:6 | f | diff --git a/java/ql/test/kotlin/library-tests/generic-instance-methods/test.expected b/java/ql/test/kotlin/library-tests/generic-instance-methods/test.expected index b80b1311a64..7273e61ba4d 100644 --- a/java/ql/test/kotlin/library-tests/generic-instance-methods/test.expected +++ b/java/ql/test/kotlin/library-tests/generic-instance-methods/test.expected @@ -5,33 +5,34 @@ calls | Test.java:23:5:23:25 | getter(...) | Test.java:16:22:16:25 | user | Test.java:14:14:14:17 | Test | Generic2.class:0:0:0:0 | getter | Generic2.class:0:0:0:0 | Generic2 | | Test.java:26:5:26:35 | setter(...) | Test.java:16:22:16:25 | user | Test.java:14:14:14:17 | Test | Generic2.class:0:0:0:0 | setter | Generic2.class:0:0:0:0 | Generic2 | | Test.java:27:5:27:24 | getter(...) | Test.java:16:22:16:25 | user | Test.java:14:14:14:17 | Test | Generic2.class:0:0:0:0 | getter | Generic2.class:0:0:0:0 | Generic2 | -| test.kt:5:32:5:46 | identity(...) | test.kt:5:3:5:46 | identity2 | test.kt:1:1:10:1 | Generic | test.kt:6:3:6:35 | identity | test.kt:1:1:10:1 | Generic | -| test.kt:7:21:7:26 | getStored(...) | test.kt:7:3:7:26 | getter | test.kt:1:1:10:1 | Generic | test.kt:3:3:3:19 | getStored | test.kt:1:1:10:1 | Generic | -| test.kt:8:26:8:31 | setStored(...) | test.kt:8:3:8:41 | setter | test.kt:1:1:10:1 | Generic | test.kt:3:3:3:19 | setStored | test.kt:1:1:10:1 | Generic | -| test.kt:15:13:15:35 | identity(...) | test.kt:12:1:25:1 | user | test.kt:0:0:0:0 | TestKt | file:///!unknown-binary-location/Generic.class:0:0:0:0 | identity | file:///!unknown-binary-location/Generic.class:0:0:0:0 | Generic | -| test.kt:16:13:16:36 | identity2(...) | test.kt:12:1:25:1 | user | test.kt:0:0:0:0 | TestKt | file:///!unknown-binary-location/Generic.class:0:0:0:0 | identity2 | file:///!unknown-binary-location/Generic.class:0:0:0:0 | Generic | -| test.kt:19:16:19:23 | getter(...) | test.kt:12:1:25:1 | user | test.kt:0:0:0:0 | TestKt | file:///!unknown-binary-location/Generic.class:0:0:0:0 | getter | file:///!unknown-binary-location/Generic.class:0:0:0:0 | Generic | -| test.kt:22:15:22:33 | setter(...) | test.kt:12:1:25:1 | user | test.kt:0:0:0:0 | TestKt | file:///!unknown-binary-location/Generic.class:0:0:0:0 | setter | file:///!unknown-binary-location/Generic.class:0:0:0:0 | Generic | -| test.kt:23:15:23:22 | getter(...) | test.kt:12:1:25:1 | user | test.kt:0:0:0:0 | TestKt | file:///!unknown-binary-location/Generic.class:0:0:0:0 | getter | file:///!unknown-binary-location/Generic.class:0:0:0:0 | Generic | +| test.kt:5:32:5:46 | identity(...) | test.kt:5:3:5:46 | identity2 | test.kt:1:1:13:1 | Generic | test.kt:6:3:6:35 | identity | test.kt:1:1:13:1 | Generic | +| test.kt:7:21:7:26 | getStored(...) | test.kt:7:3:7:26 | getter | test.kt:1:1:13:1 | Generic | test.kt:3:3:3:19 | getStored | test.kt:1:1:13:1 | Generic | +| test.kt:8:26:8:31 | setStored(...) | test.kt:8:3:8:41 | setter | test.kt:1:1:13:1 | Generic | test.kt:3:3:3:19 | setStored | test.kt:1:1:13:1 | Generic | +| test.kt:11:47:11:70 | privateid(...) | test.kt:11:3:11:70 | callPrivateId | test.kt:1:1:13:1 | Generic | file:///!unknown-binary-location/Generic.class:0:0:0:0 | privateid | file:///!unknown-binary-location/Generic.class:0:0:0:0 | Generic | +| test.kt:18:13:18:35 | identity(...) | test.kt:15:1:28:1 | user | test.kt:0:0:0:0 | TestKt | file:///!unknown-binary-location/Generic.class:0:0:0:0 | identity | file:///!unknown-binary-location/Generic.class:0:0:0:0 | Generic | +| test.kt:19:13:19:36 | identity2(...) | test.kt:15:1:28:1 | user | test.kt:0:0:0:0 | TestKt | file:///!unknown-binary-location/Generic.class:0:0:0:0 | identity2 | file:///!unknown-binary-location/Generic.class:0:0:0:0 | Generic | +| test.kt:22:16:22:23 | getter(...) | test.kt:15:1:28:1 | user | test.kt:0:0:0:0 | TestKt | file:///!unknown-binary-location/Generic.class:0:0:0:0 | getter | file:///!unknown-binary-location/Generic.class:0:0:0:0 | Generic | +| test.kt:25:15:25:33 | setter(...) | test.kt:15:1:28:1 | user | test.kt:0:0:0:0 | TestKt | file:///!unknown-binary-location/Generic.class:0:0:0:0 | setter | file:///!unknown-binary-location/Generic.class:0:0:0:0 | Generic | +| test.kt:26:15:26:22 | getter(...) | test.kt:15:1:28:1 | user | test.kt:0:0:0:0 | TestKt | file:///!unknown-binary-location/Generic.class:0:0:0:0 | getter | file:///!unknown-binary-location/Generic.class:0:0:0:0 | Generic | constructors | Generic2.class:0:0:0:0 | Generic2 | Generic2.class:0:0:0:0 | Generic2 | Generic2() | | void | Test.java:1:7:1:14 | Generic2 | Test.java:3:10:3:17 | Generic2 | | Generic2.class:0:0:0:0 | Generic2 | Generic2.class:0:0:0:0 | Generic2 | Generic2(java.lang.String) | String | void | Test.java:1:7:1:14 | Generic2 | Test.java:3:10:3:17 | Generic2 | | Generic2.class:0:0:0:0 | Generic2 | Generic2.class:0:0:0:0 | Generic2 | Generic2(java.lang.String) | String | void | Test.java:1:7:1:14 | Generic2 | Test.java:3:10:3:17 | Generic2 | | Test.java:1:7:1:14 | Generic2 | Test.java:3:10:3:17 | Generic2 | Generic2(java.lang.Object) | T | void | Test.java:1:7:1:14 | Generic2 | Test.java:3:10:3:17 | Generic2 | | Test.java:14:14:14:17 | Test | Test.java:14:14:14:17 | Test | Test() | No parameters | void | Test.java:14:14:14:17 | Test | Test.java:14:14:14:17 | Test | -| file:///!unknown-binary-location/Generic.class:0:0:0:0 | Generic | file:///!unknown-binary-location/Generic.class:0:0:0:0 | Generic | Generic(java.lang.Void) | Void | void | test.kt:1:1:10:1 | Generic | test.kt:1:1:10:1 | Generic | -| file:///!unknown-binary-location/Generic.class:0:0:0:0 | Generic | file:///!unknown-binary-location/Generic.class:0:0:0:0 | Generic | Generic(java.lang.String) | String | void | test.kt:1:1:10:1 | Generic | test.kt:1:1:10:1 | Generic | -| file:///!unknown-binary-location/Generic.class:0:0:0:0 | Generic | file:///!unknown-binary-location/Generic.class:0:0:0:0 | Generic | Generic(java.lang.String) | String | void | test.kt:1:1:10:1 | Generic | test.kt:1:1:10:1 | Generic | -| test.kt:1:1:10:1 | Generic | test.kt:1:1:10:1 | Generic | Generic(java.lang.Object) | T | void | test.kt:1:1:10:1 | Generic | test.kt:1:1:10:1 | Generic | +| file:///!unknown-binary-location/Generic.class:0:0:0:0 | Generic | file:///!unknown-binary-location/Generic.class:0:0:0:0 | Generic | Generic(java.lang.Void) | Void | void | test.kt:1:1:13:1 | Generic | test.kt:1:1:13:1 | Generic | +| file:///!unknown-binary-location/Generic.class:0:0:0:0 | Generic | file:///!unknown-binary-location/Generic.class:0:0:0:0 | Generic | Generic(java.lang.String) | String | void | test.kt:1:1:13:1 | Generic | test.kt:1:1:13:1 | Generic | +| file:///!unknown-binary-location/Generic.class:0:0:0:0 | Generic | file:///!unknown-binary-location/Generic.class:0:0:0:0 | Generic | Generic(java.lang.String) | String | void | test.kt:1:1:13:1 | Generic | test.kt:1:1:13:1 | Generic | +| test.kt:1:1:13:1 | Generic | test.kt:1:1:13:1 | Generic | Generic(java.lang.Object) | T | void | test.kt:1:1:13:1 | Generic | test.kt:1:1:13:1 | Generic | constructorCalls | Test.java:18:34:18:68 | new Generic2(...) | Generic2.class:0:0:0:0 | Generic2 | -| test.kt:14:19:14:48 | new Generic(...) | file:///!unknown-binary-location/Generic.class:0:0:0:0 | Generic | +| test.kt:17:19:17:48 | new Generic(...) | file:///!unknown-binary-location/Generic.class:0:0:0:0 | Generic | refTypes | Test.java:1:7:1:14 | Generic2 | | Test.java:1:16:1:16 | T | | Test.java:14:14:14:17 | Test | | test.kt:0:0:0:0 | TestKt | -| test.kt:1:1:10:1 | Generic | +| test.kt:1:1:13:1 | Generic | | test.kt:1:15:1:15 | T | #select | Generic2.class:0:0:0:0 | Generic2 | Generic2.class:0:0:0:0 | getter | getter() | No parameters | String | Test.java:1:7:1:14 | Generic2 | Test.java:9:5:9:10 | getter | @@ -51,28 +52,34 @@ refTypes | Test.java:1:7:1:14 | Generic2 | Test.java:9:5:9:10 | getter | getter() | No parameters | T | Test.java:1:7:1:14 | Generic2 | Test.java:9:5:9:10 | getter | | Test.java:1:7:1:14 | Generic2 | Test.java:10:8:10:13 | setter | setter(java.lang.Object) | T | void | Test.java:1:7:1:14 | Generic2 | Test.java:10:8:10:13 | setter | | Test.java:14:14:14:17 | Test | Test.java:16:22:16:25 | user | user() | No parameters | void | Test.java:14:14:14:17 | Test | Test.java:16:22:16:25 | user | -| file:///!unknown-binary-location/Generic.class:0:0:0:0 | Generic | file:///!unknown-binary-location/Generic.class:0:0:0:0 | getStored | getStored() | No parameters | String | test.kt:1:1:10:1 | Generic | test.kt:3:3:3:19 | getStored | -| file:///!unknown-binary-location/Generic.class:0:0:0:0 | Generic | file:///!unknown-binary-location/Generic.class:0:0:0:0 | getter | getter() | No parameters | String | test.kt:1:1:10:1 | Generic | test.kt:7:3:7:26 | getter | -| file:///!unknown-binary-location/Generic.class:0:0:0:0 | Generic | file:///!unknown-binary-location/Generic.class:0:0:0:0 | identity | identity(java.lang.Void) | Void | String | test.kt:1:1:10:1 | Generic | test.kt:6:3:6:35 | identity | -| file:///!unknown-binary-location/Generic.class:0:0:0:0 | Generic | file:///!unknown-binary-location/Generic.class:0:0:0:0 | identity2 | identity2(java.lang.Void) | Void | String | test.kt:1:1:10:1 | Generic | test.kt:5:3:5:46 | identity2 | -| file:///!unknown-binary-location/Generic.class:0:0:0:0 | Generic | file:///!unknown-binary-location/Generic.class:0:0:0:0 | setStored | setStored(java.lang.Void) | Void | void | test.kt:1:1:10:1 | Generic | test.kt:3:3:3:19 | setStored | -| file:///!unknown-binary-location/Generic.class:0:0:0:0 | Generic | file:///!unknown-binary-location/Generic.class:0:0:0:0 | setter | setter(java.lang.Void) | Void | void | test.kt:1:1:10:1 | Generic | test.kt:8:3:8:41 | setter | -| file:///!unknown-binary-location/Generic.class:0:0:0:0 | Generic | file:///!unknown-binary-location/Generic.class:0:0:0:0 | getStored | getStored() | No parameters | Object | test.kt:1:1:10:1 | Generic | test.kt:3:3:3:19 | getStored | -| file:///!unknown-binary-location/Generic.class:0:0:0:0 | Generic | file:///!unknown-binary-location/Generic.class:0:0:0:0 | getter | getter() | No parameters | Object | test.kt:1:1:10:1 | Generic | test.kt:7:3:7:26 | getter | -| file:///!unknown-binary-location/Generic.class:0:0:0:0 | Generic | file:///!unknown-binary-location/Generic.class:0:0:0:0 | identity | identity(java.lang.String) | String | Object | test.kt:1:1:10:1 | Generic | test.kt:6:3:6:35 | identity | -| file:///!unknown-binary-location/Generic.class:0:0:0:0 | Generic | file:///!unknown-binary-location/Generic.class:0:0:0:0 | identity2 | identity2(java.lang.String) | String | Object | test.kt:1:1:10:1 | Generic | test.kt:5:3:5:46 | identity2 | -| file:///!unknown-binary-location/Generic.class:0:0:0:0 | Generic | file:///!unknown-binary-location/Generic.class:0:0:0:0 | setStored | setStored(java.lang.String) | String | void | test.kt:1:1:10:1 | Generic | test.kt:3:3:3:19 | setStored | -| file:///!unknown-binary-location/Generic.class:0:0:0:0 | Generic | file:///!unknown-binary-location/Generic.class:0:0:0:0 | setter | setter(java.lang.String) | String | void | test.kt:1:1:10:1 | Generic | test.kt:8:3:8:41 | setter | -| file:///!unknown-binary-location/Generic.class:0:0:0:0 | Generic | file:///!unknown-binary-location/Generic.class:0:0:0:0 | getStored | getStored() | No parameters | String | test.kt:1:1:10:1 | Generic | test.kt:3:3:3:19 | getStored | -| file:///!unknown-binary-location/Generic.class:0:0:0:0 | Generic | file:///!unknown-binary-location/Generic.class:0:0:0:0 | getter | getter() | No parameters | String | test.kt:1:1:10:1 | Generic | test.kt:7:3:7:26 | getter | -| file:///!unknown-binary-location/Generic.class:0:0:0:0 | Generic | file:///!unknown-binary-location/Generic.class:0:0:0:0 | identity | identity(java.lang.String) | String | String | test.kt:1:1:10:1 | Generic | test.kt:6:3:6:35 | identity | -| file:///!unknown-binary-location/Generic.class:0:0:0:0 | Generic | file:///!unknown-binary-location/Generic.class:0:0:0:0 | identity2 | identity2(java.lang.String) | String | String | test.kt:1:1:10:1 | Generic | test.kt:5:3:5:46 | identity2 | -| file:///!unknown-binary-location/Generic.class:0:0:0:0 | Generic | file:///!unknown-binary-location/Generic.class:0:0:0:0 | setStored | setStored(java.lang.String) | String | void | test.kt:1:1:10:1 | Generic | test.kt:3:3:3:19 | setStored | -| file:///!unknown-binary-location/Generic.class:0:0:0:0 | Generic | file:///!unknown-binary-location/Generic.class:0:0:0:0 | setter | setter(java.lang.String) | String | void | test.kt:1:1:10:1 | Generic | test.kt:8:3:8:41 | setter | -| test.kt:0:0:0:0 | TestKt | test.kt:12:1:25:1 | user | user() | No parameters | void | test.kt:0:0:0:0 | TestKt | test.kt:12:1:25:1 | user | -| test.kt:1:1:10:1 | Generic | test.kt:3:3:3:19 | getStored | getStored() | No parameters | T | test.kt:1:1:10:1 | Generic | test.kt:3:3:3:19 | getStored | -| test.kt:1:1:10:1 | Generic | test.kt:3:3:3:19 | setStored | setStored(java.lang.Object) | T | void | test.kt:1:1:10:1 | Generic | test.kt:3:3:3:19 | setStored | -| test.kt:1:1:10:1 | Generic | test.kt:5:3:5:46 | identity2 | identity2(java.lang.Object) | T | T | test.kt:1:1:10:1 | Generic | test.kt:5:3:5:46 | identity2 | -| test.kt:1:1:10:1 | Generic | test.kt:6:3:6:35 | identity | identity(java.lang.Object) | T | T | test.kt:1:1:10:1 | Generic | test.kt:6:3:6:35 | identity | -| test.kt:1:1:10:1 | Generic | test.kt:7:3:7:26 | getter | getter() | No parameters | T | test.kt:1:1:10:1 | Generic | test.kt:7:3:7:26 | getter | -| test.kt:1:1:10:1 | Generic | test.kt:8:3:8:41 | setter | setter(java.lang.Object) | T | void | test.kt:1:1:10:1 | Generic | test.kt:8:3:8:41 | setter | +| file:///!unknown-binary-location/Generic.class:0:0:0:0 | Generic | file:///!unknown-binary-location/Generic.class:0:0:0:0 | callPrivateId | callPrivateId(Generic) | Generic | String | test.kt:1:1:13:1 | Generic | test.kt:11:3:11:70 | callPrivateId | +| file:///!unknown-binary-location/Generic.class:0:0:0:0 | Generic | file:///!unknown-binary-location/Generic.class:0:0:0:0 | getStored | getStored() | No parameters | String | test.kt:1:1:13:1 | Generic | test.kt:3:3:3:19 | getStored | +| file:///!unknown-binary-location/Generic.class:0:0:0:0 | Generic | file:///!unknown-binary-location/Generic.class:0:0:0:0 | getter | getter() | No parameters | String | test.kt:1:1:13:1 | Generic | test.kt:7:3:7:26 | getter | +| file:///!unknown-binary-location/Generic.class:0:0:0:0 | Generic | file:///!unknown-binary-location/Generic.class:0:0:0:0 | identity | identity(java.lang.Void) | Void | String | test.kt:1:1:13:1 | Generic | test.kt:6:3:6:35 | identity | +| file:///!unknown-binary-location/Generic.class:0:0:0:0 | Generic | file:///!unknown-binary-location/Generic.class:0:0:0:0 | identity2 | identity2(java.lang.Void) | Void | String | test.kt:1:1:13:1 | Generic | test.kt:5:3:5:46 | identity2 | +| file:///!unknown-binary-location/Generic.class:0:0:0:0 | Generic | file:///!unknown-binary-location/Generic.class:0:0:0:0 | setStored | setStored(java.lang.Void) | Void | void | test.kt:1:1:13:1 | Generic | test.kt:3:3:3:19 | setStored | +| file:///!unknown-binary-location/Generic.class:0:0:0:0 | Generic | file:///!unknown-binary-location/Generic.class:0:0:0:0 | setter | setter(java.lang.Void) | Void | void | test.kt:1:1:13:1 | Generic | test.kt:8:3:8:41 | setter | +| file:///!unknown-binary-location/Generic.class:0:0:0:0 | Generic | file:///!unknown-binary-location/Generic.class:0:0:0:0 | callPrivateId | callPrivateId(Generic) | Generic | String | test.kt:1:1:13:1 | Generic | test.kt:11:3:11:70 | callPrivateId | +| file:///!unknown-binary-location/Generic.class:0:0:0:0 | Generic | file:///!unknown-binary-location/Generic.class:0:0:0:0 | getStored | getStored() | No parameters | Object | test.kt:1:1:13:1 | Generic | test.kt:3:3:3:19 | getStored | +| file:///!unknown-binary-location/Generic.class:0:0:0:0 | Generic | file:///!unknown-binary-location/Generic.class:0:0:0:0 | getter | getter() | No parameters | Object | test.kt:1:1:13:1 | Generic | test.kt:7:3:7:26 | getter | +| file:///!unknown-binary-location/Generic.class:0:0:0:0 | Generic | file:///!unknown-binary-location/Generic.class:0:0:0:0 | identity | identity(java.lang.String) | String | Object | test.kt:1:1:13:1 | Generic | test.kt:6:3:6:35 | identity | +| file:///!unknown-binary-location/Generic.class:0:0:0:0 | Generic | file:///!unknown-binary-location/Generic.class:0:0:0:0 | identity2 | identity2(java.lang.String) | String | Object | test.kt:1:1:13:1 | Generic | test.kt:5:3:5:46 | identity2 | +| file:///!unknown-binary-location/Generic.class:0:0:0:0 | Generic | file:///!unknown-binary-location/Generic.class:0:0:0:0 | setStored | setStored(java.lang.String) | String | void | test.kt:1:1:13:1 | Generic | test.kt:3:3:3:19 | setStored | +| file:///!unknown-binary-location/Generic.class:0:0:0:0 | Generic | file:///!unknown-binary-location/Generic.class:0:0:0:0 | setter | setter(java.lang.String) | String | void | test.kt:1:1:13:1 | Generic | test.kt:8:3:8:41 | setter | +| file:///!unknown-binary-location/Generic.class:0:0:0:0 | Generic | file:///!unknown-binary-location/Generic.class:0:0:0:0 | callPrivateId | callPrivateId(Generic) | Generic | String | test.kt:1:1:13:1 | Generic | test.kt:11:3:11:70 | callPrivateId | +| file:///!unknown-binary-location/Generic.class:0:0:0:0 | Generic | file:///!unknown-binary-location/Generic.class:0:0:0:0 | getStored | getStored() | No parameters | String | test.kt:1:1:13:1 | Generic | test.kt:3:3:3:19 | getStored | +| file:///!unknown-binary-location/Generic.class:0:0:0:0 | Generic | file:///!unknown-binary-location/Generic.class:0:0:0:0 | getter | getter() | No parameters | String | test.kt:1:1:13:1 | Generic | test.kt:7:3:7:26 | getter | +| file:///!unknown-binary-location/Generic.class:0:0:0:0 | Generic | file:///!unknown-binary-location/Generic.class:0:0:0:0 | identity | identity(java.lang.String) | String | String | test.kt:1:1:13:1 | Generic | test.kt:6:3:6:35 | identity | +| file:///!unknown-binary-location/Generic.class:0:0:0:0 | Generic | file:///!unknown-binary-location/Generic.class:0:0:0:0 | identity2 | identity2(java.lang.String) | String | String | test.kt:1:1:13:1 | Generic | test.kt:5:3:5:46 | identity2 | +| file:///!unknown-binary-location/Generic.class:0:0:0:0 | Generic | file:///!unknown-binary-location/Generic.class:0:0:0:0 | privateid | privateid(java.lang.String) | String | String | test.kt:1:1:13:1 | Generic | test.kt:10:11:10:41 | privateid | +| file:///!unknown-binary-location/Generic.class:0:0:0:0 | Generic | file:///!unknown-binary-location/Generic.class:0:0:0:0 | setStored | setStored(java.lang.String) | String | void | test.kt:1:1:13:1 | Generic | test.kt:3:3:3:19 | setStored | +| file:///!unknown-binary-location/Generic.class:0:0:0:0 | Generic | file:///!unknown-binary-location/Generic.class:0:0:0:0 | setter | setter(java.lang.String) | String | void | test.kt:1:1:13:1 | Generic | test.kt:8:3:8:41 | setter | +| test.kt:0:0:0:0 | TestKt | test.kt:15:1:28:1 | user | user() | No parameters | void | test.kt:0:0:0:0 | TestKt | test.kt:15:1:28:1 | user | +| test.kt:1:1:13:1 | Generic | test.kt:3:3:3:19 | getStored | getStored() | No parameters | T | test.kt:1:1:13:1 | Generic | test.kt:3:3:3:19 | getStored | +| test.kt:1:1:13:1 | Generic | test.kt:3:3:3:19 | setStored | setStored(java.lang.Object) | T | void | test.kt:1:1:13:1 | Generic | test.kt:3:3:3:19 | setStored | +| test.kt:1:1:13:1 | Generic | test.kt:5:3:5:46 | identity2 | identity2(java.lang.Object) | T | T | test.kt:1:1:13:1 | Generic | test.kt:5:3:5:46 | identity2 | +| test.kt:1:1:13:1 | Generic | test.kt:6:3:6:35 | identity | identity(java.lang.Object) | T | T | test.kt:1:1:13:1 | Generic | test.kt:6:3:6:35 | identity | +| test.kt:1:1:13:1 | Generic | test.kt:7:3:7:26 | getter | getter() | No parameters | T | test.kt:1:1:13:1 | Generic | test.kt:7:3:7:26 | getter | +| test.kt:1:1:13:1 | Generic | test.kt:8:3:8:41 | setter | setter(java.lang.Object) | T | void | test.kt:1:1:13:1 | Generic | test.kt:8:3:8:41 | setter | +| test.kt:1:1:13:1 | Generic | test.kt:10:11:10:41 | privateid | privateid(java.lang.Object) | T | T | test.kt:1:1:13:1 | Generic | test.kt:10:11:10:41 | privateid | +| test.kt:1:1:13:1 | Generic | test.kt:11:3:11:70 | callPrivateId | callPrivateId(Generic) | Generic | String | test.kt:1:1:13:1 | Generic | test.kt:11:3:11:70 | callPrivateId | diff --git a/java/ql/test/kotlin/library-tests/generic-instance-methods/test.kt b/java/ql/test/kotlin/library-tests/generic-instance-methods/test.kt index 1b253e31388..064d4e654ba 100644 --- a/java/ql/test/kotlin/library-tests/generic-instance-methods/test.kt +++ b/java/ql/test/kotlin/library-tests/generic-instance-methods/test.kt @@ -7,6 +7,9 @@ class Generic(init: T) { fun getter(): T = stored fun setter(param: T) { stored = param } + private fun privateid(param: T) = param + fun callPrivateId(gs: Generic) = gs.privateid("hello world") + } fun user() { @@ -23,5 +26,3 @@ fun user() { projectedIn.getter() } - - diff --git a/java/ql/test/kotlin/library-tests/inherited-callee/Test.kt b/java/ql/test/kotlin/library-tests/inherited-callee/Test.kt index be8417863d8..af5150b161a 100644 --- a/java/ql/test/kotlin/library-tests/inherited-callee/Test.kt +++ b/java/ql/test/kotlin/library-tests/inherited-callee/Test.kt @@ -4,13 +4,13 @@ open class TestKt { } -interface ParentIf { +interface ParentIfK { fun inheritedInterfaceMethodK() } -interface ChildIf : ParentIf { +interface ChildIfK : ParentIfK { } @@ -24,7 +24,7 @@ class ChildKt : TestKt() { c.equals(c) c.hashCode() c.inheritMe() - val c2: ParentIf? = null + val c2: ParentIfK? = null c2?.inheritedInterfaceMethodK() } diff --git a/java/ql/test/kotlin/library-tests/inherited-callee/test.expected b/java/ql/test/kotlin/library-tests/inherited-callee/test.expected index 38f8f9f0666..31ae3ae4d83 100644 --- a/java/ql/test/kotlin/library-tests/inherited-callee/test.expected +++ b/java/ql/test/kotlin/library-tests/inherited-callee/test.expected @@ -7,4 +7,4 @@ | Test.kt:24:7:24:15 | equals(...) | equals | Object | | Test.kt:25:7:25:16 | hashCode(...) | hashCode | Object | | Test.kt:26:7:26:17 | inheritMe(...) | inheritMe | TestKt | -| Test.kt:28:9:28:35 | inheritedInterfaceMethodK(...) | inheritedInterfaceMethodK | ParentIf | +| Test.kt:28:9:28:35 | inheritedInterfaceMethodK(...) | inheritedInterfaceMethodK | ParentIfK | diff --git a/java/ql/test/kotlin/library-tests/lateinit/PrintAst.expected b/java/ql/test/kotlin/library-tests/lateinit/PrintAst.expected new file mode 100644 index 00000000000..c2119ec6123 --- /dev/null +++ b/java/ql/test/kotlin/library-tests/lateinit/PrintAst.expected @@ -0,0 +1,94 @@ +test.kt: +# 0| [CompilationUnit] test +# 1| 1: [Class] LateInit +# 1| 1: [Constructor] LateInit +# 1| 5: [BlockStmt] { ... } +# 1| 0: [SuperConstructorInvocationStmt] super(...) +# 1| 1: [BlockStmt] { ... } +# 2| 2: [FieldDeclaration] LateInit test0; +# 2| -1: [TypeAccess] LateInit +# 2| 3: [Method] getTest0$private +# 2| 3: [TypeAccess] LateInit +# 2| 5: [BlockStmt] { ... } +# 2| 0: [ReturnStmt] return ... +# 2| 0: [VarAccess] this.test0 +# 2| -1: [ThisAccess] this +# 2| 4: [Method] setTest0$private +# 2| 3: [TypeAccess] Unit +#-----| 4: (Parameters) +# 2| 0: [Parameter] +# 2| 0: [TypeAccess] LateInit +# 2| 5: [BlockStmt] { ... } +# 2| 0: [ExprStmt] ; +# 2| 0: [AssignExpr] ...=... +# 2| 0: [VarAccess] this.test0 +# 2| -1: [ThisAccess] this +# 2| 1: [VarAccess] +# 4| 5: [Method] f +# 4| 3: [TypeAccess] Unit +# 4| 5: [BlockStmt] { ... } +# 4| 0: [ReturnStmt] return ... +# 4| 0: [MethodAccess] println(...) +# 4| -1: [TypeAccess] ConsoleKt +# 4| 0: [StringLiteral] a +# 6| 6: [Method] init +# 6| 3: [TypeAccess] LateInit +# 6| 5: [BlockStmt] { ... } +# 6| 0: [ReturnStmt] return ... +# 6| 0: [ClassInstanceExpr] new LateInit(...) +# 6| -3: [TypeAccess] LateInit +# 8| 7: [Method] fn +# 8| 3: [TypeAccess] Unit +# 8| 5: [BlockStmt] { ... } +# 9| 0: [ExprStmt] ; +# 9| 0: [MethodAccess] f(...) +# 9| -1: [MethodAccess] getTest0$private(...) +# 9| -1: [ThisAccess] this +# 10| 1: [ExprStmt] ; +# 10| 0: [WhenExpr] when ... +# 10| 0: [WhenBranch] ... -> ... +# 10| 0: [MethodAccess] isInitialized(...) +# 10| -1: [TypeAccess] LateinitKt +# 10| 0: [PropertyRefExpr] ...::... +# 10| -4: [AnonymousClass] new KMutableProperty0(...) { ... } +# 10| 1: [Constructor] +#-----| 4: (Parameters) +# 10| 0: [Parameter] +# 10| 5: [BlockStmt] { ... } +# 10| 0: [SuperConstructorInvocationStmt] super(...) +# 10| 1: [ExprStmt] ; +# 10| 0: [AssignExpr] ...=... +# 10| 0: [VarAccess] this. +# 10| -1: [ThisAccess] this +# 10| 1: [VarAccess] +# 10| 2: [FieldDeclaration] LateInit ; +# 10| -1: [TypeAccess] LateInit +# 10| 3: [Method] get +# 10| 5: [BlockStmt] { ... } +# 10| 0: [ReturnStmt] return ... +# 10| 0: [MethodAccess] getTest0$private(...) +# 10| -1: [VarAccess] this. +# 10| -1: [ThisAccess] this +# 10| 4: [Method] invoke +# 10| 5: [BlockStmt] { ... } +# 10| 0: [ReturnStmt] return ... +# 10| 0: [MethodAccess] get(...) +# 10| -1: [ThisAccess] this +# 10| 5: [Method] set +#-----| 4: (Parameters) +# 10| 0: [Parameter] a0 +# 10| 5: [BlockStmt] { ... } +# 10| 0: [ReturnStmt] return ... +# 10| 0: [MethodAccess] setTest0$private(...) +# 10| -1: [VarAccess] this. +# 10| -1: [ThisAccess] this +# 10| 0: [VarAccess] a0 +# 10| -3: [TypeAccess] KMutableProperty0 +# 10| 0: [TypeAccess] LateInit +# 10| 0: [ThisAccess] this +# 10| 1: [BlockStmt] { ... } +# 13| 2: [LocalVariableDeclStmt] var ...; +# 13| 1: [LocalVariableDeclExpr] test1 +# 14| 3: [ExprStmt] ; +# 14| 0: [MethodAccess] f(...) +# 14| -1: [VarAccess] test1 diff --git a/java/ql/test/kotlin/library-tests/lateinit/PrintAst.qlref b/java/ql/test/kotlin/library-tests/lateinit/PrintAst.qlref new file mode 100644 index 00000000000..c7fd5faf239 --- /dev/null +++ b/java/ql/test/kotlin/library-tests/lateinit/PrintAst.qlref @@ -0,0 +1 @@ +semmle/code/java/PrintAst.ql \ No newline at end of file diff --git a/java/ql/test/kotlin/library-tests/lateinit/test.expected b/java/ql/test/kotlin/library-tests/lateinit/test.expected new file mode 100644 index 00000000000..e3761785021 --- /dev/null +++ b/java/ql/test/kotlin/library-tests/lateinit/test.expected @@ -0,0 +1,8 @@ +| test.kt:4:15:4:26 | println(...) | file:///ConsoleKt.class:0:0:0:0 | println | +| test.kt:9:9:9:13 | getTest0$private(...) | test.kt:2:22:2:40 | getTest0$private | +| test.kt:9:15:9:17 | f(...) | test.kt:4:5:4:26 | f | +| test.kt:10:13:10:23 | get(...) | test.kt:10:13:10:23 | get | +| test.kt:10:13:10:23 | getTest0$private(...) | test.kt:2:22:2:40 | getTest0$private | +| test.kt:10:13:10:23 | setTest0$private(...) | test.kt:2:22:2:40 | setTest0$private | +| test.kt:10:25:10:37 | isInitialized(...) | file:///LateinitKt.class:0:0:0:0 | isInitialized | +| test.kt:14:15:14:17 | f(...) | test.kt:4:5:4:26 | f | diff --git a/java/ql/test/kotlin/library-tests/lateinit/test.kt b/java/ql/test/kotlin/library-tests/lateinit/test.kt new file mode 100644 index 00000000000..3312f67511c --- /dev/null +++ b/java/ql/test/kotlin/library-tests/lateinit/test.kt @@ -0,0 +1,16 @@ +public class LateInit { + private lateinit var test0: LateInit + + fun f() = println("a") + + fun init() = LateInit() + + fun fn() { + test0.f() // This is preceded by a null-check and a throw in bytecode, in IR it's a simple call + if (this::test0.isInitialized) { // This is converted to a null-check in bytecode, in IR it's a call to `LateinitKt.isInitialized` + } + + lateinit var test1: LateInit + test1.f() // This is replaced by `Intrinsics.throwUninitializedPropertyAccessException` in bytecode, in IR it's a simple call + } +} diff --git a/java/ql/test/kotlin/library-tests/lateinit/test.ql b/java/ql/test/kotlin/library-tests/lateinit/test.ql new file mode 100644 index 00000000000..5f4a458da95 --- /dev/null +++ b/java/ql/test/kotlin/library-tests/lateinit/test.ql @@ -0,0 +1,13 @@ +import java + +class MethodLocation extends Method { + override predicate hasLocationInfo(string path, int sl, int sc, int el, int ec) { + exists(string fullPath | super.hasLocationInfo(fullPath, sl, sc, el, ec) | + if exists(this.getFile().getRelativePath()) + then path = fullPath + else path = fullPath.regexpReplaceAll(".*/", "/") + ) + } +} + +query predicate calls(MethodAccess ma, Method m) { ma.getMethod() = m } diff --git a/java/ql/test/kotlin/library-tests/methods/methods.expected b/java/ql/test/kotlin/library-tests/methods/methods.expected index 8ee20aac587..6a86ea6bf5b 100644 --- a/java/ql/test/kotlin/library-tests/methods/methods.expected +++ b/java/ql/test/kotlin/library-tests/methods/methods.expected @@ -1,5 +1,5 @@ methods -| clinit.kt:0:0:0:0 | ClinitKt | clinit.kt:0:0:0:0 | | () | | Compiler generated | +| clinit.kt:0:0:0:0 | ClinitKt | clinit.kt:0:0:0:0 | | () | static | Compiler generated | | clinit.kt:0:0:0:0 | ClinitKt | clinit.kt:3:1:3:24 | getTopLevelInt | getTopLevelInt() | public, static | Compiler generated | | clinit.kt:0:0:0:0 | ClinitKt | clinit.kt:3:1:3:24 | setTopLevelInt | setTopLevelInt(int) | public, static | Compiler generated | | dataClass.kt:1:1:1:47 | DataClass | dataClass.kt:0:0:0:0 | component1 | component1() | public | Compiler generated | @@ -25,11 +25,11 @@ methods | delegates.kt:8:32:11:5 | new KMutableProperty1(...) { ... } | delegates.kt:8:32:11:5 | set | set(MyClass,java.lang.String) | override, public | | | delegates.kt:8:32:11:5 | new KMutableProperty1(...) { ... } | delegates.kt:8:32:11:5 | set | set(MyClass,java.lang.String) | override, public | | | delegates.kt:8:66:11:5 | new Function3,String,String,Unit>(...) { ... } | delegates.kt:8:66:11:5 | invoke | invoke(kotlin.reflect.KProperty,java.lang.String,java.lang.String) | override, public | | -| enumClass.kt:1:1:4:1 | EnumClass | enumClass.kt:0:0:0:0 | | () | | Compiler generated | +| enumClass.kt:1:1:4:1 | EnumClass | enumClass.kt:0:0:0:0 | | () | static | Compiler generated | | enumClass.kt:1:1:4:1 | EnumClass | enumClass.kt:0:0:0:0 | valueOf | valueOf(java.lang.String) | public, static | Compiler generated | | enumClass.kt:1:1:4:1 | EnumClass | enumClass.kt:0:0:0:0 | values | values() | public, static | Compiler generated | | enumClass.kt:1:1:4:1 | EnumClass | enumClass.kt:1:22:1:31 | getV | getV() | public | Compiler generated | -| enumClass.kt:6:1:16:1 | EnumWithFunctions | enumClass.kt:0:0:0:0 | | () | | Compiler generated | +| enumClass.kt:6:1:16:1 | EnumWithFunctions | enumClass.kt:0:0:0:0 | | () | static | Compiler generated | | enumClass.kt:6:1:16:1 | EnumWithFunctions | enumClass.kt:0:0:0:0 | valueOf | valueOf(java.lang.String) | public, static | Compiler generated | | enumClass.kt:6:1:16:1 | EnumWithFunctions | enumClass.kt:0:0:0:0 | values | values() | public, static | Compiler generated | | enumClass.kt:6:1:16:1 | EnumWithFunctions | enumClass.kt:13:12:13:29 | f | f(int) | public | | diff --git a/java/ql/test/kotlin/library-tests/ministdlib/MiniStdLib.kt b/java/ql/test/kotlin/library-tests/ministdlib/MiniStdLib.kt new file mode 100644 index 00000000000..214e384686f --- /dev/null +++ b/java/ql/test/kotlin/library-tests/ministdlib/MiniStdLib.kt @@ -0,0 +1,33 @@ +package kotlin + +/* +This is a mini standard library replacement, to make it easy to write +very small tests that create very small databases. + +If you define a class, then you will need to also define any members that +compiler/ir/ir.psi2ir/src/org/jetbrains/kotlin/psi2ir/descriptors/IrBuiltInsOverDescriptors.kt +expects (e.g. with findFunctions(...).first) to exist. +*/ + +public open class Any { + fun toString(): String { return this.toString() } + open operator fun equals(other: Any?): Boolean { return this.equals(other) } +} + +public class String { + operator fun plus(other: Any?): String { return this.plus(other) } +} + +public class Boolean { + operator fun not(): Boolean { return this.not() } +} + +public class Int { + operator fun plus(other: Int): Int { return this.plus(other) } + operator fun times(other: Int): Int { return this.times(other) } + infix fun xor(other: Int): Int { return this.xor(other) } +} + +public object Unit { +} + diff --git a/java/ql/test/kotlin/library-tests/ministdlib/MyClass.kt b/java/ql/test/kotlin/library-tests/ministdlib/MyClass.kt new file mode 100644 index 00000000000..eaa7e450bbb --- /dev/null +++ b/java/ql/test/kotlin/library-tests/ministdlib/MyClass.kt @@ -0,0 +1 @@ +class MyClass {} diff --git a/java/ql/test/kotlin/library-tests/ministdlib/classes.expected b/java/ql/test/kotlin/library-tests/ministdlib/classes.expected new file mode 100644 index 00000000000..8d1bc538129 --- /dev/null +++ b/java/ql/test/kotlin/library-tests/ministdlib/classes.expected @@ -0,0 +1,7 @@ +| MiniStdLib.kt:12:1:15:1 | Any | +| MiniStdLib.kt:17:1:19:1 | String | +| MiniStdLib.kt:21:1:23:1 | Boolean | +| MiniStdLib.kt:25:1:29:1 | Int | +| MiniStdLib.kt:31:1:32:1 | Unit | +| MyClass.kt:1:1:1:16 | MyClass | +| file://:0:0:0:0 | FakeKotlinClass | diff --git a/java/ql/test/kotlin/library-tests/ministdlib/classes.ql b/java/ql/test/kotlin/library-tests/ministdlib/classes.ql new file mode 100644 index 00000000000..86c654ea986 --- /dev/null +++ b/java/ql/test/kotlin/library-tests/ministdlib/classes.ql @@ -0,0 +1,4 @@ +import java + +from Class c +select c diff --git a/java/ql/test/kotlin/library-tests/ministdlib/options b/java/ql/test/kotlin/library-tests/ministdlib/options new file mode 100644 index 00000000000..052bfdb9a30 --- /dev/null +++ b/java/ql/test/kotlin/library-tests/ministdlib/options @@ -0,0 +1 @@ +codeql-extractor-kotlin-options: -no-jdk -no-reflect -no-stdlib -Xallow-kotlin-package diff --git a/java/ql/test/kotlin/library-tests/modifiers/modifiers.expected b/java/ql/test/kotlin/library-tests/modifiers/modifiers.expected index b6b3a649593..cdde306d74f 100644 --- a/java/ql/test/kotlin/library-tests/modifiers/modifiers.expected +++ b/java/ql/test/kotlin/library-tests/modifiers/modifiers.expected @@ -1,5 +1,5 @@ -| modifiers.kt:1:1:28:1 | X | Class | public | -| modifiers.kt:1:6:28:1 | X | Constructor | public | +| modifiers.kt:1:1:29:1 | X | Class | public | +| modifiers.kt:1:6:29:1 | X | Constructor | public | | modifiers.kt:2:5:2:21 | a | Field | final | | modifiers.kt:2:5:2:21 | a | Field | private | | modifiers.kt:2:5:2:21 | a | Property | private | @@ -45,3 +45,26 @@ | modifiers.kt:27:12:27:49 | fn5 | Method | inline | | modifiers.kt:27:12:27:49 | fn5 | Method | public | | modifiers.kt:27:20:27:44 | f | Parameter | crossinline | +| modifiers.kt:28:12:28:39 | fn6 | Method | inline | +| modifiers.kt:28:12:28:39 | fn6 | Method | public | +| modifiers.kt:28:17:28:25 | T | TypeVariable | reified | +| modifiers.kt:31:1:33:1 | Y | Class | final | +| modifiers.kt:31:1:33:1 | Y | Class | public | +| modifiers.kt:31:1:33:1 | Y | Constructor | public | +| modifiers.kt:31:1:33:1 | Y | GenericType | final | +| modifiers.kt:31:1:33:1 | Y | GenericType | public | +| modifiers.kt:31:1:33:1 | Y | ParameterizedType | final | +| modifiers.kt:31:1:33:1 | Y | ParameterizedType | public | +| modifiers.kt:31:9:31:13 | T1 | TypeVariable | in | +| modifiers.kt:31:16:31:21 | T2 | TypeVariable | out | +| modifiers.kt:32:5:32:32 | foo | Method | public | +| modifiers.kt:35:1:41:1 | LateInit | Class | final | +| modifiers.kt:35:1:41:1 | LateInit | Class | public | +| modifiers.kt:35:8:41:1 | LateInit | Constructor | public | +| modifiers.kt:36:5:36:40 | test0 | Field | private | +| modifiers.kt:36:5:36:40 | test0 | Property | lateinit | +| modifiers.kt:36:5:36:40 | test0 | Property | private | +| modifiers.kt:36:22:36:40 | getTest0$private | Method | private | +| modifiers.kt:36:22:36:40 | setTest0$private | Method | private | +| modifiers.kt:38:5:40:5 | fn | Method | public | +| modifiers.kt:39:9:39:36 | LateInit test1 | LocalVariableDecl | lateinit | diff --git a/java/ql/test/kotlin/library-tests/modifiers/modifiers.kt b/java/ql/test/kotlin/library-tests/modifiers/modifiers.kt index 695ab23e66c..62de34aadb2 100644 --- a/java/ql/test/kotlin/library-tests/modifiers/modifiers.kt +++ b/java/ql/test/kotlin/library-tests/modifiers/modifiers.kt @@ -25,4 +25,17 @@ open class X { inline fun fn4(noinline f: () -> Unit) { } inline fun fn5(crossinline f: () -> Unit) { } + inline fun fn6(x: T) {} } + +class Y { + fun foo(t: T1) : T2 = null!! +} + +public class LateInit { + private lateinit var test0: LateInit + + fun fn() { + lateinit var test1: LateInit + } +} \ No newline at end of file diff --git a/java/ql/test/kotlin/library-tests/numlines/callable.expected b/java/ql/test/kotlin/library-tests/numlines/callable.expected new file mode 100644 index 00000000000..52f3a4f2cbe --- /dev/null +++ b/java/ql/test/kotlin/library-tests/numlines/callable.expected @@ -0,0 +1,6 @@ +| test.kt:2:1:4:1 | foo | 3 | 3 | 0 | +| test.kt:8:1:8:9 | getX | 1 | 1 | 0 | +| test.kt:18:1:18:17 | getY | 5 | 1 | 4 | +| test.kt:20:1:26:1 | Foo | 7 | 6 | 1 | +| test.kt:21:5:24:5 | bar | 4 | 3 | 1 | +| test.kt:25:5:25:21 | getSomeField | 1 | 1 | 0 | diff --git a/java/ql/test/kotlin/library-tests/numlines/callable.ql b/java/ql/test/kotlin/library-tests/numlines/callable.ql new file mode 100644 index 00000000000..c9775a24c5d --- /dev/null +++ b/java/ql/test/kotlin/library-tests/numlines/callable.ql @@ -0,0 +1,4 @@ +import java + +from Callable c +select c, c.getTotalNumberOfLines(), c.getNumberOfLinesOfCode(), c.getNumberOfCommentLines() diff --git a/java/ql/test/kotlin/library-tests/numlines/classes.expected b/java/ql/test/kotlin/library-tests/numlines/classes.expected new file mode 100644 index 00000000000..35000a02464 --- /dev/null +++ b/java/ql/test/kotlin/library-tests/numlines/classes.expected @@ -0,0 +1 @@ +| test.kt:20:1:26:1 | Foo | 7 | 6 | 1 | diff --git a/java/ql/test/kotlin/library-tests/numlines/classes.ql b/java/ql/test/kotlin/library-tests/numlines/classes.ql new file mode 100644 index 00000000000..4c987784146 --- /dev/null +++ b/java/ql/test/kotlin/library-tests/numlines/classes.ql @@ -0,0 +1,4 @@ +import java + +from Class c +select c, c.getTotalNumberOfLines(), c.getNumberOfLinesOfCode(), c.getNumberOfCommentLines() diff --git a/java/ql/test/kotlin/library-tests/numlines/files.expected b/java/ql/test/kotlin/library-tests/numlines/files.expected new file mode 100644 index 00000000000..1cc9c337bac --- /dev/null +++ b/java/ql/test/kotlin/library-tests/numlines/files.expected @@ -0,0 +1 @@ +| test.kt:0:0:0:0 | test | 28 | 11 | 9 | diff --git a/java/ql/test/kotlin/library-tests/numlines/files.ql b/java/ql/test/kotlin/library-tests/numlines/files.ql new file mode 100644 index 00000000000..ca56da73369 --- /dev/null +++ b/java/ql/test/kotlin/library-tests/numlines/files.ql @@ -0,0 +1,4 @@ +import java + +from File f +select f, f.getTotalNumberOfLines(), f.getNumberOfLinesOfCode(), f.getNumberOfCommentLines() diff --git a/java/ql/test/kotlin/library-tests/numlines/test.kt b/java/ql/test/kotlin/library-tests/numlines/test.kt new file mode 100644 index 00000000000..1ede04c7952 --- /dev/null +++ b/java/ql/test/kotlin/library-tests/numlines/test.kt @@ -0,0 +1,27 @@ + +fun foo ( x : Int ) { + val y = ( x + 1 ) +} + +// test + +val x = 4 + +/* +test +*/ + +/** +test +*/ + +val y = 5 // test + +class Foo { + fun bar() { + // comment + return + } + val someField = 3 +} + diff --git a/java/ql/test/kotlin/library-tests/parameter-defaults/PrintAst.expected b/java/ql/test/kotlin/library-tests/parameter-defaults/PrintAst.expected index 95198f2beaa..6a850a431d2 100644 --- a/java/ql/test/kotlin/library-tests/parameter-defaults/PrintAst.expected +++ b/java/ql/test/kotlin/library-tests/parameter-defaults/PrintAst.expected @@ -1221,3 +1221,82 @@ test.kt: # 173| 5: [BlockStmt] { ... } # 173| 0: [ReturnStmt] return ... # 173| 0: [VarAccess] t +# 177| 17: [Class] TestOverloadsWithDefaults +# 177| 1: [Constructor] TestOverloadsWithDefaults +# 177| 5: [BlockStmt] { ... } +# 177| 0: [SuperConstructorInvocationStmt] super(...) +# 177| 1: [BlockStmt] { ... } +# 179| 2: [Method] f +# 179| 3: [TypeAccess] Unit +#-----| 4: (Parameters) +# 179| 0: [Parameter] x +# 179| 0: [TypeAccess] int +# 179| 1: [Parameter] y +# 179| 0: [TypeAccess] String +# 179| 5: [BlockStmt] { ... } +# 179| 3: [Method] f$default +# 179| 3: [TypeAccess] Unit +#-----| 4: (Parameters) +# 179| 0: [Parameter] p0 +# 179| 0: [TypeAccess] TestOverloadsWithDefaults +# 179| 1: [Parameter] p1 +# 179| 0: [TypeAccess] int +# 179| 2: [Parameter] p2 +# 179| 0: [TypeAccess] String +# 179| 3: [Parameter] p3 +# 179| 0: [TypeAccess] int +# 179| 4: [Parameter] p4 +# 179| 0: [TypeAccess] Object +# 179| 5: [BlockStmt] { ... } +# 179| 0: [IfStmt] if (...) +# 179| 0: [EQExpr] ... == ... +# 179| 0: [AndBitwiseExpr] ... & ... +# 179| 0: [IntegerLiteral] 2 +# 179| 1: [VarAccess] p3 +# 179| 1: [IntegerLiteral] 0 +# 179| 1: [ExprStmt] ; +# 179| 0: [AssignExpr] ...=... +# 179| 0: [VarAccess] p2 +# 179| 1: [StringLiteral] Hello world +# 179| 1: [ReturnStmt] return ... +# 179| 0: [MethodAccess] f(...) +# 179| -1: [VarAccess] p0 +# 179| 0: [VarAccess] p1 +# 179| 1: [VarAccess] p2 +# 180| 4: [Method] f +# 180| 3: [TypeAccess] Unit +#-----| 4: (Parameters) +# 180| 0: [Parameter] z +# 180| 0: [TypeAccess] String +# 180| 1: [Parameter] w +# 180| 0: [TypeAccess] int +# 180| 5: [BlockStmt] { ... } +# 180| 5: [Method] f$default +# 180| 3: [TypeAccess] Unit +#-----| 4: (Parameters) +# 180| 0: [Parameter] p0 +# 180| 0: [TypeAccess] TestOverloadsWithDefaults +# 180| 1: [Parameter] p1 +# 180| 0: [TypeAccess] String +# 180| 2: [Parameter] p2 +# 180| 0: [TypeAccess] int +# 180| 3: [Parameter] p3 +# 180| 0: [TypeAccess] int +# 180| 4: [Parameter] p4 +# 180| 0: [TypeAccess] Object +# 180| 5: [BlockStmt] { ... } +# 180| 0: [IfStmt] if (...) +# 180| 0: [EQExpr] ... == ... +# 180| 0: [AndBitwiseExpr] ... & ... +# 180| 0: [IntegerLiteral] 2 +# 180| 1: [VarAccess] p3 +# 180| 1: [IntegerLiteral] 0 +# 180| 1: [ExprStmt] ; +# 180| 0: [AssignExpr] ...=... +# 180| 0: [VarAccess] p2 +# 180| 1: [IntegerLiteral] 0 +# 180| 1: [ReturnStmt] return ... +# 180| 0: [MethodAccess] f(...) +# 180| -1: [VarAccess] p0 +# 180| 0: [VarAccess] p1 +# 180| 1: [VarAccess] p2 diff --git a/java/ql/test/kotlin/library-tests/parameter-defaults/defaults.expected b/java/ql/test/kotlin/library-tests/parameter-defaults/defaults.expected new file mode 100644 index 00000000000..b0bb467d954 --- /dev/null +++ b/java/ql/test/kotlin/library-tests/parameter-defaults/defaults.expected @@ -0,0 +1,15 @@ +| test.kt:5:3:7:3 | f | test.kt:5:3:7:3 | f$default | +| test.kt:34:14:36:3 | f | test.kt:34:14:36:3 | f$default | +| test.kt:68:1:80:1 | TestConstructor | test.kt:68:1:80:1 | TestConstructor | +| test.kt:86:5:88:5 | f | test.kt:86:5:88:5 | f$default | +| test.kt:106:7:108:7 | f | test.kt:106:7:108:7 | f$default | +| test.kt:124:3:126:3 | f | test.kt:124:3:126:3 | f$default | +| test.kt:135:3:135:43 | testReturn | test.kt:135:3:135:43 | testReturn$default | +| test.kt:145:3:147:3 | f | test.kt:145:3:147:3 | f$default | +| test.kt:158:3:158:35 | f | test.kt:158:3:158:35 | f$default | +| test.kt:159:12:159:44 | g$main | test.kt:159:12:159:44 | g$main$default | +| test.kt:160:13:160:45 | h | test.kt:160:13:160:45 | h$default | +| test.kt:161:11:161:43 | i | test.kt:161:11:161:43 | i$default | +| test.kt:171:3:171:97 | f | test.kt:171:3:171:97 | f$default | +| test.kt:179:3:179:46 | f | test.kt:179:3:179:46 | f$default | +| test.kt:180:3:180:34 | f | test.kt:180:3:180:34 | f$default | diff --git a/java/ql/test/kotlin/library-tests/parameter-defaults/defaults.ql b/java/ql/test/kotlin/library-tests/parameter-defaults/defaults.ql new file mode 100644 index 00000000000..e6f5f4b54c4 --- /dev/null +++ b/java/ql/test/kotlin/library-tests/parameter-defaults/defaults.ql @@ -0,0 +1,7 @@ +import java + +from Callable realMethod, Callable defaultsProxy +where + defaultsProxy = realMethod.getKotlinParameterDefaultsProxy() and + realMethod.fromSource() +select realMethod, defaultsProxy diff --git a/java/ql/test/kotlin/library-tests/parameter-defaults/test.kt b/java/ql/test/kotlin/library-tests/parameter-defaults/test.kt index 25a29fb468f..a3bd483a4b4 100644 --- a/java/ql/test/kotlin/library-tests/parameter-defaults/test.kt +++ b/java/ql/test/kotlin/library-tests/parameter-defaults/test.kt @@ -173,3 +173,10 @@ class TestGenericUsedWithinDefaultValue { fun ident(t: T) = t } + +class TestOverloadsWithDefaults { + + fun f(x: Int, y: String = "Hello world") { } + fun f(z: String, w: Int = 0) { } + +} diff --git a/java/ql/test/kotlin/library-tests/private-anonymous-types/test.expected b/java/ql/test/kotlin/library-tests/private-anonymous-types/test.expected index 4c6907f99d4..40de73eadd9 100644 --- a/java/ql/test/kotlin/library-tests/private-anonymous-types/test.expected +++ b/java/ql/test/kotlin/library-tests/private-anonymous-types/test.expected @@ -1,15 +1,33 @@ +enclosingTypes +| file:///!unknown-binary-location/A$.class:0:0:0:0 | new If(...) { ... }<> | file:///!unknown-binary-location/A.class:0:0:0:0 | A | +| file:///!unknown-binary-location/A$.class:0:0:0:0 | new If(...) { ... }<> | file:///!unknown-binary-location/A.class:0:0:0:0 | A | +| test.kt:9:18:11:3 | new If(...) { ... } | test.kt:7:1:22:1 | A | +| test.kt:13:33:15:3 | new If(...) { ... } | test.kt:7:1:22:1 | A | +| test.kt:13:33:15:3 | new If(...) { ... }<> | test.kt:7:1:22:1 | A<> | +#select +| file:///!unknown-binary-location/A$.class:0:0:0:0 | new If(...) { ... }<> | file:///!unknown-binary-location/A$.class:0:0:0:0 | | +| file:///!unknown-binary-location/A$.class:0:0:0:0 | new If(...) { ... }<> | file:///!unknown-binary-location/A$.class:0:0:0:0 | | +| file:///!unknown-binary-location/A$.class:0:0:0:0 | new If(...) { ... }<> | file:///!unknown-binary-location/A$.class:0:0:0:0 | getX | +| file:///!unknown-binary-location/A$.class:0:0:0:0 | new If(...) { ... }<> | file:///!unknown-binary-location/A$.class:0:0:0:0 | getX | +| file:///!unknown-binary-location/A.class:0:0:0:0 | A | file:///!unknown-binary-location/A.class:0:0:0:0 | A | +| file:///!unknown-binary-location/A.class:0:0:0:0 | A | file:///!unknown-binary-location/A.class:0:0:0:0 | getAnonType | +| file:///!unknown-binary-location/A.class:0:0:0:0 | A | file:///!unknown-binary-location/A.class:0:0:0:0 | getPrivateAnonType$private | +| file:///!unknown-binary-location/A.class:0:0:0:0 | A | file:///!unknown-binary-location/A.class:0:0:0:0 | privateUser | | file:///!unknown-binary-location/A.class:0:0:0:0 | A | file:///!unknown-binary-location/A.class:0:0:0:0 | A | | file:///!unknown-binary-location/A.class:0:0:0:0 | A | file:///!unknown-binary-location/A.class:0:0:0:0 | getAnonType | +| file:///!unknown-binary-location/A.class:0:0:0:0 | A | file:///!unknown-binary-location/A.class:0:0:0:0 | getPrivateAnonType$private | +| file:///!unknown-binary-location/A.class:0:0:0:0 | A | file:///!unknown-binary-location/A.class:0:0:0:0 | privateUser | | file:///!unknown-binary-location/If.class:0:0:0:0 | If | file:///!unknown-binary-location/If.class:0:0:0:0 | getX | | file:///!unknown-binary-location/If.class:0:0:0:0 | If | file:///!unknown-binary-location/If.class:0:0:0:0 | getX | | other.kt:1:1:1:34 | Ext | other.kt:1:1:1:34 | Ext | -| test.kt:0:0:0:0 | TestKt | test.kt:19:1:19:38 | user | +| test.kt:0:0:0:0 | TestKt | test.kt:24:1:24:38 | user | | test.kt:1:1:5:1 | If | test.kt:3:3:3:11 | getX | -| test.kt:7:1:17:1 | A | test.kt:7:6:17:1 | A | -| test.kt:7:1:17:1 | A | test.kt:9:3:11:3 | anonType | -| test.kt:7:1:17:1 | A | test.kt:9:3:11:3 | getAnonType | -| test.kt:7:1:17:1 | A | test.kt:13:3:15:3 | privateAnonType | -| test.kt:7:1:17:1 | A | test.kt:13:11:15:3 | getPrivateAnonType$private | +| test.kt:7:1:22:1 | A | test.kt:7:6:22:1 | A | +| test.kt:7:1:22:1 | A | test.kt:9:3:11:3 | anonType | +| test.kt:7:1:22:1 | A | test.kt:9:3:11:3 | getAnonType | +| test.kt:7:1:22:1 | A | test.kt:13:3:15:3 | privateAnonType | +| test.kt:7:1:22:1 | A | test.kt:13:11:15:3 | getPrivateAnonType$private | +| test.kt:7:1:22:1 | A | test.kt:17:3:20:3 | privateUser | | test.kt:9:18:11:3 | new If(...) { ... } | test.kt:9:18:11:3 | | | test.kt:9:18:11:3 | new If(...) { ... } | test.kt:10:5:10:22 | x | | test.kt:9:18:11:3 | new If(...) { ... } | test.kt:10:14:10:22 | getX | diff --git a/java/ql/test/kotlin/library-tests/private-anonymous-types/test.kt b/java/ql/test/kotlin/library-tests/private-anonymous-types/test.kt index b0d49124eac..7427a8044b4 100644 --- a/java/ql/test/kotlin/library-tests/private-anonymous-types/test.kt +++ b/java/ql/test/kotlin/library-tests/private-anonymous-types/test.kt @@ -14,6 +14,11 @@ open class A(t: T) { override val x = t } + fun privateUser(x: A, y: A) { + val a = x.privateAnonType.x + val b = y.privateAnonType.x + } + } fun user(x: A) = x.anonType.x diff --git a/java/ql/test/kotlin/library-tests/private-anonymous-types/test.ql b/java/ql/test/kotlin/library-tests/private-anonymous-types/test.ql index 74bbc59a7fd..7383bfa9ad1 100644 --- a/java/ql/test/kotlin/library-tests/private-anonymous-types/test.ql +++ b/java/ql/test/kotlin/library-tests/private-anonymous-types/test.ql @@ -3,3 +3,7 @@ import java from ClassOrInterface ci, Member m where m = ci.getAMember() and ci.getSourceDeclaration().fromSource() select ci, m + +query predicate enclosingTypes(NestedType nt, Type encl) { + nt.getSourceDeclaration().fromSource() and encl = nt.getEnclosingType() +} diff --git a/java/ql/test/kotlin/library-tests/properties/properties.expected b/java/ql/test/kotlin/library-tests/properties/properties.expected index 7bbe706923c..01c82187a81 100644 --- a/java/ql/test/kotlin/library-tests/properties/properties.expected +++ b/java/ql/test/kotlin/library-tests/properties/properties.expected @@ -41,7 +41,7 @@ fieldDeclarations | properties.kt:28:5:29:22 | overrideGetter | properties.kt:29:13:29:22 | getOverrideGetter | properties.kt:28:5:29:22 | setOverrideGetter | properties.kt:28:5:29:22 | overrideGetter | public | | properties.kt:30:5:31:29 | overrideGetterUseField | properties.kt:31:13:31:29 | getOverrideGetterUseField | properties.kt:30:5:31:29 | setOverrideGetterUseField | properties.kt:30:5:31:29 | overrideGetterUseField | public | | properties.kt:32:5:33:29 | useField | properties.kt:33:13:33:29 | getUseField | file://:0:0:0:0 | | properties.kt:32:5:33:29 | useField | public | -| properties.kt:34:5:34:36 | lateInitVar | properties.kt:34:14:34:36 | getLateInitVar | properties.kt:34:14:34:36 | setLateInitVar | properties.kt:34:5:34:36 | lateInitVar | public | +| properties.kt:34:5:34:36 | lateInitVar | properties.kt:34:14:34:36 | getLateInitVar | properties.kt:34:14:34:36 | setLateInitVar | properties.kt:34:5:34:36 | lateInitVar | lateinit, public | | properties.kt:35:5:35:32 | privateProp | properties.kt:35:13:35:32 | getPrivateProp$private | file://:0:0:0:0 | | properties.kt:35:5:35:32 | privateProp | private | | properties.kt:36:5:36:36 | protectedProp | properties.kt:36:15:36:36 | getProtectedProp | file://:0:0:0:0 | | properties.kt:36:5:36:36 | protectedProp | protected | | properties.kt:37:5:37:30 | publicProp | properties.kt:37:12:37:30 | getPublicProp | file://:0:0:0:0 | | properties.kt:37:5:37:30 | publicProp | public | diff --git a/java/ql/test/kotlin/library-tests/reflection/PrintAst.expected b/java/ql/test/kotlin/library-tests/reflection/PrintAst.expected index b1da7cdcee2..64fffd47586 100644 --- a/java/ql/test/kotlin/library-tests/reflection/PrintAst.expected +++ b/java/ql/test/kotlin/library-tests/reflection/PrintAst.expected @@ -124,6 +124,7 @@ reflection.kt: # 97| 1: [Constructor] # 97| 5: [BlockStmt] { ... } # 97| 0: [SuperConstructorInvocationStmt] super(...) +# 97| 0: [IntegerLiteral] 1 # 97| 2: [Method] invoke #-----| 4: (Parameters) # 97| 0: [Parameter] a0 @@ -148,6 +149,7 @@ reflection.kt: # 98| 1: [Constructor] # 98| 5: [BlockStmt] { ... } # 98| 0: [SuperConstructorInvocationStmt] super(...) +# 98| 0: [IntegerLiteral] 1 # 98| 2: [Method] invoke #-----| 4: (Parameters) # 98| 0: [Parameter] a0 @@ -175,6 +177,7 @@ reflection.kt: # 99| 0: [Parameter] # 99| 5: [BlockStmt] { ... } # 99| 0: [SuperConstructorInvocationStmt] super(...) +# 99| 0: [IntegerLiteral] 1 # 99| 1: [ExprStmt] ; # 99| 0: [AssignExpr] ...=... # 99| 0: [VarAccess] this. @@ -274,13 +277,466 @@ reflection.kt: # 126| 1: [Constructor] # 126| 5: [BlockStmt] { ... } # 126| 0: [SuperConstructorInvocationStmt] super(...) +# 126| 0: [IntegerLiteral] 0 # 126| 2: [Method] invoke # 126| 5: [BlockStmt] { ... } # 126| 0: [ReturnStmt] return ... # 126| 0: [MethodAccess] fn1(...) -# 126| -1: [TypeAccess] ReflectionKt +# 126| -1: [ClassInstanceExpr] new (...) +# 126| -3: [TypeAccess] Object # 126| -3: [TypeAccess] Function0 # 126| 0: [TypeAccess] Unit +# 129| 12: [Method] expectsOneParam +# 129| 3: [TypeAccess] int +#-----| 4: (Parameters) +# 129| 0: [Parameter] f +# 129| 0: [TypeAccess] Function1 +# 129| 0: [WildcardTypeAccess] ? ... +# 129| 1: [TypeAccess] Integer +# 129| 1: [TypeAccess] Integer +# 129| 5: [BlockStmt] { ... } +# 129| 0: [ReturnStmt] return ... +# 129| 0: [MethodAccess] invoke(...) +# 129| -1: [VarAccess] f +# 129| 0: [IntegerLiteral] 0 +# 131| 13: [Method] takesOptionalParam +# 131| 3: [TypeAccess] int +#-----| 4: (Parameters) +# 131| 0: [Parameter] x +# 131| 0: [TypeAccess] int +# 131| 1: [Parameter] y +# 131| 0: [TypeAccess] int +# 131| 5: [BlockStmt] { ... } +# 131| 0: [ReturnStmt] return ... +# 131| 0: [AddExpr] ... + ... +# 131| 0: [VarAccess] x +# 131| 1: [VarAccess] y +# 131| 14: [Method] takesOptionalParam$default +# 131| 3: [TypeAccess] int +#-----| 4: (Parameters) +# 131| 0: [Parameter] p0 +# 131| 0: [TypeAccess] int +# 131| 1: [Parameter] p1 +# 131| 0: [TypeAccess] int +# 131| 2: [Parameter] p2 +# 131| 0: [TypeAccess] int +# 131| 3: [Parameter] p3 +# 131| 0: [TypeAccess] Object +# 131| 5: [BlockStmt] { ... } +# 131| 0: [IfStmt] if (...) +# 131| 0: [EQExpr] ... == ... +# 131| 0: [AndBitwiseExpr] ... & ... +# 131| 0: [IntegerLiteral] 2 +# 131| 1: [VarAccess] p2 +# 131| 1: [IntegerLiteral] 0 +# 131| 1: [ExprStmt] ; +# 131| 0: [AssignExpr] ...=... +# 131| 0: [VarAccess] p1 +# 131| 1: [IntegerLiteral] 0 +# 131| 1: [ReturnStmt] return ... +# 131| 0: [MethodAccess] takesOptionalParam(...) +# 131| -1: [TypeAccess] ReflectionKt +# 131| 0: [VarAccess] p0 +# 131| 1: [VarAccess] p1 +# 133| 15: [Method] adaptedParams +# 133| 3: [TypeAccess] Unit +# 133| 5: [BlockStmt] { ... } +# 134| 0: [ExprStmt] ; +# 134| 0: [ImplicitCoercionToUnitExpr] +# 134| 0: [TypeAccess] Unit +# 134| 1: [MethodAccess] expectsOneParam(...) +# 134| -1: [TypeAccess] ReflectionKt +# 134| 0: [StmtExpr] +# 134| 0: [BlockStmt] { ... } +# 134| 0: [LocalTypeDeclStmt] class ... +# 134| 0: [LocalClass] +# 134| 1: [Constructor] +# 134| 5: [BlockStmt] { ... } +# 134| 0: [SuperConstructorInvocationStmt] super(...) +# 134| 2: [Method] takesOptionalParam +# 134| 3: [TypeAccess] int +#-----| 4: (Parameters) +# 134| 0: [Parameter] p0 +# 134| 0: [TypeAccess] int +# 134| 5: [BlockStmt] { ... } +# 134| 0: [ReturnStmt] return ... +# 134| 0: [MethodAccess] takesOptionalParam$default(...) +# 134| -1: [TypeAccess] ReflectionKt +# 134| 0: [VarAccess] p0 +# 1| 1: [IntegerLiteral] 0 +# 1| 2: [IntegerLiteral] 1 +# 1| 3: [NullLiteral] null +# 134| 1: [ExprStmt] ; +# 134| 0: [MemberRefExpr] ...::... +# 134| -4: [AnonymousClass] new Function1(...) { ... } +# 134| 1: [Constructor] +# 134| 5: [BlockStmt] { ... } +# 134| 0: [SuperConstructorInvocationStmt] super(...) +# 134| 0: [IntegerLiteral] 1 +# 134| 2: [Method] invoke +#-----| 4: (Parameters) +# 134| 0: [Parameter] a0 +# 134| 5: [BlockStmt] { ... } +# 134| 0: [ReturnStmt] return ... +# 134| 0: [MethodAccess] takesOptionalParam(...) +# 134| -1: [ClassInstanceExpr] new (...) +# 134| -3: [TypeAccess] Object +# 134| 0: [VarAccess] a0 +# 134| -3: [TypeAccess] Function1 +# 134| 0: [TypeAccess] Integer +# 134| 1: [TypeAccess] Integer +# 137| 16: [Method] expectsOneParamAndReceiver +# 137| 3: [TypeAccess] Unit +#-----| 4: (Parameters) +# 137| 0: [Parameter] f +# 137| 0: [TypeAccess] Function2 +# 137| 0: [WildcardTypeAccess] ? ... +# 137| 1: [TypeAccess] MemberOptionalsTest +# 137| 1: [WildcardTypeAccess] ? ... +# 137| 1: [TypeAccess] Integer +# 137| 2: [TypeAccess] Integer +# 137| 5: [BlockStmt] { ... } +# 143| 17: [Method] memberAdaptedParams +# 143| 3: [TypeAccess] Unit +#-----| 4: (Parameters) +# 143| 0: [Parameter] m +# 143| 0: [TypeAccess] MemberOptionalsTest +# 143| 5: [BlockStmt] { ... } +# 144| 0: [ExprStmt] ; +# 144| 0: [ImplicitCoercionToUnitExpr] +# 144| 0: [TypeAccess] Unit +# 144| 1: [MethodAccess] expectsOneParam(...) +# 144| -1: [TypeAccess] ReflectionKt +# 144| 0: [StmtExpr] +# 144| 0: [BlockStmt] { ... } +# 144| 0: [LocalTypeDeclStmt] class ... +# 144| 0: [LocalClass] +# 144| 1: [Constructor] +# 144| 5: [BlockStmt] { ... } +# 144| 0: [SuperConstructorInvocationStmt] super(...) +# 144| 2: [ExtensionMethod] takesOptionalParam +# 144| 3: [TypeAccess] int +#-----| 4: (Parameters) +# 144| 0: [Parameter] receiver +# 144| 0: [TypeAccess] MemberOptionalsTest +# 144| 1: [Parameter] p0 +# 144| 0: [TypeAccess] int +# 144| 5: [BlockStmt] { ... } +# 144| 0: [ReturnStmt] return ... +# 144| 0: [MethodAccess] takesOptionalParam$default(...) +# 144| -1: [TypeAccess] MemberOptionalsTest +# 144| 0: [ExtensionReceiverAccess] this +# 144| 1: [VarAccess] p0 +# 1| 2: [IntegerLiteral] 0 +# 1| 3: [IntegerLiteral] 1 +# 1| 4: [NullLiteral] null +# 144| 1: [ExprStmt] ; +# 144| 0: [MemberRefExpr] ...::... +# 144| -4: [AnonymousClass] new Function1(...) { ... } +# 144| 1: [Constructor] +#-----| 4: (Parameters) +# 144| 0: [Parameter] +# 144| 5: [BlockStmt] { ... } +# 144| 0: [SuperConstructorInvocationStmt] super(...) +# 144| 0: [IntegerLiteral] 1 +# 144| 1: [ExprStmt] ; +# 144| 0: [AssignExpr] ...=... +# 144| 0: [VarAccess] this. +# 144| -1: [ThisAccess] this +# 144| 1: [VarAccess] +# 144| 2: [FieldDeclaration] MemberOptionalsTest ; +# 144| -1: [TypeAccess] MemberOptionalsTest +# 144| 3: [Method] invoke +#-----| 4: (Parameters) +# 144| 0: [Parameter] a0 +# 144| 5: [BlockStmt] { ... } +# 144| 0: [ReturnStmt] return ... +# 144| 0: [MethodAccess] takesOptionalParam(...) +# 144| -1: [ClassInstanceExpr] new (...) +# 144| -3: [TypeAccess] Object +# 144| 0: [VarAccess] this. +# 144| -1: [ThisAccess] this +# 144| 1: [VarAccess] a0 +# 144| -3: [TypeAccess] Function1 +# 144| 0: [TypeAccess] Integer +# 144| 1: [TypeAccess] Integer +# 144| 0: [VarAccess] m +# 145| 1: [ExprStmt] ; +# 145| 0: [MethodAccess] expectsOneParamAndReceiver(...) +# 145| -1: [TypeAccess] ReflectionKt +# 145| 0: [StmtExpr] +# 145| 0: [BlockStmt] { ... } +# 145| 0: [LocalTypeDeclStmt] class ... +# 145| 0: [LocalClass] +# 145| 1: [Constructor] +# 145| 5: [BlockStmt] { ... } +# 145| 0: [SuperConstructorInvocationStmt] super(...) +# 145| 2: [Method] takesOptionalParam +# 145| 3: [TypeAccess] int +#-----| 4: (Parameters) +# 145| 0: [Parameter] p0 +# 145| 0: [TypeAccess] MemberOptionalsTest +# 145| 1: [Parameter] p1 +# 145| 0: [TypeAccess] int +# 145| 5: [BlockStmt] { ... } +# 145| 0: [ReturnStmt] return ... +# 145| 0: [MethodAccess] takesOptionalParam$default(...) +# 145| -1: [TypeAccess] MemberOptionalsTest +# 145| 0: [VarAccess] p0 +# 145| 1: [VarAccess] p1 +# 1| 2: [IntegerLiteral] 0 +# 1| 3: [IntegerLiteral] 1 +# 1| 4: [NullLiteral] null +# 145| 1: [ExprStmt] ; +# 145| 0: [MemberRefExpr] ...::... +# 145| -4: [AnonymousClass] new Function2(...) { ... } +# 145| 1: [Constructor] +# 145| 5: [BlockStmt] { ... } +# 145| 0: [SuperConstructorInvocationStmt] super(...) +# 145| 0: [IntegerLiteral] 2 +# 145| 2: [Method] invoke +#-----| 4: (Parameters) +# 145| 0: [Parameter] a0 +# 145| 1: [Parameter] a1 +# 145| 5: [BlockStmt] { ... } +# 145| 0: [ReturnStmt] return ... +# 145| 0: [MethodAccess] takesOptionalParam(...) +# 145| -1: [ClassInstanceExpr] new (...) +# 145| -3: [TypeAccess] Object +# 145| 0: [VarAccess] a0 +# 145| 1: [VarAccess] a1 +# 145| -3: [TypeAccess] Function2 +# 145| 0: [TypeAccess] MemberOptionalsTest +# 145| 1: [TypeAccess] Integer +# 145| 2: [TypeAccess] Integer +# 148| 18: [Method] expectsOneParamAndExtension +# 148| 3: [TypeAccess] Unit +#-----| 4: (Parameters) +# 148| 0: [Parameter] f +# 148| 0: [TypeAccess] Function2 +# 148| 0: [WildcardTypeAccess] ? ... +# 148| 1: [TypeAccess] String +# 148| 1: [WildcardTypeAccess] ? ... +# 148| 1: [TypeAccess] Integer +# 148| 2: [TypeAccess] Integer +# 148| 5: [BlockStmt] { ... } +# 150| 19: [ExtensionMethod] extTakesOptionalParam +# 150| 3: [TypeAccess] int +#-----| 4: (Parameters) +# 150| 0: [Parameter] +# 150| 0: [TypeAccess] String +# 150| 1: [Parameter] x +# 150| 0: [TypeAccess] int +# 150| 2: [Parameter] y +# 150| 0: [TypeAccess] int +# 150| 5: [BlockStmt] { ... } +# 150| 0: [ReturnStmt] return ... +# 150| 0: [AddExpr] ... + ... +# 150| 0: [VarAccess] x +# 150| 1: [VarAccess] y +# 150| 20: [Method] extTakesOptionalParam$default +# 150| 3: [TypeAccess] int +#-----| 4: (Parameters) +# 150| 0: [Parameter] p0 +# 150| 0: [TypeAccess] String +# 150| 1: [Parameter] p1 +# 150| 0: [TypeAccess] int +# 150| 2: [Parameter] p2 +# 150| 0: [TypeAccess] int +# 150| 3: [Parameter] p3 +# 150| 0: [TypeAccess] int +# 150| 4: [Parameter] p4 +# 150| 0: [TypeAccess] Object +# 150| 5: [BlockStmt] { ... } +# 150| 0: [IfStmt] if (...) +# 150| 0: [EQExpr] ... == ... +# 150| 0: [AndBitwiseExpr] ... & ... +# 150| 0: [IntegerLiteral] 2 +# 150| 1: [VarAccess] p3 +# 150| 1: [IntegerLiteral] 0 +# 150| 1: [ExprStmt] ; +# 150| 0: [AssignExpr] ...=... +# 150| 0: [VarAccess] p2 +# 150| 1: [IntegerLiteral] 0 +# 150| 1: [ReturnStmt] return ... +# 150| 0: [MethodAccess] extTakesOptionalParam(...) +# 150| -1: [TypeAccess] ReflectionKt +# 150| 0: [VarAccess] p0 +# 150| 1: [VarAccess] p1 +# 150| 2: [VarAccess] p2 +# 152| 21: [Method] extensionAdaptedParams +# 152| 3: [TypeAccess] Unit +#-----| 4: (Parameters) +# 152| 0: [Parameter] s +# 152| 0: [TypeAccess] String +# 152| 5: [BlockStmt] { ... } +# 153| 0: [ExprStmt] ; +# 153| 0: [ImplicitCoercionToUnitExpr] +# 153| 0: [TypeAccess] Unit +# 153| 1: [MethodAccess] expectsOneParam(...) +# 153| -1: [TypeAccess] ReflectionKt +# 153| 0: [StmtExpr] +# 153| 0: [BlockStmt] { ... } +# 153| 0: [LocalTypeDeclStmt] class ... +# 153| 0: [LocalClass] +# 153| 1: [Constructor] +# 153| 5: [BlockStmt] { ... } +# 153| 0: [SuperConstructorInvocationStmt] super(...) +# 153| 2: [ExtensionMethod] extTakesOptionalParam +# 153| 3: [TypeAccess] int +#-----| 4: (Parameters) +# 153| 0: [Parameter] receiver +# 153| 0: [TypeAccess] String +# 153| 1: [Parameter] p0 +# 153| 0: [TypeAccess] int +# 153| 5: [BlockStmt] { ... } +# 153| 0: [ReturnStmt] return ... +# 153| 0: [MethodAccess] extTakesOptionalParam$default(...) +# 153| -1: [TypeAccess] ReflectionKt +# 153| 0: [ExtensionReceiverAccess] this +# 153| 1: [VarAccess] p0 +# 1| 2: [IntegerLiteral] 0 +# 1| 3: [IntegerLiteral] 1 +# 1| 4: [NullLiteral] null +# 153| 1: [ExprStmt] ; +# 153| 0: [MemberRefExpr] ...::... +# 153| -4: [AnonymousClass] new Function1(...) { ... } +# 153| 1: [Constructor] +#-----| 4: (Parameters) +# 153| 0: [Parameter] +# 153| 5: [BlockStmt] { ... } +# 153| 0: [SuperConstructorInvocationStmt] super(...) +# 153| 0: [IntegerLiteral] 1 +# 153| 1: [ExprStmt] ; +# 153| 0: [AssignExpr] ...=... +# 153| 0: [VarAccess] this. +# 153| -1: [ThisAccess] this +# 153| 1: [VarAccess] +# 153| 2: [FieldDeclaration] String ; +# 153| -1: [TypeAccess] String +# 153| 3: [Method] invoke +#-----| 4: (Parameters) +# 153| 0: [Parameter] a0 +# 153| 5: [BlockStmt] { ... } +# 153| 0: [ReturnStmt] return ... +# 153| 0: [MethodAccess] extTakesOptionalParam(...) +# 153| -1: [ClassInstanceExpr] new (...) +# 153| -3: [TypeAccess] Object +# 153| 0: [VarAccess] this. +# 153| -1: [ThisAccess] this +# 153| 1: [VarAccess] a0 +# 153| -3: [TypeAccess] Function1 +# 153| 0: [TypeAccess] Integer +# 153| 1: [TypeAccess] Integer +# 153| 0: [VarAccess] s +# 154| 1: [ExprStmt] ; +# 154| 0: [MethodAccess] expectsOneParamAndExtension(...) +# 154| -1: [TypeAccess] ReflectionKt +# 154| 0: [StmtExpr] +# 154| 0: [BlockStmt] { ... } +# 154| 0: [LocalTypeDeclStmt] class ... +# 154| 0: [LocalClass] +# 154| 1: [Constructor] +# 154| 5: [BlockStmt] { ... } +# 154| 0: [SuperConstructorInvocationStmt] super(...) +# 154| 2: [Method] extTakesOptionalParam +# 154| 3: [TypeAccess] int +#-----| 4: (Parameters) +# 154| 0: [Parameter] p0 +# 154| 0: [TypeAccess] String +# 154| 1: [Parameter] p1 +# 154| 0: [TypeAccess] int +# 154| 5: [BlockStmt] { ... } +# 154| 0: [ReturnStmt] return ... +# 154| 0: [MethodAccess] extTakesOptionalParam$default(...) +# 154| -1: [TypeAccess] ReflectionKt +# 154| 0: [VarAccess] p0 +# 154| 1: [VarAccess] p1 +# 1| 2: [IntegerLiteral] 0 +# 1| 3: [IntegerLiteral] 1 +# 1| 4: [NullLiteral] null +# 154| 1: [ExprStmt] ; +# 154| 0: [MemberRefExpr] ...::... +# 154| -4: [AnonymousClass] new Function2(...) { ... } +# 154| 1: [Constructor] +# 154| 5: [BlockStmt] { ... } +# 154| 0: [SuperConstructorInvocationStmt] super(...) +# 154| 0: [IntegerLiteral] 2 +# 154| 2: [Method] invoke +#-----| 4: (Parameters) +# 154| 0: [Parameter] a0 +# 154| 1: [Parameter] a1 +# 154| 5: [BlockStmt] { ... } +# 154| 0: [ReturnStmt] return ... +# 154| 0: [MethodAccess] extTakesOptionalParam(...) +# 154| -1: [ClassInstanceExpr] new (...) +# 154| -3: [TypeAccess] Object +# 154| 0: [VarAccess] a0 +# 154| 1: [VarAccess] a1 +# 154| -3: [TypeAccess] Function2 +# 154| 0: [TypeAccess] String +# 154| 1: [TypeAccess] Integer +# 154| 2: [TypeAccess] Integer +# 159| 22: [Method] expectsOneParamCons +# 159| 3: [TypeAccess] ConstructorOptional +#-----| 4: (Parameters) +# 159| 0: [Parameter] f +# 159| 0: [TypeAccess] Function1 +# 159| 0: [WildcardTypeAccess] ? ... +# 159| 1: [TypeAccess] Integer +# 159| 1: [TypeAccess] ConstructorOptional +# 159| 5: [BlockStmt] { ... } +# 159| 0: [ReturnStmt] return ... +# 159| 0: [MethodAccess] invoke(...) +# 159| -1: [VarAccess] f +# 159| 0: [IntegerLiteral] 0 +# 161| 23: [Method] constructorAdaptedParams +# 161| 3: [TypeAccess] Unit +# 161| 5: [BlockStmt] { ... } +# 162| 0: [ExprStmt] ; +# 162| 0: [ImplicitCoercionToUnitExpr] +# 162| 0: [TypeAccess] Unit +# 162| 1: [MethodAccess] expectsOneParamCons(...) +# 162| -1: [TypeAccess] ReflectionKt +# 162| 0: [StmtExpr] +# 162| 0: [BlockStmt] { ... } +# 162| 0: [LocalTypeDeclStmt] class ... +# 162| 0: [LocalClass] +# 162| 1: [Constructor] +# 162| 5: [BlockStmt] { ... } +# 162| 0: [SuperConstructorInvocationStmt] super(...) +# 162| 2: [Method] +# 162| 3: [TypeAccess] ConstructorOptional +#-----| 4: (Parameters) +# 162| 0: [Parameter] p0 +# 162| 0: [TypeAccess] int +# 162| 5: [BlockStmt] { ... } +# 162| 0: [ReturnStmt] return ... +# 162| 0: [ClassInstanceExpr] new ConstructorOptional(...) +# 162| -3: [TypeAccess] ConstructorOptional +# 162| 0: [VarAccess] p0 +# 1| 1: [IntegerLiteral] 0 +# 1| 2: [IntegerLiteral] 1 +# 1| 3: [NullLiteral] null +# 162| 1: [ExprStmt] ; +# 162| 0: [MemberRefExpr] ...::... +# 162| -4: [AnonymousClass] new Function1(...) { ... } +# 162| 1: [Constructor] +# 162| 5: [BlockStmt] { ... } +# 162| 0: [SuperConstructorInvocationStmt] super(...) +# 162| 0: [IntegerLiteral] 1 +# 162| 2: [Method] invoke +#-----| 4: (Parameters) +# 162| 0: [Parameter] a0 +# 162| 5: [BlockStmt] { ... } +# 162| 0: [ReturnStmt] return ... +# 162| 0: [MethodAccess] (...) +# 162| -1: [ClassInstanceExpr] new (...) +# 162| -3: [TypeAccess] Object +# 162| 0: [VarAccess] a0 +# 162| -3: [TypeAccess] Function1 +# 162| 0: [TypeAccess] Integer +# 162| 1: [TypeAccess] ConstructorOptional # 5| 2: [Class] Reflection # 5| 1: [Constructor] Reflection # 5| 5: [BlockStmt] { ... } @@ -296,6 +752,7 @@ reflection.kt: # 7| 1: [Constructor] # 7| 5: [BlockStmt] { ... } # 7| 0: [SuperConstructorInvocationStmt] super(...) +# 7| 0: [IntegerLiteral] 2 # 7| 2: [Method] invoke #-----| 4: (Parameters) # 7| 0: [Parameter] a0 @@ -362,6 +819,7 @@ reflection.kt: # 14| 0: [Parameter] # 14| 5: [BlockStmt] { ... } # 14| 0: [SuperConstructorInvocationStmt] super(...) +# 14| 0: [IntegerLiteral] 1 # 14| 1: [ExprStmt] ; # 14| 0: [AssignExpr] ...=... # 14| 0: [VarAccess] this. @@ -473,6 +931,7 @@ reflection.kt: # 21| 0: [Parameter] # 21| 5: [BlockStmt] { ... } # 21| 0: [SuperConstructorInvocationStmt] super(...) +# 21| 0: [IntegerLiteral] 2 # 21| 1: [ExprStmt] ; # 21| 0: [AssignExpr] ...=... # 21| 0: [VarAccess] this. @@ -678,6 +1137,7 @@ reflection.kt: # 60| 1: [Constructor] # 60| 5: [BlockStmt] { ... } # 60| 0: [SuperConstructorInvocationStmt] super(...) +# 60| 0: [IntegerLiteral] 2 # 60| 2: [Method] invoke #-----| 4: (Parameters) # 60| 0: [Parameter] a0 @@ -702,6 +1162,7 @@ reflection.kt: # 61| 0: [Parameter] # 61| 5: [BlockStmt] { ... } # 61| 0: [SuperConstructorInvocationStmt] super(...) +# 61| 0: [IntegerLiteral] 1 # 61| 1: [ExprStmt] ; # 61| 0: [AssignExpr] ...=... # 61| 0: [VarAccess] this. @@ -733,6 +1194,7 @@ reflection.kt: # 62| 1: [Constructor] # 62| 5: [BlockStmt] { ... } # 62| 0: [SuperConstructorInvocationStmt] super(...) +# 62| 0: [IntegerLiteral] 1 # 62| 2: [Method] invoke #-----| 4: (Parameters) # 62| 0: [Parameter] a0 @@ -756,6 +1218,7 @@ reflection.kt: # 63| 0: [Parameter] # 63| 5: [BlockStmt] { ... } # 63| 0: [SuperConstructorInvocationStmt] super(...) +# 63| 0: [IntegerLiteral] 0 # 63| 1: [ExprStmt] ; # 63| 0: [AssignExpr] ...=... # 63| 0: [VarAccess] this. @@ -785,6 +1248,7 @@ reflection.kt: # 64| 1: [Constructor] # 64| 5: [BlockStmt] { ... } # 64| 0: [SuperConstructorInvocationStmt] super(...) +# 64| 0: [IntegerLiteral] 1 # 64| 2: [Method] invoke #-----| 4: (Parameters) # 64| 0: [Parameter] a0 @@ -807,6 +1271,7 @@ reflection.kt: # 65| 0: [Parameter] # 65| 5: [BlockStmt] { ... } # 65| 0: [SuperConstructorInvocationStmt] super(...) +# 65| 0: [IntegerLiteral] 0 # 65| 1: [ExprStmt] ; # 65| 0: [AssignExpr] ...=... # 65| 0: [VarAccess] this. @@ -1077,6 +1542,7 @@ reflection.kt: # 90| 0: [Parameter] # 90| 5: [BlockStmt] { ... } # 90| 0: [SuperConstructorInvocationStmt] super(...) +# 90| 0: [IntegerLiteral] 1 # 90| 1: [ExprStmt] ; # 90| 0: [AssignExpr] ...=... # 90| 0: [VarAccess] this. @@ -1210,6 +1676,7 @@ reflection.kt: # 116| 1: [Constructor] # 116| 5: [BlockStmt] { ... } # 116| 0: [SuperConstructorInvocationStmt] super(...) +# 116| 0: [IntegerLiteral] 1 # 116| 2: [Method] invoke #-----| 4: (Parameters) # 116| 0: [Parameter] a0 @@ -1222,3 +1689,83 @@ reflection.kt: # 116| -3: [TypeAccess] Function1 # 116| 0: [TypeAccess] Integer # 116| 1: [TypeAccess] Unit +# 139| 9: [Class] MemberOptionalsTest +# 139| 1: [Constructor] MemberOptionalsTest +# 139| 5: [BlockStmt] { ... } +# 139| 0: [SuperConstructorInvocationStmt] super(...) +# 139| 1: [BlockStmt] { ... } +# 140| 2: [Method] takesOptionalParam +# 140| 3: [TypeAccess] int +#-----| 4: (Parameters) +# 140| 0: [Parameter] x +# 140| 0: [TypeAccess] int +# 140| 1: [Parameter] y +# 140| 0: [TypeAccess] int +# 140| 5: [BlockStmt] { ... } +# 140| 0: [ReturnStmt] return ... +# 140| 0: [AddExpr] ... + ... +# 140| 0: [VarAccess] x +# 140| 1: [VarAccess] y +# 140| 3: [Method] takesOptionalParam$default +# 140| 3: [TypeAccess] int +#-----| 4: (Parameters) +# 140| 0: [Parameter] p0 +# 140| 0: [TypeAccess] MemberOptionalsTest +# 140| 1: [Parameter] p1 +# 140| 0: [TypeAccess] int +# 140| 2: [Parameter] p2 +# 140| 0: [TypeAccess] int +# 140| 3: [Parameter] p3 +# 140| 0: [TypeAccess] int +# 140| 4: [Parameter] p4 +# 140| 0: [TypeAccess] Object +# 140| 5: [BlockStmt] { ... } +# 140| 0: [IfStmt] if (...) +# 140| 0: [EQExpr] ... == ... +# 140| 0: [AndBitwiseExpr] ... & ... +# 140| 0: [IntegerLiteral] 2 +# 140| 1: [VarAccess] p3 +# 140| 1: [IntegerLiteral] 0 +# 140| 1: [ExprStmt] ; +# 140| 0: [AssignExpr] ...=... +# 140| 0: [VarAccess] p2 +# 140| 1: [IntegerLiteral] 0 +# 140| 1: [ReturnStmt] return ... +# 140| 0: [MethodAccess] takesOptionalParam(...) +# 140| -1: [VarAccess] p0 +# 140| 0: [VarAccess] p1 +# 140| 1: [VarAccess] p2 +# 157| 10: [Class] ConstructorOptional +# 157| 1: [Constructor] ConstructorOptional +#-----| 4: (Parameters) +# 157| 0: [Parameter] x +# 157| 0: [TypeAccess] int +# 157| 1: [Parameter] y +# 157| 0: [TypeAccess] int +# 157| 5: [BlockStmt] { ... } +# 157| 0: [SuperConstructorInvocationStmt] super(...) +# 157| 1: [BlockStmt] { ... } +# 157| 2: [Constructor] ConstructorOptional +#-----| 4: (Parameters) +# 157| 0: [Parameter] p0 +# 157| 0: [TypeAccess] int +# 157| 1: [Parameter] p1 +# 157| 0: [TypeAccess] int +# 157| 2: [Parameter] p2 +# 157| 0: [TypeAccess] int +# 157| 3: [Parameter] p3 +# 157| 0: [TypeAccess] DefaultConstructorMarker +# 157| 5: [BlockStmt] { ... } +# 157| 0: [IfStmt] if (...) +# 157| 0: [EQExpr] ... == ... +# 157| 0: [AndBitwiseExpr] ... & ... +# 157| 0: [IntegerLiteral] 2 +# 157| 1: [VarAccess] p2 +# 157| 1: [IntegerLiteral] 0 +# 157| 1: [ExprStmt] ; +# 157| 0: [AssignExpr] ...=... +# 157| 0: [VarAccess] p1 +# 157| 1: [IntegerLiteral] 0 +# 157| 1: [ThisConstructorInvocationStmt] this(...) +# 157| 0: [VarAccess] p0 +# 157| 1: [VarAccess] p1 diff --git a/java/ql/test/kotlin/library-tests/reflection/checkParameterCounts.expected b/java/ql/test/kotlin/library-tests/reflection/checkParameterCounts.expected new file mode 100644 index 00000000000..e69de29bb2d diff --git a/java/ql/test/kotlin/library-tests/reflection/checkParameterCounts.ql b/java/ql/test/kotlin/library-tests/reflection/checkParameterCounts.ql new file mode 100644 index 00000000000..854bfbc5af4 --- /dev/null +++ b/java/ql/test/kotlin/library-tests/reflection/checkParameterCounts.ql @@ -0,0 +1,9 @@ +import java + +from Call call, Callable callable, int argCount, int paramCount +where + call.getCallee() = callable and + argCount = count(call.getAnArgument()) and + paramCount = count(callable.getAParameter()) and + argCount != paramCount +select "Call should have " + paramCount + " arguments but actually has " + argCount, call, callable diff --git a/java/ql/test/kotlin/library-tests/reflection/reflection.expected b/java/ql/test/kotlin/library-tests/reflection/reflection.expected index 523ebd93d44..df62f83bac2 100644 --- a/java/ql/test/kotlin/library-tests/reflection/reflection.expected +++ b/java/ql/test/kotlin/library-tests/reflection/reflection.expected @@ -2,21 +2,21 @@ variableInitializerType | reflection.kt:7:9:7:54 | KFunction ref | file:///KFunction.class:0:0:0:0 | KFunction | reflection.kt:7:49:7:54 | new Function2(...) { ... } | file:///Function2.class:0:0:0:0 | Function2 | true | | reflection.kt:7:9:7:54 | KFunction ref | file:///KFunction.class:0:0:0:0 | KFunction | reflection.kt:7:49:7:54 | new Function2(...) { ... } | file:///FunctionReference.class:0:0:0:0 | FunctionReference | true | | reflection.kt:10:9:10:42 | KProperty1 x0 | file:///KProperty1.class:0:0:0:0 | KProperty1 | reflection.kt:10:38:10:42 | new KProperty1(...) { ... } | file:///KProperty1.class:0:0:0:0 | KProperty1 | true | -| reflection.kt:10:9:10:42 | KProperty1 x0 | file:///KProperty1.class:0:0:0:0 | KProperty1 | reflection.kt:10:38:10:42 | new KProperty1(...) { ... } | file:///PropertyReference1.class:0:0:0:0 | PropertyReference1 | true | +| reflection.kt:10:9:10:42 | KProperty1 x0 | file:///KProperty1.class:0:0:0:0 | KProperty1 | reflection.kt:10:38:10:42 | new KProperty1(...) { ... } | file:///PropertyReference.class:0:0:0:0 | PropertyReference | true | | reflection.kt:13:9:13:53 | Getter x3 | file:///KProperty1$Getter.class:0:0:0:0 | Getter | file:///KProperty1$Getter.class:0:0:0:0 | Getter | file:///Function1.class:0:0:0:0 | Function1 | true | | reflection.kt:13:9:13:53 | Getter x3 | file:///KProperty1$Getter.class:0:0:0:0 | Getter | file:///KProperty1$Getter.class:0:0:0:0 | Getter | file:///KProperty$Getter.class:0:0:0:0 | Getter | true | | reflection.kt:14:9:14:44 | KFunction x4 | file:///KFunction.class:0:0:0:0 | KFunction | reflection.kt:14:38:14:44 | new Function1(...) { ... } | file:///Function1.class:0:0:0:0 | Function1 | true | | reflection.kt:14:9:14:44 | KFunction x4 | file:///KFunction.class:0:0:0:0 | KFunction | reflection.kt:14:38:14:44 | new Function1(...) { ... } | file:///FunctionReference.class:0:0:0:0 | FunctionReference | true | | reflection.kt:15:9:15:41 | KProperty0 x5 | file:///KProperty0.class:0:0:0:0 | KProperty0 | reflection.kt:15:35:15:41 | new KProperty0(...) { ... } | file:///KProperty0.class:0:0:0:0 | KProperty0 | true | -| reflection.kt:15:9:15:41 | KProperty0 x5 | file:///KProperty0.class:0:0:0:0 | KProperty0 | reflection.kt:15:35:15:41 | new KProperty0(...) { ... } | file:///PropertyReference0.class:0:0:0:0 | PropertyReference0 | true | +| reflection.kt:15:9:15:41 | KProperty0 x5 | file:///KProperty0.class:0:0:0:0 | KProperty0 | reflection.kt:15:35:15:41 | new KProperty0(...) { ... } | file:///PropertyReference.class:0:0:0:0 | PropertyReference | true | | reflection.kt:17:9:17:49 | KMutableProperty1 y0 | file:///KMutableProperty1.class:0:0:0:0 | KMutableProperty1 | reflection.kt:17:45:17:49 | new KMutableProperty1(...) { ... } | file:///KMutableProperty1.class:0:0:0:0 | KMutableProperty1 | true | -| reflection.kt:17:9:17:49 | KMutableProperty1 y0 | file:///KMutableProperty1.class:0:0:0:0 | KMutableProperty1 | reflection.kt:17:45:17:49 | new KMutableProperty1(...) { ... } | file:///MutablePropertyReference1.class:0:0:0:0 | MutablePropertyReference1 | true | +| reflection.kt:17:9:17:49 | KMutableProperty1 y0 | file:///KMutableProperty1.class:0:0:0:0 | KMutableProperty1 | reflection.kt:17:45:17:49 | new KMutableProperty1(...) { ... } | file:///PropertyReference.class:0:0:0:0 | PropertyReference | true | | reflection.kt:20:9:20:60 | Setter y3 | file:///KMutableProperty1$Setter.class:0:0:0:0 | Setter | file:///KMutableProperty1$Setter.class:0:0:0:0 | Setter | file:///Function2.class:0:0:0:0 | Function2 | true | | reflection.kt:20:9:20:60 | Setter y3 | file:///KMutableProperty1$Setter.class:0:0:0:0 | Setter | file:///KMutableProperty1$Setter.class:0:0:0:0 | Setter | file:///KMutableProperty$Setter.class:0:0:0:0 | Setter | true | | reflection.kt:21:9:21:50 | KFunction y4 | file:///KFunction.class:0:0:0:0 | KFunction | reflection.kt:21:44:21:50 | new Function2(...) { ... } | file:///Function2.class:0:0:0:0 | Function2 | true | | reflection.kt:21:9:21:50 | KFunction y4 | file:///KFunction.class:0:0:0:0 | KFunction | reflection.kt:21:44:21:50 | new Function2(...) { ... } | file:///FunctionReference.class:0:0:0:0 | FunctionReference | true | | reflection.kt:22:9:22:48 | KMutableProperty0 y5 | file:///KMutableProperty0.class:0:0:0:0 | KMutableProperty0 | reflection.kt:22:42:22:48 | new KMutableProperty0(...) { ... } | file:///KMutableProperty0.class:0:0:0:0 | KMutableProperty0 | true | -| reflection.kt:22:9:22:48 | KMutableProperty0 y5 | file:///KMutableProperty0.class:0:0:0:0 | KMutableProperty0 | reflection.kt:22:42:22:48 | new KMutableProperty0(...) { ... } | file:///MutablePropertyReference0.class:0:0:0:0 | MutablePropertyReference0 | true | +| reflection.kt:22:9:22:48 | KMutableProperty0 y5 | file:///KMutableProperty0.class:0:0:0:0 | KMutableProperty0 | reflection.kt:22:42:22:48 | new KMutableProperty0(...) { ... } | file:///PropertyReference.class:0:0:0:0 | PropertyReference | true | | reflection.kt:24:9:24:91 | KProperty2 prop | file:///KProperty2.class:0:0:0:0 | KProperty2 | file:///KProperty2.class:0:0:0:0 | KProperty2 | file:///Function2.class:0:0:0:0 | Function2 | true | | reflection.kt:24:9:24:91 | KProperty2 prop | file:///KProperty2.class:0:0:0:0 | KProperty2 | file:///KProperty2.class:0:0:0:0 | KProperty2 | file:///KProperty.class:0:0:0:0 | KProperty | true | | reflection.kt:116:9:116:44 | KFunction x | file:///KFunction.class:0:0:0:0 | KFunction | reflection.kt:116:40:116:44 | new Function1(...) { ... } | file:///Function1.class:0:0:0:0 | Function1 | true | @@ -51,7 +51,13 @@ functionReferences | reflection.kt:98:14:98:17 | ...::... | reflection.kt:98:14:98:17 | invoke | reflection.kt:94:1:94:24 | fn | | reflection.kt:99:14:99:29 | ...::... | reflection.kt:99:14:99:29 | invoke | file:///Class2$Inner.class:0:0:0:0 | Inner | | reflection.kt:116:40:116:44 | ...::... | reflection.kt:116:40:116:44 | invoke | reflection.kt:115:9:115:27 | fn1 | -| reflection.kt:126:9:126:13 | ...::... | reflection.kt:126:9:126:13 | invoke | reflection.kt:121:1:121:13 | fn1 | +| reflection.kt:126:9:126:13 | ...::... | reflection.kt:126:9:126:13 | invoke | reflection.kt:126:9:126:13 | fn1 | +| reflection.kt:134:21:134:40 | ...::... | reflection.kt:134:21:134:40 | invoke | reflection.kt:134:21:134:40 | takesOptionalParam | +| reflection.kt:144:21:144:41 | ...::... | reflection.kt:144:21:144:41 | invoke | reflection.kt:144:21:144:41 | takesOptionalParam | +| reflection.kt:145:32:145:70 | ...::... | reflection.kt:145:32:145:70 | invoke | reflection.kt:145:32:145:70 | takesOptionalParam | +| reflection.kt:153:21:153:44 | ...::... | reflection.kt:153:21:153:44 | invoke | reflection.kt:153:21:153:44 | extTakesOptionalParam | +| reflection.kt:154:33:154:61 | ...::... | reflection.kt:154:33:154:61 | invoke | reflection.kt:154:33:154:61 | extTakesOptionalParam | +| reflection.kt:162:25:162:45 | ...::... | reflection.kt:162:25:162:45 | invoke | reflection.kt:162:25:162:45 | | propertyGetReferences | reflection.kt:10:38:10:42 | ...::... | reflection.kt:10:38:10:42 | get | reflection.kt:33:9:33:23 | getP0 | | reflection.kt:15:35:15:41 | ...::... | reflection.kt:15:35:15:41 | get | reflection.kt:33:9:33:23 | getP0 | @@ -115,7 +121,20 @@ callsInsideInvocationMethods | reflection.kt:109:17:109:27 | ...::... | reflection.kt:109:17:109:27 | new KMutableProperty0(...) { ... } | reflection.kt:109:17:109:27 | set | reflection.kt:109:17:109:27 | setProp1(...) | Base1.setProp1 | | reflection.kt:116:40:116:44 | ...::... | reflection.kt:116:40:116:44 | new Function1(...) { ... } | reflection.kt:116:40:116:44 | invoke | reflection.kt:116:40:116:44 | fn1(...) | LocalFn$.fn1 | | reflection.kt:116:40:116:44 | ...::... | reflection.kt:116:40:116:44 | new Function1(...) { ... } | reflection.kt:116:40:116:44 | invoke | reflection.kt:116:40:116:44 | new (...) | LocalFn$. | -| reflection.kt:126:9:126:13 | ...::... | reflection.kt:126:9:126:13 | new Function0(...) { ... } | reflection.kt:126:9:126:13 | invoke | reflection.kt:126:9:126:13 | fn1(...) | ReflectionKt.fn1 | +| reflection.kt:126:9:126:13 | ...::... | reflection.kt:126:9:126:13 | new Function0(...) { ... } | reflection.kt:126:9:126:13 | invoke | reflection.kt:126:9:126:13 | fn1(...) | ReflectionKt$.fn1 | +| reflection.kt:126:9:126:13 | ...::... | reflection.kt:126:9:126:13 | new Function0(...) { ... } | reflection.kt:126:9:126:13 | invoke | reflection.kt:126:9:126:13 | new (...) | ReflectionKt$. | +| reflection.kt:134:21:134:40 | ...::... | reflection.kt:134:21:134:40 | new Function1(...) { ... } | reflection.kt:134:21:134:40 | invoke | reflection.kt:134:21:134:40 | new (...) | ReflectionKt$. | +| reflection.kt:134:21:134:40 | ...::... | reflection.kt:134:21:134:40 | new Function1(...) { ... } | reflection.kt:134:21:134:40 | invoke | reflection.kt:134:21:134:40 | takesOptionalParam(...) | ReflectionKt$.takesOptionalParam | +| reflection.kt:144:21:144:41 | ...::... | reflection.kt:144:21:144:41 | new Function1(...) { ... } | reflection.kt:144:21:144:41 | invoke | reflection.kt:144:21:144:41 | new (...) | ReflectionKt$. | +| reflection.kt:144:21:144:41 | ...::... | reflection.kt:144:21:144:41 | new Function1(...) { ... } | reflection.kt:144:21:144:41 | invoke | reflection.kt:144:21:144:41 | takesOptionalParam(...) | ReflectionKt$.takesOptionalParam | +| reflection.kt:145:32:145:70 | ...::... | reflection.kt:145:32:145:70 | new Function2(...) { ... } | reflection.kt:145:32:145:70 | invoke | reflection.kt:145:32:145:70 | new (...) | ReflectionKt$. | +| reflection.kt:145:32:145:70 | ...::... | reflection.kt:145:32:145:70 | new Function2(...) { ... } | reflection.kt:145:32:145:70 | invoke | reflection.kt:145:32:145:70 | takesOptionalParam(...) | ReflectionKt$.takesOptionalParam | +| reflection.kt:153:21:153:44 | ...::... | reflection.kt:153:21:153:44 | new Function1(...) { ... } | reflection.kt:153:21:153:44 | invoke | reflection.kt:153:21:153:44 | extTakesOptionalParam(...) | ReflectionKt$.extTakesOptionalParam | +| reflection.kt:153:21:153:44 | ...::... | reflection.kt:153:21:153:44 | new Function1(...) { ... } | reflection.kt:153:21:153:44 | invoke | reflection.kt:153:21:153:44 | new (...) | ReflectionKt$. | +| reflection.kt:154:33:154:61 | ...::... | reflection.kt:154:33:154:61 | new Function2(...) { ... } | reflection.kt:154:33:154:61 | invoke | reflection.kt:154:33:154:61 | extTakesOptionalParam(...) | ReflectionKt$.extTakesOptionalParam | +| reflection.kt:154:33:154:61 | ...::... | reflection.kt:154:33:154:61 | new Function2(...) { ... } | reflection.kt:154:33:154:61 | invoke | reflection.kt:154:33:154:61 | new (...) | ReflectionKt$. | +| reflection.kt:162:25:162:45 | ...::... | reflection.kt:162:25:162:45 | new Function1(...) { ... } | reflection.kt:162:25:162:45 | invoke | reflection.kt:162:25:162:45 | (...) | ReflectionKt$. | +| reflection.kt:162:25:162:45 | ...::... | reflection.kt:162:25:162:45 | new Function1(...) { ... } | reflection.kt:162:25:162:45 | invoke | reflection.kt:162:25:162:45 | new (...) | ReflectionKt$. | fieldAccessInsideInvocationMethods | reflection.kt:14:38:14:44 | ...::... | reflection.kt:14:38:14:44 | new Function1(...) { ... } | reflection.kt:14:38:14:44 | invoke | reflection.kt:14:38:14:44 | this. | | reflection.kt:15:35:15:41 | ...::... | reflection.kt:15:35:15:41 | new KProperty0(...) { ... } | reflection.kt:15:35:15:41 | get | reflection.kt:15:35:15:41 | this. | @@ -138,6 +157,8 @@ fieldAccessInsideInvocationMethods | reflection.kt:99:14:99:29 | ...::... | reflection.kt:99:14:99:29 | new Function1>(...) { ... } | reflection.kt:99:14:99:29 | invoke | reflection.kt:99:14:99:29 | this. | | reflection.kt:109:17:109:27 | ...::... | reflection.kt:109:17:109:27 | new KMutableProperty0(...) { ... } | reflection.kt:109:17:109:27 | get | reflection.kt:109:17:109:27 | this. | | reflection.kt:109:17:109:27 | ...::... | reflection.kt:109:17:109:27 | new KMutableProperty0(...) { ... } | reflection.kt:109:17:109:27 | set | reflection.kt:109:17:109:27 | this. | +| reflection.kt:144:21:144:41 | ...::... | reflection.kt:144:21:144:41 | new Function1(...) { ... } | reflection.kt:144:21:144:41 | invoke | reflection.kt:144:21:144:41 | this. | +| reflection.kt:153:21:153:44 | ...::... | reflection.kt:153:21:153:44 | new Function1(...) { ... } | reflection.kt:153:21:153:44 | invoke | reflection.kt:153:21:153:44 | this. | modifiers | reflection.kt:7:49:7:54 | ...::... | reflection.kt:7:49:7:54 | invoke | override | | reflection.kt:7:49:7:54 | ...::... | reflection.kt:7:49:7:54 | invoke | public | @@ -229,6 +250,18 @@ modifiers | reflection.kt:116:40:116:44 | ...::... | reflection.kt:116:40:116:44 | invoke | public | | reflection.kt:126:9:126:13 | ...::... | reflection.kt:126:9:126:13 | invoke | override | | reflection.kt:126:9:126:13 | ...::... | reflection.kt:126:9:126:13 | invoke | public | +| reflection.kt:134:21:134:40 | ...::... | reflection.kt:134:21:134:40 | invoke | override | +| reflection.kt:134:21:134:40 | ...::... | reflection.kt:134:21:134:40 | invoke | public | +| reflection.kt:144:21:144:41 | ...::... | reflection.kt:144:21:144:41 | invoke | override | +| reflection.kt:144:21:144:41 | ...::... | reflection.kt:144:21:144:41 | invoke | public | +| reflection.kt:145:32:145:70 | ...::... | reflection.kt:145:32:145:70 | invoke | override | +| reflection.kt:145:32:145:70 | ...::... | reflection.kt:145:32:145:70 | invoke | public | +| reflection.kt:153:21:153:44 | ...::... | reflection.kt:153:21:153:44 | invoke | override | +| reflection.kt:153:21:153:44 | ...::... | reflection.kt:153:21:153:44 | invoke | public | +| reflection.kt:154:33:154:61 | ...::... | reflection.kt:154:33:154:61 | invoke | override | +| reflection.kt:154:33:154:61 | ...::... | reflection.kt:154:33:154:61 | invoke | public | +| reflection.kt:162:25:162:45 | ...::... | reflection.kt:162:25:162:45 | invoke | override | +| reflection.kt:162:25:162:45 | ...::... | reflection.kt:162:25:162:45 | invoke | public | compGenerated | file:///Class2.class:0:0:0:0 | getValue | 3 | | file:///Class2.class:0:0:0:0 | getValue | 3 | @@ -243,3 +276,261 @@ compGenerated | reflection.kt:105:18:105:31 | getProp1 | 3 | | reflection.kt:105:18:105:31 | setProp1 | 3 | | reflection.kt:126:9:126:13 | | 1 | +| reflection.kt:131:1:131:50 | takesOptionalParam$default | 10 | +| reflection.kt:134:21:134:40 | | 1 | +| reflection.kt:140:5:140:54 | takesOptionalParam$default | 10 | +| reflection.kt:144:21:144:41 | | 1 | +| reflection.kt:145:32:145:70 | | 1 | +| reflection.kt:150:1:150:60 | extTakesOptionalParam$default | 10 | +| reflection.kt:153:21:153:44 | | 1 | +| reflection.kt:154:33:154:61 | | 1 | +| reflection.kt:157:1:157:49 | ConstructorOptional | 10 | +| reflection.kt:162:25:162:45 | | 1 | +propertyReferenceOverrides +| reflection.kt:10:38:10:42 | ...::... | reflection.kt:10:38:10:42 | get | kotlin.reflect.KProperty1.get(Reflection.C) | +| reflection.kt:10:38:10:42 | ...::... | reflection.kt:10:38:10:42 | invoke | kotlin.jvm.functions.Function1.invoke(Reflection.C) | +| reflection.kt:15:35:15:41 | ...::... | reflection.kt:15:35:15:41 | get | kotlin.reflect.KProperty0.get() | +| reflection.kt:15:35:15:41 | ...::... | reflection.kt:15:35:15:41 | invoke | kotlin.jvm.functions.Function0.invoke() | +| reflection.kt:17:45:17:49 | ...::... | reflection.kt:17:45:17:49 | get | kotlin.reflect.KProperty1.get(Reflection.C) | +| reflection.kt:17:45:17:49 | ...::... | reflection.kt:17:45:17:49 | invoke | kotlin.jvm.functions.Function1.invoke(Reflection.C) | +| reflection.kt:22:42:22:48 | ...::... | reflection.kt:22:42:22:48 | get | kotlin.reflect.KProperty0.get() | +| reflection.kt:22:42:22:48 | ...::... | reflection.kt:22:42:22:48 | invoke | kotlin.jvm.functions.Function0.invoke() | +| reflection.kt:50:13:50:28 | ...::... | reflection.kt:50:13:50:28 | get | kotlin.reflect.KProperty1.get(java.lang.String) | +| reflection.kt:50:13:50:28 | ...::... | reflection.kt:50:13:50:28 | invoke | kotlin.jvm.functions.Function1.invoke(java.lang.String) | +| reflection.kt:51:13:51:28 | ...::... | reflection.kt:51:13:51:28 | get | kotlin.reflect.KProperty0.get() | +| reflection.kt:51:13:51:28 | ...::... | reflection.kt:51:13:51:28 | invoke | kotlin.jvm.functions.Function0.invoke() | +| reflection.kt:67:17:67:32 | ...::... | reflection.kt:67:17:67:32 | get | kotlin.reflect.KProperty1,Integer>.get(Class1.Generic) | +| reflection.kt:67:17:67:32 | ...::... | reflection.kt:67:17:67:32 | invoke | kotlin.jvm.functions.Function1,Integer>.invoke(Class1.Generic) | +| reflection.kt:67:17:67:32 | ...::... | reflection.kt:67:17:67:32 | set | kotlin.reflect.KMutableProperty1,Integer>.set(Class1.Generic,java.lang.Integer) | +| reflection.kt:68:17:68:34 | ...::... | reflection.kt:68:17:68:34 | get | kotlin.reflect.KProperty0.get() | +| reflection.kt:68:17:68:34 | ...::... | reflection.kt:68:17:68:34 | invoke | kotlin.jvm.functions.Function0.invoke() | +| reflection.kt:68:17:68:34 | ...::... | reflection.kt:68:17:68:34 | set | kotlin.reflect.KMutableProperty0.set(java.lang.Integer) | +| reflection.kt:70:17:70:30 | ...::... | reflection.kt:70:17:70:30 | get | kotlin.reflect.KProperty0.get() | +| reflection.kt:70:17:70:30 | ...::... | reflection.kt:70:17:70:30 | invoke | kotlin.jvm.functions.Function0.invoke() | +| reflection.kt:71:17:71:34 | ...::... | reflection.kt:71:17:71:34 | get | kotlin.reflect.KProperty0.get() | +| reflection.kt:71:17:71:34 | ...::... | reflection.kt:71:17:71:34 | invoke | kotlin.jvm.functions.Function0.invoke() | +| reflection.kt:72:17:72:35 | ...::... | reflection.kt:72:17:72:35 | get | kotlin.reflect.KProperty0.get() | +| reflection.kt:72:17:72:35 | ...::... | reflection.kt:72:17:72:35 | invoke | kotlin.jvm.functions.Function0.invoke() | +| reflection.kt:109:17:109:27 | ...::... | reflection.kt:109:17:109:27 | get | kotlin.reflect.KProperty0.get() | +| reflection.kt:109:17:109:27 | ...::... | reflection.kt:109:17:109:27 | invoke | kotlin.jvm.functions.Function0.invoke() | +notImplementedInterfaceMembers +| reflection.kt:10:38:10:42 | ...::... | kotlin.reflect.KCallable.call(java.lang.Object[]) | +| reflection.kt:10:38:10:42 | ...::... | kotlin.reflect.KCallable.callBy(java.util.Map) | +| reflection.kt:10:38:10:42 | ...::... | kotlin.reflect.KCallable.getName() | +| reflection.kt:10:38:10:42 | ...::... | kotlin.reflect.KCallable.getParameters() | +| reflection.kt:10:38:10:42 | ...::... | kotlin.reflect.KCallable.getReturnType() | +| reflection.kt:10:38:10:42 | ...::... | kotlin.reflect.KCallable.getTypeParameters() | +| reflection.kt:10:38:10:42 | ...::... | kotlin.reflect.KCallable.getVisibility() | +| reflection.kt:10:38:10:42 | ...::... | kotlin.reflect.KCallable.isAbstract() | +| reflection.kt:10:38:10:42 | ...::... | kotlin.reflect.KCallable.isFinal() | +| reflection.kt:10:38:10:42 | ...::... | kotlin.reflect.KCallable.isOpen() | +| reflection.kt:10:38:10:42 | ...::... | kotlin.reflect.KCallable.isSuspend() | +| reflection.kt:10:38:10:42 | ...::... | kotlin.reflect.KProperty1.getDelegate(Reflection.C) | +| reflection.kt:10:38:10:42 | ...::... | kotlin.reflect.KProperty1.getGetter() | +| reflection.kt:10:38:10:42 | ...::... | kotlin.reflect.KProperty.getGetter() | +| reflection.kt:10:38:10:42 | ...::... | kotlin.reflect.KProperty.isConst() | +| reflection.kt:10:38:10:42 | ...::... | kotlin.reflect.KProperty.isLateinit() | +| reflection.kt:10:38:10:42 | ...::... | kotlin.reflect.KProperty.getGetter() | +| reflection.kt:15:35:15:41 | ...::... | kotlin.reflect.KCallable.call(java.lang.Object[]) | +| reflection.kt:15:35:15:41 | ...::... | kotlin.reflect.KCallable.callBy(java.util.Map) | +| reflection.kt:15:35:15:41 | ...::... | kotlin.reflect.KCallable.getName() | +| reflection.kt:15:35:15:41 | ...::... | kotlin.reflect.KCallable.getParameters() | +| reflection.kt:15:35:15:41 | ...::... | kotlin.reflect.KCallable.getReturnType() | +| reflection.kt:15:35:15:41 | ...::... | kotlin.reflect.KCallable.getTypeParameters() | +| reflection.kt:15:35:15:41 | ...::... | kotlin.reflect.KCallable.getVisibility() | +| reflection.kt:15:35:15:41 | ...::... | kotlin.reflect.KCallable.isAbstract() | +| reflection.kt:15:35:15:41 | ...::... | kotlin.reflect.KCallable.isFinal() | +| reflection.kt:15:35:15:41 | ...::... | kotlin.reflect.KCallable.isOpen() | +| reflection.kt:15:35:15:41 | ...::... | kotlin.reflect.KCallable.isSuspend() | +| reflection.kt:15:35:15:41 | ...::... | kotlin.reflect.KProperty0.getDelegate() | +| reflection.kt:15:35:15:41 | ...::... | kotlin.reflect.KProperty0.getGetter() | +| reflection.kt:15:35:15:41 | ...::... | kotlin.reflect.KProperty.getGetter() | +| reflection.kt:15:35:15:41 | ...::... | kotlin.reflect.KProperty.isConst() | +| reflection.kt:15:35:15:41 | ...::... | kotlin.reflect.KProperty.isLateinit() | +| reflection.kt:15:35:15:41 | ...::... | kotlin.reflect.KProperty.getGetter() | +| reflection.kt:17:45:17:49 | ...::... | kotlin.reflect.KCallable.call(java.lang.Object[]) | +| reflection.kt:17:45:17:49 | ...::... | kotlin.reflect.KCallable.callBy(java.util.Map) | +| reflection.kt:17:45:17:49 | ...::... | kotlin.reflect.KCallable.getName() | +| reflection.kt:17:45:17:49 | ...::... | kotlin.reflect.KCallable.getParameters() | +| reflection.kt:17:45:17:49 | ...::... | kotlin.reflect.KCallable.getReturnType() | +| reflection.kt:17:45:17:49 | ...::... | kotlin.reflect.KCallable.getTypeParameters() | +| reflection.kt:17:45:17:49 | ...::... | kotlin.reflect.KCallable.getVisibility() | +| reflection.kt:17:45:17:49 | ...::... | kotlin.reflect.KCallable.isAbstract() | +| reflection.kt:17:45:17:49 | ...::... | kotlin.reflect.KCallable.isFinal() | +| reflection.kt:17:45:17:49 | ...::... | kotlin.reflect.KCallable.isOpen() | +| reflection.kt:17:45:17:49 | ...::... | kotlin.reflect.KCallable.isSuspend() | +| reflection.kt:17:45:17:49 | ...::... | kotlin.reflect.KMutableProperty1.getSetter() | +| reflection.kt:17:45:17:49 | ...::... | kotlin.reflect.KMutableProperty1.set(Reflection.C,java.lang.Integer) | +| reflection.kt:17:45:17:49 | ...::... | kotlin.reflect.KMutableProperty.getSetter() | +| reflection.kt:17:45:17:49 | ...::... | kotlin.reflect.KProperty1.getDelegate(Reflection.C) | +| reflection.kt:17:45:17:49 | ...::... | kotlin.reflect.KProperty1.getGetter() | +| reflection.kt:17:45:17:49 | ...::... | kotlin.reflect.KProperty.getGetter() | +| reflection.kt:17:45:17:49 | ...::... | kotlin.reflect.KProperty.isConst() | +| reflection.kt:17:45:17:49 | ...::... | kotlin.reflect.KProperty.isLateinit() | +| reflection.kt:17:45:17:49 | ...::... | kotlin.reflect.KProperty.getGetter() | +| reflection.kt:22:42:22:48 | ...::... | kotlin.reflect.KCallable.call(java.lang.Object[]) | +| reflection.kt:22:42:22:48 | ...::... | kotlin.reflect.KCallable.callBy(java.util.Map) | +| reflection.kt:22:42:22:48 | ...::... | kotlin.reflect.KCallable.getName() | +| reflection.kt:22:42:22:48 | ...::... | kotlin.reflect.KCallable.getParameters() | +| reflection.kt:22:42:22:48 | ...::... | kotlin.reflect.KCallable.getReturnType() | +| reflection.kt:22:42:22:48 | ...::... | kotlin.reflect.KCallable.getTypeParameters() | +| reflection.kt:22:42:22:48 | ...::... | kotlin.reflect.KCallable.getVisibility() | +| reflection.kt:22:42:22:48 | ...::... | kotlin.reflect.KCallable.isAbstract() | +| reflection.kt:22:42:22:48 | ...::... | kotlin.reflect.KCallable.isFinal() | +| reflection.kt:22:42:22:48 | ...::... | kotlin.reflect.KCallable.isOpen() | +| reflection.kt:22:42:22:48 | ...::... | kotlin.reflect.KCallable.isSuspend() | +| reflection.kt:22:42:22:48 | ...::... | kotlin.reflect.KMutableProperty0.getSetter() | +| reflection.kt:22:42:22:48 | ...::... | kotlin.reflect.KMutableProperty0.set(java.lang.Integer) | +| reflection.kt:22:42:22:48 | ...::... | kotlin.reflect.KMutableProperty.getSetter() | +| reflection.kt:22:42:22:48 | ...::... | kotlin.reflect.KProperty0.getDelegate() | +| reflection.kt:22:42:22:48 | ...::... | kotlin.reflect.KProperty0.getGetter() | +| reflection.kt:22:42:22:48 | ...::... | kotlin.reflect.KProperty.getGetter() | +| reflection.kt:22:42:22:48 | ...::... | kotlin.reflect.KProperty.isConst() | +| reflection.kt:22:42:22:48 | ...::... | kotlin.reflect.KProperty.isLateinit() | +| reflection.kt:22:42:22:48 | ...::... | kotlin.reflect.KProperty.getGetter() | +| reflection.kt:50:13:50:28 | ...::... | kotlin.reflect.KCallable.call(java.lang.Object[]) | +| reflection.kt:50:13:50:28 | ...::... | kotlin.reflect.KCallable.callBy(java.util.Map) | +| reflection.kt:50:13:50:28 | ...::... | kotlin.reflect.KCallable.getName() | +| reflection.kt:50:13:50:28 | ...::... | kotlin.reflect.KCallable.getParameters() | +| reflection.kt:50:13:50:28 | ...::... | kotlin.reflect.KCallable.getReturnType() | +| reflection.kt:50:13:50:28 | ...::... | kotlin.reflect.KCallable.getTypeParameters() | +| reflection.kt:50:13:50:28 | ...::... | kotlin.reflect.KCallable.getVisibility() | +| reflection.kt:50:13:50:28 | ...::... | kotlin.reflect.KCallable.isAbstract() | +| reflection.kt:50:13:50:28 | ...::... | kotlin.reflect.KCallable.isFinal() | +| reflection.kt:50:13:50:28 | ...::... | kotlin.reflect.KCallable.isOpen() | +| reflection.kt:50:13:50:28 | ...::... | kotlin.reflect.KCallable.isSuspend() | +| reflection.kt:50:13:50:28 | ...::... | kotlin.reflect.KProperty1.getDelegate(java.lang.String) | +| reflection.kt:50:13:50:28 | ...::... | kotlin.reflect.KProperty1.getGetter() | +| reflection.kt:50:13:50:28 | ...::... | kotlin.reflect.KProperty.getGetter() | +| reflection.kt:50:13:50:28 | ...::... | kotlin.reflect.KProperty.isConst() | +| reflection.kt:50:13:50:28 | ...::... | kotlin.reflect.KProperty.isLateinit() | +| reflection.kt:50:13:50:28 | ...::... | kotlin.reflect.KProperty.getGetter() | +| reflection.kt:51:13:51:28 | ...::... | kotlin.reflect.KCallable.call(java.lang.Object[]) | +| reflection.kt:51:13:51:28 | ...::... | kotlin.reflect.KCallable.callBy(java.util.Map) | +| reflection.kt:51:13:51:28 | ...::... | kotlin.reflect.KCallable.getName() | +| reflection.kt:51:13:51:28 | ...::... | kotlin.reflect.KCallable.getParameters() | +| reflection.kt:51:13:51:28 | ...::... | kotlin.reflect.KCallable.getReturnType() | +| reflection.kt:51:13:51:28 | ...::... | kotlin.reflect.KCallable.getTypeParameters() | +| reflection.kt:51:13:51:28 | ...::... | kotlin.reflect.KCallable.getVisibility() | +| reflection.kt:51:13:51:28 | ...::... | kotlin.reflect.KCallable.isAbstract() | +| reflection.kt:51:13:51:28 | ...::... | kotlin.reflect.KCallable.isFinal() | +| reflection.kt:51:13:51:28 | ...::... | kotlin.reflect.KCallable.isOpen() | +| reflection.kt:51:13:51:28 | ...::... | kotlin.reflect.KCallable.isSuspend() | +| reflection.kt:51:13:51:28 | ...::... | kotlin.reflect.KProperty0.getDelegate() | +| reflection.kt:51:13:51:28 | ...::... | kotlin.reflect.KProperty0.getGetter() | +| reflection.kt:51:13:51:28 | ...::... | kotlin.reflect.KProperty.getGetter() | +| reflection.kt:51:13:51:28 | ...::... | kotlin.reflect.KProperty.isConst() | +| reflection.kt:51:13:51:28 | ...::... | kotlin.reflect.KProperty.isLateinit() | +| reflection.kt:51:13:51:28 | ...::... | kotlin.reflect.KProperty.getGetter() | +| reflection.kt:67:17:67:32 | ...::... | kotlin.reflect.KCallable.call(java.lang.Object[]) | +| reflection.kt:67:17:67:32 | ...::... | kotlin.reflect.KCallable.callBy(java.util.Map) | +| reflection.kt:67:17:67:32 | ...::... | kotlin.reflect.KCallable.getName() | +| reflection.kt:67:17:67:32 | ...::... | kotlin.reflect.KCallable.getParameters() | +| reflection.kt:67:17:67:32 | ...::... | kotlin.reflect.KCallable.getReturnType() | +| reflection.kt:67:17:67:32 | ...::... | kotlin.reflect.KCallable.getTypeParameters() | +| reflection.kt:67:17:67:32 | ...::... | kotlin.reflect.KCallable.getVisibility() | +| reflection.kt:67:17:67:32 | ...::... | kotlin.reflect.KCallable.isAbstract() | +| reflection.kt:67:17:67:32 | ...::... | kotlin.reflect.KCallable.isFinal() | +| reflection.kt:67:17:67:32 | ...::... | kotlin.reflect.KCallable.isOpen() | +| reflection.kt:67:17:67:32 | ...::... | kotlin.reflect.KCallable.isSuspend() | +| reflection.kt:67:17:67:32 | ...::... | kotlin.reflect.KMutableProperty1,Integer>.getSetter() | +| reflection.kt:67:17:67:32 | ...::... | kotlin.reflect.KMutableProperty.getSetter() | +| reflection.kt:67:17:67:32 | ...::... | kotlin.reflect.KProperty1,Integer>.getDelegate(Class1.Generic) | +| reflection.kt:67:17:67:32 | ...::... | kotlin.reflect.KProperty1,Integer>.getGetter() | +| reflection.kt:67:17:67:32 | ...::... | kotlin.reflect.KProperty.getGetter() | +| reflection.kt:67:17:67:32 | ...::... | kotlin.reflect.KProperty.isConst() | +| reflection.kt:67:17:67:32 | ...::... | kotlin.reflect.KProperty.isLateinit() | +| reflection.kt:67:17:67:32 | ...::... | kotlin.reflect.KProperty.getGetter() | +| reflection.kt:68:17:68:34 | ...::... | kotlin.reflect.KCallable.call(java.lang.Object[]) | +| reflection.kt:68:17:68:34 | ...::... | kotlin.reflect.KCallable.callBy(java.util.Map) | +| reflection.kt:68:17:68:34 | ...::... | kotlin.reflect.KCallable.getName() | +| reflection.kt:68:17:68:34 | ...::... | kotlin.reflect.KCallable.getParameters() | +| reflection.kt:68:17:68:34 | ...::... | kotlin.reflect.KCallable.getReturnType() | +| reflection.kt:68:17:68:34 | ...::... | kotlin.reflect.KCallable.getTypeParameters() | +| reflection.kt:68:17:68:34 | ...::... | kotlin.reflect.KCallable.getVisibility() | +| reflection.kt:68:17:68:34 | ...::... | kotlin.reflect.KCallable.isAbstract() | +| reflection.kt:68:17:68:34 | ...::... | kotlin.reflect.KCallable.isFinal() | +| reflection.kt:68:17:68:34 | ...::... | kotlin.reflect.KCallable.isOpen() | +| reflection.kt:68:17:68:34 | ...::... | kotlin.reflect.KCallable.isSuspend() | +| reflection.kt:68:17:68:34 | ...::... | kotlin.reflect.KMutableProperty0.getSetter() | +| reflection.kt:68:17:68:34 | ...::... | kotlin.reflect.KMutableProperty.getSetter() | +| reflection.kt:68:17:68:34 | ...::... | kotlin.reflect.KProperty0.getDelegate() | +| reflection.kt:68:17:68:34 | ...::... | kotlin.reflect.KProperty0.getGetter() | +| reflection.kt:68:17:68:34 | ...::... | kotlin.reflect.KProperty.getGetter() | +| reflection.kt:68:17:68:34 | ...::... | kotlin.reflect.KProperty.isConst() | +| reflection.kt:68:17:68:34 | ...::... | kotlin.reflect.KProperty.isLateinit() | +| reflection.kt:68:17:68:34 | ...::... | kotlin.reflect.KProperty.getGetter() | +| reflection.kt:70:17:70:30 | ...::... | kotlin.reflect.KCallable.call(java.lang.Object[]) | +| reflection.kt:70:17:70:30 | ...::... | kotlin.reflect.KCallable.callBy(java.util.Map) | +| reflection.kt:70:17:70:30 | ...::... | kotlin.reflect.KCallable.getName() | +| reflection.kt:70:17:70:30 | ...::... | kotlin.reflect.KCallable.getParameters() | +| reflection.kt:70:17:70:30 | ...::... | kotlin.reflect.KCallable.getReturnType() | +| reflection.kt:70:17:70:30 | ...::... | kotlin.reflect.KCallable.getTypeParameters() | +| reflection.kt:70:17:70:30 | ...::... | kotlin.reflect.KCallable.getVisibility() | +| reflection.kt:70:17:70:30 | ...::... | kotlin.reflect.KCallable.isAbstract() | +| reflection.kt:70:17:70:30 | ...::... | kotlin.reflect.KCallable.isFinal() | +| reflection.kt:70:17:70:30 | ...::... | kotlin.reflect.KCallable.isOpen() | +| reflection.kt:70:17:70:30 | ...::... | kotlin.reflect.KCallable.isSuspend() | +| reflection.kt:70:17:70:30 | ...::... | kotlin.reflect.KProperty0.getDelegate() | +| reflection.kt:70:17:70:30 | ...::... | kotlin.reflect.KProperty0.getGetter() | +| reflection.kt:70:17:70:30 | ...::... | kotlin.reflect.KProperty.getGetter() | +| reflection.kt:70:17:70:30 | ...::... | kotlin.reflect.KProperty.isConst() | +| reflection.kt:70:17:70:30 | ...::... | kotlin.reflect.KProperty.isLateinit() | +| reflection.kt:70:17:70:30 | ...::... | kotlin.reflect.KProperty.getGetter() | +| reflection.kt:71:17:71:34 | ...::... | kotlin.reflect.KCallable.call(java.lang.Object[]) | +| reflection.kt:71:17:71:34 | ...::... | kotlin.reflect.KCallable.callBy(java.util.Map) | +| reflection.kt:71:17:71:34 | ...::... | kotlin.reflect.KCallable.getName() | +| reflection.kt:71:17:71:34 | ...::... | kotlin.reflect.KCallable.getParameters() | +| reflection.kt:71:17:71:34 | ...::... | kotlin.reflect.KCallable.getReturnType() | +| reflection.kt:71:17:71:34 | ...::... | kotlin.reflect.KCallable.getTypeParameters() | +| reflection.kt:71:17:71:34 | ...::... | kotlin.reflect.KCallable.getVisibility() | +| reflection.kt:71:17:71:34 | ...::... | kotlin.reflect.KCallable.isAbstract() | +| reflection.kt:71:17:71:34 | ...::... | kotlin.reflect.KCallable.isFinal() | +| reflection.kt:71:17:71:34 | ...::... | kotlin.reflect.KCallable.isOpen() | +| reflection.kt:71:17:71:34 | ...::... | kotlin.reflect.KCallable.isSuspend() | +| reflection.kt:71:17:71:34 | ...::... | kotlin.reflect.KProperty0.getDelegate() | +| reflection.kt:71:17:71:34 | ...::... | kotlin.reflect.KProperty0.getGetter() | +| reflection.kt:71:17:71:34 | ...::... | kotlin.reflect.KProperty.getGetter() | +| reflection.kt:71:17:71:34 | ...::... | kotlin.reflect.KProperty.isConst() | +| reflection.kt:71:17:71:34 | ...::... | kotlin.reflect.KProperty.isLateinit() | +| reflection.kt:71:17:71:34 | ...::... | kotlin.reflect.KProperty.getGetter() | +| reflection.kt:72:17:72:35 | ...::... | kotlin.reflect.KCallable.call(java.lang.Object[]) | +| reflection.kt:72:17:72:35 | ...::... | kotlin.reflect.KCallable.callBy(java.util.Map) | +| reflection.kt:72:17:72:35 | ...::... | kotlin.reflect.KCallable.getName() | +| reflection.kt:72:17:72:35 | ...::... | kotlin.reflect.KCallable.getParameters() | +| reflection.kt:72:17:72:35 | ...::... | kotlin.reflect.KCallable.getReturnType() | +| reflection.kt:72:17:72:35 | ...::... | kotlin.reflect.KCallable.getTypeParameters() | +| reflection.kt:72:17:72:35 | ...::... | kotlin.reflect.KCallable.getVisibility() | +| reflection.kt:72:17:72:35 | ...::... | kotlin.reflect.KCallable.isAbstract() | +| reflection.kt:72:17:72:35 | ...::... | kotlin.reflect.KCallable.isFinal() | +| reflection.kt:72:17:72:35 | ...::... | kotlin.reflect.KCallable.isOpen() | +| reflection.kt:72:17:72:35 | ...::... | kotlin.reflect.KCallable.isSuspend() | +| reflection.kt:72:17:72:35 | ...::... | kotlin.reflect.KMutableProperty0.getSetter() | +| reflection.kt:72:17:72:35 | ...::... | kotlin.reflect.KMutableProperty0.set(java.lang.Integer) | +| reflection.kt:72:17:72:35 | ...::... | kotlin.reflect.KMutableProperty.getSetter() | +| reflection.kt:72:17:72:35 | ...::... | kotlin.reflect.KProperty0.getDelegate() | +| reflection.kt:72:17:72:35 | ...::... | kotlin.reflect.KProperty0.getGetter() | +| reflection.kt:72:17:72:35 | ...::... | kotlin.reflect.KProperty.getGetter() | +| reflection.kt:72:17:72:35 | ...::... | kotlin.reflect.KProperty.isConst() | +| reflection.kt:72:17:72:35 | ...::... | kotlin.reflect.KProperty.isLateinit() | +| reflection.kt:72:17:72:35 | ...::... | kotlin.reflect.KProperty.getGetter() | +| reflection.kt:109:17:109:27 | ...::... | kotlin.reflect.KCallable.call(java.lang.Object[]) | +| reflection.kt:109:17:109:27 | ...::... | kotlin.reflect.KCallable.callBy(java.util.Map) | +| reflection.kt:109:17:109:27 | ...::... | kotlin.reflect.KCallable.getName() | +| reflection.kt:109:17:109:27 | ...::... | kotlin.reflect.KCallable.getParameters() | +| reflection.kt:109:17:109:27 | ...::... | kotlin.reflect.KCallable.getReturnType() | +| reflection.kt:109:17:109:27 | ...::... | kotlin.reflect.KCallable.getTypeParameters() | +| reflection.kt:109:17:109:27 | ...::... | kotlin.reflect.KCallable.getVisibility() | +| reflection.kt:109:17:109:27 | ...::... | kotlin.reflect.KCallable.isAbstract() | +| reflection.kt:109:17:109:27 | ...::... | kotlin.reflect.KCallable.isFinal() | +| reflection.kt:109:17:109:27 | ...::... | kotlin.reflect.KCallable.isOpen() | +| reflection.kt:109:17:109:27 | ...::... | kotlin.reflect.KCallable.isSuspend() | +| reflection.kt:109:17:109:27 | ...::... | kotlin.reflect.KMutableProperty0.getSetter() | +| reflection.kt:109:17:109:27 | ...::... | kotlin.reflect.KMutableProperty0.set(java.lang.Integer) | +| reflection.kt:109:17:109:27 | ...::... | kotlin.reflect.KMutableProperty.getSetter() | +| reflection.kt:109:17:109:27 | ...::... | kotlin.reflect.KProperty0.getDelegate() | +| reflection.kt:109:17:109:27 | ...::... | kotlin.reflect.KProperty0.getGetter() | +| reflection.kt:109:17:109:27 | ...::... | kotlin.reflect.KProperty.getGetter() | +| reflection.kt:109:17:109:27 | ...::... | kotlin.reflect.KProperty.isConst() | +| reflection.kt:109:17:109:27 | ...::... | kotlin.reflect.KProperty.isLateinit() | +| reflection.kt:109:17:109:27 | ...::... | kotlin.reflect.KProperty.getGetter() | diff --git a/java/ql/test/kotlin/library-tests/reflection/reflection.kt b/java/ql/test/kotlin/library-tests/reflection/reflection.kt index 1e3d8555400..9d9c74835d9 100644 --- a/java/ql/test/kotlin/library-tests/reflection/reflection.kt +++ b/java/ql/test/kotlin/library-tests/reflection/reflection.kt @@ -124,4 +124,40 @@ fun fn2(f: () -> Unit) = f() fun adapted() { fn2(::fn1) -} \ No newline at end of file +} + +fun expectsOneParam(f: (Int) -> Int) = f(0) + +fun takesOptionalParam(x: Int, y: Int = 0) = x + y + +fun adaptedParams() { + expectsOneParam(::takesOptionalParam) +} + +fun expectsOneParamAndReceiver(f: (MemberOptionalsTest, Int) -> Int) { } + +class MemberOptionalsTest { + fun takesOptionalParam(x: Int, y: Int = 0) = x + y +} + +fun memberAdaptedParams(m: MemberOptionalsTest) { + expectsOneParam(m::takesOptionalParam) + expectsOneParamAndReceiver(MemberOptionalsTest::takesOptionalParam) +} + +fun expectsOneParamAndExtension(f: (String, Int) -> Int) { } + +fun String.extTakesOptionalParam(x: Int, y: Int = 0) = x + y + +fun extensionAdaptedParams(s: String) { + expectsOneParam(s::extTakesOptionalParam) + expectsOneParamAndExtension(String::extTakesOptionalParam) +} + +class ConstructorOptional(x: Int, y: Int = 0) { } + +fun expectsOneParamCons(f: (Int) -> ConstructorOptional) = f(0) + +fun constructorAdaptedParams() { + expectsOneParamCons(::ConstructorOptional) +} diff --git a/java/ql/test/kotlin/library-tests/reflection/reflection.ql b/java/ql/test/kotlin/library-tests/reflection/reflection.ql index 98b6964af3b..09256d22a85 100644 --- a/java/ql/test/kotlin/library-tests/reflection/reflection.ql +++ b/java/ql/test/kotlin/library-tests/reflection/reflection.ql @@ -87,3 +87,24 @@ query predicate modifiers(ClassInstanceExpr e, Method m, string modifier) { } query predicate compGenerated(Element e, int i) { compiler_generated(e, i) } + +query predicate propertyReferenceOverrides(PropertyRefExpr e, Method m, string overridden) { + e.getAnonymousClass().getAMember() = m and + exists(Method n | + m.overrides(n) and + overridden = n.getDeclaringType().getQualifiedName() + "." + n.getSignature() + ) +} + +query predicate notImplementedInterfaceMembers(PropertyRefExpr e, string interfaceMember) { + exists(Interface i, Method interfaceMethod | + e.getAnonymousClass().extendsOrImplements+(i) and + i.getAMethod() = interfaceMethod and + interfaceMember = i.getQualifiedName() + "." + interfaceMethod.getSignature() and + not exists(Class c, Method classMethod | + e.getAnonymousClass().extendsOrImplements*(c) and + c.getAMethod() = classMethod and + classMethod.overrides(interfaceMethod) + ) + ) +} diff --git a/java/ql/test/kotlin/query-tests/ConfusingMethodSignature/ConfusingMethodSignature.expected b/java/ql/test/kotlin/query-tests/ConfusingMethodSignature/ConfusingMethodSignature.expected new file mode 100644 index 00000000000..e69de29bb2d diff --git a/java/ql/test/kotlin/query-tests/ConfusingMethodSignature/ConfusingMethodSignature.qlref b/java/ql/test/kotlin/query-tests/ConfusingMethodSignature/ConfusingMethodSignature.qlref new file mode 100644 index 00000000000..4fc71295c2c --- /dev/null +++ b/java/ql/test/kotlin/query-tests/ConfusingMethodSignature/ConfusingMethodSignature.qlref @@ -0,0 +1 @@ +Violations of Best Practice/Naming Conventions/ConfusingOverloading.ql \ No newline at end of file diff --git a/java/ql/test/kotlin/query-tests/ConfusingMethodSignature/Test.kt b/java/ql/test/kotlin/query-tests/ConfusingMethodSignature/Test.kt new file mode 100644 index 00000000000..e8ead8d323e --- /dev/null +++ b/java/ql/test/kotlin/query-tests/ConfusingMethodSignature/Test.kt @@ -0,0 +1,9 @@ +class C { + var p: Int + get() = 1 + set(value) {} + fun fn() { + val prop = C::p + prop(this) + } +} diff --git a/java/ql/test/kotlin/query-tests/UselessNullCheck/Test.kt b/java/ql/test/kotlin/query-tests/UselessNullCheck/Test.kt index b98ebcdf43e..138309dc9de 100644 --- a/java/ql/test/kotlin/query-tests/UselessNullCheck/Test.kt +++ b/java/ql/test/kotlin/query-tests/UselessNullCheck/Test.kt @@ -9,3 +9,10 @@ fun fn(x:Any?, y: Any?) { println("y not null") } } + +fun fn0(o: Any?) { + if (o != null) { + o?.toString() + o.toString() + } +} diff --git a/java/ql/test/kotlin/query-tests/UselessNullCheck/UselessNullCheck.expected b/java/ql/test/kotlin/query-tests/UselessNullCheck/UselessNullCheck.expected index e69de29bb2d..5cb1138d992 100644 --- a/java/ql/test/kotlin/query-tests/UselessNullCheck/UselessNullCheck.expected +++ b/java/ql/test/kotlin/query-tests/UselessNullCheck/UselessNullCheck.expected @@ -0,0 +1 @@ +| Test.kt:15:12:15:21 | ... (value equals) ... | This check is useless. $@ cannot be null at this check, since it is guarded by $@. | Test.kt:15:9:15:9 | tmp0_safe_receiver | tmp0_safe_receiver | Test.kt:14:9:14:17 | ... (value not-equals) ... | ... (value not-equals) ... | diff --git a/java/ql/test/kotlin/query-tests/UselessParameter/Test.kt b/java/ql/test/kotlin/query-tests/UselessParameter/Test.kt index f476eba616c..8675f01bf58 100644 --- a/java/ql/test/kotlin/query-tests/UselessParameter/Test.kt +++ b/java/ql/test/kotlin/query-tests/UselessParameter/Test.kt @@ -7,3 +7,5 @@ class B : A { println("a") } } + +fun fn(a: Int = 10) {} diff --git a/java/ql/test/kotlin/query-tests/UselessParameter/UselessParameter.expected b/java/ql/test/kotlin/query-tests/UselessParameter/UselessParameter.expected index e69de29bb2d..106448e7ed7 100644 --- a/java/ql/test/kotlin/query-tests/UselessParameter/UselessParameter.expected +++ b/java/ql/test/kotlin/query-tests/UselessParameter/UselessParameter.expected @@ -0,0 +1 @@ +| Test.kt:11:8:11:18 | a | The parameter 'a' is never used. | diff --git a/java/ql/test/library-tests/dataflow/stream-collect/A.java b/java/ql/test/library-tests/dataflow/stream-collect/A.java new file mode 100644 index 00000000000..9fff4598fa6 --- /dev/null +++ b/java/ql/test/library-tests/dataflow/stream-collect/A.java @@ -0,0 +1,30 @@ +import java.util.*; +import java.util.stream.*; + +public class A { + String source() { return "source"; } + + void sink(Object o) { } + + void m() { + String[] xs = new String[] { source() }; + Stream s = Arrays.stream(xs); + + sink(s.collect(Collectors.maxBy(null)).get()); // $ hasValueFlow + sink(s.collect(Collectors.minBy(null)).get()); // $ hasValueFlow + sink(s.collect(Collectors.toCollection(null)).iterator().next()); // $ hasValueFlow + sink(s.collect(Collectors.toList()).get(0)); // $ hasValueFlow + sink(s.collect(Collectors.toSet()).iterator().next()); // $ hasValueFlow + sink(s.collect(Collectors.toUnmodifiableList()).get(0)); // $ hasValueFlow + sink(s.collect(Collectors.toUnmodifiableSet()).iterator().next()); // $ hasValueFlow + + // we don't attempt to cover weird things like this: + sink(s.collect(true ? Collectors.toList() : null).get(0)); // $ MISSING: hasValueFlow + + sink(s.collect(Collectors.joining())); // $ hasTaintFlow + + sink(s.collect(Collectors.groupingBy(null)).get(null).get(0)); // $ hasValueFlow + sink(s.collect(Collectors.groupingByConcurrent(null)).get(null).get(0)); // $ hasValueFlow + sink(s.collect(Collectors.partitioningBy(null)).get(null).get(0)); // $ hasValueFlow + } +} diff --git a/java/ql/test/library-tests/dataflow/stream-collect/test.expected b/java/ql/test/library-tests/dataflow/stream-collect/test.expected new file mode 100644 index 00000000000..e69de29bb2d diff --git a/java/ql/test/library-tests/dataflow/stream-collect/test.ql b/java/ql/test/library-tests/dataflow/stream-collect/test.ql new file mode 100644 index 00000000000..c4b63c87071 --- /dev/null +++ b/java/ql/test/library-tests/dataflow/stream-collect/test.ql @@ -0,0 +1 @@ +import TestUtilities.InlineFlowTest diff --git a/java/ql/test/library-tests/dataflow/synth-global/A.java b/java/ql/test/library-tests/dataflow/synth-global/A.java new file mode 100644 index 00000000000..05657d9d9c8 --- /dev/null +++ b/java/ql/test/library-tests/dataflow/synth-global/A.java @@ -0,0 +1,25 @@ +package my.qltest.synth; + +public class A { + void storeInArray(String x) { } + void storeTaintInArray(String x) { } + void storeValue(String x) { } + + String readValue() { return null; } + String readArray() { return null; } + + String source(String tag) { return "tainted"; } + + void sink(Object o) { } + + void stores() { + storeInArray(source("A")); + storeTaintInArray(source("B")); + storeValue(source("C")); + } + + void reads() { + sink(readValue()); // $ hasValueFlow=C + sink(readArray()); // $ hasValueFlow=A hasTaintFlow=B hasTaintFlow=C + } +} diff --git a/java/ql/test/library-tests/dataflow/synth-global/test.expected b/java/ql/test/library-tests/dataflow/synth-global/test.expected new file mode 100644 index 00000000000..81332464f79 --- /dev/null +++ b/java/ql/test/library-tests/dataflow/synth-global/test.expected @@ -0,0 +1,2 @@ +failures +invalidModelRow diff --git a/java/ql/test/library-tests/dataflow/synth-global/test.ql b/java/ql/test/library-tests/dataflow/synth-global/test.ql new file mode 100644 index 00000000000..47a1573865c --- /dev/null +++ b/java/ql/test/library-tests/dataflow/synth-global/test.ql @@ -0,0 +1,16 @@ +import java +import TestUtilities.InlineFlowTest +import CsvValidation + +class SummaryModelTest extends SummaryModelCsv { + override predicate row(string row) { + row = + [ + "my.qltest.synth;A;false;storeInArray;(String);;Argument[0];SyntheticGlobal[db1].ArrayElement;value;manual", + "my.qltest.synth;A;false;storeTaintInArray;(String);;Argument[0];SyntheticGlobal[db1].ArrayElement;taint;manual", + "my.qltest.synth;A;false;storeValue;(String);;Argument[0];SyntheticGlobal[db1];value;manual", + "my.qltest.synth;A;false;readValue;();;SyntheticGlobal[db1];ReturnValue;value;manual", + "my.qltest.synth;A;false;readArray;();;SyntheticGlobal[db1].ArrayElement;ReturnValue;value;manual", + ] + } +} diff --git a/java/ql/test/query-tests/security/CWE-297/UnsafeHostnameVerification.java b/java/ql/test/query-tests/security/CWE-297/UnsafeHostnameVerification.java index c893e0b8eef..8343f50ace1 100644 --- a/java/ql/test/query-tests/security/CWE-297/UnsafeHostnameVerification.java +++ b/java/ql/test/query-tests/security/CWE-297/UnsafeHostnameVerification.java @@ -46,7 +46,7 @@ public class UnsafeHostnameVerification { private void functionThatActuallyDisablesVerification() { HttpsURLConnection.setDefaultHostnameVerifier((name, s) -> true); // GOOD [but detected as BAD], because we only // check guards inside a function - // and not accross function calls. This is considerer GOOD because the call to + // and not across function calls. This is considerer GOOD because the call to // `functionThatActuallyDisablesVerification` is guarded by a feature flag in // `testGuardedByFlagAccrossCalls`. // Although this is not ideal as another function could directly call diff --git a/java/ql/test/query-tests/security/CWE-441/AndroidManifest.xml b/java/ql/test/query-tests/security/CWE-441/AndroidManifest.xml new file mode 100644 index 00000000000..ba8b4c25f1a --- /dev/null +++ b/java/ql/test/query-tests/security/CWE-441/AndroidManifest.xml @@ -0,0 +1,6 @@ + + + + + + \ No newline at end of file diff --git a/java/ql/test/query-tests/security/CWE-441/Test.java b/java/ql/test/query-tests/security/CWE-441/Test.java new file mode 100644 index 00000000000..0bda0933115 --- /dev/null +++ b/java/ql/test/query-tests/security/CWE-441/Test.java @@ -0,0 +1,115 @@ +package test; + +import android.content.ContentResolver; +import android.net.Uri; +import android.app.Activity; + +public class Test extends Activity { + private void validateWithEquals(Uri uri) { + if (!uri.equals(Uri.parse("content://safe/uri"))) + throw new SecurityException(); + } + + private void validateWithAllowList(Uri uri) throws SecurityException { + String path = uri.getPath(); + java.nio.file.Path normalized = + java.nio.file.FileSystems.getDefault().getPath(path).normalize(); + if (!normalized.startsWith("/safe/path")) + throw new SecurityException(); + } + + private void validateWithBlockList(Uri uri) throws SecurityException { + String path = uri.getPath(); + java.nio.file.Path normalized = + java.nio.file.FileSystems.getDefault().getPath(path).normalize(); + if (normalized.startsWith("/data")) + throw new SecurityException(); + } + + public void onCreate() { + { + ContentResolver contentResolver = getContentResolver(); + Uri uri = (Uri) getIntent().getParcelableExtra("URI_EXTRA"); + contentResolver.openInputStream(uri); // $ hasTaintFlow + contentResolver.openOutputStream(uri); // $ hasTaintFlow + contentResolver.openAssetFile(uri, null, null); // $ hasTaintFlow + contentResolver.openAssetFileDescriptor(uri, null); // $ hasTaintFlow + contentResolver.openFile(uri, null, null); // $ hasTaintFlow + contentResolver.openFileDescriptor(uri, null); // $ hasTaintFlow + contentResolver.openTypedAssetFile(uri, null, null, null); // $ hasTaintFlow + contentResolver.openTypedAssetFileDescriptor(uri, null, null); // $ hasTaintFlow + } + { + ContentResolver contentResolver = getContentResolver(); + Uri uri = (Uri) getIntent().getParcelableExtra("URI_EXTRA"); + String path = uri.getPath(); + if (path.startsWith("/data")) + throw new SecurityException(); + contentResolver.openInputStream(uri); // $ hasTaintFlow + } + // Equals checks + { + ContentResolver contentResolver = getContentResolver(); + Uri uri = (Uri) getIntent().getParcelableExtra("URI_EXTRA"); + if (!uri.equals(Uri.parse("content://safe/uri"))) + throw new SecurityException(); + contentResolver.openInputStream(uri); // Safe + } + { + ContentResolver contentResolver = getContentResolver(); + Uri uri = (Uri) getIntent().getParcelableExtra("URI_EXTRA"); + validateWithEquals(uri); + contentResolver.openInputStream(uri); // Safe + } + // Allow list checks + { + ContentResolver contentResolver = getContentResolver(); + Uri uri = (Uri) getIntent().getParcelableExtra("URI_EXTRA"); + String path = uri.getPath(); + if (!path.startsWith("/safe/path")) + throw new SecurityException(); + contentResolver.openInputStream(uri); // $ hasTaintFlow + } + { + ContentResolver contentResolver = getContentResolver(); + Uri uri = (Uri) getIntent().getParcelableExtra("URI_EXTRA"); + String path = uri.getPath(); + java.nio.file.Path normalized = + java.nio.file.FileSystems.getDefault().getPath(path).normalize(); + if (!normalized.startsWith("/safe/path")) + throw new SecurityException(); + contentResolver.openInputStream(uri); // Safe + } + { + ContentResolver contentResolver = getContentResolver(); + Uri uri = (Uri) getIntent().getParcelableExtra("URI_EXTRA"); + validateWithAllowList(uri); + contentResolver.openInputStream(uri); // Safe + } + // Block list checks + { + ContentResolver contentResolver = getContentResolver(); + Uri uri = (Uri) getIntent().getParcelableExtra("URI_EXTRA"); + String path = uri.getPath(); + if (path.startsWith("/data")) + throw new SecurityException(); + contentResolver.openInputStream(uri); // $ hasTaintFlow + } + { + ContentResolver contentResolver = getContentResolver(); + Uri uri = (Uri) getIntent().getParcelableExtra("URI_EXTRA"); + String path = uri.getPath(); + java.nio.file.Path normalized = + java.nio.file.FileSystems.getDefault().getPath(path).normalize(); + if (normalized.startsWith("/data")) + throw new SecurityException(); + contentResolver.openInputStream(uri); // Safe + } + { + ContentResolver contentResolver = getContentResolver(); + Uri uri = (Uri) getIntent().getParcelableExtra("URI_EXTRA"); + validateWithBlockList(uri); + contentResolver.openInputStream(uri); // Safe + } + } +} diff --git a/java/ql/test/query-tests/security/CWE-441/UnsafeContentUriResolutionTest.expected b/java/ql/test/query-tests/security/CWE-441/UnsafeContentUriResolutionTest.expected new file mode 100644 index 00000000000..e69de29bb2d diff --git a/java/ql/test/query-tests/security/CWE-441/UnsafeContentUriResolutionTest.ql b/java/ql/test/query-tests/security/CWE-441/UnsafeContentUriResolutionTest.ql new file mode 100644 index 00000000000..b087c0c1010 --- /dev/null +++ b/java/ql/test/query-tests/security/CWE-441/UnsafeContentUriResolutionTest.ql @@ -0,0 +1,11 @@ +import java +import TestUtilities.InlineFlowTest +import semmle.code.java.security.UnsafeContentUriResolutionQuery + +class Test extends InlineFlowTest { + override DataFlow::Configuration getValueFlowConfig() { none() } + + override TaintTracking::Configuration getTaintFlowConfig() { + result instanceof UnsafeContentResolutionConf + } +} diff --git a/java/ql/test/query-tests/security/CWE-441/options b/java/ql/test/query-tests/security/CWE-441/options new file mode 100644 index 00000000000..dacd3cb21df --- /dev/null +++ b/java/ql/test/query-tests/security/CWE-441/options @@ -0,0 +1 @@ +//semmle-extractor-options: --javac-args -cp ${testdir}/../../../stubs/google-android-9.0.0 diff --git a/java/ql/test/query-tests/security/CWE-926/incomplete_provider_permissions/AndroidManifest.xml b/java/ql/test/query-tests/security/CWE-926/incomplete_provider_permissions/AndroidManifest.xml new file mode 100644 index 00000000000..928dc72a665 --- /dev/null +++ b/java/ql/test/query-tests/security/CWE-926/incomplete_provider_permissions/AndroidManifest.xml @@ -0,0 +1,67 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/java/ql/test/query-tests/security/CWE-926/incomplete_provider_permissions/ContentProviderIncompletePermissionsTest.expected b/java/ql/test/query-tests/security/CWE-926/incomplete_provider_permissions/ContentProviderIncompletePermissionsTest.expected new file mode 100644 index 00000000000..e69de29bb2d diff --git a/java/ql/test/query-tests/security/CWE-926/incomplete_provider_permissions/ContentProviderIncompletePermissionsTest.ql b/java/ql/test/query-tests/security/CWE-926/incomplete_provider_permissions/ContentProviderIncompletePermissionsTest.ql new file mode 100644 index 00000000000..9ba691685eb --- /dev/null +++ b/java/ql/test/query-tests/security/CWE-926/incomplete_provider_permissions/ContentProviderIncompletePermissionsTest.ql @@ -0,0 +1,22 @@ +import java +import semmle.code.xml.AndroidManifest +import TestUtilities.InlineExpectationsTest + +class ContentProviderIncompletePermissionsTest extends InlineExpectationsTest { + ContentProviderIncompletePermissionsTest() { this = "ContentProviderIncompletePermissionsTest" } + + override string getARelevantTag() { result = "hasIncompletePermissions" } + + override predicate hasActualResult(Location location, string element, string tag, string value) { + tag = "hasIncompletePermissions" and + exists(AndroidProviderXmlElement provider | + provider.getLocation() = location and + provider.toString() = element and + value = "" + | + not provider.getFile().(AndroidManifestXmlFile).isInBuildDirectory() and + provider.hasIncompletePermissions() and + provider.isExported() + ) + } +} diff --git a/java/ql/test/query-tests/security/CWE-926/incomplete_provider_permissions/Testbuild/AndroidManifest.xml b/java/ql/test/query-tests/security/CWE-926/incomplete_provider_permissions/Testbuild/AndroidManifest.xml new file mode 100644 index 00000000000..61eca7c0825 --- /dev/null +++ b/java/ql/test/query-tests/security/CWE-926/incomplete_provider_permissions/Testbuild/AndroidManifest.xml @@ -0,0 +1,25 @@ + + + + + + + + diff --git a/javascript/ql/experimental/adaptivethreatmodeling/lib/experimental/adaptivethreatmodeling/FunctionBodyFeatures.qll b/javascript/ql/experimental/adaptivethreatmodeling/lib/experimental/adaptivethreatmodeling/FunctionBodyFeatures.qll index 4b1a5778cc0..4464842bc38 100644 --- a/javascript/ql/experimental/adaptivethreatmodeling/lib/experimental/adaptivethreatmodeling/FunctionBodyFeatures.qll +++ b/javascript/ql/experimental/adaptivethreatmodeling/lib/experimental/adaptivethreatmodeling/FunctionBodyFeatures.qll @@ -151,7 +151,7 @@ private int getMaxChars() { result = 1000000 } */ string getBodyTokensFeature(Function function) { // Performance optimization: If a function has more than 256 body subtokens, then featurize it as - // absent. This approximates the behavior of the classifer on non-generic body features where + // absent. This approximates the behavior of the classifier on non-generic body features where // large body features are replaced by the absent token. // // We count nodes instead of tokens because tokens are often not unique. diff --git a/javascript/ql/experimental/adaptivethreatmodeling/lib/qlpack.yml b/javascript/ql/experimental/adaptivethreatmodeling/lib/qlpack.yml index b437e4de0ba..45d58aae0aa 100644 --- a/javascript/ql/experimental/adaptivethreatmodeling/lib/qlpack.yml +++ b/javascript/ql/experimental/adaptivethreatmodeling/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/javascript-experimental-atm-lib -version: 0.3.4 +version: 0.3.6 extractor: javascript library: true groups: diff --git a/javascript/ql/experimental/adaptivethreatmodeling/modelbuilding/codeql-pack.lock.yml b/javascript/ql/experimental/adaptivethreatmodeling/modelbuilding/codeql-pack.lock.yml index 9486bf8ef42..46630e15fd9 100644 --- a/javascript/ql/experimental/adaptivethreatmodeling/modelbuilding/codeql-pack.lock.yml +++ b/javascript/ql/experimental/adaptivethreatmodeling/modelbuilding/codeql-pack.lock.yml @@ -1,6 +1,6 @@ --- dependencies: codeql/javascript-experimental-atm-model: - version: 0.2.0 + version: 0.2.1-2022-09-06-08h55m54s.bubbly-basin-xpztl8fh.f3c3c9360a727959e428ecc6932257e6a546dc65d8a9baac525a49247123822d compiled: false lockVersion: 1.0.0 diff --git a/javascript/ql/experimental/adaptivethreatmodeling/modelbuilding/counting/CountNosqlInjection.ql b/javascript/ql/experimental/adaptivethreatmodeling/modelbuilding/counting/CountNosqlInjection.ql index 8df29c69715..9ae36f2c834 100644 --- a/javascript/ql/experimental/adaptivethreatmodeling/modelbuilding/counting/CountNosqlInjection.ql +++ b/javascript/ql/experimental/adaptivethreatmodeling/modelbuilding/counting/CountNosqlInjection.ql @@ -2,7 +2,7 @@ * For internal use only. * * - * Count the number of sinks and alerts for the `NosqlInection` security query. + * Count the number of sinks and alerts for the `NosqlInjection` security query. */ import semmle.javascript.security.dataflow.NosqlInjectionQuery diff --git a/javascript/ql/experimental/adaptivethreatmodeling/modelbuilding/counting/CountSqlInjection.ql b/javascript/ql/experimental/adaptivethreatmodeling/modelbuilding/counting/CountSqlInjection.ql index 2842c348381..55aade38fd5 100644 --- a/javascript/ql/experimental/adaptivethreatmodeling/modelbuilding/counting/CountSqlInjection.ql +++ b/javascript/ql/experimental/adaptivethreatmodeling/modelbuilding/counting/CountSqlInjection.ql @@ -2,7 +2,7 @@ * For internal use only. * * - * Count the number of sinks and alerts for the `SqlInection` security query. + * Count the number of sinks and alerts for the `SqlInjection` security query. */ import semmle.javascript.security.dataflow.SqlInjectionQuery diff --git a/javascript/ql/experimental/adaptivethreatmodeling/modelbuilding/evaluation/NosqlInjection.ql b/javascript/ql/experimental/adaptivethreatmodeling/modelbuilding/evaluation/NosqlInjection.ql deleted file mode 100644 index 716702c27f1..00000000000 --- a/javascript/ql/experimental/adaptivethreatmodeling/modelbuilding/evaluation/NosqlInjection.ql +++ /dev/null @@ -1,25 +0,0 @@ -/** - * NosqlInjection.ql - * - * Version of the standard NoSQL injection query with an output relation ready to plug into the - * evaluation pipeline. - */ - -import javascript -import semmle.javascript.security.dataflow.NosqlInjectionQuery as NosqlInjection -import EndToEndEvaluation as EndToEndEvaluation - -from - DataFlow::Configuration cfg, DataFlow::Node source, DataFlow::Node sink, string filePathSink, - int startLineSink, int endLineSink, int startColumnSink, int endColumnSink, string filePathSource, - int startLineSource, int endLineSource, int startColumnSource, int endColumnSource -where - cfg instanceof NosqlInjection::Configuration and - cfg.hasFlow(source, sink) and - not EndToEndEvaluation::isFlowExcluded(source, sink) and - sink.hasLocationInfo(filePathSink, startLineSink, startColumnSink, endLineSink, endColumnSink) and - source - .hasLocationInfo(filePathSource, startLineSource, startColumnSource, endLineSource, - endColumnSource) -select source, startLineSource, startColumnSource, endLineSource, endColumnSource, filePathSource, - sink, startLineSink, startColumnSink, endLineSink, endColumnSink, filePathSink diff --git a/javascript/ql/experimental/adaptivethreatmodeling/modelbuilding/evaluation/NosqlInjectionATM.ql b/javascript/ql/experimental/adaptivethreatmodeling/modelbuilding/evaluation/NosqlInjectionATM.ql deleted file mode 100644 index 38b2de667cf..00000000000 --- a/javascript/ql/experimental/adaptivethreatmodeling/modelbuilding/evaluation/NosqlInjectionATM.ql +++ /dev/null @@ -1,28 +0,0 @@ -/** - * NosqlInjectionATM.ql - * - * Version of the boosted NoSQL injection query with an output relation ready to plug into the - * evaluation pipeline. - */ - -import ATM::ResultsInfo -import EndToEndEvaluation as EndToEndEvaluation -import experimental.adaptivethreatmodeling.NosqlInjectionATM - -from - DataFlow::Configuration cfg, DataFlow::Node source, DataFlow::Node sink, string filePathSink, - int startLineSink, int endLineSink, int startColumnSink, int endColumnSink, string filePathSource, - int startLineSource, int endLineSource, int startColumnSource, int endColumnSource, float score -where - cfg.hasFlow(source, sink) and - not EndToEndEvaluation::isFlowExcluded(source, sink) and - not isFlowLikelyInBaseQuery(source, sink) and - sink.hasLocationInfo(filePathSink, startLineSink, startColumnSink, endLineSink, endColumnSink) and - source - .hasLocationInfo(filePathSource, startLineSource, startColumnSource, endLineSource, - endColumnSource) and - getScoreForFlow(source, sink) = score -select source, startLineSource, startColumnSource, endLineSource, endColumnSource, filePathSource, - sink, startLineSink, startColumnSink, endLineSink, endColumnSink, filePathSink, score order by - score desc, startLineSource, startColumnSource, endLineSource, endColumnSource, filePathSource, - startLineSink, startColumnSink, endLineSink, endColumnSink, filePathSink diff --git a/javascript/ql/experimental/adaptivethreatmodeling/modelbuilding/evaluation/NosqlInjectionATMLite.ql b/javascript/ql/experimental/adaptivethreatmodeling/modelbuilding/evaluation/NosqlInjectionATMLite.ql deleted file mode 100644 index 1db2d35bd75..00000000000 --- a/javascript/ql/experimental/adaptivethreatmodeling/modelbuilding/evaluation/NosqlInjectionATMLite.ql +++ /dev/null @@ -1,29 +0,0 @@ -/** - * NosqlInjectionATMLite.ql - * - * Arbitrarily ranked version of the boosted NoSQL injection query with an output relation ready to - * plug into the evaluation pipeline. This is useful (a) for evaluating the performance of endpoint - * filters, and (b) as a baseline to compare the model against. - */ - -import ATM::ResultsInfo -import EndToEndEvaluation as EndToEndEvaluation -import experimental.adaptivethreatmodeling.NosqlInjectionATM - -from - DataFlow::Configuration cfg, DataFlow::Node source, DataFlow::Node sink, string filePathSink, - int startLineSink, int endLineSink, int startColumnSink, int endColumnSink, string filePathSource, - int startLineSource, int endLineSource, int startColumnSource, int endColumnSource, float score -where - cfg.hasFlow(source, sink) and - not EndToEndEvaluation::isFlowExcluded(source, sink) and - not isFlowLikelyInBaseQuery(source, sink) and - sink.hasLocationInfo(filePathSink, startLineSink, startColumnSink, endLineSink, endColumnSink) and - source - .hasLocationInfo(filePathSource, startLineSource, startColumnSource, endLineSource, - endColumnSource) and - score = 0 -select source, startLineSource, startColumnSource, endLineSource, endColumnSource, filePathSource, - sink, startLineSink, startColumnSink, endLineSink, endColumnSink, filePathSink, score order by - score desc, startLineSource, startColumnSource, endLineSource, endColumnSource, filePathSource, - startLineSink, startColumnSink, endLineSink, endColumnSink, filePathSink diff --git a/javascript/ql/experimental/adaptivethreatmodeling/modelbuilding/evaluation/SqlInjection.ql b/javascript/ql/experimental/adaptivethreatmodeling/modelbuilding/evaluation/SqlInjection.ql deleted file mode 100644 index b0aab6dde4b..00000000000 --- a/javascript/ql/experimental/adaptivethreatmodeling/modelbuilding/evaluation/SqlInjection.ql +++ /dev/null @@ -1,25 +0,0 @@ -/** - * SqlInjection.ql - * - * Version of the standard SQL injection query with an output relation ready to plug into the - * evaluation pipeline. - */ - -import javascript -import semmle.javascript.security.dataflow.SqlInjectionQuery as SqlInjection -import EndToEndEvaluation as EndToEndEvaluation - -from - DataFlow::Configuration cfg, DataFlow::Node source, DataFlow::Node sink, string filePathSink, - int startLineSink, int endLineSink, int startColumnSink, int endColumnSink, string filePathSource, - int startLineSource, int endLineSource, int startColumnSource, int endColumnSource -where - cfg instanceof SqlInjection::Configuration and - cfg.hasFlow(source, sink) and - not EndToEndEvaluation::isFlowExcluded(source, sink) and - sink.hasLocationInfo(filePathSink, startLineSink, startColumnSink, endLineSink, endColumnSink) and - source - .hasLocationInfo(filePathSource, startLineSource, startColumnSource, endLineSource, - endColumnSource) -select source, startLineSource, startColumnSource, endLineSource, endColumnSource, filePathSource, - sink, startLineSink, startColumnSink, endLineSink, endColumnSink, filePathSink diff --git a/javascript/ql/experimental/adaptivethreatmodeling/modelbuilding/evaluation/SqlInjectionATM.ql b/javascript/ql/experimental/adaptivethreatmodeling/modelbuilding/evaluation/SqlInjectionATM.ql deleted file mode 100644 index da6dbe18972..00000000000 --- a/javascript/ql/experimental/adaptivethreatmodeling/modelbuilding/evaluation/SqlInjectionATM.ql +++ /dev/null @@ -1,28 +0,0 @@ -/** - * SqlInjectionATM.ql - * - * Version of the boosted SQL injection query with an output relation ready to plug into the - * evaluation pipeline. - */ - -import ATM::ResultsInfo -import EndToEndEvaluation as EndToEndEvaluation -import experimental.adaptivethreatmodeling.SqlInjectionATM - -from - DataFlow::Configuration cfg, DataFlow::Node source, DataFlow::Node sink, string filePathSink, - int startLineSink, int endLineSink, int startColumnSink, int endColumnSink, string filePathSource, - int startLineSource, int endLineSource, int startColumnSource, int endColumnSource, float score -where - cfg.hasFlow(source, sink) and - not EndToEndEvaluation::isFlowExcluded(source, sink) and - not isFlowLikelyInBaseQuery(source, sink) and - sink.hasLocationInfo(filePathSink, startLineSink, startColumnSink, endLineSink, endColumnSink) and - source - .hasLocationInfo(filePathSource, startLineSource, startColumnSource, endLineSource, - endColumnSource) and - getScoreForFlow(source, sink) = score -select source, startLineSource, startColumnSource, endLineSource, endColumnSource, filePathSource, - sink, startLineSink, startColumnSink, endLineSink, endColumnSink, filePathSink, score order by - score desc, startLineSource, startColumnSource, endLineSource, endColumnSource, filePathSource, - startLineSink, startColumnSink, endLineSink, endColumnSink, filePathSink diff --git a/javascript/ql/experimental/adaptivethreatmodeling/modelbuilding/evaluation/SqlInjectionATMLite.ql b/javascript/ql/experimental/adaptivethreatmodeling/modelbuilding/evaluation/SqlInjectionATMLite.ql deleted file mode 100644 index 2d07af7a317..00000000000 --- a/javascript/ql/experimental/adaptivethreatmodeling/modelbuilding/evaluation/SqlInjectionATMLite.ql +++ /dev/null @@ -1,29 +0,0 @@ -/** - * SqlInjectionATMLite.ql - * - * Arbitrarily ranked version of the boosted SQL injection query with an output relation ready to - * plug into the evaluation pipeline. This is useful (a) for evaluating the performance of endpoint - * filters, and (b) as a baseline to compare the model against. - */ - -import ATM::ResultsInfo -import EndToEndEvaluation as EndToEndEvaluation -import experimental.adaptivethreatmodeling.SqlInjectionATM - -from - DataFlow::Configuration cfg, DataFlow::Node source, DataFlow::Node sink, string filePathSink, - int startLineSink, int endLineSink, int startColumnSink, int endColumnSink, string filePathSource, - int startLineSource, int endLineSource, int startColumnSource, int endColumnSource, float score -where - cfg.hasFlow(source, sink) and - not EndToEndEvaluation::isFlowExcluded(source, sink) and - not isFlowLikelyInBaseQuery(source, sink) and - sink.hasLocationInfo(filePathSink, startLineSink, startColumnSink, endLineSink, endColumnSink) and - source - .hasLocationInfo(filePathSource, startLineSource, startColumnSource, endLineSource, - endColumnSource) and - score = 0 -select source, startLineSource, startColumnSource, endLineSource, endColumnSource, filePathSource, - sink, startLineSink, startColumnSink, endLineSink, endColumnSink, filePathSink, score order by - score desc, startLineSource, startColumnSource, endLineSource, endColumnSource, filePathSource, - startLineSink, startColumnSink, endLineSink, endColumnSink, filePathSink diff --git a/javascript/ql/experimental/adaptivethreatmodeling/modelbuilding/evaluation/TaintedPath.ql b/javascript/ql/experimental/adaptivethreatmodeling/modelbuilding/evaluation/TaintedPath.ql deleted file mode 100644 index ecf3238e980..00000000000 --- a/javascript/ql/experimental/adaptivethreatmodeling/modelbuilding/evaluation/TaintedPath.ql +++ /dev/null @@ -1,25 +0,0 @@ -/** - * TaintedPath.ql - * - * Version of the standard path injection query with an output relation ready to plug into the - * evaluation pipeline. - */ - -import javascript -import semmle.javascript.security.dataflow.TaintedPathQuery as TaintedPath -import EndToEndEvaluation as EndToEndEvaluation - -from - DataFlow::Configuration cfg, DataFlow::Node source, DataFlow::Node sink, string filePathSink, - int startLineSink, int endLineSink, int startColumnSink, int endColumnSink, string filePathSource, - int startLineSource, int endLineSource, int startColumnSource, int endColumnSource -where - cfg instanceof TaintedPath::Configuration and - cfg.hasFlow(source, sink) and - not EndToEndEvaluation::isFlowExcluded(source, sink) and - sink.hasLocationInfo(filePathSink, startLineSink, startColumnSink, endLineSink, endColumnSink) and - source - .hasLocationInfo(filePathSource, startLineSource, startColumnSource, endLineSource, - endColumnSource) -select source, startLineSource, startColumnSource, endLineSource, endColumnSource, filePathSource, - sink, startLineSink, startColumnSink, endLineSink, endColumnSink, filePathSink diff --git a/javascript/ql/experimental/adaptivethreatmodeling/modelbuilding/evaluation/TaintedPathATM.ql b/javascript/ql/experimental/adaptivethreatmodeling/modelbuilding/evaluation/TaintedPathATM.ql deleted file mode 100644 index b4fc49a6eb6..00000000000 --- a/javascript/ql/experimental/adaptivethreatmodeling/modelbuilding/evaluation/TaintedPathATM.ql +++ /dev/null @@ -1,28 +0,0 @@ -/** - * TaintedPathATM.ql - * - * Version of the boosted path injection query with an output relation ready to plug into the - * evaluation pipeline. - */ - -import ATM::ResultsInfo -import EndToEndEvaluation as EndToEndEvaluation -import experimental.adaptivethreatmodeling.TaintedPathATM - -from - DataFlow::Configuration cfg, DataFlow::Node source, DataFlow::Node sink, string filePathSink, - int startLineSink, int endLineSink, int startColumnSink, int endColumnSink, string filePathSource, - int startLineSource, int endLineSource, int startColumnSource, int endColumnSource, float score -where - cfg.hasFlow(source, sink) and - not EndToEndEvaluation::isFlowExcluded(source, sink) and - not isFlowLikelyInBaseQuery(source, sink) and - sink.hasLocationInfo(filePathSink, startLineSink, startColumnSink, endLineSink, endColumnSink) and - source - .hasLocationInfo(filePathSource, startLineSource, startColumnSource, endLineSource, - endColumnSource) and - getScoreForFlow(source, sink) = score -select source, startLineSource, startColumnSource, endLineSource, endColumnSource, filePathSource, - sink, startLineSink, startColumnSink, endLineSink, endColumnSink, filePathSink, score order by - score desc, startLineSource, startColumnSource, endLineSource, endColumnSource, filePathSource, - startLineSink, startColumnSink, endLineSink, endColumnSink, filePathSink diff --git a/javascript/ql/experimental/adaptivethreatmodeling/modelbuilding/evaluation/TaintedPathATMLite.ql b/javascript/ql/experimental/adaptivethreatmodeling/modelbuilding/evaluation/TaintedPathATMLite.ql deleted file mode 100644 index 74ff55e72a6..00000000000 --- a/javascript/ql/experimental/adaptivethreatmodeling/modelbuilding/evaluation/TaintedPathATMLite.ql +++ /dev/null @@ -1,29 +0,0 @@ -/** - * TaintedPathATMLite.ql - * - * Arbitrarily ranked version of the boosted path injection query with an output relation ready to - * plug into the evaluation pipeline. This is useful (a) for evaluating the performance of endpoint - * filters, and (b) as a baseline to compare the model against. - */ - -import ATM::ResultsInfo -import EndToEndEvaluation as EndToEndEvaluation -import experimental.adaptivethreatmodeling.TaintedPathATM - -from - DataFlow::Configuration cfg, DataFlow::Node source, DataFlow::Node sink, string filePathSink, - int startLineSink, int endLineSink, int startColumnSink, int endColumnSink, string filePathSource, - int startLineSource, int endLineSource, int startColumnSource, int endColumnSource, float score -where - cfg.hasFlow(source, sink) and - not EndToEndEvaluation::isFlowExcluded(source, sink) and - not isFlowLikelyInBaseQuery(source, sink) and - sink.hasLocationInfo(filePathSink, startLineSink, startColumnSink, endLineSink, endColumnSink) and - source - .hasLocationInfo(filePathSource, startLineSource, startColumnSource, endLineSource, - endColumnSource) and - score = 0 -select source, startLineSource, startColumnSource, endLineSource, endColumnSource, filePathSource, - sink, startLineSink, startColumnSink, endLineSink, endColumnSink, filePathSink, score order by - score desc, startLineSource, startColumnSource, endLineSource, endColumnSource, filePathSource, - startLineSink, startColumnSink, endLineSink, endColumnSink, filePathSink diff --git a/javascript/ql/experimental/adaptivethreatmodeling/modelbuilding/evaluation/Xss.ql b/javascript/ql/experimental/adaptivethreatmodeling/modelbuilding/evaluation/Xss.ql deleted file mode 100644 index 4047fabdbec..00000000000 --- a/javascript/ql/experimental/adaptivethreatmodeling/modelbuilding/evaluation/Xss.ql +++ /dev/null @@ -1,25 +0,0 @@ -/** - * Xss.ql - * - * Version of the standard XSS query with an output relation ready to plug into the evaluation - * pipeline. - */ - -import javascript -import semmle.javascript.security.dataflow.DomBasedXssQuery as DomBasedXss -import EndToEndEvaluation as EndToEndEvaluation - -from - DataFlow::Configuration cfg, DataFlow::Node source, DataFlow::Node sink, string filePathSink, - int startLineSink, int endLineSink, int startColumnSink, int endColumnSink, string filePathSource, - int startLineSource, int endLineSource, int startColumnSource, int endColumnSource -where - cfg instanceof DomBasedXss::Configuration and - cfg.hasFlow(source, sink) and - not EndToEndEvaluation::isFlowExcluded(source, sink) and - sink.hasLocationInfo(filePathSink, startLineSink, startColumnSink, endLineSink, endColumnSink) and - source - .hasLocationInfo(filePathSource, startLineSource, startColumnSource, endLineSource, - endColumnSource) -select source, startLineSource, startColumnSource, endLineSource, endColumnSource, filePathSource, - sink, startLineSink, startColumnSink, endLineSink, endColumnSink, filePathSink diff --git a/javascript/ql/experimental/adaptivethreatmodeling/modelbuilding/evaluation/XssATM.ql b/javascript/ql/experimental/adaptivethreatmodeling/modelbuilding/evaluation/XssATM.ql deleted file mode 100644 index 2db5d017bb9..00000000000 --- a/javascript/ql/experimental/adaptivethreatmodeling/modelbuilding/evaluation/XssATM.ql +++ /dev/null @@ -1,29 +0,0 @@ -/** - * XssATM.ql - * - * Version of the boosted XSS query with an output relation ready to plug into the evaluation - * pipeline. - */ - -import javascript -import ATM::ResultsInfo -import EndToEndEvaluation as EndToEndEvaluation -import experimental.adaptivethreatmodeling.XssATM - -from - DataFlow::Configuration cfg, DataFlow::Node source, DataFlow::Node sink, string filePathSink, - int startLineSink, int endLineSink, int startColumnSink, int endColumnSink, string filePathSource, - int startLineSource, int endLineSource, int startColumnSource, int endColumnSource, float score -where - cfg.hasFlow(source, sink) and - not EndToEndEvaluation::isFlowExcluded(source, sink) and - not isFlowLikelyInBaseQuery(source, sink) and - sink.hasLocationInfo(filePathSink, startLineSink, startColumnSink, endLineSink, endColumnSink) and - source - .hasLocationInfo(filePathSource, startLineSource, startColumnSource, endLineSource, - endColumnSource) and - getScoreForFlow(source, sink) = score -select source, startLineSource, startColumnSource, endLineSource, endColumnSource, filePathSource, - sink, startLineSink, startColumnSink, endLineSink, endColumnSink, filePathSink, score order by - score desc, startLineSource, startColumnSource, endLineSource, endColumnSource, filePathSource, - startLineSink, startColumnSink, endLineSink, endColumnSink, filePathSink diff --git a/javascript/ql/experimental/adaptivethreatmodeling/modelbuilding/evaluation/XssATMLite.ql b/javascript/ql/experimental/adaptivethreatmodeling/modelbuilding/evaluation/XssATMLite.ql deleted file mode 100644 index 52f9ab68ea2..00000000000 --- a/javascript/ql/experimental/adaptivethreatmodeling/modelbuilding/evaluation/XssATMLite.ql +++ /dev/null @@ -1,30 +0,0 @@ -/** - * XssATMLite.ql - * - * Arbitrarily ranked version of the boosted XSS query with an output relation ready to plug into - * the evaluation pipeline. This is useful (a) for evaluating the performance of endpoint filters, - * and (b) as a baseline to compare the model against. - */ - -import javascript -import ATM::ResultsInfo -import EndToEndEvaluation as EndToEndEvaluation -import experimental.adaptivethreatmodeling.XssATM - -from - DataFlow::Configuration cfg, DataFlow::Node source, DataFlow::Node sink, string filePathSink, - int startLineSink, int endLineSink, int startColumnSink, int endColumnSink, string filePathSource, - int startLineSource, int endLineSource, int startColumnSource, int endColumnSource, float score -where - cfg.hasFlow(source, sink) and - not EndToEndEvaluation::isFlowExcluded(source, sink) and - not isFlowLikelyInBaseQuery(source, sink) and - sink.hasLocationInfo(filePathSink, startLineSink, startColumnSink, endLineSink, endColumnSink) and - source - .hasLocationInfo(filePathSource, startLineSource, startColumnSource, endLineSource, - endColumnSource) and - score = 0 -select source, startLineSource, startColumnSource, endLineSource, endColumnSource, filePathSource, - sink, startLineSink, startColumnSink, endLineSink, endColumnSink, filePathSink, score order by - score desc, startLineSource, startColumnSource, endLineSource, endColumnSource, filePathSource, - startLineSink, startColumnSink, endLineSink, endColumnSink, filePathSink diff --git a/javascript/ql/experimental/adaptivethreatmodeling/modelbuilding/extraction/ExtractEndpointDataEvaluation.ql b/javascript/ql/experimental/adaptivethreatmodeling/modelbuilding/extraction/ExtractEndpointDataEvaluation.ql deleted file mode 100644 index 52885baec9b..00000000000 --- a/javascript/ql/experimental/adaptivethreatmodeling/modelbuilding/extraction/ExtractEndpointDataEvaluation.ql +++ /dev/null @@ -1,25 +0,0 @@ -/* - * For internal use only. - * - * Extracts evaluation data we can use to evaluate ML models for ML-powered queries. - */ - -import javascript -import ExtractEndpointData as ExtractEndpointData - -query predicate endpoints( - DataFlow::Node endpoint, string queryName, string key, string value, string valueType -) { - ExtractEndpointData::endpoints(endpoint, queryName, key, value, valueType) and - // only select endpoints that are either Sink, NotASink or Unknown - ExtractEndpointData::endpoints(endpoint, queryName, "sinkLabel", ["Sink", "NotASink", "Unknown"], - "string") and - // do not select endpoints filtered out by end-to-end evaluation - ExtractEndpointData::endpoints(endpoint, queryName, "isExcludedFromEndToEndEvaluation", "false", - "boolean") -} - -query predicate tokenFeatures(DataFlow::Node endpoint, string featureName, string featureValue) { - endpoints(endpoint, _, _, _, _) and - ExtractEndpointData::tokenFeatures(endpoint, featureName, featureValue) -} diff --git a/javascript/ql/experimental/adaptivethreatmodeling/modelbuilding/qlpack.yml b/javascript/ql/experimental/adaptivethreatmodeling/modelbuilding/qlpack.yml index bb195f22f90..a09e499a7a9 100644 --- a/javascript/ql/experimental/adaptivethreatmodeling/modelbuilding/qlpack.yml +++ b/javascript/ql/experimental/adaptivethreatmodeling/modelbuilding/qlpack.yml @@ -6,4 +6,4 @@ groups: - experimental dependencies: codeql/javascript-experimental-atm-lib: "*" - codeql/javascript-experimental-atm-model: "0.2.0" + codeql/javascript-experimental-atm-model: "0.2.1-2022-09-06-08h55m54s.bubbly-basin-xpztl8fh.f3c3c9360a727959e428ecc6932257e6a546dc65d8a9baac525a49247123822d" diff --git a/javascript/ql/experimental/adaptivethreatmodeling/src/codeql-pack.lock.yml b/javascript/ql/experimental/adaptivethreatmodeling/src/codeql-pack.lock.yml index 9486bf8ef42..46630e15fd9 100644 --- a/javascript/ql/experimental/adaptivethreatmodeling/src/codeql-pack.lock.yml +++ b/javascript/ql/experimental/adaptivethreatmodeling/src/codeql-pack.lock.yml @@ -1,6 +1,6 @@ --- dependencies: codeql/javascript-experimental-atm-model: - version: 0.2.0 + version: 0.2.1-2022-09-06-08h55m54s.bubbly-basin-xpztl8fh.f3c3c9360a727959e428ecc6932257e6a546dc65d8a9baac525a49247123822d compiled: false lockVersion: 1.0.0 diff --git a/javascript/ql/experimental/adaptivethreatmodeling/src/qlpack.yml b/javascript/ql/experimental/adaptivethreatmodeling/src/qlpack.yml index 0942785b20a..743ea610e48 100644 --- a/javascript/ql/experimental/adaptivethreatmodeling/src/qlpack.yml +++ b/javascript/ql/experimental/adaptivethreatmodeling/src/qlpack.yml @@ -1,6 +1,6 @@ name: codeql/javascript-experimental-atm-queries language: javascript -version: 0.3.4 +version: 0.3.6 suites: codeql-suites defaultSuiteFile: codeql-suites/javascript-atm-code-scanning.qls groups: @@ -8,4 +8,4 @@ groups: - experimental dependencies: codeql/javascript-experimental-atm-lib: "*" - codeql/javascript-experimental-atm-model: "0.2.0" + codeql/javascript-experimental-atm-model: "0.2.1-2022-09-06-08h55m54s.bubbly-basin-xpztl8fh.f3c3c9360a727959e428ecc6932257e6a546dc65d8a9baac525a49247123822d" diff --git a/javascript/ql/experimental/adaptivethreatmodeling/test/codeql-pack.lock.yml b/javascript/ql/experimental/adaptivethreatmodeling/test/codeql-pack.lock.yml index 9486bf8ef42..46630e15fd9 100644 --- a/javascript/ql/experimental/adaptivethreatmodeling/test/codeql-pack.lock.yml +++ b/javascript/ql/experimental/adaptivethreatmodeling/test/codeql-pack.lock.yml @@ -1,6 +1,6 @@ --- dependencies: codeql/javascript-experimental-atm-model: - version: 0.2.0 + version: 0.2.1-2022-09-06-08h55m54s.bubbly-basin-xpztl8fh.f3c3c9360a727959e428ecc6932257e6a546dc65d8a9baac525a49247123822d compiled: false lockVersion: 1.0.0 diff --git a/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/ExtractEndpointDataEvaluation.expected b/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/ExtractEndpointDataEvaluation.expected deleted file mode 100644 index 6a06015ed47..00000000000 --- a/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/ExtractEndpointDataEvaluation.expected +++ /dev/null @@ -1,49956 +0,0 @@ -endpoints -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:3:25:3:33 | "express" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:3:25:3:33 | "express" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:3:25:3:33 | "express" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:3:25:3:33 | "express" | TaintedPath | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:4:28:4:40 | "body-parser" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:4:28:4:40 | "body-parser" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:4:28:4:40 | "body-parser" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:4:28:4:40 | "body-parser" | TaintedPath | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:10:9:10:25 | bodyParser.json() | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:10:9:10:25 | bodyParser.json() | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:10:9:10:25 | bodyParser.json() | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:10:9:10:25 | bodyParser.json() | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:10:9:10:25 | bodyParser.json() | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:10:9:10:25 | bodyParser.json() | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:10:9:10:25 | bodyParser.json() | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:10:9:10:25 | bodyParser.json() | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:10:9:10:25 | bodyParser.json() | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:10:9:10:25 | bodyParser.json() | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:10:9:10:25 | bodyParser.json() | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:10:9:10:25 | bodyParser.json() | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:10:9:10:25 | bodyParser.json() | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:10:9:10:25 | bodyParser.json() | Xss | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:10:9:10:25 | bodyParser.json() | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:10:9:10:25 | bodyParser.json() | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:12:10:12:16 | "/find" | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:12:10:12:16 | "/find" | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:12:10:12:16 | "/find" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:12:10:12:16 | "/find" | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:12:10:12:16 | "/find" | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:12:10:12:16 | "/find" | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:12:10:12:16 | "/find" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:12:10:12:16 | "/find" | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:12:10:12:16 | "/find" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:12:10:12:16 | "/find" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:12:10:12:16 | "/find" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:12:10:12:16 | "/find" | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:12:10:12:16 | "/find" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:12:10:12:16 | "/find" | Xss | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:12:10:12:16 | "/find" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:12:10:12:16 | "/find" | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:12:19:15:1 | (req, r ... OT OK\\n} | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:12:19:15:1 | (req, r ... OT OK\\n} | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:12:19:15:1 | (req, r ... OT OK\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:12:19:15:1 | (req, r ... OT OK\\n} | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:12:19:15:1 | (req, r ... OT OK\\n} | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:12:19:15:1 | (req, r ... OT OK\\n} | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:12:19:15:1 | (req, r ... OT OK\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:12:19:15:1 | (req, r ... OT OK\\n} | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:12:19:15:1 | (req, r ... OT OK\\n} | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:12:19:15:1 | (req, r ... OT OK\\n} | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:12:19:15:1 | (req, r ... OT OK\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:12:19:15:1 | (req, r ... OT OK\\n} | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:12:19:15:1 | (req, r ... OT OK\\n} | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:12:19:15:1 | (req, r ... OT OK\\n} | Xss | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:12:19:15:1 | (req, r ... OT OK\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:12:19:15:1 | (req, r ... OT OK\\n} | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:14:24:14:32 | { id: v } | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:14:24:14:32 | { id: v } | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:14:24:14:32 | { id: v } | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:14:24:14:32 | { id: v } | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:14:24:14:32 | { id: v } | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:14:24:14:32 | { id: v } | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:14:24:14:32 | { id: v } | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:14:24:14:32 | { id: v } | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:14:24:14:32 | { id: v } | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:14:24:14:32 | { id: v } | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:14:24:14:32 | { id: v } | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:14:24:14:32 | { id: v } | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:14:24:14:32 | { id: v } | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:14:24:14:32 | { id: v } | Xss | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:14:24:14:32 | { id: v } | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:14:24:14:32 | { id: v } | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:14:30:14:30 | v | SqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:14:30:14:30 | v | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:14:30:14:30 | v | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:14:30:14:30 | v | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:14:30:14:30 | v | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:14:30:14:30 | v | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:14:30:14:30 | v | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:14:30:14:30 | v | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:14:30:14:30 | v | Xss | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:14:30:14:30 | v | Xss | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:14:30:14:30 | v | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:14:30:14:30 | v | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:20:10:20:16 | "/find" | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:20:10:20:16 | "/find" | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:20:10:20:16 | "/find" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:20:10:20:16 | "/find" | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:20:10:20:16 | "/find" | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:20:10:20:16 | "/find" | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:20:10:20:16 | "/find" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:20:10:20:16 | "/find" | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:20:10:20:16 | "/find" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:20:10:20:16 | "/find" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:20:10:20:16 | "/find" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:20:10:20:16 | "/find" | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:20:10:20:16 | "/find" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:20:10:20:16 | "/find" | Xss | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:20:10:20:16 | "/find" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:20:10:20:16 | "/find" | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:20:19:24:1 | (req, r ... OT OK\\n} | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:20:19:24:1 | (req, r ... OT OK\\n} | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:20:19:24:1 | (req, r ... OT OK\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:20:19:24:1 | (req, r ... OT OK\\n} | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:20:19:24:1 | (req, r ... OT OK\\n} | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:20:19:24:1 | (req, r ... OT OK\\n} | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:20:19:24:1 | (req, r ... OT OK\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:20:19:24:1 | (req, r ... OT OK\\n} | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:20:19:24:1 | (req, r ... OT OK\\n} | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:20:19:24:1 | (req, r ... OT OK\\n} | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:20:19:24:1 | (req, r ... OT OK\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:20:19:24:1 | (req, r ... OT OK\\n} | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:20:19:24:1 | (req, r ... OT OK\\n} | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:20:19:24:1 | (req, r ... OT OK\\n} | Xss | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:20:19:24:1 | (req, r ... OT OK\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:20:19:24:1 | (req, r ... OT OK\\n} | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:22:27:22:35 | { id: v } | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:22:27:22:35 | { id: v } | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:22:27:22:35 | { id: v } | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:22:27:22:35 | { id: v } | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:22:27:22:35 | { id: v } | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:22:27:22:35 | { id: v } | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:22:27:22:35 | { id: v } | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:22:27:22:35 | { id: v } | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:22:27:22:35 | { id: v } | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:22:27:22:35 | { id: v } | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:22:27:22:35 | { id: v } | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:22:27:22:35 | { id: v } | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:22:27:22:35 | { id: v } | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:22:27:22:35 | { id: v } | Xss | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:22:27:22:35 | { id: v } | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:22:27:22:35 | { id: v } | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:22:33:22:33 | v | SqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:22:33:22:33 | v | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:22:33:22:33 | v | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:22:33:22:33 | v | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:22:33:22:33 | v | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:22:33:22:33 | v | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:22:33:22:33 | v | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:22:33:22:33 | v | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:22:33:22:33 | v | Xss | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:22:33:22:33 | v | Xss | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:22:33:22:33 | v | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:22:33:22:33 | v | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:23:27:23:35 | { id: v } | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:23:27:23:35 | { id: v } | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:23:27:23:35 | { id: v } | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:23:27:23:35 | { id: v } | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:23:27:23:35 | { id: v } | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:23:27:23:35 | { id: v } | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:23:27:23:35 | { id: v } | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:23:27:23:35 | { id: v } | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:23:27:23:35 | { id: v } | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:23:27:23:35 | { id: v } | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:23:27:23:35 | { id: v } | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:23:27:23:35 | { id: v } | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:23:27:23:35 | { id: v } | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:23:27:23:35 | { id: v } | Xss | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:23:27:23:35 | { id: v } | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:23:27:23:35 | { id: v } | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:23:33:23:33 | v | SqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:23:33:23:33 | v | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:23:33:23:33 | v | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:23:33:23:33 | v | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:23:33:23:33 | v | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:23:33:23:33 | v | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:23:33:23:33 | v | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:23:33:23:33 | v | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:23:33:23:33 | v | Xss | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:23:33:23:33 | v | Xss | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:23:33:23:33 | v | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:23:33:23:33 | v | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:1:24:1:32 | "mongodb" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:1:24:1:32 | "mongodb" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:1:24:1:32 | "mongodb" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:1:24:1:32 | "mongodb" | TaintedPath | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:8:22:8:39 | process.env.DB_URL | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:8:22:8:39 | process.env.DB_URL | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:8:22:8:39 | process.env.DB_URL | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:8:22:8:39 | process.env.DB_URL | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:8:22:8:39 | process.env.DB_URL | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:8:22:8:39 | process.env.DB_URL | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:8:22:8:39 | process.env.DB_URL | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:8:22:8:39 | process.env.DB_URL | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:8:22:8:39 | process.env.DB_URL | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:8:22:8:39 | process.env.DB_URL | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:8:22:8:39 | process.env.DB_URL | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:8:22:8:39 | process.env.DB_URL | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:8:22:8:39 | process.env.DB_URL | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:8:22:8:39 | process.env.DB_URL | Xss | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:8:22:8:39 | process.env.DB_URL | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:8:22:8:39 | process.env.DB_URL | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:8:42:8:43 | {} | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:8:42:8:43 | {} | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:8:42:8:43 | {} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:8:42:8:43 | {} | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:8:42:8:43 | {} | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:8:42:8:43 | {} | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:8:42:8:43 | {} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:8:42:8:43 | {} | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:8:42:8:43 | {} | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:8:42:8:43 | {} | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:8:42:8:43 | {} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:8:42:8:43 | {} | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:8:42:8:43 | {} | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:8:42:8:43 | {} | Xss | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:8:42:8:43 | {} | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:8:42:8:43 | {} | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:8:46:11:5 | (err, c ... ;\\n } | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:8:46:11:5 | (err, c ... ;\\n } | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:8:46:11:5 | (err, c ... ;\\n } | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:8:46:11:5 | (err, c ... ;\\n } | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:8:46:11:5 | (err, c ... ;\\n } | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:8:46:11:5 | (err, c ... ;\\n } | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:8:46:11:5 | (err, c ... ;\\n } | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:8:46:11:5 | (err, c ... ;\\n } | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:8:46:11:5 | (err, c ... ;\\n } | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:8:46:11:5 | (err, c ... ;\\n } | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:8:46:11:5 | (err, c ... ;\\n } | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:8:46:11:5 | (err, c ... ;\\n } | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:8:46:11:5 | (err, c ... ;\\n } | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:8:46:11:5 | (err, c ... ;\\n } | Xss | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:8:46:11:5 | (err, c ... ;\\n } | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:8:46:11:5 | (err, c ... ;\\n } | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:9:22:9:40 | process.env.DB_NAME | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:9:22:9:40 | process.env.DB_NAME | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:9:22:9:40 | process.env.DB_NAME | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:9:22:9:40 | process.env.DB_NAME | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:9:22:9:40 | process.env.DB_NAME | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:9:22:9:40 | process.env.DB_NAME | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:9:22:9:40 | process.env.DB_NAME | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:9:22:9:40 | process.env.DB_NAME | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:9:22:9:40 | process.env.DB_NAME | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:9:22:9:40 | process.env.DB_NAME | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:9:22:9:40 | process.env.DB_NAME | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:9:22:9:40 | process.env.DB_NAME | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:9:22:9:40 | process.env.DB_NAME | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:9:22:9:40 | process.env.DB_NAME | Xss | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:9:22:9:40 | process.env.DB_NAME | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:9:22:9:40 | process.env.DB_NAME | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:10:17:10:19 | err | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:10:17:10:19 | err | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:10:17:10:19 | err | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:10:17:10:19 | err | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:10:17:10:19 | err | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:10:17:10:19 | err | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:10:17:10:19 | err | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:10:17:10:19 | err | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:10:17:10:19 | err | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:10:17:10:19 | err | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:10:17:10:19 | err | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:10:17:10:19 | err | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:10:17:10:19 | err | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:10:17:10:19 | err | Xss | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:10:17:10:19 | err | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:10:17:10:19 | err | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:15:33:15:38 | schema | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:15:33:15:38 | schema | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:15:33:15:38 | schema | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:15:33:15:38 | schema | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:15:33:15:38 | schema | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:15:33:15:38 | schema | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:15:33:15:38 | schema | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:15:33:15:38 | schema | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:15:33:15:38 | schema | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:15:33:15:38 | schema | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:15:33:15:38 | schema | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:15:33:15:38 | schema | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:15:33:15:38 | schema | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:15:33:15:38 | schema | Xss | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:15:33:15:38 | schema | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:15:33:15:38 | schema | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:21:10:21:26 | '/documents/find' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:21:10:21:26 | '/documents/find' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:21:10:21:26 | '/documents/find' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:21:10:21:26 | '/documents/find' | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:21:10:21:26 | '/documents/find' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:21:10:21:26 | '/documents/find' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:21:10:21:26 | '/documents/find' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:21:10:21:26 | '/documents/find' | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:21:10:21:26 | '/documents/find' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:21:10:21:26 | '/documents/find' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:21:10:21:26 | '/documents/find' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:21:10:21:26 | '/documents/find' | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:21:10:21:26 | '/documents/find' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:21:10:21:26 | '/documents/find' | Xss | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:21:10:21:26 | '/documents/find' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:21:10:21:26 | '/documents/find' | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:21:29:37:1 | (req, r ... });\\n} | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:21:29:37:1 | (req, r ... });\\n} | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:21:29:37:1 | (req, r ... });\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:21:29:37:1 | (req, r ... });\\n} | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:21:29:37:1 | (req, r ... });\\n} | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:21:29:37:1 | (req, r ... });\\n} | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:21:29:37:1 | (req, r ... });\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:21:29:37:1 | (req, r ... });\\n} | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:21:29:37:1 | (req, r ... });\\n} | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:21:29:37:1 | (req, r ... });\\n} | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:21:29:37:1 | (req, r ... });\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:21:29:37:1 | (req, r ... });\\n} | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:21:29:37:1 | (req, r ... });\\n} | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:21:29:37:1 | (req, r ... });\\n} | Xss | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:21:29:37:1 | (req, r ... });\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:21:29:37:1 | (req, r ... });\\n} | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:22:25:22:56 | 'mongod ... 7/test' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:22:25:22:56 | 'mongod ... 7/test' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:22:25:22:56 | 'mongod ... 7/test' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:22:25:22:56 | 'mongod ... 7/test' | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:22:25:22:56 | 'mongod ... 7/test' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:22:25:22:56 | 'mongod ... 7/test' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:22:25:22:56 | 'mongod ... 7/test' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:22:25:22:56 | 'mongod ... 7/test' | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:22:25:22:56 | 'mongod ... 7/test' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:22:25:22:56 | 'mongod ... 7/test' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:22:25:22:56 | 'mongod ... 7/test' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:22:25:22:56 | 'mongod ... 7/test' | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:22:25:22:56 | 'mongod ... 7/test' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:22:25:22:56 | 'mongod ... 7/test' | Xss | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:22:25:22:56 | 'mongod ... 7/test' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:22:25:22:56 | 'mongod ... 7/test' | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:22:59:36:5 | (err, d ... K\\n } | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:22:59:36:5 | (err, d ... K\\n } | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:22:59:36:5 | (err, d ... K\\n } | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:22:59:36:5 | (err, d ... K\\n } | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:22:59:36:5 | (err, d ... K\\n } | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:22:59:36:5 | (err, d ... K\\n } | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:22:59:36:5 | (err, d ... K\\n } | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:22:59:36:5 | (err, d ... K\\n } | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:22:59:36:5 | (err, d ... K\\n } | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:22:59:36:5 | (err, d ... K\\n } | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:22:59:36:5 | (err, d ... K\\n } | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:22:59:36:5 | (err, d ... K\\n } | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:22:59:36:5 | (err, d ... K\\n } | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:22:59:36:5 | (err, d ... K\\n } | Xss | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:22:59:36:5 | (err, d ... K\\n } | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:22:59:36:5 | (err, d ... K\\n } | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:23:33:23:37 | 'doc' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:23:33:23:37 | 'doc' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:23:33:23:37 | 'doc' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:23:33:23:37 | 'doc' | NosqlInjection | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:23:33:23:37 | 'doc' | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:23:33:23:37 | 'doc' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:23:33:23:37 | 'doc' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:23:33:23:37 | 'doc' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:23:33:23:37 | 'doc' | SqlInjection | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:23:33:23:37 | 'doc' | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:23:33:23:37 | 'doc' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:23:33:23:37 | 'doc' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:23:33:23:37 | 'doc' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:23:33:23:37 | 'doc' | TaintedPath | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:23:33:23:37 | 'doc' | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:23:33:23:37 | 'doc' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:23:33:23:37 | 'doc' | Xss | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:23:33:23:37 | 'doc' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:23:33:23:37 | 'doc' | Xss | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:23:33:23:37 | 'doc' | Xss | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:25:23:25:48 | JSON.pa ... y.data) | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:25:23:25:48 | JSON.pa ... y.data) | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:25:23:25:48 | JSON.pa ... y.data) | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:25:23:25:48 | JSON.pa ... y.data) | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:25:23:25:48 | JSON.pa ... y.data) | SqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:25:23:25:48 | JSON.pa ... y.data) | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:25:23:25:48 | JSON.pa ... y.data) | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:25:23:25:48 | JSON.pa ... y.data) | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:26:25:26:29 | query | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:26:25:26:29 | query | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:26:25:26:29 | query | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:26:25:26:29 | query | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:26:25:26:29 | query | SqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:26:25:26:29 | query | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:26:25:26:29 | query | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:26:25:26:29 | query | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:26:25:26:29 | query | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:26:25:26:29 | query | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:26:25:26:29 | query | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:26:25:26:29 | query | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:26:25:26:29 | query | Xss | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:26:25:26:29 | query | Xss | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:26:25:26:29 | query | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:26:25:26:29 | query | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:27:22:27:26 | query | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:27:22:27:26 | query | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:27:22:27:26 | query | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:27:22:27:26 | query | NosqlInjection | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:30:22:30:26 | query | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:30:22:30:26 | query | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:30:22:30:26 | query | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:30:22:30:26 | query | NosqlInjection | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:33:22:33:26 | query | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:33:22:33:26 | query | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:33:22:33:26 | query | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:33:22:33:26 | query | NosqlInjection | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:35:18:35:22 | query | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:35:18:35:22 | query | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:35:18:35:22 | query | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:35:18:35:22 | query | NosqlInjection | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-from.js:1:24:1:31 | "marsdb" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-from.js:1:24:1:31 | "marsdb" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-from.js:1:24:1:31 | "marsdb" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-from.js:1:24:1:31 | "marsdb" | TaintedPath | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:1:25:1:33 | "express" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:1:25:1:33 | "express" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:1:25:1:33 | "express" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:1:25:1:33 | "express" | TaintedPath | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:2:28:2:40 | "body-parser" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:2:28:2:40 | "body-parser" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:2:28:2:40 | "body-parser" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:2:28:2:40 | "body-parser" | TaintedPath | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:3:20:3:39 | './marsdb-flow-from' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:3:20:3:39 | './marsdb-flow-from' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:3:20:3:39 | './marsdb-flow-from' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:3:20:3:39 | './marsdb-flow-from' | TaintedPath | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:7:9:7:49 | bodyPar ... true }) | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:7:9:7:49 | bodyPar ... true }) | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:7:9:7:49 | bodyPar ... true }) | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:7:9:7:49 | bodyPar ... true }) | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:7:9:7:49 | bodyPar ... true }) | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:7:9:7:49 | bodyPar ... true }) | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:7:9:7:49 | bodyPar ... true }) | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:7:9:7:49 | bodyPar ... true }) | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:7:9:7:49 | bodyPar ... true }) | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:7:9:7:49 | bodyPar ... true }) | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:7:9:7:49 | bodyPar ... true }) | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:7:9:7:49 | bodyPar ... true }) | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:7:9:7:49 | bodyPar ... true }) | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:7:9:7:49 | bodyPar ... true }) | Xss | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:7:9:7:49 | bodyPar ... true }) | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:7:9:7:49 | bodyPar ... true }) | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:7:31:7:48 | { extended: true } | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:7:31:7:48 | { extended: true } | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:7:31:7:48 | { extended: true } | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:7:31:7:48 | { extended: true } | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:7:31:7:48 | { extended: true } | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:7:31:7:48 | { extended: true } | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:7:31:7:48 | { extended: true } | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:7:31:7:48 | { extended: true } | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:7:31:7:48 | { extended: true } | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:7:31:7:48 | { extended: true } | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:7:31:7:48 | { extended: true } | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:7:31:7:48 | { extended: true } | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:7:31:7:48 | { extended: true } | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:7:31:7:48 | { extended: true } | Xss | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:7:31:7:48 | { extended: true } | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:7:31:7:48 | { extended: true } | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:7:43:7:46 | true | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:7:43:7:46 | true | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:7:43:7:46 | true | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:7:43:7:46 | true | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:7:43:7:46 | true | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:7:43:7:46 | true | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:7:43:7:46 | true | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:7:43:7:46 | true | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:7:43:7:46 | true | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:7:43:7:46 | true | Xss | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:7:43:7:46 | true | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:7:43:7:46 | true | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:9:10:9:26 | "/documents/find" | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:9:10:9:26 | "/documents/find" | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:9:10:9:26 | "/documents/find" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:9:10:9:26 | "/documents/find" | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:9:10:9:26 | "/documents/find" | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:9:10:9:26 | "/documents/find" | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:9:10:9:26 | "/documents/find" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:9:10:9:26 | "/documents/find" | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:9:10:9:26 | "/documents/find" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:9:10:9:26 | "/documents/find" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:9:10:9:26 | "/documents/find" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:9:10:9:26 | "/documents/find" | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:9:10:9:26 | "/documents/find" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:9:10:9:26 | "/documents/find" | Xss | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:9:10:9:26 | "/documents/find" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:9:10:9:26 | "/documents/find" | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:9:29:15:1 | (req, r ... ery);\\n} | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:9:29:15:1 | (req, r ... ery);\\n} | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:9:29:15:1 | (req, r ... ery);\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:9:29:15:1 | (req, r ... ery);\\n} | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:9:29:15:1 | (req, r ... ery);\\n} | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:9:29:15:1 | (req, r ... ery);\\n} | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:9:29:15:1 | (req, r ... ery);\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:9:29:15:1 | (req, r ... ery);\\n} | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:9:29:15:1 | (req, r ... ery);\\n} | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:9:29:15:1 | (req, r ... ery);\\n} | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:9:29:15:1 | (req, r ... ery);\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:9:29:15:1 | (req, r ... ery);\\n} | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:9:29:15:1 | (req, r ... ery);\\n} | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:9:29:15:1 | (req, r ... ery);\\n} | Xss | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:9:29:15:1 | (req, r ... ery);\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:9:29:15:1 | (req, r ... ery);\\n} | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:10:17:10:18 | {} | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:10:17:10:18 | {} | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:10:17:10:18 | {} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:10:17:10:18 | {} | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:10:17:10:18 | {} | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:10:17:10:18 | {} | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:10:17:10:18 | {} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:10:17:10:18 | {} | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:14:17:14:21 | query | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:14:17:14:21 | query | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:14:17:14:21 | query | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:14:17:14:21 | query | NosqlInjection | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:1:25:1:33 | "express" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:1:25:1:33 | "express" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:1:25:1:33 | "express" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:1:25:1:33 | "express" | TaintedPath | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:2:20:2:27 | "marsdb" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:2:20:2:27 | "marsdb" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:2:20:2:27 | "marsdb" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:2:20:2:27 | "marsdb" | TaintedPath | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:3:24:3:36 | "body-parser" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:3:24:3:36 | "body-parser" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:3:24:3:36 | "body-parser" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:3:24:3:36 | "body-parser" | TaintedPath | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:9:9:9:49 | bodyPar ... true }) | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:9:9:9:49 | bodyPar ... true }) | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:9:9:9:49 | bodyPar ... true }) | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:9:9:9:49 | bodyPar ... true }) | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:9:9:9:49 | bodyPar ... true }) | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:9:9:9:49 | bodyPar ... true }) | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:9:9:9:49 | bodyPar ... true }) | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:9:9:9:49 | bodyPar ... true }) | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:9:9:9:49 | bodyPar ... true }) | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:9:9:9:49 | bodyPar ... true }) | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:9:9:9:49 | bodyPar ... true }) | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:9:9:9:49 | bodyPar ... true }) | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:9:9:9:49 | bodyPar ... true }) | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:9:9:9:49 | bodyPar ... true }) | Xss | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:9:9:9:49 | bodyPar ... true }) | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:9:9:9:49 | bodyPar ... true }) | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:9:31:9:48 | { extended: true } | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:9:31:9:48 | { extended: true } | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:9:31:9:48 | { extended: true } | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:9:31:9:48 | { extended: true } | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:9:31:9:48 | { extended: true } | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:9:31:9:48 | { extended: true } | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:9:31:9:48 | { extended: true } | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:9:31:9:48 | { extended: true } | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:9:31:9:48 | { extended: true } | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:9:31:9:48 | { extended: true } | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:9:31:9:48 | { extended: true } | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:9:31:9:48 | { extended: true } | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:9:31:9:48 | { extended: true } | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:9:31:9:48 | { extended: true } | Xss | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:9:31:9:48 | { extended: true } | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:9:31:9:48 | { extended: true } | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:9:43:9:46 | true | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:9:43:9:46 | true | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:9:43:9:46 | true | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:9:43:9:46 | true | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:9:43:9:46 | true | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:9:43:9:46 | true | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:9:43:9:46 | true | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:9:43:9:46 | true | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:9:43:9:46 | true | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:9:43:9:46 | true | Xss | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:9:43:9:46 | true | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:9:43:9:46 | true | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:11:10:11:26 | "/documents/find" | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:11:10:11:26 | "/documents/find" | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:11:10:11:26 | "/documents/find" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:11:10:11:26 | "/documents/find" | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:11:10:11:26 | "/documents/find" | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:11:10:11:26 | "/documents/find" | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:11:10:11:26 | "/documents/find" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:11:10:11:26 | "/documents/find" | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:11:10:11:26 | "/documents/find" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:11:10:11:26 | "/documents/find" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:11:10:11:26 | "/documents/find" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:11:10:11:26 | "/documents/find" | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:11:10:11:26 | "/documents/find" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:11:10:11:26 | "/documents/find" | Xss | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:11:10:11:26 | "/documents/find" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:11:10:11:26 | "/documents/find" | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:11:29:17:1 | (req, r ... ery);\\n} | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:11:29:17:1 | (req, r ... ery);\\n} | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:11:29:17:1 | (req, r ... ery);\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:11:29:17:1 | (req, r ... ery);\\n} | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:11:29:17:1 | (req, r ... ery);\\n} | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:11:29:17:1 | (req, r ... ery);\\n} | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:11:29:17:1 | (req, r ... ery);\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:11:29:17:1 | (req, r ... ery);\\n} | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:11:29:17:1 | (req, r ... ery);\\n} | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:11:29:17:1 | (req, r ... ery);\\n} | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:11:29:17:1 | (req, r ... ery);\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:11:29:17:1 | (req, r ... ery);\\n} | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:11:29:17:1 | (req, r ... ery);\\n} | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:11:29:17:1 | (req, r ... ery);\\n} | Xss | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:11:29:17:1 | (req, r ... ery);\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:11:29:17:1 | (req, r ... ery);\\n} | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:12:17:12:18 | {} | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:12:17:12:18 | {} | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:12:17:12:18 | {} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:12:17:12:18 | {} | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:12:17:12:18 | {} | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:12:17:12:18 | {} | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:12:17:12:18 | {} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:12:17:12:18 | {} | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:16:12:16:16 | query | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:16:12:16:16 | query | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:16:12:16:16 | query | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:16:12:16:16 | query | NosqlInjection | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:1:25:1:33 | "express" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:1:25:1:33 | "express" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:1:25:1:33 | "express" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:1:25:1:33 | "express" | TaintedPath | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:2:23:2:33 | "minimongo" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:2:23:2:33 | "minimongo" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:2:23:2:33 | "minimongo" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:2:23:2:33 | "minimongo" | TaintedPath | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:3:24:3:36 | "body-parser" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:3:24:3:36 | "body-parser" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:3:24:3:36 | "body-parser" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:3:24:3:36 | "body-parser" | TaintedPath | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:11:9:11:49 | bodyPar ... true }) | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:11:9:11:49 | bodyPar ... true }) | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:11:9:11:49 | bodyPar ... true }) | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:11:9:11:49 | bodyPar ... true }) | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:11:9:11:49 | bodyPar ... true }) | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:11:9:11:49 | bodyPar ... true }) | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:11:9:11:49 | bodyPar ... true }) | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:11:9:11:49 | bodyPar ... true }) | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:11:9:11:49 | bodyPar ... true }) | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:11:9:11:49 | bodyPar ... true }) | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:11:9:11:49 | bodyPar ... true }) | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:11:9:11:49 | bodyPar ... true }) | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:11:9:11:49 | bodyPar ... true }) | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:11:9:11:49 | bodyPar ... true }) | Xss | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:11:9:11:49 | bodyPar ... true }) | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:11:9:11:49 | bodyPar ... true }) | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:11:31:11:48 | { extended: true } | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:11:31:11:48 | { extended: true } | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:11:31:11:48 | { extended: true } | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:11:31:11:48 | { extended: true } | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:11:31:11:48 | { extended: true } | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:11:31:11:48 | { extended: true } | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:11:31:11:48 | { extended: true } | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:11:31:11:48 | { extended: true } | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:11:31:11:48 | { extended: true } | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:11:31:11:48 | { extended: true } | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:11:31:11:48 | { extended: true } | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:11:31:11:48 | { extended: true } | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:11:31:11:48 | { extended: true } | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:11:31:11:48 | { extended: true } | Xss | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:11:31:11:48 | { extended: true } | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:11:31:11:48 | { extended: true } | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:11:43:11:46 | true | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:11:43:11:46 | true | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:11:43:11:46 | true | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:11:43:11:46 | true | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:11:43:11:46 | true | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:11:43:11:46 | true | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:11:43:11:46 | true | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:11:43:11:46 | true | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:11:43:11:46 | true | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:11:43:11:46 | true | Xss | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:11:43:11:46 | true | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:11:43:11:46 | true | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:13:10:13:26 | "/documents/find" | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:13:10:13:26 | "/documents/find" | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:13:10:13:26 | "/documents/find" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:13:10:13:26 | "/documents/find" | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:13:10:13:26 | "/documents/find" | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:13:10:13:26 | "/documents/find" | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:13:10:13:26 | "/documents/find" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:13:10:13:26 | "/documents/find" | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:13:10:13:26 | "/documents/find" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:13:10:13:26 | "/documents/find" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:13:10:13:26 | "/documents/find" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:13:10:13:26 | "/documents/find" | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:13:10:13:26 | "/documents/find" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:13:10:13:26 | "/documents/find" | Xss | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:13:10:13:26 | "/documents/find" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:13:10:13:26 | "/documents/find" | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:13:29:19:1 | (req, r ... ery);\\n} | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:13:29:19:1 | (req, r ... ery);\\n} | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:13:29:19:1 | (req, r ... ery);\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:13:29:19:1 | (req, r ... ery);\\n} | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:13:29:19:1 | (req, r ... ery);\\n} | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:13:29:19:1 | (req, r ... ery);\\n} | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:13:29:19:1 | (req, r ... ery);\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:13:29:19:1 | (req, r ... ery);\\n} | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:13:29:19:1 | (req, r ... ery);\\n} | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:13:29:19:1 | (req, r ... ery);\\n} | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:13:29:19:1 | (req, r ... ery);\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:13:29:19:1 | (req, r ... ery);\\n} | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:13:29:19:1 | (req, r ... ery);\\n} | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:13:29:19:1 | (req, r ... ery);\\n} | Xss | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:13:29:19:1 | (req, r ... ery);\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:13:29:19:1 | (req, r ... ery);\\n} | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:14:17:14:18 | {} | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:14:17:14:18 | {} | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:14:17:14:18 | {} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:14:17:14:18 | {} | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:14:17:14:18 | {} | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:14:17:14:18 | {} | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:14:17:14:18 | {} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:14:17:14:18 | {} | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:18:12:18:16 | query | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:18:12:18:16 | query | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:18:12:18:16 | query | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:18:12:18:16 | query | NosqlInjection | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:1:25:1:33 | 'express' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:1:25:1:33 | 'express' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:1:25:1:33 | 'express' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:1:25:1:33 | 'express' | TaintedPath | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:2:25:2:33 | 'mongodb' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:2:25:2:33 | 'mongodb' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:2:25:2:33 | 'mongodb' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:2:25:2:33 | 'mongodb' | TaintedPath | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:3:28:3:40 | 'body-parser' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:3:28:3:40 | 'body-parser' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:3:28:3:40 | 'body-parser' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:3:28:3:40 | 'body-parser' | TaintedPath | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:9:9:9:49 | bodyPar ... true }) | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:9:9:9:49 | bodyPar ... true }) | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:9:9:9:49 | bodyPar ... true }) | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:9:9:9:49 | bodyPar ... true }) | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:9:9:9:49 | bodyPar ... true }) | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:9:9:9:49 | bodyPar ... true }) | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:9:9:9:49 | bodyPar ... true }) | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:9:9:9:49 | bodyPar ... true }) | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:9:9:9:49 | bodyPar ... true }) | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:9:9:9:49 | bodyPar ... true }) | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:9:9:9:49 | bodyPar ... true }) | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:9:9:9:49 | bodyPar ... true }) | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:9:9:9:49 | bodyPar ... true }) | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:9:9:9:49 | bodyPar ... true }) | Xss | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:9:9:9:49 | bodyPar ... true }) | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:9:9:9:49 | bodyPar ... true }) | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:9:31:9:48 | { extended: true } | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:9:31:9:48 | { extended: true } | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:9:31:9:48 | { extended: true } | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:9:31:9:48 | { extended: true } | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:9:31:9:48 | { extended: true } | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:9:31:9:48 | { extended: true } | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:9:31:9:48 | { extended: true } | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:9:31:9:48 | { extended: true } | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:9:31:9:48 | { extended: true } | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:9:31:9:48 | { extended: true } | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:9:31:9:48 | { extended: true } | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:9:31:9:48 | { extended: true } | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:9:31:9:48 | { extended: true } | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:9:31:9:48 | { extended: true } | Xss | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:9:31:9:48 | { extended: true } | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:9:31:9:48 | { extended: true } | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:9:43:9:46 | true | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:9:43:9:46 | true | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:9:43:9:46 | true | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:9:43:9:46 | true | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:9:43:9:46 | true | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:9:43:9:46 | true | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:9:43:9:46 | true | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:9:43:9:46 | true | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:9:43:9:46 | true | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:9:43:9:46 | true | Xss | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:9:43:9:46 | true | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:9:43:9:46 | true | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:11:10:11:26 | '/documents/find' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:11:10:11:26 | '/documents/find' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:11:10:11:26 | '/documents/find' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:11:10:11:26 | '/documents/find' | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:11:10:11:26 | '/documents/find' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:11:10:11:26 | '/documents/find' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:11:10:11:26 | '/documents/find' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:11:10:11:26 | '/documents/find' | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:11:10:11:26 | '/documents/find' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:11:10:11:26 | '/documents/find' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:11:10:11:26 | '/documents/find' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:11:10:11:26 | '/documents/find' | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:11:10:11:26 | '/documents/find' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:11:10:11:26 | '/documents/find' | Xss | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:11:10:11:26 | '/documents/find' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:11:10:11:26 | '/documents/find' | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:11:29:35:1 | (req, r ... });\\n} | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:11:29:35:1 | (req, r ... });\\n} | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:11:29:35:1 | (req, r ... });\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:11:29:35:1 | (req, r ... });\\n} | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:11:29:35:1 | (req, r ... });\\n} | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:11:29:35:1 | (req, r ... });\\n} | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:11:29:35:1 | (req, r ... });\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:11:29:35:1 | (req, r ... });\\n} | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:11:29:35:1 | (req, r ... });\\n} | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:11:29:35:1 | (req, r ... });\\n} | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:11:29:35:1 | (req, r ... });\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:11:29:35:1 | (req, r ... });\\n} | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:11:29:35:1 | (req, r ... });\\n} | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:11:29:35:1 | (req, r ... });\\n} | Xss | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:11:29:35:1 | (req, r ... });\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:11:29:35:1 | (req, r ... });\\n} | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:12:19:12:20 | {} | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:12:19:12:20 | {} | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:12:19:12:20 | {} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:12:19:12:20 | {} | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:12:19:12:20 | {} | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:12:19:12:20 | {} | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:12:19:12:20 | {} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:12:19:12:20 | {} | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:14:25:14:56 | 'mongod ... 7/test' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:14:25:14:56 | 'mongod ... 7/test' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:14:25:14:56 | 'mongod ... 7/test' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:14:25:14:56 | 'mongod ... 7/test' | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:14:25:14:56 | 'mongod ... 7/test' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:14:25:14:56 | 'mongod ... 7/test' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:14:25:14:56 | 'mongod ... 7/test' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:14:25:14:56 | 'mongod ... 7/test' | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:14:25:14:56 | 'mongod ... 7/test' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:14:25:14:56 | 'mongod ... 7/test' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:14:25:14:56 | 'mongod ... 7/test' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:14:25:14:56 | 'mongod ... 7/test' | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:14:25:14:56 | 'mongod ... 7/test' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:14:25:14:56 | 'mongod ... 7/test' | Xss | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:14:25:14:56 | 'mongod ... 7/test' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:14:25:14:56 | 'mongod ... 7/test' | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:14:59:34:5 | (err, d ... }\\n } | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:14:59:34:5 | (err, d ... }\\n } | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:14:59:34:5 | (err, d ... }\\n } | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:14:59:34:5 | (err, d ... }\\n } | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:14:59:34:5 | (err, d ... }\\n } | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:14:59:34:5 | (err, d ... }\\n } | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:14:59:34:5 | (err, d ... }\\n } | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:14:59:34:5 | (err, d ... }\\n } | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:14:59:34:5 | (err, d ... }\\n } | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:14:59:34:5 | (err, d ... }\\n } | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:14:59:34:5 | (err, d ... }\\n } | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:14:59:34:5 | (err, d ... }\\n } | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:14:59:34:5 | (err, d ... }\\n } | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:14:59:34:5 | (err, d ... }\\n } | Xss | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:14:59:34:5 | (err, d ... }\\n } | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:14:59:34:5 | (err, d ... }\\n } | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:15:31:15:35 | 'doc' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:15:31:15:35 | 'doc' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:15:31:15:35 | 'doc' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:15:31:15:35 | 'doc' | NosqlInjection | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:15:31:15:35 | 'doc' | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:15:31:15:35 | 'doc' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:15:31:15:35 | 'doc' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:15:31:15:35 | 'doc' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:15:31:15:35 | 'doc' | SqlInjection | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:15:31:15:35 | 'doc' | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:15:31:15:35 | 'doc' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:15:31:15:35 | 'doc' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:15:31:15:35 | 'doc' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:15:31:15:35 | 'doc' | TaintedPath | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:15:31:15:35 | 'doc' | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:15:31:15:35 | 'doc' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:15:31:15:35 | 'doc' | Xss | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:15:31:15:35 | 'doc' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:15:31:15:35 | 'doc' | Xss | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:15:31:15:35 | 'doc' | Xss | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:18:16:18:20 | query | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:18:16:18:20 | query | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:18:16:18:20 | query | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:18:16:18:20 | query | NosqlInjection | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:21:16:21:47 | { title ... title } | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:21:16:21:47 | { title ... title } | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:21:16:21:47 | { title ... title } | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:21:16:21:47 | { title ... title } | NosqlInjection | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:21:25:21:45 | '' + qu ... y.title | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:21:25:21:45 | '' + qu ... y.title | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:21:25:21:45 | '' + qu ... y.title | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:21:25:21:45 | '' + qu ... y.title | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:21:25:21:45 | '' + qu ... y.title | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:21:25:21:45 | '' + qu ... y.title | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:21:25:21:45 | '' + qu ... y.title | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:21:25:21:45 | '' + qu ... y.title | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:21:25:21:45 | '' + qu ... y.title | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:21:25:21:45 | '' + qu ... y.title | Xss | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:21:25:21:45 | '' + qu ... y.title | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:21:25:21:45 | '' + qu ... y.title | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:24:16:24:52 | { title ... tr(1) } | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:24:16:24:52 | { title ... tr(1) } | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:24:16:24:52 | { title ... tr(1) } | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:24:16:24:52 | { title ... tr(1) } | NosqlInjection | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:24:25:24:50 | query.b ... bstr(1) | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:24:25:24:50 | query.b ... bstr(1) | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:24:25:24:50 | query.b ... bstr(1) | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:24:25:24:50 | query.b ... bstr(1) | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:24:25:24:50 | query.b ... bstr(1) | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:24:25:24:50 | query.b ... bstr(1) | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:24:25:24:50 | query.b ... bstr(1) | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:24:25:24:50 | query.b ... bstr(1) | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:24:25:24:50 | query.b ... bstr(1) | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:24:25:24:50 | query.b ... bstr(1) | Xss | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:24:25:24:50 | query.b ... bstr(1) | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:24:25:24:50 | query.b ... bstr(1) | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:24:49:24:49 | 1 | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:24:49:24:49 | 1 | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:24:49:24:49 | 1 | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:24:49:24:49 | 1 | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:24:49:24:49 | 1 | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:24:49:24:49 | 1 | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:24:49:24:49 | 1 | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:24:49:24:49 | 1 | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:24:49:24:49 | 1 | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:24:49:24:49 | 1 | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:24:49:24:49 | 1 | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:24:49:24:49 | 1 | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:24:49:24:49 | 1 | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:24:49:24:49 | 1 | Xss | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:24:49:24:49 | 1 | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:24:49:24:49 | 1 | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:29:18:29:33 | { title: title } | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:29:18:29:33 | { title: title } | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:29:18:29:33 | { title: title } | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:29:18:29:33 | { title: title } | NosqlInjection | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:29:27:29:31 | title | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:29:27:29:31 | title | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:29:27:29:31 | title | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:29:27:29:31 | title | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:29:27:29:31 | title | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:29:27:29:31 | title | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:29:27:29:31 | title | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:29:27:29:31 | title | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:29:27:29:31 | title | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:29:27:29:31 | title | Xss | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:29:27:29:31 | title | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:29:27:29:31 | title | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:32:18:32:45 | { title ... itle) } | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:32:18:32:45 | { title ... itle) } | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:32:18:32:45 | { title ... itle) } | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:32:18:32:45 | { title ... itle) } | NosqlInjection | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:32:27:32:43 | JSON.parse(title) | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:32:27:32:43 | JSON.parse(title) | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:32:27:32:43 | JSON.parse(title) | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:32:27:32:43 | JSON.parse(title) | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:32:27:32:43 | JSON.parse(title) | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:32:27:32:43 | JSON.parse(title) | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:32:27:32:43 | JSON.parse(title) | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:32:27:32:43 | JSON.parse(title) | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:32:27:32:43 | JSON.parse(title) | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:32:27:32:43 | JSON.parse(title) | Xss | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:32:27:32:43 | JSON.parse(title) | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:32:27:32:43 | JSON.parse(title) | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:37:9:37:14 | '/:id' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:37:9:37:14 | '/:id' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:37:9:37:14 | '/:id' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:37:9:37:14 | '/:id' | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:37:9:37:14 | '/:id' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:37:9:37:14 | '/:id' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:37:9:37:14 | '/:id' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:37:9:37:14 | '/:id' | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:37:9:37:14 | '/:id' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:37:9:37:14 | '/:id' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:37:9:37:14 | '/:id' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:37:9:37:14 | '/:id' | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:37:9:37:14 | '/:id' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:37:9:37:14 | '/:id' | Xss | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:37:9:37:14 | '/:id' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:37:9:37:14 | '/:id' | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:37:17:45:1 | (req, r ... });\\n} | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:37:17:45:1 | (req, r ... });\\n} | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:37:17:45:1 | (req, r ... });\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:37:17:45:1 | (req, r ... });\\n} | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:37:17:45:1 | (req, r ... });\\n} | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:37:17:45:1 | (req, r ... });\\n} | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:37:17:45:1 | (req, r ... });\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:37:17:45:1 | (req, r ... });\\n} | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:37:17:45:1 | (req, r ... });\\n} | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:37:17:45:1 | (req, r ... });\\n} | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:37:17:45:1 | (req, r ... });\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:37:17:45:1 | (req, r ... });\\n} | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:37:17:45:1 | (req, r ... });\\n} | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:37:17:45:1 | (req, r ... });\\n} | Xss | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:37:17:45:1 | (req, r ... });\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:37:17:45:1 | (req, r ... });\\n} | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:38:17:38:36 | { id: req.param.id } | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:38:17:38:36 | { id: req.param.id } | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:38:17:38:36 | { id: req.param.id } | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:38:17:38:36 | { id: req.param.id } | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:38:17:38:36 | { id: req.param.id } | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:38:17:38:36 | { id: req.param.id } | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:38:17:38:36 | { id: req.param.id } | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:38:17:38:36 | { id: req.param.id } | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:39:25:39:56 | 'mongod ... 7/test' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:39:25:39:56 | 'mongod ... 7/test' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:39:25:39:56 | 'mongod ... 7/test' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:39:25:39:56 | 'mongod ... 7/test' | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:39:25:39:56 | 'mongod ... 7/test' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:39:25:39:56 | 'mongod ... 7/test' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:39:25:39:56 | 'mongod ... 7/test' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:39:25:39:56 | 'mongod ... 7/test' | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:39:25:39:56 | 'mongod ... 7/test' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:39:25:39:56 | 'mongod ... 7/test' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:39:25:39:56 | 'mongod ... 7/test' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:39:25:39:56 | 'mongod ... 7/test' | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:39:25:39:56 | 'mongod ... 7/test' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:39:25:39:56 | 'mongod ... 7/test' | Xss | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:39:25:39:56 | 'mongod ... 7/test' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:39:25:39:56 | 'mongod ... 7/test' | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:39:59:44:5 | (err, d ... ;\\n } | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:39:59:44:5 | (err, d ... ;\\n } | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:39:59:44:5 | (err, d ... ;\\n } | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:39:59:44:5 | (err, d ... ;\\n } | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:39:59:44:5 | (err, d ... ;\\n } | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:39:59:44:5 | (err, d ... ;\\n } | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:39:59:44:5 | (err, d ... ;\\n } | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:39:59:44:5 | (err, d ... ;\\n } | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:39:59:44:5 | (err, d ... ;\\n } | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:39:59:44:5 | (err, d ... ;\\n } | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:39:59:44:5 | (err, d ... ;\\n } | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:39:59:44:5 | (err, d ... ;\\n } | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:39:59:44:5 | (err, d ... ;\\n } | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:39:59:44:5 | (err, d ... ;\\n } | Xss | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:39:59:44:5 | (err, d ... ;\\n } | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:39:59:44:5 | (err, d ... ;\\n } | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:40:31:40:35 | 'doc' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:40:31:40:35 | 'doc' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:40:31:40:35 | 'doc' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:40:31:40:35 | 'doc' | NosqlInjection | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:40:31:40:35 | 'doc' | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:40:31:40:35 | 'doc' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:40:31:40:35 | 'doc' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:40:31:40:35 | 'doc' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:40:31:40:35 | 'doc' | SqlInjection | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:40:31:40:35 | 'doc' | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:40:31:40:35 | 'doc' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:40:31:40:35 | 'doc' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:40:31:40:35 | 'doc' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:40:31:40:35 | 'doc' | TaintedPath | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:40:31:40:35 | 'doc' | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:40:31:40:35 | 'doc' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:40:31:40:35 | 'doc' | Xss | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:40:31:40:35 | 'doc' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:40:31:40:35 | 'doc' | Xss | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:40:31:40:35 | 'doc' | Xss | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:43:16:43:20 | query | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:43:16:43:20 | query | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:43:16:43:20 | query | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:43:16:43:20 | query | NosqlInjection | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:47:10:47:26 | '/documents/find' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:47:10:47:26 | '/documents/find' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:47:10:47:26 | '/documents/find' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:47:10:47:26 | '/documents/find' | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:47:10:47:26 | '/documents/find' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:47:10:47:26 | '/documents/find' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:47:10:47:26 | '/documents/find' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:47:10:47:26 | '/documents/find' | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:47:10:47:26 | '/documents/find' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:47:10:47:26 | '/documents/find' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:47:10:47:26 | '/documents/find' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:47:10:47:26 | '/documents/find' | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:47:10:47:26 | '/documents/find' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:47:10:47:26 | '/documents/find' | Xss | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:47:10:47:26 | '/documents/find' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:47:10:47:26 | '/documents/find' | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:47:29:56:1 | (req, r ... });\\n} | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:47:29:56:1 | (req, r ... });\\n} | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:47:29:56:1 | (req, r ... });\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:47:29:56:1 | (req, r ... });\\n} | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:47:29:56:1 | (req, r ... });\\n} | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:47:29:56:1 | (req, r ... });\\n} | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:47:29:56:1 | (req, r ... });\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:47:29:56:1 | (req, r ... });\\n} | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:47:29:56:1 | (req, r ... });\\n} | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:47:29:56:1 | (req, r ... });\\n} | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:47:29:56:1 | (req, r ... });\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:47:29:56:1 | (req, r ... });\\n} | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:47:29:56:1 | (req, r ... });\\n} | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:47:29:56:1 | (req, r ... });\\n} | Xss | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:47:29:56:1 | (req, r ... });\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:47:29:56:1 | (req, r ... });\\n} | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:48:19:48:20 | {} | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:48:19:48:20 | {} | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:48:19:48:20 | {} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:48:19:48:20 | {} | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:48:19:48:20 | {} | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:48:19:48:20 | {} | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:48:19:48:20 | {} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:48:19:48:20 | {} | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:50:25:50:56 | 'mongod ... 7/test' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:50:25:50:56 | 'mongod ... 7/test' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:50:25:50:56 | 'mongod ... 7/test' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:50:25:50:56 | 'mongod ... 7/test' | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:50:25:50:56 | 'mongod ... 7/test' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:50:25:50:56 | 'mongod ... 7/test' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:50:25:50:56 | 'mongod ... 7/test' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:50:25:50:56 | 'mongod ... 7/test' | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:50:25:50:56 | 'mongod ... 7/test' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:50:25:50:56 | 'mongod ... 7/test' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:50:25:50:56 | 'mongod ... 7/test' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:50:25:50:56 | 'mongod ... 7/test' | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:50:25:50:56 | 'mongod ... 7/test' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:50:25:50:56 | 'mongod ... 7/test' | Xss | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:50:25:50:56 | 'mongod ... 7/test' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:50:25:50:56 | 'mongod ... 7/test' | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:50:59:55:5 | (err, d ... ;\\n } | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:50:59:55:5 | (err, d ... ;\\n } | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:50:59:55:5 | (err, d ... ;\\n } | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:50:59:55:5 | (err, d ... ;\\n } | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:50:59:55:5 | (err, d ... ;\\n } | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:50:59:55:5 | (err, d ... ;\\n } | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:50:59:55:5 | (err, d ... ;\\n } | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:50:59:55:5 | (err, d ... ;\\n } | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:50:59:55:5 | (err, d ... ;\\n } | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:50:59:55:5 | (err, d ... ;\\n } | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:50:59:55:5 | (err, d ... ;\\n } | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:50:59:55:5 | (err, d ... ;\\n } | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:50:59:55:5 | (err, d ... ;\\n } | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:50:59:55:5 | (err, d ... ;\\n } | Xss | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:50:59:55:5 | (err, d ... ;\\n } | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:50:59:55:5 | (err, d ... ;\\n } | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:51:31:51:35 | 'doc' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:51:31:51:35 | 'doc' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:51:31:51:35 | 'doc' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:51:31:51:35 | 'doc' | NosqlInjection | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:51:31:51:35 | 'doc' | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:51:31:51:35 | 'doc' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:51:31:51:35 | 'doc' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:51:31:51:35 | 'doc' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:51:31:51:35 | 'doc' | SqlInjection | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:51:31:51:35 | 'doc' | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:51:31:51:35 | 'doc' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:51:31:51:35 | 'doc' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:51:31:51:35 | 'doc' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:51:31:51:35 | 'doc' | TaintedPath | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:51:31:51:35 | 'doc' | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:51:31:51:35 | 'doc' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:51:31:51:35 | 'doc' | Xss | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:51:31:51:35 | 'doc' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:51:31:51:35 | 'doc' | Xss | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:51:31:51:35 | 'doc' | Xss | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:54:16:54:20 | query | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:54:16:54:20 | query | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:54:16:54:20 | query | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:54:16:54:20 | query | NosqlInjection | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:58:10:58:26 | '/documents/find' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:58:10:58:26 | '/documents/find' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:58:10:58:26 | '/documents/find' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:58:10:58:26 | '/documents/find' | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:58:10:58:26 | '/documents/find' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:58:10:58:26 | '/documents/find' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:58:10:58:26 | '/documents/find' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:58:10:58:26 | '/documents/find' | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:58:10:58:26 | '/documents/find' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:58:10:58:26 | '/documents/find' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:58:10:58:26 | '/documents/find' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:58:10:58:26 | '/documents/find' | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:58:10:58:26 | '/documents/find' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:58:10:58:26 | '/documents/find' | Xss | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:58:10:58:26 | '/documents/find' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:58:10:58:26 | '/documents/find' | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:58:29:67:1 | (req, r ... \\n\\t});\\n} | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:58:29:67:1 | (req, r ... \\n\\t});\\n} | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:58:29:67:1 | (req, r ... \\n\\t});\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:58:29:67:1 | (req, r ... \\n\\t});\\n} | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:58:29:67:1 | (req, r ... \\n\\t});\\n} | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:58:29:67:1 | (req, r ... \\n\\t});\\n} | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:58:29:67:1 | (req, r ... \\n\\t});\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:58:29:67:1 | (req, r ... \\n\\t});\\n} | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:58:29:67:1 | (req, r ... \\n\\t});\\n} | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:58:29:67:1 | (req, r ... \\n\\t});\\n} | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:58:29:67:1 | (req, r ... \\n\\t});\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:58:29:67:1 | (req, r ... \\n\\t});\\n} | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:58:29:67:1 | (req, r ... \\n\\t});\\n} | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:58:29:67:1 | (req, r ... \\n\\t});\\n} | Xss | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:58:29:67:1 | (req, r ... \\n\\t});\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:58:29:67:1 | (req, r ... \\n\\t});\\n} | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:59:16:59:17 | {} | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:59:16:59:17 | {} | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:59:16:59:17 | {} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:59:16:59:17 | {} | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:59:16:59:17 | {} | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:59:16:59:17 | {} | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:59:16:59:17 | {} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:59:16:59:17 | {} | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:61:22:61:53 | 'mongod ... 7/test' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:61:22:61:53 | 'mongod ... 7/test' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:61:22:61:53 | 'mongod ... 7/test' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:61:22:61:53 | 'mongod ... 7/test' | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:61:22:61:53 | 'mongod ... 7/test' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:61:22:61:53 | 'mongod ... 7/test' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:61:22:61:53 | 'mongod ... 7/test' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:61:22:61:53 | 'mongod ... 7/test' | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:61:22:61:53 | 'mongod ... 7/test' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:61:22:61:53 | 'mongod ... 7/test' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:61:22:61:53 | 'mongod ... 7/test' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:61:22:61:53 | 'mongod ... 7/test' | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:61:22:61:53 | 'mongod ... 7/test' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:61:22:61:53 | 'mongod ... 7/test' | Xss | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:61:22:61:53 | 'mongod ... 7/test' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:61:22:61:53 | 'mongod ... 7/test' | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:61:56:66:2 | (err, c ... ry);\\n\\t} | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:61:56:66:2 | (err, c ... ry);\\n\\t} | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:61:56:66:2 | (err, c ... ry);\\n\\t} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:61:56:66:2 | (err, c ... ry);\\n\\t} | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:61:56:66:2 | (err, c ... ry);\\n\\t} | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:61:56:66:2 | (err, c ... ry);\\n\\t} | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:61:56:66:2 | (err, c ... ry);\\n\\t} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:61:56:66:2 | (err, c ... ry);\\n\\t} | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:61:56:66:2 | (err, c ... ry);\\n\\t} | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:61:56:66:2 | (err, c ... ry);\\n\\t} | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:61:56:66:2 | (err, c ... ry);\\n\\t} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:61:56:66:2 | (err, c ... ry);\\n\\t} | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:61:56:66:2 | (err, c ... ry);\\n\\t} | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:61:56:66:2 | (err, c ... ry);\\n\\t} | Xss | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:61:56:66:2 | (err, c ... ry);\\n\\t} | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:61:56:66:2 | (err, c ... ry);\\n\\t} | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:62:23:62:30 | "MASTER" | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:62:23:62:30 | "MASTER" | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:62:23:62:30 | "MASTER" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:62:23:62:30 | "MASTER" | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:62:23:62:30 | "MASTER" | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:62:23:62:30 | "MASTER" | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:62:23:62:30 | "MASTER" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:62:23:62:30 | "MASTER" | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:62:23:62:30 | "MASTER" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:62:23:62:30 | "MASTER" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:62:23:62:30 | "MASTER" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:62:23:62:30 | "MASTER" | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:62:23:62:30 | "MASTER" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:62:23:62:30 | "MASTER" | Xss | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:62:23:62:30 | "MASTER" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:62:23:62:30 | "MASTER" | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:62:44:62:48 | 'doc' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:62:44:62:48 | 'doc' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:62:44:62:48 | 'doc' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:62:44:62:48 | 'doc' | NosqlInjection | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:62:44:62:48 | 'doc' | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:62:44:62:48 | 'doc' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:62:44:62:48 | 'doc' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:62:44:62:48 | 'doc' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:62:44:62:48 | 'doc' | SqlInjection | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:62:44:62:48 | 'doc' | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:62:44:62:48 | 'doc' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:62:44:62:48 | 'doc' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:62:44:62:48 | 'doc' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:62:44:62:48 | 'doc' | TaintedPath | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:62:44:62:48 | 'doc' | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:62:44:62:48 | 'doc' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:62:44:62:48 | 'doc' | Xss | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:62:44:62:48 | 'doc' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:62:44:62:48 | 'doc' | Xss | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:62:44:62:48 | 'doc' | Xss | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:65:12:65:16 | query | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:65:12:65:16 | query | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:65:12:65:16 | query | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:65:12:65:16 | query | NosqlInjection | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:69:10:69:29 | "/logs/count-by-tag" | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:69:10:69:29 | "/logs/count-by-tag" | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:69:10:69:29 | "/logs/count-by-tag" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:69:10:69:29 | "/logs/count-by-tag" | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:69:10:69:29 | "/logs/count-by-tag" | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:69:10:69:29 | "/logs/count-by-tag" | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:69:10:69:29 | "/logs/count-by-tag" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:69:10:69:29 | "/logs/count-by-tag" | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:69:10:69:29 | "/logs/count-by-tag" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:69:10:69:29 | "/logs/count-by-tag" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:69:10:69:29 | "/logs/count-by-tag" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:69:10:69:29 | "/logs/count-by-tag" | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:69:10:69:29 | "/logs/count-by-tag" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:69:10:69:29 | "/logs/count-by-tag" | Xss | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:69:10:69:29 | "/logs/count-by-tag" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:69:10:69:29 | "/logs/count-by-tag" | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:69:32:86:1 | (req, r ... g });\\n} | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:69:32:86:1 | (req, r ... g });\\n} | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:69:32:86:1 | (req, r ... g });\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:69:32:86:1 | (req, r ... g });\\n} | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:69:32:86:1 | (req, r ... g });\\n} | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:69:32:86:1 | (req, r ... g });\\n} | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:69:32:86:1 | (req, r ... g });\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:69:32:86:1 | (req, r ... g });\\n} | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:69:32:86:1 | (req, r ... g });\\n} | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:69:32:86:1 | (req, r ... g });\\n} | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:69:32:86:1 | (req, r ... g });\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:69:32:86:1 | (req, r ... g });\\n} | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:69:32:86:1 | (req, r ... g });\\n} | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:69:32:86:1 | (req, r ... g });\\n} | Xss | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:69:32:86:1 | (req, r ... g });\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:69:32:86:1 | (req, r ... g });\\n} | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:72:23:72:40 | process.env.DB_URL | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:72:23:72:40 | process.env.DB_URL | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:72:23:72:40 | process.env.DB_URL | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:72:23:72:40 | process.env.DB_URL | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:72:23:72:40 | process.env.DB_URL | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:72:23:72:40 | process.env.DB_URL | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:72:23:72:40 | process.env.DB_URL | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:72:23:72:40 | process.env.DB_URL | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:72:23:72:40 | process.env.DB_URL | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:72:23:72:40 | process.env.DB_URL | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:72:23:72:40 | process.env.DB_URL | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:72:23:72:40 | process.env.DB_URL | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:72:23:72:40 | process.env.DB_URL | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:72:23:72:40 | process.env.DB_URL | Xss | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:72:23:72:40 | process.env.DB_URL | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:72:23:72:40 | process.env.DB_URL | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:72:43:72:44 | {} | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:72:43:72:44 | {} | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:72:43:72:44 | {} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:72:43:72:44 | {} | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:72:43:72:44 | {} | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:72:43:72:44 | {} | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:72:43:72:44 | {} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:72:43:72:44 | {} | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:72:43:72:44 | {} | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:72:43:72:44 | {} | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:72:43:72:44 | {} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:72:43:72:44 | {} | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:72:43:72:44 | {} | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:72:43:72:44 | {} | Xss | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:72:43:72:44 | {} | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:72:43:72:44 | {} | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:72:47:78:3 | (err, c ... });\\n } | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:72:47:78:3 | (err, c ... });\\n } | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:72:47:78:3 | (err, c ... });\\n } | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:72:47:78:3 | (err, c ... });\\n } | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:72:47:78:3 | (err, c ... });\\n } | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:72:47:78:3 | (err, c ... });\\n } | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:72:47:78:3 | (err, c ... });\\n } | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:72:47:78:3 | (err, c ... });\\n } | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:72:47:78:3 | (err, c ... });\\n } | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:72:47:78:3 | (err, c ... });\\n } | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:72:47:78:3 | (err, c ... });\\n } | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:72:47:78:3 | (err, c ... });\\n } | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:72:47:78:3 | (err, c ... });\\n } | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:72:47:78:3 | (err, c ... });\\n } | Xss | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:72:47:78:3 | (err, c ... });\\n } | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:72:47:78:3 | (err, c ... });\\n } | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:74:11:74:29 | process.env.DB_NAME | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:74:11:74:29 | process.env.DB_NAME | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:74:11:74:29 | process.env.DB_NAME | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:74:11:74:29 | process.env.DB_NAME | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:74:11:74:29 | process.env.DB_NAME | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:74:11:74:29 | process.env.DB_NAME | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:74:11:74:29 | process.env.DB_NAME | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:74:11:74:29 | process.env.DB_NAME | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:74:11:74:29 | process.env.DB_NAME | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:74:11:74:29 | process.env.DB_NAME | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:74:11:74:29 | process.env.DB_NAME | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:74:11:74:29 | process.env.DB_NAME | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:74:11:74:29 | process.env.DB_NAME | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:74:11:74:29 | process.env.DB_NAME | Xss | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:74:11:74:29 | process.env.DB_NAME | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:74:11:74:29 | process.env.DB_NAME | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:75:19:75:24 | "logs" | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:75:19:75:24 | "logs" | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:75:19:75:24 | "logs" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:75:19:75:24 | "logs" | NosqlInjection | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:75:19:75:24 | "logs" | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:75:19:75:24 | "logs" | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:75:19:75:24 | "logs" | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:75:19:75:24 | "logs" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:75:19:75:24 | "logs" | SqlInjection | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:75:19:75:24 | "logs" | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:75:19:75:24 | "logs" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:75:19:75:24 | "logs" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:75:19:75:24 | "logs" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:75:19:75:24 | "logs" | TaintedPath | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:75:19:75:24 | "logs" | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:75:19:75:24 | "logs" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:75:19:75:24 | "logs" | Xss | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:75:19:75:24 | "logs" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:75:19:75:24 | "logs" | Xss | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:75:19:75:24 | "logs" | Xss | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:77:14:77:26 | { tags: tag } | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:77:14:77:26 | { tags: tag } | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:77:14:77:26 | { tags: tag } | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:77:14:77:26 | { tags: tag } | NosqlInjection | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:77:22:77:24 | tag | SqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:77:22:77:24 | tag | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:77:22:77:24 | tag | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:77:22:77:24 | tag | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:77:22:77:24 | tag | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:77:22:77:24 | tag | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:77:22:77:24 | tag | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:77:22:77:24 | tag | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:77:22:77:24 | tag | Xss | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:77:22:77:24 | tag | Xss | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:77:22:77:24 | tag | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:77:22:77:24 | tag | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:80:29:80:38 | "./dbo.js" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:80:29:80:38 | "./dbo.js" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:80:29:80:38 | "./dbo.js" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:80:29:80:38 | "./dbo.js" | TaintedPath | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:83:17:83:22 | "logs" | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:83:17:83:22 | "logs" | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:83:17:83:22 | "logs" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:83:17:83:22 | "logs" | NosqlInjection | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:83:17:83:22 | "logs" | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:83:17:83:22 | "logs" | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:83:17:83:22 | "logs" | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:83:17:83:22 | "logs" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:83:17:83:22 | "logs" | SqlInjection | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:83:17:83:22 | "logs" | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:83:17:83:22 | "logs" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:83:17:83:22 | "logs" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:83:17:83:22 | "logs" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:83:17:83:22 | "logs" | TaintedPath | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:83:17:83:22 | "logs" | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:83:17:83:22 | "logs" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:83:17:83:22 | "logs" | Xss | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:83:17:83:22 | "logs" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:83:17:83:22 | "logs" | Xss | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:83:17:83:22 | "logs" | Xss | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:85:12:85:24 | { tags: tag } | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:85:12:85:24 | { tags: tag } | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:85:12:85:24 | { tags: tag } | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:85:12:85:24 | { tags: tag } | NosqlInjection | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:85:20:85:22 | tag | SqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:85:20:85:22 | tag | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:85:20:85:22 | tag | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:85:20:85:22 | tag | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:85:20:85:22 | tag | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:85:20:85:22 | tag | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:85:20:85:22 | tag | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:85:20:85:22 | tag | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:85:20:85:22 | tag | Xss | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:85:20:85:22 | tag | Xss | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:85:20:85:22 | tag | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:85:20:85:22 | tag | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:89:9:89:14 | '/:id' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:89:9:89:14 | '/:id' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:89:9:89:14 | '/:id' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:89:9:89:14 | '/:id' | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:89:9:89:14 | '/:id' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:89:9:89:14 | '/:id' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:89:9:89:14 | '/:id' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:89:9:89:14 | '/:id' | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:89:9:89:14 | '/:id' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:89:9:89:14 | '/:id' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:89:9:89:14 | '/:id' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:89:9:89:14 | '/:id' | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:89:9:89:14 | '/:id' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:89:9:89:14 | '/:id' | Xss | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:89:9:89:14 | '/:id' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:89:9:89:14 | '/:id' | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:89:17:91:1 | (req, r ... ram);\\n} | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:89:17:91:1 | (req, r ... ram);\\n} | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:89:17:91:1 | (req, r ... ram);\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:89:17:91:1 | (req, r ... ram);\\n} | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:89:17:91:1 | (req, r ... ram);\\n} | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:89:17:91:1 | (req, r ... ram);\\n} | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:89:17:91:1 | (req, r ... ram);\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:89:17:91:1 | (req, r ... ram);\\n} | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:89:17:91:1 | (req, r ... ram);\\n} | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:89:17:91:1 | (req, r ... ram);\\n} | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:89:17:91:1 | (req, r ... ram);\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:89:17:91:1 | (req, r ... ram);\\n} | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:89:17:91:1 | (req, r ... ram);\\n} | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:89:17:91:1 | (req, r ... ram);\\n} | Xss | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:89:17:91:1 | (req, r ... ram);\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:89:17:91:1 | (req, r ... ram);\\n} | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:93:15:93:31 | { id: params.id } | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:93:15:93:31 | { id: params.id } | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:93:15:93:31 | { id: params.id } | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:93:15:93:31 | { id: params.id } | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:93:15:93:31 | { id: params.id } | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:93:15:93:31 | { id: params.id } | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:93:15:93:31 | { id: params.id } | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:93:15:93:31 | { id: params.id } | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:94:23:94:54 | 'mongod ... 7/test' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:94:23:94:54 | 'mongod ... 7/test' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:94:23:94:54 | 'mongod ... 7/test' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:94:23:94:54 | 'mongod ... 7/test' | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:94:23:94:54 | 'mongod ... 7/test' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:94:23:94:54 | 'mongod ... 7/test' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:94:23:94:54 | 'mongod ... 7/test' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:94:23:94:54 | 'mongod ... 7/test' | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:94:23:94:54 | 'mongod ... 7/test' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:94:23:94:54 | 'mongod ... 7/test' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:94:23:94:54 | 'mongod ... 7/test' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:94:23:94:54 | 'mongod ... 7/test' | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:94:23:94:54 | 'mongod ... 7/test' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:94:23:94:54 | 'mongod ... 7/test' | Xss | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:94:23:94:54 | 'mongod ... 7/test' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:94:23:94:54 | 'mongod ... 7/test' | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:94:57:99:3 | (err, d ... y);\\n } | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:94:57:99:3 | (err, d ... y);\\n } | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:94:57:99:3 | (err, d ... y);\\n } | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:94:57:99:3 | (err, d ... y);\\n } | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:94:57:99:3 | (err, d ... y);\\n } | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:94:57:99:3 | (err, d ... y);\\n } | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:94:57:99:3 | (err, d ... y);\\n } | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:94:57:99:3 | (err, d ... y);\\n } | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:94:57:99:3 | (err, d ... y);\\n } | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:94:57:99:3 | (err, d ... y);\\n } | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:94:57:99:3 | (err, d ... y);\\n } | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:94:57:99:3 | (err, d ... y);\\n } | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:94:57:99:3 | (err, d ... y);\\n } | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:94:57:99:3 | (err, d ... y);\\n } | Xss | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:94:57:99:3 | (err, d ... y);\\n } | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:94:57:99:3 | (err, d ... y);\\n } | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:95:29:95:33 | 'doc' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:95:29:95:33 | 'doc' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:95:29:95:33 | 'doc' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:95:29:95:33 | 'doc' | NosqlInjection | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:95:29:95:33 | 'doc' | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:95:29:95:33 | 'doc' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:95:29:95:33 | 'doc' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:95:29:95:33 | 'doc' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:95:29:95:33 | 'doc' | SqlInjection | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:95:29:95:33 | 'doc' | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:95:29:95:33 | 'doc' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:95:29:95:33 | 'doc' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:95:29:95:33 | 'doc' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:95:29:95:33 | 'doc' | TaintedPath | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:95:29:95:33 | 'doc' | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:95:29:95:33 | 'doc' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:95:29:95:33 | 'doc' | Xss | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:95:29:95:33 | 'doc' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:95:29:95:33 | 'doc' | Xss | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:95:29:95:33 | 'doc' | Xss | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:98:14:98:18 | query | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:98:14:98:18 | query | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:98:14:98:18 | query | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:98:14:98:18 | query | NosqlInjection | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:102:10:102:26 | '/documents/find' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:102:10:102:26 | '/documents/find' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:102:10:102:26 | '/documents/find' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:102:10:102:26 | '/documents/find' | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:102:10:102:26 | '/documents/find' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:102:10:102:26 | '/documents/find' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:102:10:102:26 | '/documents/find' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:102:10:102:26 | '/documents/find' | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:102:10:102:26 | '/documents/find' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:102:10:102:26 | '/documents/find' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:102:10:102:26 | '/documents/find' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:102:10:102:26 | '/documents/find' | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:102:10:102:26 | '/documents/find' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:102:10:102:26 | '/documents/find' | Xss | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:102:10:102:26 | '/documents/find' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:102:10:102:26 | '/documents/find' | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:102:29:104:1 | (req, r ... ery);\\n} | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:102:29:104:1 | (req, r ... ery);\\n} | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:102:29:104:1 | (req, r ... ery);\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:102:29:104:1 | (req, r ... ery);\\n} | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:102:29:104:1 | (req, r ... ery);\\n} | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:102:29:104:1 | (req, r ... ery);\\n} | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:102:29:104:1 | (req, r ... ery);\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:102:29:104:1 | (req, r ... ery);\\n} | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:102:29:104:1 | (req, r ... ery);\\n} | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:102:29:104:1 | (req, r ... ery);\\n} | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:102:29:104:1 | (req, r ... ery);\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:102:29:104:1 | (req, r ... ery);\\n} | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:102:29:104:1 | (req, r ... ery);\\n} | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:102:29:104:1 | (req, r ... ery);\\n} | Xss | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:102:29:104:1 | (req, r ... ery);\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:102:29:104:1 | (req, r ... ery);\\n} | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:106:17:106:18 | {} | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:106:17:106:18 | {} | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:106:17:106:18 | {} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:106:17:106:18 | {} | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:106:17:106:18 | {} | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:106:17:106:18 | {} | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:106:17:106:18 | {} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:106:17:106:18 | {} | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:108:23:108:54 | 'mongod ... 7/test' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:108:23:108:54 | 'mongod ... 7/test' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:108:23:108:54 | 'mongod ... 7/test' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:108:23:108:54 | 'mongod ... 7/test' | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:108:23:108:54 | 'mongod ... 7/test' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:108:23:108:54 | 'mongod ... 7/test' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:108:23:108:54 | 'mongod ... 7/test' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:108:23:108:54 | 'mongod ... 7/test' | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:108:23:108:54 | 'mongod ... 7/test' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:108:23:108:54 | 'mongod ... 7/test' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:108:23:108:54 | 'mongod ... 7/test' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:108:23:108:54 | 'mongod ... 7/test' | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:108:23:108:54 | 'mongod ... 7/test' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:108:23:108:54 | 'mongod ... 7/test' | Xss | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:108:23:108:54 | 'mongod ... 7/test' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:108:23:108:54 | 'mongod ... 7/test' | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:108:57:113:3 | (err, d ... y);\\n } | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:108:57:113:3 | (err, d ... y);\\n } | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:108:57:113:3 | (err, d ... y);\\n } | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:108:57:113:3 | (err, d ... y);\\n } | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:108:57:113:3 | (err, d ... y);\\n } | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:108:57:113:3 | (err, d ... y);\\n } | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:108:57:113:3 | (err, d ... y);\\n } | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:108:57:113:3 | (err, d ... y);\\n } | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:108:57:113:3 | (err, d ... y);\\n } | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:108:57:113:3 | (err, d ... y);\\n } | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:108:57:113:3 | (err, d ... y);\\n } | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:108:57:113:3 | (err, d ... y);\\n } | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:108:57:113:3 | (err, d ... y);\\n } | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:108:57:113:3 | (err, d ... y);\\n } | Xss | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:108:57:113:3 | (err, d ... y);\\n } | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:108:57:113:3 | (err, d ... y);\\n } | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:109:29:109:33 | 'doc' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:109:29:109:33 | 'doc' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:109:29:109:33 | 'doc' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:109:29:109:33 | 'doc' | NosqlInjection | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:109:29:109:33 | 'doc' | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:109:29:109:33 | 'doc' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:109:29:109:33 | 'doc' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:109:29:109:33 | 'doc' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:109:29:109:33 | 'doc' | SqlInjection | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:109:29:109:33 | 'doc' | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:109:29:109:33 | 'doc' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:109:29:109:33 | 'doc' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:109:29:109:33 | 'doc' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:109:29:109:33 | 'doc' | TaintedPath | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:109:29:109:33 | 'doc' | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:109:29:109:33 | 'doc' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:109:29:109:33 | 'doc' | Xss | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:109:29:109:33 | 'doc' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:109:29:109:33 | 'doc' | Xss | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:109:29:109:33 | 'doc' | Xss | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:112:14:112:18 | query | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:112:14:112:18 | query | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:112:14:112:18 | query | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:112:14:112:18 | query | NosqlInjection | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:1:25:1:33 | 'express' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:1:25:1:33 | 'express' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:1:25:1:33 | 'express' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:1:25:1:33 | 'express' | TaintedPath | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:2:25:2:33 | 'mongodb' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:2:25:2:33 | 'mongodb' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:2:25:2:33 | 'mongodb' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:2:25:2:33 | 'mongodb' | TaintedPath | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:3:28:3:40 | 'body-parser' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:3:28:3:40 | 'body-parser' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:3:28:3:40 | 'body-parser' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:3:28:3:40 | 'body-parser' | TaintedPath | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:9:9:9:50 | bodyPar ... alse }) | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:9:9:9:50 | bodyPar ... alse }) | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:9:9:9:50 | bodyPar ... alse }) | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:9:9:9:50 | bodyPar ... alse }) | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:9:9:9:50 | bodyPar ... alse }) | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:9:9:9:50 | bodyPar ... alse }) | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:9:9:9:50 | bodyPar ... alse }) | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:9:9:9:50 | bodyPar ... alse }) | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:9:9:9:50 | bodyPar ... alse }) | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:9:9:9:50 | bodyPar ... alse }) | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:9:9:9:50 | bodyPar ... alse }) | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:9:9:9:50 | bodyPar ... alse }) | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:9:9:9:50 | bodyPar ... alse }) | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:9:9:9:50 | bodyPar ... alse }) | Xss | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:9:9:9:50 | bodyPar ... alse }) | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:9:9:9:50 | bodyPar ... alse }) | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:9:31:9:49 | { extended: false } | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:9:31:9:49 | { extended: false } | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:9:31:9:49 | { extended: false } | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:9:31:9:49 | { extended: false } | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:9:31:9:49 | { extended: false } | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:9:31:9:49 | { extended: false } | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:9:31:9:49 | { extended: false } | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:9:31:9:49 | { extended: false } | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:9:31:9:49 | { extended: false } | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:9:31:9:49 | { extended: false } | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:9:31:9:49 | { extended: false } | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:9:31:9:49 | { extended: false } | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:9:31:9:49 | { extended: false } | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:9:31:9:49 | { extended: false } | Xss | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:9:31:9:49 | { extended: false } | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:9:31:9:49 | { extended: false } | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:9:43:9:47 | false | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:9:43:9:47 | false | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:9:43:9:47 | false | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:9:43:9:47 | false | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:9:43:9:47 | false | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:9:43:9:47 | false | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:9:43:9:47 | false | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:9:43:9:47 | false | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:9:43:9:47 | false | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:9:43:9:47 | false | Xss | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:9:43:9:47 | false | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:9:43:9:47 | false | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:11:10:11:26 | '/documents/find' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:11:10:11:26 | '/documents/find' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:11:10:11:26 | '/documents/find' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:11:10:11:26 | '/documents/find' | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:11:10:11:26 | '/documents/find' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:11:10:11:26 | '/documents/find' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:11:10:11:26 | '/documents/find' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:11:10:11:26 | '/documents/find' | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:11:10:11:26 | '/documents/find' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:11:10:11:26 | '/documents/find' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:11:10:11:26 | '/documents/find' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:11:10:11:26 | '/documents/find' | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:11:10:11:26 | '/documents/find' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:11:10:11:26 | '/documents/find' | Xss | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:11:10:11:26 | '/documents/find' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:11:10:11:26 | '/documents/find' | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:11:29:20:1 | (req, r ... });\\n} | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:11:29:20:1 | (req, r ... });\\n} | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:11:29:20:1 | (req, r ... });\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:11:29:20:1 | (req, r ... });\\n} | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:11:29:20:1 | (req, r ... });\\n} | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:11:29:20:1 | (req, r ... });\\n} | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:11:29:20:1 | (req, r ... });\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:11:29:20:1 | (req, r ... });\\n} | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:11:29:20:1 | (req, r ... });\\n} | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:11:29:20:1 | (req, r ... });\\n} | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:11:29:20:1 | (req, r ... });\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:11:29:20:1 | (req, r ... });\\n} | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:11:29:20:1 | (req, r ... });\\n} | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:11:29:20:1 | (req, r ... });\\n} | Xss | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:11:29:20:1 | (req, r ... });\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:11:29:20:1 | (req, r ... });\\n} | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:12:19:12:20 | {} | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:12:19:12:20 | {} | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:12:19:12:20 | {} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:12:19:12:20 | {} | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:12:19:12:20 | {} | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:12:19:12:20 | {} | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:12:19:12:20 | {} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:12:19:12:20 | {} | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:14:25:14:56 | 'mongod ... 7/test' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:14:25:14:56 | 'mongod ... 7/test' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:14:25:14:56 | 'mongod ... 7/test' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:14:25:14:56 | 'mongod ... 7/test' | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:14:25:14:56 | 'mongod ... 7/test' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:14:25:14:56 | 'mongod ... 7/test' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:14:25:14:56 | 'mongod ... 7/test' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:14:25:14:56 | 'mongod ... 7/test' | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:14:25:14:56 | 'mongod ... 7/test' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:14:25:14:56 | 'mongod ... 7/test' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:14:25:14:56 | 'mongod ... 7/test' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:14:25:14:56 | 'mongod ... 7/test' | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:14:25:14:56 | 'mongod ... 7/test' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:14:25:14:56 | 'mongod ... 7/test' | Xss | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:14:25:14:56 | 'mongod ... 7/test' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:14:25:14:56 | 'mongod ... 7/test' | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:14:59:19:5 | (err, d ... ;\\n } | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:14:59:19:5 | (err, d ... ;\\n } | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:14:59:19:5 | (err, d ... ;\\n } | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:14:59:19:5 | (err, d ... ;\\n } | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:14:59:19:5 | (err, d ... ;\\n } | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:14:59:19:5 | (err, d ... ;\\n } | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:14:59:19:5 | (err, d ... ;\\n } | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:14:59:19:5 | (err, d ... ;\\n } | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:14:59:19:5 | (err, d ... ;\\n } | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:14:59:19:5 | (err, d ... ;\\n } | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:14:59:19:5 | (err, d ... ;\\n } | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:14:59:19:5 | (err, d ... ;\\n } | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:14:59:19:5 | (err, d ... ;\\n } | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:14:59:19:5 | (err, d ... ;\\n } | Xss | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:14:59:19:5 | (err, d ... ;\\n } | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:14:59:19:5 | (err, d ... ;\\n } | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:15:31:15:35 | 'doc' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:15:31:15:35 | 'doc' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:15:31:15:35 | 'doc' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:15:31:15:35 | 'doc' | NosqlInjection | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:15:31:15:35 | 'doc' | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:15:31:15:35 | 'doc' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:15:31:15:35 | 'doc' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:15:31:15:35 | 'doc' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:15:31:15:35 | 'doc' | SqlInjection | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:15:31:15:35 | 'doc' | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:15:31:15:35 | 'doc' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:15:31:15:35 | 'doc' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:15:31:15:35 | 'doc' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:15:31:15:35 | 'doc' | TaintedPath | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:15:31:15:35 | 'doc' | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:15:31:15:35 | 'doc' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:15:31:15:35 | 'doc' | Xss | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:15:31:15:35 | 'doc' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:15:31:15:35 | 'doc' | Xss | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:15:31:15:35 | 'doc' | Xss | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:18:16:18:20 | query | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:18:16:18:20 | query | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:18:16:18:20 | query | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:18:16:18:20 | query | NosqlInjection | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:22:10:22:26 | '/documents/find' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:22:10:22:26 | '/documents/find' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:22:10:22:26 | '/documents/find' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:22:10:22:26 | '/documents/find' | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:22:10:22:26 | '/documents/find' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:22:10:22:26 | '/documents/find' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:22:10:22:26 | '/documents/find' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:22:10:22:26 | '/documents/find' | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:22:10:22:26 | '/documents/find' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:22:10:22:26 | '/documents/find' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:22:10:22:26 | '/documents/find' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:22:10:22:26 | '/documents/find' | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:22:10:22:26 | '/documents/find' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:22:10:22:26 | '/documents/find' | Xss | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:22:10:22:26 | '/documents/find' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:22:10:22:26 | '/documents/find' | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:22:29:31:1 | (req, r ... });\\n} | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:22:29:31:1 | (req, r ... });\\n} | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:22:29:31:1 | (req, r ... });\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:22:29:31:1 | (req, r ... });\\n} | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:22:29:31:1 | (req, r ... });\\n} | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:22:29:31:1 | (req, r ... });\\n} | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:22:29:31:1 | (req, r ... });\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:22:29:31:1 | (req, r ... });\\n} | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:22:29:31:1 | (req, r ... });\\n} | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:22:29:31:1 | (req, r ... });\\n} | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:22:29:31:1 | (req, r ... });\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:22:29:31:1 | (req, r ... });\\n} | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:22:29:31:1 | (req, r ... });\\n} | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:22:29:31:1 | (req, r ... });\\n} | Xss | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:22:29:31:1 | (req, r ... });\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:22:29:31:1 | (req, r ... });\\n} | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:23:19:23:20 | {} | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:23:19:23:20 | {} | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:23:19:23:20 | {} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:23:19:23:20 | {} | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:23:19:23:20 | {} | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:23:19:23:20 | {} | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:23:19:23:20 | {} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:23:19:23:20 | {} | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:25:25:25:56 | 'mongod ... 7/test' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:25:25:25:56 | 'mongod ... 7/test' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:25:25:25:56 | 'mongod ... 7/test' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:25:25:25:56 | 'mongod ... 7/test' | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:25:25:25:56 | 'mongod ... 7/test' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:25:25:25:56 | 'mongod ... 7/test' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:25:25:25:56 | 'mongod ... 7/test' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:25:25:25:56 | 'mongod ... 7/test' | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:25:25:25:56 | 'mongod ... 7/test' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:25:25:25:56 | 'mongod ... 7/test' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:25:25:25:56 | 'mongod ... 7/test' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:25:25:25:56 | 'mongod ... 7/test' | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:25:25:25:56 | 'mongod ... 7/test' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:25:25:25:56 | 'mongod ... 7/test' | Xss | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:25:25:25:56 | 'mongod ... 7/test' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:25:25:25:56 | 'mongod ... 7/test' | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:25:59:30:5 | (err, d ... ;\\n } | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:25:59:30:5 | (err, d ... ;\\n } | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:25:59:30:5 | (err, d ... ;\\n } | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:25:59:30:5 | (err, d ... ;\\n } | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:25:59:30:5 | (err, d ... ;\\n } | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:25:59:30:5 | (err, d ... ;\\n } | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:25:59:30:5 | (err, d ... ;\\n } | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:25:59:30:5 | (err, d ... ;\\n } | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:25:59:30:5 | (err, d ... ;\\n } | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:25:59:30:5 | (err, d ... ;\\n } | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:25:59:30:5 | (err, d ... ;\\n } | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:25:59:30:5 | (err, d ... ;\\n } | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:25:59:30:5 | (err, d ... ;\\n } | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:25:59:30:5 | (err, d ... ;\\n } | Xss | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:25:59:30:5 | (err, d ... ;\\n } | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:25:59:30:5 | (err, d ... ;\\n } | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:26:31:26:35 | 'doc' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:26:31:26:35 | 'doc' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:26:31:26:35 | 'doc' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:26:31:26:35 | 'doc' | NosqlInjection | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:26:31:26:35 | 'doc' | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:26:31:26:35 | 'doc' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:26:31:26:35 | 'doc' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:26:31:26:35 | 'doc' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:26:31:26:35 | 'doc' | SqlInjection | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:26:31:26:35 | 'doc' | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:26:31:26:35 | 'doc' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:26:31:26:35 | 'doc' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:26:31:26:35 | 'doc' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:26:31:26:35 | 'doc' | TaintedPath | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:26:31:26:35 | 'doc' | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:26:31:26:35 | 'doc' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:26:31:26:35 | 'doc' | Xss | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:26:31:26:35 | 'doc' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:26:31:26:35 | 'doc' | Xss | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:26:31:26:35 | 'doc' | Xss | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:29:16:29:20 | query | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:29:16:29:20 | query | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:29:16:29:20 | query | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:29:16:29:20 | query | NosqlInjection | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:2:25:2:33 | 'express' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:2:25:2:33 | 'express' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:2:25:2:33 | 'express' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:2:25:2:33 | 'express' | TaintedPath | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:3:28:3:40 | 'body-parser' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:3:28:3:40 | 'body-parser' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:3:28:3:40 | 'body-parser' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:3:28:3:40 | 'body-parser' | TaintedPath | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:4:26:4:35 | 'mongoose' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:4:26:4:35 | 'mongoose' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:4:26:4:35 | 'mongoose' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:4:26:4:35 | 'mongoose' | TaintedPath | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:6:18:6:50 | 'mongod ... table1' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:6:18:6:50 | 'mongod ... table1' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:6:18:6:50 | 'mongod ... table1' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:6:18:6:50 | 'mongod ... table1' | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:6:18:6:50 | 'mongod ... table1' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:6:18:6:50 | 'mongod ... table1' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:6:18:6:50 | 'mongod ... table1' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:6:18:6:50 | 'mongod ... table1' | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:6:18:6:50 | 'mongod ... table1' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:6:18:6:50 | 'mongod ... table1' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:6:18:6:50 | 'mongod ... table1' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:6:18:6:50 | 'mongod ... table1' | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:6:18:6:50 | 'mongod ... table1' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:6:18:6:50 | 'mongod ... table1' | Xss | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:6:18:6:50 | 'mongod ... table1' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:6:18:6:50 | 'mongod ... table1' | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:9:9:9:25 | BodyParser.json() | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:9:9:9:25 | BodyParser.json() | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:9:9:9:25 | BodyParser.json() | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:9:9:9:25 | BodyParser.json() | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:9:9:9:25 | BodyParser.json() | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:9:9:9:25 | BodyParser.json() | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:9:9:9:25 | BodyParser.json() | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:9:9:9:25 | BodyParser.json() | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:9:9:9:25 | BodyParser.json() | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:9:9:9:25 | BodyParser.json() | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:9:9:9:25 | BodyParser.json() | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:9:9:9:25 | BodyParser.json() | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:9:9:9:25 | BodyParser.json() | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:9:9:9:25 | BodyParser.json() | Xss | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:9:9:9:25 | BodyParser.json() | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:9:9:9:25 | BodyParser.json() | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:11:33:11:42 | 'Document' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:11:33:11:42 | 'Document' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:11:33:11:42 | 'Document' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:11:33:11:42 | 'Document' | NosqlInjection | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:11:33:11:42 | 'Document' | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:11:33:11:42 | 'Document' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:11:33:11:42 | 'Document' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:11:33:11:42 | 'Document' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:11:33:11:42 | 'Document' | SqlInjection | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:11:33:11:42 | 'Document' | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:11:33:11:42 | 'Document' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:11:33:11:42 | 'Document' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:11:33:11:42 | 'Document' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:11:33:11:42 | 'Document' | TaintedPath | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:11:33:11:42 | 'Document' | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:11:33:11:42 | 'Document' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:11:33:11:42 | 'Document' | Xss | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:11:33:11:42 | 'Document' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:11:33:11:42 | 'Document' | Xss | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:11:33:11:42 | 'Document' | Xss | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:11:45:17:1 | {\\n t ... tring\\n} | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:11:45:17:1 | {\\n t ... tring\\n} | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:11:45:17:1 | {\\n t ... tring\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:11:45:17:1 | {\\n t ... tring\\n} | NosqlInjection | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:11:45:17:1 | {\\n t ... tring\\n} | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:11:45:17:1 | {\\n t ... tring\\n} | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:11:45:17:1 | {\\n t ... tring\\n} | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:11:45:17:1 | {\\n t ... tring\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:11:45:17:1 | {\\n t ... tring\\n} | SqlInjection | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:11:45:17:1 | {\\n t ... tring\\n} | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:11:45:17:1 | {\\n t ... tring\\n} | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:11:45:17:1 | {\\n t ... tring\\n} | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:11:45:17:1 | {\\n t ... tring\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:11:45:17:1 | {\\n t ... tring\\n} | TaintedPath | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:11:45:17:1 | {\\n t ... tring\\n} | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:11:45:17:1 | {\\n t ... tring\\n} | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:11:45:17:1 | {\\n t ... tring\\n} | Xss | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:11:45:17:1 | {\\n t ... tring\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:11:45:17:1 | {\\n t ... tring\\n} | Xss | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:11:45:17:1 | {\\n t ... tring\\n} | Xss | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:12:12:15:5 | {\\n ... e\\n } | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:12:12:15:5 | {\\n ... e\\n } | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:12:12:15:5 | {\\n ... e\\n } | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:12:12:15:5 | {\\n ... e\\n } | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:12:12:15:5 | {\\n ... e\\n } | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:12:12:15:5 | {\\n ... e\\n } | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:12:12:15:5 | {\\n ... e\\n } | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:12:12:15:5 | {\\n ... e\\n } | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:12:12:15:5 | {\\n ... e\\n } | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:12:12:15:5 | {\\n ... e\\n } | Xss | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:12:12:15:5 | {\\n ... e\\n } | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:12:12:15:5 | {\\n ... e\\n } | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:13:15:13:20 | String | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:13:15:13:20 | String | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:13:15:13:20 | String | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:13:15:13:20 | String | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:13:15:13:20 | String | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:13:15:13:20 | String | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:13:15:13:20 | String | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:13:15:13:20 | String | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:13:15:13:20 | String | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:13:15:13:20 | String | Xss | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:13:15:13:20 | String | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:13:15:13:20 | String | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:14:17:14:20 | true | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:14:17:14:20 | true | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:14:17:14:20 | true | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:14:17:14:20 | true | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:14:17:14:20 | true | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:14:17:14:20 | true | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:14:17:14:20 | true | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:14:17:14:20 | true | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:14:17:14:20 | true | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:14:17:14:20 | true | Xss | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:14:17:14:20 | true | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:14:17:14:20 | true | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:16:11:16:16 | String | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:16:11:16:16 | String | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:16:11:16:16 | String | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:16:11:16:16 | String | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:16:11:16:16 | String | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:16:11:16:16 | String | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:16:11:16:16 | String | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:16:11:16:16 | String | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:16:11:16:16 | String | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:16:11:16:16 | String | Xss | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:16:11:16:16 | String | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:16:11:16:16 | String | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:19:10:19:26 | '/documents/find' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:19:10:19:26 | '/documents/find' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:19:10:19:26 | '/documents/find' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:19:10:19:26 | '/documents/find' | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:19:10:19:26 | '/documents/find' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:19:10:19:26 | '/documents/find' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:19:10:19:26 | '/documents/find' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:19:10:19:26 | '/documents/find' | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:19:10:19:26 | '/documents/find' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:19:10:19:26 | '/documents/find' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:19:10:19:26 | '/documents/find' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:19:10:19:26 | '/documents/find' | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:19:10:19:26 | '/documents/find' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:19:10:19:26 | '/documents/find' | Xss | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:19:10:19:26 | '/documents/find' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:19:10:19:26 | '/documents/find' | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:19:29:132:1 | (req, r ... // OK\\n} | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:19:29:132:1 | (req, r ... // OK\\n} | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:19:29:132:1 | (req, r ... // OK\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:19:29:132:1 | (req, r ... // OK\\n} | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:19:29:132:1 | (req, r ... // OK\\n} | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:19:29:132:1 | (req, r ... // OK\\n} | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:19:29:132:1 | (req, r ... // OK\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:19:29:132:1 | (req, r ... // OK\\n} | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:19:29:132:1 | (req, r ... // OK\\n} | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:19:29:132:1 | (req, r ... // OK\\n} | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:19:29:132:1 | (req, r ... // OK\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:19:29:132:1 | (req, r ... // OK\\n} | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:19:29:132:1 | (req, r ... // OK\\n} | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:19:29:132:1 | (req, r ... // OK\\n} | Xss | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:19:29:132:1 | (req, r ... // OK\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:19:29:132:1 | (req, r ... // OK\\n} | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:20:19:20:20 | {} | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:20:19:20:20 | {} | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:20:19:20:20 | {} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:20:19:20:20 | {} | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:20:19:20:20 | {} | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:20:19:20:20 | {} | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:20:19:20:20 | {} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:20:19:20:20 | {} | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:24:24:24:30 | [query] | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:24:24:24:30 | [query] | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:24:24:24:30 | [query] | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:24:24:24:30 | [query] | NosqlInjection | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:24:25:24:29 | query | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:24:25:24:29 | query | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:24:25:24:29 | query | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:24:25:24:29 | query | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:24:25:24:29 | query | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:24:25:24:29 | query | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:24:25:24:29 | query | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:24:25:24:29 | query | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:24:25:24:29 | query | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:24:25:24:29 | query | Xss | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:24:25:24:29 | query | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:24:25:24:29 | query | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:27:20:27:24 | query | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:27:20:27:24 | query | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:27:20:27:24 | query | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:27:20:27:24 | query | NosqlInjection | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:30:25:30:29 | query | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:30:25:30:29 | query | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:30:25:30:29 | query | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:30:25:30:29 | query | NosqlInjection | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:33:24:33:28 | query | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:33:24:33:28 | query | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:33:24:33:28 | query | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:33:24:33:28 | query | NosqlInjection | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:36:31:36:35 | query | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:36:31:36:35 | query | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:36:31:36:35 | query | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:36:31:36:35 | query | NosqlInjection | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:39:19:39:23 | query | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:39:19:39:23 | query | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:39:19:39:23 | query | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:39:19:39:23 | query | NosqlInjection | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:42:22:42:26 | query | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:42:22:42:26 | query | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:42:22:42:26 | query | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:42:22:42:26 | query | NosqlInjection | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:45:31:45:35 | query | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:45:31:45:35 | query | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:45:31:45:35 | query | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:45:31:45:35 | query | NosqlInjection | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:48:31:48:35 | query | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:48:31:48:35 | query | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:48:31:48:35 | query | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:48:31:48:35 | query | NosqlInjection | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:51:31:51:35 | query | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:51:31:51:35 | query | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:51:31:51:35 | query | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:51:31:51:35 | query | NosqlInjection | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:54:25:54:29 | query | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:54:25:54:29 | query | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:54:25:54:29 | query | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:54:25:54:29 | query | NosqlInjection | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:57:21:57:25 | query | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:57:21:57:25 | query | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:57:21:57:25 | query | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:57:21:57:25 | query | NosqlInjection | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:60:25:60:29 | query | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:60:25:60:29 | query | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:60:25:60:29 | query | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:60:25:60:29 | query | NosqlInjection | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:63:21:63:25 | query | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:63:21:63:25 | query | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:63:21:63:25 | query | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:63:21:63:25 | query | NosqlInjection | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:63:33:63:33 | X | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:63:33:63:33 | X | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:63:33:63:33 | X | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:63:33:63:33 | X | NosqlInjection | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:63:33:63:33 | X | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:63:33:63:33 | X | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:63:33:63:33 | X | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:63:33:63:33 | X | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:63:33:63:33 | X | SqlInjection | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:63:33:63:33 | X | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:63:33:63:33 | X | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:63:33:63:33 | X | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:63:33:63:33 | X | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:63:33:63:33 | X | TaintedPath | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:63:33:63:33 | X | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:63:33:63:33 | X | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:63:33:63:33 | X | Xss | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:63:33:63:33 | X | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:63:33:63:33 | X | Xss | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:63:33:63:33 | X | Xss | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:65:29:65:29 | X | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:65:29:65:29 | X | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:65:29:65:29 | X | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:65:29:65:29 | X | NosqlInjection | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:65:32:65:36 | query | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:65:32:65:36 | query | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:65:32:65:36 | query | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:65:32:65:36 | query | NosqlInjection | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:65:39:65:50 | function(){} | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:65:39:65:50 | function(){} | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:65:39:65:50 | function(){} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:65:39:65:50 | function(){} | NosqlInjection | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:65:39:65:50 | function(){} | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:65:39:65:50 | function(){} | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:65:39:65:50 | function(){} | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:65:39:65:50 | function(){} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:65:39:65:50 | function(){} | SqlInjection | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:65:39:65:50 | function(){} | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:65:39:65:50 | function(){} | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:65:39:65:50 | function(){} | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:65:39:65:50 | function(){} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:65:39:65:50 | function(){} | TaintedPath | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:65:39:65:50 | function(){} | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:65:39:65:50 | function(){} | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:65:39:65:50 | function(){} | Xss | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:65:39:65:50 | function(){} | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:65:39:65:50 | function(){} | Xss | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:65:39:65:50 | function(){} | Xss | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:67:27:67:31 | query | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:67:27:67:31 | query | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:67:27:67:31 | query | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:67:27:67:31 | query | NosqlInjection | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:68:8:68:12 | query | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:68:8:68:12 | query | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:68:8:68:12 | query | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:68:8:68:12 | query | NosqlInjection | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:68:15:68:26 | function(){} | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:68:15:68:26 | function(){} | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:68:15:68:26 | function(){} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:68:15:68:26 | function(){} | NosqlInjection | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:68:15:68:26 | function(){} | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:68:15:68:26 | function(){} | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:68:15:68:26 | function(){} | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:68:15:68:26 | function(){} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:68:15:68:26 | function(){} | SqlInjection | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:68:15:68:26 | function(){} | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:68:15:68:26 | function(){} | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:68:15:68:26 | function(){} | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:68:15:68:26 | function(){} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:68:15:68:26 | function(){} | TaintedPath | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:68:15:68:26 | function(){} | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:68:15:68:26 | function(){} | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:68:15:68:26 | function(){} | Xss | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:68:15:68:26 | function(){} | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:68:15:68:26 | function(){} | Xss | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:68:15:68:26 | function(){} | Xss | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:71:20:71:24 | query | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:71:20:71:24 | query | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:71:20:71:24 | query | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:71:20:71:24 | query | NosqlInjection | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:72:16:72:20 | query | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:72:16:72:20 | query | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:72:16:72:20 | query | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:72:16:72:20 | query | NosqlInjection | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:73:8:73:12 | query | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:73:8:73:12 | query | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:73:8:73:12 | query | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:73:8:73:12 | query | NosqlInjection | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:74:7:74:11 | query | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:74:7:74:11 | query | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:74:7:74:11 | query | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:74:7:74:11 | query | NosqlInjection | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:75:16:75:20 | query | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:75:16:75:20 | query | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:75:16:75:20 | query | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:75:16:75:20 | query | NosqlInjection | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:76:12:76:16 | query | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:76:12:76:16 | query | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:76:12:76:16 | query | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:76:12:76:16 | query | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:76:12:76:16 | query | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:76:12:76:16 | query | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:76:12:76:16 | query | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:76:12:76:16 | query | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:76:12:76:16 | query | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:76:12:76:16 | query | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:76:12:76:16 | query | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:76:12:76:16 | query | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:76:12:76:16 | query | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:76:12:76:16 | query | Xss | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:76:12:76:16 | query | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:76:12:76:16 | query | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:77:10:77:14 | query | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:77:10:77:14 | query | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:77:10:77:14 | query | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:77:10:77:14 | query | NosqlInjection | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:81:28:81:28 | X | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:81:28:81:28 | X | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:81:28:81:28 | X | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:81:28:81:28 | X | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:81:28:81:28 | X | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:81:28:81:28 | X | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:81:28:81:28 | X | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:81:28:81:28 | X | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:81:28:81:28 | X | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:81:28:81:28 | X | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:81:28:81:28 | X | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:81:28:81:28 | X | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:81:28:81:28 | X | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:81:28:81:28 | X | Xss | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:81:28:81:28 | X | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:81:28:81:28 | X | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:81:37:81:41 | query | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:81:37:81:41 | query | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:81:37:81:41 | query | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:81:37:81:41 | query | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:81:37:81:41 | query | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:81:37:81:41 | query | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:81:37:81:41 | query | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:81:37:81:41 | query | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:81:37:81:41 | query | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:81:37:81:41 | query | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:81:37:81:41 | query | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:81:37:81:41 | query | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:81:37:81:41 | query | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:81:37:81:41 | query | Xss | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:81:37:81:41 | query | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:81:37:81:41 | query | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:82:28:82:28 | X | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:82:28:82:28 | X | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:82:28:82:28 | X | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:82:28:82:28 | X | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:82:28:82:28 | X | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:82:28:82:28 | X | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:82:28:82:28 | X | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:82:28:82:28 | X | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:82:28:82:28 | X | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:82:28:82:28 | X | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:82:28:82:28 | X | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:82:28:82:28 | X | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:82:28:82:28 | X | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:82:28:82:28 | X | Xss | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:82:28:82:28 | X | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:82:28:82:28 | X | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:82:37:82:37 | Y | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:82:37:82:37 | Y | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:82:37:82:37 | Y | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:82:37:82:37 | Y | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:82:37:82:37 | Y | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:82:37:82:37 | Y | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:82:37:82:37 | Y | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:82:37:82:37 | Y | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:82:37:82:37 | Y | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:82:37:82:37 | Y | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:82:37:82:37 | Y | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:82:37:82:37 | Y | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:82:37:82:37 | Y | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:82:37:82:37 | Y | Xss | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:82:37:82:37 | Y | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:82:37:82:37 | Y | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:82:46:82:50 | query | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:82:46:82:50 | query | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:82:46:82:50 | query | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:82:46:82:50 | query | NosqlInjection | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:83:28:83:28 | X | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:83:28:83:28 | X | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:83:28:83:28 | X | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:83:28:83:28 | X | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:83:28:83:28 | X | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:83:28:83:28 | X | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:83:28:83:28 | X | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:83:28:83:28 | X | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:83:28:83:28 | X | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:83:28:83:28 | X | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:83:28:83:28 | X | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:83:28:83:28 | X | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:83:28:83:28 | X | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:83:28:83:28 | X | Xss | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:83:28:83:28 | X | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:83:28:83:28 | X | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:83:47:83:51 | query | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:83:47:83:51 | query | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:83:47:83:51 | query | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:83:47:83:51 | query | NosqlInjection | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:85:19:85:19 | X | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:85:19:85:19 | X | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:85:19:85:19 | X | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:85:19:85:19 | X | NosqlInjection | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:85:22:85:51 | (err, r ... (query) | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:85:22:85:51 | (err, r ... (query) | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:85:22:85:51 | (err, r ... (query) | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:85:22:85:51 | (err, r ... (query) | NosqlInjection | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:85:22:85:51 | (err, r ... (query) | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:85:22:85:51 | (err, r ... (query) | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:85:22:85:51 | (err, r ... (query) | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:85:22:85:51 | (err, r ... (query) | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:85:22:85:51 | (err, r ... (query) | SqlInjection | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:85:22:85:51 | (err, r ... (query) | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:85:22:85:51 | (err, r ... (query) | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:85:22:85:51 | (err, r ... (query) | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:85:22:85:51 | (err, r ... (query) | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:85:22:85:51 | (err, r ... (query) | TaintedPath | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:85:22:85:51 | (err, r ... (query) | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:85:22:85:51 | (err, r ... (query) | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:85:22:85:51 | (err, r ... (query) | Xss | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:85:22:85:51 | (err, r ... (query) | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:85:22:85:51 | (err, r ... (query) | Xss | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:85:22:85:51 | (err, r ... (query) | Xss | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:85:46:85:50 | query | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:85:46:85:50 | query | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:85:46:85:50 | query | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:85:46:85:50 | query | NosqlInjection | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:86:19:86:19 | X | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:86:19:86:19 | X | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:86:19:86:19 | X | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:86:19:86:19 | X | NosqlInjection | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:86:22:86:51 | (err, r ... (query) | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:86:22:86:51 | (err, r ... (query) | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:86:22:86:51 | (err, r ... (query) | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:86:22:86:51 | (err, r ... (query) | NosqlInjection | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:86:22:86:51 | (err, r ... (query) | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:86:22:86:51 | (err, r ... (query) | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:86:22:86:51 | (err, r ... (query) | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:86:22:86:51 | (err, r ... (query) | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:86:22:86:51 | (err, r ... (query) | SqlInjection | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:86:22:86:51 | (err, r ... (query) | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:86:22:86:51 | (err, r ... (query) | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:86:22:86:51 | (err, r ... (query) | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:86:22:86:51 | (err, r ... (query) | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:86:22:86:51 | (err, r ... (query) | TaintedPath | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:86:22:86:51 | (err, r ... (query) | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:86:22:86:51 | (err, r ... (query) | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:86:22:86:51 | (err, r ... (query) | Xss | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:86:22:86:51 | (err, r ... (query) | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:86:22:86:51 | (err, r ... (query) | Xss | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:86:22:86:51 | (err, r ... (query) | Xss | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:86:46:86:50 | query | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:86:46:86:50 | query | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:86:46:86:50 | query | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:86:46:86:50 | query | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:86:46:86:50 | query | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:86:46:86:50 | query | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:86:46:86:50 | query | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:86:46:86:50 | query | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:86:46:86:50 | query | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:86:46:86:50 | query | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:86:46:86:50 | query | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:86:46:86:50 | query | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:86:46:86:50 | query | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:86:46:86:50 | query | Xss | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:86:46:86:50 | query | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:86:46:86:50 | query | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:87:19:87:19 | X | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:87:19:87:19 | X | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:87:19:87:19 | X | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:87:19:87:19 | X | NosqlInjection | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:87:27:87:56 | (err, r ... (query) | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:87:27:87:56 | (err, r ... (query) | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:87:27:87:56 | (err, r ... (query) | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:87:27:87:56 | (err, r ... (query) | NosqlInjection | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:87:27:87:56 | (err, r ... (query) | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:87:27:87:56 | (err, r ... (query) | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:87:27:87:56 | (err, r ... (query) | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:87:27:87:56 | (err, r ... (query) | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:87:27:87:56 | (err, r ... (query) | SqlInjection | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:87:27:87:56 | (err, r ... (query) | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:87:27:87:56 | (err, r ... (query) | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:87:27:87:56 | (err, r ... (query) | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:87:27:87:56 | (err, r ... (query) | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:87:27:87:56 | (err, r ... (query) | TaintedPath | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:87:27:87:56 | (err, r ... (query) | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:87:27:87:56 | (err, r ... (query) | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:87:27:87:56 | (err, r ... (query) | Xss | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:87:27:87:56 | (err, r ... (query) | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:87:27:87:56 | (err, r ... (query) | Xss | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:87:27:87:56 | (err, r ... (query) | Xss | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:87:51:87:55 | query | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:87:51:87:55 | query | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:87:51:87:55 | query | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:87:51:87:55 | query | NosqlInjection | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:88:19:88:19 | X | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:88:19:88:19 | X | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:88:19:88:19 | X | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:88:19:88:19 | X | NosqlInjection | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:88:27:88:56 | (err, r ... (query) | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:88:27:88:56 | (err, r ... (query) | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:88:27:88:56 | (err, r ... (query) | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:88:27:88:56 | (err, r ... (query) | NosqlInjection | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:88:27:88:56 | (err, r ... (query) | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:88:27:88:56 | (err, r ... (query) | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:88:27:88:56 | (err, r ... (query) | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:88:27:88:56 | (err, r ... (query) | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:88:27:88:56 | (err, r ... (query) | SqlInjection | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:88:27:88:56 | (err, r ... (query) | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:88:27:88:56 | (err, r ... (query) | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:88:27:88:56 | (err, r ... (query) | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:88:27:88:56 | (err, r ... (query) | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:88:27:88:56 | (err, r ... (query) | TaintedPath | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:88:27:88:56 | (err, r ... (query) | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:88:27:88:56 | (err, r ... (query) | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:88:27:88:56 | (err, r ... (query) | Xss | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:88:27:88:56 | (err, r ... (query) | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:88:27:88:56 | (err, r ... (query) | Xss | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:88:27:88:56 | (err, r ... (query) | Xss | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:88:51:88:55 | query | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:88:51:88:55 | query | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:88:51:88:55 | query | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:88:51:88:55 | query | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:88:51:88:55 | query | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:88:51:88:55 | query | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:88:51:88:55 | query | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:88:51:88:55 | query | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:88:51:88:55 | query | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:88:51:88:55 | query | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:88:51:88:55 | query | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:88:51:88:55 | query | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:88:51:88:55 | query | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:88:51:88:55 | query | Xss | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:88:51:88:55 | query | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:88:51:88:55 | query | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:89:19:89:19 | X | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:89:19:89:19 | X | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:89:19:89:19 | X | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:89:19:89:19 | X | NosqlInjection | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:89:27:89:51 | (res) = ... (query) | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:89:27:89:51 | (res) = ... (query) | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:89:27:89:51 | (res) = ... (query) | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:89:27:89:51 | (res) = ... (query) | NosqlInjection | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:89:27:89:51 | (res) = ... (query) | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:89:27:89:51 | (res) = ... (query) | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:89:27:89:51 | (res) = ... (query) | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:89:27:89:51 | (res) = ... (query) | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:89:27:89:51 | (res) = ... (query) | SqlInjection | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:89:27:89:51 | (res) = ... (query) | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:89:27:89:51 | (res) = ... (query) | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:89:27:89:51 | (res) = ... (query) | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:89:27:89:51 | (res) = ... (query) | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:89:27:89:51 | (res) = ... (query) | TaintedPath | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:89:27:89:51 | (res) = ... (query) | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:89:27:89:51 | (res) = ... (query) | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:89:27:89:51 | (res) = ... (query) | Xss | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:89:27:89:51 | (res) = ... (query) | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:89:27:89:51 | (res) = ... (query) | Xss | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:89:27:89:51 | (res) = ... (query) | Xss | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:89:46:89:50 | query | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:89:46:89:50 | query | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:89:46:89:50 | query | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:89:46:89:50 | query | NosqlInjection | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:19:90:19 | X | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:19:90:19 | X | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:19:90:19 | X | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:19:90:19 | X | NosqlInjection | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:27:90:27 | Y | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:27:90:27 | Y | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:27:90:27 | Y | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:27:90:27 | Y | NosqlInjection | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:27:90:27 | Y | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:27:90:27 | Y | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:27:90:27 | Y | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:27:90:27 | Y | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:27:90:27 | Y | SqlInjection | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:27:90:27 | Y | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:27:90:27 | Y | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:27:90:27 | Y | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:27:90:27 | Y | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:27:90:27 | Y | TaintedPath | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:27:90:27 | Y | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:27:90:27 | Y | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:27:90:27 | Y | Xss | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:27:90:27 | Y | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:27:90:27 | Y | Xss | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:27:90:27 | Y | Xss | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:30:90:54 | (err) = ... (query) | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:30:90:54 | (err) = ... (query) | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:30:90:54 | (err) = ... (query) | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:30:90:54 | (err) = ... (query) | NosqlInjection | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:30:90:54 | (err) = ... (query) | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:30:90:54 | (err) = ... (query) | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:30:90:54 | (err) = ... (query) | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:30:90:54 | (err) = ... (query) | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:30:90:54 | (err) = ... (query) | SqlInjection | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:30:90:54 | (err) = ... (query) | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:30:90:54 | (err) = ... (query) | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:30:90:54 | (err) = ... (query) | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:30:90:54 | (err) = ... (query) | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:30:90:54 | (err) = ... (query) | TaintedPath | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:30:90:54 | (err) = ... (query) | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:30:90:54 | (err) = ... (query) | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:30:90:54 | (err) = ... (query) | Xss | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:30:90:54 | (err) = ... (query) | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:30:90:54 | (err) = ... (query) | Xss | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:30:90:54 | (err) = ... (query) | Xss | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:49:90:53 | query | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:49:90:53 | query | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:49:90:53 | query | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:49:90:53 | query | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:49:90:53 | query | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:49:90:53 | query | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:49:90:53 | query | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:49:90:53 | query | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:49:90:53 | query | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:49:90:53 | query | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:49:90:53 | query | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:49:90:53 | query | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:49:90:53 | query | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:49:90:53 | query | Xss | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:49:90:53 | query | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:49:90:53 | query | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:92:16:92:16 | X | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:92:16:92:16 | X | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:92:16:92:16 | X | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:92:16:92:16 | X | NosqlInjection | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:92:19:92:51 | (err, r ... (query) | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:92:19:92:51 | (err, r ... (query) | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:92:19:92:51 | (err, r ... (query) | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:92:19:92:51 | (err, r ... (query) | NosqlInjection | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:92:19:92:51 | (err, r ... (query) | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:92:19:92:51 | (err, r ... (query) | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:92:19:92:51 | (err, r ... (query) | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:92:19:92:51 | (err, r ... (query) | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:92:19:92:51 | (err, r ... (query) | SqlInjection | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:92:19:92:51 | (err, r ... (query) | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:92:19:92:51 | (err, r ... (query) | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:92:19:92:51 | (err, r ... (query) | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:92:19:92:51 | (err, r ... (query) | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:92:19:92:51 | (err, r ... (query) | TaintedPath | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:92:19:92:51 | (err, r ... (query) | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:92:19:92:51 | (err, r ... (query) | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:92:19:92:51 | (err, r ... (query) | Xss | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:92:19:92:51 | (err, r ... (query) | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:92:19:92:51 | (err, r ... (query) | Xss | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:92:19:92:51 | (err, r ... (query) | Xss | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:92:46:92:50 | query | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:92:46:92:50 | query | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:92:46:92:50 | query | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:92:46:92:50 | query | NosqlInjection | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:93:16:93:16 | X | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:93:16:93:16 | X | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:93:16:93:16 | X | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:93:16:93:16 | X | NosqlInjection | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:93:19:93:48 | (err, r ... (query) | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:93:19:93:48 | (err, r ... (query) | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:93:19:93:48 | (err, r ... (query) | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:93:19:93:48 | (err, r ... (query) | NosqlInjection | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:93:19:93:48 | (err, r ... (query) | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:93:19:93:48 | (err, r ... (query) | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:93:19:93:48 | (err, r ... (query) | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:93:19:93:48 | (err, r ... (query) | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:93:19:93:48 | (err, r ... (query) | SqlInjection | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:93:19:93:48 | (err, r ... (query) | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:93:19:93:48 | (err, r ... (query) | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:93:19:93:48 | (err, r ... (query) | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:93:19:93:48 | (err, r ... (query) | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:93:19:93:48 | (err, r ... (query) | TaintedPath | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:93:19:93:48 | (err, r ... (query) | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:93:19:93:48 | (err, r ... (query) | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:93:19:93:48 | (err, r ... (query) | Xss | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:93:19:93:48 | (err, r ... (query) | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:93:19:93:48 | (err, r ... (query) | Xss | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:93:19:93:48 | (err, r ... (query) | Xss | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:93:43:93:47 | query | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:93:43:93:47 | query | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:93:43:93:47 | query | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:93:43:93:47 | query | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:93:43:93:47 | query | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:93:43:93:47 | query | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:93:43:93:47 | query | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:93:43:93:47 | query | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:93:43:93:47 | query | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:93:43:93:47 | query | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:93:43:93:47 | query | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:93:43:93:47 | query | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:93:43:93:47 | query | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:93:43:93:47 | query | Xss | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:93:43:93:47 | query | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:93:43:93:47 | query | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:94:16:94:16 | X | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:94:16:94:16 | X | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:94:16:94:16 | X | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:94:16:94:16 | X | NosqlInjection | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:94:24:94:56 | (err, r ... (query) | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:94:24:94:56 | (err, r ... (query) | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:94:24:94:56 | (err, r ... (query) | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:94:24:94:56 | (err, r ... (query) | NosqlInjection | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:94:24:94:56 | (err, r ... (query) | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:94:24:94:56 | (err, r ... (query) | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:94:24:94:56 | (err, r ... (query) | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:94:24:94:56 | (err, r ... (query) | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:94:24:94:56 | (err, r ... (query) | SqlInjection | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:94:24:94:56 | (err, r ... (query) | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:94:24:94:56 | (err, r ... (query) | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:94:24:94:56 | (err, r ... (query) | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:94:24:94:56 | (err, r ... (query) | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:94:24:94:56 | (err, r ... (query) | TaintedPath | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:94:24:94:56 | (err, r ... (query) | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:94:24:94:56 | (err, r ... (query) | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:94:24:94:56 | (err, r ... (query) | Xss | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:94:24:94:56 | (err, r ... (query) | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:94:24:94:56 | (err, r ... (query) | Xss | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:94:24:94:56 | (err, r ... (query) | Xss | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:94:51:94:55 | query | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:94:51:94:55 | query | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:94:51:94:55 | query | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:94:51:94:55 | query | NosqlInjection | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:95:16:95:16 | X | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:95:16:95:16 | X | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:95:16:95:16 | X | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:95:16:95:16 | X | NosqlInjection | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:95:24:95:53 | (err, r ... (query) | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:95:24:95:53 | (err, r ... (query) | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:95:24:95:53 | (err, r ... (query) | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:95:24:95:53 | (err, r ... (query) | NosqlInjection | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:95:24:95:53 | (err, r ... (query) | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:95:24:95:53 | (err, r ... (query) | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:95:24:95:53 | (err, r ... (query) | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:95:24:95:53 | (err, r ... (query) | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:95:24:95:53 | (err, r ... (query) | SqlInjection | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:95:24:95:53 | (err, r ... (query) | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:95:24:95:53 | (err, r ... (query) | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:95:24:95:53 | (err, r ... (query) | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:95:24:95:53 | (err, r ... (query) | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:95:24:95:53 | (err, r ... (query) | TaintedPath | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:95:24:95:53 | (err, r ... (query) | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:95:24:95:53 | (err, r ... (query) | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:95:24:95:53 | (err, r ... (query) | Xss | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:95:24:95:53 | (err, r ... (query) | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:95:24:95:53 | (err, r ... (query) | Xss | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:95:24:95:53 | (err, r ... (query) | Xss | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:95:48:95:52 | query | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:95:48:95:52 | query | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:95:48:95:52 | query | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:95:48:95:52 | query | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:95:48:95:52 | query | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:95:48:95:52 | query | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:95:48:95:52 | query | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:95:48:95:52 | query | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:95:48:95:52 | query | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:95:48:95:52 | query | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:95:48:95:52 | query | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:95:48:95:52 | query | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:95:48:95:52 | query | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:95:48:95:52 | query | Xss | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:95:48:95:52 | query | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:95:48:95:52 | query | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:96:16:96:16 | X | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:96:16:96:16 | X | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:96:16:96:16 | X | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:96:16:96:16 | X | NosqlInjection | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:96:24:96:51 | (res) = ... (query) | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:96:24:96:51 | (res) = ... (query) | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:96:24:96:51 | (res) = ... (query) | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:96:24:96:51 | (res) = ... (query) | NosqlInjection | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:96:24:96:51 | (res) = ... (query) | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:96:24:96:51 | (res) = ... (query) | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:96:24:96:51 | (res) = ... (query) | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:96:24:96:51 | (res) = ... (query) | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:96:24:96:51 | (res) = ... (query) | SqlInjection | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:96:24:96:51 | (res) = ... (query) | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:96:24:96:51 | (res) = ... (query) | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:96:24:96:51 | (res) = ... (query) | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:96:24:96:51 | (res) = ... (query) | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:96:24:96:51 | (res) = ... (query) | TaintedPath | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:96:24:96:51 | (res) = ... (query) | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:96:24:96:51 | (res) = ... (query) | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:96:24:96:51 | (res) = ... (query) | Xss | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:96:24:96:51 | (res) = ... (query) | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:96:24:96:51 | (res) = ... (query) | Xss | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:96:24:96:51 | (res) = ... (query) | Xss | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:96:46:96:50 | query | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:96:46:96:50 | query | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:96:46:96:50 | query | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:96:46:96:50 | query | NosqlInjection | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:16:97:16 | X | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:16:97:16 | X | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:16:97:16 | X | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:16:97:16 | X | NosqlInjection | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:24:97:24 | Y | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:24:97:24 | Y | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:24:97:24 | Y | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:24:97:24 | Y | NosqlInjection | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:24:97:24 | Y | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:24:97:24 | Y | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:24:97:24 | Y | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:24:97:24 | Y | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:24:97:24 | Y | SqlInjection | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:24:97:24 | Y | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:24:97:24 | Y | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:24:97:24 | Y | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:24:97:24 | Y | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:24:97:24 | Y | TaintedPath | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:24:97:24 | Y | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:24:97:24 | Y | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:24:97:24 | Y | Xss | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:24:97:24 | Y | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:24:97:24 | Y | Xss | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:24:97:24 | Y | Xss | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:27:97:51 | (err) = ... (query) | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:27:97:51 | (err) = ... (query) | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:27:97:51 | (err) = ... (query) | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:27:97:51 | (err) = ... (query) | NosqlInjection | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:27:97:51 | (err) = ... (query) | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:27:97:51 | (err) = ... (query) | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:27:97:51 | (err) = ... (query) | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:27:97:51 | (err) = ... (query) | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:27:97:51 | (err) = ... (query) | SqlInjection | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:27:97:51 | (err) = ... (query) | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:27:97:51 | (err) = ... (query) | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:27:97:51 | (err) = ... (query) | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:27:97:51 | (err) = ... (query) | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:27:97:51 | (err) = ... (query) | TaintedPath | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:27:97:51 | (err) = ... (query) | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:27:97:51 | (err) = ... (query) | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:27:97:51 | (err) = ... (query) | Xss | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:27:97:51 | (err) = ... (query) | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:27:97:51 | (err) = ... (query) | Xss | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:27:97:51 | (err) = ... (query) | Xss | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:46:97:50 | query | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:46:97:50 | query | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:46:97:50 | query | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:46:97:50 | query | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:46:97:50 | query | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:46:97:50 | query | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:46:97:50 | query | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:46:97:50 | query | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:46:97:50 | query | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:46:97:50 | query | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:46:97:50 | query | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:46:97:50 | query | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:46:97:50 | query | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:46:97:50 | query | Xss | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:46:97:50 | query | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:46:97:50 | query | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:99:17:99:17 | X | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:99:17:99:17 | X | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:99:17:99:17 | X | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:99:17:99:17 | X | NosqlInjection | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:99:20:99:49 | (err, r ... (query) | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:99:20:99:49 | (err, r ... (query) | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:99:20:99:49 | (err, r ... (query) | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:99:20:99:49 | (err, r ... (query) | NosqlInjection | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:99:20:99:49 | (err, r ... (query) | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:99:20:99:49 | (err, r ... (query) | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:99:20:99:49 | (err, r ... (query) | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:99:20:99:49 | (err, r ... (query) | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:99:20:99:49 | (err, r ... (query) | SqlInjection | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:99:20:99:49 | (err, r ... (query) | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:99:20:99:49 | (err, r ... (query) | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:99:20:99:49 | (err, r ... (query) | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:99:20:99:49 | (err, r ... (query) | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:99:20:99:49 | (err, r ... (query) | TaintedPath | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:99:20:99:49 | (err, r ... (query) | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:99:20:99:49 | (err, r ... (query) | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:99:20:99:49 | (err, r ... (query) | Xss | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:99:20:99:49 | (err, r ... (query) | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:99:20:99:49 | (err, r ... (query) | Xss | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:99:20:99:49 | (err, r ... (query) | Xss | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:99:44:99:48 | query | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:99:44:99:48 | query | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:99:44:99:48 | query | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:99:44:99:48 | query | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:99:44:99:48 | query | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:99:44:99:48 | query | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:99:44:99:48 | query | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:99:44:99:48 | query | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:99:44:99:48 | query | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:99:44:99:48 | query | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:99:44:99:48 | query | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:99:44:99:48 | query | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:99:44:99:48 | query | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:99:44:99:48 | query | Xss | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:99:44:99:48 | query | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:99:44:99:48 | query | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:102:53:102:62 | "constant" | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:102:53:102:62 | "constant" | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:102:53:102:62 | "constant" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:102:53:102:62 | "constant" | NosqlInjection | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:111:14:111:18 | query | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:111:14:111:18 | query | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:111:14:111:18 | query | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:111:14:111:18 | query | NosqlInjection | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:113:28:113:28 | X | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:113:28:113:28 | X | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:113:28:113:28 | X | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:113:28:113:28 | X | NosqlInjection | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:113:31:113:35 | query | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:113:31:113:35 | query | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:113:31:113:35 | query | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:113:31:113:35 | query | NosqlInjection | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:113:38:113:52 | function () { } | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:113:38:113:52 | function () { } | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:113:38:113:52 | function () { } | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:113:38:113:52 | function () { } | NosqlInjection | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:113:38:113:52 | function () { } | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:113:38:113:52 | function () { } | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:113:38:113:52 | function () { } | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:113:38:113:52 | function () { } | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:113:38:113:52 | function () { } | SqlInjection | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:113:38:113:52 | function () { } | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:113:38:113:52 | function () { } | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:113:38:113:52 | function () { } | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:113:38:113:52 | function () { } | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:113:38:113:52 | function () { } | TaintedPath | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:113:38:113:52 | function () { } | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:113:38:113:52 | function () { } | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:113:38:113:52 | function () { } | Xss | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:113:38:113:52 | function () { } | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:113:38:113:52 | function () { } | Xss | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:113:38:113:52 | function () { } | Xss | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:116:22:116:25 | cond | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:116:22:116:25 | cond | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:116:22:116:25 | cond | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:116:22:116:25 | cond | NosqlInjection | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:117:21:117:24 | cond | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:117:21:117:24 | cond | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:117:21:117:24 | cond | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:117:21:117:24 | cond | NosqlInjection | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:118:21:118:24 | cond | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:118:21:118:24 | cond | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:118:21:118:24 | cond | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:118:21:118:24 | cond | NosqlInjection | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:119:18:119:21 | cond | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:119:18:119:21 | cond | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:119:18:119:21 | cond | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:119:18:119:21 | cond | NosqlInjection | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:120:22:120:25 | cond | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:120:22:120:25 | cond | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:120:22:120:25 | cond | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:120:22:120:25 | cond | NosqlInjection | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:121:16:121:19 | cond | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:121:16:121:19 | cond | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:121:16:121:19 | cond | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:121:16:121:19 | cond | NosqlInjection | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:122:19:122:22 | cond | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:122:19:122:22 | cond | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:122:19:122:22 | cond | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:122:19:122:22 | cond | NosqlInjection | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:123:20:123:21 | id | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:123:20:123:21 | id | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:123:20:123:21 | id | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:123:20:123:21 | id | NosqlInjection | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:124:28:124:31 | cond | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:124:28:124:31 | cond | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:124:28:124:31 | cond | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:124:28:124:31 | cond | NosqlInjection | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:125:28:125:31 | cond | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:125:28:125:31 | cond | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:125:28:125:31 | cond | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:125:28:125:31 | cond | NosqlInjection | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:126:28:126:31 | cond | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:126:28:126:31 | cond | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:126:28:126:31 | cond | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:126:28:126:31 | cond | NosqlInjection | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:126:34:126:34 | Y | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:126:34:126:34 | Y | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:126:34:126:34 | Y | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:126:34:126:34 | Y | NosqlInjection | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:127:18:127:21 | cond | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:127:18:127:21 | cond | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:127:18:127:21 | cond | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:127:18:127:21 | cond | NosqlInjection | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:127:24:127:24 | Y | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:127:24:127:24 | Y | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:127:24:127:24 | Y | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:127:24:127:24 | Y | NosqlInjection | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:128:22:128:25 | cond | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:128:22:128:25 | cond | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:128:22:128:25 | cond | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:128:22:128:25 | cond | NosqlInjection | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:128:28:128:28 | Y | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:128:28:128:28 | Y | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:128:28:128:28 | Y | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:128:28:128:28 | Y | NosqlInjection | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:129:21:129:24 | cond | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:129:21:129:24 | cond | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:129:21:129:24 | cond | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:129:21:129:24 | cond | NosqlInjection | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:129:27:129:27 | Y | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:129:27:129:27 | Y | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:129:27:129:27 | Y | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:129:27:129:27 | Y | NosqlInjection | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:130:16:130:26 | { _id: id } | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:130:16:130:26 | { _id: id } | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:130:16:130:26 | { _id: id } | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:130:16:130:26 | { _id: id } | NosqlInjection | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:130:23:130:24 | id | SqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:130:23:130:24 | id | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:130:23:130:24 | id | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:130:23:130:24 | id | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:130:23:130:24 | id | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:130:23:130:24 | id | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:130:23:130:24 | id | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:130:23:130:24 | id | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:130:23:130:24 | id | Xss | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:130:23:130:24 | id | Xss | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:130:23:130:24 | id | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:130:23:130:24 | id | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:131:16:131:35 | { _id: { $eq: id } } | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:131:16:131:35 | { _id: { $eq: id } } | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:131:16:131:35 | { _id: { $eq: id } } | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:131:16:131:35 | { _id: { $eq: id } } | NosqlInjection | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:131:23:131:33 | { $eq: id } | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:131:23:131:33 | { $eq: id } | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:131:23:131:33 | { $eq: id } | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:131:23:131:33 | { $eq: id } | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:131:23:131:33 | { $eq: id } | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:131:23:131:33 | { $eq: id } | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:131:23:131:33 | { $eq: id } | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:131:23:131:33 | { $eq: id } | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:131:23:131:33 | { $eq: id } | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:131:23:131:33 | { $eq: id } | Xss | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:131:23:131:33 | { $eq: id } | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:131:23:131:33 | { $eq: id } | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:131:30:131:31 | id | SqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:131:30:131:31 | id | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:131:30:131:31 | id | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:131:30:131:31 | id | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:131:30:131:31 | id | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:131:30:131:31 | id | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:131:30:131:31 | id | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:131:30:131:31 | id | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:131:30:131:31 | id | Xss | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:131:30:131:31 | id | Xss | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:131:30:131:31 | id | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:131:30:131:31 | id | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:2:25:2:33 | 'express' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:2:25:2:33 | 'express' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:2:25:2:33 | 'express' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:2:25:2:33 | 'express' | TaintedPath | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:3:28:3:40 | 'body-parser' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:3:28:3:40 | 'body-parser' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:3:28:3:40 | 'body-parser' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:3:28:3:40 | 'body-parser' | TaintedPath | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:4:26:4:35 | 'mongoose' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:4:26:4:35 | 'mongoose' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:4:26:4:35 | 'mongoose' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:4:26:4:35 | 'mongoose' | TaintedPath | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:6:18:6:50 | 'mongod ... table1' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:6:18:6:50 | 'mongod ... table1' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:6:18:6:50 | 'mongod ... table1' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:6:18:6:50 | 'mongod ... table1' | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:6:18:6:50 | 'mongod ... table1' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:6:18:6:50 | 'mongod ... table1' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:6:18:6:50 | 'mongod ... table1' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:6:18:6:50 | 'mongod ... table1' | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:6:18:6:50 | 'mongod ... table1' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:6:18:6:50 | 'mongod ... table1' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:6:18:6:50 | 'mongod ... table1' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:6:18:6:50 | 'mongod ... table1' | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:6:18:6:50 | 'mongod ... table1' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:6:18:6:50 | 'mongod ... table1' | Xss | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:6:18:6:50 | 'mongod ... table1' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:6:18:6:50 | 'mongod ... table1' | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:10:33:10:42 | 'Document' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:10:33:10:42 | 'Document' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:10:33:10:42 | 'Document' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:10:33:10:42 | 'Document' | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:10:33:10:42 | 'Document' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:10:33:10:42 | 'Document' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:10:33:10:42 | 'Document' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:10:33:10:42 | 'Document' | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:10:33:10:42 | 'Document' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:10:33:10:42 | 'Document' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:10:33:10:42 | 'Document' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:10:33:10:42 | 'Document' | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:10:33:10:42 | 'Document' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:10:33:10:42 | 'Document' | Xss | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:10:33:10:42 | 'Document' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:10:33:10:42 | 'Document' | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:10:45:16:1 | {\\n t ... tring\\n} | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:10:45:16:1 | {\\n t ... tring\\n} | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:10:45:16:1 | {\\n t ... tring\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:10:45:16:1 | {\\n t ... tring\\n} | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:10:45:16:1 | {\\n t ... tring\\n} | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:10:45:16:1 | {\\n t ... tring\\n} | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:10:45:16:1 | {\\n t ... tring\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:10:45:16:1 | {\\n t ... tring\\n} | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:10:45:16:1 | {\\n t ... tring\\n} | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:10:45:16:1 | {\\n t ... tring\\n} | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:10:45:16:1 | {\\n t ... tring\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:10:45:16:1 | {\\n t ... tring\\n} | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:10:45:16:1 | {\\n t ... tring\\n} | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:10:45:16:1 | {\\n t ... tring\\n} | Xss | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:10:45:16:1 | {\\n t ... tring\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:10:45:16:1 | {\\n t ... tring\\n} | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:11:12:14:5 | {\\n ... e\\n } | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:11:12:14:5 | {\\n ... e\\n } | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:11:12:14:5 | {\\n ... e\\n } | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:11:12:14:5 | {\\n ... e\\n } | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:11:12:14:5 | {\\n ... e\\n } | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:11:12:14:5 | {\\n ... e\\n } | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:11:12:14:5 | {\\n ... e\\n } | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:11:12:14:5 | {\\n ... e\\n } | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:11:12:14:5 | {\\n ... e\\n } | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:11:12:14:5 | {\\n ... e\\n } | Xss | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:11:12:14:5 | {\\n ... e\\n } | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:11:12:14:5 | {\\n ... e\\n } | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:12:15:12:20 | String | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:12:15:12:20 | String | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:12:15:12:20 | String | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:12:15:12:20 | String | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:12:15:12:20 | String | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:12:15:12:20 | String | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:12:15:12:20 | String | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:12:15:12:20 | String | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:12:15:12:20 | String | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:12:15:12:20 | String | Xss | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:12:15:12:20 | String | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:12:15:12:20 | String | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:13:17:13:20 | true | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:13:17:13:20 | true | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:13:17:13:20 | true | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:13:17:13:20 | true | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:13:17:13:20 | true | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:13:17:13:20 | true | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:13:17:13:20 | true | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:13:17:13:20 | true | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:13:17:13:20 | true | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:13:17:13:20 | true | Xss | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:13:17:13:20 | true | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:13:17:13:20 | true | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:15:11:15:16 | String | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:15:11:15:16 | String | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:15:11:15:16 | String | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:15:11:15:16 | String | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:15:11:15:16 | String | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:15:11:15:16 | String | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:15:11:15:16 | String | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:15:11:15:16 | String | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:15:11:15:16 | String | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:15:11:15:16 | String | Xss | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:15:11:15:16 | String | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:15:11:15:16 | String | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:18:9:18:25 | '/documents/find' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:18:9:18:25 | '/documents/find' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:18:9:18:25 | '/documents/find' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:18:9:18:25 | '/documents/find' | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:18:9:18:25 | '/documents/find' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:18:9:18:25 | '/documents/find' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:18:9:18:25 | '/documents/find' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:18:9:18:25 | '/documents/find' | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:18:9:18:25 | '/documents/find' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:18:9:18:25 | '/documents/find' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:18:9:18:25 | '/documents/find' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:18:9:18:25 | '/documents/find' | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:18:9:18:25 | '/documents/find' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:18:9:18:25 | '/documents/find' | Xss | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:18:9:18:25 | '/documents/find' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:18:9:18:25 | '/documents/find' | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:18:28:24:1 | (req, r ... ery);\\n} | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:18:28:24:1 | (req, r ... ery);\\n} | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:18:28:24:1 | (req, r ... ery);\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:18:28:24:1 | (req, r ... ery);\\n} | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:18:28:24:1 | (req, r ... ery);\\n} | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:18:28:24:1 | (req, r ... ery);\\n} | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:18:28:24:1 | (req, r ... ery);\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:18:28:24:1 | (req, r ... ery);\\n} | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:18:28:24:1 | (req, r ... ery);\\n} | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:18:28:24:1 | (req, r ... ery);\\n} | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:18:28:24:1 | (req, r ... ery);\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:18:28:24:1 | (req, r ... ery);\\n} | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:18:28:24:1 | (req, r ... ery);\\n} | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:18:28:24:1 | (req, r ... ery);\\n} | Xss | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:18:28:24:1 | (req, r ... ery);\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:18:28:24:1 | (req, r ... ery);\\n} | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:19:19:19:20 | {} | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:19:19:19:20 | {} | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:19:19:19:20 | {} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:19:19:19:20 | {} | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:19:19:19:20 | {} | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:19:19:19:20 | {} | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:19:19:19:20 | {} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:19:19:19:20 | {} | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:23:19:23:23 | query | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:23:19:23:23 | query | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:23:19:23:23 | query | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:23:19:23:23 | query | NosqlInjection | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModel.js:3:39:3:47 | 'MyModel' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModel.js:3:39:3:47 | 'MyModel' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModel.js:3:39:3:47 | 'MyModel' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModel.js:3:39:3:47 | 'MyModel' | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModel.js:3:39:3:47 | 'MyModel' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModel.js:3:39:3:47 | 'MyModel' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModel.js:3:39:3:47 | 'MyModel' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModel.js:3:39:3:47 | 'MyModel' | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModel.js:3:39:3:47 | 'MyModel' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModel.js:3:39:3:47 | 'MyModel' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModel.js:3:39:3:47 | 'MyModel' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModel.js:3:39:3:47 | 'MyModel' | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModel.js:3:39:3:47 | 'MyModel' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModel.js:3:39:3:47 | 'MyModel' | Xss | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModel.js:3:39:3:47 | 'MyModel' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModel.js:3:39:3:47 | 'MyModel' | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModel.js:3:50:3:60 | getSchema() | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModel.js:3:50:3:60 | getSchema() | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModel.js:3:50:3:60 | getSchema() | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModel.js:3:50:3:60 | getSchema() | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModel.js:3:50:3:60 | getSchema() | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModel.js:3:50:3:60 | getSchema() | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModel.js:3:50:3:60 | getSchema() | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModel.js:3:50:3:60 | getSchema() | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModel.js:3:50:3:60 | getSchema() | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModel.js:3:50:3:60 | getSchema() | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModel.js:3:50:3:60 | getSchema() | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModel.js:3:50:3:60 | getSchema() | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModel.js:3:50:3:60 | getSchema() | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModel.js:3:50:3:60 | getSchema() | Xss | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModel.js:3:50:3:60 | getSchema() | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModel.js:3:50:3:60 | getSchema() | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:7:9:7:25 | bodyParser.json() | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:7:9:7:25 | bodyParser.json() | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:7:9:7:25 | bodyParser.json() | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:7:9:7:25 | bodyParser.json() | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:7:9:7:25 | bodyParser.json() | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:7:9:7:25 | bodyParser.json() | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:7:9:7:25 | bodyParser.json() | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:7:9:7:25 | bodyParser.json() | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:7:9:7:25 | bodyParser.json() | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:7:9:7:25 | bodyParser.json() | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:7:9:7:25 | bodyParser.json() | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:7:9:7:25 | bodyParser.json() | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:7:9:7:25 | bodyParser.json() | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:7:9:7:25 | bodyParser.json() | Xss | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:7:9:7:25 | bodyParser.json() | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:7:9:7:25 | bodyParser.json() | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:9:10:9:16 | '/find' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:9:10:9:16 | '/find' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:9:10:9:16 | '/find' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:9:10:9:16 | '/find' | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:9:10:9:16 | '/find' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:9:10:9:16 | '/find' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:9:10:9:16 | '/find' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:9:10:9:16 | '/find' | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:9:10:9:16 | '/find' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:9:10:9:16 | '/find' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:9:10:9:16 | '/find' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:9:10:9:16 | '/find' | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:9:10:9:16 | '/find' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:9:10:9:16 | '/find' | Xss | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:9:10:9:16 | '/find' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:9:10:9:16 | '/find' | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:9:19:14:1 | (req, r ... // OK\\n} | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:9:19:14:1 | (req, r ... // OK\\n} | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:9:19:14:1 | (req, r ... // OK\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:9:19:14:1 | (req, r ... // OK\\n} | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:9:19:14:1 | (req, r ... // OK\\n} | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:9:19:14:1 | (req, r ... // OK\\n} | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:9:19:14:1 | (req, r ... // OK\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:9:19:14:1 | (req, r ... // OK\\n} | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:9:19:14:1 | (req, r ... // OK\\n} | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:9:19:14:1 | (req, r ... // OK\\n} | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:9:19:14:1 | (req, r ... // OK\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:9:19:14:1 | (req, r ... // OK\\n} | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:9:19:14:1 | (req, r ... // OK\\n} | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:9:19:14:1 | (req, r ... // OK\\n} | Xss | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:9:19:14:1 | (req, r ... // OK\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:9:19:14:1 | (req, r ... // OK\\n} | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:11:16:11:24 | { id: v } | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:11:16:11:24 | { id: v } | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:11:16:11:24 | { id: v } | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:11:16:11:24 | { id: v } | NosqlInjection | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:11:22:11:22 | v | SqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:11:22:11:22 | v | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:11:22:11:22 | v | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:11:22:11:22 | v | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:11:22:11:22 | v | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:11:22:11:22 | v | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:11:22:11:22 | v | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:11:22:11:22 | v | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:11:22:11:22 | v | Xss | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:11:22:11:22 | v | Xss | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:11:22:11:22 | v | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:11:22:11:22 | v | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:12:16:12:34 | { id: req.body.id } | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:12:16:12:34 | { id: req.body.id } | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:12:16:12:34 | { id: req.body.id } | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:12:16:12:34 | { id: req.body.id } | NosqlInjection | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:12:22:12:32 | req.body.id | SqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:12:22:12:32 | req.body.id | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:12:22:12:32 | req.body.id | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:12:22:12:32 | req.body.id | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:12:22:12:32 | req.body.id | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:12:22:12:32 | req.body.id | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:12:22:12:32 | req.body.id | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:12:22:12:32 | req.body.id | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:12:22:12:32 | req.body.id | Xss | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:12:22:12:32 | req.body.id | Xss | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:12:22:12:32 | req.body.id | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:12:22:12:32 | req.body.id | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:13:16:13:39 | { id: ` ... .id}` } | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:13:16:13:39 | { id: ` ... .id}` } | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:13:16:13:39 | { id: ` ... .id}` } | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:13:16:13:39 | { id: ` ... .id}` } | NosqlInjection | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:13:22:13:37 | `${req.body.id}` | SqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:13:22:13:37 | `${req.body.id}` | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:13:22:13:37 | `${req.body.id}` | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:13:22:13:37 | `${req.body.id}` | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:13:22:13:37 | `${req.body.id}` | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:13:22:13:37 | `${req.body.id}` | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:13:22:13:37 | `${req.body.id}` | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:13:22:13:37 | `${req.body.id}` | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:13:22:13:37 | `${req.body.id}` | Xss | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:13:22:13:37 | `${req.body.id}` | Xss | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:13:22:13:37 | `${req.body.id}` | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:13:22:13:37 | `${req.body.id}` | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise-types.ts:8:17:8:21 | taint | SqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise-types.ts:8:17:8:21 | taint | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise-types.ts:8:17:8:21 | taint | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise-types.ts:8:17:8:21 | taint | SqlInjection | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise-types.ts:13:9:13:17 | 'express' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise-types.ts:13:9:13:17 | 'express' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise-types.ts:13:9:13:17 | 'express' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise-types.ts:13:9:13:17 | 'express' | TaintedPath | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise-types.ts:13:26:13:31 | '/foo' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise-types.ts:13:26:13:31 | '/foo' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise-types.ts:13:26:13:31 | '/foo' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise-types.ts:13:26:13:31 | '/foo' | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise-types.ts:13:26:13:31 | '/foo' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise-types.ts:13:26:13:31 | '/foo' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise-types.ts:13:26:13:31 | '/foo' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise-types.ts:13:26:13:31 | '/foo' | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise-types.ts:13:26:13:31 | '/foo' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise-types.ts:13:26:13:31 | '/foo' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise-types.ts:13:26:13:31 | '/foo' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise-types.ts:13:26:13:31 | '/foo' | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise-types.ts:13:26:13:31 | '/foo' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise-types.ts:13:26:13:31 | '/foo' | Xss | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise-types.ts:13:26:13:31 | '/foo' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise-types.ts:13:26:13:31 | '/foo' | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise-types.ts:13:34:13:76 | (req, r ... q, res) | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise-types.ts:13:34:13:76 | (req, r ... q, res) | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise-types.ts:13:34:13:76 | (req, r ... q, res) | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise-types.ts:13:34:13:76 | (req, r ... q, res) | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise-types.ts:13:34:13:76 | (req, r ... q, res) | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise-types.ts:13:34:13:76 | (req, r ... q, res) | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise-types.ts:13:34:13:76 | (req, r ... q, res) | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise-types.ts:13:34:13:76 | (req, r ... q, res) | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise-types.ts:13:34:13:76 | (req, r ... q, res) | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise-types.ts:13:34:13:76 | (req, r ... q, res) | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise-types.ts:13:34:13:76 | (req, r ... q, res) | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise-types.ts:13:34:13:76 | (req, r ... q, res) | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise-types.ts:13:34:13:76 | (req, r ... q, res) | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise-types.ts:13:34:13:76 | (req, r ... q, res) | Xss | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise-types.ts:13:34:13:76 | (req, r ... q, res) | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise-types.ts:13:34:13:76 | (req, r ... q, res) | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:1:21:1:32 | 'pg-promise' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:1:21:1:32 | 'pg-promise' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:1:21:1:32 | 'pg-promise' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:1:21:1:32 | 'pg-promise' | TaintedPath | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:3:9:3:17 | 'express' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:3:9:3:17 | 'express' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:3:9:3:17 | 'express' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:3:9:3:17 | 'express' | TaintedPath | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:3:26:3:31 | '/foo' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:3:26:3:31 | '/foo' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:3:26:3:31 | '/foo' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:3:26:3:31 | '/foo' | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:3:26:3:31 | '/foo' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:3:26:3:31 | '/foo' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:3:26:3:31 | '/foo' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:3:26:3:31 | '/foo' | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:3:26:3:31 | '/foo' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:3:26:3:31 | '/foo' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:3:26:3:31 | '/foo' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:3:26:3:31 | '/foo' | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:3:26:3:31 | '/foo' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:3:26:3:31 | '/foo' | Xss | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:3:26:3:31 | '/foo' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:3:26:3:31 | '/foo' | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:3:34:66:1 | (req, r ... \\n );\\n} | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:3:34:66:1 | (req, r ... \\n );\\n} | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:3:34:66:1 | (req, r ... \\n );\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:3:34:66:1 | (req, r ... \\n );\\n} | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:3:34:66:1 | (req, r ... \\n );\\n} | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:3:34:66:1 | (req, r ... \\n );\\n} | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:3:34:66:1 | (req, r ... \\n );\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:3:34:66:1 | (req, r ... \\n );\\n} | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:3:34:66:1 | (req, r ... \\n );\\n} | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:3:34:66:1 | (req, r ... \\n );\\n} | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:3:34:66:1 | (req, r ... \\n );\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:3:34:66:1 | (req, r ... \\n );\\n} | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:3:34:66:1 | (req, r ... \\n );\\n} | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:3:34:66:1 | (req, r ... \\n );\\n} | Xss | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:3:34:66:1 | (req, r ... \\n );\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:3:34:66:1 | (req, r ... \\n );\\n} | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:4:18:4:52 | process ... TRING'] | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:4:18:4:52 | process ... TRING'] | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:4:18:4:52 | process ... TRING'] | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:4:18:4:52 | process ... TRING'] | NosqlInjection | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:4:18:4:52 | process ... TRING'] | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:4:18:4:52 | process ... TRING'] | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:4:18:4:52 | process ... TRING'] | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:4:18:4:52 | process ... TRING'] | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:4:18:4:52 | process ... TRING'] | SqlInjection | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:4:18:4:52 | process ... TRING'] | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:4:18:4:52 | process ... TRING'] | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:4:18:4:52 | process ... TRING'] | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:4:18:4:52 | process ... TRING'] | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:4:18:4:52 | process ... TRING'] | TaintedPath | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:4:18:4:52 | process ... TRING'] | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:4:18:4:52 | process ... TRING'] | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:4:18:4:52 | process ... TRING'] | Xss | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:4:18:4:52 | process ... TRING'] | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:4:18:4:52 | process ... TRING'] | Xss | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:4:18:4:52 | process ... TRING'] | Xss | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:6:15:7:34 | "SELECT ... ategory | SqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:6:15:7:34 | "SELECT ... ategory | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:6:15:7:34 | "SELECT ... ategory | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:6:15:7:34 | "SELECT ... ategory | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:6:15:7:55 | "SELECT ... PRICE" | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:6:15:7:55 | "SELECT ... PRICE" | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:6:15:7:55 | "SELECT ... PRICE" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:6:15:7:55 | "SELECT ... PRICE" | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:6:15:7:55 | "SELECT ... PRICE" | SqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:6:15:7:55 | "SELECT ... PRICE" | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:6:15:7:55 | "SELECT ... PRICE" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:6:15:7:55 | "SELECT ... PRICE" | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:9:10:9:14 | query | SqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:9:10:9:14 | query | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:9:10:9:14 | query | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:9:10:9:14 | query | SqlInjection | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:10:11:10:15 | query | SqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:10:11:10:15 | query | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:10:11:10:15 | query | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:10:11:10:15 | query | SqlInjection | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:11:17:11:21 | query | SqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:11:17:11:21 | query | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:11:17:11:21 | query | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:11:17:11:21 | query | SqlInjection | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:12:10:12:14 | query | SqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:12:10:12:14 | query | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:12:10:12:14 | query | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:12:10:12:14 | query | SqlInjection | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:13:12:13:16 | query | SqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:13:12:13:16 | query | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:13:12:13:16 | query | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:13:12:13:16 | query | SqlInjection | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:14:18:14:22 | query | SqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:14:18:14:22 | query | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:14:18:14:22 | query | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:14:18:14:22 | query | SqlInjection | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:15:11:15:15 | query | SqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:15:11:15:15 | query | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:15:11:15:15 | query | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:15:11:15:15 | query | SqlInjection | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:16:10:16:14 | query | SqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:16:10:16:14 | query | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:16:10:16:14 | query | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:16:10:16:14 | query | SqlInjection | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:17:16:17:20 | query | SqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:17:16:17:20 | query | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:17:16:17:20 | query | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:17:16:17:20 | query | SqlInjection | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:18:12:18:16 | query | SqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:18:12:18:16 | query | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:18:12:18:16 | query | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:18:12:18:16 | query | SqlInjection | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:19:13:19:17 | query | SqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:19:13:19:17 | query | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:19:13:19:17 | query | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:19:13:19:17 | query | SqlInjection | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:21:10:23:3 | {\\n t ... OK\\n } | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:21:10:23:3 | {\\n t ... OK\\n } | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:21:10:23:3 | {\\n t ... OK\\n } | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:21:10:23:3 | {\\n t ... OK\\n } | SqlInjection | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:22:11:22:15 | query | SqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:22:11:22:15 | query | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:22:11:22:15 | query | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:22:11:22:15 | query | SqlInjection | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:22:11:22:15 | query | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:22:11:22:15 | query | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:22:11:22:15 | query | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:22:11:22:15 | query | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:22:11:22:15 | query | Xss | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:22:11:22:15 | query | Xss | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:22:11:22:15 | query | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:22:11:22:15 | query | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:24:10:27:3 | {\\n t ... OK\\n } | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:24:10:27:3 | {\\n t ... OK\\n } | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:24:10:27:3 | {\\n t ... OK\\n } | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:24:10:27:3 | {\\n t ... OK\\n } | SqlInjection | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:25:11:25:44 | 'SELECT ... d = $1' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:25:11:25:44 | 'SELECT ... d = $1' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:25:11:25:44 | 'SELECT ... d = $1' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:25:11:25:44 | 'SELECT ... d = $1' | SqlInjection | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:25:11:25:44 | 'SELECT ... d = $1' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:25:11:25:44 | 'SELECT ... d = $1' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:25:11:25:44 | 'SELECT ... d = $1' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:25:11:25:44 | 'SELECT ... d = $1' | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:25:11:25:44 | 'SELECT ... d = $1' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:25:11:25:44 | 'SELECT ... d = $1' | Xss | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:25:11:25:44 | 'SELECT ... d = $1' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:25:11:25:44 | 'SELECT ... d = $1' | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:26:13:26:25 | req.params.id | SqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:26:13:26:25 | req.params.id | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:26:13:26:25 | req.params.id | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:26:13:26:25 | req.params.id | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:26:13:26:25 | req.params.id | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:26:13:26:25 | req.params.id | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:26:13:26:25 | req.params.id | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:26:13:26:25 | req.params.id | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:26:13:26:25 | req.params.id | Xss | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:26:13:26:25 | req.params.id | Xss | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:26:13:26:25 | req.params.id | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:26:13:26:25 | req.params.id | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:28:10:31:3 | {\\n t ... ter\\n } | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:28:10:31:3 | {\\n t ... ter\\n } | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:28:10:31:3 | {\\n t ... ter\\n } | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:28:10:31:3 | {\\n t ... ter\\n } | SqlInjection | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:29:11:29:48 | 'SELECT ... $1:raw' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:29:11:29:48 | 'SELECT ... $1:raw' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:29:11:29:48 | 'SELECT ... $1:raw' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:29:11:29:48 | 'SELECT ... $1:raw' | SqlInjection | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:29:11:29:48 | 'SELECT ... $1:raw' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:29:11:29:48 | 'SELECT ... $1:raw' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:29:11:29:48 | 'SELECT ... $1:raw' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:29:11:29:48 | 'SELECT ... $1:raw' | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:29:11:29:48 | 'SELECT ... $1:raw' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:29:11:29:48 | 'SELECT ... $1:raw' | Xss | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:29:11:29:48 | 'SELECT ... $1:raw' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:29:11:29:48 | 'SELECT ... $1:raw' | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:30:13:30:25 | req.params.id | SqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:30:13:30:25 | req.params.id | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:30:13:30:25 | req.params.id | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:30:13:30:25 | req.params.id | SqlInjection | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:30:13:30:25 | req.params.id | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:30:13:30:25 | req.params.id | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:30:13:30:25 | req.params.id | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:30:13:30:25 | req.params.id | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:30:13:30:25 | req.params.id | Xss | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:30:13:30:25 | req.params.id | Xss | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:30:13:30:25 | req.params.id | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:30:13:30:25 | req.params.id | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:32:10:35:3 | {\\n t ... OK\\n } | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:32:10:35:3 | {\\n t ... OK\\n } | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:32:10:35:3 | {\\n t ... OK\\n } | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:32:10:35:3 | {\\n t ... OK\\n } | SqlInjection | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:33:11:33:45 | 'SELECT ... = $1^' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:33:11:33:45 | 'SELECT ... = $1^' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:33:11:33:45 | 'SELECT ... = $1^' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:33:11:33:45 | 'SELECT ... = $1^' | SqlInjection | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:33:11:33:45 | 'SELECT ... = $1^' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:33:11:33:45 | 'SELECT ... = $1^' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:33:11:33:45 | 'SELECT ... = $1^' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:33:11:33:45 | 'SELECT ... = $1^' | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:33:11:33:45 | 'SELECT ... = $1^' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:33:11:33:45 | 'SELECT ... = $1^' | Xss | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:33:11:33:45 | 'SELECT ... = $1^' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:33:11:33:45 | 'SELECT ... = $1^' | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:34:13:34:25 | req.params.id | SqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:34:13:34:25 | req.params.id | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:34:13:34:25 | req.params.id | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:34:13:34:25 | req.params.id | SqlInjection | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:34:13:34:25 | req.params.id | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:34:13:34:25 | req.params.id | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:34:13:34:25 | req.params.id | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:34:13:34:25 | req.params.id | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:34:13:34:25 | req.params.id | Xss | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:34:13:34:25 | req.params.id | Xss | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:34:13:34:25 | req.params.id | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:34:13:34:25 | req.params.id | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:36:10:43:3 | {\\n t ... ]\\n } | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:36:10:43:3 | {\\n t ... ]\\n } | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:36:10:43:3 | {\\n t ... ]\\n } | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:36:10:43:3 | {\\n t ... ]\\n } | SqlInjection | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:37:11:37:79 | 'SELECT ... o = $3' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:37:11:37:79 | 'SELECT ... o = $3' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:37:11:37:79 | 'SELECT ... o = $3' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:37:11:37:79 | 'SELECT ... o = $3' | SqlInjection | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:37:11:37:79 | 'SELECT ... o = $3' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:37:11:37:79 | 'SELECT ... o = $3' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:37:11:37:79 | 'SELECT ... o = $3' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:37:11:37:79 | 'SELECT ... o = $3' | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:37:11:37:79 | 'SELECT ... o = $3' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:37:11:37:79 | 'SELECT ... o = $3' | Xss | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:37:11:37:79 | 'SELECT ... o = $3' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:37:11:37:79 | 'SELECT ... o = $3' | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:38:13:42:5 | [\\n ... n\\n ] | SqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:38:13:42:5 | [\\n ... n\\n ] | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:38:13:42:5 | [\\n ... n\\n ] | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:38:13:42:5 | [\\n ... n\\n ] | SqlInjection | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:38:13:42:5 | [\\n ... n\\n ] | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:38:13:42:5 | [\\n ... n\\n ] | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:38:13:42:5 | [\\n ... n\\n ] | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:38:13:42:5 | [\\n ... n\\n ] | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:38:13:42:5 | [\\n ... n\\n ] | Xss | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:38:13:42:5 | [\\n ... n\\n ] | Xss | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:38:13:42:5 | [\\n ... n\\n ] | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:38:13:42:5 | [\\n ... n\\n ] | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:39:7:39:19 | req.params.id | SqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:39:7:39:19 | req.params.id | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:39:7:39:19 | req.params.id | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:39:7:39:19 | req.params.id | SqlInjection | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:39:7:39:19 | req.params.id | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:39:7:39:19 | req.params.id | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:39:7:39:19 | req.params.id | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:39:7:39:19 | req.params.id | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:39:7:39:19 | req.params.id | Xss | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:39:7:39:19 | req.params.id | Xss | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:39:7:39:19 | req.params.id | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:39:7:39:19 | req.params.id | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:40:7:40:21 | req.params.name | SqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:40:7:40:21 | req.params.name | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:40:7:40:21 | req.params.name | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:40:7:40:21 | req.params.name | SqlInjection | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:40:7:40:21 | req.params.name | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:40:7:40:21 | req.params.name | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:40:7:40:21 | req.params.name | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:40:7:40:21 | req.params.name | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:40:7:40:21 | req.params.name | Xss | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:40:7:40:21 | req.params.name | Xss | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:40:7:40:21 | req.params.name | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:40:7:40:21 | req.params.name | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:41:7:41:20 | req.params.foo | SqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:41:7:41:20 | req.params.foo | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:41:7:41:20 | req.params.foo | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:41:7:41:20 | req.params.foo | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:41:7:41:20 | req.params.foo | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:41:7:41:20 | req.params.foo | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:41:7:41:20 | req.params.foo | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:41:7:41:20 | req.params.foo | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:41:7:41:20 | req.params.foo | Xss | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:41:7:41:20 | req.params.foo | Xss | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:41:7:41:20 | req.params.foo | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:41:7:41:20 | req.params.foo | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:44:10:50:3 | {\\n t ... }\\n } | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:44:10:50:3 | {\\n t ... }\\n } | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:44:10:50:3 | {\\n t ... }\\n } | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:44:10:50:3 | {\\n t ... }\\n } | SqlInjection | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:45:11:45:70 | 'SELECT ... {name}' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:45:11:45:70 | 'SELECT ... {name}' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:45:11:45:70 | 'SELECT ... {name}' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:45:11:45:70 | 'SELECT ... {name}' | SqlInjection | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:45:11:45:70 | 'SELECT ... {name}' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:45:11:45:70 | 'SELECT ... {name}' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:45:11:45:70 | 'SELECT ... {name}' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:45:11:45:70 | 'SELECT ... {name}' | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:45:11:45:70 | 'SELECT ... {name}' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:45:11:45:70 | 'SELECT ... {name}' | Xss | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:45:11:45:70 | 'SELECT ... {name}' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:45:11:45:70 | 'SELECT ... {name}' | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:46:13:49:5 | {\\n ... n\\n } | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:46:13:49:5 | {\\n ... n\\n } | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:46:13:49:5 | {\\n ... n\\n } | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:46:13:49:5 | {\\n ... n\\n } | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:46:13:49:5 | {\\n ... n\\n } | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:46:13:49:5 | {\\n ... n\\n } | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:46:13:49:5 | {\\n ... n\\n } | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:46:13:49:5 | {\\n ... n\\n } | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:46:13:49:5 | {\\n ... n\\n } | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:46:13:49:5 | {\\n ... n\\n } | Xss | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:46:13:49:5 | {\\n ... n\\n } | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:46:13:49:5 | {\\n ... n\\n } | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:47:11:47:23 | req.params.id | SqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:47:11:47:23 | req.params.id | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:47:11:47:23 | req.params.id | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:47:11:47:23 | req.params.id | SqlInjection | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:47:11:47:23 | req.params.id | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:47:11:47:23 | req.params.id | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:47:11:47:23 | req.params.id | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:47:11:47:23 | req.params.id | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:47:11:47:23 | req.params.id | Xss | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:47:11:47:23 | req.params.id | Xss | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:47:11:47:23 | req.params.id | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:47:11:47:23 | req.params.id | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:48:13:48:27 | req.params.name | SqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:48:13:48:27 | req.params.name | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:48:13:48:27 | req.params.name | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:48:13:48:27 | req.params.name | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:48:13:48:27 | req.params.name | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:48:13:48:27 | req.params.name | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:48:13:48:27 | req.params.name | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:48:13:48:27 | req.params.name | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:48:13:48:27 | req.params.name | Xss | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:48:13:48:27 | req.params.name | Xss | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:48:13:48:27 | req.params.name | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:48:13:48:27 | req.params.name | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:51:10:58:3 | {\\n t ... }\\n } | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:51:10:58:3 | {\\n t ... }\\n } | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:51:10:58:3 | {\\n t ... }\\n } | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:51:10:58:3 | {\\n t ... }\\n } | SqlInjection | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:52:11:52:121 | "SELECT ... lue%\\"" | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:52:11:52:121 | "SELECT ... lue%\\"" | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:52:11:52:121 | "SELECT ... lue%\\"" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:52:11:52:121 | "SELECT ... lue%\\"" | SqlInjection | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:52:11:52:121 | "SELECT ... lue%\\"" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:52:11:52:121 | "SELECT ... lue%\\"" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:52:11:52:121 | "SELECT ... lue%\\"" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:52:11:52:121 | "SELECT ... lue%\\"" | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:52:11:52:121 | "SELECT ... lue%\\"" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:52:11:52:121 | "SELECT ... lue%\\"" | Xss | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:52:11:52:121 | "SELECT ... lue%\\"" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:52:11:52:121 | "SELECT ... lue%\\"" | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:53:13:57:5 | {\\n ... e\\n } | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:53:13:57:5 | {\\n ... e\\n } | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:53:13:57:5 | {\\n ... e\\n } | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:53:13:57:5 | {\\n ... e\\n } | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:53:13:57:5 | {\\n ... e\\n } | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:53:13:57:5 | {\\n ... e\\n } | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:53:13:57:5 | {\\n ... e\\n } | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:53:13:57:5 | {\\n ... e\\n } | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:53:13:57:5 | {\\n ... e\\n } | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:53:13:57:5 | {\\n ... e\\n } | Xss | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:53:13:57:5 | {\\n ... e\\n } | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:53:13:57:5 | {\\n ... e\\n } | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:54:11:54:23 | req.params.id | SqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:54:11:54:23 | req.params.id | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:54:11:54:23 | req.params.id | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:54:11:54:23 | req.params.id | SqlInjection | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:54:11:54:23 | req.params.id | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:54:11:54:23 | req.params.id | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:54:11:54:23 | req.params.id | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:54:11:54:23 | req.params.id | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:54:11:54:23 | req.params.id | Xss | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:54:11:54:23 | req.params.id | Xss | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:54:11:54:23 | req.params.id | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:54:11:54:23 | req.params.id | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:55:13:55:27 | req.params.name | SqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:55:13:55:27 | req.params.name | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:55:13:55:27 | req.params.name | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:55:13:55:27 | req.params.name | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:55:13:55:27 | req.params.name | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:55:13:55:27 | req.params.name | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:55:13:55:27 | req.params.name | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:55:13:55:27 | req.params.name | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:55:13:55:27 | req.params.name | Xss | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:55:13:55:27 | req.params.name | Xss | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:55:13:55:27 | req.params.name | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:55:13:55:27 | req.params.name | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:56:14:56:29 | req.params.title | SqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:56:14:56:29 | req.params.title | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:56:14:56:29 | req.params.title | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:56:14:56:29 | req.params.title | SqlInjection | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:56:14:56:29 | req.params.title | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:56:14:56:29 | req.params.title | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:56:14:56:29 | req.params.title | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:56:14:56:29 | req.params.title | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:56:14:56:29 | req.params.title | Xss | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:56:14:56:29 | req.params.title | Xss | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:56:14:56:29 | req.params.title | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:56:14:56:29 | req.params.title | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:59:11:61:3 | t => {\\n ... OK\\n } | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:59:11:61:3 | t => {\\n ... OK\\n } | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:59:11:61:3 | t => {\\n ... OK\\n } | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:59:11:61:3 | t => {\\n ... OK\\n } | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:59:11:61:3 | t => {\\n ... OK\\n } | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:59:11:61:3 | t => {\\n ... OK\\n } | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:59:11:61:3 | t => {\\n ... OK\\n } | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:59:11:61:3 | t => {\\n ... OK\\n } | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:59:11:61:3 | t => {\\n ... OK\\n } | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:59:11:61:3 | t => {\\n ... OK\\n } | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:59:11:61:3 | t => {\\n ... OK\\n } | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:59:11:61:3 | t => {\\n ... OK\\n } | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:59:11:61:3 | t => {\\n ... OK\\n } | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:59:11:61:3 | t => {\\n ... OK\\n } | Xss | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:59:11:61:3 | t => {\\n ... OK\\n } | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:59:11:61:3 | t => {\\n ... OK\\n } | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:60:20:60:24 | query | SqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:60:20:60:24 | query | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:60:20:60:24 | query | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:60:20:60:24 | query | SqlInjection | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:63:5:63:30 | { cnd: ... uery) } | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:63:5:63:30 | { cnd: ... uery) } | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:63:5:63:30 | { cnd: ... uery) } | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:63:5:63:30 | { cnd: ... uery) } | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:63:5:63:30 | { cnd: ... uery) } | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:63:5:63:30 | { cnd: ... uery) } | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:63:5:63:30 | { cnd: ... uery) } | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:63:5:63:30 | { cnd: ... uery) } | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:63:5:63:30 | { cnd: ... uery) } | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:63:5:63:30 | { cnd: ... uery) } | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:63:5:63:30 | { cnd: ... uery) } | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:63:5:63:30 | { cnd: ... uery) } | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:63:5:63:30 | { cnd: ... uery) } | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:63:5:63:30 | { cnd: ... uery) } | Xss | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:63:5:63:30 | { cnd: ... uery) } | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:63:5:63:30 | { cnd: ... uery) } | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:63:12:63:28 | t => t.one(query) | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:63:12:63:28 | t => t.one(query) | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:63:12:63:28 | t => t.one(query) | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:63:12:63:28 | t => t.one(query) | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:63:12:63:28 | t => t.one(query) | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:63:12:63:28 | t => t.one(query) | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:63:12:63:28 | t => t.one(query) | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:63:12:63:28 | t => t.one(query) | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:63:12:63:28 | t => t.one(query) | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:63:12:63:28 | t => t.one(query) | Xss | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:63:12:63:28 | t => t.one(query) | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:63:12:63:28 | t => t.one(query) | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:63:23:63:27 | query | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:63:23:63:27 | query | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:63:23:63:27 | query | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:63:23:63:27 | query | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:63:23:63:27 | query | SqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:63:23:63:27 | query | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:63:23:63:27 | query | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:63:23:63:27 | query | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:63:23:63:27 | query | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:63:23:63:27 | query | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:63:23:63:27 | query | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:63:23:63:27 | query | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:63:23:63:27 | query | Xss | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:63:23:63:27 | query | Xss | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:63:23:63:27 | query | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:63:23:63:27 | query | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:64:5:64:21 | t => t.one(query) | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:64:5:64:21 | t => t.one(query) | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:64:5:64:21 | t => t.one(query) | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:64:5:64:21 | t => t.one(query) | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:64:5:64:21 | t => t.one(query) | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:64:5:64:21 | t => t.one(query) | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:64:5:64:21 | t => t.one(query) | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:64:5:64:21 | t => t.one(query) | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:64:5:64:21 | t => t.one(query) | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:64:5:64:21 | t => t.one(query) | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:64:5:64:21 | t => t.one(query) | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:64:5:64:21 | t => t.one(query) | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:64:5:64:21 | t => t.one(query) | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:64:5:64:21 | t => t.one(query) | Xss | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:64:5:64:21 | t => t.one(query) | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:64:5:64:21 | t => t.one(query) | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:64:16:64:20 | query | SqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:64:16:64:20 | query | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:64:16:64:20 | query | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:64:16:64:20 | query | SqlInjection | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:2:23:2:29 | "redis" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:2:23:2:29 | "redis" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:2:23:2:29 | "redis" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:2:23:2:29 | "redis" | TaintedPath | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:5:25:5:33 | 'express' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:5:25:5:33 | 'express' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:5:25:5:33 | 'express' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:5:25:5:33 | 'express' | TaintedPath | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:7:9:7:37 | require ... .json() | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:7:9:7:37 | require ... .json() | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:7:9:7:37 | require ... .json() | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:7:9:7:37 | require ... .json() | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:7:9:7:37 | require ... .json() | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:7:9:7:37 | require ... .json() | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:7:9:7:37 | require ... .json() | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:7:9:7:37 | require ... .json() | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:7:9:7:37 | require ... .json() | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:7:9:7:37 | require ... .json() | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:7:9:7:37 | require ... .json() | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:7:9:7:37 | require ... .json() | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:7:9:7:37 | require ... .json() | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:7:9:7:37 | require ... .json() | Xss | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:7:9:7:37 | require ... .json() | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:7:9:7:37 | require ... .json() | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:7:17:7:29 | 'body-parser' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:7:17:7:29 | 'body-parser' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:7:17:7:29 | 'body-parser' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:7:17:7:29 | 'body-parser' | TaintedPath | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:9:10:9:26 | '/documents/find' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:9:10:9:26 | '/documents/find' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:9:10:9:26 | '/documents/find' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:9:10:9:26 | '/documents/find' | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:9:10:9:26 | '/documents/find' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:9:10:9:26 | '/documents/find' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:9:10:9:26 | '/documents/find' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:9:10:9:26 | '/documents/find' | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:9:10:9:26 | '/documents/find' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:9:10:9:26 | '/documents/find' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:9:10:9:26 | '/documents/find' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:9:10:9:26 | '/documents/find' | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:9:10:9:26 | '/documents/find' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:9:10:9:26 | '/documents/find' | Xss | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:9:10:9:26 | '/documents/find' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:9:10:9:26 | '/documents/find' | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:9:29:33:1 | (req, r ... OT OK\\n} | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:9:29:33:1 | (req, r ... OT OK\\n} | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:9:29:33:1 | (req, r ... OT OK\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:9:29:33:1 | (req, r ... OT OK\\n} | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:9:29:33:1 | (req, r ... OT OK\\n} | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:9:29:33:1 | (req, r ... OT OK\\n} | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:9:29:33:1 | (req, r ... OT OK\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:9:29:33:1 | (req, r ... OT OK\\n} | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:9:29:33:1 | (req, r ... OT OK\\n} | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:9:29:33:1 | (req, r ... OT OK\\n} | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:9:29:33:1 | (req, r ... OT OK\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:9:29:33:1 | (req, r ... OT OK\\n} | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:9:29:33:1 | (req, r ... OT OK\\n} | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:9:29:33:1 | (req, r ... OT OK\\n} | Xss | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:9:29:33:1 | (req, r ... OT OK\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:9:29:33:1 | (req, r ... OT OK\\n} | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:10:16:10:27 | req.body.key | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:10:16:10:27 | req.body.key | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:10:16:10:27 | req.body.key | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:10:16:10:27 | req.body.key | NosqlInjection | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:10:30:10:36 | "value" | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:10:30:10:36 | "value" | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:10:30:10:36 | "value" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:10:30:10:36 | "value" | NosqlInjection | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:10:30:10:36 | "value" | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:10:30:10:36 | "value" | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:10:30:10:36 | "value" | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:10:30:10:36 | "value" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:10:30:10:36 | "value" | SqlInjection | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:10:30:10:36 | "value" | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:10:30:10:36 | "value" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:10:30:10:36 | "value" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:10:30:10:36 | "value" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:10:30:10:36 | "value" | TaintedPath | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:10:30:10:36 | "value" | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:10:30:10:36 | "value" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:10:30:10:36 | "value" | Xss | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:10:30:10:36 | "value" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:10:30:10:36 | "value" | Xss | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:10:30:10:36 | "value" | Xss | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:14:20:14:22 | key | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:14:20:14:22 | key | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:14:20:14:22 | key | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:14:20:14:22 | key | NosqlInjection | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:14:25:14:31 | "value" | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:14:25:14:31 | "value" | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:14:25:14:31 | "value" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:14:25:14:31 | "value" | NosqlInjection | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:14:25:14:31 | "value" | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:14:25:14:31 | "value" | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:14:25:14:31 | "value" | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:14:25:14:31 | "value" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:14:25:14:31 | "value" | SqlInjection | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:14:25:14:31 | "value" | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:14:25:14:31 | "value" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:14:25:14:31 | "value" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:14:25:14:31 | "value" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:14:25:14:31 | "value" | TaintedPath | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:14:25:14:31 | "value" | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:14:25:14:31 | "value" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:14:25:14:31 | "value" | Xss | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:14:25:14:31 | "value" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:14:25:14:31 | "value" | Xss | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:14:25:14:31 | "value" | Xss | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:15:20:15:35 | ["key", "value"] | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:15:20:15:35 | ["key", "value"] | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:15:20:15:35 | ["key", "value"] | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:15:20:15:35 | ["key", "value"] | NosqlInjection | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:15:21:15:25 | "key" | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:15:21:15:25 | "key" | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:15:21:15:25 | "key" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:15:21:15:25 | "key" | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:15:21:15:25 | "key" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:15:21:15:25 | "key" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:15:21:15:25 | "key" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:15:21:15:25 | "key" | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:15:21:15:25 | "key" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:15:21:15:25 | "key" | Xss | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:15:21:15:25 | "key" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:15:21:15:25 | "key" | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:15:28:15:34 | "value" | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:15:28:15:34 | "value" | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:15:28:15:34 | "value" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:15:28:15:34 | "value" | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:15:28:15:34 | "value" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:15:28:15:34 | "value" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:15:28:15:34 | "value" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:15:28:15:34 | "value" | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:15:28:15:34 | "value" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:15:28:15:34 | "value" | Xss | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:15:28:15:34 | "value" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:15:28:15:34 | "value" | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:18:16:18:18 | key | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:18:16:18:18 | key | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:18:16:18:18 | key | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:18:16:18:18 | key | NosqlInjection | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:18:21:18:27 | "value" | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:18:21:18:27 | "value" | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:18:21:18:27 | "value" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:18:21:18:27 | "value" | NosqlInjection | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:18:21:18:27 | "value" | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:18:21:18:27 | "value" | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:18:21:18:27 | "value" | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:18:21:18:27 | "value" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:18:21:18:27 | "value" | SqlInjection | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:18:21:18:27 | "value" | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:18:21:18:27 | "value" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:18:21:18:27 | "value" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:18:21:18:27 | "value" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:18:21:18:27 | "value" | TaintedPath | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:18:21:18:27 | "value" | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:18:21:18:27 | "value" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:18:21:18:27 | "value" | Xss | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:18:21:18:27 | "value" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:18:21:18:27 | "value" | Xss | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:18:21:18:27 | "value" | Xss | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:19:18:19:22 | "key" | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:19:18:19:22 | "key" | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:19:18:19:22 | "key" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:19:18:19:22 | "key" | NosqlInjection | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:19:25:19:31 | "field" | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:19:25:19:31 | "field" | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:19:25:19:31 | "field" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:19:25:19:31 | "field" | NosqlInjection | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:19:34:19:40 | "value" | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:19:34:19:40 | "value" | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:19:34:19:40 | "value" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:19:34:19:40 | "value" | NosqlInjection | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:19:43:19:45 | key | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:19:43:19:45 | key | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:19:43:19:45 | key | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:19:43:19:45 | key | NosqlInjection | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:19:48:19:55 | "value2" | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:19:48:19:55 | "value2" | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:19:48:19:55 | "value2" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:19:48:19:55 | "value2" | NosqlInjection | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:24:14:24:23 | "constant" | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:24:14:24:23 | "constant" | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:24:14:24:23 | "constant" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:24:14:24:23 | "constant" | NosqlInjection | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:24:26:24:32 | "value" | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:24:26:24:32 | "value" | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:24:26:24:32 | "value" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:24:26:24:32 | "value" | NosqlInjection | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:24:26:24:32 | "value" | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:24:26:24:32 | "value" | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:24:26:24:32 | "value" | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:24:26:24:32 | "value" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:24:26:24:32 | "value" | SqlInjection | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:24:26:24:32 | "value" | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:24:26:24:32 | "value" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:24:26:24:32 | "value" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:24:26:24:32 | "value" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:24:26:24:32 | "value" | TaintedPath | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:24:26:24:32 | "value" | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:24:26:24:32 | "value" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:24:26:24:32 | "value" | Xss | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:24:26:24:32 | "value" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:24:26:24:32 | "value" | Xss | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:24:26:24:32 | "value" | Xss | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:25:14:25:16 | key | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:25:14:25:16 | key | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:25:14:25:16 | key | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:25:14:25:16 | key | NosqlInjection | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:25:19:25:25 | "value" | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:25:19:25:25 | "value" | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:25:19:25:25 | "value" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:25:19:25:25 | "value" | NosqlInjection | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:25:19:25:25 | "value" | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:25:19:25:25 | "value" | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:25:19:25:25 | "value" | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:25:19:25:25 | "value" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:25:19:25:25 | "value" | SqlInjection | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:25:19:25:25 | "value" | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:25:19:25:25 | "value" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:25:19:25:25 | "value" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:25:19:25:25 | "value" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:25:19:25:25 | "value" | TaintedPath | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:25:19:25:25 | "value" | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:25:19:25:25 | "value" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:25:19:25:25 | "value" | Xss | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:25:19:25:25 | "value" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:25:19:25:25 | "value" | Xss | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:25:19:25:25 | "value" | Xss | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:26:14:26:16 | key | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:26:14:26:16 | key | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:26:14:26:16 | key | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:26:14:26:16 | key | NosqlInjection | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:26:14:26:16 | key | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:26:14:26:16 | key | SqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:26:14:26:16 | key | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:26:14:26:16 | key | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:26:14:26:16 | key | SqlInjection | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:26:14:26:16 | key | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:26:14:26:16 | key | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:26:14:26:16 | key | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:26:14:26:16 | key | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:26:14:26:16 | key | TaintedPath | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:26:14:26:16 | key | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:26:14:26:16 | key | Xss | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:26:14:26:16 | key | Xss | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:26:14:26:16 | key | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:26:14:26:16 | key | Xss | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:26:14:26:16 | key | Xss | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:27:15:27:41 | functio ... es) { } | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:27:15:27:41 | functio ... es) { } | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:27:15:27:41 | functio ... es) { } | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:27:15:27:41 | functio ... es) { } | NosqlInjection | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:27:15:27:41 | functio ... es) { } | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:27:15:27:41 | functio ... es) { } | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:27:15:27:41 | functio ... es) { } | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:27:15:27:41 | functio ... es) { } | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:27:15:27:41 | functio ... es) { } | SqlInjection | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:27:15:27:41 | functio ... es) { } | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:27:15:27:41 | functio ... es) { } | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:27:15:27:41 | functio ... es) { } | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:27:15:27:41 | functio ... es) { } | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:27:15:27:41 | functio ... es) { } | TaintedPath | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:27:15:27:41 | functio ... es) { } | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:27:15:27:41 | functio ... es) { } | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:27:15:27:41 | functio ... es) { } | Xss | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:27:15:27:41 | functio ... es) { } | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:27:15:27:41 | functio ... es) { } | Xss | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:27:15:27:41 | functio ... es) { } | Xss | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:29:22:31:5 | (err, n ... K\\n } | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:29:22:31:5 | (err, n ... K\\n } | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:29:22:31:5 | (err, n ... K\\n } | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:29:22:31:5 | (err, n ... K\\n } | NosqlInjection | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:29:22:31:5 | (err, n ... K\\n } | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:29:22:31:5 | (err, n ... K\\n } | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:29:22:31:5 | (err, n ... K\\n } | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:29:22:31:5 | (err, n ... K\\n } | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:29:22:31:5 | (err, n ... K\\n } | SqlInjection | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:29:22:31:5 | (err, n ... K\\n } | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:29:22:31:5 | (err, n ... K\\n } | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:29:22:31:5 | (err, n ... K\\n } | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:29:22:31:5 | (err, n ... K\\n } | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:29:22:31:5 | (err, n ... K\\n } | TaintedPath | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:29:22:31:5 | (err, n ... K\\n } | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:29:22:31:5 | (err, n ... K\\n } | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:29:22:31:5 | (err, n ... K\\n } | Xss | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:29:22:31:5 | (err, n ... K\\n } | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:29:22:31:5 | (err, n ... K\\n } | Xss | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:29:22:31:5 | (err, n ... K\\n } | Xss | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:30:23:30:25 | key | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:30:23:30:25 | key | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:30:23:30:25 | key | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:30:23:30:25 | key | NosqlInjection | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:30:28:30:34 | "value" | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:30:28:30:34 | "value" | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:30:28:30:34 | "value" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:30:28:30:34 | "value" | NosqlInjection | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:30:28:30:34 | "value" | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:30:28:30:34 | "value" | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:30:28:30:34 | "value" | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:30:28:30:34 | "value" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:30:28:30:34 | "value" | SqlInjection | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:30:28:30:34 | "value" | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:30:28:30:34 | "value" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:30:28:30:34 | "value" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:30:28:30:34 | "value" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:30:28:30:34 | "value" | TaintedPath | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:30:28:30:34 | "value" | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:30:28:30:34 | "value" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:30:28:30:34 | "value" | Xss | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:30:28:30:34 | "value" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:30:28:30:34 | "value" | Xss | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:30:28:30:34 | "value" | Xss | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:32:28:32:30 | key | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:32:28:32:30 | key | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:32:28:32:30 | key | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:32:28:32:30 | key | NosqlInjection | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:32:33:32:39 | "value" | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:32:33:32:39 | "value" | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:32:33:32:39 | "value" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:32:33:32:39 | "value" | NosqlInjection | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:32:33:32:39 | "value" | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:32:33:32:39 | "value" | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:32:33:32:39 | "value" | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:32:33:32:39 | "value" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:32:33:32:39 | "value" | SqlInjection | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:32:33:32:39 | "value" | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:32:33:32:39 | "value" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:32:33:32:39 | "value" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:32:33:32:39 | "value" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:32:33:32:39 | "value" | TaintedPath | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:32:33:32:39 | "value" | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:32:33:32:39 | "value" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:32:33:32:39 | "value" | Xss | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:32:33:32:39 | "value" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:32:33:32:39 | "value" | Xss | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:32:33:32:39 | "value" | Xss | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:37:10:37:26 | '/documents/find' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:37:10:37:26 | '/documents/find' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:37:10:37:26 | '/documents/find' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:37:10:37:26 | '/documents/find' | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:37:10:37:26 | '/documents/find' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:37:10:37:26 | '/documents/find' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:37:10:37:26 | '/documents/find' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:37:10:37:26 | '/documents/find' | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:37:10:37:26 | '/documents/find' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:37:10:37:26 | '/documents/find' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:37:10:37:26 | '/documents/find' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:37:10:37:26 | '/documents/find' | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:37:10:37:26 | '/documents/find' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:37:10:37:26 | '/documents/find' | Xss | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:37:10:37:26 | '/documents/find' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:37:10:37:26 | '/documents/find' | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:37:29:53:1 | (req, r ... // OK\\n} | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:37:29:53:1 | (req, r ... // OK\\n} | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:37:29:53:1 | (req, r ... // OK\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:37:29:53:1 | (req, r ... // OK\\n} | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:37:29:53:1 | (req, r ... // OK\\n} | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:37:29:53:1 | (req, r ... // OK\\n} | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:37:29:53:1 | (req, r ... // OK\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:37:29:53:1 | (req, r ... // OK\\n} | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:37:29:53:1 | (req, r ... // OK\\n} | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:37:29:53:1 | (req, r ... // OK\\n} | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:37:29:53:1 | (req, r ... // OK\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:37:29:53:1 | (req, r ... // OK\\n} | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:37:29:53:1 | (req, r ... // OK\\n} | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:37:29:53:1 | (req, r ... // OK\\n} | Xss | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:37:29:53:1 | (req, r ... // OK\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:37:29:53:1 | (req, r ... // OK\\n} | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:39:16:39:18 | key | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:39:16:39:18 | key | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:39:16:39:18 | key | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:39:16:39:18 | key | NosqlInjection | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:39:21:39:27 | "value" | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:39:21:39:27 | "value" | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:39:21:39:27 | "value" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:39:21:39:27 | "value" | NosqlInjection | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:39:21:39:27 | "value" | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:39:21:39:27 | "value" | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:39:21:39:27 | "value" | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:39:21:39:27 | "value" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:39:21:39:27 | "value" | SqlInjection | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:39:21:39:27 | "value" | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:39:21:39:27 | "value" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:39:21:39:27 | "value" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:39:21:39:27 | "value" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:39:21:39:27 | "value" | TaintedPath | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:39:21:39:27 | "value" | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:39:21:39:27 | "value" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:39:21:39:27 | "value" | Xss | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:39:21:39:27 | "value" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:39:21:39:27 | "value" | Xss | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:39:21:39:27 | "value" | Xss | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:41:32:41:41 | client.set | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:41:32:41:41 | client.set | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:41:32:41:41 | client.set | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:41:32:41:41 | client.set | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:41:32:41:41 | client.set | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:41:32:41:41 | client.set | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:41:32:41:41 | client.set | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:41:32:41:41 | client.set | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:41:32:41:41 | client.set | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:41:32:41:41 | client.set | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:41:32:41:41 | client.set | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:41:32:41:41 | client.set | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:41:32:41:41 | client.set | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:41:32:41:41 | client.set | Xss | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:41:32:41:41 | client.set | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:41:32:41:41 | client.set | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:41:49:41:54 | client | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:41:49:41:54 | client | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:41:49:41:54 | client | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:41:49:41:54 | client | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:41:49:41:54 | client | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:41:49:41:54 | client | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:41:49:41:54 | client | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:41:49:41:54 | client | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:41:49:41:54 | client | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:41:49:41:54 | client | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:41:49:41:54 | client | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:41:49:41:54 | client | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:41:49:41:54 | client | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:41:49:41:54 | client | Xss | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:41:49:41:54 | client | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:41:49:41:54 | client | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:43:27:43:29 | key | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:43:27:43:29 | key | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:43:27:43:29 | key | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:43:27:43:29 | key | NosqlInjection | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:45:33:45:42 | client.set | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:45:33:45:42 | client.set | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:45:33:45:42 | client.set | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:45:33:45:42 | client.set | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:45:33:45:42 | client.set | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:45:33:45:42 | client.set | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:45:33:45:42 | client.set | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:45:33:45:42 | client.set | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:45:33:45:42 | client.set | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:45:33:45:42 | client.set | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:45:33:45:42 | client.set | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:45:33:45:42 | client.set | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:45:33:45:42 | client.set | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:45:33:45:42 | client.set | Xss | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:45:33:45:42 | client.set | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:45:33:45:42 | client.set | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:46:34:46:36 | key | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:46:34:46:36 | key | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:46:34:46:36 | key | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:46:34:46:36 | key | NosqlInjection | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:46:39:46:45 | "value" | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:46:39:46:45 | "value" | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:46:39:46:45 | "value" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:46:39:46:45 | "value" | NosqlInjection | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:46:39:46:45 | "value" | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:46:39:46:45 | "value" | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:46:39:46:45 | "value" | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:46:39:46:45 | "value" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:46:39:46:45 | "value" | SqlInjection | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:46:39:46:45 | "value" | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:46:39:46:45 | "value" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:46:39:46:45 | "value" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:46:39:46:45 | "value" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:46:39:46:45 | "value" | TaintedPath | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:46:39:46:45 | "value" | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:46:39:46:45 | "value" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:46:39:46:45 | "value" | Xss | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:46:39:46:45 | "value" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:46:39:46:45 | "value" | Xss | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:46:39:46:45 | "value" | Xss | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:48:34:48:41 | () => {} | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:48:34:48:41 | () => {} | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:48:34:48:41 | () => {} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:48:34:48:41 | () => {} | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:48:34:48:41 | () => {} | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:48:34:48:41 | () => {} | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:48:34:48:41 | () => {} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:48:34:48:41 | () => {} | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:48:34:48:41 | () => {} | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:48:34:48:41 | () => {} | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:48:34:48:41 | () => {} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:48:34:48:41 | () => {} | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:48:34:48:41 | () => {} | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:48:34:48:41 | () => {} | Xss | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:48:34:48:41 | () => {} | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:48:34:48:41 | () => {} | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:49:35:49:37 | key | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:49:35:49:37 | key | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:49:35:49:37 | key | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:49:35:49:37 | key | NosqlInjection | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:49:35:49:37 | key | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:49:35:49:37 | key | SqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:49:35:49:37 | key | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:49:35:49:37 | key | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:49:35:49:37 | key | SqlInjection | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:49:35:49:37 | key | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:49:35:49:37 | key | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:49:35:49:37 | key | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:49:35:49:37 | key | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:49:35:49:37 | key | TaintedPath | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:49:35:49:37 | key | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:49:35:49:37 | key | Xss | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:49:35:49:37 | key | Xss | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:49:35:49:37 | key | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:49:35:49:37 | key | Xss | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:49:35:49:37 | key | Xss | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:49:40:49:46 | "value" | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:49:40:49:46 | "value" | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:49:40:49:46 | "value" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:49:40:49:46 | "value" | NosqlInjection | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:49:40:49:46 | "value" | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:49:40:49:46 | "value" | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:49:40:49:46 | "value" | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:49:40:49:46 | "value" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:49:40:49:46 | "value" | SqlInjection | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:49:40:49:46 | "value" | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:49:40:49:46 | "value" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:49:40:49:46 | "value" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:49:40:49:46 | "value" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:49:40:49:46 | "value" | TaintedPath | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:49:40:49:46 | "value" | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:49:40:49:46 | "value" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:49:40:49:46 | "value" | Xss | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:49:40:49:46 | "value" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:49:40:49:46 | "value" | Xss | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:49:40:49:46 | "value" | Xss | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:51:33:51:45 | client.foobar | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:51:33:51:45 | client.foobar | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:51:33:51:45 | client.foobar | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:51:33:51:45 | client.foobar | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:51:33:51:45 | client.foobar | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:51:33:51:45 | client.foobar | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:51:33:51:45 | client.foobar | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:51:33:51:45 | client.foobar | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:51:33:51:45 | client.foobar | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:51:33:51:45 | client.foobar | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:51:33:51:45 | client.foobar | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:51:33:51:45 | client.foobar | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:51:33:51:45 | client.foobar | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:51:33:51:45 | client.foobar | Xss | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:51:33:51:45 | client.foobar | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:51:33:51:45 | client.foobar | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:51:53:51:58 | client | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:51:53:51:58 | client | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:51:53:51:58 | client | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:51:53:51:58 | client | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:51:53:51:58 | client | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:51:53:51:58 | client | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:51:53:51:58 | client | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:51:53:51:58 | client | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:51:53:51:58 | client | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:51:53:51:58 | client | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:51:53:51:58 | client | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:51:53:51:58 | client | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:51:53:51:58 | client | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:51:53:51:58 | client | Xss | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:51:53:51:58 | client | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:51:53:51:58 | client | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:52:28:52:30 | key | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:52:28:52:30 | key | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:52:28:52:30 | key | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:52:28:52:30 | key | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:52:28:52:30 | key | SqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:52:28:52:30 | key | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:52:28:52:30 | key | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:52:28:52:30 | key | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:52:28:52:30 | key | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:52:28:52:30 | key | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:52:28:52:30 | key | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:52:28:52:30 | key | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:52:28:52:30 | key | Xss | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:52:28:52:30 | key | Xss | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:52:28:52:30 | key | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:52:28:52:30 | key | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:52:33:52:39 | "value" | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:52:33:52:39 | "value" | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:52:33:52:39 | "value" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:52:33:52:39 | "value" | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:52:33:52:39 | "value" | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:52:33:52:39 | "value" | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:52:33:52:39 | "value" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:52:33:52:39 | "value" | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:52:33:52:39 | "value" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:52:33:52:39 | "value" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:52:33:52:39 | "value" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:52:33:52:39 | "value" | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:52:33:52:39 | "value" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:52:33:52:39 | "value" | Xss | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:52:33:52:39 | "value" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:52:33:52:39 | "value" | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:4:23:4:31 | 'express' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:4:23:4:31 | 'express' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:4:23:4:31 | 'express' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:4:23:4:31 | 'express' | TaintedPath | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:5:23:5:31 | 'sqlite3' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:5:23:5:31 | 'sqlite3' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:5:23:5:31 | 'sqlite3' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:5:23:5:31 | 'sqlite3' | TaintedPath | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:8:18:8:28 | 'socket.io' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:8:18:8:28 | 'socket.io' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:8:18:8:28 | 'socket.io' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:8:18:8:28 | 'socket.io' | TaintedPath | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:9:7:9:18 | 'connection' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:9:7:9:18 | 'connection' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:9:7:9:18 | 'connection' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:9:7:9:18 | 'connection' | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:9:7:9:18 | 'connection' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:9:7:9:18 | 'connection' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:9:7:9:18 | 'connection' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:9:7:9:18 | 'connection' | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:9:7:9:18 | 'connection' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:9:7:9:18 | 'connection' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:9:7:9:18 | 'connection' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:9:7:9:18 | 'connection' | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:9:7:9:18 | 'connection' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:9:7:9:18 | 'connection' | Xss | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:9:7:9:18 | 'connection' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:9:7:9:18 | 'connection' | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:9:21:13:1 | (socket ... });\\n} | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:9:21:13:1 | (socket ... });\\n} | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:9:21:13:1 | (socket ... });\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:9:21:13:1 | (socket ... });\\n} | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:9:21:13:1 | (socket ... });\\n} | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:9:21:13:1 | (socket ... });\\n} | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:9:21:13:1 | (socket ... });\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:9:21:13:1 | (socket ... });\\n} | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:9:21:13:1 | (socket ... });\\n} | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:9:21:13:1 | (socket ... });\\n} | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:9:21:13:1 | (socket ... });\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:9:21:13:1 | (socket ... });\\n} | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:9:21:13:1 | (socket ... });\\n} | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:9:21:13:1 | (socket ... });\\n} | Xss | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:9:21:13:1 | (socket ... });\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:9:21:13:1 | (socket ... });\\n} | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:10:13:10:21 | 'newuser' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:10:13:10:21 | 'newuser' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:10:13:10:21 | 'newuser' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:10:13:10:21 | 'newuser' | NosqlInjection | notASinkReason | EventRegistration | string | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:10:13:10:21 | 'newuser' | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:10:13:10:21 | 'newuser' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:10:13:10:21 | 'newuser' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:10:13:10:21 | 'newuser' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:10:13:10:21 | 'newuser' | SqlInjection | notASinkReason | EventRegistration | string | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:10:13:10:21 | 'newuser' | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:10:13:10:21 | 'newuser' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:10:13:10:21 | 'newuser' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:10:13:10:21 | 'newuser' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:10:13:10:21 | 'newuser' | TaintedPath | notASinkReason | EventRegistration | string | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:10:13:10:21 | 'newuser' | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:10:13:10:21 | 'newuser' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:10:13:10:21 | 'newuser' | Xss | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:10:13:10:21 | 'newuser' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:10:13:10:21 | 'newuser' | Xss | notASinkReason | EventRegistration | string | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:10:13:10:21 | 'newuser' | Xss | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:10:24:12:3 | (handle ... `);\\n } | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:10:24:12:3 | (handle ... `);\\n } | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:10:24:12:3 | (handle ... `);\\n } | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:10:24:12:3 | (handle ... `);\\n } | NosqlInjection | notASinkReason | EventRegistration | string | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:10:24:12:3 | (handle ... `);\\n } | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:10:24:12:3 | (handle ... `);\\n } | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:10:24:12:3 | (handle ... `);\\n } | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:10:24:12:3 | (handle ... `);\\n } | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:10:24:12:3 | (handle ... `);\\n } | SqlInjection | notASinkReason | EventRegistration | string | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:10:24:12:3 | (handle ... `);\\n } | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:10:24:12:3 | (handle ... `);\\n } | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:10:24:12:3 | (handle ... `);\\n } | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:10:24:12:3 | (handle ... `);\\n } | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:10:24:12:3 | (handle ... `);\\n } | TaintedPath | notASinkReason | EventRegistration | string | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:10:24:12:3 | (handle ... `);\\n } | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:10:24:12:3 | (handle ... `);\\n } | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:10:24:12:3 | (handle ... `);\\n } | Xss | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:10:24:12:3 | (handle ... `);\\n } | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:10:24:12:3 | (handle ... `);\\n } | Xss | notASinkReason | EventRegistration | string | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:10:24:12:3 | (handle ... `);\\n } | Xss | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:11:12:11:53 | `INSERT ... andle}` | SqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:11:12:11:53 | `INSERT ... andle}` | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:11:12:11:53 | `INSERT ... andle}` | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:11:12:11:53 | `INSERT ... andle}` | SqlInjection | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:1:23:1:31 | 'express' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:1:23:1:31 | 'express' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:1:23:1:31 | 'express' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:1:23:1:31 | 'express' | TaintedPath | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:2:13:2:28 | require('mssql') | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:2:13:2:28 | require('mssql') | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:2:13:2:28 | require('mssql') | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:2:13:2:28 | require('mssql') | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:2:21:2:27 | 'mssql' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:2:21:2:27 | 'mssql' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:2:21:2:27 | 'mssql' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:2:21:2:27 | 'mssql' | TaintedPath | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:5:9:5:19 | '/post/:id' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:5:9:5:19 | '/post/:id' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:5:9:5:19 | '/post/:id' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:5:9:5:19 | '/post/:id' | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:5:9:5:19 | '/post/:id' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:5:9:5:19 | '/post/:id' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:5:9:5:19 | '/post/:id' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:5:9:5:19 | '/post/:id' | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:5:9:5:19 | '/post/:id' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:5:9:5:19 | '/post/:id' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:5:9:5:19 | '/post/:id' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:5:9:5:19 | '/post/:id' | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:5:9:5:19 | '/post/:id' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:5:9:5:19 | '/post/:id' | Xss | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:5:9:5:19 | '/post/:id' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:5:9:5:19 | '/post/:id' | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:5:22:10:1 | async f ... "'");\\n} | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:5:22:10:1 | async f ... "'");\\n} | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:5:22:10:1 | async f ... "'");\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:5:22:10:1 | async f ... "'");\\n} | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:5:22:10:1 | async f ... "'");\\n} | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:5:22:10:1 | async f ... "'");\\n} | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:5:22:10:1 | async f ... "'");\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:5:22:10:1 | async f ... "'");\\n} | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:5:22:10:1 | async f ... "'");\\n} | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:5:22:10:1 | async f ... "'");\\n} | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:5:22:10:1 | async f ... "'");\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:5:22:10:1 | async f ... "'");\\n} | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:5:22:10:1 | async f ... "'");\\n} | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:5:22:10:1 | async f ... "'");\\n} | Xss | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:5:22:10:1 | async f ... "'");\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:5:22:10:1 | async f ... "'");\\n} | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:7:13:7:45 | select ... e id = | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:7:13:7:45 | select ... e id = | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:7:13:7:45 | select ... e id = | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:7:13:7:45 | select ... e id = | SqlInjection | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:7:48:7:60 | req.params.id | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:7:48:7:60 | req.params.id | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:7:48:7:60 | req.params.id | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:7:48:7:60 | req.params.id | SqlInjection | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:9:27:9:84 | "select ... d + "'" | SqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:9:27:9:84 | "select ... d + "'" | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:9:27:9:84 | "select ... d + "'" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:9:27:9:84 | "select ... d + "'" | SqlInjection | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:3:20:3:23 | 'pg' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:3:20:3:23 | 'pg' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:3:20:3:23 | 'pg' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:3:20:3:23 | 'pg' | TaintedPath | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:7:16:8:34 | "SELECT ... ategory | SqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:7:16:8:34 | "SELECT ... ategory | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:7:16:8:34 | "SELECT ... ategory | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:7:16:8:34 | "SELECT ... ategory | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:7:16:8:55 | "SELECT ... PRICE" | SqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:7:16:8:55 | "SELECT ... PRICE" | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:7:16:8:55 | "SELECT ... PRICE" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:7:16:8:55 | "SELECT ... PRICE" | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:9:14:9:19 | query1 | SqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:9:14:9:19 | query1 | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:9:14:9:19 | query1 | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:9:14:9:19 | query1 | SqlInjection | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:9:22:9:23 | [] | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:9:22:9:23 | [] | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:9:22:9:23 | [] | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:9:22:9:23 | [] | NosqlInjection | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:9:22:9:23 | [] | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:9:22:9:23 | [] | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:9:22:9:23 | [] | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:9:22:9:23 | [] | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:9:22:9:23 | [] | SqlInjection | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:9:22:9:23 | [] | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:9:22:9:23 | [] | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:9:22:9:23 | [] | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:9:22:9:23 | [] | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:9:22:9:23 | [] | TaintedPath | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:9:22:9:23 | [] | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:9:22:9:23 | [] | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:9:22:9:23 | [] | Xss | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:9:22:9:23 | [] | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:9:22:9:23 | [] | Xss | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:9:22:9:23 | [] | Xss | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:9:26:11:3 | functio ... lts\\n } | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:9:26:11:3 | functio ... lts\\n } | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:9:26:11:3 | functio ... lts\\n } | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:9:26:11:3 | functio ... lts\\n } | NosqlInjection | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:9:26:11:3 | functio ... lts\\n } | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:9:26:11:3 | functio ... lts\\n } | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:9:26:11:3 | functio ... lts\\n } | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:9:26:11:3 | functio ... lts\\n } | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:9:26:11:3 | functio ... lts\\n } | SqlInjection | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:9:26:11:3 | functio ... lts\\n } | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:9:26:11:3 | functio ... lts\\n } | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:9:26:11:3 | functio ... lts\\n } | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:9:26:11:3 | functio ... lts\\n } | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:9:26:11:3 | functio ... lts\\n } | TaintedPath | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:9:26:11:3 | functio ... lts\\n } | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:9:26:11:3 | functio ... lts\\n } | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:9:26:11:3 | functio ... lts\\n } | Xss | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:9:26:11:3 | functio ... lts\\n } | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:9:26:11:3 | functio ... lts\\n } | Xss | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:9:26:11:3 | functio ... lts\\n } | Xss | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:14:16:15:32 | "SELECT ... PRICE" | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:14:16:15:32 | "SELECT ... PRICE" | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:14:16:15:32 | "SELECT ... PRICE" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:14:16:15:32 | "SELECT ... PRICE" | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:14:16:19 | query2 | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:14:16:19 | query2 | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:14:16:19 | query2 | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:14:16:19 | query2 | SqlInjection | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:22:16:42 | [req.pa ... tegory] | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:22:16:42 | [req.pa ... tegory] | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:22:16:42 | [req.pa ... tegory] | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:22:16:42 | [req.pa ... tegory] | NosqlInjection | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:22:16:42 | [req.pa ... tegory] | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:22:16:42 | [req.pa ... tegory] | SqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:22:16:42 | [req.pa ... tegory] | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:22:16:42 | [req.pa ... tegory] | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:22:16:42 | [req.pa ... tegory] | SqlInjection | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:22:16:42 | [req.pa ... tegory] | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:22:16:42 | [req.pa ... tegory] | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:22:16:42 | [req.pa ... tegory] | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:22:16:42 | [req.pa ... tegory] | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:22:16:42 | [req.pa ... tegory] | TaintedPath | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:22:16:42 | [req.pa ... tegory] | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:22:16:42 | [req.pa ... tegory] | Xss | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:22:16:42 | [req.pa ... tegory] | Xss | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:22:16:42 | [req.pa ... tegory] | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:22:16:42 | [req.pa ... tegory] | Xss | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:22:16:42 | [req.pa ... tegory] | Xss | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:23:16:41 | req.params.category | SqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:23:16:41 | req.params.category | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:23:16:41 | req.params.category | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:23:16:41 | req.params.category | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:23:16:41 | req.params.category | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:23:16:41 | req.params.category | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:23:16:41 | req.params.category | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:23:16:41 | req.params.category | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:23:16:41 | req.params.category | Xss | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:23:16:41 | req.params.category | Xss | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:23:16:41 | req.params.category | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:23:16:41 | req.params.category | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:45:18:3 | functio ... lts\\n } | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:45:18:3 | functio ... lts\\n } | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:45:18:3 | functio ... lts\\n } | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:45:18:3 | functio ... lts\\n } | NosqlInjection | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:45:18:3 | functio ... lts\\n } | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:45:18:3 | functio ... lts\\n } | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:45:18:3 | functio ... lts\\n } | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:45:18:3 | functio ... lts\\n } | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:45:18:3 | functio ... lts\\n } | SqlInjection | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:45:18:3 | functio ... lts\\n } | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:45:18:3 | functio ... lts\\n } | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:45:18:3 | functio ... lts\\n } | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:45:18:3 | functio ... lts\\n } | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:45:18:3 | functio ... lts\\n } | TaintedPath | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:45:18:3 | functio ... lts\\n } | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:45:18:3 | functio ... lts\\n } | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:45:18:3 | functio ... lts\\n } | Xss | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:45:18:3 | functio ... lts\\n } | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:45:18:3 | functio ... lts\\n } | Xss | notASinkReason | DatabaseAccess | string | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:45:18:3 | functio ... lts\\n } | Xss | sinkLabel | NotASink | string | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:21:9:21:17 | 'express' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:21:9:21:17 | 'express' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:21:9:21:17 | 'express' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:21:9:21:17 | 'express' | TaintedPath | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:21:26:21:31 | '/foo' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:21:26:21:31 | '/foo' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:21:26:21:31 | '/foo' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:21:26:21:31 | '/foo' | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:21:26:21:31 | '/foo' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:21:26:21:31 | '/foo' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:21:26:21:31 | '/foo' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:21:26:21:31 | '/foo' | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:21:26:21:31 | '/foo' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:21:26:21:31 | '/foo' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:21:26:21:31 | '/foo' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:21:26:21:31 | '/foo' | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:21:26:21:31 | '/foo' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:21:26:21:31 | '/foo' | Xss | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:21:26:21:31 | '/foo' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:21:26:21:31 | '/foo' | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:21:34:21:40 | handler | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:21:34:21:40 | handler | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:21:34:21:40 | handler | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:21:34:21:40 | handler | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:21:34:21:40 | handler | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:21:34:21:40 | handler | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:21:34:21:40 | handler | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:21:34:21:40 | handler | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:21:34:21:40 | handler | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:21:34:21:40 | handler | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:21:34:21:40 | handler | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:21:34:21:40 | handler | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:21:34:21:40 | handler | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:21:34:21:40 | handler | Xss | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:21:34:21:40 | handler | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:21:34:21:40 | handler | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:3:23:3:31 | 'sqlite3' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:3:23:3:31 | 'sqlite3' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:3:23:3:31 | 'sqlite3' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:3:23:3:31 | 'sqlite3' | TaintedPath | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:6:16:6:22 | 'myApp' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:6:16:6:22 | 'myApp' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:6:16:6:22 | 'myApp' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:6:16:6:22 | 'myApp' | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:6:16:6:22 | 'myApp' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:6:16:6:22 | 'myApp' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:6:16:6:22 | 'myApp' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:6:16:6:22 | 'myApp' | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:6:16:6:22 | 'myApp' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:6:16:6:22 | 'myApp' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:6:16:6:22 | 'myApp' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:6:16:6:22 | 'myApp' | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:6:16:6:22 | 'myApp' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:6:16:6:22 | 'myApp' | Xss | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:6:16:6:22 | 'myApp' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:6:16:6:22 | 'myApp' | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:6:25:6:35 | ['ngRoute'] | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:6:25:6:35 | ['ngRoute'] | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:6:25:6:35 | ['ngRoute'] | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:6:25:6:35 | ['ngRoute'] | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:6:25:6:35 | ['ngRoute'] | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:6:25:6:35 | ['ngRoute'] | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:6:25:6:35 | ['ngRoute'] | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:6:25:6:35 | ['ngRoute'] | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:6:25:6:35 | ['ngRoute'] | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:6:25:6:35 | ['ngRoute'] | Xss | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:6:25:6:35 | ['ngRoute'] | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:6:25:6:35 | ['ngRoute'] | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:6:26:6:34 | 'ngRoute' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:6:26:6:34 | 'ngRoute' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:6:26:6:34 | 'ngRoute' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:6:26:6:34 | 'ngRoute' | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:6:26:6:34 | 'ngRoute' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:6:26:6:34 | 'ngRoute' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:6:26:6:34 | 'ngRoute' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:6:26:6:34 | 'ngRoute' | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:6:26:6:34 | 'ngRoute' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:6:26:6:34 | 'ngRoute' | Xss | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:6:26:6:34 | 'ngRoute' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:6:26:6:34 | 'ngRoute' | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:7:13:7:22 | 'FindPost' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:7:13:7:22 | 'FindPost' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:7:13:7:22 | 'FindPost' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:7:13:7:22 | 'FindPost' | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:7:13:7:22 | 'FindPost' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:7:13:7:22 | 'FindPost' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:7:13:7:22 | 'FindPost' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:7:13:7:22 | 'FindPost' | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:7:13:7:22 | 'FindPost' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:7:13:7:22 | 'FindPost' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:7:13:7:22 | 'FindPost' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:7:13:7:22 | 'FindPost' | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:7:13:7:22 | 'FindPost' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:7:13:7:22 | 'FindPost' | Xss | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:7:13:7:22 | 'FindPost' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:7:13:7:22 | 'FindPost' | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:7:25:9:1 | functio ... '"');\\n} | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:7:25:9:1 | functio ... '"');\\n} | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:7:25:9:1 | functio ... '"');\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:7:25:9:1 | functio ... '"');\\n} | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:7:25:9:1 | functio ... '"');\\n} | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:7:25:9:1 | functio ... '"');\\n} | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:7:25:9:1 | functio ... '"');\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:7:25:9:1 | functio ... '"');\\n} | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:7:25:9:1 | functio ... '"');\\n} | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:7:25:9:1 | functio ... '"');\\n} | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:7:25:9:1 | functio ... '"');\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:7:25:9:1 | functio ... '"');\\n} | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:7:25:9:1 | functio ... '"');\\n} | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:7:25:9:1 | functio ... '"');\\n} | Xss | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:7:25:9:1 | functio ... '"');\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:7:25:9:1 | functio ... '"');\\n} | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:8:10:8:60 | 'SELECT ... rams.id | SqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:8:10:8:60 | 'SELECT ... rams.id | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:8:10:8:60 | 'SELECT ... rams.id | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:8:10:8:60 | 'SELECT ... rams.id | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:8:10:8:66 | 'SELECT ... d + '"' | SqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:8:10:8:66 | 'SELECT ... d + '"' | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:8:10:8:66 | 'SELECT ... d + '"' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:8:10:8:66 | 'SELECT ... d + '"' | SqlInjection | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/tst.js:4:23:4:31 | 'express' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst.js:4:23:4:31 | 'express' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst.js:4:23:4:31 | 'express' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst.js:4:23:4:31 | 'express' | TaintedPath | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/tst.js:5:23:5:31 | 'sqlite3' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst.js:5:23:5:31 | 'sqlite3' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst.js:5:23:5:31 | 'sqlite3' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst.js:5:23:5:31 | 'sqlite3' | TaintedPath | sinkLabel | Sink | string | -| autogenerated/NosqlAndSqlInjection/untyped/tst.js:9:9:9:19 | '/post/:id' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst.js:9:9:9:19 | '/post/:id' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst.js:9:9:9:19 | '/post/:id' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst.js:9:9:9:19 | '/post/:id' | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/tst.js:9:9:9:19 | '/post/:id' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst.js:9:9:9:19 | '/post/:id' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst.js:9:9:9:19 | '/post/:id' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst.js:9:9:9:19 | '/post/:id' | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/tst.js:9:9:9:19 | '/post/:id' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst.js:9:9:9:19 | '/post/:id' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst.js:9:9:9:19 | '/post/:id' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst.js:9:9:9:19 | '/post/:id' | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/tst.js:9:9:9:19 | '/post/:id' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst.js:9:9:9:19 | '/post/:id' | Xss | isConstantExpression | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst.js:9:9:9:19 | '/post/:id' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst.js:9:9:9:19 | '/post/:id' | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/tst.js:9:22:11:1 | functio ... '"');\\n} | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst.js:9:22:11:1 | functio ... '"');\\n} | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst.js:9:22:11:1 | functio ... '"');\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst.js:9:22:11:1 | functio ... '"');\\n} | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/tst.js:9:22:11:1 | functio ... '"');\\n} | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst.js:9:22:11:1 | functio ... '"');\\n} | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst.js:9:22:11:1 | functio ... '"');\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst.js:9:22:11:1 | functio ... '"');\\n} | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/tst.js:9:22:11:1 | functio ... '"');\\n} | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst.js:9:22:11:1 | functio ... '"');\\n} | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst.js:9:22:11:1 | functio ... '"');\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst.js:9:22:11:1 | functio ... '"');\\n} | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/tst.js:9:22:11:1 | functio ... '"');\\n} | Xss | hasFlowFromSource | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst.js:9:22:11:1 | functio ... '"');\\n} | Xss | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst.js:9:22:11:1 | functio ... '"');\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst.js:9:22:11:1 | functio ... '"');\\n} | Xss | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/tst.js:10:10:10:58 | 'SELECT ... rams.id | SqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst.js:10:10:10:58 | 'SELECT ... rams.id | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst.js:10:10:10:58 | 'SELECT ... rams.id | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst.js:10:10:10:58 | 'SELECT ... rams.id | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/NosqlAndSqlInjection/untyped/tst.js:10:10:10:64 | 'SELECT ... d + '"' | SqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst.js:10:10:10:64 | 'SELECT ... d + '"' | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst.js:10:10:10:64 | 'SELECT ... d + '"' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/NosqlAndSqlInjection/untyped/tst.js:10:10:10:64 | 'SELECT ... d + '"' | SqlInjection | sinkLabel | Sink | string | -| autogenerated/TaintedPath/TaintedPath-es6.js:6:27:11:1 | functio ... h)));\\n} | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/TaintedPath-es6.js:6:27:11:1 | functio ... h)));\\n} | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/TaintedPath-es6.js:6:27:11:1 | functio ... h)));\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath-es6.js:6:27:11:1 | functio ... h)));\\n} | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/TaintedPath-es6.js:6:27:11:1 | functio ... h)));\\n} | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/TaintedPath-es6.js:6:27:11:1 | functio ... h)));\\n} | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/TaintedPath-es6.js:6:27:11:1 | functio ... h)));\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath-es6.js:6:27:11:1 | functio ... h)));\\n} | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/TaintedPath-es6.js:6:27:11:1 | functio ... h)));\\n} | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/TaintedPath-es6.js:6:27:11:1 | functio ... h)));\\n} | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/TaintedPath-es6.js:6:27:11:1 | functio ... h)));\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath-es6.js:6:27:11:1 | functio ... h)));\\n} | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/TaintedPath-es6.js:6:27:11:1 | functio ... h)));\\n} | Xss | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/TaintedPath-es6.js:6:27:11:1 | functio ... h)));\\n} | Xss | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/TaintedPath-es6.js:6:27:11:1 | functio ... h)));\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath-es6.js:6:27:11:1 | functio ... h)));\\n} | Xss | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/TaintedPath-es6.js:10:26:10:45 | join("public", path) | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/TaintedPath-es6.js:10:26:10:45 | join("public", path) | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/TaintedPath-es6.js:10:26:10:45 | join("public", path) | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath-es6.js:10:26:10:45 | join("public", path) | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/TaintedPath.js:1:18:1:21 | 'fs' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:1:18:1:21 | 'fs' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/TaintedPath.js:1:18:1:21 | 'fs' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:1:18:1:21 | 'fs' | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/TaintedPath.js:2:20:2:25 | 'http' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:2:20:2:25 | 'http' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/TaintedPath.js:2:20:2:25 | 'http' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:2:20:2:25 | 'http' | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/TaintedPath.js:3:19:3:23 | 'url' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:3:19:3:23 | 'url' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/TaintedPath.js:3:19:3:23 | 'url' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:3:19:3:23 | 'url' | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/TaintedPath.js:4:24:4:42 | 'sanitize-filename' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:4:24:4:42 | 'sanitize-filename' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/TaintedPath.js:4:24:4:42 | 'sanitize-filename' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:4:24:4:42 | 'sanitize-filename' | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/TaintedPath.js:5:26:5:31 | 'path' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:5:26:5:31 | 'path' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/TaintedPath.js:5:26:5:31 | 'path' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:5:26:5:31 | 'path' | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/TaintedPath.js:8:32:61:1 | functio ... h)));\\n} | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:8:32:61:1 | functio ... h)));\\n} | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:8:32:61:1 | functio ... h)));\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:8:32:61:1 | functio ... h)));\\n} | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/TaintedPath.js:8:32:61:1 | functio ... h)));\\n} | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:8:32:61:1 | functio ... h)));\\n} | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:8:32:61:1 | functio ... h)));\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:8:32:61:1 | functio ... h)));\\n} | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/TaintedPath.js:8:32:61:1 | functio ... h)));\\n} | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:8:32:61:1 | functio ... h)));\\n} | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:8:32:61:1 | functio ... h)));\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:8:32:61:1 | functio ... h)));\\n} | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/TaintedPath.js:8:32:61:1 | functio ... h)));\\n} | Xss | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:8:32:61:1 | functio ... h)));\\n} | Xss | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:8:32:61:1 | functio ... h)));\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:8:32:61:1 | functio ... h)));\\n} | Xss | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/TaintedPath.js:12:29:12:32 | path | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/TaintedPath.js:12:29:12:32 | path | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:12:29:12:32 | path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:12:29:12:32 | path | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/TaintedPath.js:15:29:15:48 | "/home/user/" + path | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/TaintedPath.js:15:29:15:48 | "/home/user/" + path | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:15:29:15:48 | "/home/user/" + path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:15:29:15:48 | "/home/user/" + path | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/TaintedPath.js:17:23:17:35 | "/home/user/" | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:17:23:17:35 | "/home/user/" | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/TaintedPath.js:17:23:17:35 | "/home/user/" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:17:23:17:35 | "/home/user/" | NosqlInjection | notASinkReason | StringStartsWith | string | -| autogenerated/TaintedPath/TaintedPath.js:17:23:17:35 | "/home/user/" | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/TaintedPath.js:17:23:17:35 | "/home/user/" | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:17:23:17:35 | "/home/user/" | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/TaintedPath.js:17:23:17:35 | "/home/user/" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:17:23:17:35 | "/home/user/" | SqlInjection | notASinkReason | StringStartsWith | string | -| autogenerated/TaintedPath/TaintedPath.js:17:23:17:35 | "/home/user/" | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/TaintedPath.js:17:23:17:35 | "/home/user/" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:17:23:17:35 | "/home/user/" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/TaintedPath.js:17:23:17:35 | "/home/user/" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:17:23:17:35 | "/home/user/" | TaintedPath | notASinkReason | StringStartsWith | string | -| autogenerated/TaintedPath/TaintedPath.js:17:23:17:35 | "/home/user/" | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/TaintedPath.js:17:23:17:35 | "/home/user/" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:17:23:17:35 | "/home/user/" | Xss | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/TaintedPath.js:17:23:17:35 | "/home/user/" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:17:23:17:35 | "/home/user/" | Xss | notASinkReason | StringStartsWith | string | -| autogenerated/TaintedPath/TaintedPath.js:17:23:17:35 | "/home/user/" | Xss | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/TaintedPath.js:18:33:18:36 | path | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:18:33:18:36 | path | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:18:33:18:36 | path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:18:33:18:36 | path | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/TaintedPath.js:20:20:20:27 | "secret" | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:20:20:20:27 | "secret" | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/TaintedPath.js:20:20:20:27 | "secret" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:20:20:20:27 | "secret" | NosqlInjection | notASinkReason | BuiltinCallName | string | -| autogenerated/TaintedPath/TaintedPath.js:20:20:20:27 | "secret" | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/TaintedPath.js:20:20:20:27 | "secret" | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:20:20:20:27 | "secret" | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/TaintedPath.js:20:20:20:27 | "secret" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:20:20:20:27 | "secret" | SqlInjection | notASinkReason | BuiltinCallName | string | -| autogenerated/TaintedPath/TaintedPath.js:20:20:20:27 | "secret" | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/TaintedPath.js:20:20:20:27 | "secret" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:20:20:20:27 | "secret" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/TaintedPath.js:20:20:20:27 | "secret" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:20:20:20:27 | "secret" | TaintedPath | notASinkReason | BuiltinCallName | string | -| autogenerated/TaintedPath/TaintedPath.js:20:20:20:27 | "secret" | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/TaintedPath.js:20:20:20:27 | "secret" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:20:20:20:27 | "secret" | Xss | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/TaintedPath.js:20:20:20:27 | "secret" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:20:20:20:27 | "secret" | Xss | notASinkReason | BuiltinCallName | string | -| autogenerated/TaintedPath/TaintedPath.js:20:20:20:27 | "secret" | Xss | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/TaintedPath.js:21:33:21:36 | path | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/TaintedPath.js:21:33:21:36 | path | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:21:33:21:36 | path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:21:33:21:36 | path | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/TaintedPath.js:23:21:23:24 | path | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/TaintedPath.js:23:21:23:24 | path | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:23:21:23:24 | path | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:23:21:23:24 | path | NosqlInjection | notASinkReason | FileSystemAccess | string | -| autogenerated/TaintedPath/TaintedPath.js:23:21:23:24 | path | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/TaintedPath.js:23:21:23:24 | path | SqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/TaintedPath.js:23:21:23:24 | path | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:23:21:23:24 | path | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:23:21:23:24 | path | SqlInjection | notASinkReason | FileSystemAccess | string | -| autogenerated/TaintedPath/TaintedPath.js:23:21:23:24 | path | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/TaintedPath.js:23:21:23:24 | path | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/TaintedPath.js:23:21:23:24 | path | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:23:21:23:24 | path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:23:21:23:24 | path | TaintedPath | notASinkReason | FileSystemAccess | string | -| autogenerated/TaintedPath/TaintedPath.js:23:21:23:24 | path | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/TaintedPath.js:23:21:23:24 | path | Xss | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/TaintedPath.js:23:21:23:24 | path | Xss | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:23:21:23:24 | path | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:23:21:23:24 | path | Xss | notASinkReason | FileSystemAccess | string | -| autogenerated/TaintedPath/TaintedPath.js:23:21:23:24 | path | Xss | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/TaintedPath.js:24:33:24:36 | path | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/TaintedPath.js:24:33:24:36 | path | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:24:33:24:36 | path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:24:33:24:36 | path | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/TaintedPath.js:27:31:27:34 | path | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:27:31:27:34 | path | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:27:31:27:34 | path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:27:31:27:34 | path | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/TaintedPath.js:30:31:30:34 | path | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:30:31:30:34 | path | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:30:31:30:34 | path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:30:31:30:34 | path | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/TaintedPath.js:33:31:33:34 | path | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/TaintedPath.js:33:31:33:34 | path | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:33:31:33:34 | path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:33:31:33:34 | path | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/TaintedPath.js:35:10:35:23 | sanitize(path) | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:35:10:35:23 | sanitize(path) | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:35:10:35:23 | sanitize(path) | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:35:10:35:23 | sanitize(path) | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/TaintedPath.js:36:29:36:32 | path | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:36:29:36:32 | path | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:36:29:36:32 | path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:36:29:36:32 | path | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/TaintedPath.js:40:29:40:53 | pathMod ... e(path) | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/TaintedPath.js:40:29:40:53 | pathMod ... e(path) | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:40:29:40:53 | pathMod ... e(path) | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:40:29:40:53 | pathMod ... e(path) | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/TaintedPath.js:42:29:42:52 | pathMod ... e(path) | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/TaintedPath.js:42:29:42:52 | pathMod ... e(path) | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:42:29:42:52 | pathMod ... e(path) | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:42:29:42:52 | pathMod ... e(path) | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/TaintedPath.js:44:29:44:52 | pathMod ... e(path) | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/TaintedPath.js:44:29:44:52 | pathMod ... e(path) | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:44:29:44:52 | pathMod ... e(path) | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:44:29:44:52 | pathMod ... e(path) | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/TaintedPath.js:46:29:46:49 | pathMod ... n(path) | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/TaintedPath.js:46:29:46:49 | pathMod ... n(path) | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:46:29:46:49 | pathMod ... n(path) | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:46:29:46:49 | pathMod ... n(path) | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/TaintedPath.js:48:29:48:58 | pathMod ... ath, z) | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/TaintedPath.js:48:29:48:58 | pathMod ... ath, z) | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:48:29:48:58 | pathMod ... ath, z) | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:48:29:48:58 | pathMod ... ath, z) | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/TaintedPath.js:50:29:50:54 | pathMod ... e(path) | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/TaintedPath.js:50:29:50:54 | pathMod ... e(path) | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:50:29:50:54 | pathMod ... e(path) | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:50:29:50:54 | pathMod ... e(path) | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/TaintedPath.js:52:29:52:56 | pathMod ... , path) | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/TaintedPath.js:52:29:52:56 | pathMod ... , path) | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:52:29:52:56 | pathMod ... , path) | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:52:29:52:56 | pathMod ... , path) | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/TaintedPath.js:54:29:54:56 | pathMod ... ath, x) | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/TaintedPath.js:54:29:54:56 | pathMod ... ath, x) | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:54:29:54:56 | pathMod ... ath, x) | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:54:29:54:56 | pathMod ... ath, x) | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/TaintedPath.js:56:29:56:52 | pathMod ... e(path) | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/TaintedPath.js:56:29:56:52 | pathMod ... e(path) | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:56:29:56:52 | pathMod ... e(path) | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:56:29:56:52 | pathMod ... e(path) | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/TaintedPath.js:58:29:58:61 | pathMod ... ath, z) | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/TaintedPath.js:58:29:58:61 | pathMod ... ath, z) | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:58:29:58:61 | pathMod ... ath, z) | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:58:29:58:61 | pathMod ... ath, z) | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/TaintedPath.js:60:29:60:61 | pathMod ... h(path) | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/TaintedPath.js:60:29:60:61 | pathMod ... h(path) | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:60:29:60:61 | pathMod ... h(path) | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:60:29:60:61 | pathMod ... h(path) | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/TaintedPath.js:63:16:63:22 | 'myApp' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:63:16:63:22 | 'myApp' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/TaintedPath.js:63:16:63:22 | 'myApp' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:63:16:63:22 | 'myApp' | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/TaintedPath.js:63:16:63:22 | 'myApp' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:63:16:63:22 | 'myApp' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/TaintedPath.js:63:16:63:22 | 'myApp' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:63:16:63:22 | 'myApp' | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/TaintedPath.js:63:16:63:22 | 'myApp' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:63:16:63:22 | 'myApp' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/TaintedPath.js:63:16:63:22 | 'myApp' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:63:16:63:22 | 'myApp' | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/TaintedPath.js:63:16:63:22 | 'myApp' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:63:16:63:22 | 'myApp' | Xss | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/TaintedPath.js:63:16:63:22 | 'myApp' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:63:16:63:22 | 'myApp' | Xss | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/TaintedPath.js:63:25:63:26 | [] | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:63:25:63:26 | [] | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:63:25:63:26 | [] | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:63:25:63:26 | [] | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/TaintedPath.js:63:25:63:26 | [] | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:63:25:63:26 | [] | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:63:25:63:26 | [] | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:63:25:63:26 | [] | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/TaintedPath.js:63:25:63:26 | [] | Xss | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:63:25:63:26 | [] | Xss | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:63:25:63:26 | [] | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:63:25:63:26 | [] | Xss | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/TaintedPath.js:64:16:64:27 | 'myCustomer' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:64:16:64:27 | 'myCustomer' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/TaintedPath.js:64:16:64:27 | 'myCustomer' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:64:16:64:27 | 'myCustomer' | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/TaintedPath.js:64:16:64:27 | 'myCustomer' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:64:16:64:27 | 'myCustomer' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/TaintedPath.js:64:16:64:27 | 'myCustomer' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:64:16:64:27 | 'myCustomer' | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/TaintedPath.js:64:16:64:27 | 'myCustomer' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:64:16:64:27 | 'myCustomer' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/TaintedPath.js:64:16:64:27 | 'myCustomer' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:64:16:64:27 | 'myCustomer' | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/TaintedPath.js:64:16:64:27 | 'myCustomer' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:64:16:64:27 | 'myCustomer' | Xss | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/TaintedPath.js:64:16:64:27 | 'myCustomer' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:64:16:64:27 | 'myCustomer' | Xss | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/TaintedPath.js:64:30:68:5 | functio ... }\\n } | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:64:30:68:5 | functio ... }\\n } | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:64:30:68:5 | functio ... }\\n } | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:64:30:68:5 | functio ... }\\n } | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/TaintedPath.js:64:30:68:5 | functio ... }\\n } | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:64:30:68:5 | functio ... }\\n } | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:64:30:68:5 | functio ... }\\n } | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:64:30:68:5 | functio ... }\\n } | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/TaintedPath.js:64:30:68:5 | functio ... }\\n } | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:64:30:68:5 | functio ... }\\n } | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:64:30:68:5 | functio ... }\\n } | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:64:30:68:5 | functio ... }\\n } | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/TaintedPath.js:64:30:68:5 | functio ... }\\n } | Xss | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:64:30:68:5 | functio ... }\\n } | Xss | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:64:30:68:5 | functio ... }\\n } | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:64:30:68:5 | functio ... }\\n } | Xss | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/TaintedPath.js:66:26:66:31 | "SAFE" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:66:26:66:31 | "SAFE" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/TaintedPath.js:66:26:66:31 | "SAFE" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:66:26:66:31 | "SAFE" | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/TaintedPath.js:69:16:69:27 | 'myCustomer' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:69:16:69:27 | 'myCustomer' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/TaintedPath.js:69:16:69:27 | 'myCustomer' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:69:16:69:27 | 'myCustomer' | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/TaintedPath.js:69:16:69:27 | 'myCustomer' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:69:16:69:27 | 'myCustomer' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/TaintedPath.js:69:16:69:27 | 'myCustomer' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:69:16:69:27 | 'myCustomer' | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/TaintedPath.js:69:16:69:27 | 'myCustomer' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:69:16:69:27 | 'myCustomer' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/TaintedPath.js:69:16:69:27 | 'myCustomer' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:69:16:69:27 | 'myCustomer' | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/TaintedPath.js:69:16:69:27 | 'myCustomer' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:69:16:69:27 | 'myCustomer' | Xss | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/TaintedPath.js:69:16:69:27 | 'myCustomer' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:69:16:69:27 | 'myCustomer' | Xss | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/TaintedPath.js:69:30:73:5 | functio ... }\\n } | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:69:30:73:5 | functio ... }\\n } | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:69:30:73:5 | functio ... }\\n } | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:69:30:73:5 | functio ... }\\n } | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/TaintedPath.js:69:30:73:5 | functio ... }\\n } | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:69:30:73:5 | functio ... }\\n } | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:69:30:73:5 | functio ... }\\n } | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:69:30:73:5 | functio ... }\\n } | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/TaintedPath.js:69:30:73:5 | functio ... }\\n } | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:69:30:73:5 | functio ... }\\n } | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:69:30:73:5 | functio ... }\\n } | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:69:30:73:5 | functio ... }\\n } | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/TaintedPath.js:69:30:73:5 | functio ... }\\n } | Xss | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:69:30:73:5 | functio ... }\\n } | Xss | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:69:30:73:5 | functio ... }\\n } | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:69:30:73:5 | functio ... }\\n } | Xss | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/TaintedPath.js:71:26:71:45 | Cookie.get("unsafe") | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/TaintedPath.js:71:26:71:45 | Cookie.get("unsafe") | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:71:26:71:45 | Cookie.get("unsafe") | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:71:26:71:45 | Cookie.get("unsafe") | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/TaintedPath.js:71:37:71:44 | "unsafe" | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:71:37:71:44 | "unsafe" | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/TaintedPath.js:71:37:71:44 | "unsafe" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:71:37:71:44 | "unsafe" | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/TaintedPath.js:71:37:71:44 | "unsafe" | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:71:37:71:44 | "unsafe" | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/TaintedPath.js:71:37:71:44 | "unsafe" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:71:37:71:44 | "unsafe" | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/TaintedPath.js:71:37:71:44 | "unsafe" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:71:37:71:44 | "unsafe" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/TaintedPath.js:71:37:71:44 | "unsafe" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:71:37:71:44 | "unsafe" | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/TaintedPath.js:71:37:71:44 | "unsafe" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:71:37:71:44 | "unsafe" | Xss | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/TaintedPath.js:71:37:71:44 | "unsafe" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:71:37:71:44 | "unsafe" | Xss | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/TaintedPath.js:75:32:80:1 | functio ... OT OK\\n} | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:75:32:80:1 | functio ... OT OK\\n} | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:75:32:80:1 | functio ... OT OK\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:75:32:80:1 | functio ... OT OK\\n} | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/TaintedPath.js:75:32:80:1 | functio ... OT OK\\n} | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:75:32:80:1 | functio ... OT OK\\n} | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:75:32:80:1 | functio ... OT OK\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:75:32:80:1 | functio ... OT OK\\n} | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/TaintedPath.js:75:32:80:1 | functio ... OT OK\\n} | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:75:32:80:1 | functio ... OT OK\\n} | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:75:32:80:1 | functio ... OT OK\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:75:32:80:1 | functio ... OT OK\\n} | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/TaintedPath.js:75:32:80:1 | functio ... OT OK\\n} | Xss | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:75:32:80:1 | functio ... OT OK\\n} | Xss | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:75:32:80:1 | functio ... OT OK\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:75:32:80:1 | functio ... OT OK\\n} | Xss | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/TaintedPath.js:77:31:77:76 | require ... ).query | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/TaintedPath.js:77:31:77:76 | require ... ).query | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:77:31:77:76 | require ... ).query | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:77:31:77:76 | require ... ).query | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/TaintedPath.js:77:39:77:54 | "querystringify" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:77:39:77:54 | "querystringify" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/TaintedPath.js:77:39:77:54 | "querystringify" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:77:39:77:54 | "querystringify" | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/TaintedPath.js:78:31:78:74 | require ... ).query | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/TaintedPath.js:78:31:78:74 | require ... ).query | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:78:31:78:74 | require ... ).query | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:78:31:78:74 | require ... ).query | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/TaintedPath.js:78:39:78:52 | "query-string" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:78:39:78:52 | "query-string" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/TaintedPath.js:78:39:78:52 | "query-string" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:78:39:78:52 | "query-string" | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/TaintedPath.js:79:31:79:73 | require ... ).query | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/TaintedPath.js:79:31:79:73 | require ... ).query | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:79:31:79:73 | require ... ).query | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:79:31:79:73 | require ... ).query | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/TaintedPath.js:79:39:79:51 | "querystring" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:79:39:79:51 | "querystring" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/TaintedPath.js:79:39:79:51 | "querystring" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:79:39:79:51 | "querystring" | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/TaintedPath.js:84:27:84:35 | 'express' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:84:27:84:35 | 'express' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/TaintedPath.js:84:27:84:35 | 'express' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:84:27:84:35 | 'express' | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/TaintedPath.js:87:48:87:60 | req.params[0] | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/TaintedPath.js:87:48:87:60 | req.params[0] | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:87:48:87:60 | req.params[0] | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:87:48:87:60 | req.params[0] | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/TaintedPath.js:88:21:88:30 | '/views/*' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:88:21:88:30 | '/views/*' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/TaintedPath.js:88:21:88:30 | '/views/*' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:88:21:88:30 | '/views/*' | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/TaintedPath.js:88:21:88:30 | '/views/*' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:88:21:88:30 | '/views/*' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/TaintedPath.js:88:21:88:30 | '/views/*' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:88:21:88:30 | '/views/*' | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/TaintedPath.js:88:21:88:30 | '/views/*' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:88:21:88:30 | '/views/*' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/TaintedPath.js:88:21:88:30 | '/views/*' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:88:21:88:30 | '/views/*' | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/TaintedPath.js:88:21:88:30 | '/views/*' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:88:21:88:30 | '/views/*' | Xss | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/TaintedPath.js:88:21:88:30 | '/views/*' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:88:21:88:30 | '/views/*' | Xss | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/TaintedPath.js:88:33:88:43 | views_local | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:88:33:88:43 | views_local | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:88:33:88:43 | views_local | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:88:33:88:43 | views_local | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/TaintedPath.js:88:33:88:43 | views_local | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:88:33:88:43 | views_local | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:88:33:88:43 | views_local | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:88:33:88:43 | views_local | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/TaintedPath.js:88:33:88:43 | views_local | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:88:33:88:43 | views_local | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:88:33:88:43 | views_local | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:88:33:88:43 | views_local | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/TaintedPath.js:88:33:88:43 | views_local | Xss | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:88:33:88:43 | views_local | Xss | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:88:33:88:43 | views_local | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:88:33:88:43 | views_local | Xss | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/TaintedPath.js:90:34:90:42 | "./views" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:90:34:90:42 | "./views" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/TaintedPath.js:90:34:90:42 | "./views" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:90:34:90:42 | "./views" | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/TaintedPath.js:91:21:91:30 | '/views/*' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:91:21:91:30 | '/views/*' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/TaintedPath.js:91:21:91:30 | '/views/*' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:91:21:91:30 | '/views/*' | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/TaintedPath.js:91:21:91:30 | '/views/*' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:91:21:91:30 | '/views/*' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/TaintedPath.js:91:21:91:30 | '/views/*' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:91:21:91:30 | '/views/*' | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/TaintedPath.js:91:21:91:30 | '/views/*' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:91:21:91:30 | '/views/*' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/TaintedPath.js:91:21:91:30 | '/views/*' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:91:21:91:30 | '/views/*' | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/TaintedPath.js:91:21:91:30 | '/views/*' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:91:21:91:30 | '/views/*' | Xss | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/TaintedPath.js:91:21:91:30 | '/views/*' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:91:21:91:30 | '/views/*' | Xss | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/TaintedPath.js:91:33:91:46 | views_imported | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:91:33:91:46 | views_imported | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:91:33:91:46 | views_imported | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:91:33:91:46 | views_imported | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/TaintedPath.js:91:33:91:46 | views_imported | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:91:33:91:46 | views_imported | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:91:33:91:46 | views_imported | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:91:33:91:46 | views_imported | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/TaintedPath.js:91:33:91:46 | views_imported | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:91:33:91:46 | views_imported | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:91:33:91:46 | views_imported | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:91:33:91:46 | views_imported | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/TaintedPath.js:91:33:91:46 | views_imported | Xss | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:91:33:91:46 | views_imported | Xss | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:91:33:91:46 | views_imported | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:91:33:91:46 | views_imported | Xss | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/TaintedPath.js:95:18:95:26 | 'message' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:95:18:95:26 | 'message' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/TaintedPath.js:95:18:95:26 | 'message' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:95:18:95:26 | 'message' | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/TaintedPath.js:95:18:95:26 | 'message' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:95:18:95:26 | 'message' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/TaintedPath.js:95:18:95:26 | 'message' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:95:18:95:26 | 'message' | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/TaintedPath.js:95:18:95:26 | 'message' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:95:18:95:26 | 'message' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/TaintedPath.js:95:18:95:26 | 'message' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:95:18:95:26 | 'message' | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/TaintedPath.js:95:18:95:26 | 'message' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:95:18:95:26 | 'message' | Xss | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/TaintedPath.js:95:18:95:26 | 'message' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:95:18:95:26 | 'message' | Xss | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/TaintedPath.js:95:29:97:1 | (ev) => ... ata);\\n} | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:95:29:97:1 | (ev) => ... ata);\\n} | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:95:29:97:1 | (ev) => ... ata);\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:95:29:97:1 | (ev) => ... ata);\\n} | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/TaintedPath.js:95:29:97:1 | (ev) => ... ata);\\n} | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:95:29:97:1 | (ev) => ... ata);\\n} | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:95:29:97:1 | (ev) => ... ata);\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:95:29:97:1 | (ev) => ... ata);\\n} | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/TaintedPath.js:95:29:97:1 | (ev) => ... ata);\\n} | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:95:29:97:1 | (ev) => ... ata);\\n} | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:95:29:97:1 | (ev) => ... ata);\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:95:29:97:1 | (ev) => ... ata);\\n} | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/TaintedPath.js:95:29:97:1 | (ev) => ... ata);\\n} | Xss | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:95:29:97:1 | (ev) => ... ata);\\n} | Xss | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:95:29:97:1 | (ev) => ... ata);\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:95:29:97:1 | (ev) => ... ata);\\n} | Xss | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/TaintedPath.js:99:32:109:1 | functio ... );\\n\\n} | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:99:32:109:1 | functio ... );\\n\\n} | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:99:32:109:1 | functio ... );\\n\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:99:32:109:1 | functio ... );\\n\\n} | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/TaintedPath.js:99:32:109:1 | functio ... );\\n\\n} | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:99:32:109:1 | functio ... );\\n\\n} | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:99:32:109:1 | functio ... );\\n\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:99:32:109:1 | functio ... );\\n\\n} | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/TaintedPath.js:99:32:109:1 | functio ... );\\n\\n} | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:99:32:109:1 | functio ... );\\n\\n} | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:99:32:109:1 | functio ... );\\n\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:99:32:109:1 | functio ... );\\n\\n} | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/TaintedPath.js:99:32:109:1 | functio ... );\\n\\n} | Xss | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:99:32:109:1 | functio ... );\\n\\n} | Xss | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:99:32:109:1 | functio ... );\\n\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:99:32:109:1 | functio ... );\\n\\n} | Xss | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/TaintedPath.js:102:28:102:48 | fs.real ... c(path) | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/TaintedPath.js:102:28:102:48 | fs.real ... c(path) | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:102:28:102:48 | fs.real ... c(path) | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:102:28:102:48 | fs.real ... c(path) | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/TaintedPath.js:102:44:102:47 | path | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/TaintedPath.js:102:44:102:47 | path | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:102:44:102:47 | path | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:102:44:102:47 | path | NosqlInjection | notASinkReason | FileSystemAccess | string | -| autogenerated/TaintedPath/TaintedPath.js:102:44:102:47 | path | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/TaintedPath.js:102:44:102:47 | path | SqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/TaintedPath.js:102:44:102:47 | path | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:102:44:102:47 | path | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:102:44:102:47 | path | SqlInjection | notASinkReason | FileSystemAccess | string | -| autogenerated/TaintedPath/TaintedPath.js:102:44:102:47 | path | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/TaintedPath.js:102:44:102:47 | path | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/TaintedPath.js:102:44:102:47 | path | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:102:44:102:47 | path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:102:44:102:47 | path | TaintedPath | notASinkReason | FileSystemAccess | string | -| autogenerated/TaintedPath/TaintedPath.js:102:44:102:47 | path | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/TaintedPath.js:102:44:102:47 | path | Xss | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/TaintedPath.js:102:44:102:47 | path | Xss | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:102:44:102:47 | path | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:102:44:102:47 | path | Xss | notASinkReason | FileSystemAccess | string | -| autogenerated/TaintedPath/TaintedPath.js:102:44:102:47 | path | Xss | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/TaintedPath.js:103:14:103:17 | path | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/TaintedPath.js:103:14:103:17 | path | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:103:14:103:17 | path | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:103:14:103:17 | path | NosqlInjection | notASinkReason | FileSystemAccess | string | -| autogenerated/TaintedPath/TaintedPath.js:103:14:103:17 | path | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/TaintedPath.js:103:14:103:17 | path | SqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/TaintedPath.js:103:14:103:17 | path | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:103:14:103:17 | path | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:103:14:103:17 | path | SqlInjection | notASinkReason | FileSystemAccess | string | -| autogenerated/TaintedPath/TaintedPath.js:103:14:103:17 | path | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/TaintedPath.js:103:14:103:17 | path | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/TaintedPath.js:103:14:103:17 | path | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:103:14:103:17 | path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:103:14:103:17 | path | TaintedPath | notASinkReason | FileSystemAccess | string | -| autogenerated/TaintedPath/TaintedPath.js:103:14:103:17 | path | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/TaintedPath.js:103:14:103:17 | path | Xss | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/TaintedPath.js:103:14:103:17 | path | Xss | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:103:14:103:17 | path | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:103:14:103:17 | path | Xss | notASinkReason | FileSystemAccess | string | -| autogenerated/TaintedPath/TaintedPath.js:103:14:103:17 | path | Xss | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/TaintedPath.js:104:18:106:18 | functio ... } | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:104:18:106:18 | functio ... } | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:104:18:106:18 | functio ... } | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:104:18:106:18 | functio ... } | NosqlInjection | notASinkReason | FileSystemAccess | string | -| autogenerated/TaintedPath/TaintedPath.js:104:18:106:18 | functio ... } | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/TaintedPath.js:104:18:106:18 | functio ... } | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:104:18:106:18 | functio ... } | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:104:18:106:18 | functio ... } | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:104:18:106:18 | functio ... } | SqlInjection | notASinkReason | FileSystemAccess | string | -| autogenerated/TaintedPath/TaintedPath.js:104:18:106:18 | functio ... } | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/TaintedPath.js:104:18:106:18 | functio ... } | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:104:18:106:18 | functio ... } | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:104:18:106:18 | functio ... } | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:104:18:106:18 | functio ... } | TaintedPath | notASinkReason | FileSystemAccess | string | -| autogenerated/TaintedPath/TaintedPath.js:104:18:106:18 | functio ... } | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/TaintedPath.js:104:18:106:18 | functio ... } | Xss | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:104:18:106:18 | functio ... } | Xss | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:104:18:106:18 | functio ... } | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:104:18:106:18 | functio ... } | Xss | notASinkReason | FileSystemAccess | string | -| autogenerated/TaintedPath/TaintedPath.js:104:18:106:18 | functio ... } | Xss | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/TaintedPath.js:105:45:105:52 | realpath | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/TaintedPath.js:105:45:105:52 | realpath | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:105:45:105:52 | realpath | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:105:45:105:52 | realpath | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/TaintedPath.js:111:32:120:1 | functio ... bove.\\n} | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:111:32:120:1 | functio ... bove.\\n} | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:111:32:120:1 | functio ... bove.\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:111:32:120:1 | functio ... bove.\\n} | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/TaintedPath.js:111:32:120:1 | functio ... bove.\\n} | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:111:32:120:1 | functio ... bove.\\n} | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:111:32:120:1 | functio ... bove.\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:111:32:120:1 | functio ... bove.\\n} | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/TaintedPath.js:111:32:120:1 | functio ... bove.\\n} | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:111:32:120:1 | functio ... bove.\\n} | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:111:32:120:1 | functio ... bove.\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:111:32:120:1 | functio ... bove.\\n} | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/TaintedPath.js:111:32:120:1 | functio ... bove.\\n} | Xss | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:111:32:120:1 | functio ... bove.\\n} | Xss | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:111:32:120:1 | functio ... bove.\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:111:32:120:1 | functio ... bove.\\n} | Xss | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/TaintedPath.js:115:12:115:51 | path.re ... /g, '') | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/TaintedPath.js:115:12:115:51 | path.re ... /g, '') | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:115:12:115:51 | path.re ... /g, '') | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:115:12:115:51 | path.re ... /g, '') | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/TaintedPath.js:116:12:116:36 | path.re ... /g, '') | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/TaintedPath.js:116:12:116:36 | path.re ... /g, '') | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:116:12:116:36 | path.re ... /g, '') | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:116:12:116:36 | path.re ... /g, '') | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/TaintedPath.js:119:29:119:32 | path | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/TaintedPath.js:119:29:119:32 | path | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:119:29:119:32 | path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:119:29:119:32 | path | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/TaintedPath.js:122:32:133:1 | functio ... bove.\\n} | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:122:32:133:1 | functio ... bove.\\n} | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:122:32:133:1 | functio ... bove.\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:122:32:133:1 | functio ... bove.\\n} | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/TaintedPath.js:122:32:133:1 | functio ... bove.\\n} | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:122:32:133:1 | functio ... bove.\\n} | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:122:32:133:1 | functio ... bove.\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:122:32:133:1 | functio ... bove.\\n} | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/TaintedPath.js:122:32:133:1 | functio ... bove.\\n} | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:122:32:133:1 | functio ... bove.\\n} | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:122:32:133:1 | functio ... bove.\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:122:32:133:1 | functio ... bove.\\n} | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/TaintedPath.js:122:32:133:1 | functio ... bove.\\n} | Xss | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:122:32:133:1 | functio ... bove.\\n} | Xss | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:122:32:133:1 | functio ... bove.\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:122:32:133:1 | functio ... bove.\\n} | Xss | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/TaintedPath.js:128:11:128:50 | path.re ... /g, '') | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/TaintedPath.js:128:11:128:50 | path.re ... /g, '') | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:128:11:128:50 | path.re ... /g, '') | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:128:11:128:50 | path.re ... /g, '') | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/TaintedPath.js:129:12:129:36 | path.re ... /g, '') | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/TaintedPath.js:129:12:129:36 | path.re ... /g, '') | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:129:12:129:36 | path.re ... /g, '') | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:129:12:129:36 | path.re ... /g, '') | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/TaintedPath.js:132:29:132:32 | path | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/TaintedPath.js:132:29:132:32 | path | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:132:29:132:32 | path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:132:29:132:32 | path | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/TaintedPath.js:135:32:139:1 | functio ... OT OK\\n} | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:135:32:139:1 | functio ... OT OK\\n} | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:135:32:139:1 | functio ... OT OK\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:135:32:139:1 | functio ... OT OK\\n} | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/TaintedPath.js:135:32:139:1 | functio ... OT OK\\n} | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:135:32:139:1 | functio ... OT OK\\n} | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:135:32:139:1 | functio ... OT OK\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:135:32:139:1 | functio ... OT OK\\n} | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/TaintedPath.js:135:32:139:1 | functio ... OT OK\\n} | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:135:32:139:1 | functio ... OT OK\\n} | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:135:32:139:1 | functio ... OT OK\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:135:32:139:1 | functio ... OT OK\\n} | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/TaintedPath.js:135:32:139:1 | functio ... OT OK\\n} | Xss | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:135:32:139:1 | functio ... OT OK\\n} | Xss | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:135:32:139:1 | functio ... OT OK\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:135:32:139:1 | functio ... OT OK\\n} | Xss | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/TaintedPath.js:138:10:138:15 | 'send' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:138:10:138:15 | 'send' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/TaintedPath.js:138:10:138:15 | 'send' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:138:10:138:15 | 'send' | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/TaintedPath.js:138:23:138:26 | path | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/TaintedPath.js:138:23:138:26 | path | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:138:23:138:26 | path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:138:23:138:26 | path | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/TaintedPath.js:141:32:163:1 | functio ... OK \\n\\n} | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:141:32:163:1 | functio ... OK \\n\\n} | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:141:32:163:1 | functio ... OK \\n\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:141:32:163:1 | functio ... OK \\n\\n} | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/TaintedPath.js:141:32:163:1 | functio ... OK \\n\\n} | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:141:32:163:1 | functio ... OK \\n\\n} | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:141:32:163:1 | functio ... OK \\n\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:141:32:163:1 | functio ... OK \\n\\n} | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/TaintedPath.js:141:32:163:1 | functio ... OK \\n\\n} | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:141:32:163:1 | functio ... OK \\n\\n} | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:141:32:163:1 | functio ... OK \\n\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:141:32:163:1 | functio ... OK \\n\\n} | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/TaintedPath.js:141:32:163:1 | functio ... OK \\n\\n} | Xss | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:141:32:163:1 | functio ... OK \\n\\n} | Xss | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:141:32:163:1 | functio ... OK \\n\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:141:32:163:1 | functio ... OK \\n\\n} | Xss | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/TaintedPath.js:144:19:144:22 | path | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/TaintedPath.js:144:19:144:22 | path | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:144:19:144:22 | path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:144:19:144:22 | path | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/TaintedPath.js:146:26:146:28 | "/" | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:146:26:146:28 | "/" | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/TaintedPath.js:146:26:146:28 | "/" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:146:26:146:28 | "/" | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/TaintedPath.js:146:26:146:28 | "/" | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:146:26:146:28 | "/" | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/TaintedPath.js:146:26:146:28 | "/" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:146:26:146:28 | "/" | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/TaintedPath.js:146:26:146:28 | "/" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:146:26:146:28 | "/" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/TaintedPath.js:146:26:146:28 | "/" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:146:26:146:28 | "/" | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/TaintedPath.js:146:26:146:28 | "/" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:146:26:146:28 | "/" | Xss | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/TaintedPath.js:146:26:146:28 | "/" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:146:26:146:28 | "/" | Xss | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/TaintedPath.js:148:19:148:33 | split.join("/") | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/TaintedPath.js:148:19:148:33 | split.join("/") | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:148:19:148:33 | split.join("/") | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:148:19:148:33 | split.join("/") | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/TaintedPath.js:148:30:148:32 | "/" | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:148:30:148:32 | "/" | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/TaintedPath.js:148:30:148:32 | "/" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:148:30:148:32 | "/" | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/TaintedPath.js:148:30:148:32 | "/" | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:148:30:148:32 | "/" | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/TaintedPath.js:148:30:148:32 | "/" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:148:30:148:32 | "/" | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/TaintedPath.js:148:30:148:32 | "/" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:148:30:148:32 | "/" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/TaintedPath.js:148:30:148:32 | "/" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:148:30:148:32 | "/" | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/TaintedPath.js:148:30:148:32 | "/" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:148:30:148:32 | "/" | Xss | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/TaintedPath.js:148:30:148:32 | "/" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:148:30:148:32 | "/" | Xss | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/TaintedPath.js:150:19:150:50 | prefix ... th - 1] | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/TaintedPath.js:150:19:150:50 | prefix ... th - 1] | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:150:19:150:50 | prefix ... th - 1] | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:150:19:150:50 | prefix ... th - 1] | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/TaintedPath.js:152:19:152:26 | split[x] | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/TaintedPath.js:152:19:152:26 | split[x] | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:152:19:152:26 | split[x] | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:152:19:152:26 | split[x] | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/TaintedPath.js:153:19:153:35 | prefix + split[x] | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/TaintedPath.js:153:19:153:35 | prefix + split[x] | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:153:19:153:35 | prefix + split[x] | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:153:19:153:35 | prefix + split[x] | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/TaintedPath.js:156:19:156:37 | concatted.join("/") | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/TaintedPath.js:156:19:156:37 | concatted.join("/") | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:156:19:156:37 | concatted.join("/") | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:156:19:156:37 | concatted.join("/") | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/TaintedPath.js:156:34:156:36 | "/" | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:156:34:156:36 | "/" | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/TaintedPath.js:156:34:156:36 | "/" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:156:34:156:36 | "/" | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/TaintedPath.js:156:34:156:36 | "/" | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:156:34:156:36 | "/" | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/TaintedPath.js:156:34:156:36 | "/" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:156:34:156:36 | "/" | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/TaintedPath.js:156:34:156:36 | "/" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:156:34:156:36 | "/" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/TaintedPath.js:156:34:156:36 | "/" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:156:34:156:36 | "/" | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/TaintedPath.js:156:34:156:36 | "/" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:156:34:156:36 | "/" | Xss | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/TaintedPath.js:156:34:156:36 | "/" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:156:34:156:36 | "/" | Xss | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/TaintedPath.js:159:19:159:38 | concatted2.join("/") | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/TaintedPath.js:159:19:159:38 | concatted2.join("/") | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:159:19:159:38 | concatted2.join("/") | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:159:19:159:38 | concatted2.join("/") | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/TaintedPath.js:159:35:159:37 | "/" | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:159:35:159:37 | "/" | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/TaintedPath.js:159:35:159:37 | "/" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:159:35:159:37 | "/" | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/TaintedPath.js:159:35:159:37 | "/" | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:159:35:159:37 | "/" | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/TaintedPath.js:159:35:159:37 | "/" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:159:35:159:37 | "/" | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/TaintedPath.js:159:35:159:37 | "/" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:159:35:159:37 | "/" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/TaintedPath.js:159:35:159:37 | "/" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:159:35:159:37 | "/" | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/TaintedPath.js:159:35:159:37 | "/" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:159:35:159:37 | "/" | Xss | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/TaintedPath.js:159:35:159:37 | "/" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:159:35:159:37 | "/" | Xss | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/TaintedPath.js:161:19:161:29 | split.pop() | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/TaintedPath.js:161:19:161:29 | split.pop() | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:161:19:161:29 | split.pop() | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:161:19:161:29 | split.pop() | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/TaintedPath.js:165:32:196:1 | functio ... lute)\\n} | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:165:32:196:1 | functio ... lute)\\n} | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:165:32:196:1 | functio ... lute)\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:165:32:196:1 | functio ... lute)\\n} | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/TaintedPath.js:165:32:196:1 | functio ... lute)\\n} | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:165:32:196:1 | functio ... lute)\\n} | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:165:32:196:1 | functio ... lute)\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:165:32:196:1 | functio ... lute)\\n} | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/TaintedPath.js:165:32:196:1 | functio ... lute)\\n} | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:165:32:196:1 | functio ... lute)\\n} | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:165:32:196:1 | functio ... lute)\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:165:32:196:1 | functio ... lute)\\n} | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/TaintedPath.js:165:32:196:1 | functio ... lute)\\n} | Xss | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:165:32:196:1 | functio ... lute)\\n} | Xss | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:165:32:196:1 | functio ... lute)\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:165:32:196:1 | functio ... lute)\\n} | Xss | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/TaintedPath.js:169:29:169:68 | path.re ... /g, '') | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/TaintedPath.js:169:29:169:68 | path.re ... /g, '') | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:169:29:169:68 | path.re ... /g, '') | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:169:29:169:68 | path.re ... /g, '') | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/TaintedPath.js:170:29:170:55 | path.re ... /g, '') | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/TaintedPath.js:170:29:170:55 | path.re ... /g, '') | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:170:29:170:55 | path.re ... /g, '') | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:170:29:170:55 | path.re ... /g, '') | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/TaintedPath.js:171:29:171:53 | path.re ... /g, '') | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/TaintedPath.js:171:29:171:53 | path.re ... /g, '') | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:171:29:171:53 | path.re ... /g, '') | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:171:29:171:53 | path.re ... /g, '') | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/TaintedPath.js:172:29:172:64 | path.re ... /g, '') | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/TaintedPath.js:172:29:172:64 | path.re ... /g, '') | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:172:29:172:64 | path.re ... /g, '') | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:172:29:172:64 | path.re ... /g, '') | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/TaintedPath.js:173:29:173:51 | path.re ... /g, '') | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/TaintedPath.js:173:29:173:51 | path.re ... /g, '') | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:173:29:173:51 | path.re ... /g, '') | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:173:29:173:51 | path.re ... /g, '') | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/TaintedPath.js:174:29:174:54 | path.re ... /g, '') | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/TaintedPath.js:174:29:174:54 | path.re ... /g, '') | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:174:29:174:54 | path.re ... /g, '') | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:174:29:174:54 | path.re ... /g, '') | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/TaintedPath.js:176:29:176:52 | path.re ... /g, '') | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/TaintedPath.js:176:29:176:52 | path.re ... /g, '') | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:176:29:176:52 | path.re ... /g, '') | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:176:29:176:52 | path.re ... /g, '') | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/TaintedPath.js:177:29:177:53 | path.re ... /g, '') | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/TaintedPath.js:177:29:177:53 | path.re ... /g, '') | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:177:29:177:53 | path.re ... /g, '') | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:177:29:177:53 | path.re ... /g, '') | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/TaintedPath.js:178:29:178:51 | path.re ... /g, '') | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/TaintedPath.js:178:29:178:51 | path.re ... /g, '') | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:178:29:178:51 | path.re ... /g, '') | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:178:29:178:51 | path.re ... /g, '') | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/TaintedPath.js:179:29:179:57 | path.re ... /g, '') | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/TaintedPath.js:179:29:179:57 | path.re ... /g, '') | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:179:29:179:57 | path.re ... /g, '') | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:179:29:179:57 | path.re ... /g, '') | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/TaintedPath.js:182:31:182:54 | path.re ... /g, '') | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/TaintedPath.js:182:31:182:54 | path.re ... /g, '') | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:182:31:182:54 | path.re ... /g, '') | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:182:31:182:54 | path.re ... /g, '') | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/TaintedPath.js:183:30:183:54 | path.re ... /g, '') | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/TaintedPath.js:183:30:183:54 | path.re ... /g, '') | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:183:30:183:54 | path.re ... /g, '') | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:183:30:183:54 | path.re ... /g, '') | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/TaintedPath.js:184:31:184:53 | path.re ... /g, '') | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/TaintedPath.js:184:31:184:53 | path.re ... /g, '') | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:184:31:184:53 | path.re ... /g, '') | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:184:31:184:53 | path.re ... /g, '') | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/TaintedPath.js:185:30:185:58 | path.re ... /g, '') | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/TaintedPath.js:185:30:185:58 | path.re ... /g, '') | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:185:30:185:58 | path.re ... /g, '') | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:185:30:185:58 | path.re ... /g, '') | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/TaintedPath.js:189:29:189:95 | "prefix ... +/, '') | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/TaintedPath.js:189:29:189:95 | "prefix ... +/, '') | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:189:29:189:95 | "prefix ... +/, '') | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:189:29:189:95 | "prefix ... +/, '') | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/TaintedPath.js:190:29:190:94 | "prefix ... +/, '') | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/TaintedPath.js:190:29:190:94 | "prefix ... +/, '') | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:190:29:190:94 | "prefix ... +/, '') | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:190:29:190:94 | "prefix ... +/, '') | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/TaintedPath.js:191:29:191:90 | "prefix ... +/, '') | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/TaintedPath.js:191:29:191:90 | "prefix ... +/, '') | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:191:29:191:90 | "prefix ... +/, '') | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:191:29:191:90 | "prefix ... +/, '') | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/TaintedPath.js:192:29:192:90 | "prefix ... */, '') | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/TaintedPath.js:192:29:192:90 | "prefix ... */, '') | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:192:29:192:90 | "prefix ... */, '') | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:192:29:192:90 | "prefix ... */, '') | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/TaintedPath.js:194:29:194:73 | "prefix ... +/, '') | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/TaintedPath.js:194:29:194:73 | "prefix ... +/, '') | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:194:29:194:73 | "prefix ... +/, '') | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:194:29:194:73 | "prefix ... +/, '') | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/TaintedPath.js:195:29:195:84 | pathMod ... +/, '') | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/TaintedPath.js:195:29:195:84 | pathMod ... +/, '') | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:195:29:195:84 | pathMod ... +/, '') | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/TaintedPath.js:195:29:195:84 | pathMod ... +/, '') | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/my-async-fs-module.js:1:20:1:23 | 'fs' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/my-async-fs-module.js:1:20:1:23 | 'fs' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/my-async-fs-module.js:1:20:1:23 | 'fs' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/my-async-fs-module.js:1:20:1:23 | 'fs' | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/my-async-fs-module.js:2:29:2:38 | 'bluebird' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/my-async-fs-module.js:2:29:2:38 | 'bluebird' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/my-async-fs-module.js:2:29:2:38 | 'bluebird' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/my-async-fs-module.js:2:29:2:38 | 'bluebird' | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/my-async-fs-module.js:12:27:12:36 | fs[method] | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/my-async-fs-module.js:12:27:12:36 | fs[method] | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/my-async-fs-module.js:12:27:12:36 | fs[method] | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/my-async-fs-module.js:12:27:12:36 | fs[method] | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/my-async-fs-module.js:12:27:12:36 | fs[method] | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/my-async-fs-module.js:12:27:12:36 | fs[method] | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/my-async-fs-module.js:12:27:12:36 | fs[method] | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/my-async-fs-module.js:12:27:12:36 | fs[method] | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/my-async-fs-module.js:12:27:12:36 | fs[method] | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/my-async-fs-module.js:12:27:12:36 | fs[method] | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/my-async-fs-module.js:12:27:12:36 | fs[method] | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/my-async-fs-module.js:12:27:12:36 | fs[method] | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/my-async-fs-module.js:12:27:12:36 | fs[method] | Xss | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/my-async-fs-module.js:12:27:12:36 | fs[method] | Xss | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/my-async-fs-module.js:12:27:12:36 | fs[method] | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/my-async-fs-module.js:12:27:12:36 | fs[method] | Xss | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/my-fs-module.js:3:18:3:21 | "fs" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/my-fs-module.js:3:18:3:21 | "fs" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/my-fs-module.js:3:18:3:21 | "fs" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/my-fs-module.js:3:18:3:21 | "fs" | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/my-fs-module.js:5:18:5:30 | "original-fs" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/my-fs-module.js:5:18:5:30 | "original-fs" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/my-fs-module.js:5:18:5:30 | "original-fs" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/my-fs-module.js:5:18:5:30 | "original-fs" | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/normalizedPaths.js:1:18:1:21 | 'fs' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:1:18:1:21 | 'fs' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:1:18:1:21 | 'fs' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:1:18:1:21 | 'fs' | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/normalizedPaths.js:2:23:2:31 | 'express' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:2:23:2:31 | 'express' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:2:23:2:31 | 'express' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:2:23:2:31 | 'express' | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/normalizedPaths.js:3:19:3:23 | 'url' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:3:19:3:23 | 'url' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:3:19:3:23 | 'url' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:3:19:3:23 | 'url' | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/normalizedPaths.js:4:24:4:42 | 'sanitize-filename' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:4:24:4:42 | 'sanitize-filename' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:4:24:4:42 | 'sanitize-filename' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:4:24:4:42 | 'sanitize-filename' | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/normalizedPaths.js:5:26:5:31 | 'path' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:5:26:5:31 | 'path' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:5:26:5:31 | 'path' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:5:26:5:31 | 'path' | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/normalizedPaths.js:10:9:10:16 | '/basic' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:10:9:10:16 | '/basic' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:10:9:10:16 | '/basic' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:10:9:10:16 | '/basic' | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:10:9:10:16 | '/basic' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:10:9:10:16 | '/basic' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:10:9:10:16 | '/basic' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:10:9:10:16 | '/basic' | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:10:9:10:16 | '/basic' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:10:9:10:16 | '/basic' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:10:9:10:16 | '/basic' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:10:9:10:16 | '/basic' | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:10:9:10:16 | '/basic' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:10:9:10:16 | '/basic' | Xss | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:10:9:10:16 | '/basic' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:10:9:10:16 | '/basic' | Xss | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:10:19:18:1 | (req, r ... OT OK\\n} | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:10:19:18:1 | (req, r ... OT OK\\n} | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:10:19:18:1 | (req, r ... OT OK\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:10:19:18:1 | (req, r ... OT OK\\n} | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:10:19:18:1 | (req, r ... OT OK\\n} | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:10:19:18:1 | (req, r ... OT OK\\n} | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:10:19:18:1 | (req, r ... OT OK\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:10:19:18:1 | (req, r ... OT OK\\n} | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:10:19:18:1 | (req, r ... OT OK\\n} | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:10:19:18:1 | (req, r ... OT OK\\n} | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:10:19:18:1 | (req, r ... OT OK\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:10:19:18:1 | (req, r ... OT OK\\n} | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:10:19:18:1 | (req, r ... OT OK\\n} | Xss | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:10:19:18:1 | (req, r ... OT OK\\n} | Xss | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:10:19:18:1 | (req, r ... OT OK\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:10:19:18:1 | (req, r ... OT OK\\n} | Xss | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:13:19:13:22 | path | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:13:19:13:22 | path | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:13:19:13:22 | path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:13:19:13:22 | path | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/normalizedPaths.js:14:19:14:29 | './' + path | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:14:19:14:29 | './' + path | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:14:19:14:29 | './' + path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:14:19:14:29 | './' + path | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/normalizedPaths.js:15:19:15:38 | path + '/index.html' | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:15:19:15:38 | path + '/index.html' | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:15:19:15:38 | path + '/index.html' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:15:19:15:38 | path + '/index.html' | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/normalizedPaths.js:16:19:16:53 | pathMod ... .html') | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:16:19:16:53 | pathMod ... .html') | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:16:19:16:53 | pathMod ... .html') | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:16:19:16:53 | pathMod ... .html') | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/normalizedPaths.js:17:19:17:57 | pathMod ... , path) | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:17:19:17:57 | pathMod ... , path) | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:17:19:17:57 | pathMod ... , path) | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:17:19:17:57 | pathMod ... , path) | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/normalizedPaths.js:20:9:20:20 | '/normalize' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:20:9:20:20 | '/normalize' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:20:9:20:20 | '/normalize' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:20:9:20:20 | '/normalize' | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:20:9:20:20 | '/normalize' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:20:9:20:20 | '/normalize' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:20:9:20:20 | '/normalize' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:20:9:20:20 | '/normalize' | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:20:9:20:20 | '/normalize' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:20:9:20:20 | '/normalize' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:20:9:20:20 | '/normalize' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:20:9:20:20 | '/normalize' | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:20:9:20:20 | '/normalize' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:20:9:20:20 | '/normalize' | Xss | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:20:9:20:20 | '/normalize' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:20:9:20:20 | '/normalize' | Xss | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:20:23:28:1 | (req, r ... OT OK\\n} | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:20:23:28:1 | (req, r ... OT OK\\n} | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:20:23:28:1 | (req, r ... OT OK\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:20:23:28:1 | (req, r ... OT OK\\n} | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:20:23:28:1 | (req, r ... OT OK\\n} | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:20:23:28:1 | (req, r ... OT OK\\n} | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:20:23:28:1 | (req, r ... OT OK\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:20:23:28:1 | (req, r ... OT OK\\n} | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:20:23:28:1 | (req, r ... OT OK\\n} | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:20:23:28:1 | (req, r ... OT OK\\n} | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:20:23:28:1 | (req, r ... OT OK\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:20:23:28:1 | (req, r ... OT OK\\n} | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:20:23:28:1 | (req, r ... OT OK\\n} | Xss | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:20:23:28:1 | (req, r ... OT OK\\n} | Xss | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:20:23:28:1 | (req, r ... OT OK\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:20:23:28:1 | (req, r ... OT OK\\n} | Xss | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:21:14:21:49 | pathMod ... y.path) | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:21:14:21:49 | pathMod ... y.path) | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:21:14:21:49 | pathMod ... y.path) | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:21:14:21:49 | pathMod ... y.path) | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:23:19:23:22 | path | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:23:19:23:22 | path | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:23:19:23:22 | path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:23:19:23:22 | path | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/normalizedPaths.js:24:19:24:29 | './' + path | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:24:19:24:29 | './' + path | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:24:19:24:29 | './' + path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:24:19:24:29 | './' + path | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/normalizedPaths.js:25:19:25:38 | path + '/index.html' | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:25:19:25:38 | path + '/index.html' | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:25:19:25:38 | path + '/index.html' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:25:19:25:38 | path + '/index.html' | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/normalizedPaths.js:26:19:26:53 | pathMod ... .html') | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:26:19:26:53 | pathMod ... .html') | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:26:19:26:53 | pathMod ... .html') | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:26:19:26:53 | pathMod ... .html') | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/normalizedPaths.js:27:19:27:57 | pathMod ... , path) | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:27:19:27:57 | pathMod ... , path) | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:27:19:27:57 | pathMod ... , path) | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:27:19:27:57 | pathMod ... , path) | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/normalizedPaths.js:30:9:30:32 | '/norma ... solute' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:30:9:30:32 | '/norma ... solute' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:30:9:30:32 | '/norma ... solute' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:30:9:30:32 | '/norma ... solute' | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:30:9:30:32 | '/norma ... solute' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:30:9:30:32 | '/norma ... solute' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:30:9:30:32 | '/norma ... solute' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:30:9:30:32 | '/norma ... solute' | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:30:9:30:32 | '/norma ... solute' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:30:9:30:32 | '/norma ... solute' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:30:9:30:32 | '/norma ... solute' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:30:9:30:32 | '/norma ... solute' | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:30:9:30:32 | '/norma ... solute' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:30:9:30:32 | '/norma ... solute' | Xss | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:30:9:30:32 | '/norma ... solute' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:30:9:30:32 | '/norma ... solute' | Xss | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:30:35:51:1 | (req, r ... // OK\\n} | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:30:35:51:1 | (req, r ... // OK\\n} | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:30:35:51:1 | (req, r ... // OK\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:30:35:51:1 | (req, r ... // OK\\n} | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:30:35:51:1 | (req, r ... // OK\\n} | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:30:35:51:1 | (req, r ... // OK\\n} | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:30:35:51:1 | (req, r ... // OK\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:30:35:51:1 | (req, r ... // OK\\n} | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:30:35:51:1 | (req, r ... // OK\\n} | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:30:35:51:1 | (req, r ... // OK\\n} | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:30:35:51:1 | (req, r ... // OK\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:30:35:51:1 | (req, r ... // OK\\n} | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:30:35:51:1 | (req, r ... // OK\\n} | Xss | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:30:35:51:1 | (req, r ... // OK\\n} | Xss | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:30:35:51:1 | (req, r ... // OK\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:30:35:51:1 | (req, r ... // OK\\n} | Xss | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:31:14:31:49 | pathMod ... y.path) | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:31:14:31:49 | pathMod ... y.path) | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:31:14:31:49 | pathMod ... y.path) | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:31:14:31:49 | pathMod ... y.path) | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:36:19:36:22 | path | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:36:19:36:22 | path | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:36:19:36:22 | path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:36:19:36:22 | path | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/normalizedPaths.js:38:24:38:26 | "." | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:38:24:38:26 | "." | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:38:24:38:26 | "." | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:38:24:38:26 | "." | NosqlInjection | notASinkReason | StringStartsWith | string | -| autogenerated/TaintedPath/normalizedPaths.js:38:24:38:26 | "." | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/normalizedPaths.js:38:24:38:26 | "." | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:38:24:38:26 | "." | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:38:24:38:26 | "." | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:38:24:38:26 | "." | SqlInjection | notASinkReason | StringStartsWith | string | -| autogenerated/TaintedPath/normalizedPaths.js:38:24:38:26 | "." | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/normalizedPaths.js:38:24:38:26 | "." | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:38:24:38:26 | "." | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:38:24:38:26 | "." | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:38:24:38:26 | "." | TaintedPath | notASinkReason | StringStartsWith | string | -| autogenerated/TaintedPath/normalizedPaths.js:38:24:38:26 | "." | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/normalizedPaths.js:38:24:38:26 | "." | Xss | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:38:24:38:26 | "." | Xss | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:38:24:38:26 | "." | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:38:24:38:26 | "." | Xss | notASinkReason | StringStartsWith | string | -| autogenerated/TaintedPath/normalizedPaths.js:38:24:38:26 | "." | Xss | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/normalizedPaths.js:39:21:39:24 | path | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:39:21:39:24 | path | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:39:21:39:24 | path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:39:21:39:24 | path | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/normalizedPaths.js:41:21:41:24 | path | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:41:21:41:24 | path | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:41:21:41:24 | path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:41:21:41:24 | path | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/normalizedPaths.js:43:24:43:27 | ".." | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:43:24:43:27 | ".." | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:43:24:43:27 | ".." | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:43:24:43:27 | ".." | NosqlInjection | notASinkReason | StringStartsWith | string | -| autogenerated/TaintedPath/normalizedPaths.js:43:24:43:27 | ".." | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/normalizedPaths.js:43:24:43:27 | ".." | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:43:24:43:27 | ".." | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:43:24:43:27 | ".." | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:43:24:43:27 | ".." | SqlInjection | notASinkReason | StringStartsWith | string | -| autogenerated/TaintedPath/normalizedPaths.js:43:24:43:27 | ".." | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/normalizedPaths.js:43:24:43:27 | ".." | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:43:24:43:27 | ".." | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:43:24:43:27 | ".." | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:43:24:43:27 | ".." | TaintedPath | notASinkReason | StringStartsWith | string | -| autogenerated/TaintedPath/normalizedPaths.js:43:24:43:27 | ".." | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/normalizedPaths.js:43:24:43:27 | ".." | Xss | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:43:24:43:27 | ".." | Xss | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:43:24:43:27 | ".." | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:43:24:43:27 | ".." | Xss | notASinkReason | StringStartsWith | string | -| autogenerated/TaintedPath/normalizedPaths.js:43:24:43:27 | ".." | Xss | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/normalizedPaths.js:44:21:44:24 | path | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:44:21:44:24 | path | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:44:21:44:24 | path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:44:21:44:24 | path | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/normalizedPaths.js:46:24:46:28 | "../" | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:46:24:46:28 | "../" | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:46:24:46:28 | "../" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:46:24:46:28 | "../" | NosqlInjection | notASinkReason | StringStartsWith | string | -| autogenerated/TaintedPath/normalizedPaths.js:46:24:46:28 | "../" | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/normalizedPaths.js:46:24:46:28 | "../" | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:46:24:46:28 | "../" | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:46:24:46:28 | "../" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:46:24:46:28 | "../" | SqlInjection | notASinkReason | StringStartsWith | string | -| autogenerated/TaintedPath/normalizedPaths.js:46:24:46:28 | "../" | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/normalizedPaths.js:46:24:46:28 | "../" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:46:24:46:28 | "../" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:46:24:46:28 | "../" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:46:24:46:28 | "../" | TaintedPath | notASinkReason | StringStartsWith | string | -| autogenerated/TaintedPath/normalizedPaths.js:46:24:46:28 | "../" | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/normalizedPaths.js:46:24:46:28 | "../" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:46:24:46:28 | "../" | Xss | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:46:24:46:28 | "../" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:46:24:46:28 | "../" | Xss | notASinkReason | StringStartsWith | string | -| autogenerated/TaintedPath/normalizedPaths.js:46:24:46:28 | "../" | Xss | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/normalizedPaths.js:47:21:47:24 | path | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:47:21:47:24 | path | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:47:21:47:24 | path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:47:21:47:24 | path | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/normalizedPaths.js:49:24:49:44 | ".." + ... ule.sep | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:49:24:49:44 | ".." + ... ule.sep | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:49:24:49:44 | ".." + ... ule.sep | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:49:24:49:44 | ".." + ... ule.sep | NosqlInjection | notASinkReason | StringStartsWith | string | -| autogenerated/TaintedPath/normalizedPaths.js:49:24:49:44 | ".." + ... ule.sep | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/normalizedPaths.js:49:24:49:44 | ".." + ... ule.sep | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:49:24:49:44 | ".." + ... ule.sep | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:49:24:49:44 | ".." + ... ule.sep | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:49:24:49:44 | ".." + ... ule.sep | SqlInjection | notASinkReason | StringStartsWith | string | -| autogenerated/TaintedPath/normalizedPaths.js:49:24:49:44 | ".." + ... ule.sep | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/normalizedPaths.js:49:24:49:44 | ".." + ... ule.sep | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:49:24:49:44 | ".." + ... ule.sep | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:49:24:49:44 | ".." + ... ule.sep | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:49:24:49:44 | ".." + ... ule.sep | TaintedPath | notASinkReason | StringStartsWith | string | -| autogenerated/TaintedPath/normalizedPaths.js:49:24:49:44 | ".." + ... ule.sep | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/normalizedPaths.js:49:24:49:44 | ".." + ... ule.sep | Xss | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:49:24:49:44 | ".." + ... ule.sep | Xss | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:49:24:49:44 | ".." + ... ule.sep | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:49:24:49:44 | ".." + ... ule.sep | Xss | notASinkReason | StringStartsWith | string | -| autogenerated/TaintedPath/normalizedPaths.js:49:24:49:44 | ".." + ... ule.sep | Xss | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/normalizedPaths.js:50:21:50:24 | path | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:50:21:50:24 | path | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:50:21:50:24 | path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:50:21:50:24 | path | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/normalizedPaths.js:53:9:53:36 | '/norma ... DotDot' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:53:9:53:36 | '/norma ... DotDot' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:53:9:53:36 | '/norma ... DotDot' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:53:9:53:36 | '/norma ... DotDot' | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:53:9:53:36 | '/norma ... DotDot' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:53:9:53:36 | '/norma ... DotDot' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:53:9:53:36 | '/norma ... DotDot' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:53:9:53:36 | '/norma ... DotDot' | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:53:9:53:36 | '/norma ... DotDot' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:53:9:53:36 | '/norma ... DotDot' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:53:9:53:36 | '/norma ... DotDot' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:53:9:53:36 | '/norma ... DotDot' | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:53:9:53:36 | '/norma ... DotDot' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:53:9:53:36 | '/norma ... DotDot' | Xss | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:53:9:53:36 | '/norma ... DotDot' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:53:9:53:36 | '/norma ... DotDot' | Xss | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:53:39:69:1 | (req, r ... OT OK\\n} | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:53:39:69:1 | (req, r ... OT OK\\n} | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:53:39:69:1 | (req, r ... OT OK\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:53:39:69:1 | (req, r ... OT OK\\n} | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:53:39:69:1 | (req, r ... OT OK\\n} | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:53:39:69:1 | (req, r ... OT OK\\n} | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:53:39:69:1 | (req, r ... OT OK\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:53:39:69:1 | (req, r ... OT OK\\n} | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:53:39:69:1 | (req, r ... OT OK\\n} | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:53:39:69:1 | (req, r ... OT OK\\n} | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:53:39:69:1 | (req, r ... OT OK\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:53:39:69:1 | (req, r ... OT OK\\n} | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:53:39:69:1 | (req, r ... OT OK\\n} | Xss | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:53:39:69:1 | (req, r ... OT OK\\n} | Xss | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:53:39:69:1 | (req, r ... OT OK\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:53:39:69:1 | (req, r ... OT OK\\n} | Xss | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:54:14:54:49 | pathMod ... y.path) | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:54:14:54:49 | pathMod ... y.path) | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:54:14:54:49 | pathMod ... y.path) | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:54:14:54:49 | pathMod ... y.path) | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:56:23:56:26 | ".." | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:56:23:56:26 | ".." | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:56:23:56:26 | ".." | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:56:23:56:26 | ".." | NosqlInjection | notASinkReason | StringStartsWith | string | -| autogenerated/TaintedPath/normalizedPaths.js:56:23:56:26 | ".." | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/normalizedPaths.js:56:23:56:26 | ".." | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:56:23:56:26 | ".." | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:56:23:56:26 | ".." | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:56:23:56:26 | ".." | SqlInjection | notASinkReason | StringStartsWith | string | -| autogenerated/TaintedPath/normalizedPaths.js:56:23:56:26 | ".." | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/normalizedPaths.js:56:23:56:26 | ".." | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:56:23:56:26 | ".." | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:56:23:56:26 | ".." | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:56:23:56:26 | ".." | TaintedPath | notASinkReason | StringStartsWith | string | -| autogenerated/TaintedPath/normalizedPaths.js:56:23:56:26 | ".." | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/normalizedPaths.js:56:23:56:26 | ".." | Xss | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:56:23:56:26 | ".." | Xss | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:56:23:56:26 | ".." | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:56:23:56:26 | ".." | Xss | notASinkReason | StringStartsWith | string | -| autogenerated/TaintedPath/normalizedPaths.js:56:23:56:26 | ".." | Xss | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/normalizedPaths.js:59:19:59:22 | path | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:59:19:59:22 | path | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:59:19:59:22 | path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:59:19:59:22 | path | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/normalizedPaths.js:61:19:61:29 | "./" + path | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:61:19:61:29 | "./" + path | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:61:19:61:29 | "./" + path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:61:19:61:29 | "./" + path | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/normalizedPaths.js:63:19:63:38 | path + "/index.html" | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:63:19:63:38 | path + "/index.html" | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:63:19:63:38 | path + "/index.html" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:63:19:63:38 | path + "/index.html" | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/normalizedPaths.js:66:21:66:24 | path | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:66:21:66:24 | path | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:66:21:66:24 | path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:66:21:66:24 | path | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/normalizedPaths.js:68:21:68:24 | path | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:68:21:68:24 | path | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:68:21:68:24 | path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:68:21:68:24 | path | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/normalizedPaths.js:71:9:71:28 | '/prepend-normalize' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:71:9:71:28 | '/prepend-normalize' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:71:9:71:28 | '/prepend-normalize' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:71:9:71:28 | '/prepend-normalize' | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:71:9:71:28 | '/prepend-normalize' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:71:9:71:28 | '/prepend-normalize' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:71:9:71:28 | '/prepend-normalize' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:71:9:71:28 | '/prepend-normalize' | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:71:9:71:28 | '/prepend-normalize' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:71:9:71:28 | '/prepend-normalize' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:71:9:71:28 | '/prepend-normalize' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:71:9:71:28 | '/prepend-normalize' | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:71:9:71:28 | '/prepend-normalize' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:71:9:71:28 | '/prepend-normalize' | Xss | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:71:9:71:28 | '/prepend-normalize' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:71:9:71:28 | '/prepend-normalize' | Xss | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:71:31:79:1 | (req, r ... OT OK\\n} | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:71:31:79:1 | (req, r ... OT OK\\n} | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:71:31:79:1 | (req, r ... OT OK\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:71:31:79:1 | (req, r ... OT OK\\n} | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:71:31:79:1 | (req, r ... OT OK\\n} | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:71:31:79:1 | (req, r ... OT OK\\n} | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:71:31:79:1 | (req, r ... OT OK\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:71:31:79:1 | (req, r ... OT OK\\n} | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:71:31:79:1 | (req, r ... OT OK\\n} | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:71:31:79:1 | (req, r ... OT OK\\n} | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:71:31:79:1 | (req, r ... OT OK\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:71:31:79:1 | (req, r ... OT OK\\n} | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:71:31:79:1 | (req, r ... OT OK\\n} | Xss | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:71:31:79:1 | (req, r ... OT OK\\n} | Xss | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:71:31:79:1 | (req, r ... OT OK\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:71:31:79:1 | (req, r ... OT OK\\n} | Xss | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:73:14:73:56 | pathMod ... y.path) | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:73:14:73:56 | pathMod ... y.path) | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:73:14:73:56 | pathMod ... y.path) | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:73:14:73:56 | pathMod ... y.path) | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:75:24:75:27 | ".." | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:75:24:75:27 | ".." | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:75:24:75:27 | ".." | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:75:24:75:27 | ".." | NosqlInjection | notASinkReason | StringStartsWith | string | -| autogenerated/TaintedPath/normalizedPaths.js:75:24:75:27 | ".." | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/normalizedPaths.js:75:24:75:27 | ".." | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:75:24:75:27 | ".." | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:75:24:75:27 | ".." | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:75:24:75:27 | ".." | SqlInjection | notASinkReason | StringStartsWith | string | -| autogenerated/TaintedPath/normalizedPaths.js:75:24:75:27 | ".." | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/normalizedPaths.js:75:24:75:27 | ".." | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:75:24:75:27 | ".." | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:75:24:75:27 | ".." | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:75:24:75:27 | ".." | TaintedPath | notASinkReason | StringStartsWith | string | -| autogenerated/TaintedPath/normalizedPaths.js:75:24:75:27 | ".." | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/normalizedPaths.js:75:24:75:27 | ".." | Xss | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:75:24:75:27 | ".." | Xss | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:75:24:75:27 | ".." | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:75:24:75:27 | ".." | Xss | notASinkReason | StringStartsWith | string | -| autogenerated/TaintedPath/normalizedPaths.js:75:24:75:27 | ".." | Xss | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/normalizedPaths.js:76:21:76:24 | path | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:76:21:76:24 | path | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:76:21:76:24 | path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:76:21:76:24 | path | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/normalizedPaths.js:78:22:78:25 | path | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:78:22:78:25 | path | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:78:22:78:25 | path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:78:22:78:25 | path | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/normalizedPaths.js:81:9:81:19 | '/absolute' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:81:9:81:19 | '/absolute' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:81:9:81:19 | '/absolute' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:81:9:81:19 | '/absolute' | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:81:9:81:19 | '/absolute' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:81:9:81:19 | '/absolute' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:81:9:81:19 | '/absolute' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:81:9:81:19 | '/absolute' | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:81:9:81:19 | '/absolute' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:81:9:81:19 | '/absolute' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:81:9:81:19 | '/absolute' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:81:9:81:19 | '/absolute' | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:81:9:81:19 | '/absolute' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:81:9:81:19 | '/absolute' | Xss | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:81:9:81:19 | '/absolute' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:81:9:81:19 | '/absolute' | Xss | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:81:22:91:1 | (req, r ... '../'\\n} | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:81:22:91:1 | (req, r ... '../'\\n} | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:81:22:91:1 | (req, r ... '../'\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:81:22:91:1 | (req, r ... '../'\\n} | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:81:22:91:1 | (req, r ... '../'\\n} | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:81:22:91:1 | (req, r ... '../'\\n} | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:81:22:91:1 | (req, r ... '../'\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:81:22:91:1 | (req, r ... '../'\\n} | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:81:22:91:1 | (req, r ... '../'\\n} | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:81:22:91:1 | (req, r ... '../'\\n} | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:81:22:91:1 | (req, r ... '../'\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:81:22:91:1 | (req, r ... '../'\\n} | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:81:22:91:1 | (req, r ... '../'\\n} | Xss | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:81:22:91:1 | (req, r ... '../'\\n} | Xss | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:81:22:91:1 | (req, r ... '../'\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:81:22:91:1 | (req, r ... '../'\\n} | Xss | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:87:29:87:32 | path | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:87:29:87:32 | path | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:87:29:87:32 | path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:87:29:87:32 | path | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/normalizedPaths.js:89:23:89:38 | '/home/user/www' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:89:23:89:38 | '/home/user/www' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:89:23:89:38 | '/home/user/www' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:89:23:89:38 | '/home/user/www' | NosqlInjection | notASinkReason | StringStartsWith | string | -| autogenerated/TaintedPath/normalizedPaths.js:89:23:89:38 | '/home/user/www' | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/normalizedPaths.js:89:23:89:38 | '/home/user/www' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:89:23:89:38 | '/home/user/www' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:89:23:89:38 | '/home/user/www' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:89:23:89:38 | '/home/user/www' | SqlInjection | notASinkReason | StringStartsWith | string | -| autogenerated/TaintedPath/normalizedPaths.js:89:23:89:38 | '/home/user/www' | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/normalizedPaths.js:89:23:89:38 | '/home/user/www' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:89:23:89:38 | '/home/user/www' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:89:23:89:38 | '/home/user/www' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:89:23:89:38 | '/home/user/www' | TaintedPath | notASinkReason | StringStartsWith | string | -| autogenerated/TaintedPath/normalizedPaths.js:89:23:89:38 | '/home/user/www' | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/normalizedPaths.js:89:23:89:38 | '/home/user/www' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:89:23:89:38 | '/home/user/www' | Xss | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:89:23:89:38 | '/home/user/www' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:89:23:89:38 | '/home/user/www' | Xss | notASinkReason | StringStartsWith | string | -| autogenerated/TaintedPath/normalizedPaths.js:89:23:89:38 | '/home/user/www' | Xss | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/normalizedPaths.js:90:31:90:34 | path | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:90:31:90:34 | path | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:90:31:90:34 | path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:90:31:90:34 | path | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/normalizedPaths.js:93:9:93:30 | '/norma ... solute' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:93:9:93:30 | '/norma ... solute' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:93:9:93:30 | '/norma ... solute' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:93:9:93:30 | '/norma ... solute' | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:93:9:93:30 | '/norma ... solute' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:93:9:93:30 | '/norma ... solute' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:93:9:93:30 | '/norma ... solute' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:93:9:93:30 | '/norma ... solute' | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:93:9:93:30 | '/norma ... solute' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:93:9:93:30 | '/norma ... solute' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:93:9:93:30 | '/norma ... solute' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:93:9:93:30 | '/norma ... solute' | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:93:9:93:30 | '/norma ... solute' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:93:9:93:30 | '/norma ... solute' | Xss | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:93:9:93:30 | '/norma ... solute' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:93:9:93:30 | '/norma ... solute' | Xss | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:93:33:103:1 | (req, r ... // OK\\n} | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:93:33:103:1 | (req, r ... // OK\\n} | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:93:33:103:1 | (req, r ... // OK\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:93:33:103:1 | (req, r ... // OK\\n} | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:93:33:103:1 | (req, r ... // OK\\n} | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:93:33:103:1 | (req, r ... // OK\\n} | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:93:33:103:1 | (req, r ... // OK\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:93:33:103:1 | (req, r ... // OK\\n} | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:93:33:103:1 | (req, r ... // OK\\n} | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:93:33:103:1 | (req, r ... // OK\\n} | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:93:33:103:1 | (req, r ... // OK\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:93:33:103:1 | (req, r ... // OK\\n} | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:93:33:103:1 | (req, r ... // OK\\n} | Xss | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:93:33:103:1 | (req, r ... // OK\\n} | Xss | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:93:33:103:1 | (req, r ... // OK\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:93:33:103:1 | (req, r ... // OK\\n} | Xss | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:94:14:94:49 | pathMod ... y.path) | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:94:14:94:49 | pathMod ... y.path) | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:94:14:94:49 | pathMod ... y.path) | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:94:14:94:49 | pathMod ... y.path) | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:99:29:99:32 | path | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:99:29:99:32 | path | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:99:29:99:32 | path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:99:29:99:32 | path | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/normalizedPaths.js:101:23:101:38 | '/home/user/www' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:101:23:101:38 | '/home/user/www' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:101:23:101:38 | '/home/user/www' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:101:23:101:38 | '/home/user/www' | NosqlInjection | notASinkReason | StringStartsWith | string | -| autogenerated/TaintedPath/normalizedPaths.js:101:23:101:38 | '/home/user/www' | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/normalizedPaths.js:101:23:101:38 | '/home/user/www' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:101:23:101:38 | '/home/user/www' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:101:23:101:38 | '/home/user/www' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:101:23:101:38 | '/home/user/www' | SqlInjection | notASinkReason | StringStartsWith | string | -| autogenerated/TaintedPath/normalizedPaths.js:101:23:101:38 | '/home/user/www' | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/normalizedPaths.js:101:23:101:38 | '/home/user/www' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:101:23:101:38 | '/home/user/www' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:101:23:101:38 | '/home/user/www' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:101:23:101:38 | '/home/user/www' | TaintedPath | notASinkReason | StringStartsWith | string | -| autogenerated/TaintedPath/normalizedPaths.js:101:23:101:38 | '/home/user/www' | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/normalizedPaths.js:101:23:101:38 | '/home/user/www' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:101:23:101:38 | '/home/user/www' | Xss | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:101:23:101:38 | '/home/user/www' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:101:23:101:38 | '/home/user/www' | Xss | notASinkReason | StringStartsWith | string | -| autogenerated/TaintedPath/normalizedPaths.js:101:23:101:38 | '/home/user/www' | Xss | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/normalizedPaths.js:102:31:102:34 | path | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:102:31:102:34 | path | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:102:31:102:34 | path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:102:31:102:34 | path | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/normalizedPaths.js:105:9:105:25 | '/combined-check' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:105:9:105:25 | '/combined-check' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:105:9:105:25 | '/combined-check' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:105:9:105:25 | '/combined-check' | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:105:9:105:25 | '/combined-check' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:105:9:105:25 | '/combined-check' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:105:9:105:25 | '/combined-check' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:105:9:105:25 | '/combined-check' | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:105:9:105:25 | '/combined-check' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:105:9:105:25 | '/combined-check' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:105:9:105:25 | '/combined-check' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:105:9:105:25 | '/combined-check' | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:105:9:105:25 | '/combined-check' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:105:9:105:25 | '/combined-check' | Xss | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:105:9:105:25 | '/combined-check' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:105:9:105:25 | '/combined-check' | Xss | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:105:28:114:1 | (req, r ... // OK\\n} | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:105:28:114:1 | (req, r ... // OK\\n} | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:105:28:114:1 | (req, r ... // OK\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:105:28:114:1 | (req, r ... // OK\\n} | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:105:28:114:1 | (req, r ... // OK\\n} | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:105:28:114:1 | (req, r ... // OK\\n} | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:105:28:114:1 | (req, r ... // OK\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:105:28:114:1 | (req, r ... // OK\\n} | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:105:28:114:1 | (req, r ... // OK\\n} | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:105:28:114:1 | (req, r ... // OK\\n} | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:105:28:114:1 | (req, r ... // OK\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:105:28:114:1 | (req, r ... // OK\\n} | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:105:28:114:1 | (req, r ... // OK\\n} | Xss | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:105:28:114:1 | (req, r ... // OK\\n} | Xss | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:105:28:114:1 | (req, r ... // OK\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:105:28:114:1 | (req, r ... // OK\\n} | Xss | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:106:14:106:49 | pathMod ... y.path) | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:106:14:106:49 | pathMod ... y.path) | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:106:14:106:49 | pathMod ... y.path) | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:106:14:106:49 | pathMod ... y.path) | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:109:23:109:38 | "/home/user/www" | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:109:23:109:38 | "/home/user/www" | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:109:23:109:38 | "/home/user/www" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:109:23:109:38 | "/home/user/www" | NosqlInjection | notASinkReason | StringStartsWith | string | -| autogenerated/TaintedPath/normalizedPaths.js:109:23:109:38 | "/home/user/www" | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/normalizedPaths.js:109:23:109:38 | "/home/user/www" | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:109:23:109:38 | "/home/user/www" | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:109:23:109:38 | "/home/user/www" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:109:23:109:38 | "/home/user/www" | SqlInjection | notASinkReason | StringStartsWith | string | -| autogenerated/TaintedPath/normalizedPaths.js:109:23:109:38 | "/home/user/www" | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/normalizedPaths.js:109:23:109:38 | "/home/user/www" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:109:23:109:38 | "/home/user/www" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:109:23:109:38 | "/home/user/www" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:109:23:109:38 | "/home/user/www" | TaintedPath | notASinkReason | StringStartsWith | string | -| autogenerated/TaintedPath/normalizedPaths.js:109:23:109:38 | "/home/user/www" | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/normalizedPaths.js:109:23:109:38 | "/home/user/www" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:109:23:109:38 | "/home/user/www" | Xss | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:109:23:109:38 | "/home/user/www" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:109:23:109:38 | "/home/user/www" | Xss | notASinkReason | StringStartsWith | string | -| autogenerated/TaintedPath/normalizedPaths.js:109:23:109:38 | "/home/user/www" | Xss | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/normalizedPaths.js:110:21:110:24 | path | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:110:21:110:24 | path | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:110:21:110:24 | path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:110:21:110:24 | path | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/normalizedPaths.js:113:21:113:24 | path | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:113:21:113:24 | path | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:113:21:113:24 | path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:113:21:113:24 | path | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/normalizedPaths.js:116:9:116:19 | '/realpath' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:116:9:116:19 | '/realpath' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:116:9:116:19 | '/realpath' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:116:9:116:19 | '/realpath' | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:116:9:116:19 | '/realpath' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:116:9:116:19 | '/realpath' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:116:9:116:19 | '/realpath' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:116:9:116:19 | '/realpath' | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:116:9:116:19 | '/realpath' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:116:9:116:19 | '/realpath' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:116:9:116:19 | '/realpath' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:116:9:116:19 | '/realpath' | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:116:9:116:19 | '/realpath' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:116:9:116:19 | '/realpath' | Xss | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:116:9:116:19 | '/realpath' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:116:9:116:19 | '/realpath' | Xss | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:116:22:127:1 | (req, r ... // OK\\n} | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:116:22:127:1 | (req, r ... // OK\\n} | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:116:22:127:1 | (req, r ... // OK\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:116:22:127:1 | (req, r ... // OK\\n} | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:116:22:127:1 | (req, r ... // OK\\n} | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:116:22:127:1 | (req, r ... // OK\\n} | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:116:22:127:1 | (req, r ... // OK\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:116:22:127:1 | (req, r ... // OK\\n} | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:116:22:127:1 | (req, r ... // OK\\n} | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:116:22:127:1 | (req, r ... // OK\\n} | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:116:22:127:1 | (req, r ... // OK\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:116:22:127:1 | (req, r ... // OK\\n} | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:116:22:127:1 | (req, r ... // OK\\n} | Xss | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:116:22:127:1 | (req, r ... // OK\\n} | Xss | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:116:22:127:1 | (req, r ... // OK\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:116:22:127:1 | (req, r ... // OK\\n} | Xss | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:117:14:117:44 | fs.real ... y.path) | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:117:14:117:44 | fs.real ... y.path) | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:117:14:117:44 | fs.real ... y.path) | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:117:14:117:44 | fs.real ... y.path) | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:117:30:117:43 | req.query.path | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:117:30:117:43 | req.query.path | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:117:30:117:43 | req.query.path | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:117:30:117:43 | req.query.path | NosqlInjection | notASinkReason | FileSystemAccess | string | -| autogenerated/TaintedPath/normalizedPaths.js:117:30:117:43 | req.query.path | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/normalizedPaths.js:117:30:117:43 | req.query.path | SqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:117:30:117:43 | req.query.path | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:117:30:117:43 | req.query.path | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:117:30:117:43 | req.query.path | SqlInjection | notASinkReason | FileSystemAccess | string | -| autogenerated/TaintedPath/normalizedPaths.js:117:30:117:43 | req.query.path | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/normalizedPaths.js:117:30:117:43 | req.query.path | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:117:30:117:43 | req.query.path | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:117:30:117:43 | req.query.path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:117:30:117:43 | req.query.path | TaintedPath | notASinkReason | FileSystemAccess | string | -| autogenerated/TaintedPath/normalizedPaths.js:117:30:117:43 | req.query.path | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/normalizedPaths.js:117:30:117:43 | req.query.path | Xss | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:117:30:117:43 | req.query.path | Xss | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:117:30:117:43 | req.query.path | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:117:30:117:43 | req.query.path | Xss | notASinkReason | FileSystemAccess | string | -| autogenerated/TaintedPath/normalizedPaths.js:117:30:117:43 | req.query.path | Xss | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/normalizedPaths.js:119:19:119:22 | path | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:119:19:119:22 | path | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:119:19:119:22 | path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:119:19:119:22 | path | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/normalizedPaths.js:120:19:120:53 | pathMod ... .html') | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:120:19:120:53 | pathMod ... .html') | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:120:19:120:53 | pathMod ... .html') | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:120:19:120:53 | pathMod ... .html') | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/normalizedPaths.js:122:23:122:38 | "/home/user/www" | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:122:23:122:38 | "/home/user/www" | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:122:23:122:38 | "/home/user/www" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:122:23:122:38 | "/home/user/www" | NosqlInjection | notASinkReason | StringStartsWith | string | -| autogenerated/TaintedPath/normalizedPaths.js:122:23:122:38 | "/home/user/www" | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/normalizedPaths.js:122:23:122:38 | "/home/user/www" | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:122:23:122:38 | "/home/user/www" | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:122:23:122:38 | "/home/user/www" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:122:23:122:38 | "/home/user/www" | SqlInjection | notASinkReason | StringStartsWith | string | -| autogenerated/TaintedPath/normalizedPaths.js:122:23:122:38 | "/home/user/www" | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/normalizedPaths.js:122:23:122:38 | "/home/user/www" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:122:23:122:38 | "/home/user/www" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:122:23:122:38 | "/home/user/www" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:122:23:122:38 | "/home/user/www" | TaintedPath | notASinkReason | StringStartsWith | string | -| autogenerated/TaintedPath/normalizedPaths.js:122:23:122:38 | "/home/user/www" | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/normalizedPaths.js:122:23:122:38 | "/home/user/www" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:122:23:122:38 | "/home/user/www" | Xss | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:122:23:122:38 | "/home/user/www" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:122:23:122:38 | "/home/user/www" | Xss | notASinkReason | StringStartsWith | string | -| autogenerated/TaintedPath/normalizedPaths.js:122:23:122:38 | "/home/user/www" | Xss | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/normalizedPaths.js:123:21:123:24 | path | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:123:21:123:24 | path | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:123:21:123:24 | path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:123:21:123:24 | path | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/normalizedPaths.js:125:19:125:44 | pathMod ... , path) | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:125:19:125:44 | pathMod ... , path) | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:125:19:125:44 | pathMod ... , path) | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:125:19:125:44 | pathMod ... , path) | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/normalizedPaths.js:126:19:126:57 | pathMod ... , path) | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:126:19:126:57 | pathMod ... , path) | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:126:19:126:57 | pathMod ... , path) | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:126:19:126:57 | pathMod ... , path) | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/normalizedPaths.js:129:9:129:26 | '/coerce-relative' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:129:9:129:26 | '/coerce-relative' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:129:9:129:26 | '/coerce-relative' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:129:9:129:26 | '/coerce-relative' | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:129:9:129:26 | '/coerce-relative' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:129:9:129:26 | '/coerce-relative' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:129:9:129:26 | '/coerce-relative' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:129:9:129:26 | '/coerce-relative' | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:129:9:129:26 | '/coerce-relative' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:129:9:129:26 | '/coerce-relative' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:129:9:129:26 | '/coerce-relative' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:129:9:129:26 | '/coerce-relative' | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:129:9:129:26 | '/coerce-relative' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:129:9:129:26 | '/coerce-relative' | Xss | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:129:9:129:26 | '/coerce-relative' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:129:9:129:26 | '/coerce-relative' | Xss | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:129:29:136:1 | (req, r ... OT OK\\n} | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:129:29:136:1 | (req, r ... OT OK\\n} | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:129:29:136:1 | (req, r ... OT OK\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:129:29:136:1 | (req, r ... OT OK\\n} | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:129:29:136:1 | (req, r ... OT OK\\n} | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:129:29:136:1 | (req, r ... OT OK\\n} | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:129:29:136:1 | (req, r ... OT OK\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:129:29:136:1 | (req, r ... OT OK\\n} | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:129:29:136:1 | (req, r ... OT OK\\n} | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:129:29:136:1 | (req, r ... OT OK\\n} | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:129:29:136:1 | (req, r ... OT OK\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:129:29:136:1 | (req, r ... OT OK\\n} | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:129:29:136:1 | (req, r ... OT OK\\n} | Xss | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:129:29:136:1 | (req, r ... OT OK\\n} | Xss | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:129:29:136:1 | (req, r ... OT OK\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:129:29:136:1 | (req, r ... OT OK\\n} | Xss | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:130:14:130:49 | pathMod ... y.path) | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:130:14:130:49 | pathMod ... y.path) | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:130:14:130:49 | pathMod ... y.path) | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:130:14:130:49 | pathMod ... y.path) | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:132:24:132:27 | '..' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:132:24:132:27 | '..' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:132:24:132:27 | '..' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:132:24:132:27 | '..' | NosqlInjection | notASinkReason | StringStartsWith | string | -| autogenerated/TaintedPath/normalizedPaths.js:132:24:132:27 | '..' | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/normalizedPaths.js:132:24:132:27 | '..' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:132:24:132:27 | '..' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:132:24:132:27 | '..' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:132:24:132:27 | '..' | SqlInjection | notASinkReason | StringStartsWith | string | -| autogenerated/TaintedPath/normalizedPaths.js:132:24:132:27 | '..' | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/normalizedPaths.js:132:24:132:27 | '..' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:132:24:132:27 | '..' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:132:24:132:27 | '..' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:132:24:132:27 | '..' | TaintedPath | notASinkReason | StringStartsWith | string | -| autogenerated/TaintedPath/normalizedPaths.js:132:24:132:27 | '..' | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/normalizedPaths.js:132:24:132:27 | '..' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:132:24:132:27 | '..' | Xss | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:132:24:132:27 | '..' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:132:24:132:27 | '..' | Xss | notASinkReason | StringStartsWith | string | -| autogenerated/TaintedPath/normalizedPaths.js:132:24:132:27 | '..' | Xss | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/normalizedPaths.js:133:21:133:24 | path | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:133:21:133:24 | path | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:133:21:133:24 | path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:133:21:133:24 | path | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/normalizedPaths.js:135:21:135:24 | path | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:135:21:135:24 | path | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:135:21:135:24 | path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:135:21:135:24 | path | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/normalizedPaths.js:138:9:138:26 | '/coerce-absolute' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:138:9:138:26 | '/coerce-absolute' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:138:9:138:26 | '/coerce-absolute' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:138:9:138:26 | '/coerce-absolute' | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:138:9:138:26 | '/coerce-absolute' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:138:9:138:26 | '/coerce-absolute' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:138:9:138:26 | '/coerce-absolute' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:138:9:138:26 | '/coerce-absolute' | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:138:9:138:26 | '/coerce-absolute' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:138:9:138:26 | '/coerce-absolute' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:138:9:138:26 | '/coerce-absolute' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:138:9:138:26 | '/coerce-absolute' | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:138:9:138:26 | '/coerce-absolute' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:138:9:138:26 | '/coerce-absolute' | Xss | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:138:9:138:26 | '/coerce-absolute' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:138:9:138:26 | '/coerce-absolute' | Xss | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:138:29:145:1 | (req, r ... OT OK\\n} | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:138:29:145:1 | (req, r ... OT OK\\n} | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:138:29:145:1 | (req, r ... OT OK\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:138:29:145:1 | (req, r ... OT OK\\n} | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:138:29:145:1 | (req, r ... OT OK\\n} | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:138:29:145:1 | (req, r ... OT OK\\n} | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:138:29:145:1 | (req, r ... OT OK\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:138:29:145:1 | (req, r ... OT OK\\n} | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:138:29:145:1 | (req, r ... OT OK\\n} | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:138:29:145:1 | (req, r ... OT OK\\n} | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:138:29:145:1 | (req, r ... OT OK\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:138:29:145:1 | (req, r ... OT OK\\n} | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:138:29:145:1 | (req, r ... OT OK\\n} | Xss | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:138:29:145:1 | (req, r ... OT OK\\n} | Xss | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:138:29:145:1 | (req, r ... OT OK\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:138:29:145:1 | (req, r ... OT OK\\n} | Xss | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:139:14:139:62 | pathMod ... y.path) | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:139:14:139:62 | pathMod ... y.path) | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:139:14:139:62 | pathMod ... y.path) | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:139:14:139:62 | pathMod ... y.path) | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:141:23:141:38 | '/home/user/www' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:141:23:141:38 | '/home/user/www' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:141:23:141:38 | '/home/user/www' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:141:23:141:38 | '/home/user/www' | NosqlInjection | notASinkReason | StringStartsWith | string | -| autogenerated/TaintedPath/normalizedPaths.js:141:23:141:38 | '/home/user/www' | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/normalizedPaths.js:141:23:141:38 | '/home/user/www' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:141:23:141:38 | '/home/user/www' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:141:23:141:38 | '/home/user/www' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:141:23:141:38 | '/home/user/www' | SqlInjection | notASinkReason | StringStartsWith | string | -| autogenerated/TaintedPath/normalizedPaths.js:141:23:141:38 | '/home/user/www' | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/normalizedPaths.js:141:23:141:38 | '/home/user/www' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:141:23:141:38 | '/home/user/www' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:141:23:141:38 | '/home/user/www' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:141:23:141:38 | '/home/user/www' | TaintedPath | notASinkReason | StringStartsWith | string | -| autogenerated/TaintedPath/normalizedPaths.js:141:23:141:38 | '/home/user/www' | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/normalizedPaths.js:141:23:141:38 | '/home/user/www' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:141:23:141:38 | '/home/user/www' | Xss | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:141:23:141:38 | '/home/user/www' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:141:23:141:38 | '/home/user/www' | Xss | notASinkReason | StringStartsWith | string | -| autogenerated/TaintedPath/normalizedPaths.js:141:23:141:38 | '/home/user/www' | Xss | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/normalizedPaths.js:142:21:142:24 | path | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:142:21:142:24 | path | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:142:21:142:24 | path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:142:21:142:24 | path | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/normalizedPaths.js:144:21:144:24 | path | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:144:21:144:24 | path | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:144:21:144:24 | path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:144:21:144:24 | path | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/normalizedPaths.js:147:9:147:37 | '/conca ... zation' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:147:9:147:37 | '/conca ... zation' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:147:9:147:37 | '/conca ... zation' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:147:9:147:37 | '/conca ... zation' | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:147:9:147:37 | '/conca ... zation' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:147:9:147:37 | '/conca ... zation' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:147:9:147:37 | '/conca ... zation' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:147:9:147:37 | '/conca ... zation' | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:147:9:147:37 | '/conca ... zation' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:147:9:147:37 | '/conca ... zation' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:147:9:147:37 | '/conca ... zation' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:147:9:147:37 | '/conca ... zation' | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:147:9:147:37 | '/conca ... zation' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:147:9:147:37 | '/conca ... zation' | Xss | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:147:9:147:37 | '/conca ... zation' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:147:9:147:37 | '/conca ... zation' | Xss | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:147:40:157:1 | (req, r ... // OK\\n} | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:147:40:157:1 | (req, r ... // OK\\n} | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:147:40:157:1 | (req, r ... // OK\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:147:40:157:1 | (req, r ... // OK\\n} | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:147:40:157:1 | (req, r ... // OK\\n} | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:147:40:157:1 | (req, r ... // OK\\n} | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:147:40:157:1 | (req, r ... // OK\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:147:40:157:1 | (req, r ... // OK\\n} | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:147:40:157:1 | (req, r ... // OK\\n} | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:147:40:157:1 | (req, r ... // OK\\n} | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:147:40:157:1 | (req, r ... // OK\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:147:40:157:1 | (req, r ... // OK\\n} | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:147:40:157:1 | (req, r ... // OK\\n} | Xss | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:147:40:157:1 | (req, r ... // OK\\n} | Xss | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:147:40:157:1 | (req, r ... // OK\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:147:40:157:1 | (req, r ... // OK\\n} | Xss | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:148:14:148:58 | 'foo/' ... y.path) | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:148:14:148:58 | 'foo/' ... y.path) | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:148:14:148:58 | 'foo/' ... y.path) | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:148:14:148:58 | 'foo/' ... y.path) | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:150:24:150:27 | '..' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:150:24:150:27 | '..' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:150:24:150:27 | '..' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:150:24:150:27 | '..' | NosqlInjection | notASinkReason | StringStartsWith | string | -| autogenerated/TaintedPath/normalizedPaths.js:150:24:150:27 | '..' | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/normalizedPaths.js:150:24:150:27 | '..' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:150:24:150:27 | '..' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:150:24:150:27 | '..' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:150:24:150:27 | '..' | SqlInjection | notASinkReason | StringStartsWith | string | -| autogenerated/TaintedPath/normalizedPaths.js:150:24:150:27 | '..' | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/normalizedPaths.js:150:24:150:27 | '..' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:150:24:150:27 | '..' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:150:24:150:27 | '..' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:150:24:150:27 | '..' | TaintedPath | notASinkReason | StringStartsWith | string | -| autogenerated/TaintedPath/normalizedPaths.js:150:24:150:27 | '..' | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/normalizedPaths.js:150:24:150:27 | '..' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:150:24:150:27 | '..' | Xss | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:150:24:150:27 | '..' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:150:24:150:27 | '..' | Xss | notASinkReason | StringStartsWith | string | -| autogenerated/TaintedPath/normalizedPaths.js:150:24:150:27 | '..' | Xss | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/normalizedPaths.js:151:21:151:24 | path | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:151:21:151:24 | path | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:151:21:151:24 | path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:151:21:151:24 | path | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/normalizedPaths.js:153:21:153:24 | path | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:153:21:153:24 | path | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:153:21:153:24 | path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:153:21:153:24 | path | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/normalizedPaths.js:155:22:155:25 | '..' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:155:22:155:25 | '..' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:155:22:155:25 | '..' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:155:22:155:25 | '..' | NosqlInjection | notASinkReason | MembershipCandidateTest | string | -| autogenerated/TaintedPath/normalizedPaths.js:155:22:155:25 | '..' | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/normalizedPaths.js:155:22:155:25 | '..' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:155:22:155:25 | '..' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:155:22:155:25 | '..' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:155:22:155:25 | '..' | SqlInjection | notASinkReason | MembershipCandidateTest | string | -| autogenerated/TaintedPath/normalizedPaths.js:155:22:155:25 | '..' | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/normalizedPaths.js:155:22:155:25 | '..' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:155:22:155:25 | '..' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:155:22:155:25 | '..' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:155:22:155:25 | '..' | TaintedPath | notASinkReason | MembershipCandidateTest | string | -| autogenerated/TaintedPath/normalizedPaths.js:155:22:155:25 | '..' | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/normalizedPaths.js:155:22:155:25 | '..' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:155:22:155:25 | '..' | Xss | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:155:22:155:25 | '..' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:155:22:155:25 | '..' | Xss | notASinkReason | MembershipCandidateTest | string | -| autogenerated/TaintedPath/normalizedPaths.js:155:22:155:25 | '..' | Xss | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/normalizedPaths.js:156:21:156:24 | path | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:156:21:156:24 | path | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:156:21:156:24 | path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:156:21:156:24 | path | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/normalizedPaths.js:159:9:159:19 | '/noDotDot' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:159:9:159:19 | '/noDotDot' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:159:9:159:19 | '/noDotDot' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:159:9:159:19 | '/noDotDot' | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:159:9:159:19 | '/noDotDot' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:159:9:159:19 | '/noDotDot' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:159:9:159:19 | '/noDotDot' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:159:9:159:19 | '/noDotDot' | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:159:9:159:19 | '/noDotDot' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:159:9:159:19 | '/noDotDot' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:159:9:159:19 | '/noDotDot' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:159:9:159:19 | '/noDotDot' | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:159:9:159:19 | '/noDotDot' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:159:9:159:19 | '/noDotDot' | Xss | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:159:9:159:19 | '/noDotDot' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:159:9:159:19 | '/noDotDot' | Xss | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:159:22:171:1 | (req, r ... OT OK\\n} | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:159:22:171:1 | (req, r ... OT OK\\n} | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:159:22:171:1 | (req, r ... OT OK\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:159:22:171:1 | (req, r ... OT OK\\n} | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:159:22:171:1 | (req, r ... OT OK\\n} | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:159:22:171:1 | (req, r ... OT OK\\n} | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:159:22:171:1 | (req, r ... OT OK\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:159:22:171:1 | (req, r ... OT OK\\n} | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:159:22:171:1 | (req, r ... OT OK\\n} | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:159:22:171:1 | (req, r ... OT OK\\n} | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:159:22:171:1 | (req, r ... OT OK\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:159:22:171:1 | (req, r ... OT OK\\n} | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:159:22:171:1 | (req, r ... OT OK\\n} | Xss | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:159:22:171:1 | (req, r ... OT OK\\n} | Xss | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:159:22:171:1 | (req, r ... OT OK\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:159:22:171:1 | (req, r ... OT OK\\n} | Xss | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:160:14:160:49 | pathMod ... y.path) | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:160:14:160:49 | pathMod ... y.path) | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:160:14:160:49 | pathMod ... y.path) | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:160:14:160:49 | pathMod ... y.path) | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:162:21:162:24 | '..' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:162:21:162:24 | '..' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:162:21:162:24 | '..' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:162:21:162:24 | '..' | NosqlInjection | notASinkReason | MembershipCandidateTest | string | -| autogenerated/TaintedPath/normalizedPaths.js:162:21:162:24 | '..' | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/normalizedPaths.js:162:21:162:24 | '..' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:162:21:162:24 | '..' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:162:21:162:24 | '..' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:162:21:162:24 | '..' | SqlInjection | notASinkReason | MembershipCandidateTest | string | -| autogenerated/TaintedPath/normalizedPaths.js:162:21:162:24 | '..' | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/normalizedPaths.js:162:21:162:24 | '..' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:162:21:162:24 | '..' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:162:21:162:24 | '..' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:162:21:162:24 | '..' | TaintedPath | notASinkReason | MembershipCandidateTest | string | -| autogenerated/TaintedPath/normalizedPaths.js:162:21:162:24 | '..' | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/normalizedPaths.js:162:21:162:24 | '..' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:162:21:162:24 | '..' | Xss | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:162:21:162:24 | '..' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:162:21:162:24 | '..' | Xss | notASinkReason | MembershipCandidateTest | string | -| autogenerated/TaintedPath/normalizedPaths.js:162:21:162:24 | '..' | Xss | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/normalizedPaths.js:165:19:165:22 | path | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:165:19:165:22 | path | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:165:19:165:22 | path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:165:19:165:22 | path | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/normalizedPaths.js:168:21:168:24 | path | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:168:21:168:24 | path | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:168:21:168:24 | path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:168:21:168:24 | path | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/normalizedPaths.js:170:21:170:24 | path | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:170:21:170:24 | path | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:170:21:170:24 | path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:170:21:170:24 | path | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/normalizedPaths.js:173:9:173:26 | '/join-regression' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:173:9:173:26 | '/join-regression' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:173:9:173:26 | '/join-regression' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:173:9:173:26 | '/join-regression' | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:173:9:173:26 | '/join-regression' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:173:9:173:26 | '/join-regression' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:173:9:173:26 | '/join-regression' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:173:9:173:26 | '/join-regression' | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:173:9:173:26 | '/join-regression' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:173:9:173:26 | '/join-regression' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:173:9:173:26 | '/join-regression' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:173:9:173:26 | '/join-regression' | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:173:9:173:26 | '/join-regression' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:173:9:173:26 | '/join-regression' | Xss | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:173:9:173:26 | '/join-regression' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:173:9:173:26 | '/join-regression' | Xss | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:173:29:211:1 | (req, r ... OT OK\\n} | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:173:29:211:1 | (req, r ... OT OK\\n} | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:173:29:211:1 | (req, r ... OT OK\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:173:29:211:1 | (req, r ... OT OK\\n} | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:173:29:211:1 | (req, r ... OT OK\\n} | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:173:29:211:1 | (req, r ... OT OK\\n} | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:173:29:211:1 | (req, r ... OT OK\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:173:29:211:1 | (req, r ... OT OK\\n} | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:173:29:211:1 | (req, r ... OT OK\\n} | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:173:29:211:1 | (req, r ... OT OK\\n} | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:173:29:211:1 | (req, r ... OT OK\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:173:29:211:1 | (req, r ... OT OK\\n} | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:173:29:211:1 | (req, r ... OT OK\\n} | Xss | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:173:29:211:1 | (req, r ... OT OK\\n} | Xss | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:173:29:211:1 | (req, r ... OT OK\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:173:29:211:1 | (req, r ... OT OK\\n} | Xss | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:180:23:180:25 | '/' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:180:23:180:25 | '/' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:180:23:180:25 | '/' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:180:23:180:25 | '/' | NosqlInjection | notASinkReason | StringStartsWith | string | -| autogenerated/TaintedPath/normalizedPaths.js:180:23:180:25 | '/' | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/normalizedPaths.js:180:23:180:25 | '/' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:180:23:180:25 | '/' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:180:23:180:25 | '/' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:180:23:180:25 | '/' | SqlInjection | notASinkReason | StringStartsWith | string | -| autogenerated/TaintedPath/normalizedPaths.js:180:23:180:25 | '/' | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/normalizedPaths.js:180:23:180:25 | '/' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:180:23:180:25 | '/' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:180:23:180:25 | '/' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:180:23:180:25 | '/' | TaintedPath | notASinkReason | StringStartsWith | string | -| autogenerated/TaintedPath/normalizedPaths.js:180:23:180:25 | '/' | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/normalizedPaths.js:180:23:180:25 | '/' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:180:23:180:25 | '/' | Xss | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:180:23:180:25 | '/' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:180:23:180:25 | '/' | Xss | notASinkReason | StringStartsWith | string | -| autogenerated/TaintedPath/normalizedPaths.js:180:23:180:25 | '/' | Xss | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/normalizedPaths.js:181:23:181:26 | '/x' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:181:23:181:26 | '/x' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:181:23:181:26 | '/x' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:181:23:181:26 | '/x' | NosqlInjection | notASinkReason | StringStartsWith | string | -| autogenerated/TaintedPath/normalizedPaths.js:181:23:181:26 | '/x' | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/normalizedPaths.js:181:23:181:26 | '/x' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:181:23:181:26 | '/x' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:181:23:181:26 | '/x' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:181:23:181:26 | '/x' | SqlInjection | notASinkReason | StringStartsWith | string | -| autogenerated/TaintedPath/normalizedPaths.js:181:23:181:26 | '/x' | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/normalizedPaths.js:181:23:181:26 | '/x' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:181:23:181:26 | '/x' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:181:23:181:26 | '/x' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:181:23:181:26 | '/x' | TaintedPath | notASinkReason | StringStartsWith | string | -| autogenerated/TaintedPath/normalizedPaths.js:181:23:181:26 | '/x' | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/normalizedPaths.js:181:23:181:26 | '/x' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:181:23:181:26 | '/x' | Xss | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:181:23:181:26 | '/x' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:181:23:181:26 | '/x' | Xss | notASinkReason | StringStartsWith | string | -| autogenerated/TaintedPath/normalizedPaths.js:181:23:181:26 | '/x' | Xss | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/normalizedPaths.js:182:23:182:25 | '.' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:182:23:182:25 | '.' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:182:23:182:25 | '.' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:182:23:182:25 | '.' | NosqlInjection | notASinkReason | StringStartsWith | string | -| autogenerated/TaintedPath/normalizedPaths.js:182:23:182:25 | '.' | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/normalizedPaths.js:182:23:182:25 | '.' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:182:23:182:25 | '.' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:182:23:182:25 | '.' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:182:23:182:25 | '.' | SqlInjection | notASinkReason | StringStartsWith | string | -| autogenerated/TaintedPath/normalizedPaths.js:182:23:182:25 | '.' | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/normalizedPaths.js:182:23:182:25 | '.' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:182:23:182:25 | '.' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:182:23:182:25 | '.' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:182:23:182:25 | '.' | TaintedPath | notASinkReason | StringStartsWith | string | -| autogenerated/TaintedPath/normalizedPaths.js:182:23:182:25 | '.' | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/normalizedPaths.js:182:23:182:25 | '.' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:182:23:182:25 | '.' | Xss | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:182:23:182:25 | '.' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:182:23:182:25 | '.' | Xss | notASinkReason | StringStartsWith | string | -| autogenerated/TaintedPath/normalizedPaths.js:182:23:182:25 | '.' | Xss | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/normalizedPaths.js:184:19:184:22 | path | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:184:19:184:22 | path | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:184:19:184:22 | path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:184:19:184:22 | path | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/normalizedPaths.js:187:21:187:24 | path | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:187:21:187:24 | path | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:187:21:187:24 | path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:187:21:187:24 | path | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/normalizedPaths.js:189:21:189:24 | path | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:189:21:189:24 | path | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:189:21:189:24 | path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:189:21:189:24 | path | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/normalizedPaths.js:191:21:191:24 | '..' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:191:21:191:24 | '..' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:191:21:191:24 | '..' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:191:21:191:24 | '..' | NosqlInjection | notASinkReason | MembershipCandidateTest | string | -| autogenerated/TaintedPath/normalizedPaths.js:191:21:191:24 | '..' | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/normalizedPaths.js:191:21:191:24 | '..' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:191:21:191:24 | '..' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:191:21:191:24 | '..' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:191:21:191:24 | '..' | SqlInjection | notASinkReason | MembershipCandidateTest | string | -| autogenerated/TaintedPath/normalizedPaths.js:191:21:191:24 | '..' | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/normalizedPaths.js:191:21:191:24 | '..' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:191:21:191:24 | '..' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:191:21:191:24 | '..' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:191:21:191:24 | '..' | TaintedPath | notASinkReason | MembershipCandidateTest | string | -| autogenerated/TaintedPath/normalizedPaths.js:191:21:191:24 | '..' | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/normalizedPaths.js:191:21:191:24 | '..' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:191:21:191:24 | '..' | Xss | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:191:21:191:24 | '..' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:191:21:191:24 | '..' | Xss | notASinkReason | MembershipCandidateTest | string | -| autogenerated/TaintedPath/normalizedPaths.js:191:21:191:24 | '..' | Xss | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/normalizedPaths.js:192:21:192:24 | path | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:192:21:192:24 | path | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:192:21:192:24 | path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:192:21:192:24 | path | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/normalizedPaths.js:194:21:194:24 | path | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:194:21:194:24 | path | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:194:21:194:24 | path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:194:21:194:24 | path | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/normalizedPaths.js:196:22:196:25 | '..' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:196:22:196:25 | '..' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:196:22:196:25 | '..' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:196:22:196:25 | '..' | NosqlInjection | notASinkReason | MembershipCandidateTest | string | -| autogenerated/TaintedPath/normalizedPaths.js:196:22:196:25 | '..' | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/normalizedPaths.js:196:22:196:25 | '..' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:196:22:196:25 | '..' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:196:22:196:25 | '..' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:196:22:196:25 | '..' | SqlInjection | notASinkReason | MembershipCandidateTest | string | -| autogenerated/TaintedPath/normalizedPaths.js:196:22:196:25 | '..' | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/normalizedPaths.js:196:22:196:25 | '..' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:196:22:196:25 | '..' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:196:22:196:25 | '..' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:196:22:196:25 | '..' | TaintedPath | notASinkReason | MembershipCandidateTest | string | -| autogenerated/TaintedPath/normalizedPaths.js:196:22:196:25 | '..' | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/normalizedPaths.js:196:22:196:25 | '..' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:196:22:196:25 | '..' | Xss | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:196:22:196:25 | '..' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:196:22:196:25 | '..' | Xss | notASinkReason | MembershipCandidateTest | string | -| autogenerated/TaintedPath/normalizedPaths.js:196:22:196:25 | '..' | Xss | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/normalizedPaths.js:197:21:197:24 | path | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:197:21:197:24 | path | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:197:21:197:24 | path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:197:21:197:24 | path | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/normalizedPaths.js:199:21:199:24 | path | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:199:21:199:24 | path | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:199:21:199:24 | path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:199:21:199:24 | path | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/normalizedPaths.js:202:33:202:48 | '/home/user/www' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:202:33:202:48 | '/home/user/www' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:202:33:202:48 | '/home/user/www' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:202:33:202:48 | '/home/user/www' | NosqlInjection | notASinkReason | StringStartsWith | string | -| autogenerated/TaintedPath/normalizedPaths.js:202:33:202:48 | '/home/user/www' | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/normalizedPaths.js:202:33:202:48 | '/home/user/www' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:202:33:202:48 | '/home/user/www' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:202:33:202:48 | '/home/user/www' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:202:33:202:48 | '/home/user/www' | SqlInjection | notASinkReason | StringStartsWith | string | -| autogenerated/TaintedPath/normalizedPaths.js:202:33:202:48 | '/home/user/www' | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/normalizedPaths.js:202:33:202:48 | '/home/user/www' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:202:33:202:48 | '/home/user/www' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:202:33:202:48 | '/home/user/www' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:202:33:202:48 | '/home/user/www' | TaintedPath | notASinkReason | StringStartsWith | string | -| autogenerated/TaintedPath/normalizedPaths.js:202:33:202:48 | '/home/user/www' | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/normalizedPaths.js:202:33:202:48 | '/home/user/www' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:202:33:202:48 | '/home/user/www' | Xss | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:202:33:202:48 | '/home/user/www' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:202:33:202:48 | '/home/user/www' | Xss | notASinkReason | StringStartsWith | string | -| autogenerated/TaintedPath/normalizedPaths.js:202:33:202:48 | '/home/user/www' | Xss | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/normalizedPaths.js:203:21:203:34 | normalizedPath | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:203:21:203:34 | normalizedPath | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:203:21:203:34 | normalizedPath | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:203:21:203:34 | normalizedPath | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/normalizedPaths.js:205:21:205:34 | normalizedPath | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:205:21:205:34 | normalizedPath | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:205:21:205:34 | normalizedPath | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:205:21:205:34 | normalizedPath | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/normalizedPaths.js:207:33:207:48 | '/home/user/www' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:207:33:207:48 | '/home/user/www' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:207:33:207:48 | '/home/user/www' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:207:33:207:48 | '/home/user/www' | NosqlInjection | notASinkReason | StringStartsWith | string | -| autogenerated/TaintedPath/normalizedPaths.js:207:33:207:48 | '/home/user/www' | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/normalizedPaths.js:207:33:207:48 | '/home/user/www' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:207:33:207:48 | '/home/user/www' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:207:33:207:48 | '/home/user/www' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:207:33:207:48 | '/home/user/www' | SqlInjection | notASinkReason | StringStartsWith | string | -| autogenerated/TaintedPath/normalizedPaths.js:207:33:207:48 | '/home/user/www' | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/normalizedPaths.js:207:33:207:48 | '/home/user/www' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:207:33:207:48 | '/home/user/www' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:207:33:207:48 | '/home/user/www' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:207:33:207:48 | '/home/user/www' | TaintedPath | notASinkReason | StringStartsWith | string | -| autogenerated/TaintedPath/normalizedPaths.js:207:33:207:48 | '/home/user/www' | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/normalizedPaths.js:207:33:207:48 | '/home/user/www' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:207:33:207:48 | '/home/user/www' | Xss | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:207:33:207:48 | '/home/user/www' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:207:33:207:48 | '/home/user/www' | Xss | notASinkReason | StringStartsWith | string | -| autogenerated/TaintedPath/normalizedPaths.js:207:33:207:48 | '/home/user/www' | Xss | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/normalizedPaths.js:207:80:207:98 | '/home/user/public' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:207:80:207:98 | '/home/user/public' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:207:80:207:98 | '/home/user/public' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:207:80:207:98 | '/home/user/public' | NosqlInjection | notASinkReason | StringStartsWith | string | -| autogenerated/TaintedPath/normalizedPaths.js:207:80:207:98 | '/home/user/public' | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/normalizedPaths.js:207:80:207:98 | '/home/user/public' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:207:80:207:98 | '/home/user/public' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:207:80:207:98 | '/home/user/public' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:207:80:207:98 | '/home/user/public' | SqlInjection | notASinkReason | StringStartsWith | string | -| autogenerated/TaintedPath/normalizedPaths.js:207:80:207:98 | '/home/user/public' | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/normalizedPaths.js:207:80:207:98 | '/home/user/public' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:207:80:207:98 | '/home/user/public' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:207:80:207:98 | '/home/user/public' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:207:80:207:98 | '/home/user/public' | TaintedPath | notASinkReason | StringStartsWith | string | -| autogenerated/TaintedPath/normalizedPaths.js:207:80:207:98 | '/home/user/public' | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/normalizedPaths.js:207:80:207:98 | '/home/user/public' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:207:80:207:98 | '/home/user/public' | Xss | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:207:80:207:98 | '/home/user/public' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:207:80:207:98 | '/home/user/public' | Xss | notASinkReason | StringStartsWith | string | -| autogenerated/TaintedPath/normalizedPaths.js:207:80:207:98 | '/home/user/public' | Xss | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/normalizedPaths.js:208:21:208:34 | normalizedPath | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:208:21:208:34 | normalizedPath | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:208:21:208:34 | normalizedPath | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:208:21:208:34 | normalizedPath | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/normalizedPaths.js:210:21:210:34 | normalizedPath | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:210:21:210:34 | normalizedPath | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:210:21:210:34 | normalizedPath | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:210:21:210:34 | normalizedPath | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/normalizedPaths.js:213:9:213:37 | '/decod ... zation' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:213:9:213:37 | '/decod ... zation' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:213:9:213:37 | '/decod ... zation' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:213:9:213:37 | '/decod ... zation' | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:213:9:213:37 | '/decod ... zation' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:213:9:213:37 | '/decod ... zation' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:213:9:213:37 | '/decod ... zation' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:213:9:213:37 | '/decod ... zation' | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:213:9:213:37 | '/decod ... zation' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:213:9:213:37 | '/decod ... zation' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:213:9:213:37 | '/decod ... zation' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:213:9:213:37 | '/decod ... zation' | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:213:9:213:37 | '/decod ... zation' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:213:9:213:37 | '/decod ... zation' | Xss | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:213:9:213:37 | '/decod ... zation' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:213:9:213:37 | '/decod ... zation' | Xss | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:213:40:223:1 | (req, r ... lized\\n} | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:213:40:223:1 | (req, r ... lized\\n} | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:213:40:223:1 | (req, r ... lized\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:213:40:223:1 | (req, r ... lized\\n} | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:213:40:223:1 | (req, r ... lized\\n} | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:213:40:223:1 | (req, r ... lized\\n} | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:213:40:223:1 | (req, r ... lized\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:213:40:223:1 | (req, r ... lized\\n} | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:213:40:223:1 | (req, r ... lized\\n} | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:213:40:223:1 | (req, r ... lized\\n} | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:213:40:223:1 | (req, r ... lized\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:213:40:223:1 | (req, r ... lized\\n} | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:213:40:223:1 | (req, r ... lized\\n} | Xss | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:213:40:223:1 | (req, r ... lized\\n} | Xss | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:213:40:223:1 | (req, r ... lized\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:213:40:223:1 | (req, r ... lized\\n} | Xss | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:214:14:214:49 | pathMod ... y.path) | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:214:14:214:49 | pathMod ... y.path) | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:214:14:214:49 | pathMod ... y.path) | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:214:14:214:49 | pathMod ... y.path) | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:216:56:216:59 | '..' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:216:56:216:59 | '..' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:216:56:216:59 | '..' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:216:56:216:59 | '..' | NosqlInjection | notASinkReason | StringStartsWith | string | -| autogenerated/TaintedPath/normalizedPaths.js:216:56:216:59 | '..' | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/normalizedPaths.js:216:56:216:59 | '..' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:216:56:216:59 | '..' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:216:56:216:59 | '..' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:216:56:216:59 | '..' | SqlInjection | notASinkReason | StringStartsWith | string | -| autogenerated/TaintedPath/normalizedPaths.js:216:56:216:59 | '..' | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/normalizedPaths.js:216:56:216:59 | '..' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:216:56:216:59 | '..' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:216:56:216:59 | '..' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:216:56:216:59 | '..' | TaintedPath | notASinkReason | StringStartsWith | string | -| autogenerated/TaintedPath/normalizedPaths.js:216:56:216:59 | '..' | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/normalizedPaths.js:216:56:216:59 | '..' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:216:56:216:59 | '..' | Xss | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:216:56:216:59 | '..' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:216:56:216:59 | '..' | Xss | notASinkReason | StringStartsWith | string | -| autogenerated/TaintedPath/normalizedPaths.js:216:56:216:59 | '..' | Xss | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/normalizedPaths.js:217:21:217:24 | path | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:217:21:217:24 | path | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:217:21:217:24 | path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:217:21:217:24 | path | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/normalizedPaths.js:219:10:219:33 | decodeU ... t(path) | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:219:10:219:33 | decodeU ... t(path) | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:219:10:219:33 | decodeU ... t(path) | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:219:10:219:33 | decodeU ... t(path) | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:221:56:221:59 | '..' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:221:56:221:59 | '..' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:221:56:221:59 | '..' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:221:56:221:59 | '..' | NosqlInjection | notASinkReason | StringStartsWith | string | -| autogenerated/TaintedPath/normalizedPaths.js:221:56:221:59 | '..' | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/normalizedPaths.js:221:56:221:59 | '..' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:221:56:221:59 | '..' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:221:56:221:59 | '..' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:221:56:221:59 | '..' | SqlInjection | notASinkReason | StringStartsWith | string | -| autogenerated/TaintedPath/normalizedPaths.js:221:56:221:59 | '..' | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/normalizedPaths.js:221:56:221:59 | '..' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:221:56:221:59 | '..' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:221:56:221:59 | '..' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:221:56:221:59 | '..' | TaintedPath | notASinkReason | StringStartsWith | string | -| autogenerated/TaintedPath/normalizedPaths.js:221:56:221:59 | '..' | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/normalizedPaths.js:221:56:221:59 | '..' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:221:56:221:59 | '..' | Xss | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:221:56:221:59 | '..' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:221:56:221:59 | '..' | Xss | notASinkReason | StringStartsWith | string | -| autogenerated/TaintedPath/normalizedPaths.js:221:56:221:59 | '..' | Xss | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/normalizedPaths.js:222:21:222:24 | path | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:222:21:222:24 | path | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:222:21:222:24 | path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:222:21:222:24 | path | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/normalizedPaths.js:225:9:225:18 | '/replace' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:225:9:225:18 | '/replace' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:225:9:225:18 | '/replace' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:225:9:225:18 | '/replace' | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:225:9:225:18 | '/replace' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:225:9:225:18 | '/replace' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:225:9:225:18 | '/replace' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:225:9:225:18 | '/replace' | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:225:9:225:18 | '/replace' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:225:9:225:18 | '/replace' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:225:9:225:18 | '/replace' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:225:9:225:18 | '/replace' | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:225:9:225:18 | '/replace' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:225:9:225:18 | '/replace' | Xss | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:225:9:225:18 | '/replace' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:225:9:225:18 | '/replace' | Xss | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:225:21:233:1 | (req, r ... K\\n }\\n} | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:225:21:233:1 | (req, r ... K\\n }\\n} | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:225:21:233:1 | (req, r ... K\\n }\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:225:21:233:1 | (req, r ... K\\n }\\n} | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:225:21:233:1 | (req, r ... K\\n }\\n} | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:225:21:233:1 | (req, r ... K\\n }\\n} | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:225:21:233:1 | (req, r ... K\\n }\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:225:21:233:1 | (req, r ... K\\n }\\n} | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:225:21:233:1 | (req, r ... K\\n }\\n} | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:225:21:233:1 | (req, r ... K\\n }\\n} | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:225:21:233:1 | (req, r ... K\\n }\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:225:21:233:1 | (req, r ... K\\n }\\n} | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:225:21:233:1 | (req, r ... K\\n }\\n} | Xss | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:225:21:233:1 | (req, r ... K\\n }\\n} | Xss | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:225:21:233:1 | (req, r ... K\\n }\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:225:21:233:1 | (req, r ... K\\n }\\n} | Xss | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:226:14:226:70 | pathMod ... g, ' ') | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:226:14:226:70 | pathMod ... g, ' ') | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:226:14:226:70 | pathMod ... g, ' ') | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:226:14:226:70 | pathMod ... g, ' ') | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:228:21:228:24 | path | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:228:21:228:24 | path | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:228:21:228:24 | path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:228:21:228:24 | path | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/normalizedPaths.js:230:12:230:36 | path.re ... /g, '') | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:230:12:230:36 | path.re ... /g, '') | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:230:12:230:36 | path.re ... /g, '') | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:230:12:230:36 | path.re ... /g, '') | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:231:21:231:24 | path | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:231:21:231:24 | path | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:231:21:231:24 | path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:231:21:231:24 | path | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/normalizedPaths.js:235:9:235:23 | '/resolve-path' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:235:9:235:23 | '/resolve-path' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:235:9:235:23 | '/resolve-path' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:235:9:235:23 | '/resolve-path' | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:235:9:235:23 | '/resolve-path' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:235:9:235:23 | '/resolve-path' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:235:9:235:23 | '/resolve-path' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:235:9:235:23 | '/resolve-path' | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:235:9:235:23 | '/resolve-path' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:235:9:235:23 | '/resolve-path' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:235:9:235:23 | '/resolve-path' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:235:9:235:23 | '/resolve-path' | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:235:9:235:23 | '/resolve-path' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:235:9:235:23 | '/resolve-path' | Xss | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:235:9:235:23 | '/resolve-path' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:235:9:235:23 | '/resolve-path' | Xss | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:235:26:251:1 | (req, r ... arity\\n} | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:235:26:251:1 | (req, r ... arity\\n} | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:235:26:251:1 | (req, r ... arity\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:235:26:251:1 | (req, r ... arity\\n} | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:235:26:251:1 | (req, r ... arity\\n} | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:235:26:251:1 | (req, r ... arity\\n} | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:235:26:251:1 | (req, r ... arity\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:235:26:251:1 | (req, r ... arity\\n} | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:235:26:251:1 | (req, r ... arity\\n} | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:235:26:251:1 | (req, r ... arity\\n} | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:235:26:251:1 | (req, r ... arity\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:235:26:251:1 | (req, r ... arity\\n} | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:235:26:251:1 | (req, r ... arity\\n} | Xss | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:235:26:251:1 | (req, r ... arity\\n} | Xss | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:235:26:251:1 | (req, r ... arity\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:235:26:251:1 | (req, r ... arity\\n} | Xss | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:236:14:236:47 | pathMod ... y.path) | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:236:14:236:47 | pathMod ... y.path) | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:236:14:236:47 | pathMod ... y.path) | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:236:14:236:47 | pathMod ... y.path) | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:238:19:238:22 | path | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:238:19:238:22 | path | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:238:19:238:22 | path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:238:19:238:22 | path | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/normalizedPaths.js:242:22:242:22 | 0 | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:242:22:242:22 | 0 | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:242:22:242:22 | 0 | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:242:22:242:22 | 0 | NosqlInjection | notASinkReason | BuiltinCallName | string | -| autogenerated/TaintedPath/normalizedPaths.js:242:22:242:22 | 0 | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/normalizedPaths.js:242:22:242:22 | 0 | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:242:22:242:22 | 0 | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:242:22:242:22 | 0 | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:242:22:242:22 | 0 | SqlInjection | notASinkReason | BuiltinCallName | string | -| autogenerated/TaintedPath/normalizedPaths.js:242:22:242:22 | 0 | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/normalizedPaths.js:242:22:242:22 | 0 | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:242:22:242:22 | 0 | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:242:22:242:22 | 0 | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:242:22:242:22 | 0 | TaintedPath | notASinkReason | BuiltinCallName | string | -| autogenerated/TaintedPath/normalizedPaths.js:242:22:242:22 | 0 | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/normalizedPaths.js:242:22:242:22 | 0 | Xss | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:242:22:242:22 | 0 | Xss | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:242:22:242:22 | 0 | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:242:22:242:22 | 0 | Xss | notASinkReason | BuiltinCallName | string | -| autogenerated/TaintedPath/normalizedPaths.js:242:22:242:22 | 0 | Xss | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/normalizedPaths.js:242:25:242:39 | self.dir.length | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:242:25:242:39 | self.dir.length | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:242:25:242:39 | self.dir.length | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:242:25:242:39 | self.dir.length | NosqlInjection | notASinkReason | BuiltinCallName | string | -| autogenerated/TaintedPath/normalizedPaths.js:242:25:242:39 | self.dir.length | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/normalizedPaths.js:242:25:242:39 | self.dir.length | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:242:25:242:39 | self.dir.length | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:242:25:242:39 | self.dir.length | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:242:25:242:39 | self.dir.length | SqlInjection | notASinkReason | BuiltinCallName | string | -| autogenerated/TaintedPath/normalizedPaths.js:242:25:242:39 | self.dir.length | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/normalizedPaths.js:242:25:242:39 | self.dir.length | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:242:25:242:39 | self.dir.length | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:242:25:242:39 | self.dir.length | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:242:25:242:39 | self.dir.length | TaintedPath | notASinkReason | BuiltinCallName | string | -| autogenerated/TaintedPath/normalizedPaths.js:242:25:242:39 | self.dir.length | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/normalizedPaths.js:242:25:242:39 | self.dir.length | Xss | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:242:25:242:39 | self.dir.length | Xss | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:242:25:242:39 | self.dir.length | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:242:25:242:39 | self.dir.length | Xss | notASinkReason | BuiltinCallName | string | -| autogenerated/TaintedPath/normalizedPaths.js:242:25:242:39 | self.dir.length | Xss | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/normalizedPaths.js:243:21:243:24 | path | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:243:21:243:24 | path | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:243:21:243:24 | path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:243:21:243:24 | path | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/normalizedPaths.js:245:21:245:24 | path | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:245:21:245:24 | path | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:245:21:245:24 | path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:245:21:245:24 | path | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/normalizedPaths.js:247:18:247:18 | 0 | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:247:18:247:18 | 0 | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:247:18:247:18 | 0 | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:247:18:247:18 | 0 | NosqlInjection | notASinkReason | BuiltinCallName | string | -| autogenerated/TaintedPath/normalizedPaths.js:247:18:247:18 | 0 | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/normalizedPaths.js:247:18:247:18 | 0 | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:247:18:247:18 | 0 | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:247:18:247:18 | 0 | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:247:18:247:18 | 0 | SqlInjection | notASinkReason | BuiltinCallName | string | -| autogenerated/TaintedPath/normalizedPaths.js:247:18:247:18 | 0 | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/normalizedPaths.js:247:18:247:18 | 0 | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:247:18:247:18 | 0 | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:247:18:247:18 | 0 | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:247:18:247:18 | 0 | TaintedPath | notASinkReason | BuiltinCallName | string | -| autogenerated/TaintedPath/normalizedPaths.js:247:18:247:18 | 0 | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/normalizedPaths.js:247:18:247:18 | 0 | Xss | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:247:18:247:18 | 0 | Xss | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:247:18:247:18 | 0 | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:247:18:247:18 | 0 | Xss | notASinkReason | BuiltinCallName | string | -| autogenerated/TaintedPath/normalizedPaths.js:247:18:247:18 | 0 | Xss | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/normalizedPaths.js:247:21:247:35 | self.dir.length | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:247:21:247:35 | self.dir.length | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:247:21:247:35 | self.dir.length | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:247:21:247:35 | self.dir.length | NosqlInjection | notASinkReason | BuiltinCallName | string | -| autogenerated/TaintedPath/normalizedPaths.js:247:21:247:35 | self.dir.length | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/normalizedPaths.js:247:21:247:35 | self.dir.length | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:247:21:247:35 | self.dir.length | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:247:21:247:35 | self.dir.length | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:247:21:247:35 | self.dir.length | SqlInjection | notASinkReason | BuiltinCallName | string | -| autogenerated/TaintedPath/normalizedPaths.js:247:21:247:35 | self.dir.length | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/normalizedPaths.js:247:21:247:35 | self.dir.length | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:247:21:247:35 | self.dir.length | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:247:21:247:35 | self.dir.length | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:247:21:247:35 | self.dir.length | TaintedPath | notASinkReason | BuiltinCallName | string | -| autogenerated/TaintedPath/normalizedPaths.js:247:21:247:35 | self.dir.length | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/normalizedPaths.js:247:21:247:35 | self.dir.length | Xss | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:247:21:247:35 | self.dir.length | Xss | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:247:21:247:35 | self.dir.length | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:247:21:247:35 | self.dir.length | Xss | notASinkReason | BuiltinCallName | string | -| autogenerated/TaintedPath/normalizedPaths.js:247:21:247:35 | self.dir.length | Xss | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/normalizedPaths.js:248:21:248:24 | path | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:248:21:248:24 | path | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:248:21:248:24 | path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:248:21:248:24 | path | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/normalizedPaths.js:250:21:250:24 | path | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:250:21:250:24 | path | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:250:21:250:24 | path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:250:21:250:24 | path | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/normalizedPaths.js:253:9:253:30 | '/relat ... tswith' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:253:9:253:30 | '/relat ... tswith' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:253:9:253:30 | '/relat ... tswith' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:253:9:253:30 | '/relat ... tswith' | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:253:9:253:30 | '/relat ... tswith' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:253:9:253:30 | '/relat ... tswith' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:253:9:253:30 | '/relat ... tswith' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:253:9:253:30 | '/relat ... tswith' | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:253:9:253:30 | '/relat ... tswith' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:253:9:253:30 | '/relat ... tswith' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:253:9:253:30 | '/relat ... tswith' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:253:9:253:30 | '/relat ... tswith' | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:253:9:253:30 | '/relat ... tswith' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:253:9:253:30 | '/relat ... tswith' | Xss | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:253:9:253:30 | '/relat ... tswith' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:253:9:253:30 | '/relat ... tswith' | Xss | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:253:33:298:1 | (req, r ... \\n }\\n} | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:253:33:298:1 | (req, r ... \\n }\\n} | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:253:33:298:1 | (req, r ... \\n }\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:253:33:298:1 | (req, r ... \\n }\\n} | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:253:33:298:1 | (req, r ... \\n }\\n} | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:253:33:298:1 | (req, r ... \\n }\\n} | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:253:33:298:1 | (req, r ... \\n }\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:253:33:298:1 | (req, r ... \\n }\\n} | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:253:33:298:1 | (req, r ... \\n }\\n} | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:253:33:298:1 | (req, r ... \\n }\\n} | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:253:33:298:1 | (req, r ... \\n }\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:253:33:298:1 | (req, r ... \\n }\\n} | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:253:33:298:1 | (req, r ... \\n }\\n} | Xss | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:253:33:298:1 | (req, r ... \\n }\\n} | Xss | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:253:33:298:1 | (req, r ... \\n }\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:253:33:298:1 | (req, r ... \\n }\\n} | Xss | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:254:14:254:47 | pathMod ... y.path) | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:254:14:254:47 | pathMod ... y.path) | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:254:14:254:47 | pathMod ... y.path) | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:254:14:254:47 | pathMod ... y.path) | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:256:19:256:22 | path | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:256:19:256:22 | path | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:256:19:256:22 | path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:256:19:256:22 | path | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/normalizedPaths.js:261:26:261:46 | ".." + ... ule.sep | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:261:26:261:46 | ".." + ... ule.sep | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:261:26:261:46 | ".." + ... ule.sep | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:261:26:261:46 | ".." + ... ule.sep | NosqlInjection | notASinkReason | StringStartsWith | string | -| autogenerated/TaintedPath/normalizedPaths.js:261:26:261:46 | ".." + ... ule.sep | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/normalizedPaths.js:261:26:261:46 | ".." + ... ule.sep | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:261:26:261:46 | ".." + ... ule.sep | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:261:26:261:46 | ".." + ... ule.sep | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:261:26:261:46 | ".." + ... ule.sep | SqlInjection | notASinkReason | StringStartsWith | string | -| autogenerated/TaintedPath/normalizedPaths.js:261:26:261:46 | ".." + ... ule.sep | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/normalizedPaths.js:261:26:261:46 | ".." + ... ule.sep | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:261:26:261:46 | ".." + ... ule.sep | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:261:26:261:46 | ".." + ... ule.sep | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:261:26:261:46 | ".." + ... ule.sep | TaintedPath | notASinkReason | StringStartsWith | string | -| autogenerated/TaintedPath/normalizedPaths.js:261:26:261:46 | ".." + ... ule.sep | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/normalizedPaths.js:261:26:261:46 | ".." + ... ule.sep | Xss | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:261:26:261:46 | ".." + ... ule.sep | Xss | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:261:26:261:46 | ".." + ... ule.sep | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:261:26:261:46 | ".." + ... ule.sep | Xss | notASinkReason | StringStartsWith | string | -| autogenerated/TaintedPath/normalizedPaths.js:261:26:261:46 | ".." + ... ule.sep | Xss | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/normalizedPaths.js:262:21:262:24 | path | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:262:21:262:24 | path | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:262:21:262:24 | path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:262:21:262:24 | path | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/normalizedPaths.js:264:21:264:24 | path | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:264:21:264:24 | path | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:264:21:264:24 | path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:264:21:264:24 | path | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/normalizedPaths.js:269:28:269:48 | '..' + ... ule.sep | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:269:28:269:48 | '..' + ... ule.sep | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:269:28:269:48 | '..' + ... ule.sep | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:269:28:269:48 | '..' + ... ule.sep | NosqlInjection | notASinkReason | BuiltinCallName | string | -| autogenerated/TaintedPath/normalizedPaths.js:269:28:269:48 | '..' + ... ule.sep | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/normalizedPaths.js:269:28:269:48 | '..' + ... ule.sep | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:269:28:269:48 | '..' + ... ule.sep | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:269:28:269:48 | '..' + ... ule.sep | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:269:28:269:48 | '..' + ... ule.sep | SqlInjection | notASinkReason | BuiltinCallName | string | -| autogenerated/TaintedPath/normalizedPaths.js:269:28:269:48 | '..' + ... ule.sep | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/normalizedPaths.js:269:28:269:48 | '..' + ... ule.sep | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:269:28:269:48 | '..' + ... ule.sep | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:269:28:269:48 | '..' + ... ule.sep | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:269:28:269:48 | '..' + ... ule.sep | TaintedPath | notASinkReason | BuiltinCallName | string | -| autogenerated/TaintedPath/normalizedPaths.js:269:28:269:48 | '..' + ... ule.sep | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/normalizedPaths.js:269:28:269:48 | '..' + ... ule.sep | Xss | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:269:28:269:48 | '..' + ... ule.sep | Xss | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:269:28:269:48 | '..' + ... ule.sep | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:269:28:269:48 | '..' + ... ule.sep | Xss | notASinkReason | BuiltinCallName | string | -| autogenerated/TaintedPath/normalizedPaths.js:269:28:269:48 | '..' + ... ule.sep | Xss | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/normalizedPaths.js:270:21:270:27 | newpath | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:270:21:270:27 | newpath | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:270:21:270:27 | newpath | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:270:21:270:27 | newpath | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/normalizedPaths.js:272:21:272:27 | newpath | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:272:21:272:27 | newpath | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:272:21:272:27 | newpath | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:272:21:272:27 | newpath | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/normalizedPaths.js:277:28:277:32 | '../' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:277:28:277:32 | '../' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:277:28:277:32 | '../' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:277:28:277:32 | '../' | NosqlInjection | notASinkReason | BuiltinCallName | string | -| autogenerated/TaintedPath/normalizedPaths.js:277:28:277:32 | '../' | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/normalizedPaths.js:277:28:277:32 | '../' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:277:28:277:32 | '../' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:277:28:277:32 | '../' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:277:28:277:32 | '../' | SqlInjection | notASinkReason | BuiltinCallName | string | -| autogenerated/TaintedPath/normalizedPaths.js:277:28:277:32 | '../' | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/normalizedPaths.js:277:28:277:32 | '../' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:277:28:277:32 | '../' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:277:28:277:32 | '../' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:277:28:277:32 | '../' | TaintedPath | notASinkReason | BuiltinCallName | string | -| autogenerated/TaintedPath/normalizedPaths.js:277:28:277:32 | '../' | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/normalizedPaths.js:277:28:277:32 | '../' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:277:28:277:32 | '../' | Xss | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:277:28:277:32 | '../' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:277:28:277:32 | '../' | Xss | notASinkReason | BuiltinCallName | string | -| autogenerated/TaintedPath/normalizedPaths.js:277:28:277:32 | '../' | Xss | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/normalizedPaths.js:278:21:278:27 | newpath | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:278:21:278:27 | newpath | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:278:21:278:27 | newpath | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:278:21:278:27 | newpath | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/normalizedPaths.js:280:21:280:27 | newpath | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:280:21:280:27 | newpath | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:280:21:280:27 | newpath | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:280:21:280:27 | newpath | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/normalizedPaths.js:285:50:285:54 | '../' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:285:50:285:54 | '../' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:285:50:285:54 | '../' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:285:50:285:54 | '../' | NosqlInjection | notASinkReason | BuiltinCallName | string | -| autogenerated/TaintedPath/normalizedPaths.js:285:50:285:54 | '../' | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/normalizedPaths.js:285:50:285:54 | '../' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:285:50:285:54 | '../' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:285:50:285:54 | '../' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:285:50:285:54 | '../' | SqlInjection | notASinkReason | BuiltinCallName | string | -| autogenerated/TaintedPath/normalizedPaths.js:285:50:285:54 | '../' | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/normalizedPaths.js:285:50:285:54 | '../' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:285:50:285:54 | '../' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:285:50:285:54 | '../' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:285:50:285:54 | '../' | TaintedPath | notASinkReason | BuiltinCallName | string | -| autogenerated/TaintedPath/normalizedPaths.js:285:50:285:54 | '../' | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/normalizedPaths.js:285:50:285:54 | '../' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:285:50:285:54 | '../' | Xss | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:285:50:285:54 | '../' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:285:50:285:54 | '../' | Xss | notASinkReason | BuiltinCallName | string | -| autogenerated/TaintedPath/normalizedPaths.js:285:50:285:54 | '../' | Xss | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/normalizedPaths.js:286:21:286:27 | newpath | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:286:21:286:27 | newpath | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:286:21:286:27 | newpath | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:286:21:286:27 | newpath | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/normalizedPaths.js:288:21:288:27 | newpath | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:288:21:288:27 | newpath | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:288:21:288:27 | newpath | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:288:21:288:27 | newpath | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/normalizedPaths.js:293:50:293:54 | '../' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:293:50:293:54 | '../' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:293:50:293:54 | '../' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:293:50:293:54 | '../' | NosqlInjection | notASinkReason | BuiltinCallName | string | -| autogenerated/TaintedPath/normalizedPaths.js:293:50:293:54 | '../' | NosqlInjection | notASinkReason | StringStartsWith | string | -| autogenerated/TaintedPath/normalizedPaths.js:293:50:293:54 | '../' | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/normalizedPaths.js:293:50:293:54 | '../' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:293:50:293:54 | '../' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:293:50:293:54 | '../' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:293:50:293:54 | '../' | SqlInjection | notASinkReason | BuiltinCallName | string | -| autogenerated/TaintedPath/normalizedPaths.js:293:50:293:54 | '../' | SqlInjection | notASinkReason | StringStartsWith | string | -| autogenerated/TaintedPath/normalizedPaths.js:293:50:293:54 | '../' | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/normalizedPaths.js:293:50:293:54 | '../' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:293:50:293:54 | '../' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:293:50:293:54 | '../' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:293:50:293:54 | '../' | TaintedPath | notASinkReason | BuiltinCallName | string | -| autogenerated/TaintedPath/normalizedPaths.js:293:50:293:54 | '../' | TaintedPath | notASinkReason | StringStartsWith | string | -| autogenerated/TaintedPath/normalizedPaths.js:293:50:293:54 | '../' | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/normalizedPaths.js:293:50:293:54 | '../' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:293:50:293:54 | '../' | Xss | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:293:50:293:54 | '../' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:293:50:293:54 | '../' | Xss | notASinkReason | BuiltinCallName | string | -| autogenerated/TaintedPath/normalizedPaths.js:293:50:293:54 | '../' | Xss | notASinkReason | StringStartsWith | string | -| autogenerated/TaintedPath/normalizedPaths.js:293:50:293:54 | '../' | Xss | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/normalizedPaths.js:294:21:294:27 | newpath | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:294:21:294:27 | newpath | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:294:21:294:27 | newpath | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:294:21:294:27 | newpath | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/normalizedPaths.js:296:21:296:27 | newpath | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:296:21:296:27 | newpath | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:296:21:296:27 | newpath | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:296:21:296:27 | newpath | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/normalizedPaths.js:300:28:300:43 | "is-path-inside" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:300:28:300:43 | "is-path-inside" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:300:28:300:43 | "is-path-inside" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:300:28:300:43 | "is-path-inside" | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/normalizedPaths.js:301:28:301:43 | "path-is-inside" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:301:28:301:43 | "path-is-inside" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:301:28:301:43 | "path-is-inside" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:301:28:301:43 | "path-is-inside" | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/normalizedPaths.js:302:9:302:32 | '/pseud ... ations' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:302:9:302:32 | '/pseud ... ations' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:302:9:302:32 | '/pseud ... ations' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:302:9:302:32 | '/pseud ... ations' | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:302:9:302:32 | '/pseud ... ations' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:302:9:302:32 | '/pseud ... ations' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:302:9:302:32 | '/pseud ... ations' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:302:9:302:32 | '/pseud ... ations' | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:302:9:302:32 | '/pseud ... ations' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:302:9:302:32 | '/pseud ... ations' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:302:9:302:32 | '/pseud ... ations' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:302:9:302:32 | '/pseud ... ations' | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:302:9:302:32 | '/pseud ... ations' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:302:9:302:32 | '/pseud ... ations' | Xss | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:302:9:302:32 | '/pseud ... ations' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:302:9:302:32 | '/pseud ... ations' | Xss | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:302:35:336:1 | (req, r ... \\n\\n\\t}\\n\\n} | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:302:35:336:1 | (req, r ... \\n\\n\\t}\\n\\n} | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:302:35:336:1 | (req, r ... \\n\\n\\t}\\n\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:302:35:336:1 | (req, r ... \\n\\n\\t}\\n\\n} | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:302:35:336:1 | (req, r ... \\n\\n\\t}\\n\\n} | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:302:35:336:1 | (req, r ... \\n\\n\\t}\\n\\n} | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:302:35:336:1 | (req, r ... \\n\\n\\t}\\n\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:302:35:336:1 | (req, r ... \\n\\n\\t}\\n\\n} | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:302:35:336:1 | (req, r ... \\n\\n\\t}\\n\\n} | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:302:35:336:1 | (req, r ... \\n\\n\\t}\\n\\n} | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:302:35:336:1 | (req, r ... \\n\\n\\t}\\n\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:302:35:336:1 | (req, r ... \\n\\n\\t}\\n\\n} | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:302:35:336:1 | (req, r ... \\n\\n\\t}\\n\\n} | Xss | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:302:35:336:1 | (req, r ... \\n\\n\\t}\\n\\n} | Xss | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:302:35:336:1 | (req, r ... \\n\\n\\t}\\n\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:302:35:336:1 | (req, r ... \\n\\n\\t}\\n\\n} | Xss | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:304:18:304:21 | path | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:304:18:304:21 | path | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:304:18:304:21 | path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:304:18:304:21 | path | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/normalizedPaths.js:306:19:306:22 | path | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:306:19:306:22 | path | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:306:19:306:22 | path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:306:19:306:22 | path | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/normalizedPaths.js:309:19:309:22 | path | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:309:19:309:22 | path | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:309:19:309:22 | path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:309:19:309:22 | path | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/normalizedPaths.js:312:19:312:22 | path | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:312:19:312:22 | path | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:312:19:312:22 | path | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:312:19:312:22 | path | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:312:19:312:22 | path | SqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:312:19:312:22 | path | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:312:19:312:22 | path | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:312:19:312:22 | path | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:312:19:312:22 | path | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:312:19:312:22 | path | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:312:19:312:22 | path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:312:19:312:22 | path | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:312:19:312:22 | path | Xss | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:312:19:312:22 | path | Xss | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:312:19:312:22 | path | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:312:19:312:22 | path | Xss | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:312:25:312:28 | SAFE | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:312:25:312:28 | SAFE | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:312:25:312:28 | SAFE | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:312:25:312:28 | SAFE | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:312:25:312:28 | SAFE | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:312:25:312:28 | SAFE | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:312:25:312:28 | SAFE | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:312:25:312:28 | SAFE | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:312:25:312:28 | SAFE | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:312:25:312:28 | SAFE | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:312:25:312:28 | SAFE | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:312:25:312:28 | SAFE | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:312:25:312:28 | SAFE | Xss | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:312:25:312:28 | SAFE | Xss | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:312:25:312:28 | SAFE | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:312:25:312:28 | SAFE | Xss | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:313:19:313:22 | path | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:313:19:313:22 | path | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:313:19:313:22 | path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:313:19:313:22 | path | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/normalizedPaths.js:316:19:316:22 | path | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:316:19:316:22 | path | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:316:19:316:22 | path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:316:19:316:22 | path | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/normalizedPaths.js:321:19:321:32 | normalizedPath | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:321:19:321:32 | normalizedPath | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:321:19:321:32 | normalizedPath | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:321:19:321:32 | normalizedPath | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:321:19:321:32 | normalizedPath | SqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:321:19:321:32 | normalizedPath | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:321:19:321:32 | normalizedPath | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:321:19:321:32 | normalizedPath | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:321:19:321:32 | normalizedPath | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:321:19:321:32 | normalizedPath | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:321:19:321:32 | normalizedPath | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:321:19:321:32 | normalizedPath | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:321:19:321:32 | normalizedPath | Xss | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:321:19:321:32 | normalizedPath | Xss | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:321:19:321:32 | normalizedPath | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:321:19:321:32 | normalizedPath | Xss | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:321:35:321:38 | SAFE | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:321:35:321:38 | SAFE | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:321:35:321:38 | SAFE | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:321:35:321:38 | SAFE | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:321:35:321:38 | SAFE | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:321:35:321:38 | SAFE | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:321:35:321:38 | SAFE | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:321:35:321:38 | SAFE | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:321:35:321:38 | SAFE | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:321:35:321:38 | SAFE | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:321:35:321:38 | SAFE | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:321:35:321:38 | SAFE | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:321:35:321:38 | SAFE | Xss | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:321:35:321:38 | SAFE | Xss | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:321:35:321:38 | SAFE | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:321:35:321:38 | SAFE | Xss | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:322:19:322:32 | normalizedPath | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:322:19:322:32 | normalizedPath | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:322:19:322:32 | normalizedPath | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:322:19:322:32 | normalizedPath | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/normalizedPaths.js:325:19:325:32 | normalizedPath | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:325:19:325:32 | normalizedPath | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:325:19:325:32 | normalizedPath | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:325:19:325:32 | normalizedPath | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/normalizedPaths.js:328:19:328:32 | normalizedPath | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:328:19:328:32 | normalizedPath | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:328:19:328:32 | normalizedPath | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:328:19:328:32 | normalizedPath | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:328:19:328:32 | normalizedPath | SqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:328:19:328:32 | normalizedPath | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:328:19:328:32 | normalizedPath | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:328:19:328:32 | normalizedPath | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:328:19:328:32 | normalizedPath | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:328:19:328:32 | normalizedPath | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:328:19:328:32 | normalizedPath | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:328:19:328:32 | normalizedPath | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:328:19:328:32 | normalizedPath | Xss | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:328:19:328:32 | normalizedPath | Xss | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:328:19:328:32 | normalizedPath | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:328:19:328:32 | normalizedPath | Xss | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:328:35:328:38 | SAFE | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:328:35:328:38 | SAFE | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:328:35:328:38 | SAFE | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:328:35:328:38 | SAFE | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:328:35:328:38 | SAFE | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:328:35:328:38 | SAFE | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:328:35:328:38 | SAFE | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:328:35:328:38 | SAFE | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:328:35:328:38 | SAFE | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:328:35:328:38 | SAFE | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:328:35:328:38 | SAFE | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:328:35:328:38 | SAFE | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:328:35:328:38 | SAFE | Xss | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:328:35:328:38 | SAFE | Xss | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:328:35:328:38 | SAFE | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:328:35:328:38 | SAFE | Xss | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:329:19:329:32 | normalizedPath | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:329:19:329:32 | normalizedPath | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:329:19:329:32 | normalizedPath | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:329:19:329:32 | normalizedPath | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/normalizedPaths.js:332:19:332:32 | normalizedPath | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:332:19:332:32 | normalizedPath | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:332:19:332:32 | normalizedPath | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:332:19:332:32 | normalizedPath | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/normalizedPaths.js:338:9:338:29 | '/yet-a ... prefix' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:338:9:338:29 | '/yet-a ... prefix' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:338:9:338:29 | '/yet-a ... prefix' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:338:9:338:29 | '/yet-a ... prefix' | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:338:9:338:29 | '/yet-a ... prefix' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:338:9:338:29 | '/yet-a ... prefix' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:338:9:338:29 | '/yet-a ... prefix' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:338:9:338:29 | '/yet-a ... prefix' | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:338:9:338:29 | '/yet-a ... prefix' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:338:9:338:29 | '/yet-a ... prefix' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:338:9:338:29 | '/yet-a ... prefix' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:338:9:338:29 | '/yet-a ... prefix' | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:338:9:338:29 | '/yet-a ... prefix' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:338:9:338:29 | '/yet-a ... prefix' | Xss | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:338:9:338:29 | '/yet-a ... prefix' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:338:9:338:29 | '/yet-a ... prefix' | Xss | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:338:32:350:1 | (req, r ... // OK\\n} | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:338:32:350:1 | (req, r ... // OK\\n} | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:338:32:350:1 | (req, r ... // OK\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:338:32:350:1 | (req, r ... // OK\\n} | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:338:32:350:1 | (req, r ... // OK\\n} | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:338:32:350:1 | (req, r ... // OK\\n} | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:338:32:350:1 | (req, r ... // OK\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:338:32:350:1 | (req, r ... // OK\\n} | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:338:32:350:1 | (req, r ... // OK\\n} | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:338:32:350:1 | (req, r ... // OK\\n} | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:338:32:350:1 | (req, r ... // OK\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:338:32:350:1 | (req, r ... // OK\\n} | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:338:32:350:1 | (req, r ... // OK\\n} | Xss | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:338:32:350:1 | (req, r ... // OK\\n} | Xss | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:338:32:350:1 | (req, r ... // OK\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:338:32:350:1 | (req, r ... // OK\\n} | Xss | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:339:13:339:46 | pathMod ... y.path) | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:339:13:339:46 | pathMod ... y.path) | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:339:13:339:46 | pathMod ... y.path) | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:339:13:339:46 | pathMod ... y.path) | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:341:18:341:21 | path | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:341:18:341:21 | path | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:341:18:341:21 | path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:341:18:341:21 | path | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/normalizedPaths.js:345:18:345:21 | root | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:345:18:345:21 | root | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:345:18:345:21 | root | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:345:18:345:21 | root | NosqlInjection | notASinkReason | BuiltinCallName | string | -| autogenerated/TaintedPath/normalizedPaths.js:345:18:345:21 | root | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/normalizedPaths.js:345:18:345:21 | root | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:345:18:345:21 | root | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:345:18:345:21 | root | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:345:18:345:21 | root | SqlInjection | notASinkReason | BuiltinCallName | string | -| autogenerated/TaintedPath/normalizedPaths.js:345:18:345:21 | root | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/normalizedPaths.js:345:18:345:21 | root | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:345:18:345:21 | root | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:345:18:345:21 | root | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:345:18:345:21 | root | TaintedPath | notASinkReason | BuiltinCallName | string | -| autogenerated/TaintedPath/normalizedPaths.js:345:18:345:21 | root | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/normalizedPaths.js:345:18:345:21 | root | Xss | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:345:18:345:21 | root | Xss | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:345:18:345:21 | root | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:345:18:345:21 | root | Xss | notASinkReason | BuiltinCallName | string | -| autogenerated/TaintedPath/normalizedPaths.js:345:18:345:21 | root | Xss | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/normalizedPaths.js:346:19:346:22 | path | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:346:19:346:22 | path | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:346:19:346:22 | path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:346:19:346:22 | path | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/normalizedPaths.js:349:18:349:21 | path | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:349:18:349:21 | path | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:349:18:349:21 | path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:349:18:349:21 | path | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/normalizedPaths.js:353:9:353:30 | '/yet-a ... refix2' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:353:9:353:30 | '/yet-a ... refix2' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:353:9:353:30 | '/yet-a ... refix2' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:353:9:353:30 | '/yet-a ... refix2' | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:353:9:353:30 | '/yet-a ... refix2' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:353:9:353:30 | '/yet-a ... refix2' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:353:9:353:30 | '/yet-a ... refix2' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:353:9:353:30 | '/yet-a ... refix2' | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:353:9:353:30 | '/yet-a ... refix2' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:353:9:353:30 | '/yet-a ... refix2' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:353:9:353:30 | '/yet-a ... refix2' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:353:9:353:30 | '/yet-a ... refix2' | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:353:9:353:30 | '/yet-a ... refix2' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:353:9:353:30 | '/yet-a ... refix2' | Xss | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:353:9:353:30 | '/yet-a ... refix2' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:353:9:353:30 | '/yet-a ... refix2' | Xss | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:353:33:373:1 | (req, r ... ;\\n }\\n} | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:353:33:373:1 | (req, r ... ;\\n }\\n} | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:353:33:373:1 | (req, r ... ;\\n }\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:353:33:373:1 | (req, r ... ;\\n }\\n} | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:353:33:373:1 | (req, r ... ;\\n }\\n} | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:353:33:373:1 | (req, r ... ;\\n }\\n} | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:353:33:373:1 | (req, r ... ;\\n }\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:353:33:373:1 | (req, r ... ;\\n }\\n} | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:353:33:373:1 | (req, r ... ;\\n }\\n} | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:353:33:373:1 | (req, r ... ;\\n }\\n} | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:353:33:373:1 | (req, r ... ;\\n }\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:353:33:373:1 | (req, r ... ;\\n }\\n} | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:353:33:373:1 | (req, r ... ;\\n }\\n} | Xss | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:353:33:373:1 | (req, r ... ;\\n }\\n} | Xss | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:353:33:373:1 | (req, r ... ;\\n }\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:353:33:373:1 | (req, r ... ;\\n }\\n} | Xss | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/normalizedPaths.js:356:19:356:22 | path | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:356:19:356:22 | path | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:356:19:356:22 | path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:356:19:356:22 | path | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/normalizedPaths.js:361:18:361:28 | requestPath | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:361:18:361:28 | requestPath | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:361:18:361:28 | requestPath | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:361:18:361:28 | requestPath | NosqlInjection | notASinkReason | StringStartsWith | string | -| autogenerated/TaintedPath/normalizedPaths.js:361:18:361:28 | requestPath | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/normalizedPaths.js:361:18:361:28 | requestPath | SqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:361:18:361:28 | requestPath | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:361:18:361:28 | requestPath | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:361:18:361:28 | requestPath | SqlInjection | notASinkReason | StringStartsWith | string | -| autogenerated/TaintedPath/normalizedPaths.js:361:18:361:28 | requestPath | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/normalizedPaths.js:361:18:361:28 | requestPath | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:361:18:361:28 | requestPath | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:361:18:361:28 | requestPath | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:361:18:361:28 | requestPath | TaintedPath | notASinkReason | StringStartsWith | string | -| autogenerated/TaintedPath/normalizedPaths.js:361:18:361:28 | requestPath | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/normalizedPaths.js:361:18:361:28 | requestPath | Xss | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:361:18:361:28 | requestPath | Xss | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:361:18:361:28 | requestPath | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:361:18:361:28 | requestPath | Xss | notASinkReason | StringStartsWith | string | -| autogenerated/TaintedPath/normalizedPaths.js:361:18:361:28 | requestPath | Xss | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/normalizedPaths.js:361:31:361:38 | rootPath | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:361:31:361:38 | rootPath | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:361:31:361:38 | rootPath | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:361:31:361:38 | rootPath | NosqlInjection | notASinkReason | StringStartsWith | string | -| autogenerated/TaintedPath/normalizedPaths.js:361:31:361:38 | rootPath | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/normalizedPaths.js:361:31:361:38 | rootPath | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:361:31:361:38 | rootPath | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:361:31:361:38 | rootPath | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:361:31:361:38 | rootPath | SqlInjection | notASinkReason | StringStartsWith | string | -| autogenerated/TaintedPath/normalizedPaths.js:361:31:361:38 | rootPath | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/normalizedPaths.js:361:31:361:38 | rootPath | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:361:31:361:38 | rootPath | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:361:31:361:38 | rootPath | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:361:31:361:38 | rootPath | TaintedPath | notASinkReason | StringStartsWith | string | -| autogenerated/TaintedPath/normalizedPaths.js:361:31:361:38 | rootPath | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/normalizedPaths.js:361:31:361:38 | rootPath | Xss | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:361:31:361:38 | rootPath | Xss | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:361:31:361:38 | rootPath | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:361:31:361:38 | rootPath | Xss | notASinkReason | StringStartsWith | string | -| autogenerated/TaintedPath/normalizedPaths.js:361:31:361:38 | rootPath | Xss | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/normalizedPaths.js:363:21:363:31 | requestPath | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:363:21:363:31 | requestPath | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:363:21:363:31 | requestPath | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:363:21:363:31 | requestPath | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/normalizedPaths.js:366:21:366:31 | requestPath | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:366:21:366:31 | requestPath | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:366:21:366:31 | requestPath | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:366:21:366:31 | requestPath | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/normalizedPaths.js:368:19:368:28 | targetPath | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:368:19:368:28 | targetPath | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:368:19:368:28 | targetPath | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:368:19:368:28 | targetPath | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/normalizedPaths.js:371:32:371:39 | rootPath | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:371:32:371:39 | rootPath | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:371:32:371:39 | rootPath | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:371:32:371:39 | rootPath | NosqlInjection | notASinkReason | BuiltinCallName | string | -| autogenerated/TaintedPath/normalizedPaths.js:371:32:371:39 | rootPath | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/normalizedPaths.js:371:32:371:39 | rootPath | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:371:32:371:39 | rootPath | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:371:32:371:39 | rootPath | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:371:32:371:39 | rootPath | SqlInjection | notASinkReason | BuiltinCallName | string | -| autogenerated/TaintedPath/normalizedPaths.js:371:32:371:39 | rootPath | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/normalizedPaths.js:371:32:371:39 | rootPath | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:371:32:371:39 | rootPath | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:371:32:371:39 | rootPath | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:371:32:371:39 | rootPath | TaintedPath | notASinkReason | BuiltinCallName | string | -| autogenerated/TaintedPath/normalizedPaths.js:371:32:371:39 | rootPath | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/normalizedPaths.js:371:32:371:39 | rootPath | Xss | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:371:32:371:39 | rootPath | Xss | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:371:32:371:39 | rootPath | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/normalizedPaths.js:371:32:371:39 | rootPath | Xss | notASinkReason | BuiltinCallName | string | -| autogenerated/TaintedPath/normalizedPaths.js:371:32:371:39 | rootPath | Xss | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/other-fs-libraries.js:1:20:1:25 | "http" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/other-fs-libraries.js:1:20:1:25 | "http" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/other-fs-libraries.js:1:20:1:25 | "http" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/other-fs-libraries.js:1:20:1:25 | "http" | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/other-fs-libraries.js:2:17:2:21 | "url" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/other-fs-libraries.js:2:17:2:21 | "url" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/other-fs-libraries.js:2:17:2:21 | "url" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/other-fs-libraries.js:2:17:2:21 | "url" | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/other-fs-libraries.js:3:16:3:19 | "fs" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/other-fs-libraries.js:3:16:3:19 | "fs" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/other-fs-libraries.js:3:16:3:19 | "fs" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/other-fs-libraries.js:3:16:3:19 | "fs" | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/other-fs-libraries.js:4:24:4:36 | "graceful-fs" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/other-fs-libraries.js:4:24:4:36 | "graceful-fs" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/other-fs-libraries.js:4:24:4:36 | "graceful-fs" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/other-fs-libraries.js:4:24:4:36 | "graceful-fs" | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/other-fs-libraries.js:5:21:5:30 | "fs-extra" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/other-fs-libraries.js:5:21:5:30 | "fs-extra" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/other-fs-libraries.js:5:21:5:30 | "fs-extra" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/other-fs-libraries.js:5:21:5:30 | "fs-extra" | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/other-fs-libraries.js:6:24:6:36 | "original-fs" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/other-fs-libraries.js:6:24:6:36 | "original-fs" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/other-fs-libraries.js:6:24:6:36 | "original-fs" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/other-fs-libraries.js:6:24:6:36 | "original-fs" | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/other-fs-libraries.js:8:32:25:1 | functio ... OT OK\\n} | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/other-fs-libraries.js:8:32:25:1 | functio ... OT OK\\n} | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/other-fs-libraries.js:8:32:25:1 | functio ... OT OK\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/other-fs-libraries.js:8:32:25:1 | functio ... OT OK\\n} | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/other-fs-libraries.js:8:32:25:1 | functio ... OT OK\\n} | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/other-fs-libraries.js:8:32:25:1 | functio ... OT OK\\n} | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/other-fs-libraries.js:8:32:25:1 | functio ... OT OK\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/other-fs-libraries.js:8:32:25:1 | functio ... OT OK\\n} | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/other-fs-libraries.js:8:32:25:1 | functio ... OT OK\\n} | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/other-fs-libraries.js:8:32:25:1 | functio ... OT OK\\n} | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/other-fs-libraries.js:8:32:25:1 | functio ... OT OK\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/other-fs-libraries.js:8:32:25:1 | functio ... OT OK\\n} | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/other-fs-libraries.js:8:32:25:1 | functio ... OT OK\\n} | Xss | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/other-fs-libraries.js:8:32:25:1 | functio ... OT OK\\n} | Xss | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/other-fs-libraries.js:8:32:25:1 | functio ... OT OK\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/other-fs-libraries.js:8:32:25:1 | functio ... OT OK\\n} | Xss | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/other-fs-libraries.js:11:19:11:22 | path | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/other-fs-libraries.js:11:19:11:22 | path | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/other-fs-libraries.js:11:19:11:22 | path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/other-fs-libraries.js:11:19:11:22 | path | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/other-fs-libraries.js:12:27:12:30 | path | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/other-fs-libraries.js:12:27:12:30 | path | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/other-fs-libraries.js:12:27:12:30 | path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/other-fs-libraries.js:12:27:12:30 | path | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/other-fs-libraries.js:13:24:13:27 | path | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/other-fs-libraries.js:13:24:13:27 | path | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/other-fs-libraries.js:13:24:13:27 | path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/other-fs-libraries.js:13:24:13:27 | path | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/other-fs-libraries.js:14:27:14:30 | path | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/other-fs-libraries.js:14:27:14:30 | path | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/other-fs-libraries.js:14:27:14:30 | path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/other-fs-libraries.js:14:27:14:30 | path | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/other-fs-libraries.js:16:34:16:37 | path | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/other-fs-libraries.js:16:34:16:37 | path | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/other-fs-libraries.js:16:34:16:37 | path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/other-fs-libraries.js:16:34:16:37 | path | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/other-fs-libraries.js:17:35:17:38 | path | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/other-fs-libraries.js:17:35:17:38 | path | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/other-fs-libraries.js:17:35:17:38 | path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/other-fs-libraries.js:17:35:17:38 | path | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/other-fs-libraries.js:19:11:19:26 | "./my-fs-module" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/other-fs-libraries.js:19:11:19:26 | "./my-fs-module" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/other-fs-libraries.js:19:11:19:26 | "./my-fs-module" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/other-fs-libraries.js:19:11:19:26 | "./my-fs-module" | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/other-fs-libraries.js:19:56:19:59 | path | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/other-fs-libraries.js:19:56:19:59 | path | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/other-fs-libraries.js:19:56:19:59 | path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/other-fs-libraries.js:19:56:19:59 | path | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/other-fs-libraries.js:21:36:23:10 | process ... : "fs" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/other-fs-libraries.js:21:36:23:10 | process ... : "fs" | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/other-fs-libraries.js:21:36:23:10 | process ... : "fs" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/other-fs-libraries.js:21:36:23:10 | process ... : "fs" | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/other-fs-libraries.js:24:35:24:38 | path | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/other-fs-libraries.js:24:35:24:38 | path | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/other-fs-libraries.js:24:35:24:38 | path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/other-fs-libraries.js:24:35:24:38 | path | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/other-fs-libraries.js:29:20:29:23 | "fs" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/other-fs-libraries.js:29:20:29:23 | "fs" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/other-fs-libraries.js:29:20:29:23 | "fs" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/other-fs-libraries.js:29:20:29:23 | "fs" | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/other-fs-libraries.js:31:20:31:32 | "original-fs" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/other-fs-libraries.js:31:20:31:32 | "original-fs" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/other-fs-libraries.js:31:20:31:32 | "original-fs" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/other-fs-libraries.js:31:20:31:32 | "original-fs" | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/other-fs-libraries.js:35:20:35:25 | "util" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/other-fs-libraries.js:35:20:35:25 | "util" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/other-fs-libraries.js:35:20:35:25 | "util" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/other-fs-libraries.js:35:20:35:25 | "util" | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/other-fs-libraries.js:37:19:43:1 | functio ... OT OK\\n} | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/other-fs-libraries.js:37:19:43:1 | functio ... OT OK\\n} | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/other-fs-libraries.js:37:19:43:1 | functio ... OT OK\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/other-fs-libraries.js:37:19:43:1 | functio ... OT OK\\n} | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/other-fs-libraries.js:37:19:43:1 | functio ... OT OK\\n} | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/other-fs-libraries.js:37:19:43:1 | functio ... OT OK\\n} | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/other-fs-libraries.js:37:19:43:1 | functio ... OT OK\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/other-fs-libraries.js:37:19:43:1 | functio ... OT OK\\n} | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/other-fs-libraries.js:37:19:43:1 | functio ... OT OK\\n} | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/other-fs-libraries.js:37:19:43:1 | functio ... OT OK\\n} | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/other-fs-libraries.js:37:19:43:1 | functio ... OT OK\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/other-fs-libraries.js:37:19:43:1 | functio ... OT OK\\n} | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/other-fs-libraries.js:37:19:43:1 | functio ... OT OK\\n} | Xss | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/other-fs-libraries.js:37:19:43:1 | functio ... OT OK\\n} | Xss | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/other-fs-libraries.js:37:19:43:1 | functio ... OT OK\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/other-fs-libraries.js:37:19:43:1 | functio ... OT OK\\n} | Xss | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/other-fs-libraries.js:40:18:40:32 | fs.readFileSync | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/other-fs-libraries.js:40:18:40:32 | fs.readFileSync | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/other-fs-libraries.js:40:18:40:32 | fs.readFileSync | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/other-fs-libraries.js:40:18:40:32 | fs.readFileSync | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/other-fs-libraries.js:40:18:40:32 | fs.readFileSync | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/other-fs-libraries.js:40:18:40:32 | fs.readFileSync | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/other-fs-libraries.js:40:18:40:32 | fs.readFileSync | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/other-fs-libraries.js:40:18:40:32 | fs.readFileSync | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/other-fs-libraries.js:40:18:40:32 | fs.readFileSync | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/other-fs-libraries.js:40:18:40:32 | fs.readFileSync | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/other-fs-libraries.js:40:18:40:32 | fs.readFileSync | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/other-fs-libraries.js:40:18:40:32 | fs.readFileSync | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/other-fs-libraries.js:40:18:40:32 | fs.readFileSync | Xss | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/other-fs-libraries.js:40:18:40:32 | fs.readFileSync | Xss | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/other-fs-libraries.js:40:18:40:32 | fs.readFileSync | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/other-fs-libraries.js:40:18:40:32 | fs.readFileSync | Xss | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/other-fs-libraries.js:40:35:40:38 | path | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/other-fs-libraries.js:40:35:40:38 | path | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/other-fs-libraries.js:40:35:40:38 | path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/other-fs-libraries.js:40:35:40:38 | path | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/other-fs-libraries.js:41:11:41:20 | "bluebird" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/other-fs-libraries.js:41:11:41:20 | "bluebird" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/other-fs-libraries.js:41:11:41:20 | "bluebird" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/other-fs-libraries.js:41:11:41:20 | "bluebird" | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/other-fs-libraries.js:41:33:41:47 | fs.readFileSync | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/other-fs-libraries.js:41:33:41:47 | fs.readFileSync | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/other-fs-libraries.js:41:33:41:47 | fs.readFileSync | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/other-fs-libraries.js:41:33:41:47 | fs.readFileSync | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/other-fs-libraries.js:41:33:41:47 | fs.readFileSync | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/other-fs-libraries.js:41:33:41:47 | fs.readFileSync | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/other-fs-libraries.js:41:33:41:47 | fs.readFileSync | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/other-fs-libraries.js:41:33:41:47 | fs.readFileSync | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/other-fs-libraries.js:41:33:41:47 | fs.readFileSync | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/other-fs-libraries.js:41:33:41:47 | fs.readFileSync | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/other-fs-libraries.js:41:33:41:47 | fs.readFileSync | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/other-fs-libraries.js:41:33:41:47 | fs.readFileSync | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/other-fs-libraries.js:41:33:41:47 | fs.readFileSync | Xss | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/other-fs-libraries.js:41:33:41:47 | fs.readFileSync | Xss | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/other-fs-libraries.js:41:33:41:47 | fs.readFileSync | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/other-fs-libraries.js:41:33:41:47 | fs.readFileSync | Xss | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/other-fs-libraries.js:41:50:41:53 | path | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/other-fs-libraries.js:41:50:41:53 | path | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/other-fs-libraries.js:41:50:41:53 | path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/other-fs-libraries.js:41:50:41:53 | path | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/other-fs-libraries.js:42:11:42:20 | "bluebird" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/other-fs-libraries.js:42:11:42:20 | "bluebird" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/other-fs-libraries.js:42:11:42:20 | "bluebird" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/other-fs-libraries.js:42:11:42:20 | "bluebird" | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/other-fs-libraries.js:42:36:42:37 | fs | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/other-fs-libraries.js:42:36:42:37 | fs | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/other-fs-libraries.js:42:36:42:37 | fs | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/other-fs-libraries.js:42:36:42:37 | fs | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/other-fs-libraries.js:42:36:42:37 | fs | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/other-fs-libraries.js:42:36:42:37 | fs | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/other-fs-libraries.js:42:36:42:37 | fs | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/other-fs-libraries.js:42:36:42:37 | fs | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/other-fs-libraries.js:42:36:42:37 | fs | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/other-fs-libraries.js:42:36:42:37 | fs | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/other-fs-libraries.js:42:36:42:37 | fs | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/other-fs-libraries.js:42:36:42:37 | fs | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/other-fs-libraries.js:42:36:42:37 | fs | Xss | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/other-fs-libraries.js:42:36:42:37 | fs | Xss | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/other-fs-libraries.js:42:36:42:37 | fs | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/other-fs-libraries.js:42:36:42:37 | fs | Xss | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/other-fs-libraries.js:42:53:42:56 | path | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/other-fs-libraries.js:42:53:42:56 | path | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/other-fs-libraries.js:42:53:42:56 | path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/other-fs-libraries.js:42:53:42:56 | path | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/other-fs-libraries.js:46:25:46:46 | "./my-a ... module" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/other-fs-libraries.js:46:25:46:46 | "./my-a ... module" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/other-fs-libraries.js:46:25:46:46 | "./my-a ... module" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/other-fs-libraries.js:46:25:46:46 | "./my-a ... module" | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/other-fs-libraries.js:48:19:53:1 | functio ... OT OK\\n} | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/other-fs-libraries.js:48:19:53:1 | functio ... OT OK\\n} | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/other-fs-libraries.js:48:19:53:1 | functio ... OT OK\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/other-fs-libraries.js:48:19:53:1 | functio ... OT OK\\n} | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/other-fs-libraries.js:48:19:53:1 | functio ... OT OK\\n} | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/other-fs-libraries.js:48:19:53:1 | functio ... OT OK\\n} | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/other-fs-libraries.js:48:19:53:1 | functio ... OT OK\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/other-fs-libraries.js:48:19:53:1 | functio ... OT OK\\n} | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/other-fs-libraries.js:48:19:53:1 | functio ... OT OK\\n} | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/other-fs-libraries.js:48:19:53:1 | functio ... OT OK\\n} | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/other-fs-libraries.js:48:19:53:1 | functio ... OT OK\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/other-fs-libraries.js:48:19:53:1 | functio ... OT OK\\n} | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/other-fs-libraries.js:48:19:53:1 | functio ... OT OK\\n} | Xss | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/other-fs-libraries.js:48:19:53:1 | functio ... OT OK\\n} | Xss | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/other-fs-libraries.js:48:19:53:1 | functio ... OT OK\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/other-fs-libraries.js:48:19:53:1 | functio ... OT OK\\n} | Xss | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/other-fs-libraries.js:51:19:51:22 | path | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/other-fs-libraries.js:51:19:51:22 | path | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/other-fs-libraries.js:51:19:51:22 | path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/other-fs-libraries.js:51:19:51:22 | path | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/other-fs-libraries.js:52:24:52:27 | path | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/other-fs-libraries.js:52:24:52:27 | path | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/other-fs-libraries.js:52:24:52:27 | path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/other-fs-libraries.js:52:24:52:27 | path | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/pupeteer.js:1:27:1:37 | 'puppeteer' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/pupeteer.js:1:27:1:37 | 'puppeteer' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/pupeteer.js:1:27:1:37 | 'puppeteer' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/pupeteer.js:1:27:1:37 | 'puppeteer' | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/pupeteer.js:2:30:2:44 | 'parse-torrent' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/pupeteer.js:2:30:2:44 | 'parse-torrent' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/pupeteer.js:2:30:2:44 | 'parse-torrent' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/pupeteer.js:2:30:2:44 | 'parse-torrent' | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/pupeteer.js:5:41:5:47 | torrent | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/pupeteer.js:5:41:5:47 | torrent | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/pupeteer.js:5:41:5:47 | torrent | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/pupeteer.js:5:41:5:47 | torrent | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/pupeteer.js:5:41:5:47 | torrent | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/pupeteer.js:5:41:5:47 | torrent | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/pupeteer.js:5:41:5:47 | torrent | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/pupeteer.js:5:41:5:47 | torrent | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/pupeteer.js:5:41:5:47 | torrent | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/pupeteer.js:5:41:5:47 | torrent | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/pupeteer.js:5:41:5:47 | torrent | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/pupeteer.js:5:41:5:47 | torrent | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/pupeteer.js:5:41:5:47 | torrent | Xss | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/pupeteer.js:5:41:5:47 | torrent | Xss | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/pupeteer.js:5:41:5:47 | torrent | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/pupeteer.js:5:41:5:47 | torrent | Xss | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/pupeteer.js:9:20:9:50 | { path: ... 'a4' } | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/pupeteer.js:9:20:9:50 | { path: ... 'a4' } | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/pupeteer.js:9:20:9:50 | { path: ... 'a4' } | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/pupeteer.js:9:20:9:50 | { path: ... 'a4' } | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/pupeteer.js:9:20:9:50 | { path: ... 'a4' } | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/pupeteer.js:9:20:9:50 | { path: ... 'a4' } | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/pupeteer.js:9:20:9:50 | { path: ... 'a4' } | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/pupeteer.js:9:20:9:50 | { path: ... 'a4' } | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/pupeteer.js:9:20:9:50 | { path: ... 'a4' } | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/pupeteer.js:9:20:9:50 | { path: ... 'a4' } | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/pupeteer.js:9:20:9:50 | { path: ... 'a4' } | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/pupeteer.js:9:20:9:50 | { path: ... 'a4' } | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/pupeteer.js:9:20:9:50 | { path: ... 'a4' } | Xss | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/pupeteer.js:9:20:9:50 | { path: ... 'a4' } | Xss | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/pupeteer.js:9:20:9:50 | { path: ... 'a4' } | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/pupeteer.js:9:20:9:50 | { path: ... 'a4' } | Xss | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/pupeteer.js:9:28:9:34 | tainted | SqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/pupeteer.js:9:28:9:34 | tainted | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/pupeteer.js:9:28:9:34 | tainted | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/pupeteer.js:9:28:9:34 | tainted | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/pupeteer.js:9:28:9:34 | tainted | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/pupeteer.js:9:28:9:34 | tainted | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/pupeteer.js:9:28:9:34 | tainted | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/pupeteer.js:9:28:9:34 | tainted | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/pupeteer.js:9:28:9:34 | tainted | Xss | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/pupeteer.js:9:28:9:34 | tainted | Xss | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/pupeteer.js:9:28:9:34 | tainted | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/pupeteer.js:9:28:9:34 | tainted | Xss | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/pupeteer.js:9:45:9:48 | 'a4' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/pupeteer.js:9:45:9:48 | 'a4' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/pupeteer.js:9:45:9:48 | 'a4' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/pupeteer.js:9:45:9:48 | 'a4' | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/pupeteer.js:9:45:9:48 | 'a4' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/pupeteer.js:9:45:9:48 | 'a4' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/pupeteer.js:9:45:9:48 | 'a4' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/pupeteer.js:9:45:9:48 | 'a4' | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/pupeteer.js:9:45:9:48 | 'a4' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/pupeteer.js:9:45:9:48 | 'a4' | Xss | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/pupeteer.js:9:45:9:48 | 'a4' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/pupeteer.js:9:45:9:48 | 'a4' | Xss | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/pupeteer.js:13:29:13:45 | { path: tainted } | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/pupeteer.js:13:29:13:45 | { path: tainted } | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/pupeteer.js:13:29:13:45 | { path: tainted } | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/pupeteer.js:13:29:13:45 | { path: tainted } | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/pupeteer.js:13:29:13:45 | { path: tainted } | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/pupeteer.js:13:29:13:45 | { path: tainted } | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/pupeteer.js:13:29:13:45 | { path: tainted } | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/pupeteer.js:13:29:13:45 | { path: tainted } | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/pupeteer.js:13:29:13:45 | { path: tainted } | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/pupeteer.js:13:29:13:45 | { path: tainted } | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/pupeteer.js:13:29:13:45 | { path: tainted } | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/pupeteer.js:13:29:13:45 | { path: tainted } | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/pupeteer.js:13:29:13:45 | { path: tainted } | Xss | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/pupeteer.js:13:29:13:45 | { path: tainted } | Xss | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/pupeteer.js:13:29:13:45 | { path: tainted } | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/pupeteer.js:13:29:13:45 | { path: tainted } | Xss | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/pupeteer.js:13:37:13:43 | tainted | SqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/pupeteer.js:13:37:13:43 | tainted | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/pupeteer.js:13:37:13:43 | tainted | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/pupeteer.js:13:37:13:43 | tainted | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/pupeteer.js:13:37:13:43 | tainted | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/pupeteer.js:13:37:13:43 | tainted | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/pupeteer.js:13:37:13:43 | tainted | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/pupeteer.js:13:37:13:43 | tainted | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/pupeteer.js:13:37:13:43 | tainted | Xss | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/pupeteer.js:13:37:13:43 | tainted | Xss | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/pupeteer.js:13:37:13:43 | tainted | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/pupeteer.js:13:37:13:43 | tainted | Xss | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/tainted-access-paths.js:1:18:1:21 | 'fs' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/tainted-access-paths.js:1:18:1:21 | 'fs' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/tainted-access-paths.js:1:18:1:21 | 'fs' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-access-paths.js:1:18:1:21 | 'fs' | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/tainted-access-paths.js:2:20:2:25 | 'http' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/tainted-access-paths.js:2:20:2:25 | 'http' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/tainted-access-paths.js:2:20:2:25 | 'http' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-access-paths.js:2:20:2:25 | 'http' | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/tainted-access-paths.js:3:19:3:23 | 'url' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/tainted-access-paths.js:3:19:3:23 | 'url' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/tainted-access-paths.js:3:19:3:23 | 'url' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-access-paths.js:3:19:3:23 | 'url' | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/tainted-access-paths.js:5:32:32:1 | functio ... OT OK\\n} | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/tainted-access-paths.js:5:32:32:1 | functio ... OT OK\\n} | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/tainted-access-paths.js:5:32:32:1 | functio ... OT OK\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-access-paths.js:5:32:32:1 | functio ... OT OK\\n} | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/tainted-access-paths.js:5:32:32:1 | functio ... OT OK\\n} | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/tainted-access-paths.js:5:32:32:1 | functio ... OT OK\\n} | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/tainted-access-paths.js:5:32:32:1 | functio ... OT OK\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-access-paths.js:5:32:32:1 | functio ... OT OK\\n} | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/tainted-access-paths.js:5:32:32:1 | functio ... OT OK\\n} | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/tainted-access-paths.js:5:32:32:1 | functio ... OT OK\\n} | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/tainted-access-paths.js:5:32:32:1 | functio ... OT OK\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-access-paths.js:5:32:32:1 | functio ... OT OK\\n} | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/tainted-access-paths.js:5:32:32:1 | functio ... OT OK\\n} | Xss | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/tainted-access-paths.js:5:32:32:1 | functio ... OT OK\\n} | Xss | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/tainted-access-paths.js:5:32:32:1 | functio ... OT OK\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-access-paths.js:5:32:32:1 | functio ... OT OK\\n} | Xss | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/tainted-access-paths.js:8:19:8:22 | path | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/tainted-access-paths.js:8:19:8:22 | path | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/tainted-access-paths.js:8:19:8:22 | path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-access-paths.js:8:19:8:22 | path | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/tainted-access-paths.js:12:19:12:25 | obj.sub | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/tainted-access-paths.js:12:19:12:25 | obj.sub | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/tainted-access-paths.js:12:19:12:25 | obj.sub | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-access-paths.js:12:19:12:25 | obj.sub | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/tainted-access-paths.js:16:19:16:25 | obj.sub | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/tainted-access-paths.js:16:19:16:25 | obj.sub | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/tainted-access-paths.js:16:19:16:25 | obj.sub | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-access-paths.js:16:19:16:25 | obj.sub | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/tainted-access-paths.js:20:21:20:28 | obj.sub2 | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/tainted-access-paths.js:20:21:20:28 | obj.sub2 | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/tainted-access-paths.js:20:21:20:28 | obj.sub2 | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-access-paths.js:20:21:20:28 | obj.sub2 | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/tainted-access-paths.js:26:19:26:26 | obj.sub3 | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/tainted-access-paths.js:26:19:26:26 | obj.sub3 | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/tainted-access-paths.js:26:19:26:26 | obj.sub3 | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-access-paths.js:26:19:26:26 | obj.sub3 | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/tainted-access-paths.js:29:21:29:28 | obj.sub4 | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/tainted-access-paths.js:29:21:29:28 | obj.sub4 | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/tainted-access-paths.js:29:21:29:28 | obj.sub4 | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-access-paths.js:29:21:29:28 | obj.sub4 | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/tainted-access-paths.js:30:23:30:30 | obj.sub4 | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/tainted-access-paths.js:30:23:30:30 | obj.sub4 | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/tainted-access-paths.js:30:23:30:30 | obj.sub4 | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-access-paths.js:30:23:30:30 | obj.sub4 | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/tainted-access-paths.js:31:23:31:30 | obj.sub4 | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/tainted-access-paths.js:31:23:31:30 | obj.sub4 | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/tainted-access-paths.js:31:23:31:30 | obj.sub4 | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-access-paths.js:31:23:31:30 | obj.sub4 | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/tainted-array-steps.js:1:18:1:21 | 'fs' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/tainted-array-steps.js:1:18:1:21 | 'fs' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/tainted-array-steps.js:1:18:1:21 | 'fs' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-array-steps.js:1:18:1:21 | 'fs' | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/tainted-array-steps.js:2:20:2:25 | 'http' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/tainted-array-steps.js:2:20:2:25 | 'http' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/tainted-array-steps.js:2:20:2:25 | 'http' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-array-steps.js:2:20:2:25 | 'http' | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/tainted-array-steps.js:3:19:3:23 | 'url' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/tainted-array-steps.js:3:19:3:23 | 'url' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/tainted-array-steps.js:3:19:3:23 | 'url' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-array-steps.js:3:19:3:23 | 'url' | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/tainted-array-steps.js:4:24:4:42 | 'sanitize-filename' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/tainted-array-steps.js:4:24:4:42 | 'sanitize-filename' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/tainted-array-steps.js:4:24:4:42 | 'sanitize-filename' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-array-steps.js:4:24:4:42 | 'sanitize-filename' | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/tainted-array-steps.js:5:26:5:31 | 'path' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/tainted-array-steps.js:5:26:5:31 | 'path' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/tainted-array-steps.js:5:26:5:31 | 'path' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-array-steps.js:5:26:5:31 | 'path' | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/tainted-array-steps.js:8:32:15:1 | functio ... ENCY]\\n} | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/tainted-array-steps.js:8:32:15:1 | functio ... ENCY]\\n} | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/tainted-array-steps.js:8:32:15:1 | functio ... ENCY]\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-array-steps.js:8:32:15:1 | functio ... ENCY]\\n} | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/tainted-array-steps.js:8:32:15:1 | functio ... ENCY]\\n} | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/tainted-array-steps.js:8:32:15:1 | functio ... ENCY]\\n} | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/tainted-array-steps.js:8:32:15:1 | functio ... ENCY]\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-array-steps.js:8:32:15:1 | functio ... ENCY]\\n} | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/tainted-array-steps.js:8:32:15:1 | functio ... ENCY]\\n} | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/tainted-array-steps.js:8:32:15:1 | functio ... ENCY]\\n} | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/tainted-array-steps.js:8:32:15:1 | functio ... ENCY]\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-array-steps.js:8:32:15:1 | functio ... ENCY]\\n} | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/tainted-array-steps.js:8:32:15:1 | functio ... ENCY]\\n} | Xss | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/tainted-array-steps.js:8:32:15:1 | functio ... ENCY]\\n} | Xss | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/tainted-array-steps.js:8:32:15:1 | functio ... ENCY]\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-array-steps.js:8:32:15:1 | functio ... ENCY]\\n} | Xss | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/tainted-array-steps.js:10:29:10:54 | ['publi ... in('/') | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/tainted-array-steps.js:10:29:10:54 | ['publi ... in('/') | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/tainted-array-steps.js:10:29:10:54 | ['publi ... in('/') | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-array-steps.js:10:29:10:54 | ['publi ... in('/') | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/tainted-array-steps.js:14:29:14:43 | parts.join('/') | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/tainted-array-steps.js:14:29:14:43 | parts.join('/') | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/tainted-array-steps.js:14:29:14:43 | parts.join('/') | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-array-steps.js:14:29:14:43 | parts.join('/') | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/tainted-array-steps.js:14:40:14:42 | '/' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/tainted-array-steps.js:14:40:14:42 | '/' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/tainted-array-steps.js:14:40:14:42 | '/' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-array-steps.js:14:40:14:42 | '/' | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/tainted-array-steps.js:14:40:14:42 | '/' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/tainted-array-steps.js:14:40:14:42 | '/' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/tainted-array-steps.js:14:40:14:42 | '/' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-array-steps.js:14:40:14:42 | '/' | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/tainted-array-steps.js:14:40:14:42 | '/' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/tainted-array-steps.js:14:40:14:42 | '/' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/tainted-array-steps.js:14:40:14:42 | '/' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-array-steps.js:14:40:14:42 | '/' | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/tainted-array-steps.js:14:40:14:42 | '/' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/tainted-array-steps.js:14:40:14:42 | '/' | Xss | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/tainted-array-steps.js:14:40:14:42 | '/' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-array-steps.js:14:40:14:42 | '/' | Xss | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/tainted-require.js:1:23:1:31 | 'express' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/tainted-require.js:1:23:1:31 | 'express' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/tainted-require.js:1:23:1:31 | 'express' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-require.js:1:23:1:31 | 'express' | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/tainted-require.js:5:9:5:20 | '/some/path' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/tainted-require.js:5:9:5:20 | '/some/path' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/tainted-require.js:5:9:5:20 | '/some/path' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-require.js:5:9:5:20 | '/some/path' | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/tainted-require.js:5:9:5:20 | '/some/path' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/tainted-require.js:5:9:5:20 | '/some/path' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/tainted-require.js:5:9:5:20 | '/some/path' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-require.js:5:9:5:20 | '/some/path' | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/tainted-require.js:5:9:5:20 | '/some/path' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/tainted-require.js:5:9:5:20 | '/some/path' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/tainted-require.js:5:9:5:20 | '/some/path' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-require.js:5:9:5:20 | '/some/path' | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/tainted-require.js:5:9:5:20 | '/some/path' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/tainted-require.js:5:9:5:20 | '/some/path' | Xss | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/tainted-require.js:5:9:5:20 | '/some/path' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-require.js:5:9:5:20 | '/some/path' | Xss | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/tainted-require.js:5:23:8:1 | functio ... e"));\\n} | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/tainted-require.js:5:23:8:1 | functio ... e"));\\n} | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/tainted-require.js:5:23:8:1 | functio ... e"));\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-require.js:5:23:8:1 | functio ... e"));\\n} | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/tainted-require.js:5:23:8:1 | functio ... e"));\\n} | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/tainted-require.js:5:23:8:1 | functio ... e"));\\n} | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/tainted-require.js:5:23:8:1 | functio ... e"));\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-require.js:5:23:8:1 | functio ... e"));\\n} | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/tainted-require.js:5:23:8:1 | functio ... e"));\\n} | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/tainted-require.js:5:23:8:1 | functio ... e"));\\n} | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/tainted-require.js:5:23:8:1 | functio ... e"));\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-require.js:5:23:8:1 | functio ... e"));\\n} | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/tainted-require.js:5:23:8:1 | functio ... e"));\\n} | Xss | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/tainted-require.js:5:23:8:1 | functio ... e"));\\n} | Xss | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/tainted-require.js:5:23:8:1 | functio ... e"));\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-require.js:5:23:8:1 | functio ... e"));\\n} | Xss | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/tainted-require.js:7:19:7:37 | req.param("module") | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/tainted-require.js:7:19:7:37 | req.param("module") | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/tainted-require.js:7:19:7:37 | req.param("module") | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-require.js:7:19:7:37 | req.param("module") | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/tainted-require.js:7:29:7:36 | "module" | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/tainted-require.js:7:29:7:36 | "module" | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/tainted-require.js:7:29:7:36 | "module" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-require.js:7:29:7:36 | "module" | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/tainted-require.js:7:29:7:36 | "module" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/tainted-require.js:7:29:7:36 | "module" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/tainted-require.js:7:29:7:36 | "module" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-require.js:7:29:7:36 | "module" | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/tainted-require.js:7:29:7:36 | "module" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/tainted-require.js:7:29:7:36 | "module" | Xss | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/tainted-require.js:7:29:7:36 | "module" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-require.js:7:29:7:36 | "module" | Xss | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/tainted-sendFile.js:1:23:1:31 | 'express' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:1:23:1:31 | 'express' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:1:23:1:31 | 'express' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:1:23:1:31 | 'express' | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/tainted-sendFile.js:2:12:2:26 | require('path') | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:2:12:2:26 | require('path') | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:2:12:2:26 | require('path') | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:2:12:2:26 | require('path') | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/tainted-sendFile.js:2:20:2:25 | 'path' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:2:20:2:25 | 'path' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:2:20:2:25 | 'path' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:2:20:2:25 | 'path' | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/tainted-sendFile.js:6:9:6:23 | '/some/path/:x' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:6:9:6:23 | '/some/path/:x' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:6:9:6:23 | '/some/path/:x' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:6:9:6:23 | '/some/path/:x' | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/tainted-sendFile.js:6:9:6:23 | '/some/path/:x' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:6:9:6:23 | '/some/path/:x' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:6:9:6:23 | '/some/path/:x' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:6:9:6:23 | '/some/path/:x' | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/tainted-sendFile.js:6:9:6:23 | '/some/path/:x' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:6:9:6:23 | '/some/path/:x' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:6:9:6:23 | '/some/path/:x' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:6:9:6:23 | '/some/path/:x' | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/tainted-sendFile.js:6:9:6:23 | '/some/path/:x' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:6:9:6:23 | '/some/path/:x' | Xss | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:6:9:6:23 | '/some/path/:x' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:6:9:6:23 | '/some/path/:x' | Xss | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/tainted-sendFile.js:6:26:28:1 | functio ... ata/'\\n} | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:6:26:28:1 | functio ... ata/'\\n} | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:6:26:28:1 | functio ... ata/'\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:6:26:28:1 | functio ... ata/'\\n} | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/tainted-sendFile.js:6:26:28:1 | functio ... ata/'\\n} | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:6:26:28:1 | functio ... ata/'\\n} | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:6:26:28:1 | functio ... ata/'\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:6:26:28:1 | functio ... ata/'\\n} | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/tainted-sendFile.js:6:26:28:1 | functio ... ata/'\\n} | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:6:26:28:1 | functio ... ata/'\\n} | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:6:26:28:1 | functio ... ata/'\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:6:26:28:1 | functio ... ata/'\\n} | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/tainted-sendFile.js:6:26:28:1 | functio ... ata/'\\n} | Xss | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:6:26:28:1 | functio ... ata/'\\n} | Xss | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:6:26:28:1 | functio ... ata/'\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:6:26:28:1 | functio ... ata/'\\n} | Xss | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/tainted-sendFile.js:8:16:8:33 | req.param("gimme") | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:8:16:8:33 | req.param("gimme") | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:8:16:8:33 | req.param("gimme") | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:8:16:8:33 | req.param("gimme") | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/tainted-sendFile.js:8:26:8:32 | "gimme" | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:8:26:8:32 | "gimme" | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:8:26:8:32 | "gimme" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:8:26:8:32 | "gimme" | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/tainted-sendFile.js:8:26:8:32 | "gimme" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:8:26:8:32 | "gimme" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:8:26:8:32 | "gimme" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:8:26:8:32 | "gimme" | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/tainted-sendFile.js:8:26:8:32 | "gimme" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:8:26:8:32 | "gimme" | Xss | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:8:26:8:32 | "gimme" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:8:26:8:32 | "gimme" | Xss | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/tainted-sendFile.js:10:16:10:33 | req.param("gimme") | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:10:16:10:33 | req.param("gimme") | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:10:16:10:33 | req.param("gimme") | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:10:16:10:33 | req.param("gimme") | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/tainted-sendFile.js:10:26:10:32 | "gimme" | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:10:26:10:32 | "gimme" | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:10:26:10:32 | "gimme" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:10:26:10:32 | "gimme" | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/tainted-sendFile.js:10:26:10:32 | "gimme" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:10:26:10:32 | "gimme" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:10:26:10:32 | "gimme" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:10:26:10:32 | "gimme" | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/tainted-sendFile.js:10:26:10:32 | "gimme" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:10:26:10:32 | "gimme" | Xss | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:10:26:10:32 | "gimme" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:10:26:10:32 | "gimme" | Xss | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/tainted-sendFile.js:13:16:13:33 | req.param("gimme") | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:13:16:13:33 | req.param("gimme") | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:13:16:13:33 | req.param("gimme") | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:13:16:13:33 | req.param("gimme") | NosqlInjection | notASinkReason | FileSystemAccess | string | -| autogenerated/TaintedPath/tainted-sendFile.js:13:16:13:33 | req.param("gimme") | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/tainted-sendFile.js:13:16:13:33 | req.param("gimme") | SqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:13:16:13:33 | req.param("gimme") | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:13:16:13:33 | req.param("gimme") | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:13:16:13:33 | req.param("gimme") | SqlInjection | notASinkReason | FileSystemAccess | string | -| autogenerated/TaintedPath/tainted-sendFile.js:13:16:13:33 | req.param("gimme") | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/tainted-sendFile.js:13:16:13:33 | req.param("gimme") | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:13:16:13:33 | req.param("gimme") | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:13:16:13:33 | req.param("gimme") | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:13:16:13:33 | req.param("gimme") | TaintedPath | notASinkReason | FileSystemAccess | string | -| autogenerated/TaintedPath/tainted-sendFile.js:13:16:13:33 | req.param("gimme") | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/tainted-sendFile.js:13:16:13:33 | req.param("gimme") | Xss | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:13:16:13:33 | req.param("gimme") | Xss | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:13:16:13:33 | req.param("gimme") | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:13:16:13:33 | req.param("gimme") | Xss | notASinkReason | FileSystemAccess | string | -| autogenerated/TaintedPath/tainted-sendFile.js:13:16:13:33 | req.param("gimme") | Xss | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/tainted-sendFile.js:13:26:13:32 | "gimme" | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:13:26:13:32 | "gimme" | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:13:26:13:32 | "gimme" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:13:26:13:32 | "gimme" | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/tainted-sendFile.js:13:26:13:32 | "gimme" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:13:26:13:32 | "gimme" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:13:26:13:32 | "gimme" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:13:26:13:32 | "gimme" | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/tainted-sendFile.js:13:26:13:32 | "gimme" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:13:26:13:32 | "gimme" | Xss | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:13:26:13:32 | "gimme" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:13:26:13:32 | "gimme" | Xss | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/tainted-sendFile.js:13:36:13:58 | { root: ... cwd() } | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:13:36:13:58 | { root: ... cwd() } | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:13:36:13:58 | { root: ... cwd() } | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:13:36:13:58 | { root: ... cwd() } | NosqlInjection | notASinkReason | FileSystemAccess | string | -| autogenerated/TaintedPath/tainted-sendFile.js:13:36:13:58 | { root: ... cwd() } | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/tainted-sendFile.js:13:36:13:58 | { root: ... cwd() } | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:13:36:13:58 | { root: ... cwd() } | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:13:36:13:58 | { root: ... cwd() } | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:13:36:13:58 | { root: ... cwd() } | SqlInjection | notASinkReason | FileSystemAccess | string | -| autogenerated/TaintedPath/tainted-sendFile.js:13:36:13:58 | { root: ... cwd() } | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/tainted-sendFile.js:13:36:13:58 | { root: ... cwd() } | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:13:36:13:58 | { root: ... cwd() } | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:13:36:13:58 | { root: ... cwd() } | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:13:36:13:58 | { root: ... cwd() } | TaintedPath | notASinkReason | FileSystemAccess | string | -| autogenerated/TaintedPath/tainted-sendFile.js:13:36:13:58 | { root: ... cwd() } | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/tainted-sendFile.js:13:36:13:58 | { root: ... cwd() } | Xss | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:13:36:13:58 | { root: ... cwd() } | Xss | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:13:36:13:58 | { root: ... cwd() } | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:13:36:13:58 | { root: ... cwd() } | Xss | notASinkReason | FileSystemAccess | string | -| autogenerated/TaintedPath/tainted-sendFile.js:13:36:13:58 | { root: ... cwd() } | Xss | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/tainted-sendFile.js:13:44:13:56 | process.cwd() | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:13:44:13:56 | process.cwd() | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:13:44:13:56 | process.cwd() | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:13:44:13:56 | process.cwd() | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/tainted-sendFile.js:13:44:13:56 | process.cwd() | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:13:44:13:56 | process.cwd() | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:13:44:13:56 | process.cwd() | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:13:44:13:56 | process.cwd() | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/tainted-sendFile.js:13:44:13:56 | process.cwd() | Xss | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:13:44:13:56 | process.cwd() | Xss | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:13:44:13:56 | process.cwd() | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:13:44:13:56 | process.cwd() | Xss | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/tainted-sendFile.js:15:16:15:33 | req.param("gimme") | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:15:16:15:33 | req.param("gimme") | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:15:16:15:33 | req.param("gimme") | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:15:16:15:33 | req.param("gimme") | NosqlInjection | notASinkReason | FileSystemAccess | string | -| autogenerated/TaintedPath/tainted-sendFile.js:15:16:15:33 | req.param("gimme") | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/tainted-sendFile.js:15:16:15:33 | req.param("gimme") | SqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:15:16:15:33 | req.param("gimme") | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:15:16:15:33 | req.param("gimme") | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:15:16:15:33 | req.param("gimme") | SqlInjection | notASinkReason | FileSystemAccess | string | -| autogenerated/TaintedPath/tainted-sendFile.js:15:16:15:33 | req.param("gimme") | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/tainted-sendFile.js:15:16:15:33 | req.param("gimme") | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:15:16:15:33 | req.param("gimme") | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:15:16:15:33 | req.param("gimme") | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:15:16:15:33 | req.param("gimme") | TaintedPath | notASinkReason | FileSystemAccess | string | -| autogenerated/TaintedPath/tainted-sendFile.js:15:16:15:33 | req.param("gimme") | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/tainted-sendFile.js:15:16:15:33 | req.param("gimme") | Xss | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:15:16:15:33 | req.param("gimme") | Xss | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:15:16:15:33 | req.param("gimme") | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:15:16:15:33 | req.param("gimme") | Xss | notASinkReason | FileSystemAccess | string | -| autogenerated/TaintedPath/tainted-sendFile.js:15:16:15:33 | req.param("gimme") | Xss | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/tainted-sendFile.js:15:26:15:32 | "gimme" | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:15:26:15:32 | "gimme" | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:15:26:15:32 | "gimme" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:15:26:15:32 | "gimme" | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/tainted-sendFile.js:15:26:15:32 | "gimme" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:15:26:15:32 | "gimme" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:15:26:15:32 | "gimme" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:15:26:15:32 | "gimme" | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/tainted-sendFile.js:15:26:15:32 | "gimme" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:15:26:15:32 | "gimme" | Xss | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:15:26:15:32 | "gimme" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:15:26:15:32 | "gimme" | Xss | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/tainted-sendFile.js:15:36:15:58 | { root: ... cwd() } | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:15:36:15:58 | { root: ... cwd() } | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:15:36:15:58 | { root: ... cwd() } | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:15:36:15:58 | { root: ... cwd() } | NosqlInjection | notASinkReason | FileSystemAccess | string | -| autogenerated/TaintedPath/tainted-sendFile.js:15:36:15:58 | { root: ... cwd() } | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/tainted-sendFile.js:15:36:15:58 | { root: ... cwd() } | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:15:36:15:58 | { root: ... cwd() } | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:15:36:15:58 | { root: ... cwd() } | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:15:36:15:58 | { root: ... cwd() } | SqlInjection | notASinkReason | FileSystemAccess | string | -| autogenerated/TaintedPath/tainted-sendFile.js:15:36:15:58 | { root: ... cwd() } | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/tainted-sendFile.js:15:36:15:58 | { root: ... cwd() } | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:15:36:15:58 | { root: ... cwd() } | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:15:36:15:58 | { root: ... cwd() } | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:15:36:15:58 | { root: ... cwd() } | TaintedPath | notASinkReason | FileSystemAccess | string | -| autogenerated/TaintedPath/tainted-sendFile.js:15:36:15:58 | { root: ... cwd() } | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/tainted-sendFile.js:15:36:15:58 | { root: ... cwd() } | Xss | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:15:36:15:58 | { root: ... cwd() } | Xss | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:15:36:15:58 | { root: ... cwd() } | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:15:36:15:58 | { root: ... cwd() } | Xss | notASinkReason | FileSystemAccess | string | -| autogenerated/TaintedPath/tainted-sendFile.js:15:36:15:58 | { root: ... cwd() } | Xss | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/tainted-sendFile.js:15:44:15:56 | process.cwd() | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:15:44:15:56 | process.cwd() | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:15:44:15:56 | process.cwd() | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:15:44:15:56 | process.cwd() | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/tainted-sendFile.js:15:44:15:56 | process.cwd() | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:15:44:15:56 | process.cwd() | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:15:44:15:56 | process.cwd() | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:15:44:15:56 | process.cwd() | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/tainted-sendFile.js:15:44:15:56 | process.cwd() | Xss | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:15:44:15:56 | process.cwd() | Xss | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:15:44:15:56 | process.cwd() | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:15:44:15:56 | process.cwd() | Xss | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/tainted-sendFile.js:18:16:18:32 | req.param("file") | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:18:16:18:32 | req.param("file") | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:18:16:18:32 | req.param("file") | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:18:16:18:32 | req.param("file") | NosqlInjection | notASinkReason | FileSystemAccess | string | -| autogenerated/TaintedPath/tainted-sendFile.js:18:16:18:32 | req.param("file") | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/tainted-sendFile.js:18:16:18:32 | req.param("file") | SqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:18:16:18:32 | req.param("file") | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:18:16:18:32 | req.param("file") | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:18:16:18:32 | req.param("file") | SqlInjection | notASinkReason | FileSystemAccess | string | -| autogenerated/TaintedPath/tainted-sendFile.js:18:16:18:32 | req.param("file") | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/tainted-sendFile.js:18:16:18:32 | req.param("file") | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:18:16:18:32 | req.param("file") | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:18:16:18:32 | req.param("file") | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:18:16:18:32 | req.param("file") | TaintedPath | notASinkReason | FileSystemAccess | string | -| autogenerated/TaintedPath/tainted-sendFile.js:18:16:18:32 | req.param("file") | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/tainted-sendFile.js:18:16:18:32 | req.param("file") | Xss | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:18:16:18:32 | req.param("file") | Xss | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:18:16:18:32 | req.param("file") | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:18:16:18:32 | req.param("file") | Xss | notASinkReason | FileSystemAccess | string | -| autogenerated/TaintedPath/tainted-sendFile.js:18:16:18:32 | req.param("file") | Xss | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/tainted-sendFile.js:18:26:18:31 | "file" | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:18:26:18:31 | "file" | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:18:26:18:31 | "file" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:18:26:18:31 | "file" | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/tainted-sendFile.js:18:26:18:31 | "file" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:18:26:18:31 | "file" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:18:26:18:31 | "file" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:18:26:18:31 | "file" | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/tainted-sendFile.js:18:26:18:31 | "file" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:18:26:18:31 | "file" | Xss | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:18:26:18:31 | "file" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:18:26:18:31 | "file" | Xss | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/tainted-sendFile.js:18:35:18:60 | { root: ... dir") } | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:18:35:18:60 | { root: ... dir") } | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:18:35:18:60 | { root: ... dir") } | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:18:35:18:60 | { root: ... dir") } | NosqlInjection | notASinkReason | FileSystemAccess | string | -| autogenerated/TaintedPath/tainted-sendFile.js:18:35:18:60 | { root: ... dir") } | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/tainted-sendFile.js:18:35:18:60 | { root: ... dir") } | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:18:35:18:60 | { root: ... dir") } | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:18:35:18:60 | { root: ... dir") } | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:18:35:18:60 | { root: ... dir") } | SqlInjection | notASinkReason | FileSystemAccess | string | -| autogenerated/TaintedPath/tainted-sendFile.js:18:35:18:60 | { root: ... dir") } | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/tainted-sendFile.js:18:35:18:60 | { root: ... dir") } | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:18:35:18:60 | { root: ... dir") } | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:18:35:18:60 | { root: ... dir") } | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:18:35:18:60 | { root: ... dir") } | TaintedPath | notASinkReason | FileSystemAccess | string | -| autogenerated/TaintedPath/tainted-sendFile.js:18:35:18:60 | { root: ... dir") } | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/tainted-sendFile.js:18:35:18:60 | { root: ... dir") } | Xss | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:18:35:18:60 | { root: ... dir") } | Xss | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:18:35:18:60 | { root: ... dir") } | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:18:35:18:60 | { root: ... dir") } | Xss | notASinkReason | FileSystemAccess | string | -| autogenerated/TaintedPath/tainted-sendFile.js:18:35:18:60 | { root: ... dir") } | Xss | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/tainted-sendFile.js:18:43:18:58 | req.param("dir") | SqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:18:43:18:58 | req.param("dir") | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:18:43:18:58 | req.param("dir") | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:18:43:18:58 | req.param("dir") | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/tainted-sendFile.js:18:43:18:58 | req.param("dir") | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:18:43:18:58 | req.param("dir") | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:18:43:18:58 | req.param("dir") | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:18:43:18:58 | req.param("dir") | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/tainted-sendFile.js:18:43:18:58 | req.param("dir") | Xss | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:18:43:18:58 | req.param("dir") | Xss | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:18:43:18:58 | req.param("dir") | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:18:43:18:58 | req.param("dir") | Xss | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/tainted-sendFile.js:18:53:18:57 | "dir" | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:18:53:18:57 | "dir" | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:18:53:18:57 | "dir" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:18:53:18:57 | "dir" | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/tainted-sendFile.js:18:53:18:57 | "dir" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:18:53:18:57 | "dir" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:18:53:18:57 | "dir" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:18:53:18:57 | "dir" | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/tainted-sendFile.js:18:53:18:57 | "dir" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:18:53:18:57 | "dir" | Xss | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:18:53:18:57 | "dir" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:18:53:18:57 | "dir" | Xss | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/tainted-sendFile.js:21:16:21:48 | homeDir ... arams.x | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:21:16:21:48 | homeDir ... arams.x | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:21:16:21:48 | homeDir ... arams.x | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:21:16:21:48 | homeDir ... arams.x | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/tainted-sendFile.js:22:16:22:37 | 'data/' ... arams.x | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:22:16:22:37 | 'data/' ... arams.x | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:22:16:22:37 | 'data/' ... arams.x | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:22:16:22:37 | 'data/' ... arams.x | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/tainted-sendFile.js:24:16:24:49 | path.re ... rams.x) | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:24:16:24:49 | path.re ... rams.x) | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:24:16:24:49 | path.re ... rams.x) | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:24:16:24:49 | path.re ... rams.x) | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/tainted-sendFile.js:25:16:25:46 | path.jo ... rams.x) | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:25:16:25:46 | path.jo ... rams.x) | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:25:16:25:46 | path.jo ... rams.x) | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:25:16:25:46 | path.jo ... rams.x) | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/tainted-sendFile.js:27:16:27:56 | homeDir ... rams.x) | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:27:16:27:56 | homeDir ... rams.x) | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:27:16:27:56 | homeDir ... rams.x) | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-sendFile.js:27:16:27:56 | homeDir ... rams.x) | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/tainted-string-steps.js:1:18:1:21 | 'fs' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:1:18:1:21 | 'fs' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:1:18:1:21 | 'fs' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:1:18:1:21 | 'fs' | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/tainted-string-steps.js:2:20:2:25 | 'http' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:2:20:2:25 | 'http' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:2:20:2:25 | 'http' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:2:20:2:25 | 'http' | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/tainted-string-steps.js:3:19:3:23 | 'url' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:3:19:3:23 | 'url' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:3:19:3:23 | 'url' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:3:19:3:23 | 'url' | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/tainted-string-steps.js:5:32:29:1 | functio ... ENCY]\\n} | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:5:32:29:1 | functio ... ENCY]\\n} | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:5:32:29:1 | functio ... ENCY]\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:5:32:29:1 | functio ... ENCY]\\n} | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/tainted-string-steps.js:5:32:29:1 | functio ... ENCY]\\n} | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:5:32:29:1 | functio ... ENCY]\\n} | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:5:32:29:1 | functio ... ENCY]\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:5:32:29:1 | functio ... ENCY]\\n} | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/tainted-string-steps.js:5:32:29:1 | functio ... ENCY]\\n} | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:5:32:29:1 | functio ... ENCY]\\n} | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:5:32:29:1 | functio ... ENCY]\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:5:32:29:1 | functio ... ENCY]\\n} | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/tainted-string-steps.js:5:32:29:1 | functio ... ENCY]\\n} | Xss | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:5:32:29:1 | functio ... ENCY]\\n} | Xss | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:5:32:29:1 | functio ... ENCY]\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:5:32:29:1 | functio ... ENCY]\\n} | Xss | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/tainted-string-steps.js:7:18:7:37 | path.substring(i, j) | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:7:18:7:37 | path.substring(i, j) | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:7:18:7:37 | path.substring(i, j) | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:7:18:7:37 | path.substring(i, j) | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/tainted-string-steps.js:7:33:7:33 | i | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:7:33:7:33 | i | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:7:33:7:33 | i | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:7:33:7:33 | i | NosqlInjection | notASinkReason | BuiltinCallName | string | -| autogenerated/TaintedPath/tainted-string-steps.js:7:33:7:33 | i | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/tainted-string-steps.js:7:33:7:33 | i | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:7:33:7:33 | i | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:7:33:7:33 | i | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:7:33:7:33 | i | SqlInjection | notASinkReason | BuiltinCallName | string | -| autogenerated/TaintedPath/tainted-string-steps.js:7:33:7:33 | i | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/tainted-string-steps.js:7:33:7:33 | i | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:7:33:7:33 | i | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:7:33:7:33 | i | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:7:33:7:33 | i | TaintedPath | notASinkReason | BuiltinCallName | string | -| autogenerated/TaintedPath/tainted-string-steps.js:7:33:7:33 | i | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/tainted-string-steps.js:7:33:7:33 | i | Xss | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:7:33:7:33 | i | Xss | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:7:33:7:33 | i | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:7:33:7:33 | i | Xss | notASinkReason | BuiltinCallName | string | -| autogenerated/TaintedPath/tainted-string-steps.js:7:33:7:33 | i | Xss | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/tainted-string-steps.js:7:36:7:36 | j | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:7:36:7:36 | j | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:7:36:7:36 | j | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:7:36:7:36 | j | NosqlInjection | notASinkReason | BuiltinCallName | string | -| autogenerated/TaintedPath/tainted-string-steps.js:7:36:7:36 | j | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/tainted-string-steps.js:7:36:7:36 | j | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:7:36:7:36 | j | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:7:36:7:36 | j | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:7:36:7:36 | j | SqlInjection | notASinkReason | BuiltinCallName | string | -| autogenerated/TaintedPath/tainted-string-steps.js:7:36:7:36 | j | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/tainted-string-steps.js:7:36:7:36 | j | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:7:36:7:36 | j | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:7:36:7:36 | j | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:7:36:7:36 | j | TaintedPath | notASinkReason | BuiltinCallName | string | -| autogenerated/TaintedPath/tainted-string-steps.js:7:36:7:36 | j | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/tainted-string-steps.js:7:36:7:36 | j | Xss | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:7:36:7:36 | j | Xss | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:7:36:7:36 | j | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:7:36:7:36 | j | Xss | notASinkReason | BuiltinCallName | string | -| autogenerated/TaintedPath/tainted-string-steps.js:7:36:7:36 | j | Xss | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/tainted-string-steps.js:8:18:8:34 | path.substring(4) | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:8:18:8:34 | path.substring(4) | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:8:18:8:34 | path.substring(4) | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:8:18:8:34 | path.substring(4) | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/tainted-string-steps.js:8:33:8:33 | 4 | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:8:33:8:33 | 4 | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:8:33:8:33 | 4 | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:8:33:8:33 | 4 | NosqlInjection | notASinkReason | BuiltinCallName | string | -| autogenerated/TaintedPath/tainted-string-steps.js:8:33:8:33 | 4 | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/tainted-string-steps.js:8:33:8:33 | 4 | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:8:33:8:33 | 4 | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:8:33:8:33 | 4 | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:8:33:8:33 | 4 | SqlInjection | notASinkReason | BuiltinCallName | string | -| autogenerated/TaintedPath/tainted-string-steps.js:8:33:8:33 | 4 | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/tainted-string-steps.js:8:33:8:33 | 4 | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:8:33:8:33 | 4 | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:8:33:8:33 | 4 | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:8:33:8:33 | 4 | TaintedPath | notASinkReason | BuiltinCallName | string | -| autogenerated/TaintedPath/tainted-string-steps.js:8:33:8:33 | 4 | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/tainted-string-steps.js:8:33:8:33 | 4 | Xss | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:8:33:8:33 | 4 | Xss | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:8:33:8:33 | 4 | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:8:33:8:33 | 4 | Xss | notASinkReason | BuiltinCallName | string | -| autogenerated/TaintedPath/tainted-string-steps.js:8:33:8:33 | 4 | Xss | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/tainted-string-steps.js:9:18:9:37 | path.substring(0, i) | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:9:18:9:37 | path.substring(0, i) | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:9:18:9:37 | path.substring(0, i) | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:9:18:9:37 | path.substring(0, i) | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/tainted-string-steps.js:9:33:9:33 | 0 | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:9:33:9:33 | 0 | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:9:33:9:33 | 0 | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:9:33:9:33 | 0 | NosqlInjection | notASinkReason | BuiltinCallName | string | -| autogenerated/TaintedPath/tainted-string-steps.js:9:33:9:33 | 0 | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/tainted-string-steps.js:9:33:9:33 | 0 | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:9:33:9:33 | 0 | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:9:33:9:33 | 0 | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:9:33:9:33 | 0 | SqlInjection | notASinkReason | BuiltinCallName | string | -| autogenerated/TaintedPath/tainted-string-steps.js:9:33:9:33 | 0 | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/tainted-string-steps.js:9:33:9:33 | 0 | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:9:33:9:33 | 0 | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:9:33:9:33 | 0 | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:9:33:9:33 | 0 | TaintedPath | notASinkReason | BuiltinCallName | string | -| autogenerated/TaintedPath/tainted-string-steps.js:9:33:9:33 | 0 | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/tainted-string-steps.js:9:33:9:33 | 0 | Xss | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:9:33:9:33 | 0 | Xss | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:9:33:9:33 | 0 | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:9:33:9:33 | 0 | Xss | notASinkReason | BuiltinCallName | string | -| autogenerated/TaintedPath/tainted-string-steps.js:9:33:9:33 | 0 | Xss | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/tainted-string-steps.js:9:36:9:36 | i | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:9:36:9:36 | i | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:9:36:9:36 | i | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:9:36:9:36 | i | NosqlInjection | notASinkReason | BuiltinCallName | string | -| autogenerated/TaintedPath/tainted-string-steps.js:9:36:9:36 | i | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/tainted-string-steps.js:9:36:9:36 | i | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:9:36:9:36 | i | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:9:36:9:36 | i | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:9:36:9:36 | i | SqlInjection | notASinkReason | BuiltinCallName | string | -| autogenerated/TaintedPath/tainted-string-steps.js:9:36:9:36 | i | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/tainted-string-steps.js:9:36:9:36 | i | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:9:36:9:36 | i | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:9:36:9:36 | i | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:9:36:9:36 | i | TaintedPath | notASinkReason | BuiltinCallName | string | -| autogenerated/TaintedPath/tainted-string-steps.js:9:36:9:36 | i | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/tainted-string-steps.js:9:36:9:36 | i | Xss | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:9:36:9:36 | i | Xss | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:9:36:9:36 | i | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:9:36:9:36 | i | Xss | notASinkReason | BuiltinCallName | string | -| autogenerated/TaintedPath/tainted-string-steps.js:9:36:9:36 | i | Xss | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/tainted-string-steps.js:10:18:10:31 | path.substr(4) | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:10:18:10:31 | path.substr(4) | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:10:18:10:31 | path.substr(4) | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:10:18:10:31 | path.substr(4) | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/tainted-string-steps.js:10:30:10:30 | 4 | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:10:30:10:30 | 4 | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:10:30:10:30 | 4 | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:10:30:10:30 | 4 | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/tainted-string-steps.js:10:30:10:30 | 4 | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:10:30:10:30 | 4 | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:10:30:10:30 | 4 | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:10:30:10:30 | 4 | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/tainted-string-steps.js:10:30:10:30 | 4 | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:10:30:10:30 | 4 | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:10:30:10:30 | 4 | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:10:30:10:30 | 4 | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/tainted-string-steps.js:10:30:10:30 | 4 | Xss | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:10:30:10:30 | 4 | Xss | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:10:30:10:30 | 4 | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:10:30:10:30 | 4 | Xss | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/tainted-string-steps.js:11:18:11:30 | path.slice(4) | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:11:18:11:30 | path.slice(4) | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:11:18:11:30 | path.slice(4) | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:11:18:11:30 | path.slice(4) | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/tainted-string-steps.js:11:29:11:29 | 4 | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:11:29:11:29 | 4 | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:11:29:11:29 | 4 | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:11:29:11:29 | 4 | NosqlInjection | notASinkReason | BuiltinCallName | string | -| autogenerated/TaintedPath/tainted-string-steps.js:11:29:11:29 | 4 | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/tainted-string-steps.js:11:29:11:29 | 4 | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:11:29:11:29 | 4 | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:11:29:11:29 | 4 | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:11:29:11:29 | 4 | SqlInjection | notASinkReason | BuiltinCallName | string | -| autogenerated/TaintedPath/tainted-string-steps.js:11:29:11:29 | 4 | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/tainted-string-steps.js:11:29:11:29 | 4 | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:11:29:11:29 | 4 | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:11:29:11:29 | 4 | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:11:29:11:29 | 4 | TaintedPath | notASinkReason | BuiltinCallName | string | -| autogenerated/TaintedPath/tainted-string-steps.js:11:29:11:29 | 4 | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/tainted-string-steps.js:11:29:11:29 | 4 | Xss | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:11:29:11:29 | 4 | Xss | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:11:29:11:29 | 4 | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:11:29:11:29 | 4 | Xss | notASinkReason | BuiltinCallName | string | -| autogenerated/TaintedPath/tainted-string-steps.js:11:29:11:29 | 4 | Xss | sinkLabel | NotASink | string | -| autogenerated/TaintedPath/tainted-string-steps.js:13:18:13:37 | path.concat(unknown) | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:13:18:13:37 | path.concat(unknown) | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:13:18:13:37 | path.concat(unknown) | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:13:18:13:37 | path.concat(unknown) | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/tainted-string-steps.js:14:18:14:37 | unknown.concat(path) | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:14:18:14:37 | unknown.concat(path) | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:14:18:14:37 | unknown.concat(path) | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:14:18:14:37 | unknown.concat(path) | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/tainted-string-steps.js:15:18:15:46 | unknown ... , path) | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:15:18:15:46 | unknown ... , path) | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:15:18:15:46 | unknown ... , path) | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:15:18:15:46 | unknown ... , path) | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/tainted-string-steps.js:17:18:17:28 | path.trim() | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:17:18:17:28 | path.trim() | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:17:18:17:28 | path.trim() | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:17:18:17:28 | path.trim() | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/tainted-string-steps.js:18:18:18:35 | path.toLowerCase() | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:18:18:18:35 | path.toLowerCase() | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:18:18:18:35 | path.toLowerCase() | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:18:18:18:35 | path.toLowerCase() | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/tainted-string-steps.js:20:18:20:32 | path.split('/') | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:20:18:20:32 | path.split('/') | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:20:18:20:32 | path.split('/') | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:20:18:20:32 | path.split('/') | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/tainted-string-steps.js:20:29:20:31 | '/' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:20:29:20:31 | '/' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:20:29:20:31 | '/' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:20:29:20:31 | '/' | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/tainted-string-steps.js:20:29:20:31 | '/' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:20:29:20:31 | '/' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:20:29:20:31 | '/' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:20:29:20:31 | '/' | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/tainted-string-steps.js:20:29:20:31 | '/' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:20:29:20:31 | '/' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:20:29:20:31 | '/' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:20:29:20:31 | '/' | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/tainted-string-steps.js:20:29:20:31 | '/' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:20:29:20:31 | '/' | Xss | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:20:29:20:31 | '/' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:20:29:20:31 | '/' | Xss | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/tainted-string-steps.js:21:18:21:35 | path.split('/')[0] | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:21:18:21:35 | path.split('/')[0] | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:21:18:21:35 | path.split('/')[0] | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:21:18:21:35 | path.split('/')[0] | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/tainted-string-steps.js:21:29:21:31 | '/' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:21:29:21:31 | '/' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:21:29:21:31 | '/' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:21:29:21:31 | '/' | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/tainted-string-steps.js:21:29:21:31 | '/' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:21:29:21:31 | '/' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:21:29:21:31 | '/' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:21:29:21:31 | '/' | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/tainted-string-steps.js:21:29:21:31 | '/' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:21:29:21:31 | '/' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:21:29:21:31 | '/' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:21:29:21:31 | '/' | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/tainted-string-steps.js:21:29:21:31 | '/' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:21:29:21:31 | '/' | Xss | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:21:29:21:31 | '/' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:21:29:21:31 | '/' | Xss | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/tainted-string-steps.js:22:18:22:35 | path.split('/')[i] | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:22:18:22:35 | path.split('/')[i] | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:22:18:22:35 | path.split('/')[i] | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:22:18:22:35 | path.split('/')[i] | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/tainted-string-steps.js:22:29:22:31 | '/' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:22:29:22:31 | '/' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:22:29:22:31 | '/' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:22:29:22:31 | '/' | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/tainted-string-steps.js:22:29:22:31 | '/' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:22:29:22:31 | '/' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:22:29:22:31 | '/' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:22:29:22:31 | '/' | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/tainted-string-steps.js:22:29:22:31 | '/' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:22:29:22:31 | '/' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:22:29:22:31 | '/' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:22:29:22:31 | '/' | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/tainted-string-steps.js:22:29:22:31 | '/' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:22:29:22:31 | '/' | Xss | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:22:29:22:31 | '/' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:22:29:22:31 | '/' | Xss | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/tainted-string-steps.js:23:18:23:36 | path.split(/\\//)[i] | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:23:18:23:36 | path.split(/\\//)[i] | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:23:18:23:36 | path.split(/\\//)[i] | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:23:18:23:36 | path.split(/\\//)[i] | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/tainted-string-steps.js:23:29:23:32 | /\\// | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:23:29:23:32 | /\\// | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:23:29:23:32 | /\\// | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:23:29:23:32 | /\\// | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/tainted-string-steps.js:23:29:23:32 | /\\// | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:23:29:23:32 | /\\// | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:23:29:23:32 | /\\// | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:23:29:23:32 | /\\// | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/tainted-string-steps.js:23:29:23:32 | /\\// | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:23:29:23:32 | /\\// | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:23:29:23:32 | /\\// | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:23:29:23:32 | /\\// | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/tainted-string-steps.js:23:29:23:32 | /\\// | Xss | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:23:29:23:32 | /\\// | Xss | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:23:29:23:32 | /\\// | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:23:29:23:32 | /\\// | Xss | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/tainted-string-steps.js:24:18:24:35 | path.split("?")[0] | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:24:18:24:35 | path.split("?")[0] | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:24:18:24:35 | path.split("?")[0] | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:24:18:24:35 | path.split("?")[0] | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/tainted-string-steps.js:24:29:24:31 | "?" | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:24:29:24:31 | "?" | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:24:29:24:31 | "?" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:24:29:24:31 | "?" | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/tainted-string-steps.js:24:29:24:31 | "?" | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:24:29:24:31 | "?" | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:24:29:24:31 | "?" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:24:29:24:31 | "?" | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/tainted-string-steps.js:24:29:24:31 | "?" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:24:29:24:31 | "?" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:24:29:24:31 | "?" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:24:29:24:31 | "?" | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/tainted-string-steps.js:24:29:24:31 | "?" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:24:29:24:31 | "?" | Xss | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:24:29:24:31 | "?" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:24:29:24:31 | "?" | Xss | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/tainted-string-steps.js:25:18:25:39 | path.sp ... own)[i] | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:25:18:25:39 | path.sp ... own)[i] | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:25:18:25:39 | path.sp ... own)[i] | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:25:18:25:39 | path.sp ... own)[i] | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/tainted-string-steps.js:25:29:25:35 | unknown | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:25:29:25:35 | unknown | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:25:29:25:35 | unknown | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:25:29:25:35 | unknown | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/tainted-string-steps.js:25:29:25:35 | unknown | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:25:29:25:35 | unknown | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:25:29:25:35 | unknown | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:25:29:25:35 | unknown | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/tainted-string-steps.js:25:29:25:35 | unknown | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:25:29:25:35 | unknown | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:25:29:25:35 | unknown | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:25:29:25:35 | unknown | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/tainted-string-steps.js:25:29:25:35 | unknown | Xss | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:25:29:25:35 | unknown | Xss | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:25:29:25:35 | unknown | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:25:29:25:35 | unknown | Xss | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/tainted-string-steps.js:26:18:26:45 | path.sp ... hatever | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:26:18:26:45 | path.sp ... hatever | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:26:18:26:45 | path.sp ... hatever | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:26:18:26:45 | path.sp ... hatever | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/tainted-string-steps.js:26:29:26:35 | unknown | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:26:29:26:35 | unknown | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:26:29:26:35 | unknown | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:26:29:26:35 | unknown | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/tainted-string-steps.js:26:29:26:35 | unknown | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:26:29:26:35 | unknown | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:26:29:26:35 | unknown | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:26:29:26:35 | unknown | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/tainted-string-steps.js:26:29:26:35 | unknown | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:26:29:26:35 | unknown | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:26:29:26:35 | unknown | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:26:29:26:35 | unknown | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/tainted-string-steps.js:26:29:26:35 | unknown | Xss | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:26:29:26:35 | unknown | Xss | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:26:29:26:35 | unknown | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:26:29:26:35 | unknown | Xss | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/tainted-string-steps.js:27:18:27:36 | path.split(unknown) | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:27:18:27:36 | path.split(unknown) | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:27:18:27:36 | path.split(unknown) | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:27:18:27:36 | path.split(unknown) | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/tainted-string-steps.js:27:29:27:35 | unknown | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:27:29:27:35 | unknown | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:27:29:27:35 | unknown | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:27:29:27:35 | unknown | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/tainted-string-steps.js:27:29:27:35 | unknown | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:27:29:27:35 | unknown | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:27:29:27:35 | unknown | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:27:29:27:35 | unknown | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/tainted-string-steps.js:27:29:27:35 | unknown | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:27:29:27:35 | unknown | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:27:29:27:35 | unknown | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:27:29:27:35 | unknown | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/tainted-string-steps.js:27:29:27:35 | unknown | Xss | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:27:29:27:35 | unknown | Xss | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:27:29:27:35 | unknown | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:27:29:27:35 | unknown | Xss | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/tainted-string-steps.js:28:18:28:35 | path.split("?")[i] | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:28:18:28:35 | path.split("?")[i] | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:28:18:28:35 | path.split("?")[i] | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:28:18:28:35 | path.split("?")[i] | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/tainted-string-steps.js:28:29:28:31 | "?" | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:28:29:28:31 | "?" | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:28:29:28:31 | "?" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:28:29:28:31 | "?" | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/tainted-string-steps.js:28:29:28:31 | "?" | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:28:29:28:31 | "?" | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:28:29:28:31 | "?" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:28:29:28:31 | "?" | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/tainted-string-steps.js:28:29:28:31 | "?" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:28:29:28:31 | "?" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:28:29:28:31 | "?" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:28:29:28:31 | "?" | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/tainted-string-steps.js:28:29:28:31 | "?" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:28:29:28:31 | "?" | Xss | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:28:29:28:31 | "?" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/tainted-string-steps.js:28:29:28:31 | "?" | Xss | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/torrents.js:1:30:1:44 | 'parse-torrent' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/torrents.js:1:30:1:44 | 'parse-torrent' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/torrents.js:1:30:1:44 | 'parse-torrent' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/torrents.js:1:30:1:44 | 'parse-torrent' | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/torrents.js:2:20:2:23 | 'fs' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/torrents.js:2:20:2:23 | 'fs' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/torrents.js:2:20:2:23 | 'fs' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/torrents.js:2:20:2:23 | 'fs' | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/torrents.js:5:26:5:32 | torrent | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/torrents.js:5:26:5:32 | torrent | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/torrents.js:5:26:5:32 | torrent | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/torrents.js:5:26:5:32 | torrent | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/torrents.js:5:26:5:32 | torrent | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/torrents.js:5:26:5:32 | torrent | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/torrents.js:5:26:5:32 | torrent | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/torrents.js:5:26:5:32 | torrent | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/torrents.js:5:26:5:32 | torrent | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/torrents.js:5:26:5:32 | torrent | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/torrents.js:5:26:5:32 | torrent | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/torrents.js:5:26:5:32 | torrent | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/torrents.js:5:26:5:32 | torrent | Xss | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/torrents.js:5:26:5:32 | torrent | Xss | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/torrents.js:5:26:5:32 | torrent | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/torrents.js:5:26:5:32 | torrent | Xss | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/torrents.js:6:12:6:20 | dir + "/" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/torrents.js:6:12:6:20 | dir + "/" | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/torrents.js:6:12:6:20 | dir + "/" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/torrents.js:6:12:6:20 | dir + "/" | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/torrents.js:7:25:7:27 | loc | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/torrents.js:7:25:7:27 | loc | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/torrents.js:7:25:7:27 | loc | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/torrents.js:7:25:7:27 | loc | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/typescript.ts:1:18:1:21 | 'fs' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/typescript.ts:1:18:1:21 | 'fs' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/typescript.ts:1:18:1:21 | 'fs' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/typescript.ts:1:18:1:21 | 'fs' | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/typescript.ts:2:20:2:25 | 'http' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/typescript.ts:2:20:2:25 | 'http' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/typescript.ts:2:20:2:25 | 'http' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/typescript.ts:2:20:2:25 | 'http' | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/typescript.ts:3:19:3:23 | 'url' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/typescript.ts:3:19:3:23 | 'url' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/typescript.ts:3:19:3:23 | 'url' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/typescript.ts:3:19:3:23 | 'url' | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/typescript.ts:4:24:4:42 | 'sanitize-filename' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/typescript.ts:4:24:4:42 | 'sanitize-filename' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/typescript.ts:4:24:4:42 | 'sanitize-filename' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/typescript.ts:4:24:4:42 | 'sanitize-filename' | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/typescript.ts:5:26:5:31 | 'path' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/typescript.ts:5:26:5:31 | 'path' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/TaintedPath/typescript.ts:5:26:5:31 | 'path' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/typescript.ts:5:26:5:31 | 'path' | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/typescript.ts:8:32:34:1 | functio ... nted\\n\\n} | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/typescript.ts:8:32:34:1 | functio ... nted\\n\\n} | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/typescript.ts:8:32:34:1 | functio ... nted\\n\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/typescript.ts:8:32:34:1 | functio ... nted\\n\\n} | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/typescript.ts:8:32:34:1 | functio ... nted\\n\\n} | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/typescript.ts:8:32:34:1 | functio ... nted\\n\\n} | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/typescript.ts:8:32:34:1 | functio ... nted\\n\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/typescript.ts:8:32:34:1 | functio ... nted\\n\\n} | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/typescript.ts:8:32:34:1 | functio ... nted\\n\\n} | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/typescript.ts:8:32:34:1 | functio ... nted\\n\\n} | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/typescript.ts:8:32:34:1 | functio ... nted\\n\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/typescript.ts:8:32:34:1 | functio ... nted\\n\\n} | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/typescript.ts:8:32:34:1 | functio ... nted\\n\\n} | Xss | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/typescript.ts:8:32:34:1 | functio ... nted\\n\\n} | Xss | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/typescript.ts:8:32:34:1 | functio ... nted\\n\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/typescript.ts:8:32:34:1 | functio ... nted\\n\\n} | Xss | sinkLabel | Unknown | string | -| autogenerated/TaintedPath/typescript.ts:12:29:12:32 | path | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/typescript.ts:12:29:12:32 | path | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/typescript.ts:12:29:12:32 | path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/typescript.ts:12:29:12:32 | path | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/typescript.ts:15:31:15:34 | path | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/typescript.ts:15:31:15:34 | path | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/typescript.ts:15:31:15:34 | path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/typescript.ts:15:31:15:34 | path | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/typescript.ts:18:39:18:43 | path2 | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/typescript.ts:18:39:18:43 | path2 | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/typescript.ts:18:39:18:43 | path2 | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/typescript.ts:18:39:18:43 | path2 | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/typescript.ts:21:39:21:43 | path3 | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/typescript.ts:21:39:21:43 | path3 | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/typescript.ts:21:39:21:43 | path3 | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/typescript.ts:21:39:21:43 | path3 | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/typescript.ts:24:39:24:43 | path4 | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/typescript.ts:24:39:24:43 | path4 | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/typescript.ts:24:39:24:43 | path4 | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/typescript.ts:24:39:24:43 | path4 | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/typescript.ts:28:29:28:33 | path5 | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/TaintedPath/typescript.ts:28:29:28:33 | path5 | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/typescript.ts:28:29:28:33 | path5 | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/typescript.ts:28:29:28:33 | path5 | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/typescript.ts:32:29:32:33 | path6 | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/typescript.ts:32:29:32:33 | path6 | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/typescript.ts:32:29:32:33 | path6 | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/typescript.ts:32:29:32:33 | path6 | TaintedPath | sinkLabel | Sink | string | -| autogenerated/TaintedPath/views.js:1:43:1:55 | req.params[0] | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/TaintedPath/views.js:1:43:1:55 | req.params[0] | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/TaintedPath/views.js:1:43:1:55 | req.params[0] | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/TaintedPath/views.js:1:43:1:55 | req.params[0] | TaintedPath | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/addEventListener.js:1:23:1:31 | 'message' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/addEventListener.js:1:23:1:31 | 'message' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/addEventListener.js:1:23:1:31 | 'message' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/addEventListener.js:1:23:1:31 | 'message' | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/addEventListener.js:1:23:1:31 | 'message' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/addEventListener.js:1:23:1:31 | 'message' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/addEventListener.js:1:23:1:31 | 'message' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/addEventListener.js:1:23:1:31 | 'message' | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/addEventListener.js:1:23:1:31 | 'message' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/addEventListener.js:1:23:1:31 | 'message' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/addEventListener.js:1:23:1:31 | 'message' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/addEventListener.js:1:23:1:31 | 'message' | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/addEventListener.js:1:23:1:31 | 'message' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/addEventListener.js:1:23:1:31 | 'message' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/addEventListener.js:1:23:1:31 | 'message' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/addEventListener.js:1:23:1:31 | 'message' | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/addEventListener.js:1:34:3:1 | functio ... OT OK\\n} | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/addEventListener.js:1:34:3:1 | functio ... OT OK\\n} | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/addEventListener.js:1:34:3:1 | functio ... OT OK\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/addEventListener.js:1:34:3:1 | functio ... OT OK\\n} | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/addEventListener.js:1:34:3:1 | functio ... OT OK\\n} | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/addEventListener.js:1:34:3:1 | functio ... OT OK\\n} | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/addEventListener.js:1:34:3:1 | functio ... OT OK\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/addEventListener.js:1:34:3:1 | functio ... OT OK\\n} | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/addEventListener.js:1:34:3:1 | functio ... OT OK\\n} | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/addEventListener.js:1:34:3:1 | functio ... OT OK\\n} | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/addEventListener.js:1:34:3:1 | functio ... OT OK\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/addEventListener.js:1:34:3:1 | functio ... OT OK\\n} | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/addEventListener.js:1:34:3:1 | functio ... OT OK\\n} | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/addEventListener.js:1:34:3:1 | functio ... OT OK\\n} | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/addEventListener.js:1:34:3:1 | functio ... OT OK\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/addEventListener.js:1:34:3:1 | functio ... OT OK\\n} | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/addEventListener.js:2:20:2:29 | event.data | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/addEventListener.js:2:20:2:29 | event.data | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/addEventListener.js:2:20:2:29 | event.data | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/addEventListener.js:2:20:2:29 | event.data | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/addEventListener.js:5:23:5:31 | 'message' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/addEventListener.js:5:23:5:31 | 'message' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/addEventListener.js:5:23:5:31 | 'message' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/addEventListener.js:5:23:5:31 | 'message' | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/addEventListener.js:5:23:5:31 | 'message' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/addEventListener.js:5:23:5:31 | 'message' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/addEventListener.js:5:23:5:31 | 'message' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/addEventListener.js:5:23:5:31 | 'message' | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/addEventListener.js:5:23:5:31 | 'message' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/addEventListener.js:5:23:5:31 | 'message' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/addEventListener.js:5:23:5:31 | 'message' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/addEventListener.js:5:23:5:31 | 'message' | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/addEventListener.js:5:23:5:31 | 'message' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/addEventListener.js:5:23:5:31 | 'message' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/addEventListener.js:5:23:5:31 | 'message' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/addEventListener.js:5:23:5:31 | 'message' | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/addEventListener.js:5:34:7:1 | functio ... OT OK\\n} | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/addEventListener.js:5:34:7:1 | functio ... OT OK\\n} | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/addEventListener.js:5:34:7:1 | functio ... OT OK\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/addEventListener.js:5:34:7:1 | functio ... OT OK\\n} | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/addEventListener.js:5:34:7:1 | functio ... OT OK\\n} | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/addEventListener.js:5:34:7:1 | functio ... OT OK\\n} | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/addEventListener.js:5:34:7:1 | functio ... OT OK\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/addEventListener.js:5:34:7:1 | functio ... OT OK\\n} | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/addEventListener.js:5:34:7:1 | functio ... OT OK\\n} | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/addEventListener.js:5:34:7:1 | functio ... OT OK\\n} | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/addEventListener.js:5:34:7:1 | functio ... OT OK\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/addEventListener.js:5:34:7:1 | functio ... OT OK\\n} | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/addEventListener.js:5:34:7:1 | functio ... OT OK\\n} | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/addEventListener.js:5:34:7:1 | functio ... OT OK\\n} | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/addEventListener.js:5:34:7:1 | functio ... OT OK\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/addEventListener.js:5:34:7:1 | functio ... OT OK\\n} | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/addEventListener.js:6:20:6:23 | data | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/addEventListener.js:6:20:6:23 | data | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/addEventListener.js:6:20:6:23 | data | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/addEventListener.js:6:20:6:23 | data | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/addEventListener.js:11:24:11:29 | x.data | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/addEventListener.js:11:24:11:29 | x.data | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/addEventListener.js:11:24:11:29 | x.data | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/addEventListener.js:11:24:11:29 | x.data | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/addEventListener.js:12:24:12:33 | event.data | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/addEventListener.js:12:24:12:33 | event.data | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/addEventListener.js:12:24:12:33 | event.data | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/addEventListener.js:12:24:12:33 | event.data | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/addEventListener.js:13:24:13:29 | y.data | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/addEventListener.js:13:24:13:29 | y.data | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/addEventListener.js:13:24:13:29 | y.data | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/addEventListener.js:13:24:13:29 | y.data | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/addEventListener.js:16:29:16:37 | "message" | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/addEventListener.js:16:29:16:37 | "message" | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/addEventListener.js:16:29:16:37 | "message" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/addEventListener.js:16:29:16:37 | "message" | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/addEventListener.js:16:29:16:37 | "message" | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/addEventListener.js:16:29:16:37 | "message" | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/addEventListener.js:16:29:16:37 | "message" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/addEventListener.js:16:29:16:37 | "message" | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/addEventListener.js:16:29:16:37 | "message" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/addEventListener.js:16:29:16:37 | "message" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/addEventListener.js:16:29:16:37 | "message" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/addEventListener.js:16:29:16:37 | "message" | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/addEventListener.js:16:29:16:37 | "message" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/addEventListener.js:16:29:16:37 | "message" | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/addEventListener.js:16:29:16:37 | "message" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/addEventListener.js:16:29:16:37 | "message" | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/addEventListener.js:16:40:16:70 | foo.bin ... tems'}) | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/addEventListener.js:16:40:16:70 | foo.bin ... tems'}) | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/addEventListener.js:16:40:16:70 | foo.bin ... tems'}) | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/addEventListener.js:16:40:16:70 | foo.bin ... tems'}) | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/addEventListener.js:16:40:16:70 | foo.bin ... tems'}) | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/addEventListener.js:16:40:16:70 | foo.bin ... tems'}) | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/addEventListener.js:16:40:16:70 | foo.bin ... tems'}) | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/addEventListener.js:16:40:16:70 | foo.bin ... tems'}) | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/addEventListener.js:16:40:16:70 | foo.bin ... tems'}) | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/addEventListener.js:16:40:16:70 | foo.bin ... tems'}) | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/addEventListener.js:16:40:16:70 | foo.bin ... tems'}) | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/addEventListener.js:16:40:16:70 | foo.bin ... tems'}) | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/addEventListener.js:16:40:16:70 | foo.bin ... tems'}) | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/addEventListener.js:16:40:16:70 | foo.bin ... tems'}) | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/addEventListener.js:16:40:16:70 | foo.bin ... tems'}) | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/addEventListener.js:16:40:16:70 | foo.bin ... tems'}) | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/addEventListener.js:16:49:16:52 | null | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/addEventListener.js:16:49:16:52 | null | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/addEventListener.js:16:49:16:52 | null | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/addEventListener.js:16:49:16:52 | null | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/addEventListener.js:16:49:16:52 | null | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/addEventListener.js:16:49:16:52 | null | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/addEventListener.js:16:49:16:52 | null | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/addEventListener.js:16:49:16:52 | null | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/addEventListener.js:16:49:16:52 | null | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/addEventListener.js:16:49:16:52 | null | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/addEventListener.js:16:49:16:52 | null | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/addEventListener.js:16:49:16:52 | null | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/addEventListener.js:16:49:16:52 | null | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/addEventListener.js:16:49:16:52 | null | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/addEventListener.js:16:49:16:52 | null | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/addEventListener.js:16:49:16:52 | null | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/addEventListener.js:16:55:16:69 | {data: 'items'} | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/addEventListener.js:16:55:16:69 | {data: 'items'} | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/addEventListener.js:16:55:16:69 | {data: 'items'} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/addEventListener.js:16:55:16:69 | {data: 'items'} | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/addEventListener.js:16:55:16:69 | {data: 'items'} | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/addEventListener.js:16:55:16:69 | {data: 'items'} | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/addEventListener.js:16:55:16:69 | {data: 'items'} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/addEventListener.js:16:55:16:69 | {data: 'items'} | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/addEventListener.js:16:55:16:69 | {data: 'items'} | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/addEventListener.js:16:55:16:69 | {data: 'items'} | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/addEventListener.js:16:55:16:69 | {data: 'items'} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/addEventListener.js:16:55:16:69 | {data: 'items'} | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/addEventListener.js:16:55:16:69 | {data: 'items'} | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/addEventListener.js:16:55:16:69 | {data: 'items'} | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/addEventListener.js:16:55:16:69 | {data: 'items'} | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/addEventListener.js:16:55:16:69 | {data: 'items'} | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/addEventListener.js:16:62:16:68 | 'items' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/addEventListener.js:16:62:16:68 | 'items' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/addEventListener.js:16:62:16:68 | 'items' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/addEventListener.js:16:62:16:68 | 'items' | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/addEventListener.js:16:62:16:68 | 'items' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/addEventListener.js:16:62:16:68 | 'items' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/addEventListener.js:16:62:16:68 | 'items' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/addEventListener.js:16:62:16:68 | 'items' | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/addEventListener.js:16:62:16:68 | 'items' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/addEventListener.js:16:62:16:68 | 'items' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/addEventListener.js:16:62:16:68 | 'items' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/addEventListener.js:16:62:16:68 | 'items' | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:7:13:7:22 | 'app-root' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:7:13:7:22 | 'app-root' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:7:13:7:22 | 'app-root' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:7:13:7:22 | 'app-root' | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:7:13:7:22 | 'app-root' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:7:13:7:22 | 'app-root' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:7:13:7:22 | 'app-root' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:7:13:7:22 | 'app-root' | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:7:13:7:22 | 'app-root' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:7:13:7:22 | 'app-root' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:7:13:7:22 | 'app-root' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:7:13:7:22 | 'app-root' | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:8:16:8:37 | './app. ... t.html' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:8:16:8:37 | './app. ... t.html' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:8:16:8:37 | './app. ... t.html' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:8:16:8:37 | './app. ... t.html' | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:8:16:8:37 | './app. ... t.html' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:8:16:8:37 | './app. ... t.html' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:8:16:8:37 | './app. ... t.html' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:8:16:8:37 | './app. ... t.html' | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:8:16:8:37 | './app. ... t.html' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:8:16:8:37 | './app. ... t.html' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:8:16:8:37 | './app. ... t.html' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:8:16:8:37 | './app. ... t.html' | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:9:14:9:36 | ['./app ... t.css'] | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:9:14:9:36 | ['./app ... t.css'] | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:9:14:9:36 | ['./app ... t.css'] | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:9:14:9:36 | ['./app ... t.css'] | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:9:14:9:36 | ['./app ... t.css'] | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:9:14:9:36 | ['./app ... t.css'] | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:9:14:9:36 | ['./app ... t.css'] | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:9:14:9:36 | ['./app ... t.css'] | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:9:14:9:36 | ['./app ... t.css'] | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:9:14:9:36 | ['./app ... t.css'] | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:9:14:9:36 | ['./app ... t.css'] | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:9:14:9:36 | ['./app ... t.css'] | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:9:15:9:35 | './app. ... nt.css' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:9:15:9:35 | './app. ... nt.css' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:9:15:9:35 | './app. ... nt.css' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:9:15:9:35 | './app. ... nt.css' | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:9:15:9:35 | './app. ... nt.css' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:9:15:9:35 | './app. ... nt.css' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:9:15:9:35 | './app. ... nt.css' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:9:15:9:35 | './app. ... nt.css' | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:9:15:9:35 | './app. ... nt.css' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:9:15:9:35 | './app. ... nt.css' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:9:15:9:35 | './app. ... nt.css' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:9:15:9:35 | './app. ... nt.css' | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:22:44:22:71 | \\u0275getDOM ... ().href | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:22:44:22:71 | \\u0275getDOM ... ().href | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:22:44:22:71 | \\u0275getDOM ... ().href | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:22:44:22:71 | \\u0275getDOM ... ().href | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:24:44:24:73 | this.ro ... ams.foo | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:24:44:24:73 | this.ro ... ams.foo | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:24:44:24:73 | this.ro ... ams.foo | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:24:44:24:73 | this.ro ... ams.foo | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:25:44:25:78 | this.ro ... ams.foo | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:25:44:25:78 | this.ro ... ams.foo | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:25:44:25:78 | this.ro ... ams.foo | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:25:44:25:78 | this.ro ... ams.foo | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:26:44:26:71 | this.ro ... ragment | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:26:44:26:71 | this.ro ... ragment | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:26:44:26:71 | this.ro ... ragment | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:26:44:26:71 | this.ro ... ragment | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:27:44:27:82 | this.ro ... ('foo') | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:27:44:27:82 | this.ro ... ('foo') | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:27:44:27:82 | this.ro ... ('foo') | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:27:44:27:82 | this.ro ... ('foo') | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:27:77:27:81 | 'foo' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:27:77:27:81 | 'foo' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:27:77:27:81 | 'foo' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:27:77:27:81 | 'foo' | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:27:77:27:81 | 'foo' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:27:77:27:81 | 'foo' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:27:77:27:81 | 'foo' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:27:77:27:81 | 'foo' | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:27:77:27:81 | 'foo' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:27:77:27:81 | 'foo' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:27:77:27:81 | 'foo' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:27:77:27:81 | 'foo' | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:27:77:27:81 | 'foo' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:27:77:27:81 | 'foo' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:27:77:27:81 | 'foo' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:27:77:27:81 | 'foo' | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:28:44:28:87 | this.ro ... ('foo') | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:28:44:28:87 | this.ro ... ('foo') | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:28:44:28:87 | this.ro ... ('foo') | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:28:44:28:87 | this.ro ... ('foo') | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:28:82:28:86 | 'foo' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:28:82:28:86 | 'foo' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:28:82:28:86 | 'foo' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:28:82:28:86 | 'foo' | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:28:82:28:86 | 'foo' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:28:82:28:86 | 'foo' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:28:82:28:86 | 'foo' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:28:82:28:86 | 'foo' | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:28:82:28:86 | 'foo' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:28:82:28:86 | 'foo' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:28:82:28:86 | 'foo' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:28:82:28:86 | 'foo' | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:28:82:28:86 | 'foo' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:28:82:28:86 | 'foo' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:28:82:28:86 | 'foo' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:28:82:28:86 | 'foo' | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:29:35:31:5 | map => ... K\\n } | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:29:35:31:5 | map => ... K\\n } | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:29:35:31:5 | map => ... K\\n } | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:29:35:31:5 | map => ... K\\n } | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:29:35:31:5 | map => ... K\\n } | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:29:35:31:5 | map => ... K\\n } | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:29:35:31:5 | map => ... K\\n } | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:29:35:31:5 | map => ... K\\n } | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:29:35:31:5 | map => ... K\\n } | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:29:35:31:5 | map => ... K\\n } | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:29:35:31:5 | map => ... K\\n } | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:29:35:31:5 | map => ... K\\n } | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:29:35:31:5 | map => ... K\\n } | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:29:35:31:5 | map => ... K\\n } | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:29:35:31:5 | map => ... K\\n } | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:29:35:31:5 | map => ... K\\n } | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:30:46:30:59 | map.get('foo') | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:30:46:30:59 | map.get('foo') | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:30:46:30:59 | map.get('foo') | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:30:46:30:59 | map.get('foo') | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:30:54:30:58 | 'foo' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:30:54:30:58 | 'foo' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:30:54:30:58 | 'foo' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:30:54:30:58 | 'foo' | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:30:54:30:58 | 'foo' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:30:54:30:58 | 'foo' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:30:54:30:58 | 'foo' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:30:54:30:58 | 'foo' | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:30:54:30:58 | 'foo' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:30:54:30:58 | 'foo' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:30:54:30:58 | 'foo' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:30:54:30:58 | 'foo' | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:30:54:30:58 | 'foo' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:30:54:30:58 | 'foo' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:30:54:30:58 | 'foo' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:30:54:30:58 | 'foo' | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:33:44:33:74 | this.ro ... 1].path | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:33:44:33:74 | this.ro ... 1].path | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:33:44:33:74 | this.ro ... 1].path | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:33:44:33:74 | this.ro ... 1].path | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:34:44:34:82 | this.ro ... eters.x | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:34:44:34:82 | this.ro ... eters.x | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:34:44:34:82 | this.ro ... eters.x | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:34:44:34:82 | this.ro ... eters.x | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:35:44:35:91 | this.ro ... et('x') | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:35:44:35:91 | this.ro ... et('x') | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:35:44:35:91 | this.ro ... et('x') | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:35:44:35:91 | this.ro ... et('x') | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:35:88:35:90 | 'x' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:35:88:35:90 | 'x' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:35:88:35:90 | 'x' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:35:88:35:90 | 'x' | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:35:88:35:90 | 'x' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:35:88:35:90 | 'x' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:35:88:35:90 | 'x' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:35:88:35:90 | 'x' | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:35:88:35:90 | 'x' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:35:88:35:90 | 'x' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:35:88:35:90 | 'x' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:35:88:35:90 | 'x' | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:35:88:35:90 | 'x' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:35:88:35:90 | 'x' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:35:88:35:90 | 'x' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:35:88:35:90 | 'x' | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:36:44:36:91 | this.ro ... arams.x | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:36:44:36:91 | this.ro ... arams.x | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:36:44:36:91 | this.ro ... arams.x | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:36:44:36:91 | this.ro ... arams.x | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:38:44:38:58 | this.router.url | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:38:44:38:58 | this.router.url | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:38:44:38:58 | this.router.url | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:38:44:38:58 | this.router.url | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:40:45:40:59 | this.router.url | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:40:45:40:59 | this.router.url | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:40:45:40:59 | this.router.url | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:40:45:40:59 | this.router.url | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:44:44:44:76 | routeSn ... ('foo') | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:44:44:44:76 | routeSn ... ('foo') | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:44:44:44:76 | routeSn ... ('foo') | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:44:44:44:76 | routeSn ... ('foo') | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:44:71:44:75 | 'foo' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:44:71:44:75 | 'foo' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:44:71:44:75 | 'foo' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:44:71:44:75 | 'foo' | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:44:71:44:75 | 'foo' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:44:71:44:75 | 'foo' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:44:71:44:75 | 'foo' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:44:71:44:75 | 'foo' | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:44:71:44:75 | 'foo' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:44:71:44:75 | 'foo' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:44:71:44:75 | 'foo' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:44:71:44:75 | 'foo' | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:44:71:44:75 | 'foo' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:44:71:44:75 | 'foo' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:44:71:44:75 | 'foo' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:44:71:44:75 | 'foo' | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/classnames.js:7:31:7:84 | `` | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/classnames.js:7:31:7:84 | `` | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/classnames.js:7:31:7:84 | `` | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/classnames.js:7:31:7:84 | `` | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/classnames.js:7:32:7:44 | Hello | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/classnames.js:7:71:7:83 | ">Hello | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/classnames.js:7:71:7:83 | ">Hello | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/classnames.js:7:71:7:83 | ">Hello | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/classnames.js:8:31:8:85 | `` | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/classnames.js:8:31:8:85 | `` | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/classnames.js:8:31:8:85 | `` | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/classnames.js:8:31:8:85 | `` | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/classnames.js:8:32:8:44 | Hello | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/classnames.js:8:72:8:84 | ">Hello | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/classnames.js:8:72:8:84 | ">Hello | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/classnames.js:8:72:8:84 | ">Hello | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/classnames.js:9:31:9:85 | `` | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/classnames.js:9:31:9:85 | `` | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/classnames.js:9:31:9:85 | `` | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/classnames.js:9:31:9:85 | `` | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/classnames.js:9:32:9:44 | Hello | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/classnames.js:9:72:9:84 | ">Hello | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/classnames.js:9:72:9:84 | ">Hello | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/classnames.js:9:72:9:84 | ">Hello | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/classnames.js:10:45:10:55 | window.name | SqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/classnames.js:10:45:10:55 | window.name | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/classnames.js:10:45:10:55 | window.name | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/classnames.js:10:45:10:55 | window.name | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/classnames.js:10:45:10:55 | window.name | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/classnames.js:10:45:10:55 | window.name | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/classnames.js:10:45:10:55 | window.name | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/classnames.js:10:45:10:55 | window.name | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/classnames.js:10:45:10:55 | window.name | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/classnames.js:10:45:10:55 | window.name | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/classnames.js:10:45:10:55 | window.name | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/classnames.js:10:45:10:55 | window.name | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/classnames.js:11:31:11:79 | `` | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/classnames.js:11:31:11:79 | `` | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/classnames.js:11:31:11:79 | `` | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/classnames.js:11:31:11:79 | `` | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/classnames.js:11:32:11:44 | Hello | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/classnames.js:11:66:11:78 | ">Hello | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/classnames.js:11:66:11:78 | ">Hello | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/classnames.js:11:66:11:78 | ">Hello | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/classnames.js:13:31:13:83 | `` | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/classnames.js:13:31:13:83 | `` | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/classnames.js:13:31:13:83 | `` | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/classnames.js:13:31:13:83 | `` | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/classnames.js:13:32:13:44 | Hello | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/classnames.js:13:70:13:82 | ">Hello | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/classnames.js:13:70:13:82 | ">Hello | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/classnames.js:13:70:13:82 | ">Hello | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/classnames.js:14:31:14:77 | `` | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/classnames.js:14:31:14:77 | `` | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/classnames.js:14:31:14:77 | `` | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/classnames.js:14:31:14:77 | `` | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/classnames.js:14:32:14:44 | Hello | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/classnames.js:14:64:14:76 | ">Hello | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/classnames.js:14:64:14:76 | ">Hello | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/classnames.js:14:64:14:76 | ">Hello | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/classnames.js:15:31:15:78 | `` | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/classnames.js:15:31:15:78 | `` | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/classnames.js:15:31:15:78 | `` | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/classnames.js:15:31:15:78 | `` | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/classnames.js:15:32:15:44 | Hello | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/classnames.js:15:65:15:77 | ">Hello | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/classnames.js:15:65:15:77 | ">Hello | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/classnames.js:15:65:15:77 | ">Hello | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/d3.js:1:20:1:23 | 'd3' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/d3.js:1:20:1:23 | 'd3' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/d3.js:1:20:1:23 | 'd3' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/d3.js:1:20:1:23 | 'd3' | TaintedPath | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/d3.js:8:15:8:21 | '#main' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/d3.js:8:15:8:21 | '#main' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/d3.js:8:15:8:21 | '#main' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/d3.js:8:15:8:21 | '#main' | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/d3.js:8:15:8:21 | '#main' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/d3.js:8:15:8:21 | '#main' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/d3.js:8:15:8:21 | '#main' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/d3.js:8:15:8:21 | '#main' | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/d3.js:8:15:8:21 | '#main' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/d3.js:8:15:8:21 | '#main' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/d3.js:8:15:8:21 | '#main' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/d3.js:8:15:8:21 | '#main' | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/d3.js:8:15:8:21 | '#main' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/d3.js:8:15:8:21 | '#main' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/d3.js:8:15:8:21 | '#main' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/d3.js:8:15:8:21 | '#main' | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/d3.js:9:15:9:21 | 'width' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/d3.js:9:15:9:21 | 'width' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/d3.js:9:15:9:21 | 'width' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/d3.js:9:15:9:21 | 'width' | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/d3.js:9:15:9:21 | 'width' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/d3.js:9:15:9:21 | 'width' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/d3.js:9:15:9:21 | 'width' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/d3.js:9:15:9:21 | 'width' | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/d3.js:9:15:9:21 | 'width' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/d3.js:9:15:9:21 | 'width' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/d3.js:9:15:9:21 | 'width' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/d3.js:9:15:9:21 | 'width' | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/d3.js:9:15:9:21 | 'width' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/d3.js:9:15:9:21 | 'width' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/d3.js:9:15:9:21 | 'width' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/d3.js:9:15:9:21 | 'width' | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/d3.js:9:24:9:26 | 100 | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/d3.js:9:24:9:26 | 100 | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/d3.js:9:24:9:26 | 100 | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/d3.js:9:24:9:26 | 100 | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/d3.js:9:24:9:26 | 100 | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/d3.js:9:24:9:26 | 100 | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/d3.js:9:24:9:26 | 100 | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/d3.js:9:24:9:26 | 100 | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/d3.js:9:24:9:26 | 100 | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/d3.js:9:24:9:26 | 100 | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/d3.js:9:24:9:26 | 100 | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/d3.js:9:24:9:26 | 100 | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/d3.js:9:24:9:26 | 100 | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/d3.js:9:24:9:26 | 100 | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/d3.js:9:24:9:26 | 100 | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/d3.js:9:24:9:26 | 100 | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/d3.js:10:16:10:22 | 'color' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/d3.js:10:16:10:22 | 'color' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/d3.js:10:16:10:22 | 'color' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/d3.js:10:16:10:22 | 'color' | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/d3.js:10:16:10:22 | 'color' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/d3.js:10:16:10:22 | 'color' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/d3.js:10:16:10:22 | 'color' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/d3.js:10:16:10:22 | 'color' | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/d3.js:10:16:10:22 | 'color' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/d3.js:10:16:10:22 | 'color' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/d3.js:10:16:10:22 | 'color' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/d3.js:10:16:10:22 | 'color' | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/d3.js:10:16:10:22 | 'color' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/d3.js:10:16:10:22 | 'color' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/d3.js:10:16:10:22 | 'color' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/d3.js:10:16:10:22 | 'color' | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/d3.js:10:25:10:29 | 'red' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/d3.js:10:25:10:29 | 'red' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/d3.js:10:25:10:29 | 'red' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/d3.js:10:25:10:29 | 'red' | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/d3.js:10:25:10:29 | 'red' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/d3.js:10:25:10:29 | 'red' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/d3.js:10:25:10:29 | 'red' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/d3.js:10:25:10:29 | 'red' | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/d3.js:10:25:10:29 | 'red' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/d3.js:10:25:10:29 | 'red' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/d3.js:10:25:10:29 | 'red' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/d3.js:10:25:10:29 | 'red' | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/d3.js:10:25:10:29 | 'red' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/d3.js:10:25:10:29 | 'red' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/d3.js:10:25:10:29 | 'red' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/d3.js:10:25:10:29 | 'red' | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/d3.js:11:15:11:24 | getTaint() | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/d3.js:11:15:11:24 | getTaint() | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/d3.js:11:15:11:24 | getTaint() | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/d3.js:11:15:11:24 | getTaint() | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/d3.js:12:15:12:29 | d => getTaint() | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/d3.js:12:15:12:29 | d => getTaint() | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/d3.js:12:15:12:29 | d => getTaint() | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/d3.js:12:15:12:29 | d => getTaint() | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/d3.js:12:20:12:29 | getTaint() | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/d3.js:12:20:12:29 | getTaint() | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/d3.js:12:20:12:29 | getTaint() | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/d3.js:12:20:12:29 | getTaint() | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/d3.js:13:15:13:27 | otherFunction | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/d3.js:13:15:13:27 | otherFunction | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/d3.js:13:15:13:27 | otherFunction | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/d3.js:13:15:13:27 | otherFunction | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/d3.js:13:15:13:27 | otherFunction | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/d3.js:13:15:13:27 | otherFunction | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/d3.js:13:15:13:27 | otherFunction | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/d3.js:13:15:13:27 | otherFunction | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/d3.js:13:15:13:27 | otherFunction | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/d3.js:13:15:13:27 | otherFunction | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/d3.js:13:15:13:27 | otherFunction | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/d3.js:13:15:13:27 | otherFunction | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/d3.js:13:15:13:27 | otherFunction | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/d3.js:13:15:13:27 | otherFunction | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/d3.js:13:15:13:27 | otherFunction | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/d3.js:13:15:13:27 | otherFunction | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/d3.js:14:15:14:29 | d => getTaint() | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/d3.js:14:15:14:29 | d => getTaint() | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/d3.js:14:15:14:29 | d => getTaint() | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/d3.js:14:15:14:29 | d => getTaint() | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/d3.js:14:20:14:29 | getTaint() | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/d3.js:14:20:14:29 | getTaint() | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/d3.js:14:20:14:29 | getTaint() | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/d3.js:14:20:14:29 | getTaint() | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/d3.js:20:15:20:19 | 'foo' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/d3.js:20:15:20:19 | 'foo' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/d3.js:20:15:20:19 | 'foo' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/d3.js:20:15:20:19 | 'foo' | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/d3.js:20:15:20:19 | 'foo' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/d3.js:20:15:20:19 | 'foo' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/d3.js:20:15:20:19 | 'foo' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/d3.js:20:15:20:19 | 'foo' | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/d3.js:20:15:20:19 | 'foo' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/d3.js:20:15:20:19 | 'foo' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/d3.js:20:15:20:19 | 'foo' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/d3.js:20:15:20:19 | 'foo' | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/d3.js:20:15:20:19 | 'foo' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/d3.js:20:15:20:19 | 'foo' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/d3.js:20:15:20:19 | 'foo' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/d3.js:20:15:20:19 | 'foo' | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/d3.js:20:22:20:26 | 'bar' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/d3.js:20:22:20:26 | 'bar' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/d3.js:20:22:20:26 | 'bar' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/d3.js:20:22:20:26 | 'bar' | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/d3.js:20:22:20:26 | 'bar' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/d3.js:20:22:20:26 | 'bar' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/d3.js:20:22:20:26 | 'bar' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/d3.js:20:22:20:26 | 'bar' | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/d3.js:20:22:20:26 | 'bar' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/d3.js:20:22:20:26 | 'bar' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/d3.js:20:22:20:26 | 'bar' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/d3.js:20:22:20:26 | 'bar' | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/d3.js:20:22:20:26 | 'bar' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/d3.js:20:22:20:26 | 'bar' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/d3.js:20:22:20:26 | 'bar' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/d3.js:20:22:20:26 | 'bar' | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/d3.js:21:15:21:24 | getTaint() | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/d3.js:21:15:21:24 | getTaint() | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/d3.js:21:15:21:24 | getTaint() | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/d3.js:21:15:21:24 | getTaint() | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/dates.js:9:67:9:67 | 1 | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/dates.js:9:67:9:67 | 1 | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/dates.js:9:67:9:67 | 1 | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/dates.js:9:67:9:67 | 1 | NosqlInjection | notASinkReason | BuiltinCallName | string | -| autogenerated/Xss/DomBasedXss/dates.js:9:67:9:67 | 1 | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/dates.js:9:67:9:67 | 1 | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/dates.js:9:67:9:67 | 1 | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/dates.js:9:67:9:67 | 1 | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/dates.js:9:67:9:67 | 1 | SqlInjection | notASinkReason | BuiltinCallName | string | -| autogenerated/Xss/DomBasedXss/dates.js:9:67:9:67 | 1 | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/dates.js:9:67:9:67 | 1 | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/dates.js:9:67:9:67 | 1 | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/dates.js:9:67:9:67 | 1 | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/dates.js:9:67:9:67 | 1 | TaintedPath | notASinkReason | BuiltinCallName | string | -| autogenerated/Xss/DomBasedXss/dates.js:9:67:9:67 | 1 | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/dates.js:9:67:9:67 | 1 | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/dates.js:9:67:9:67 | 1 | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/dates.js:9:67:9:67 | 1 | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/dates.js:9:67:9:67 | 1 | Xss | notASinkReason | BuiltinCallName | string | -| autogenerated/Xss/DomBasedXss/dates.js:9:67:9:67 | 1 | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/dates.js:11:31:11:70 | `Time i ... aint)}` | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/dates.js:11:31:11:70 | `Time i ... aint)}` | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/dates.js:11:31:11:70 | `Time i ... aint)}` | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/dates.js:11:31:11:70 | `Time i ... aint)}` | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/dates.js:12:31:12:73 | `Time i ... aint)}` | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/dates.js:12:31:12:73 | `Time i ... aint)}` | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/dates.js:12:31:12:73 | `Time i ... aint)}` | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/dates.js:12:31:12:73 | `Time i ... aint)}` | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/dates.js:13:31:13:72 | `Time i ... time)}` | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/dates.js:13:31:13:72 | `Time i ... time)}` | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/dates.js:13:31:13:72 | `Time i ... time)}` | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/dates.js:13:31:13:72 | `Time i ... time)}` | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/dates.js:13:66:13:69 | time | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/dates.js:13:66:13:69 | time | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/dates.js:13:66:13:69 | time | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/dates.js:13:66:13:69 | time | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/dates.js:13:66:13:69 | time | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/dates.js:13:66:13:69 | time | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/dates.js:13:66:13:69 | time | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/dates.js:13:66:13:69 | time | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/dates.js:13:66:13:69 | time | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/dates.js:13:66:13:69 | time | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/dates.js:13:66:13:69 | time | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/dates.js:13:66:13:69 | time | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/dates.js:13:66:13:69 | time | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/dates.js:13:66:13:69 | time | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/dates.js:13:66:13:69 | time | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/dates.js:13:66:13:69 | time | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/dates.js:14:31:14:70 | `Time i ... time)}` | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/dates.js:14:31:14:70 | `Time i ... time)}` | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/dates.js:14:31:14:70 | `Time i ... time)}` | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/dates.js:14:31:14:70 | `Time i ... time)}` | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/dates.js:15:31:15:72 | `Time i ... aint)}` | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/dates.js:15:31:15:72 | `Time i ... aint)}` | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/dates.js:15:31:15:72 | `Time i ... aint)}` | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/dates.js:15:31:15:72 | `Time i ... aint)}` | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/dates.js:15:65:15:69 | taint | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/dates.js:15:65:15:69 | taint | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/dates.js:15:65:15:69 | taint | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/dates.js:15:65:15:69 | taint | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/dates.js:15:65:15:69 | taint | SqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/dates.js:15:65:15:69 | taint | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/dates.js:15:65:15:69 | taint | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/dates.js:15:65:15:69 | taint | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/dates.js:15:65:15:69 | taint | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/dates.js:15:65:15:69 | taint | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/dates.js:15:65:15:69 | taint | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/dates.js:15:65:15:69 | taint | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/dates.js:15:65:15:69 | taint | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/dates.js:15:65:15:69 | taint | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/dates.js:15:65:15:69 | taint | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/dates.js:15:65:15:69 | taint | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/dates.js:16:31:16:69 | `Time i ... aint)}` | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/dates.js:16:31:16:69 | `Time i ... aint)}` | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/dates.js:16:31:16:69 | `Time i ... aint)}` | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/dates.js:16:31:16:69 | `Time i ... aint)}` | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/dates.js:16:49:16:52 | time | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/dates.js:16:49:16:52 | time | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/dates.js:16:49:16:52 | time | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/dates.js:16:49:16:52 | time | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/dates.js:16:49:16:52 | time | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/dates.js:16:49:16:52 | time | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/dates.js:16:49:16:52 | time | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/dates.js:16:49:16:52 | time | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/dates.js:16:49:16:52 | time | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/dates.js:16:49:16:52 | time | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/dates.js:16:49:16:52 | time | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/dates.js:16:49:16:52 | time | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/dates.js:16:49:16:52 | time | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/dates.js:16:49:16:52 | time | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/dates.js:16:49:16:52 | time | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/dates.js:16:49:16:52 | time | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/dates.js:17:31:17:65 | `Time i ... mat()}` | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/dates.js:17:31:17:65 | `Time i ... mat()}` | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/dates.js:17:31:17:65 | `Time i ... mat()}` | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/dates.js:17:31:17:65 | `Time i ... mat()}` | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/dates.js:17:49:17:53 | taint | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/dates.js:17:49:17:53 | taint | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/dates.js:17:49:17:53 | taint | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/dates.js:17:49:17:53 | taint | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/dates.js:17:49:17:53 | taint | SqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/dates.js:17:49:17:53 | taint | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/dates.js:17:49:17:53 | taint | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/dates.js:17:49:17:53 | taint | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/dates.js:17:49:17:53 | taint | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/dates.js:17:49:17:53 | taint | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/dates.js:17:49:17:53 | taint | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/dates.js:17:49:17:53 | taint | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/dates.js:17:49:17:53 | taint | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/dates.js:17:49:17:53 | taint | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/dates.js:17:49:17:53 | taint | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/dates.js:17:49:17:53 | taint | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/dates.js:18:31:18:66 | `Time i ... aint)}` | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/dates.js:18:31:18:66 | `Time i ... aint)}` | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/dates.js:18:31:18:66 | `Time i ... aint)}` | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/dates.js:18:31:18:66 | `Time i ... aint)}` | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/encodeuri.js:3:5:3:15 | '' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/encodeuri.js:3:5:3:57 | '' | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/encodeuri.js:3:5:3:57 | '' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/encodeuri.js:3:5:3:57 | '' | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/encodeuri.js:3:19:3:41 | encodeU ... nt(loc) | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/encodeuri.js:3:19:3:41 | encodeU ... nt(loc) | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/encodeuri.js:3:19:3:41 | encodeU ... nt(loc) | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/encodeuri.js:3:19:3:41 | encodeU ... nt(loc) | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/encodeuri.js:3:45:3:57 | '">click' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/encodeuri.js:3:45:3:57 | '">click' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/encodeuri.js:3:45:3:57 | '">click' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/encodeuri.js:3:45:3:57 | '">click' | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/event-handler-receiver.js:1:25:1:31 | 'my-id' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/event-handler-receiver.js:1:25:1:31 | 'my-id' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/event-handler-receiver.js:1:25:1:31 | 'my-id' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/event-handler-receiver.js:1:25:1:31 | 'my-id' | NosqlInjection | notASinkReason | DOM | string | -| autogenerated/Xss/DomBasedXss/event-handler-receiver.js:1:25:1:31 | 'my-id' | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/event-handler-receiver.js:1:25:1:31 | 'my-id' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/event-handler-receiver.js:1:25:1:31 | 'my-id' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/event-handler-receiver.js:1:25:1:31 | 'my-id' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/event-handler-receiver.js:1:25:1:31 | 'my-id' | SqlInjection | notASinkReason | DOM | string | -| autogenerated/Xss/DomBasedXss/event-handler-receiver.js:1:25:1:31 | 'my-id' | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/event-handler-receiver.js:1:25:1:31 | 'my-id' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/event-handler-receiver.js:1:25:1:31 | 'my-id' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/event-handler-receiver.js:1:25:1:31 | 'my-id' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/event-handler-receiver.js:1:25:1:31 | 'my-id' | TaintedPath | notASinkReason | DOM | string | -| autogenerated/Xss/DomBasedXss/event-handler-receiver.js:1:25:1:31 | 'my-id' | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/event-handler-receiver.js:1:25:1:31 | 'my-id' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/event-handler-receiver.js:1:25:1:31 | 'my-id' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/event-handler-receiver.js:1:25:1:31 | 'my-id' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/event-handler-receiver.js:1:25:1:31 | 'my-id' | Xss | notASinkReason | DOM | string | -| autogenerated/Xss/DomBasedXss/event-handler-receiver.js:1:25:1:31 | 'my-id' | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/event-handler-receiver.js:2:31:2:45 | '

    ' | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/event-handler-receiver.js:2:31:2:83 | '

    ' | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/event-handler-receiver.js:2:31:2:83 | '

    ' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/event-handler-receiver.js:2:31:2:83 | '

    ' | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/event-handler-receiver.js:2:49:2:61 | location.href | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/event-handler-receiver.js:2:49:2:61 | location.href | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/event-handler-receiver.js:2:49:2:61 | location.href | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/event-handler-receiver.js:2:49:2:61 | location.href | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/event-handler-receiver.js:2:65:2:83 | '">A link' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/event-handler-receiver.js:2:65:2:83 | '">A link' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/event-handler-receiver.js:2:65:2:83 | '">A link' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/event-handler-receiver.js:2:65:2:83 | '">A link' | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/express.js:1:23:1:31 | 'express' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/express.js:1:23:1:31 | 'express' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/express.js:1:23:1:31 | 'express' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/express.js:1:23:1:31 | 'express' | TaintedPath | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/express.js:5:9:5:20 | '/some/path' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/express.js:5:9:5:20 | '/some/path' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/express.js:5:9:5:20 | '/some/path' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/express.js:5:9:5:20 | '/some/path' | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/express.js:5:9:5:20 | '/some/path' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/express.js:5:9:5:20 | '/some/path' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/express.js:5:9:5:20 | '/some/path' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/express.js:5:9:5:20 | '/some/path' | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/express.js:5:9:5:20 | '/some/path' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/express.js:5:9:5:20 | '/some/path' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/express.js:5:9:5:20 | '/some/path' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/express.js:5:9:5:20 | '/some/path' | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/express.js:5:9:5:20 | '/some/path' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/express.js:5:9:5:20 | '/some/path' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/express.js:5:9:5:20 | '/some/path' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/express.js:5:9:5:20 | '/some/path' | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/express.js:5:23:11:1 | functio ... " });\\n} | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/express.js:5:23:11:1 | functio ... " });\\n} | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/express.js:5:23:11:1 | functio ... " });\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/express.js:5:23:11:1 | functio ... " });\\n} | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/express.js:5:23:11:1 | functio ... " });\\n} | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/express.js:5:23:11:1 | functio ... " });\\n} | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/express.js:5:23:11:1 | functio ... " });\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/express.js:5:23:11:1 | functio ... " });\\n} | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/express.js:5:23:11:1 | functio ... " });\\n} | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/express.js:5:23:11:1 | functio ... " });\\n} | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/express.js:5:23:11:1 | functio ... " });\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/express.js:5:23:11:1 | functio ... " });\\n} | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/express.js:5:23:11:1 | functio ... " });\\n} | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/express.js:5:23:11:1 | functio ... " });\\n} | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/express.js:5:23:11:1 | functio ... " });\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/express.js:5:23:11:1 | functio ... " });\\n} | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/express.js:7:15:7:33 | req.param("wobble") | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/express.js:7:15:7:33 | req.param("wobble") | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/express.js:7:15:7:33 | req.param("wobble") | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/express.js:7:15:7:33 | req.param("wobble") | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/express.js:7:25:7:32 | "wobble" | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/express.js:7:25:7:32 | "wobble" | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/express.js:7:25:7:32 | "wobble" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/express.js:7:25:7:32 | "wobble" | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/express.js:7:25:7:32 | "wobble" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/express.js:7:25:7:32 | "wobble" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/express.js:7:25:7:32 | "wobble" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/express.js:7:25:7:32 | "wobble" | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/express.js:7:25:7:32 | "wobble" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/express.js:7:25:7:32 | "wobble" | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/express.js:7:25:7:32 | "wobble" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/express.js:7:25:7:32 | "wobble" | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/express.js:10:25:10:32 | "wobble" | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/express.js:10:25:10:32 | "wobble" | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/express.js:10:25:10:32 | "wobble" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/express.js:10:25:10:32 | "wobble" | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/express.js:10:25:10:32 | "wobble" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/express.js:10:25:10:32 | "wobble" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/express.js:10:25:10:32 | "wobble" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/express.js:10:25:10:32 | "wobble" | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/express.js:10:25:10:32 | "wobble" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/express.js:10:25:10:32 | "wobble" | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/express.js:10:25:10:32 | "wobble" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/express.js:10:25:10:32 | "wobble" | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/jquery.js:4:5:4:11 | tainted | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/jquery.js:4:5:4:11 | tainted | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/jquery.js:4:5:4:11 | tainted | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/jquery.js:4:5:4:11 | tainted | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/jquery.js:5:5:5:10 | "body" | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/jquery.js:5:5:5:10 | "body" | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/jquery.js:5:5:5:10 | "body" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/jquery.js:5:5:5:10 | "body" | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/jquery.js:5:5:5:10 | "body" | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/jquery.js:5:5:5:10 | "body" | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/jquery.js:5:5:5:10 | "body" | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/jquery.js:5:5:5:10 | "body" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/jquery.js:5:5:5:10 | "body" | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/jquery.js:5:5:5:10 | "body" | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/jquery.js:5:5:5:10 | "body" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/jquery.js:5:5:5:10 | "body" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/jquery.js:5:5:5:10 | "body" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/jquery.js:5:5:5:10 | "body" | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/jquery.js:5:5:5:10 | "body" | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/jquery.js:5:5:5:10 | "body" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/jquery.js:5:5:5:10 | "body" | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/jquery.js:5:5:5:10 | "body" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/jquery.js:5:5:5:10 | "body" | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/jquery.js:5:5:5:10 | "body" | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/jquery.js:5:13:5:19 | tainted | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/jquery.js:5:13:5:19 | tainted | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/jquery.js:5:13:5:19 | tainted | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/jquery.js:5:13:5:19 | tainted | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/jquery.js:5:13:5:19 | tainted | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/jquery.js:5:13:5:19 | tainted | SqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/jquery.js:5:13:5:19 | tainted | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/jquery.js:5:13:5:19 | tainted | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/jquery.js:5:13:5:19 | tainted | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/jquery.js:5:13:5:19 | tainted | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/jquery.js:5:13:5:19 | tainted | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/jquery.js:5:13:5:19 | tainted | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/jquery.js:5:13:5:19 | tainted | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/jquery.js:5:13:5:19 | tainted | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/jquery.js:5:13:5:19 | tainted | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/jquery.js:5:13:5:19 | tainted | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/jquery.js:5:13:5:19 | tainted | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/jquery.js:5:13:5:19 | tainted | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/jquery.js:5:13:5:19 | tainted | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/jquery.js:5:13:5:19 | tainted | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/jquery.js:6:5:6:17 | "." + tainted | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/jquery.js:6:5:6:17 | "." + tainted | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/jquery.js:6:5:6:17 | "." + tainted | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/jquery.js:6:5:6:17 | "." + tainted | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/jquery.js:6:5:6:17 | "." + tainted | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/jquery.js:6:5:6:17 | "." + tainted | SqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/jquery.js:6:5:6:17 | "." + tainted | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/jquery.js:6:5:6:17 | "." + tainted | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/jquery.js:6:5:6:17 | "." + tainted | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/jquery.js:6:5:6:17 | "." + tainted | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/jquery.js:6:5:6:17 | "." + tainted | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/jquery.js:6:5:6:17 | "." + tainted | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/jquery.js:6:5:6:17 | "." + tainted | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/jquery.js:6:5:6:17 | "." + tainted | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/jquery.js:6:5:6:17 | "." + tainted | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/jquery.js:6:5:6:17 | "." + tainted | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/jquery.js:6:5:6:17 | "." + tainted | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/jquery.js:6:5:6:17 | "." + tainted | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/jquery.js:6:5:6:17 | "." + tainted | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/jquery.js:6:5:6:17 | "." + tainted | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/jquery.js:7:5:7:16 | "
    " | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/jquery.js:7:5:7:34 | "
    " | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/jquery.js:7:5:7:34 | "
    " | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/jquery.js:7:5:7:34 | "
    " | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/jquery.js:7:20:7:26 | tainted | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/jquery.js:7:20:7:26 | tainted | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/jquery.js:7:20:7:26 | tainted | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/jquery.js:7:20:7:26 | tainted | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/jquery.js:7:30:7:34 | "\\">" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/jquery.js:7:30:7:34 | "\\">" | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/jquery.js:7:30:7:34 | "\\">" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/jquery.js:7:30:7:34 | "\\">" | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/jquery.js:8:5:8:10 | "body" | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/jquery.js:8:5:8:10 | "body" | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/jquery.js:8:5:8:10 | "body" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/jquery.js:8:5:8:10 | "body" | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/jquery.js:8:5:8:10 | "body" | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/jquery.js:8:5:8:10 | "body" | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/jquery.js:8:5:8:10 | "body" | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/jquery.js:8:5:8:10 | "body" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/jquery.js:8:5:8:10 | "body" | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/jquery.js:8:5:8:10 | "body" | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/jquery.js:8:5:8:10 | "body" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/jquery.js:8:5:8:10 | "body" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/jquery.js:8:5:8:10 | "body" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/jquery.js:8:5:8:10 | "body" | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/jquery.js:8:5:8:10 | "body" | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/jquery.js:8:5:8:10 | "body" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/jquery.js:8:5:8:10 | "body" | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/jquery.js:8:5:8:10 | "body" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/jquery.js:8:5:8:10 | "body" | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/jquery.js:8:5:8:10 | "body" | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/jquery.js:8:18:8:34 | "XSS: " + tainted | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/jquery.js:8:18:8:34 | "XSS: " + tainted | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/jquery.js:8:18:8:34 | "XSS: " + tainted | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/jquery.js:8:18:8:34 | "XSS: " + tainted | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/jquery.js:9:5:9:24 | window.location.hash | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/jquery.js:9:5:9:24 | window.location.hash | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/jquery.js:9:5:9:24 | window.location.hash | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/jquery.js:9:5:9:24 | window.location.hash | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/jquery.js:10:5:10:9 | "" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/jquery.js:10:5:10:9 | "" | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/jquery.js:10:5:10:9 | "" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/jquery.js:10:5:10:9 | "" | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/jquery.js:10:5:10:40 | "" + ... "" | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/jquery.js:10:5:10:40 | "" + ... "" | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/jquery.js:10:5:10:40 | "" + ... "" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/jquery.js:10:5:10:40 | "" + ... "" | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/jquery.js:10:13:10:31 | location.toString() | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/jquery.js:10:13:10:31 | location.toString() | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/jquery.js:10:13:10:31 | location.toString() | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/jquery.js:10:13:10:31 | location.toString() | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/jquery.js:10:35:10:40 | "" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/jquery.js:10:35:10:40 | "" | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/jquery.js:10:35:10:40 | "" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/jquery.js:10:35:10:40 | "" | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/jquery.js:13:37:13:39 | 'x' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/jquery.js:13:37:13:39 | 'x' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/jquery.js:13:37:13:39 | 'x' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/jquery.js:13:37:13:39 | 'x' | NosqlInjection | notASinkReason | DOM | string | -| autogenerated/Xss/DomBasedXss/jquery.js:13:37:13:39 | 'x' | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/jquery.js:13:37:13:39 | 'x' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/jquery.js:13:37:13:39 | 'x' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/jquery.js:13:37:13:39 | 'x' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/jquery.js:13:37:13:39 | 'x' | SqlInjection | notASinkReason | DOM | string | -| autogenerated/Xss/DomBasedXss/jquery.js:13:37:13:39 | 'x' | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/jquery.js:13:37:13:39 | 'x' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/jquery.js:13:37:13:39 | 'x' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/jquery.js:13:37:13:39 | 'x' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/jquery.js:13:37:13:39 | 'x' | TaintedPath | notASinkReason | DOM | string | -| autogenerated/Xss/DomBasedXss/jquery.js:13:37:13:39 | 'x' | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/jquery.js:13:37:13:39 | 'x' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/jquery.js:13:37:13:39 | 'x' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/jquery.js:13:37:13:39 | 'x' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/jquery.js:13:37:13:39 | 'x' | Xss | notASinkReason | DOM | string | -| autogenerated/Xss/DomBasedXss/jquery.js:13:37:13:39 | 'x' | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/jquery.js:14:19:14:58 | decodeU ... n.hash) | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/jquery.js:14:19:14:58 | decodeU ... n.hash) | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/jquery.js:14:19:14:58 | decodeU ... n.hash) | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/jquery.js:14:19:14:58 | decodeU ... n.hash) | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/jquery.js:15:19:15:60 | decodeU ... search) | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/jquery.js:15:19:15:60 | decodeU ... search) | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/jquery.js:15:19:15:60 | decodeU ... search) | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/jquery.js:15:19:15:60 | decodeU ... search) | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/jquery.js:16:19:16:64 | decodeU ... ring()) | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/jquery.js:16:19:16:64 | decodeU ... ring()) | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/jquery.js:16:19:16:64 | decodeU ... ring()) | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/jquery.js:16:19:16:64 | decodeU ... ring()) | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/jwt-server.js:1:23:1:31 | 'express' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/jwt-server.js:1:23:1:31 | 'express' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/jwt-server.js:1:23:1:31 | 'express' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/jwt-server.js:1:23:1:31 | 'express' | TaintedPath | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/jwt-server.js:6:9:6:20 | '/some/path' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/jwt-server.js:6:9:6:20 | '/some/path' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/jwt-server.js:6:9:6:20 | '/some/path' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/jwt-server.js:6:9:6:20 | '/some/path' | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/jwt-server.js:6:9:6:20 | '/some/path' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/jwt-server.js:6:9:6:20 | '/some/path' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/jwt-server.js:6:9:6:20 | '/some/path' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/jwt-server.js:6:9:6:20 | '/some/path' | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/jwt-server.js:6:9:6:20 | '/some/path' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/jwt-server.js:6:9:6:20 | '/some/path' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/jwt-server.js:6:9:6:20 | '/some/path' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/jwt-server.js:6:9:6:20 | '/some/path' | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/jwt-server.js:6:9:6:20 | '/some/path' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/jwt-server.js:6:9:6:20 | '/some/path' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/jwt-server.js:6:9:6:20 | '/some/path' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/jwt-server.js:6:9:6:20 | '/some/path' | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/jwt-server.js:6:23:13:1 | functio ... });\\n} | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/jwt-server.js:6:23:13:1 | functio ... });\\n} | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/jwt-server.js:6:23:13:1 | functio ... });\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/jwt-server.js:6:23:13:1 | functio ... });\\n} | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/jwt-server.js:6:23:13:1 | functio ... });\\n} | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/jwt-server.js:6:23:13:1 | functio ... });\\n} | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/jwt-server.js:6:23:13:1 | functio ... });\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/jwt-server.js:6:23:13:1 | functio ... });\\n} | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/jwt-server.js:6:23:13:1 | functio ... });\\n} | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/jwt-server.js:6:23:13:1 | functio ... });\\n} | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/jwt-server.js:6:23:13:1 | functio ... });\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/jwt-server.js:6:23:13:1 | functio ... });\\n} | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/jwt-server.js:6:23:13:1 | functio ... });\\n} | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/jwt-server.js:6:23:13:1 | functio ... });\\n} | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/jwt-server.js:6:23:13:1 | functio ... });\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/jwt-server.js:6:23:13:1 | functio ... });\\n} | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/jwt-server.js:7:27:7:34 | "wobble" | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/jwt-server.js:7:27:7:34 | "wobble" | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/jwt-server.js:7:27:7:34 | "wobble" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/jwt-server.js:7:27:7:34 | "wobble" | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/jwt-server.js:7:27:7:34 | "wobble" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/jwt-server.js:7:27:7:34 | "wobble" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/jwt-server.js:7:27:7:34 | "wobble" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/jwt-server.js:7:27:7:34 | "wobble" | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/jwt-server.js:7:27:7:34 | "wobble" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/jwt-server.js:7:27:7:34 | "wobble" | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/jwt-server.js:7:27:7:34 | "wobble" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/jwt-server.js:7:27:7:34 | "wobble" | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/jwt-server.js:11:19:11:29 | decoded.foo | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/jwt-server.js:11:19:11:29 | decoded.foo | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/jwt-server.js:11:19:11:29 | decoded.foo | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/jwt-server.js:11:19:11:29 | decoded.foo | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/jwt.js:4:8:4:17 | loginUrl() | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/jwt.js:4:8:4:17 | loginUrl() | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/jwt.js:4:8:4:17 | loginUrl() | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/jwt.js:4:8:4:17 | loginUrl() | NosqlInjection | notASinkReason | ClientRequest | string | -| autogenerated/Xss/DomBasedXss/jwt.js:4:8:4:17 | loginUrl() | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/jwt.js:4:8:4:17 | loginUrl() | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/jwt.js:4:8:4:17 | loginUrl() | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/jwt.js:4:8:4:17 | loginUrl() | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/jwt.js:4:8:4:17 | loginUrl() | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/jwt.js:4:8:4:17 | loginUrl() | SqlInjection | notASinkReason | ClientRequest | string | -| autogenerated/Xss/DomBasedXss/jwt.js:4:8:4:17 | loginUrl() | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/jwt.js:4:8:4:17 | loginUrl() | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/jwt.js:4:8:4:17 | loginUrl() | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/jwt.js:4:8:4:17 | loginUrl() | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/jwt.js:4:8:4:17 | loginUrl() | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/jwt.js:4:8:4:17 | loginUrl() | TaintedPath | notASinkReason | ClientRequest | string | -| autogenerated/Xss/DomBasedXss/jwt.js:4:8:4:17 | loginUrl() | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/jwt.js:4:8:4:17 | loginUrl() | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/jwt.js:4:8:4:17 | loginUrl() | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/jwt.js:4:8:4:17 | loginUrl() | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/jwt.js:4:8:4:17 | loginUrl() | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/jwt.js:4:8:4:17 | loginUrl() | Xss | notASinkReason | ClientRequest | string | -| autogenerated/Xss/DomBasedXss/jwt.js:4:8:4:17 | loginUrl() | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/jwt.js:4:8:4:17 | loginUrl() | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/jwt.js:4:20:4:32 | {data: "foo"} | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/jwt.js:4:20:4:32 | {data: "foo"} | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/jwt.js:4:20:4:32 | {data: "foo"} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/jwt.js:4:20:4:32 | {data: "foo"} | NosqlInjection | notASinkReason | ClientRequest | string | -| autogenerated/Xss/DomBasedXss/jwt.js:4:20:4:32 | {data: "foo"} | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/jwt.js:4:20:4:32 | {data: "foo"} | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/jwt.js:4:20:4:32 | {data: "foo"} | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/jwt.js:4:20:4:32 | {data: "foo"} | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/jwt.js:4:20:4:32 | {data: "foo"} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/jwt.js:4:20:4:32 | {data: "foo"} | SqlInjection | notASinkReason | ClientRequest | string | -| autogenerated/Xss/DomBasedXss/jwt.js:4:20:4:32 | {data: "foo"} | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/jwt.js:4:20:4:32 | {data: "foo"} | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/jwt.js:4:20:4:32 | {data: "foo"} | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/jwt.js:4:20:4:32 | {data: "foo"} | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/jwt.js:4:20:4:32 | {data: "foo"} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/jwt.js:4:20:4:32 | {data: "foo"} | TaintedPath | notASinkReason | ClientRequest | string | -| autogenerated/Xss/DomBasedXss/jwt.js:4:20:4:32 | {data: "foo"} | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/jwt.js:4:20:4:32 | {data: "foo"} | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/jwt.js:4:20:4:32 | {data: "foo"} | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/jwt.js:4:20:4:32 | {data: "foo"} | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/jwt.js:4:20:4:32 | {data: "foo"} | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/jwt.js:4:20:4:32 | {data: "foo"} | Xss | notASinkReason | ClientRequest | string | -| autogenerated/Xss/DomBasedXss/jwt.js:4:20:4:32 | {data: "foo"} | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/jwt.js:4:20:4:32 | {data: "foo"} | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/jwt.js:4:27:4:31 | "foo" | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/jwt.js:4:27:4:31 | "foo" | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/jwt.js:4:27:4:31 | "foo" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/jwt.js:4:27:4:31 | "foo" | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/jwt.js:4:27:4:31 | "foo" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/jwt.js:4:27:4:31 | "foo" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/jwt.js:4:27:4:31 | "foo" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/jwt.js:4:27:4:31 | "foo" | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/jwt.js:4:27:4:31 | "foo" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/jwt.js:4:27:4:31 | "foo" | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/jwt.js:4:27:4:31 | "foo" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/jwt.js:4:27:4:31 | "foo" | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/jwt.js:4:35:7:1 | (data, ... ENCY]\\n} | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/jwt.js:4:35:7:1 | (data, ... ENCY]\\n} | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/jwt.js:4:35:7:1 | (data, ... ENCY]\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/jwt.js:4:35:7:1 | (data, ... ENCY]\\n} | NosqlInjection | notASinkReason | ClientRequest | string | -| autogenerated/Xss/DomBasedXss/jwt.js:4:35:7:1 | (data, ... ENCY]\\n} | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/jwt.js:4:35:7:1 | (data, ... ENCY]\\n} | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/jwt.js:4:35:7:1 | (data, ... ENCY]\\n} | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/jwt.js:4:35:7:1 | (data, ... ENCY]\\n} | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/jwt.js:4:35:7:1 | (data, ... ENCY]\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/jwt.js:4:35:7:1 | (data, ... ENCY]\\n} | SqlInjection | notASinkReason | ClientRequest | string | -| autogenerated/Xss/DomBasedXss/jwt.js:4:35:7:1 | (data, ... ENCY]\\n} | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/jwt.js:4:35:7:1 | (data, ... ENCY]\\n} | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/jwt.js:4:35:7:1 | (data, ... ENCY]\\n} | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/jwt.js:4:35:7:1 | (data, ... ENCY]\\n} | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/jwt.js:4:35:7:1 | (data, ... ENCY]\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/jwt.js:4:35:7:1 | (data, ... ENCY]\\n} | TaintedPath | notASinkReason | ClientRequest | string | -| autogenerated/Xss/DomBasedXss/jwt.js:4:35:7:1 | (data, ... ENCY]\\n} | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/jwt.js:4:35:7:1 | (data, ... ENCY]\\n} | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/jwt.js:4:35:7:1 | (data, ... ENCY]\\n} | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/jwt.js:4:35:7:1 | (data, ... ENCY]\\n} | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/jwt.js:4:35:7:1 | (data, ... ENCY]\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/jwt.js:4:35:7:1 | (data, ... ENCY]\\n} | Xss | notASinkReason | ClientRequest | string | -| autogenerated/Xss/DomBasedXss/jwt.js:4:35:7:1 | (data, ... ENCY]\\n} | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/jwt.js:4:35:7:1 | (data, ... ENCY]\\n} | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/jwt.js:6:14:6:20 | decoded | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/jwt.js:6:14:6:20 | decoded | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/jwt.js:6:14:6:20 | decoded | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/jwt.js:6:14:6:20 | decoded | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/nodemailer.js:1:26:1:37 | 'nodemailer' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/nodemailer.js:1:26:1:37 | 'nodemailer' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/nodemailer.js:1:26:1:37 | 'nodemailer' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/nodemailer.js:1:26:1:37 | 'nodemailer' | TaintedPath | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/nodemailer.js:2:23:2:31 | 'express' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/nodemailer.js:2:23:2:31 | 'express' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/nodemailer.js:2:23:2:31 | 'express' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/nodemailer.js:2:23:2:31 | 'express' | TaintedPath | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/nodemailer.js:4:23:4:33 | './backend' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/nodemailer.js:4:23:4:33 | './backend' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/nodemailer.js:4:23:4:33 | './backend' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/nodemailer.js:4:23:4:33 | './backend' | TaintedPath | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/nodemailer.js:6:10:6:27 | '/private_message' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/nodemailer.js:6:10:6:27 | '/private_message' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/nodemailer.js:6:10:6:27 | '/private_message' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/nodemailer.js:6:10:6:27 | '/private_message' | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/nodemailer.js:6:10:6:27 | '/private_message' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/nodemailer.js:6:10:6:27 | '/private_message' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/nodemailer.js:6:10:6:27 | '/private_message' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/nodemailer.js:6:10:6:27 | '/private_message' | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/nodemailer.js:6:10:6:27 | '/private_message' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/nodemailer.js:6:10:6:27 | '/private_message' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/nodemailer.js:6:10:6:27 | '/private_message' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/nodemailer.js:6:10:6:27 | '/private_message' | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/nodemailer.js:6:10:6:27 | '/private_message' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/nodemailer.js:6:10:6:27 | '/private_message' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/nodemailer.js:6:10:6:27 | '/private_message' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/nodemailer.js:6:10:6:27 | '/private_message' | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/nodemailer.js:6:30:15:1 | (req, r ... });\\n} | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/nodemailer.js:6:30:15:1 | (req, r ... });\\n} | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/nodemailer.js:6:30:15:1 | (req, r ... });\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/nodemailer.js:6:30:15:1 | (req, r ... });\\n} | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/nodemailer.js:6:30:15:1 | (req, r ... });\\n} | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/nodemailer.js:6:30:15:1 | (req, r ... });\\n} | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/nodemailer.js:6:30:15:1 | (req, r ... });\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/nodemailer.js:6:30:15:1 | (req, r ... });\\n} | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/nodemailer.js:6:30:15:1 | (req, r ... });\\n} | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/nodemailer.js:6:30:15:1 | (req, r ... });\\n} | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/nodemailer.js:6:30:15:1 | (req, r ... });\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/nodemailer.js:6:30:15:1 | (req, r ... });\\n} | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/nodemailer.js:6:30:15:1 | (req, r ... });\\n} | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/nodemailer.js:6:30:15:1 | (req, r ... });\\n} | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/nodemailer.js:6:30:15:1 | (req, r ... });\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/nodemailer.js:6:30:15:1 | (req, r ... });\\n} | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/nodemailer.js:7:46:7:47 | {} | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/nodemailer.js:7:46:7:47 | {} | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/nodemailer.js:7:46:7:47 | {} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/nodemailer.js:7:46:7:47 | {} | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/nodemailer.js:7:46:7:47 | {} | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/nodemailer.js:7:46:7:47 | {} | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/nodemailer.js:7:46:7:47 | {} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/nodemailer.js:7:46:7:47 | {} | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/nodemailer.js:7:46:7:47 | {} | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/nodemailer.js:7:46:7:47 | {} | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/nodemailer.js:7:46:7:47 | {} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/nodemailer.js:7:46:7:47 | {} | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/nodemailer.js:7:46:7:47 | {} | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/nodemailer.js:7:46:7:47 | {} | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/nodemailer.js:7:46:7:47 | {} | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/nodemailer.js:7:46:7:47 | {} | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/nodemailer.js:8:22:14:3 | {\\n f ... OK\\n } | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/nodemailer.js:8:22:14:3 | {\\n f ... OK\\n } | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/nodemailer.js:8:22:14:3 | {\\n f ... OK\\n } | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/nodemailer.js:8:22:14:3 | {\\n f ... OK\\n } | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/nodemailer.js:8:22:14:3 | {\\n f ... OK\\n } | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/nodemailer.js:8:22:14:3 | {\\n f ... OK\\n } | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/nodemailer.js:8:22:14:3 | {\\n f ... OK\\n } | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/nodemailer.js:8:22:14:3 | {\\n f ... OK\\n } | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/nodemailer.js:8:22:14:3 | {\\n f ... OK\\n } | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/nodemailer.js:8:22:14:3 | {\\n f ... OK\\n } | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/nodemailer.js:8:22:14:3 | {\\n f ... OK\\n } | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/nodemailer.js:8:22:14:3 | {\\n f ... OK\\n } | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/nodemailer.js:8:22:14:3 | {\\n f ... OK\\n } | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/nodemailer.js:8:22:14:3 | {\\n f ... OK\\n } | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/nodemailer.js:8:22:14:3 | {\\n f ... OK\\n } | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/nodemailer.js:8:22:14:3 | {\\n f ... OK\\n } | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/nodemailer.js:9:11:9:33 | 'webmas ... le.com' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/nodemailer.js:9:11:9:33 | 'webmas ... le.com' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/nodemailer.js:9:11:9:33 | 'webmas ... le.com' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/nodemailer.js:9:11:9:33 | 'webmas ... le.com' | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/nodemailer.js:9:11:9:33 | 'webmas ... le.com' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/nodemailer.js:9:11:9:33 | 'webmas ... le.com' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/nodemailer.js:9:11:9:33 | 'webmas ... le.com' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/nodemailer.js:9:11:9:33 | 'webmas ... le.com' | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/nodemailer.js:9:11:9:33 | 'webmas ... le.com' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/nodemailer.js:9:11:9:33 | 'webmas ... le.com' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/nodemailer.js:9:11:9:33 | 'webmas ... le.com' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/nodemailer.js:9:11:9:33 | 'webmas ... le.com' | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/nodemailer.js:10:9:10:48 | backend ... ceiver) | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/nodemailer.js:10:9:10:48 | backend ... ceiver) | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/nodemailer.js:10:9:10:48 | backend ... ceiver) | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/nodemailer.js:10:9:10:48 | backend ... ceiver) | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/nodemailer.js:10:9:10:48 | backend ... ceiver) | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/nodemailer.js:10:9:10:48 | backend ... ceiver) | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/nodemailer.js:10:9:10:48 | backend ... ceiver) | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/nodemailer.js:10:9:10:48 | backend ... ceiver) | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/nodemailer.js:10:9:10:48 | backend ... ceiver) | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/nodemailer.js:10:9:10:48 | backend ... ceiver) | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/nodemailer.js:10:9:10:48 | backend ... ceiver) | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/nodemailer.js:10:9:10:48 | backend ... ceiver) | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/nodemailer.js:10:30:10:47 | req.query.receiver | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/nodemailer.js:10:30:10:47 | req.query.receiver | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/nodemailer.js:10:30:10:47 | req.query.receiver | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/nodemailer.js:10:30:10:47 | req.query.receiver | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/nodemailer.js:10:30:10:47 | req.query.receiver | SqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/nodemailer.js:10:30:10:47 | req.query.receiver | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/nodemailer.js:10:30:10:47 | req.query.receiver | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/nodemailer.js:10:30:10:47 | req.query.receiver | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/nodemailer.js:10:30:10:47 | req.query.receiver | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/nodemailer.js:10:30:10:47 | req.query.receiver | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/nodemailer.js:10:30:10:47 | req.query.receiver | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/nodemailer.js:10:30:10:47 | req.query.receiver | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/nodemailer.js:10:30:10:47 | req.query.receiver | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/nodemailer.js:10:30:10:47 | req.query.receiver | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/nodemailer.js:10:30:10:47 | req.query.receiver | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/nodemailer.js:10:30:10:47 | req.query.receiver | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/nodemailer.js:11:14:11:30 | 'Private message' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/nodemailer.js:11:14:11:30 | 'Private message' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/nodemailer.js:11:14:11:30 | 'Private message' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/nodemailer.js:11:14:11:30 | 'Private message' | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/nodemailer.js:11:14:11:30 | 'Private message' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/nodemailer.js:11:14:11:30 | 'Private message' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/nodemailer.js:11:14:11:30 | 'Private message' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/nodemailer.js:11:14:11:30 | 'Private message' | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/nodemailer.js:11:14:11:30 | 'Private message' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/nodemailer.js:11:14:11:30 | 'Private message' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/nodemailer.js:11:14:11:30 | 'Private message' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/nodemailer.js:11:14:11:30 | 'Private message' | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/nodemailer.js:12:11:12:69 | `Hi, yo ... sage}.` | SqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/nodemailer.js:12:11:12:69 | `Hi, yo ... sage}.` | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/nodemailer.js:12:11:12:69 | `Hi, yo ... sage}.` | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/nodemailer.js:12:11:12:69 | `Hi, yo ... sage}.` | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/nodemailer.js:12:11:12:69 | `Hi, yo ... sage}.` | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/nodemailer.js:12:11:12:69 | `Hi, yo ... sage}.` | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/nodemailer.js:12:11:12:69 | `Hi, yo ... sage}.` | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/nodemailer.js:12:11:12:69 | `Hi, yo ... sage}.` | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/nodemailer.js:12:11:12:69 | `Hi, yo ... sage}.` | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/nodemailer.js:12:11:12:69 | `Hi, yo ... sage}.` | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/nodemailer.js:12:11:12:69 | `Hi, yo ... sage}.` | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/nodemailer.js:12:11:12:69 | `Hi, yo ... sage}.` | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/nodemailer.js:13:11:13:69 | `Hi, yo ... sage}.` | SqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/nodemailer.js:13:11:13:69 | `Hi, yo ... sage}.` | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/nodemailer.js:13:11:13:69 | `Hi, yo ... sage}.` | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/nodemailer.js:13:11:13:69 | `Hi, yo ... sage}.` | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/nodemailer.js:13:11:13:69 | `Hi, yo ... sage}.` | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/nodemailer.js:13:11:13:69 | `Hi, yo ... sage}.` | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/nodemailer.js:13:11:13:69 | `Hi, yo ... sage}.` | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/nodemailer.js:13:11:13:69 | `Hi, yo ... sage}.` | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/nodemailer.js:13:11:13:69 | `Hi, yo ... sage}.` | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/nodemailer.js:13:11:13:69 | `Hi, yo ... sage}.` | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/nodemailer.js:13:11:13:69 | `Hi, yo ... sage}.` | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/nodemailer.js:13:11:13:69 | `Hi, yo ... sage}.` | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:4:5:4:10 | 'myId' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:4:5:4:10 | 'myId' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:4:5:4:10 | 'myId' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:4:5:4:10 | 'myId' | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:4:5:4:10 | 'myId' | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:4:5:4:10 | 'myId' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:4:5:4:10 | 'myId' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:4:5:4:10 | 'myId' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:4:5:4:10 | 'myId' | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:4:5:4:10 | 'myId' | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:4:5:4:10 | 'myId' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:4:5:4:10 | 'myId' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:4:5:4:10 | 'myId' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:4:5:4:10 | 'myId' | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:4:5:4:10 | 'myId' | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:4:5:4:10 | 'myId' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:4:5:4:10 | 'myId' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:4:5:4:10 | 'myId' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:4:5:4:10 | 'myId' | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:4:5:4:10 | 'myId' | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:4:18:4:63 | sanitiz ... target | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:4:18:4:63 | sanitiz ... target | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:4:18:4:63 | sanitiz ... target | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:4:18:4:63 | sanitiz ... target | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:6:5:6:10 | 'myId' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:6:5:6:10 | 'myId' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:6:5:6:10 | 'myId' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:6:5:6:10 | 'myId' | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:6:5:6:10 | 'myId' | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:6:5:6:10 | 'myId' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:6:5:6:10 | 'myId' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:6:5:6:10 | 'myId' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:6:5:6:10 | 'myId' | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:6:5:6:10 | 'myId' | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:6:5:6:10 | 'myId' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:6:5:6:10 | 'myId' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:6:5:6:10 | 'myId' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:6:5:6:10 | 'myId' | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:6:5:6:10 | 'myId' | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:6:5:6:10 | 'myId' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:6:5:6:10 | 'myId' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:6:5:6:10 | 'myId' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:6:5:6:10 | 'myId' | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:6:5:6:10 | 'myId' | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:6:18:6:23 | target | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:6:18:6:23 | target | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:6:18:6:23 | target | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:6:18:6:23 | target | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:9:5:9:10 | 'myId' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:9:5:9:10 | 'myId' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:9:5:9:10 | 'myId' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:9:5:9:10 | 'myId' | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:9:5:9:10 | 'myId' | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:9:5:9:10 | 'myId' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:9:5:9:10 | 'myId' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:9:5:9:10 | 'myId' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:9:5:9:10 | 'myId' | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:9:5:9:10 | 'myId' | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:9:5:9:10 | 'myId' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:9:5:9:10 | 'myId' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:9:5:9:10 | 'myId' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:9:5:9:10 | 'myId' | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:9:5:9:10 | 'myId' | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:9:5:9:10 | 'myId' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:9:5:9:10 | 'myId' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:9:5:9:10 | 'myId' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:9:5:9:10 | 'myId' | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:9:5:9:10 | 'myId' | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:9:18:9:24 | tainted | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:9:18:9:24 | tainted | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:9:18:9:24 | tainted | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:9:18:9:24 | tainted | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:13:5:13:10 | 'myId' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:13:5:13:10 | 'myId' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:13:5:13:10 | 'myId' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:13:5:13:10 | 'myId' | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:13:5:13:10 | 'myId' | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:13:5:13:10 | 'myId' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:13:5:13:10 | 'myId' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:13:5:13:10 | 'myId' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:13:5:13:10 | 'myId' | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:13:5:13:10 | 'myId' | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:13:5:13:10 | 'myId' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:13:5:13:10 | 'myId' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:13:5:13:10 | 'myId' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:13:5:13:10 | 'myId' | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:13:5:13:10 | 'myId' | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:13:5:13:10 | 'myId' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:13:5:13:10 | 'myId' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:13:5:13:10 | 'myId' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:13:5:13:10 | 'myId' | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:13:5:13:10 | 'myId' | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:13:18:13:24 | tainted | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:13:18:13:24 | tainted | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:13:18:13:24 | tainted | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:13:18:13:24 | tainted | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:17:7:17:12 | 'myId' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:17:7:17:12 | 'myId' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:17:7:17:12 | 'myId' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:17:7:17:12 | 'myId' | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:17:7:17:12 | 'myId' | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:17:7:17:12 | 'myId' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:17:7:17:12 | 'myId' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:17:7:17:12 | 'myId' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:17:7:17:12 | 'myId' | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:17:7:17:12 | 'myId' | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:17:7:17:12 | 'myId' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:17:7:17:12 | 'myId' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:17:7:17:12 | 'myId' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:17:7:17:12 | 'myId' | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:17:7:17:12 | 'myId' | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:17:7:17:12 | 'myId' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:17:7:17:12 | 'myId' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:17:7:17:12 | 'myId' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:17:7:17:12 | 'myId' | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:17:7:17:12 | 'myId' | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:17:20:17:20 | x | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:17:20:17:20 | x | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:17:20:17:20 | x | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:17:20:17:20 | x | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:21:7:21:12 | 'myId' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:21:7:21:12 | 'myId' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:21:7:21:12 | 'myId' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:21:7:21:12 | 'myId' | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:21:7:21:12 | 'myId' | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:21:7:21:12 | 'myId' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:21:7:21:12 | 'myId' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:21:7:21:12 | 'myId' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:21:7:21:12 | 'myId' | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:21:7:21:12 | 'myId' | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:21:7:21:12 | 'myId' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:21:7:21:12 | 'myId' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:21:7:21:12 | 'myId' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:21:7:21:12 | 'myId' | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:21:7:21:12 | 'myId' | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:21:7:21:12 | 'myId' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:21:7:21:12 | 'myId' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:21:7:21:12 | 'myId' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:21:7:21:12 | 'myId' | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:21:7:21:12 | 'myId' | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:21:20:21:20 | x | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:21:20:21:20 | x | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:21:20:21:20 | x | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:21:20:21:20 | x | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:32:5:32:10 | 'myId' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:32:5:32:10 | 'myId' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:32:5:32:10 | 'myId' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:32:5:32:10 | 'myId' | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:32:5:32:10 | 'myId' | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:32:5:32:10 | 'myId' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:32:5:32:10 | 'myId' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:32:5:32:10 | 'myId' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:32:5:32:10 | 'myId' | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:32:5:32:10 | 'myId' | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:32:5:32:10 | 'myId' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:32:5:32:10 | 'myId' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:32:5:32:10 | 'myId' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:32:5:32:10 | 'myId' | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:32:5:32:10 | 'myId' | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:32:5:32:10 | 'myId' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:32:5:32:10 | 'myId' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:32:5:32:10 | 'myId' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:32:5:32:10 | 'myId' | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:32:5:32:10 | 'myId' | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:32:18:32:25 | tainted2 | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:32:18:32:25 | tainted2 | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:32:18:32:25 | tainted2 | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:32:18:32:25 | tainted2 | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:34:28:34:35 | tainted2 | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:34:28:34:35 | tainted2 | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:34:28:34:35 | tainted2 | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:34:28:34:35 | tainted2 | NosqlInjection | notASinkReason | DOM | string | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:34:28:34:35 | tainted2 | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:34:28:34:35 | tainted2 | SqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:34:28:34:35 | tainted2 | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:34:28:34:35 | tainted2 | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:34:28:34:35 | tainted2 | SqlInjection | notASinkReason | DOM | string | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:34:28:34:35 | tainted2 | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:34:28:34:35 | tainted2 | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:34:28:34:35 | tainted2 | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:34:28:34:35 | tainted2 | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:34:28:34:35 | tainted2 | TaintedPath | notASinkReason | DOM | string | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:34:28:34:35 | tainted2 | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:34:28:34:35 | tainted2 | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:34:28:34:35 | tainted2 | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:34:28:34:35 | tainted2 | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:34:28:34:35 | tainted2 | Xss | notASinkReason | DOM | string | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:34:28:34:35 | tainted2 | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:36:5:36:10 | 'myId' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:36:5:36:10 | 'myId' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:36:5:36:10 | 'myId' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:36:5:36:10 | 'myId' | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:36:5:36:10 | 'myId' | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:36:5:36:10 | 'myId' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:36:5:36:10 | 'myId' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:36:5:36:10 | 'myId' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:36:5:36:10 | 'myId' | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:36:5:36:10 | 'myId' | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:36:5:36:10 | 'myId' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:36:5:36:10 | 'myId' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:36:5:36:10 | 'myId' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:36:5:36:10 | 'myId' | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:36:5:36:10 | 'myId' | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:36:5:36:10 | 'myId' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:36:5:36:10 | 'myId' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:36:5:36:10 | 'myId' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:36:5:36:10 | 'myId' | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:36:5:36:10 | 'myId' | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:36:18:36:25 | tainted2 | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:36:18:36:25 | tainted2 | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:36:18:36:25 | tainted2 | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:36:18:36:25 | tainted2 | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:39:5:39:10 | 'myId' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:39:5:39:10 | 'myId' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:39:5:39:10 | 'myId' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:39:5:39:10 | 'myId' | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:39:5:39:10 | 'myId' | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:39:5:39:10 | 'myId' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:39:5:39:10 | 'myId' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:39:5:39:10 | 'myId' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:39:5:39:10 | 'myId' | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:39:5:39:10 | 'myId' | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:39:5:39:10 | 'myId' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:39:5:39:10 | 'myId' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:39:5:39:10 | 'myId' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:39:5:39:10 | 'myId' | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:39:5:39:10 | 'myId' | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:39:5:39:10 | 'myId' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:39:5:39:10 | 'myId' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:39:5:39:10 | 'myId' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:39:5:39:10 | 'myId' | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:39:5:39:10 | 'myId' | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:39:18:39:25 | tainted3 | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:39:18:39:25 | tainted3 | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:39:18:39:25 | tainted3 | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:39:18:39:25 | tainted3 | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:41:28:41:35 | tainted3 | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:41:28:41:35 | tainted3 | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:41:28:41:35 | tainted3 | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:41:28:41:35 | tainted3 | NosqlInjection | notASinkReason | DOM | string | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:41:28:41:35 | tainted3 | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:41:28:41:35 | tainted3 | SqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:41:28:41:35 | tainted3 | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:41:28:41:35 | tainted3 | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:41:28:41:35 | tainted3 | SqlInjection | notASinkReason | DOM | string | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:41:28:41:35 | tainted3 | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:41:28:41:35 | tainted3 | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:41:28:41:35 | tainted3 | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:41:28:41:35 | tainted3 | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:41:28:41:35 | tainted3 | TaintedPath | notASinkReason | DOM | string | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:41:28:41:35 | tainted3 | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:41:28:41:35 | tainted3 | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:41:28:41:35 | tainted3 | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:41:28:41:35 | tainted3 | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:41:28:41:35 | tainted3 | Xss | notASinkReason | DOM | string | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:41:28:41:35 | tainted3 | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:43:5:43:10 | 'myId' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:43:5:43:10 | 'myId' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:43:5:43:10 | 'myId' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:43:5:43:10 | 'myId' | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:43:5:43:10 | 'myId' | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:43:5:43:10 | 'myId' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:43:5:43:10 | 'myId' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:43:5:43:10 | 'myId' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:43:5:43:10 | 'myId' | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:43:5:43:10 | 'myId' | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:43:5:43:10 | 'myId' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:43:5:43:10 | 'myId' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:43:5:43:10 | 'myId' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:43:5:43:10 | 'myId' | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:43:5:43:10 | 'myId' | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:43:5:43:10 | 'myId' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:43:5:43:10 | 'myId' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:43:5:43:10 | 'myId' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:43:5:43:10 | 'myId' | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:43:5:43:10 | 'myId' | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:43:18:43:25 | tainted3 | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:43:18:43:25 | tainted3 | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:43:18:43:25 | tainted3 | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:43:18:43:25 | tainted3 | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:45:5:45:10 | 'myId' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:45:5:45:10 | 'myId' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:45:5:45:10 | 'myId' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:45:5:45:10 | 'myId' | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:45:5:45:10 | 'myId' | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:45:5:45:10 | 'myId' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:45:5:45:10 | 'myId' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:45:5:45:10 | 'myId' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:45:5:45:10 | 'myId' | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:45:5:45:10 | 'myId' | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:45:5:45:10 | 'myId' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:45:5:45:10 | 'myId' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:45:5:45:10 | 'myId' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:45:5:45:10 | 'myId' | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:45:5:45:10 | 'myId' | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:45:5:45:10 | 'myId' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:45:5:45:10 | 'myId' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:45:5:45:10 | 'myId' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:45:5:45:10 | 'myId' | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:45:5:45:10 | 'myId' | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:45:18:45:56 | sanitiz ... target | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:45:18:45:56 | sanitiz ... target | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:45:18:45:56 | sanitiz ... target | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:45:18:45:56 | sanitiz ... target | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:45:41:45:46 | target | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:45:41:45:46 | target | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:45:41:45:46 | target | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:45:41:45:46 | target | NosqlInjection | notASinkReason | DOM | string | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:45:41:45:46 | target | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:45:41:45:46 | target | SqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:45:41:45:46 | target | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:45:41:45:46 | target | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:45:41:45:46 | target | SqlInjection | notASinkReason | DOM | string | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:45:41:45:46 | target | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:45:41:45:46 | target | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:45:41:45:46 | target | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:45:41:45:46 | target | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:45:41:45:46 | target | TaintedPath | notASinkReason | DOM | string | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:45:41:45:46 | target | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:45:41:45:46 | target | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:45:41:45:46 | target | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:45:41:45:46 | target | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:45:41:45:46 | target | Xss | notASinkReason | DOM | string | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:45:41:45:46 | target | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/react-create-context.js:3:45:3:48 | null | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/react-create-context.js:3:45:3:48 | null | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/react-create-context.js:3:45:3:48 | null | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/react-create-context.js:3:45:3:48 | null | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/react-create-context.js:3:45:3:48 | null | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/react-create-context.js:3:45:3:48 | null | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/react-create-context.js:3:45:3:48 | null | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/react-create-context.js:3:45:3:48 | null | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/react-create-context.js:3:45:3:48 | null | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/react-create-context.js:3:45:3:48 | null | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/react-create-context.js:3:45:3:48 | null | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/react-create-context.js:3:45:3:48 | null | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/react-native.js:6:9:6:20 | '/some/path' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/react-native.js:6:9:6:20 | '/some/path' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/react-native.js:6:9:6:20 | '/some/path' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/react-native.js:6:9:6:20 | '/some/path' | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/react-native.js:6:9:6:20 | '/some/path' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/react-native.js:6:9:6:20 | '/some/path' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/react-native.js:6:9:6:20 | '/some/path' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/react-native.js:6:9:6:20 | '/some/path' | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/react-native.js:6:9:6:20 | '/some/path' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/react-native.js:6:9:6:20 | '/some/path' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/react-native.js:6:9:6:20 | '/some/path' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/react-native.js:6:9:6:20 | '/some/path' | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/react-native.js:6:9:6:20 | '/some/path' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/react-native.js:6:9:6:20 | '/some/path' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/react-native.js:6:9:6:20 | '/some/path' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/react-native.js:6:9:6:20 | '/some/path' | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/react-native.js:6:23:10:1 | functio ... OT OK\\n} | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/react-native.js:6:23:10:1 | functio ... OT OK\\n} | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/react-native.js:6:23:10:1 | functio ... OT OK\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/react-native.js:6:23:10:1 | functio ... OT OK\\n} | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/react-native.js:6:23:10:1 | functio ... OT OK\\n} | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/react-native.js:6:23:10:1 | functio ... OT OK\\n} | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/react-native.js:6:23:10:1 | functio ... OT OK\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/react-native.js:6:23:10:1 | functio ... OT OK\\n} | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/react-native.js:6:23:10:1 | functio ... OT OK\\n} | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/react-native.js:6:23:10:1 | functio ... OT OK\\n} | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/react-native.js:6:23:10:1 | functio ... OT OK\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/react-native.js:6:23:10:1 | functio ... OT OK\\n} | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/react-native.js:6:23:10:1 | functio ... OT OK\\n} | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/react-native.js:6:23:10:1 | functio ... OT OK\\n} | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/react-native.js:6:23:10:1 | functio ... OT OK\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/react-native.js:6:23:10:1 | functio ... OT OK\\n} | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/react-native.js:7:27:7:32 | "code" | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/react-native.js:7:27:7:32 | "code" | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/react-native.js:7:27:7:32 | "code" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/react-native.js:7:27:7:32 | "code" | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/react-native.js:7:27:7:32 | "code" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/react-native.js:7:27:7:32 | "code" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/react-native.js:7:27:7:32 | "code" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/react-native.js:7:27:7:32 | "code" | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/react-native.js:7:27:7:32 | "code" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/react-native.js:7:27:7:32 | "code" | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/react-native.js:7:27:7:32 | "code" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/react-native.js:7:27:7:32 | "code" | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/react-native.js:8:18:8:24 | tainted | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/react-native.js:8:18:8:24 | tainted | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/react-native.js:8:18:8:24 | tainted | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/react-native.js:8:18:8:24 | tainted | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/react-native.js:9:27:9:33 | tainted | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/react-native.js:9:27:9:33 | tainted | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/react-native.js:9:27:9:33 | tainted | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/react-native.js:9:27:9:33 | tainted | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/react-use-context.js:5:23:5:31 | MyContext | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/react-use-context.js:5:23:5:31 | MyContext | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/react-use-context.js:5:23:5:31 | MyContext | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/react-use-context.js:5:23:5:31 | MyContext | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/react-use-context.js:5:23:5:31 | MyContext | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/react-use-context.js:5:23:5:31 | MyContext | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/react-use-context.js:5:23:5:31 | MyContext | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/react-use-context.js:5:23:5:31 | MyContext | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/react-use-context.js:5:23:5:31 | MyContext | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/react-use-context.js:5:23:5:31 | MyContext | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/react-use-context.js:5:23:5:31 | MyContext | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/react-use-context.js:5:23:5:31 | MyContext | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/react-use-context.js:5:23:5:31 | MyContext | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/react-use-context.js:5:23:5:31 | MyContext | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/react-use-context.js:5:23:5:31 | MyContext | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/react-use-context.js:5:23:5:31 | MyContext | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/react-use-context.js:10:22:10:32 | window.name | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/react-use-context.js:10:22:10:32 | window.name | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/react-use-context.js:10:22:10:32 | window.name | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/react-use-context.js:10:22:10:32 | window.name | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/react-use-context.js:16:26:16:36 | window.name | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/react-use-context.js:16:26:16:36 | window.name | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/react-use-context.js:16:26:16:36 | window.name | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/react-use-context.js:16:26:16:36 | window.name | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/react-use-state.js:5:42:5:56 | {__html: state} | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/react-use-state.js:5:42:5:56 | {__html: state} | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/react-use-state.js:5:42:5:56 | {__html: state} | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/react-use-state.js:5:42:5:56 | {__html: state} | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/react-use-state.js:5:51:5:55 | state | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/react-use-state.js:5:51:5:55 | state | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/react-use-state.js:5:51:5:55 | state | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/react-use-state.js:5:51:5:55 | state | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/react-use-state.js:11:42:11:56 | {__html: state} | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/react-use-state.js:11:42:11:56 | {__html: state} | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/react-use-state.js:11:42:11:56 | {__html: state} | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/react-use-state.js:11:42:11:56 | {__html: state} | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/react-use-state.js:11:51:11:55 | state | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/react-use-state.js:11:51:11:55 | state | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/react-use-state.js:11:51:11:55 | state | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/react-use-state.js:11:51:11:55 | state | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/react-use-state.js:17:42:17:56 | {__html: state} | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/react-use-state.js:17:42:17:56 | {__html: state} | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/react-use-state.js:17:42:17:56 | {__html: state} | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/react-use-state.js:17:42:17:56 | {__html: state} | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/react-use-state.js:17:51:17:55 | state | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/react-use-state.js:17:51:17:55 | state | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/react-use-state.js:17:51:17:55 | state | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/react-use-state.js:17:51:17:55 | state | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/react-use-state.js:23:35:23:38 | prev | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/react-use-state.js:23:35:23:38 | prev | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/react-use-state.js:23:35:23:38 | prev | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/react-use-state.js:23:35:23:38 | prev | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/react-use-state.js:32:42:32:56 | {__html: state} | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/react-use-state.js:32:42:32:56 | {__html: state} | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/react-use-state.js:32:42:32:56 | {__html: state} | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/react-use-state.js:32:42:32:56 | {__html: state} | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/react-use-state.js:32:51:32:55 | state | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/react-use-state.js:32:51:32:55 | state | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/react-use-state.js:32:51:32:55 | state | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/react-use-state.js:32:51:32:55 | state | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/sanitiser.js:18:19:18:30 | "" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:18:19:18:91 | "" | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:18:19:18:91 | "" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:18:19:18:91 | "" | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/sanitiser.js:18:34:18:52 | escapeAttr(tainted) | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:18:34:18:52 | escapeAttr(tainted) | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:18:34:18:52 | escapeAttr(tainted) | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:18:34:18:52 | escapeAttr(tainted) | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/sanitiser.js:18:56:18:60 | "\\">" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:18:56:18:60 | "\\">" | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:18:56:18:60 | "\\">" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:18:56:18:60 | "\\">" | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/sanitiser.js:18:64:18:82 | escapeHtml(tainted) | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:18:64:18:82 | escapeHtml(tainted) | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:18:64:18:82 | escapeHtml(tainted) | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:18:64:18:82 | escapeHtml(tainted) | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/sanitiser.js:18:86:18:91 | "" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:18:86:18:91 | "" | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:18:86:18:91 | "" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:18:86:18:91 | "" | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/sanitiser.js:19:19:19:25 | "
    " | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:19:19:19:25 | "
    " | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:19:19:19:25 | "
    " | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:19:19:19:25 | "
    " | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/sanitiser.js:19:19:19:58 | "
    " ...
    " | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:19:19:19:58 | "
    " ...
    " | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:19:19:19:58 | "
    " ...
    " | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:19:19:19:58 | "
    " ...
    " | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/sanitiser.js:19:29:19:47 | escapeAttr(tainted) | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:19:29:19:47 | escapeAttr(tainted) | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:19:29:19:47 | escapeAttr(tainted) | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:19:29:19:47 | escapeAttr(tainted) | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/sanitiser.js:19:51:19:58 | "
    " | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:19:51:19:58 | "
    " | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:19:51:19:58 | "
    " | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:19:51:19:58 | "
    " | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/sanitiser.js:22:18:22:24 | tainted | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:22:18:22:24 | tainted | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:22:18:22:24 | tainted | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:22:18:22:24 | tainted | NosqlInjection | notASinkReason | StringRegExpTest | string | -| autogenerated/Xss/DomBasedXss/sanitiser.js:22:18:22:24 | tainted | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/sanitiser.js:22:18:22:24 | tainted | SqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:22:18:22:24 | tainted | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:22:18:22:24 | tainted | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:22:18:22:24 | tainted | SqlInjection | notASinkReason | StringRegExpTest | string | -| autogenerated/Xss/DomBasedXss/sanitiser.js:22:18:22:24 | tainted | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/sanitiser.js:22:18:22:24 | tainted | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:22:18:22:24 | tainted | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:22:18:22:24 | tainted | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:22:18:22:24 | tainted | TaintedPath | notASinkReason | StringRegExpTest | string | -| autogenerated/Xss/DomBasedXss/sanitiser.js:22:18:22:24 | tainted | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/sanitiser.js:22:18:22:24 | tainted | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:22:18:22:24 | tainted | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:22:18:22:24 | tainted | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:22:18:22:24 | tainted | Xss | notASinkReason | StringRegExpTest | string | -| autogenerated/Xss/DomBasedXss/sanitiser.js:22:18:22:24 | tainted | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/sanitiser.js:23:21:23:25 | '' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:23:21:23:25 | '' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:23:21:23:25 | '' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:23:21:23:25 | '' | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/sanitiser.js:23:21:23:44 | '' + ... '' | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:23:21:23:44 | '' + ... '' | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:23:21:23:44 | '' + ... '' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:23:21:23:44 | '' + ... '' | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/sanitiser.js:23:29:23:35 | tainted | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:23:29:23:35 | tainted | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:23:29:23:35 | tainted | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:23:29:23:35 | tainted | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/sanitiser.js:23:39:23:44 | '' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:23:39:23:44 | '' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:23:39:23:44 | '' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:23:39:23:44 | '' | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/sanitiser.js:25:21:25:25 | '' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:25:21:25:25 | '' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:25:21:25:25 | '' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:25:21:25:25 | '' | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/sanitiser.js:25:21:25:44 | '' + ... '' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:25:21:25:44 | '' + ... '' | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:25:21:25:44 | '' + ... '' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:25:21:25:44 | '' + ... '' | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/sanitiser.js:25:29:25:35 | tainted | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:25:29:25:35 | tainted | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:25:29:25:35 | tainted | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:25:29:25:35 | tainted | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/sanitiser.js:25:39:25:44 | '' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:25:39:25:44 | '' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:25:39:25:44 | '' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:25:39:25:44 | '' | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/sanitiser.js:27:19:27:25 | tainted | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:27:19:27:25 | tainted | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:27:19:27:25 | tainted | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:27:19:27:25 | tainted | NosqlInjection | notASinkReason | StringRegExpTest | string | -| autogenerated/Xss/DomBasedXss/sanitiser.js:27:19:27:25 | tainted | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/sanitiser.js:27:19:27:25 | tainted | SqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:27:19:27:25 | tainted | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:27:19:27:25 | tainted | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:27:19:27:25 | tainted | SqlInjection | notASinkReason | StringRegExpTest | string | -| autogenerated/Xss/DomBasedXss/sanitiser.js:27:19:27:25 | tainted | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/sanitiser.js:27:19:27:25 | tainted | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:27:19:27:25 | tainted | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:27:19:27:25 | tainted | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:27:19:27:25 | tainted | TaintedPath | notASinkReason | StringRegExpTest | string | -| autogenerated/Xss/DomBasedXss/sanitiser.js:27:19:27:25 | tainted | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/sanitiser.js:27:19:27:25 | tainted | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:27:19:27:25 | tainted | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:27:19:27:25 | tainted | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:27:19:27:25 | tainted | Xss | notASinkReason | StringRegExpTest | string | -| autogenerated/Xss/DomBasedXss/sanitiser.js:27:19:27:25 | tainted | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/sanitiser.js:28:21:28:25 | '' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:28:21:28:25 | '' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:28:21:28:25 | '' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:28:21:28:25 | '' | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/sanitiser.js:28:21:28:44 | '' + ... '' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:28:21:28:44 | '' + ... '' | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:28:21:28:44 | '' + ... '' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:28:21:28:44 | '' + ... '' | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/sanitiser.js:28:29:28:35 | tainted | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:28:29:28:35 | tainted | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:28:29:28:35 | tainted | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:28:29:28:35 | tainted | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/sanitiser.js:28:39:28:44 | '' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:28:39:28:44 | '' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:28:39:28:44 | '' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:28:39:28:44 | '' | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/sanitiser.js:30:21:30:25 | '' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:30:21:30:25 | '' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:30:21:30:25 | '' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:30:21:30:25 | '' | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/sanitiser.js:30:21:30:44 | '' + ... '' | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:30:21:30:44 | '' + ... '' | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:30:21:30:44 | '' + ... '' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:30:21:30:44 | '' + ... '' | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/sanitiser.js:30:29:30:35 | tainted | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:30:29:30:35 | tainted | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:30:29:30:35 | tainted | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:30:29:30:35 | tainted | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/sanitiser.js:30:39:30:44 | '' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:30:39:30:44 | '' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:30:39:30:44 | '' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:30:39:30:44 | '' | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/sanitiser.js:32:18:32:24 | tainted | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:32:18:32:24 | tainted | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:32:18:32:24 | tainted | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:32:18:32:24 | tainted | NosqlInjection | notASinkReason | StringRegExpTest | string | -| autogenerated/Xss/DomBasedXss/sanitiser.js:32:18:32:24 | tainted | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/sanitiser.js:32:18:32:24 | tainted | SqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:32:18:32:24 | tainted | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:32:18:32:24 | tainted | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:32:18:32:24 | tainted | SqlInjection | notASinkReason | StringRegExpTest | string | -| autogenerated/Xss/DomBasedXss/sanitiser.js:32:18:32:24 | tainted | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/sanitiser.js:32:18:32:24 | tainted | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:32:18:32:24 | tainted | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:32:18:32:24 | tainted | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:32:18:32:24 | tainted | TaintedPath | notASinkReason | StringRegExpTest | string | -| autogenerated/Xss/DomBasedXss/sanitiser.js:32:18:32:24 | tainted | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/sanitiser.js:32:18:32:24 | tainted | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:32:18:32:24 | tainted | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:32:18:32:24 | tainted | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:32:18:32:24 | tainted | Xss | notASinkReason | StringRegExpTest | string | -| autogenerated/Xss/DomBasedXss/sanitiser.js:32:18:32:24 | tainted | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/sanitiser.js:33:21:33:25 | '' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:33:21:33:25 | '' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:33:21:33:25 | '' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:33:21:33:25 | '' | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/sanitiser.js:33:21:33:44 | '' + ... '' | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:33:21:33:44 | '' + ... '' | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:33:21:33:44 | '' + ... '' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:33:21:33:44 | '' + ... '' | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/sanitiser.js:33:29:33:35 | tainted | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:33:29:33:35 | tainted | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:33:29:33:35 | tainted | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:33:29:33:35 | tainted | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/sanitiser.js:33:39:33:44 | '' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:33:39:33:44 | '' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:33:39:33:44 | '' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:33:39:33:44 | '' | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/sanitiser.js:35:21:35:25 | '' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:35:21:35:25 | '' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:35:21:35:25 | '' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:35:21:35:25 | '' | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/sanitiser.js:35:21:35:44 | '' + ... '' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:35:21:35:44 | '' + ... '' | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:35:21:35:44 | '' + ... '' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:35:21:35:44 | '' + ... '' | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/sanitiser.js:35:29:35:35 | tainted | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:35:29:35:35 | tainted | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:35:29:35:35 | tainted | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:35:29:35:35 | tainted | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/sanitiser.js:35:39:35:44 | '' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:35:39:35:44 | '' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:35:39:35:44 | '' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:35:39:35:44 | '' | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/sanitiser.js:38:21:38:25 | '' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:38:21:38:25 | '' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:38:21:38:25 | '' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:38:21:38:25 | '' | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/sanitiser.js:38:21:38:44 | '' + ... '' | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:38:21:38:44 | '' + ... '' | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:38:21:38:44 | '' + ... '' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:38:21:38:44 | '' + ... '' | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/sanitiser.js:38:29:38:35 | tainted | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:38:29:38:35 | tainted | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:38:29:38:35 | tainted | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:38:29:38:35 | tainted | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/sanitiser.js:38:39:38:44 | '' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:38:39:38:44 | '' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:38:39:38:44 | '' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:38:39:38:44 | '' | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/sanitiser.js:40:21:40:25 | '' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:40:21:40:25 | '' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:40:21:40:25 | '' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:40:21:40:25 | '' | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/sanitiser.js:40:21:40:44 | '' + ... '' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:40:21:40:44 | '' + ... '' | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:40:21:40:44 | '' + ... '' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:40:21:40:44 | '' + ... '' | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/sanitiser.js:40:29:40:35 | tainted | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:40:29:40:35 | tainted | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:40:29:40:35 | tainted | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:40:29:40:35 | tainted | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/sanitiser.js:40:39:40:44 | '' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:40:39:40:44 | '' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:40:39:40:44 | '' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:40:39:40:44 | '' | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/sanitiser.js:43:21:43:25 | '' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:43:21:43:25 | '' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:43:21:43:25 | '' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:43:21:43:25 | '' | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/sanitiser.js:43:21:43:44 | '' + ... '' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:43:21:43:44 | '' + ... '' | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:43:21:43:44 | '' + ... '' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:43:21:43:44 | '' + ... '' | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/sanitiser.js:43:29:43:35 | tainted | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:43:29:43:35 | tainted | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:43:29:43:35 | tainted | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:43:29:43:35 | tainted | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/sanitiser.js:43:39:43:44 | '' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:43:39:43:44 | '' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:43:39:43:44 | '' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:43:39:43:44 | '' | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/sanitiser.js:45:21:45:25 | '' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:45:21:45:25 | '' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:45:21:45:25 | '' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:45:21:45:25 | '' | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/sanitiser.js:45:21:45:44 | '' + ... '' | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:45:21:45:44 | '' + ... '' | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:45:21:45:44 | '' + ... '' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:45:21:45:44 | '' + ... '' | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/sanitiser.js:45:29:45:35 | tainted | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:45:29:45:35 | tainted | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:45:29:45:35 | tainted | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:45:29:45:35 | tainted | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/sanitiser.js:45:39:45:44 | '' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:45:39:45:44 | '' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:45:39:45:44 | '' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:45:39:45:44 | '' | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/sanitiser.js:48:19:48:46 | tainted ... /g, '') | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:48:19:48:46 | tainted ... /g, '') | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:48:19:48:46 | tainted ... /g, '') | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/sanitiser.js:48:19:48:46 | tainted ... /g, '') | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:2:28:2:36 | 'session' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:2:28:2:36 | 'session' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:2:28:2:36 | 'session' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:2:28:2:36 | 'session' | NosqlInjection | notASinkReason | ReceiverStorage | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:2:28:2:36 | 'session' | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:2:28:2:36 | 'session' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:2:28:2:36 | 'session' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:2:28:2:36 | 'session' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:2:28:2:36 | 'session' | SqlInjection | notASinkReason | ReceiverStorage | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:2:28:2:36 | 'session' | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:2:28:2:36 | 'session' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:2:28:2:36 | 'session' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:2:28:2:36 | 'session' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:2:28:2:36 | 'session' | TaintedPath | notASinkReason | ReceiverStorage | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:2:28:2:36 | 'session' | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:2:28:2:36 | 'session' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:2:28:2:36 | 'session' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:2:28:2:36 | 'session' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:2:28:2:36 | 'session' | Xss | notASinkReason | ReceiverStorage | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:2:28:2:36 | 'session' | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:2:39:2:62 | documen ... .search | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:2:39:2:62 | documen ... .search | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:2:39:2:62 | documen ... .search | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:2:39:2:62 | documen ... .search | NosqlInjection | notASinkReason | ReceiverStorage | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:2:39:2:62 | documen ... .search | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:2:39:2:62 | documen ... .search | SqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:2:39:2:62 | documen ... .search | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:2:39:2:62 | documen ... .search | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:2:39:2:62 | documen ... .search | SqlInjection | notASinkReason | ReceiverStorage | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:2:39:2:62 | documen ... .search | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:2:39:2:62 | documen ... .search | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:2:39:2:62 | documen ... .search | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:2:39:2:62 | documen ... .search | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:2:39:2:62 | documen ... .search | TaintedPath | notASinkReason | ReceiverStorage | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:2:39:2:62 | documen ... .search | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:2:39:2:62 | documen ... .search | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:2:39:2:62 | documen ... .search | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:2:39:2:62 | documen ... .search | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:2:39:2:62 | documen ... .search | Xss | notASinkReason | ReceiverStorage | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:2:39:2:62 | documen ... .search | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:3:26:3:32 | 'local' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:3:26:3:32 | 'local' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:3:26:3:32 | 'local' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:3:26:3:32 | 'local' | NosqlInjection | notASinkReason | ReceiverStorage | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:3:26:3:32 | 'local' | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:3:26:3:32 | 'local' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:3:26:3:32 | 'local' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:3:26:3:32 | 'local' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:3:26:3:32 | 'local' | SqlInjection | notASinkReason | ReceiverStorage | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:3:26:3:32 | 'local' | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:3:26:3:32 | 'local' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:3:26:3:32 | 'local' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:3:26:3:32 | 'local' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:3:26:3:32 | 'local' | TaintedPath | notASinkReason | ReceiverStorage | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:3:26:3:32 | 'local' | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:3:26:3:32 | 'local' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:3:26:3:32 | 'local' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:3:26:3:32 | 'local' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:3:26:3:32 | 'local' | Xss | notASinkReason | ReceiverStorage | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:3:26:3:32 | 'local' | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:3:35:3:58 | documen ... .search | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:3:35:3:58 | documen ... .search | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:3:35:3:58 | documen ... .search | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:3:35:3:58 | documen ... .search | NosqlInjection | notASinkReason | ReceiverStorage | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:3:35:3:58 | documen ... .search | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:3:35:3:58 | documen ... .search | SqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:3:35:3:58 | documen ... .search | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:3:35:3:58 | documen ... .search | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:3:35:3:58 | documen ... .search | SqlInjection | notASinkReason | ReceiverStorage | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:3:35:3:58 | documen ... .search | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:3:35:3:58 | documen ... .search | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:3:35:3:58 | documen ... .search | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:3:35:3:58 | documen ... .search | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:3:35:3:58 | documen ... .search | TaintedPath | notASinkReason | ReceiverStorage | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:3:35:3:58 | documen ... .search | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:3:35:3:58 | documen ... .search | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:3:35:3:58 | documen ... .search | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:3:35:3:58 | documen ... .search | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:3:35:3:58 | documen ... .search | Xss | notASinkReason | ReceiverStorage | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:3:35:3:58 | documen ... .search | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:5:7:5:12 | 'myId' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:5:7:5:12 | 'myId' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:5:7:5:12 | 'myId' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:5:7:5:12 | 'myId' | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:5:7:5:12 | 'myId' | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:5:7:5:12 | 'myId' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:5:7:5:12 | 'myId' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:5:7:5:12 | 'myId' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:5:7:5:12 | 'myId' | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:5:7:5:12 | 'myId' | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:5:7:5:12 | 'myId' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:5:7:5:12 | 'myId' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:5:7:5:12 | 'myId' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:5:7:5:12 | 'myId' | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:5:7:5:12 | 'myId' | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:5:7:5:12 | 'myId' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:5:7:5:12 | 'myId' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:5:7:5:12 | 'myId' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:5:7:5:12 | 'myId' | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:5:7:5:12 | 'myId' | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:5:20:5:52 | session ... ssion') | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:5:20:5:52 | session ... ssion') | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:5:20:5:52 | session ... ssion') | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:5:20:5:52 | session ... ssion') | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:5:43:5:51 | 'session' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:5:43:5:51 | 'session' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:5:43:5:51 | 'session' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:5:43:5:51 | 'session' | NosqlInjection | notASinkReason | ReceiverStorage | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:5:43:5:51 | 'session' | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:5:43:5:51 | 'session' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:5:43:5:51 | 'session' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:5:43:5:51 | 'session' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:5:43:5:51 | 'session' | SqlInjection | notASinkReason | ReceiverStorage | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:5:43:5:51 | 'session' | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:5:43:5:51 | 'session' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:5:43:5:51 | 'session' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:5:43:5:51 | 'session' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:5:43:5:51 | 'session' | TaintedPath | notASinkReason | ReceiverStorage | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:5:43:5:51 | 'session' | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:5:43:5:51 | 'session' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:5:43:5:51 | 'session' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:5:43:5:51 | 'session' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:5:43:5:51 | 'session' | Xss | notASinkReason | ReceiverStorage | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:5:43:5:51 | 'session' | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:6:7:6:12 | 'myId' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:6:7:6:12 | 'myId' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:6:7:6:12 | 'myId' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:6:7:6:12 | 'myId' | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:6:7:6:12 | 'myId' | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:6:7:6:12 | 'myId' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:6:7:6:12 | 'myId' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:6:7:6:12 | 'myId' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:6:7:6:12 | 'myId' | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:6:7:6:12 | 'myId' | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:6:7:6:12 | 'myId' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:6:7:6:12 | 'myId' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:6:7:6:12 | 'myId' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:6:7:6:12 | 'myId' | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:6:7:6:12 | 'myId' | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:6:7:6:12 | 'myId' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:6:7:6:12 | 'myId' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:6:7:6:12 | 'myId' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:6:7:6:12 | 'myId' | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:6:7:6:12 | 'myId' | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:6:20:6:50 | localSt ... ssion') | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:6:20:6:50 | localSt ... ssion') | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:6:20:6:50 | localSt ... ssion') | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:6:20:6:50 | localSt ... ssion') | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:6:41:6:49 | 'session' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:6:41:6:49 | 'session' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:6:41:6:49 | 'session' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:6:41:6:49 | 'session' | NosqlInjection | notASinkReason | ReceiverStorage | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:6:41:6:49 | 'session' | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:6:41:6:49 | 'session' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:6:41:6:49 | 'session' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:6:41:6:49 | 'session' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:6:41:6:49 | 'session' | SqlInjection | notASinkReason | ReceiverStorage | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:6:41:6:49 | 'session' | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:6:41:6:49 | 'session' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:6:41:6:49 | 'session' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:6:41:6:49 | 'session' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:6:41:6:49 | 'session' | TaintedPath | notASinkReason | ReceiverStorage | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:6:41:6:49 | 'session' | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:6:41:6:49 | 'session' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:6:41:6:49 | 'session' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:6:41:6:49 | 'session' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:6:41:6:49 | 'session' | Xss | notASinkReason | ReceiverStorage | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:6:41:6:49 | 'session' | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:7:7:7:12 | 'myId' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:7:7:7:12 | 'myId' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:7:7:7:12 | 'myId' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:7:7:7:12 | 'myId' | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:7:7:7:12 | 'myId' | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:7:7:7:12 | 'myId' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:7:7:7:12 | 'myId' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:7:7:7:12 | 'myId' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:7:7:7:12 | 'myId' | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:7:7:7:12 | 'myId' | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:7:7:7:12 | 'myId' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:7:7:7:12 | 'myId' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:7:7:7:12 | 'myId' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:7:7:7:12 | 'myId' | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:7:7:7:12 | 'myId' | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:7:7:7:12 | 'myId' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:7:7:7:12 | 'myId' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:7:7:7:12 | 'myId' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:7:7:7:12 | 'myId' | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:7:7:7:12 | 'myId' | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:7:20:7:50 | session ... local') | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:7:20:7:50 | session ... local') | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:7:20:7:50 | session ... local') | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:7:20:7:50 | session ... local') | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:7:43:7:49 | 'local' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:7:43:7:49 | 'local' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:7:43:7:49 | 'local' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:7:43:7:49 | 'local' | NosqlInjection | notASinkReason | ReceiverStorage | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:7:43:7:49 | 'local' | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:7:43:7:49 | 'local' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:7:43:7:49 | 'local' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:7:43:7:49 | 'local' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:7:43:7:49 | 'local' | SqlInjection | notASinkReason | ReceiverStorage | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:7:43:7:49 | 'local' | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:7:43:7:49 | 'local' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:7:43:7:49 | 'local' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:7:43:7:49 | 'local' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:7:43:7:49 | 'local' | TaintedPath | notASinkReason | ReceiverStorage | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:7:43:7:49 | 'local' | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:7:43:7:49 | 'local' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:7:43:7:49 | 'local' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:7:43:7:49 | 'local' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:7:43:7:49 | 'local' | Xss | notASinkReason | ReceiverStorage | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:7:43:7:49 | 'local' | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:8:7:8:12 | 'myId' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:8:7:8:12 | 'myId' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:8:7:8:12 | 'myId' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:8:7:8:12 | 'myId' | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:8:7:8:12 | 'myId' | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:8:7:8:12 | 'myId' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:8:7:8:12 | 'myId' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:8:7:8:12 | 'myId' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:8:7:8:12 | 'myId' | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:8:7:8:12 | 'myId' | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:8:7:8:12 | 'myId' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:8:7:8:12 | 'myId' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:8:7:8:12 | 'myId' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:8:7:8:12 | 'myId' | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:8:7:8:12 | 'myId' | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:8:7:8:12 | 'myId' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:8:7:8:12 | 'myId' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:8:7:8:12 | 'myId' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:8:7:8:12 | 'myId' | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:8:7:8:12 | 'myId' | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:8:20:8:48 | localSt ... local') | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:8:20:8:48 | localSt ... local') | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:8:20:8:48 | localSt ... local') | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:8:20:8:48 | localSt ... local') | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:8:41:8:47 | 'local' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:8:41:8:47 | 'local' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:8:41:8:47 | 'local' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:8:41:8:47 | 'local' | NosqlInjection | notASinkReason | ReceiverStorage | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:8:41:8:47 | 'local' | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:8:41:8:47 | 'local' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:8:41:8:47 | 'local' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:8:41:8:47 | 'local' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:8:41:8:47 | 'local' | SqlInjection | notASinkReason | ReceiverStorage | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:8:41:8:47 | 'local' | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:8:41:8:47 | 'local' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:8:41:8:47 | 'local' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:8:41:8:47 | 'local' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:8:41:8:47 | 'local' | TaintedPath | notASinkReason | ReceiverStorage | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:8:41:8:47 | 'local' | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:8:41:8:47 | 'local' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:8:41:8:47 | 'local' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:8:41:8:47 | 'local' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:8:41:8:47 | 'local' | Xss | notASinkReason | ReceiverStorage | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:8:41:8:47 | 'local' | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:10:37:10:43 | 'local' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:10:37:10:43 | 'local' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:10:37:10:43 | 'local' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:10:37:10:43 | 'local' | NosqlInjection | notASinkReason | ReceiverStorage | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:10:37:10:43 | 'local' | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:10:37:10:43 | 'local' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:10:37:10:43 | 'local' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:10:37:10:43 | 'local' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:10:37:10:43 | 'local' | SqlInjection | notASinkReason | ReceiverStorage | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:10:37:10:43 | 'local' | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:10:37:10:43 | 'local' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:10:37:10:43 | 'local' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:10:37:10:43 | 'local' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:10:37:10:43 | 'local' | TaintedPath | notASinkReason | ReceiverStorage | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:10:37:10:43 | 'local' | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:10:37:10:43 | 'local' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:10:37:10:43 | 'local' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:10:37:10:43 | 'local' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:10:37:10:43 | 'local' | Xss | notASinkReason | ReceiverStorage | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:10:37:10:43 | 'local' | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:12:7:12:12 | 'myId' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:12:7:12:12 | 'myId' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:12:7:12:12 | 'myId' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:12:7:12:12 | 'myId' | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:12:7:12:12 | 'myId' | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:12:7:12:12 | 'myId' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:12:7:12:12 | 'myId' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:12:7:12:12 | 'myId' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:12:7:12:12 | 'myId' | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:12:7:12:12 | 'myId' | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:12:7:12:12 | 'myId' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:12:7:12:12 | 'myId' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:12:7:12:12 | 'myId' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:12:7:12:12 | 'myId' | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:12:7:12:12 | 'myId' | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:12:7:12:12 | 'myId' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:12:7:12:12 | 'myId' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:12:7:12:12 | 'myId' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:12:7:12:12 | 'myId' | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:12:7:12:12 | 'myId' | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:12:20:12:31 | "" | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:12:20:12:54 | "" | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:12:20:12:54 | "" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:12:20:12:54 | "" | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:12:35:12:38 | href | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:12:35:12:38 | href | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:12:35:12:38 | href | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:12:35:12:38 | href | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:12:42:12:54 | ">foobar" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:12:42:12:54 | ">foobar" | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:12:42:12:54 | ">foobar" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:12:42:12:54 | ">foobar" | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:14:22:14:25 | "\\"" | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:14:22:14:25 | "\\"" | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:14:22:14:25 | "\\"" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:14:22:14:25 | "\\"" | NosqlInjection | notASinkReason | BuiltinCallName | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:14:22:14:25 | "\\"" | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:14:22:14:25 | "\\"" | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:14:22:14:25 | "\\"" | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:14:22:14:25 | "\\"" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:14:22:14:25 | "\\"" | SqlInjection | notASinkReason | BuiltinCallName | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:14:22:14:25 | "\\"" | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:14:22:14:25 | "\\"" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:14:22:14:25 | "\\"" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:14:22:14:25 | "\\"" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:14:22:14:25 | "\\"" | TaintedPath | notASinkReason | BuiltinCallName | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:14:22:14:25 | "\\"" | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:14:22:14:25 | "\\"" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:14:22:14:25 | "\\"" | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:14:22:14:25 | "\\"" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:14:22:14:25 | "\\"" | Xss | notASinkReason | BuiltinCallName | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:14:22:14:25 | "\\"" | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:17:7:17:12 | 'myId' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:17:7:17:12 | 'myId' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:17:7:17:12 | 'myId' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:17:7:17:12 | 'myId' | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:17:7:17:12 | 'myId' | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:17:7:17:12 | 'myId' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:17:7:17:12 | 'myId' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:17:7:17:12 | 'myId' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:17:7:17:12 | 'myId' | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:17:7:17:12 | 'myId' | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:17:7:17:12 | 'myId' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:17:7:17:12 | 'myId' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:17:7:17:12 | 'myId' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:17:7:17:12 | 'myId' | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:17:7:17:12 | 'myId' | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:17:7:17:12 | 'myId' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:17:7:17:12 | 'myId' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:17:7:17:12 | 'myId' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:17:7:17:12 | 'myId' | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:17:7:17:12 | 'myId' | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:17:20:17:31 | "" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:17:20:17:45 | "" | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:17:20:17:45 | "" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:17:20:17:45 | "" | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:17:35:17:38 | href | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:17:35:17:38 | href | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:17:35:17:38 | href | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:17:35:17:38 | href | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:17:42:17:45 | "/>" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:17:42:17:45 | "/>" | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:17:42:17:45 | "/>" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:17:42:17:45 | "/>" | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:19:38:19:44 | 'local' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:19:38:19:44 | 'local' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:19:38:19:44 | 'local' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:19:38:19:44 | 'local' | NosqlInjection | notASinkReason | ReceiverStorage | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:19:38:19:44 | 'local' | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:19:38:19:44 | 'local' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:19:38:19:44 | 'local' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:19:38:19:44 | 'local' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:19:38:19:44 | 'local' | SqlInjection | notASinkReason | ReceiverStorage | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:19:38:19:44 | 'local' | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:19:38:19:44 | 'local' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:19:38:19:44 | 'local' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:19:38:19:44 | 'local' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:19:38:19:44 | 'local' | TaintedPath | notASinkReason | ReceiverStorage | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:19:38:19:44 | 'local' | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:19:38:19:44 | 'local' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:19:38:19:44 | 'local' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:19:38:19:44 | 'local' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:19:38:19:44 | 'local' | Xss | notASinkReason | ReceiverStorage | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:19:38:19:44 | 'local' | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:20:23:20:26 | "\\"" | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:20:23:20:26 | "\\"" | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:20:23:20:26 | "\\"" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:20:23:20:26 | "\\"" | NosqlInjection | notASinkReason | BuiltinCallName | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:20:23:20:26 | "\\"" | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:20:23:20:26 | "\\"" | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:20:23:20:26 | "\\"" | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:20:23:20:26 | "\\"" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:20:23:20:26 | "\\"" | SqlInjection | notASinkReason | BuiltinCallName | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:20:23:20:26 | "\\"" | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:20:23:20:26 | "\\"" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:20:23:20:26 | "\\"" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:20:23:20:26 | "\\"" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:20:23:20:26 | "\\"" | TaintedPath | notASinkReason | BuiltinCallName | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:20:23:20:26 | "\\"" | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:20:23:20:26 | "\\"" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:20:23:20:26 | "\\"" | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:20:23:20:26 | "\\"" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:20:23:20:26 | "\\"" | Xss | notASinkReason | BuiltinCallName | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:20:23:20:26 | "\\"" | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:23:7:23:12 | 'myId' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:23:7:23:12 | 'myId' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:23:7:23:12 | 'myId' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:23:7:23:12 | 'myId' | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:23:7:23:12 | 'myId' | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:23:7:23:12 | 'myId' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:23:7:23:12 | 'myId' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:23:7:23:12 | 'myId' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:23:7:23:12 | 'myId' | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:23:7:23:12 | 'myId' | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:23:7:23:12 | 'myId' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:23:7:23:12 | 'myId' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:23:7:23:12 | 'myId' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:23:7:23:12 | 'myId' | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:23:7:23:12 | 'myId' | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:23:7:23:12 | 'myId' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:23:7:23:12 | 'myId' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:23:7:23:12 | 'myId' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:23:7:23:12 | 'myId' | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:23:7:23:12 | 'myId' | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:23:20:23:33 | "\\n" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:23:20:23:57 | "\\n" | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:23:20:23:57 | "\\n" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:23:20:23:57 | "\\n" | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:23:37:23:41 | href2 | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:23:37:23:41 | href2 | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:23:37:23:41 | href2 | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:23:37:23:41 | href2 | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:23:45:23:57 | ">foobar" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:23:45:23:57 | ">foobar" | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:23:45:23:57 | ">foobar" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:23:45:23:57 | ">foobar" | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:25:38:25:44 | 'local' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:25:38:25:44 | 'local' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:25:38:25:44 | 'local' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:25:38:25:44 | 'local' | NosqlInjection | notASinkReason | ReceiverStorage | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:25:38:25:44 | 'local' | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:25:38:25:44 | 'local' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:25:38:25:44 | 'local' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:25:38:25:44 | 'local' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:25:38:25:44 | 'local' | SqlInjection | notASinkReason | ReceiverStorage | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:25:38:25:44 | 'local' | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:25:38:25:44 | 'local' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:25:38:25:44 | 'local' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:25:38:25:44 | 'local' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:25:38:25:44 | 'local' | TaintedPath | notASinkReason | ReceiverStorage | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:25:38:25:44 | 'local' | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:25:38:25:44 | 'local' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:25:38:25:44 | 'local' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:25:38:25:44 | 'local' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:25:38:25:44 | 'local' | Xss | notASinkReason | ReceiverStorage | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:25:38:25:44 | 'local' | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:26:23:26:26 | "\\"" | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:26:23:26:26 | "\\"" | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:26:23:26:26 | "\\"" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:26:23:26:26 | "\\"" | NosqlInjection | notASinkReason | BuiltinCallName | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:26:23:26:26 | "\\"" | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:26:23:26:26 | "\\"" | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:26:23:26:26 | "\\"" | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:26:23:26:26 | "\\"" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:26:23:26:26 | "\\"" | SqlInjection | notASinkReason | BuiltinCallName | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:26:23:26:26 | "\\"" | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:26:23:26:26 | "\\"" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:26:23:26:26 | "\\"" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:26:23:26:26 | "\\"" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:26:23:26:26 | "\\"" | TaintedPath | notASinkReason | BuiltinCallName | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:26:23:26:26 | "\\"" | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:26:23:26:26 | "\\"" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:26:23:26:26 | "\\"" | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:26:23:26:26 | "\\"" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:26:23:26:26 | "\\"" | Xss | notASinkReason | BuiltinCallName | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:26:23:26:26 | "\\"" | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:29:7:29:12 | 'myId' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:29:7:29:12 | 'myId' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:29:7:29:12 | 'myId' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:29:7:29:12 | 'myId' | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:29:7:29:12 | 'myId' | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:29:7:29:12 | 'myId' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:29:7:29:12 | 'myId' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:29:7:29:12 | 'myId' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:29:7:29:12 | 'myId' | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:29:7:29:12 | 'myId' | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:29:7:29:12 | 'myId' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:29:7:29:12 | 'myId' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:29:7:29:12 | 'myId' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:29:7:29:12 | 'myId' | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:29:7:29:12 | 'myId' | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:29:7:29:12 | 'myId' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:29:7:29:12 | 'myId' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:29:7:29:12 | 'myId' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:29:7:29:12 | 'myId' | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:29:7:29:12 | 'myId' | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:29:20:29:35 | '\\r\\n' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:29:20:29:73 | '\\r\\n' | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:29:20:29:73 | '\\r\\n' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:29:20:29:73 | '\\r\\n' | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:29:39:29:43 | href3 | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:29:39:29:43 | href3 | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:29:39:29:43 | href3 | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:29:39:29:43 | href3 | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:29:47:29:50 | '">' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:29:47:29:50 | '">' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:29:47:29:50 | '">' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:29:47:29:50 | '">' | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:29:54:29:64 | "something" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:29:54:29:64 | "something" | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:29:54:29:64 | "something" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:29:54:29:64 | "something" | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/stored-xss.js:29:68:29:73 | '' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:29:68:29:73 | '' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:29:68:29:73 | '' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/stored-xss.js:29:68:29:73 | '' | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:1:16:1:51 | documen ... deAt(0) | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:1:16:1:51 | documen ... deAt(0) | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:1:16:1:51 | documen ... deAt(0) | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:1:16:1:51 | documen ... deAt(0) | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:1:50:1:50 | 0 | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:1:50:1:50 | 0 | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:1:50:1:50 | 0 | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:1:50:1:50 | 0 | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:1:50:1:50 | 0 | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:1:50:1:50 | 0 | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:1:50:1:50 | 0 | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:1:50:1:50 | 0 | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:1:50:1:50 | 0 | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:1:50:1:50 | 0 | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:1:50:1:50 | 0 | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:1:50:1:50 | 0 | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:1:50:1:50 | 0 | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:1:50:1:50 | 0 | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:1:50:1:50 | 0 | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:1:50:1:50 | 0 | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:3:16:3:32 | document.location | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:3:16:3:32 | document.location | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:3:16:3:32 | document.location | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:3:16:3:32 | document.location | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:4:16:4:37 | documen ... on.href | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:4:16:4:37 | documen ... on.href | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:4:16:4:37 | documen ... on.href | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:4:16:4:37 | documen ... on.href | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:5:16:5:47 | documen ... lueOf() | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:5:16:5:47 | documen ... lueOf() | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:5:16:5:47 | documen ... lueOf() | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:5:16:5:47 | documen ... lueOf() | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:6:16:6:43 | documen ... f.sup() | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:6:16:6:43 | documen ... f.sup() | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:6:16:6:43 | documen ... f.sup() | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:6:16:6:43 | documen ... f.sup() | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:7:16:7:51 | documen ... rCase() | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:7:16:7:51 | documen ... rCase() | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:7:16:7:51 | documen ... rCase() | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:7:16:7:51 | documen ... rCase() | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:8:16:8:48 | documen ... mLeft() | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:8:16:8:48 | documen ... mLeft() | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:8:16:8:48 | documen ... mLeft() | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:8:16:8:48 | documen ... mLeft() | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:9:16:9:58 | String. ... n.href) | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:9:16:9:58 | String. ... n.href) | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:9:16:9:58 | String. ... n.href) | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:9:16:9:58 | String. ... n.href) | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:10:16:10:45 | String( ... n.href) | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:10:16:10:45 | String( ... n.href) | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:10:16:10:45 | String( ... n.href) | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:10:16:10:45 | String( ... n.href) | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:11:16:11:45 | escape( ... n.href) | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:11:16:11:45 | escape( ... n.href) | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:11:16:11:45 | escape( ... n.href) | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:11:16:11:45 | escape( ... n.href) | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:12:16:12:61 | escape( ... href))) | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:12:16:12:61 | escape( ... href))) | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:12:16:12:61 | escape( ... href))) | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:12:16:12:61 | escape( ... href))) | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/translate.js:7:59:7:59 | 1 | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/translate.js:7:59:7:59 | 1 | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/translate.js:7:59:7:59 | 1 | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/translate.js:7:59:7:59 | 1 | NosqlInjection | notASinkReason | BuiltinCallName | string | -| autogenerated/Xss/DomBasedXss/translate.js:7:59:7:59 | 1 | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/translate.js:7:59:7:59 | 1 | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/translate.js:7:59:7:59 | 1 | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/translate.js:7:59:7:59 | 1 | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/translate.js:7:59:7:59 | 1 | SqlInjection | notASinkReason | BuiltinCallName | string | -| autogenerated/Xss/DomBasedXss/translate.js:7:59:7:59 | 1 | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/translate.js:7:59:7:59 | 1 | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/translate.js:7:59:7:59 | 1 | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/translate.js:7:59:7:59 | 1 | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/translate.js:7:59:7:59 | 1 | TaintedPath | notASinkReason | BuiltinCallName | string | -| autogenerated/Xss/DomBasedXss/translate.js:7:59:7:59 | 1 | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/translate.js:7:59:7:59 | 1 | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/translate.js:7:59:7:59 | 1 | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/translate.js:7:59:7:59 | 1 | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/translate.js:7:59:7:59 | 1 | Xss | notASinkReason | BuiltinCallName | string | -| autogenerated/Xss/DomBasedXss/translate.js:7:59:7:59 | 1 | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/translate.js:9:5:9:19 | 'original-term' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/translate.js:9:5:9:19 | 'original-term' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/translate.js:9:5:9:19 | 'original-term' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/translate.js:9:5:9:19 | 'original-term' | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/translate.js:9:5:9:19 | 'original-term' | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/translate.js:9:5:9:19 | 'original-term' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/translate.js:9:5:9:19 | 'original-term' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/translate.js:9:5:9:19 | 'original-term' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/translate.js:9:5:9:19 | 'original-term' | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/translate.js:9:5:9:19 | 'original-term' | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/translate.js:9:5:9:19 | 'original-term' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/translate.js:9:5:9:19 | 'original-term' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/translate.js:9:5:9:19 | 'original-term' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/translate.js:9:5:9:19 | 'original-term' | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/translate.js:9:5:9:19 | 'original-term' | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/translate.js:9:5:9:19 | 'original-term' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/translate.js:9:5:9:19 | 'original-term' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/translate.js:9:5:9:19 | 'original-term' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/translate.js:9:5:9:19 | 'original-term' | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/translate.js:9:5:9:19 | 'original-term' | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/translate.js:9:27:9:50 | searchP ... 'term') | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/translate.js:9:27:9:50 | searchP ... 'term') | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/translate.js:9:27:9:50 | searchP ... 'term') | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/translate.js:9:27:9:50 | searchP ... 'term') | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/translate.js:9:44:9:49 | 'term' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/translate.js:9:44:9:49 | 'term' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/translate.js:9:44:9:49 | 'term' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/translate.js:9:44:9:49 | 'term' | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/translate.js:9:44:9:49 | 'term' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/translate.js:9:44:9:49 | 'term' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/translate.js:9:44:9:49 | 'term' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/translate.js:9:44:9:49 | 'term' | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/translate.js:9:44:9:49 | 'term' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/translate.js:9:44:9:49 | 'term' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/translate.js:9:44:9:49 | 'term' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/translate.js:9:44:9:49 | 'term' | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/translate.js:9:44:9:49 | 'term' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/translate.js:9:44:9:49 | 'term' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/translate.js:9:44:9:49 | 'term' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/translate.js:9:44:9:49 | 'term' | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/translate.js:11:5:11:21 | 'translated-term' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/translate.js:11:5:11:21 | 'translated-term' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/translate.js:11:5:11:21 | 'translated-term' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/translate.js:11:5:11:21 | 'translated-term' | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/translate.js:11:5:11:21 | 'translated-term' | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/translate.js:11:5:11:21 | 'translated-term' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/translate.js:11:5:11:21 | 'translated-term' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/translate.js:11:5:11:21 | 'translated-term' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/translate.js:11:5:11:21 | 'translated-term' | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/translate.js:11:5:11:21 | 'translated-term' | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/translate.js:11:5:11:21 | 'translated-term' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/translate.js:11:5:11:21 | 'translated-term' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/translate.js:11:5:11:21 | 'translated-term' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/translate.js:11:5:11:21 | 'translated-term' | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/translate.js:11:5:11:21 | 'translated-term' | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/translate.js:11:5:11:21 | 'translated-term' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/translate.js:11:5:11:21 | 'translated-term' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/translate.js:11:5:11:21 | 'translated-term' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/translate.js:11:5:11:21 | 'translated-term' | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/translate.js:11:5:11:21 | 'translated-term' | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/translate.js:11:29:11:63 | transla ... term')] | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/translate.js:11:29:11:63 | transla ... term')] | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/translate.js:11:29:11:63 | transla ... term')] | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/translate.js:11:29:11:63 | transla ... term')] | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/translate.js:11:56:11:61 | 'term' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/translate.js:11:56:11:61 | 'term' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/translate.js:11:56:11:61 | 'term' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/translate.js:11:56:11:61 | 'term' | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/translate.js:11:56:11:61 | 'term' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/translate.js:11:56:11:61 | 'term' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/translate.js:11:56:11:61 | 'term' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/translate.js:11:56:11:61 | 'term' | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/translate.js:11:56:11:61 | 'term' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/translate.js:11:56:11:61 | 'term' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/translate.js:11:56:11:61 | 'term' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/translate.js:11:56:11:61 | 'term' | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/translate.js:11:56:11:61 | 'term' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/translate.js:11:56:11:61 | 'term' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/translate.js:11:56:11:61 | 'term' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/translate.js:11:56:11:61 | 'term' | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst3.js:1:35:1:39 | "foo" | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst3.js:1:35:1:39 | "foo" | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst3.js:1:35:1:39 | "foo" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst3.js:1:35:1:39 | "foo" | NosqlInjection | notASinkReason | DOM | string | -| autogenerated/Xss/DomBasedXss/tst3.js:1:35:1:39 | "foo" | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst3.js:1:35:1:39 | "foo" | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst3.js:1:35:1:39 | "foo" | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst3.js:1:35:1:39 | "foo" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst3.js:1:35:1:39 | "foo" | SqlInjection | notASinkReason | DOM | string | -| autogenerated/Xss/DomBasedXss/tst3.js:1:35:1:39 | "foo" | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst3.js:1:35:1:39 | "foo" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst3.js:1:35:1:39 | "foo" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst3.js:1:35:1:39 | "foo" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst3.js:1:35:1:39 | "foo" | TaintedPath | notASinkReason | DOM | string | -| autogenerated/Xss/DomBasedXss/tst3.js:1:35:1:39 | "foo" | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst3.js:1:35:1:39 | "foo" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst3.js:1:35:1:39 | "foo" | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst3.js:1:35:1:39 | "foo" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst3.js:1:35:1:39 | "foo" | Xss | notASinkReason | DOM | string | -| autogenerated/Xss/DomBasedXss/tst3.js:1:35:1:39 | "foo" | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst3.js:2:72:2:72 | 1 | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst3.js:2:72:2:72 | 1 | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst3.js:2:72:2:72 | 1 | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst3.js:2:72:2:72 | 1 | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst3.js:2:72:2:72 | 1 | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst3.js:2:72:2:72 | 1 | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst3.js:2:72:2:72 | 1 | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst3.js:2:72:2:72 | 1 | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst3.js:2:72:2:72 | 1 | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst3.js:2:72:2:72 | 1 | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst3.js:2:72:2:72 | 1 | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst3.js:2:72:2:72 | 1 | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst3.js:2:72:2:72 | 1 | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst3.js:2:72:2:72 | 1 | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst3.js:2:72:2:72 | 1 | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst3.js:2:72:2:72 | 1 | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst3.js:4:25:4:32 | data.src | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/tst3.js:4:25:4:32 | data.src | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst3.js:4:25:4:32 | data.src | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst3.js:4:25:4:32 | data.src | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/tst3.js:5:26:5:31 | data.p | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/tst3.js:5:26:5:31 | data.p | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst3.js:5:26:5:31 | data.p | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst3.js:5:26:5:31 | data.p | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/tst3.js:6:18:6:24 | "width" | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst3.js:6:18:6:24 | "width" | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst3.js:6:18:6:24 | "width" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst3.js:6:18:6:24 | "width" | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst3.js:6:18:6:24 | "width" | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst3.js:6:18:6:24 | "width" | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst3.js:6:18:6:24 | "width" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst3.js:6:18:6:24 | "width" | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst3.js:6:18:6:24 | "width" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst3.js:6:18:6:24 | "width" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst3.js:6:18:6:24 | "width" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst3.js:6:18:6:24 | "width" | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst3.js:6:18:6:24 | "width" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst3.js:6:18:6:24 | "width" | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst3.js:6:18:6:24 | "width" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst3.js:6:18:6:24 | "width" | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst3.js:6:27:6:32 | data.w | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/tst3.js:6:27:6:32 | data.w | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst3.js:6:27:6:32 | data.w | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst3.js:6:27:6:32 | data.w | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst3.js:6:27:6:32 | data.w | SqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/tst3.js:6:27:6:32 | data.w | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst3.js:6:27:6:32 | data.w | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst3.js:6:27:6:32 | data.w | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst3.js:6:27:6:32 | data.w | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst3.js:6:27:6:32 | data.w | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst3.js:6:27:6:32 | data.w | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst3.js:6:27:6:32 | data.w | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst3.js:6:27:6:32 | data.w | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/tst3.js:6:27:6:32 | data.w | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst3.js:6:27:6:32 | data.w | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst3.js:6:27:6:32 | data.w | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst3.js:7:32:7:37 | data.p | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/tst3.js:7:32:7:37 | data.p | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst3.js:7:32:7:37 | data.p | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst3.js:7:32:7:37 | data.p | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/tst3.js:9:37:9:42 | data.p | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/tst3.js:9:37:9:42 | data.p | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst3.js:9:37:9:42 | data.p | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst3.js:9:37:9:42 | data.p | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/tst3.js:10:38:10:43 | data.p | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/tst3.js:10:38:10:43 | data.p | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst3.js:10:38:10:43 | data.p | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst3.js:10:38:10:43 | data.p | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/tst3.js:11:20:11:24 | 'baz' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst3.js:11:20:11:24 | 'baz' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst3.js:11:20:11:24 | 'baz' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst3.js:11:20:11:24 | 'baz' | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst3.js:11:20:11:24 | 'baz' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst3.js:11:20:11:24 | 'baz' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst3.js:11:20:11:24 | 'baz' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst3.js:11:20:11:24 | 'baz' | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst3.js:11:20:11:24 | 'baz' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst3.js:11:20:11:24 | 'baz' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst3.js:11:20:11:24 | 'baz' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst3.js:11:20:11:24 | 'baz' | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst3.js:11:20:11:24 | 'baz' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst3.js:11:20:11:24 | 'baz' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst3.js:11:20:11:24 | 'baz' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst3.js:11:20:11:24 | 'baz' | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst3.js:11:27:11:33 | 'width' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst3.js:11:27:11:33 | 'width' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst3.js:11:27:11:33 | 'width' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst3.js:11:27:11:33 | 'width' | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst3.js:11:27:11:33 | 'width' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst3.js:11:27:11:33 | 'width' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst3.js:11:27:11:33 | 'width' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst3.js:11:27:11:33 | 'width' | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst3.js:11:27:11:33 | 'width' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst3.js:11:27:11:33 | 'width' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst3.js:11:27:11:33 | 'width' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst3.js:11:27:11:33 | 'width' | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst3.js:11:27:11:33 | 'width' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst3.js:11:27:11:33 | 'width' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst3.js:11:27:11:33 | 'width' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst3.js:11:27:11:33 | 'width' | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst3.js:11:36:11:41 | data.w | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/tst3.js:11:36:11:41 | data.w | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst3.js:11:36:11:41 | data.w | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst3.js:11:36:11:41 | data.w | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst3.js:11:36:11:41 | data.w | SqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/tst3.js:11:36:11:41 | data.w | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst3.js:11:36:11:41 | data.w | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst3.js:11:36:11:41 | data.w | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst3.js:11:36:11:41 | data.w | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst3.js:11:36:11:41 | data.w | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst3.js:11:36:11:41 | data.w | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst3.js:11:36:11:41 | data.w | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst3.js:11:36:11:41 | data.w | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/tst3.js:11:36:11:41 | data.w | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst3.js:11:36:11:41 | data.w | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst3.js:11:36:11:41 | data.w | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst3.js:15:20:15:20 | p | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst3.js:15:20:15:20 | p | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst3.js:15:20:15:20 | p | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst3.js:15:20:15:20 | p | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst3.js:15:20:15:20 | p | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst3.js:15:20:15:20 | p | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst3.js:15:20:15:20 | p | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst3.js:15:20:15:20 | p | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst3.js:15:20:15:20 | p | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst3.js:15:20:15:20 | p | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst3.js:15:20:15:20 | p | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst3.js:15:20:15:20 | p | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst3.js:15:20:15:20 | p | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst3.js:15:20:15:20 | p | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst3.js:15:20:15:20 | p | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst3.js:15:20:15:20 | p | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst3.js:15:23:15:29 | data[p] | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/tst3.js:15:23:15:29 | data[p] | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst3.js:15:23:15:29 | data[p] | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst3.js:15:23:15:29 | data[p] | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst3.js:15:23:15:29 | data[p] | SqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/tst3.js:15:23:15:29 | data[p] | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst3.js:15:23:15:29 | data[p] | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst3.js:15:23:15:29 | data[p] | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst3.js:15:23:15:29 | data[p] | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst3.js:15:23:15:29 | data[p] | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst3.js:15:23:15:29 | data[p] | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst3.js:15:23:15:29 | data[p] | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst3.js:15:23:15:29 | data[p] | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/tst3.js:15:23:15:29 | data[p] | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst3.js:15:23:15:29 | data[p] | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst3.js:15:23:15:29 | data[p] | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:5:5:5:10 | 'myId' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:5:5:5:10 | 'myId' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:5:5:5:10 | 'myId' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:5:5:5:10 | 'myId' | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/tst.js:5:5:5:10 | 'myId' | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:5:5:5:10 | 'myId' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:5:5:5:10 | 'myId' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:5:5:5:10 | 'myId' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:5:5:5:10 | 'myId' | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/tst.js:5:5:5:10 | 'myId' | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:5:5:5:10 | 'myId' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:5:5:5:10 | 'myId' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:5:5:5:10 | 'myId' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:5:5:5:10 | 'myId' | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/tst.js:5:5:5:10 | 'myId' | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:5:5:5:10 | 'myId' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:5:5:5:10 | 'myId' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:5:5:5:10 | 'myId' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:5:5:5:10 | 'myId' | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/tst.js:5:5:5:10 | 'myId' | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:5:18:5:23 | target | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:5:18:5:23 | target | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:5:18:5:23 | target | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:5:18:5:23 | target | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/tst.js:8:18:8:35 | "" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:8:116:8:126 | "" | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:8:116:8:126 | "" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:8:116:8:126 | "" | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:9:18:9:51 | "" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:9:18:9:51 | "" | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:9:18:9:51 | "" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:9:18:9:51 | "" | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/tst.js:12:5:12:24 | '
    ' | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:12:5:12:42 | '
    ' | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:12:5:12:42 | '
    ' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:12:5:12:42 | '
    ' | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/tst.js:12:28:12:33 | target | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:12:28:12:33 | target | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:12:28:12:33 | target | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:12:28:12:33 | target | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:12:37:12:42 | 'px">' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:12:37:12:42 | 'px">' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:12:37:12:42 | 'px">' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:12:37:12:42 | 'px">' | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:14:5:14:24 | '
    ' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:14:5:14:43 | '
    ' | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:14:5:14:43 | '
    ' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:14:5:14:43 | '
    ' | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/tst.js:14:28:14:34 | +target | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:14:28:14:34 | +target | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:14:28:14:34 | +target | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:14:28:14:34 | +target | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:14:38:14:43 | 'px">' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:14:38:14:43 | 'px">' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:14:38:14:43 | 'px">' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:14:38:14:43 | 'px">' | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:15:5:15:24 | '
    ' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:15:5:15:52 | '
    ' | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:15:5:15:52 | '
    ' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:15:5:15:52 | '
    ' | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/tst.js:15:28:15:43 | parseInt(target) | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:15:28:15:43 | parseInt(target) | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:15:28:15:43 | parseInt(target) | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:15:28:15:43 | parseInt(target) | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:15:37:15:42 | target | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:15:37:15:42 | target | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:15:37:15:42 | target | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:15:37:15:42 | target | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:15:37:15:42 | target | SqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:15:37:15:42 | target | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:15:37:15:42 | target | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:15:37:15:42 | target | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:15:37:15:42 | target | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:15:37:15:42 | target | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:15:37:15:42 | target | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:15:37:15:42 | target | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:15:37:15:42 | target | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:15:37:15:42 | target | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:15:37:15:42 | target | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:15:37:15:42 | target | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:15:47:15:52 | 'px">' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:15:47:15:52 | 'px">' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:15:47:15:52 | 'px">' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:15:47:15:52 | 'px">' | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:18:5:18:10 | 'name' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:18:5:18:10 | 'name' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:18:5:18:10 | 'name' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:18:5:18:10 | 'name' | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/tst.js:18:5:18:10 | 'name' | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:18:5:18:10 | 'name' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:18:5:18:10 | 'name' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:18:5:18:10 | 'name' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:18:5:18:10 | 'name' | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/tst.js:18:5:18:10 | 'name' | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:18:5:18:10 | 'name' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:18:5:18:10 | 'name' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:18:5:18:10 | 'name' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:18:5:18:10 | 'name' | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/tst.js:18:5:18:10 | 'name' | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:18:5:18:10 | 'name' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:18:5:18:10 | 'name' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:18:5:18:10 | 'name' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:18:5:18:10 | 'name' | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/tst.js:18:5:18:10 | 'name' | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:18:18:18:35 | params.get('name') | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:18:18:18:35 | params.get('name') | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:18:18:18:35 | params.get('name') | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:18:18:18:35 | params.get('name') | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/tst.js:18:29:18:34 | 'name' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:18:29:18:34 | 'name' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:18:29:18:34 | 'name' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:18:29:18:34 | 'name' | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:18:29:18:34 | 'name' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:18:29:18:34 | 'name' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:18:29:18:34 | 'name' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:18:29:18:34 | 'name' | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:18:29:18:34 | 'name' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:18:29:18:34 | 'name' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:18:29:18:34 | 'name' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:18:29:18:34 | 'name' | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:18:29:18:34 | 'name' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:18:29:18:34 | 'name' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:18:29:18:34 | 'name' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:18:29:18:34 | 'name' | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:20:59:20:59 | 1 | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:20:59:20:59 | 1 | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:20:59:20:59 | 1 | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:20:59:20:59 | 1 | NosqlInjection | notASinkReason | BuiltinCallName | string | -| autogenerated/Xss/DomBasedXss/tst.js:20:59:20:59 | 1 | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:20:59:20:59 | 1 | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:20:59:20:59 | 1 | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:20:59:20:59 | 1 | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:20:59:20:59 | 1 | SqlInjection | notASinkReason | BuiltinCallName | string | -| autogenerated/Xss/DomBasedXss/tst.js:20:59:20:59 | 1 | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:20:59:20:59 | 1 | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:20:59:20:59 | 1 | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:20:59:20:59 | 1 | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:20:59:20:59 | 1 | TaintedPath | notASinkReason | BuiltinCallName | string | -| autogenerated/Xss/DomBasedXss/tst.js:20:59:20:59 | 1 | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:20:59:20:59 | 1 | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:20:59:20:59 | 1 | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:20:59:20:59 | 1 | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:20:59:20:59 | 1 | Xss | notASinkReason | BuiltinCallName | string | -| autogenerated/Xss/DomBasedXss/tst.js:20:59:20:59 | 1 | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:21:5:21:10 | 'name' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:21:5:21:10 | 'name' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:21:5:21:10 | 'name' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:21:5:21:10 | 'name' | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/tst.js:21:5:21:10 | 'name' | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:21:5:21:10 | 'name' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:21:5:21:10 | 'name' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:21:5:21:10 | 'name' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:21:5:21:10 | 'name' | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/tst.js:21:5:21:10 | 'name' | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:21:5:21:10 | 'name' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:21:5:21:10 | 'name' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:21:5:21:10 | 'name' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:21:5:21:10 | 'name' | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/tst.js:21:5:21:10 | 'name' | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:21:5:21:10 | 'name' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:21:5:21:10 | 'name' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:21:5:21:10 | 'name' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:21:5:21:10 | 'name' | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/tst.js:21:5:21:10 | 'name' | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:21:18:21:41 | searchP ... 'name') | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:21:18:21:41 | searchP ... 'name') | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:21:18:21:41 | searchP ... 'name') | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:21:18:21:41 | searchP ... 'name') | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/tst.js:21:35:21:40 | 'name' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:21:35:21:40 | 'name' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:21:35:21:40 | 'name' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:21:35:21:40 | 'name' | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:21:35:21:40 | 'name' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:21:35:21:40 | 'name' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:21:35:21:40 | 'name' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:21:35:21:40 | 'name' | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:21:35:21:40 | 'name' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:21:35:21:40 | 'name' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:21:35:21:40 | 'name' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:21:35:21:40 | 'name' | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:21:35:21:40 | 'name' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:21:35:21:40 | 'name' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:21:35:21:40 | 'name' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:21:35:21:40 | 'name' | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:26:5:26:10 | 'myId' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:26:5:26:10 | 'myId' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:26:5:26:10 | 'myId' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:26:5:26:10 | 'myId' | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/tst.js:26:5:26:10 | 'myId' | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:26:5:26:10 | 'myId' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:26:5:26:10 | 'myId' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:26:5:26:10 | 'myId' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:26:5:26:10 | 'myId' | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/tst.js:26:5:26:10 | 'myId' | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:26:5:26:10 | 'myId' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:26:5:26:10 | 'myId' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:26:5:26:10 | 'myId' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:26:5:26:10 | 'myId' | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/tst.js:26:5:26:10 | 'myId' | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:26:5:26:10 | 'myId' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:26:5:26:10 | 'myId' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:26:5:26:10 | 'myId' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:26:5:26:10 | 'myId' | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/tst.js:26:5:26:10 | 'myId' | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:26:18:26:23 | target | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:26:18:26:23 | target | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:26:18:26:23 | target | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:26:18:26:23 | target | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/tst.js:34:3:34:8 | 'myId' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:34:3:34:8 | 'myId' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:34:3:34:8 | 'myId' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:34:3:34:8 | 'myId' | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/tst.js:34:3:34:8 | 'myId' | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:34:3:34:8 | 'myId' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:34:3:34:8 | 'myId' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:34:3:34:8 | 'myId' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:34:3:34:8 | 'myId' | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/tst.js:34:3:34:8 | 'myId' | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:34:3:34:8 | 'myId' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:34:3:34:8 | 'myId' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:34:3:34:8 | 'myId' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:34:3:34:8 | 'myId' | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/tst.js:34:3:34:8 | 'myId' | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:34:3:34:8 | 'myId' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:34:3:34:8 | 'myId' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:34:3:34:8 | 'myId' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:34:3:34:8 | 'myId' | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/tst.js:34:3:34:8 | 'myId' | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:34:16:34:20 | bar() | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:34:16:34:20 | bar() | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:34:16:34:20 | bar() | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:34:16:34:20 | bar() | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/tst.js:40:3:40:8 | 'myId' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:40:3:40:8 | 'myId' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:40:3:40:8 | 'myId' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:40:3:40:8 | 'myId' | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/tst.js:40:3:40:8 | 'myId' | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:40:3:40:8 | 'myId' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:40:3:40:8 | 'myId' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:40:3:40:8 | 'myId' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:40:3:40:8 | 'myId' | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/tst.js:40:3:40:8 | 'myId' | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:40:3:40:8 | 'myId' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:40:3:40:8 | 'myId' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:40:3:40:8 | 'myId' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:40:3:40:8 | 'myId' | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/tst.js:40:3:40:8 | 'myId' | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:40:3:40:8 | 'myId' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:40:3:40:8 | 'myId' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:40:3:40:8 | 'myId' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:40:3:40:8 | 'myId' | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/tst.js:40:3:40:8 | 'myId' | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:40:16:40:44 | baz(doc ... search) | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:40:16:40:44 | baz(doc ... search) | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:40:16:40:44 | baz(doc ... search) | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:40:16:40:44 | baz(doc ... search) | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/tst.js:40:20:40:43 | documen ... .search | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:40:20:40:43 | documen ... .search | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:40:20:40:43 | documen ... .search | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:40:20:40:43 | documen ... .search | NosqlInjection | notASinkReason | DOM | string | -| autogenerated/Xss/DomBasedXss/tst.js:40:20:40:43 | documen ... .search | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:40:20:40:43 | documen ... .search | SqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:40:20:40:43 | documen ... .search | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:40:20:40:43 | documen ... .search | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:40:20:40:43 | documen ... .search | SqlInjection | notASinkReason | DOM | string | -| autogenerated/Xss/DomBasedXss/tst.js:40:20:40:43 | documen ... .search | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:40:20:40:43 | documen ... .search | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:40:20:40:43 | documen ... .search | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:40:20:40:43 | documen ... .search | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:40:20:40:43 | documen ... .search | TaintedPath | notASinkReason | DOM | string | -| autogenerated/Xss/DomBasedXss/tst.js:40:20:40:43 | documen ... .search | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:40:20:40:43 | documen ... .search | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:40:20:40:43 | documen ... .search | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:40:20:40:43 | documen ... .search | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:40:20:40:43 | documen ... .search | Xss | notASinkReason | DOM | string | -| autogenerated/Xss/DomBasedXss/tst.js:40:20:40:43 | documen ... .search | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:43:10:43:16 | "
    " | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:43:10:43:16 | "
    " | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:43:10:43:16 | "
    " | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:43:10:43:16 | "
    " | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:43:20:43:20 | s | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:43:20:43:20 | s | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:43:20:43:20 | s | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:43:20:43:20 | s | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:43:24:43:31 | "
    " | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:43:24:43:31 | "
    " | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:43:24:43:31 | "
    " | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:43:24:43:31 | "
    " | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:46:3:46:8 | 'myId' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:46:3:46:8 | 'myId' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:46:3:46:8 | 'myId' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:46:3:46:8 | 'myId' | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/tst.js:46:3:46:8 | 'myId' | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:46:3:46:8 | 'myId' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:46:3:46:8 | 'myId' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:46:3:46:8 | 'myId' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:46:3:46:8 | 'myId' | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/tst.js:46:3:46:8 | 'myId' | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:46:3:46:8 | 'myId' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:46:3:46:8 | 'myId' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:46:3:46:8 | 'myId' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:46:3:46:8 | 'myId' | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/tst.js:46:3:46:8 | 'myId' | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:46:3:46:8 | 'myId' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:46:3:46:8 | 'myId' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:46:3:46:8 | 'myId' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:46:3:46:8 | 'myId' | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/tst.js:46:3:46:8 | 'myId' | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:46:16:46:45 | wrap(do ... search) | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:46:16:46:45 | wrap(do ... search) | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:46:16:46:45 | wrap(do ... search) | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:46:16:46:45 | wrap(do ... search) | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/tst.js:50:21:50:21 | 1 | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:50:21:50:21 | 1 | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:50:21:50:21 | 1 | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:50:21:50:21 | 1 | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:50:21:50:21 | 1 | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:50:21:50:21 | 1 | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:50:21:50:21 | 1 | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:50:21:50:21 | 1 | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:50:21:50:21 | 1 | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:50:21:50:21 | 1 | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:50:21:50:21 | 1 | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:50:21:50:21 | 1 | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:50:21:50:21 | 1 | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:50:21:50:21 | 1 | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:50:21:50:21 | 1 | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:50:21:50:21 | 1 | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:54:3:54:8 | 'myId' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:54:3:54:8 | 'myId' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:54:3:54:8 | 'myId' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:54:3:54:8 | 'myId' | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/tst.js:54:3:54:8 | 'myId' | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:54:3:54:8 | 'myId' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:54:3:54:8 | 'myId' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:54:3:54:8 | 'myId' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:54:3:54:8 | 'myId' | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/tst.js:54:3:54:8 | 'myId' | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:54:3:54:8 | 'myId' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:54:3:54:8 | 'myId' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:54:3:54:8 | 'myId' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:54:3:54:8 | 'myId' | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/tst.js:54:3:54:8 | 'myId' | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:54:3:54:8 | 'myId' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:54:3:54:8 | 'myId' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:54:3:54:8 | 'myId' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:54:3:54:8 | 'myId' | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/tst.js:54:3:54:8 | 'myId' | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:54:16:54:45 | chop(do ... search) | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:54:16:54:45 | chop(do ... search) | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:54:16:54:45 | chop(do ... search) | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:54:16:54:45 | chop(do ... search) | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/tst.js:56:3:56:8 | 'myId' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:56:3:56:8 | 'myId' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:56:3:56:8 | 'myId' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:56:3:56:8 | 'myId' | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/tst.js:56:3:56:8 | 'myId' | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:56:3:56:8 | 'myId' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:56:3:56:8 | 'myId' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:56:3:56:8 | 'myId' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:56:3:56:8 | 'myId' | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/tst.js:56:3:56:8 | 'myId' | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:56:3:56:8 | 'myId' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:56:3:56:8 | 'myId' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:56:3:56:8 | 'myId' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:56:3:56:8 | 'myId' | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/tst.js:56:3:56:8 | 'myId' | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:56:3:56:8 | 'myId' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:56:3:56:8 | 'myId' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:56:3:56:8 | 'myId' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:56:3:56:8 | 'myId' | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/tst.js:56:3:56:8 | 'myId' | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:56:16:56:45 | chop(do ... search) | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:56:16:56:45 | chop(do ... search) | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:56:16:56:45 | chop(do ... search) | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:56:16:56:45 | chop(do ... search) | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/tst.js:58:3:58:8 | 'myId' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:58:3:58:8 | 'myId' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:58:3:58:8 | 'myId' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:58:3:58:8 | 'myId' | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/tst.js:58:3:58:8 | 'myId' | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:58:3:58:8 | 'myId' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:58:3:58:8 | 'myId' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:58:3:58:8 | 'myId' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:58:3:58:8 | 'myId' | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/tst.js:58:3:58:8 | 'myId' | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:58:3:58:8 | 'myId' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:58:3:58:8 | 'myId' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:58:3:58:8 | 'myId' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:58:3:58:8 | 'myId' | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/tst.js:58:3:58:8 | 'myId' | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:58:3:58:8 | 'myId' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:58:3:58:8 | 'myId' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:58:3:58:8 | 'myId' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:58:3:58:8 | 'myId' | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/tst.js:58:3:58:8 | 'myId' | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:58:16:58:32 | wrap(chop(bar())) | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:58:16:58:32 | wrap(chop(bar())) | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:58:16:58:32 | wrap(chop(bar())) | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:58:16:58:32 | wrap(chop(bar())) | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/tst.js:62:5:62:10 | 'myId' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:62:5:62:10 | 'myId' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:62:5:62:10 | 'myId' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:62:5:62:10 | 'myId' | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/tst.js:62:5:62:10 | 'myId' | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:62:5:62:10 | 'myId' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:62:5:62:10 | 'myId' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:62:5:62:10 | 'myId' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:62:5:62:10 | 'myId' | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/tst.js:62:5:62:10 | 'myId' | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:62:5:62:10 | 'myId' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:62:5:62:10 | 'myId' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:62:5:62:10 | 'myId' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:62:5:62:10 | 'myId' | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/tst.js:62:5:62:10 | 'myId' | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:62:5:62:10 | 'myId' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:62:5:62:10 | 'myId' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:62:5:62:10 | 'myId' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:62:5:62:10 | 'myId' | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/tst.js:62:5:62:10 | 'myId' | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:62:18:62:18 | s | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:62:18:62:18 | s | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:62:18:62:18 | s | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:62:18:62:18 | s | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/tst.js:68:3:68:8 | 'myId' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:68:3:68:8 | 'myId' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:68:3:68:8 | 'myId' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:68:3:68:8 | 'myId' | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/tst.js:68:3:68:8 | 'myId' | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:68:3:68:8 | 'myId' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:68:3:68:8 | 'myId' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:68:3:68:8 | 'myId' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:68:3:68:8 | 'myId' | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/tst.js:68:3:68:8 | 'myId' | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:68:3:68:8 | 'myId' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:68:3:68:8 | 'myId' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:68:3:68:8 | 'myId' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:68:3:68:8 | 'myId' | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/tst.js:68:3:68:8 | 'myId' | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:68:3:68:8 | 'myId' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:68:3:68:8 | 'myId' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:68:3:68:8 | 'myId' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:68:3:68:8 | 'myId' | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/tst.js:68:3:68:8 | 'myId' | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:68:16:68:20 | bar() | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:68:16:68:20 | bar() | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:68:16:68:20 | bar() | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:68:16:68:20 | bar() | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/tst.js:73:7:73:12 | 'myId' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:73:7:73:12 | 'myId' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:73:7:73:12 | 'myId' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:73:7:73:12 | 'myId' | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/tst.js:73:7:73:12 | 'myId' | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:73:7:73:12 | 'myId' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:73:7:73:12 | 'myId' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:73:7:73:12 | 'myId' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:73:7:73:12 | 'myId' | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/tst.js:73:7:73:12 | 'myId' | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:73:7:73:12 | 'myId' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:73:7:73:12 | 'myId' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:73:7:73:12 | 'myId' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:73:7:73:12 | 'myId' | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/tst.js:73:7:73:12 | 'myId' | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:73:7:73:12 | 'myId' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:73:7:73:12 | 'myId' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:73:7:73:12 | 'myId' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:73:7:73:12 | 'myId' | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/tst.js:73:7:73:12 | 'myId' | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:73:20:73:20 | x | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:73:20:73:20 | x | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:73:20:73:20 | x | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:73:20:73:20 | x | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/tst.js:77:40:77:73 | {__html ... search} | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:77:40:77:73 | {__html ... search} | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:77:40:77:73 | {__html ... search} | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:77:40:77:73 | {__html ... search} | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:77:49:77:72 | documen ... .search | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:77:49:77:72 | documen ... .search | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:77:49:77:72 | documen ... .search | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:77:49:77:72 | documen ... .search | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/tst.js:79:16:79:22 | 'myApp' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:79:16:79:22 | 'myApp' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:79:16:79:22 | 'myApp' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:79:16:79:22 | 'myApp' | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:79:16:79:22 | 'myApp' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:79:16:79:22 | 'myApp' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:79:16:79:22 | 'myApp' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:79:16:79:22 | 'myApp' | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:79:16:79:22 | 'myApp' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:79:16:79:22 | 'myApp' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:79:16:79:22 | 'myApp' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:79:16:79:22 | 'myApp' | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:79:16:79:22 | 'myApp' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:79:16:79:22 | 'myApp' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:79:16:79:22 | 'myApp' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:79:16:79:22 | 'myApp' | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:79:25:79:26 | [] | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:79:25:79:26 | [] | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:79:25:79:26 | [] | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:79:25:79:26 | [] | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:79:25:79:26 | [] | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:79:25:79:26 | [] | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:79:25:79:26 | [] | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:79:25:79:26 | [] | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:79:25:79:26 | [] | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:79:25:79:26 | [] | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:79:25:79:26 | [] | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:79:25:79:26 | [] | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:80:14:80:24 | "myService" | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:80:14:80:24 | "myService" | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:80:14:80:24 | "myService" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:80:14:80:24 | "myService" | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:80:14:80:24 | "myService" | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:80:14:80:24 | "myService" | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:80:14:80:24 | "myService" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:80:14:80:24 | "myService" | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:80:14:80:24 | "myService" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:80:14:80:24 | "myService" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:80:14:80:24 | "myService" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:80:14:80:24 | "myService" | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:80:14:80:24 | "myService" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:80:14:80:24 | "myService" | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:80:14:80:24 | "myService" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:80:14:80:24 | "myService" | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:80:27:88:5 | functio ... K\\n } | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:80:27:88:5 | functio ... K\\n } | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:80:27:88:5 | functio ... K\\n } | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:80:27:88:5 | functio ... K\\n } | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:80:27:88:5 | functio ... K\\n } | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:80:27:88:5 | functio ... K\\n } | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:80:27:88:5 | functio ... K\\n } | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:80:27:88:5 | functio ... K\\n } | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:80:27:88:5 | functio ... K\\n } | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:80:27:88:5 | functio ... K\\n } | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:80:27:88:5 | functio ... K\\n } | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:80:27:88:5 | functio ... K\\n } | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:80:27:88:5 | functio ... K\\n } | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:80:27:88:5 | functio ... K\\n } | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:80:27:88:5 | functio ... K\\n } | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:80:27:88:5 | functio ... K\\n } | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:81:26:81:49 | documen ... .search | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:81:26:81:49 | documen ... .search | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:81:26:81:49 | documen ... .search | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:81:26:81:49 | documen ... .search | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/tst.js:82:25:82:48 | documen ... .search | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:82:25:82:48 | documen ... .search | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:82:25:82:48 | documen ... .search | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:82:25:82:48 | documen ... .search | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/tst.js:83:29:83:52 | documen ... .search | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:83:29:83:52 | documen ... .search | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:83:29:83:52 | documen ... .search | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:83:29:83:52 | documen ... .search | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:83:29:83:52 | documen ... .search | SqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:83:29:83:52 | documen ... .search | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:83:29:83:52 | documen ... .search | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:83:29:83:52 | documen ... .search | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:83:29:83:52 | documen ... .search | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:83:29:83:52 | documen ... .search | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:83:29:83:52 | documen ... .search | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:83:29:83:52 | documen ... .search | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:83:29:83:52 | documen ... .search | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:83:29:83:52 | documen ... .search | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:83:29:83:52 | documen ... .search | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:83:29:83:52 | documen ... .search | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:84:33:84:56 | documen ... .search | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:84:33:84:56 | documen ... .search | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:84:33:84:56 | documen ... .search | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:84:33:84:56 | documen ... .search | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/tst.js:85:32:85:55 | documen ... .search | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:85:32:85:55 | documen ... .search | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:85:32:85:55 | documen ... .search | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:85:32:85:55 | documen ... .search | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/tst.js:86:22:86:28 | UNKNOWN | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:86:22:86:28 | UNKNOWN | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:86:22:86:28 | UNKNOWN | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:86:22:86:28 | UNKNOWN | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:86:22:86:28 | UNKNOWN | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:86:22:86:28 | UNKNOWN | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:86:22:86:28 | UNKNOWN | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:86:22:86:28 | UNKNOWN | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:86:22:86:28 | UNKNOWN | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:86:22:86:28 | UNKNOWN | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:86:22:86:28 | UNKNOWN | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:86:22:86:28 | UNKNOWN | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:86:22:86:28 | UNKNOWN | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:86:22:86:28 | UNKNOWN | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:86:22:86:28 | UNKNOWN | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:86:22:86:28 | UNKNOWN | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:86:31:86:54 | documen ... .search | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:86:31:86:54 | documen ... .search | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:86:31:86:54 | documen ... .search | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:86:31:86:54 | documen ... .search | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:86:31:86:54 | documen ... .search | SqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:86:31:86:54 | documen ... .search | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:86:31:86:54 | documen ... .search | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:86:31:86:54 | documen ... .search | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:86:31:86:54 | documen ... .search | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:86:31:86:54 | documen ... .search | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:86:31:86:54 | documen ... .search | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:86:31:86:54 | documen ... .search | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:86:31:86:54 | documen ... .search | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:86:31:86:54 | documen ... .search | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:86:31:86:54 | documen ... .search | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:86:31:86:54 | documen ... .search | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:87:28:87:51 | documen ... .search | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:87:28:87:51 | documen ... .search | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:87:28:87:51 | documen ... .search | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:87:28:87:51 | documen ... .search | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:87:28:87:51 | documen ... .search | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:87:28:87:51 | documen ... .search | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:87:28:87:51 | documen ... .search | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:87:28:87:51 | documen ... .search | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:87:28:87:51 | documen ... .search | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:87:28:87:51 | documen ... .search | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:87:28:87:51 | documen ... .search | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:87:28:87:51 | documen ... .search | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:89:14:89:25 | "myService2" | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:89:14:89:25 | "myService2" | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:89:14:89:25 | "myService2" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:89:14:89:25 | "myService2" | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:89:14:89:25 | "myService2" | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:89:14:89:25 | "myService2" | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:89:14:89:25 | "myService2" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:89:14:89:25 | "myService2" | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:89:14:89:25 | "myService2" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:89:14:89:25 | "myService2" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:89:14:89:25 | "myService2" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:89:14:89:25 | "myService2" | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:89:14:89:25 | "myService2" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:89:14:89:25 | "myService2" | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:89:14:89:25 | "myService2" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:89:14:89:25 | "myService2" | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:89:28:92:5 | functio ... K\\n } | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:89:28:92:5 | functio ... K\\n } | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:89:28:92:5 | functio ... K\\n } | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:89:28:92:5 | functio ... K\\n } | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:89:28:92:5 | functio ... K\\n } | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:89:28:92:5 | functio ... K\\n } | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:89:28:92:5 | functio ... K\\n } | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:89:28:92:5 | functio ... K\\n } | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:89:28:92:5 | functio ... K\\n } | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:89:28:92:5 | functio ... K\\n } | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:89:28:92:5 | functio ... K\\n } | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:89:28:92:5 | functio ... K\\n } | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:89:28:92:5 | functio ... K\\n } | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:89:28:92:5 | functio ... K\\n } | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:89:28:92:5 | functio ... K\\n } | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:89:28:92:5 | functio ... K\\n } | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:90:25:90:31 | '
    ' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:90:25:90:31 | '
    ' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:90:25:90:31 | '
    ' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:90:25:90:31 | '
    ' | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/tst.js:90:39:90:62 | documen ... .search | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:90:39:90:62 | documen ... .search | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:90:39:90:62 | documen ... .search | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:90:39:90:62 | documen ... .search | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/tst.js:91:25:91:31 | '
    ' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:91:25:91:31 | '
    ' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:91:25:91:31 | '
    ' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:91:25:91:31 | '
    ' | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/tst.js:91:39:91:44 | 'SAFE' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:91:39:91:44 | 'SAFE' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:91:39:91:44 | 'SAFE' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:91:39:91:44 | 'SAFE' | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/tst.js:93:16:93:27 | 'myCustomer' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:93:16:93:27 | 'myCustomer' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:93:16:93:27 | 'myCustomer' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:93:16:93:27 | 'myCustomer' | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:93:16:93:27 | 'myCustomer' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:93:16:93:27 | 'myCustomer' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:93:16:93:27 | 'myCustomer' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:93:16:93:27 | 'myCustomer' | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:93:16:93:27 | 'myCustomer' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:93:16:93:27 | 'myCustomer' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:93:16:93:27 | 'myCustomer' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:93:16:93:27 | 'myCustomer' | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:93:16:93:27 | 'myCustomer' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:93:16:93:27 | 'myCustomer' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:93:16:93:27 | 'myCustomer' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:93:16:93:27 | 'myCustomer' | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:93:30:100:5 | functio ... ;\\n } | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:93:30:100:5 | functio ... ;\\n } | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:93:30:100:5 | functio ... ;\\n } | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:93:30:100:5 | functio ... ;\\n } | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:93:30:100:5 | functio ... ;\\n } | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:93:30:100:5 | functio ... ;\\n } | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:93:30:100:5 | functio ... ;\\n } | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:93:30:100:5 | functio ... ;\\n } | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:93:30:100:5 | functio ... ;\\n } | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:93:30:100:5 | functio ... ;\\n } | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:93:30:100:5 | functio ... ;\\n } | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:93:30:100:5 | functio ... ;\\n } | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:93:30:100:5 | functio ... ;\\n } | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:93:30:100:5 | functio ... ;\\n } | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:93:30:100:5 | functio ... ;\\n } | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:93:30:100:5 | functio ... ;\\n } | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:96:30:96:53 | documen ... .search | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:96:30:96:53 | documen ... .search | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:96:30:96:53 | documen ... .search | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:96:30:96:53 | documen ... .search | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/tst.js:97:30:97:35 | 'SAFE' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:97:30:97:35 | 'SAFE' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:97:30:97:35 | 'SAFE' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:97:30:97:35 | 'SAFE' | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/tst.js:101:14:101:25 | "myService3" | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:101:14:101:25 | "myService3" | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:101:14:101:25 | "myService3" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:101:14:101:25 | "myService3" | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:101:14:101:25 | "myService3" | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:101:14:101:25 | "myService3" | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:101:14:101:25 | "myService3" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:101:14:101:25 | "myService3" | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:101:14:101:25 | "myService3" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:101:14:101:25 | "myService3" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:101:14:101:25 | "myService3" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:101:14:101:25 | "myService3" | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:101:14:101:25 | "myService3" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:101:14:101:25 | "myService3" | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:101:14:101:25 | "myService3" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:101:14:101:25 | "myService3" | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:101:28:104:5 | functio ... K\\n } | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:101:28:104:5 | functio ... K\\n } | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:101:28:104:5 | functio ... K\\n } | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:101:28:104:5 | functio ... K\\n } | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:101:28:104:5 | functio ... K\\n } | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:101:28:104:5 | functio ... K\\n } | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:101:28:104:5 | functio ... K\\n } | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:101:28:104:5 | functio ... K\\n } | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:101:28:104:5 | functio ... K\\n } | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:101:28:104:5 | functio ... K\\n } | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:101:28:104:5 | functio ... K\\n } | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:101:28:104:5 | functio ... K\\n } | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:101:28:104:5 | functio ... K\\n } | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:101:28:104:5 | functio ... K\\n } | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:101:28:104:5 | functio ... K\\n } | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:101:28:104:5 | functio ... K\\n } | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:102:25:102:48 | documen ... .search | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:102:25:102:48 | documen ... .search | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:102:25:102:48 | documen ... .search | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:102:25:102:48 | documen ... .search | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/tst.js:103:25:103:30 | 'SAFE' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:103:25:103:30 | 'SAFE' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:103:25:103:30 | 'SAFE' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:103:25:103:30 | 'SAFE' | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/tst.js:107:43:107:43 | 1 | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:107:43:107:43 | 1 | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:107:43:107:43 | 1 | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:107:43:107:43 | 1 | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:107:43:107:43 | 1 | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:107:43:107:43 | 1 | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:107:43:107:43 | 1 | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:107:43:107:43 | 1 | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:107:43:107:43 | 1 | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:107:43:107:43 | 1 | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:107:43:107:43 | 1 | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:107:43:107:43 | 1 | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:107:43:107:43 | 1 | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:107:43:107:43 | 1 | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:107:43:107:43 | 1 | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:107:43:107:43 | 1 | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:110:18:110:18 | v | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:110:18:110:18 | v | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:110:18:110:18 | v | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:110:18:110:18 | v | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/tst.js:112:20:112:20 | v | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:112:20:112:20 | v | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:112:20:112:20 | v | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:112:20:112:20 | v | NosqlInjection | notASinkReason | MembershipCandidateTest | string | -| autogenerated/Xss/DomBasedXss/tst.js:112:20:112:20 | v | NosqlInjection | notASinkReason | StringRegExpTest | string | -| autogenerated/Xss/DomBasedXss/tst.js:112:20:112:20 | v | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:112:20:112:20 | v | SqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:112:20:112:20 | v | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:112:20:112:20 | v | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:112:20:112:20 | v | SqlInjection | notASinkReason | MembershipCandidateTest | string | -| autogenerated/Xss/DomBasedXss/tst.js:112:20:112:20 | v | SqlInjection | notASinkReason | StringRegExpTest | string | -| autogenerated/Xss/DomBasedXss/tst.js:112:20:112:20 | v | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:112:20:112:20 | v | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:112:20:112:20 | v | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:112:20:112:20 | v | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:112:20:112:20 | v | TaintedPath | notASinkReason | MembershipCandidateTest | string | -| autogenerated/Xss/DomBasedXss/tst.js:112:20:112:20 | v | TaintedPath | notASinkReason | StringRegExpTest | string | -| autogenerated/Xss/DomBasedXss/tst.js:112:20:112:20 | v | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:112:20:112:20 | v | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:112:20:112:20 | v | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:112:20:112:20 | v | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:112:20:112:20 | v | Xss | notASinkReason | MembershipCandidateTest | string | -| autogenerated/Xss/DomBasedXss/tst.js:112:20:112:20 | v | Xss | notASinkReason | StringRegExpTest | string | -| autogenerated/Xss/DomBasedXss/tst.js:112:20:112:20 | v | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:114:20:114:20 | v | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:114:20:114:20 | v | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:114:20:114:20 | v | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:114:20:114:20 | v | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/tst.js:119:20:119:20 | v | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:119:20:119:20 | v | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:119:20:119:20 | v | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:119:20:119:20 | v | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/tst.js:122:15:122:21 | /^\\d+$/ | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:122:15:122:21 | /^\\d+$/ | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:122:15:122:21 | /^\\d+$/ | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:122:15:122:21 | /^\\d+$/ | NosqlInjection | notASinkReason | MembershipCandidateTest | string | -| autogenerated/Xss/DomBasedXss/tst.js:122:15:122:21 | /^\\d+$/ | NosqlInjection | notASinkReason | StringRegExpTest | string | -| autogenerated/Xss/DomBasedXss/tst.js:122:15:122:21 | /^\\d+$/ | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:122:15:122:21 | /^\\d+$/ | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:122:15:122:21 | /^\\d+$/ | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:122:15:122:21 | /^\\d+$/ | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:122:15:122:21 | /^\\d+$/ | SqlInjection | notASinkReason | MembershipCandidateTest | string | -| autogenerated/Xss/DomBasedXss/tst.js:122:15:122:21 | /^\\d+$/ | SqlInjection | notASinkReason | StringRegExpTest | string | -| autogenerated/Xss/DomBasedXss/tst.js:122:15:122:21 | /^\\d+$/ | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:122:15:122:21 | /^\\d+$/ | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:122:15:122:21 | /^\\d+$/ | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:122:15:122:21 | /^\\d+$/ | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:122:15:122:21 | /^\\d+$/ | TaintedPath | notASinkReason | MembershipCandidateTest | string | -| autogenerated/Xss/DomBasedXss/tst.js:122:15:122:21 | /^\\d+$/ | TaintedPath | notASinkReason | StringRegExpTest | string | -| autogenerated/Xss/DomBasedXss/tst.js:122:15:122:21 | /^\\d+$/ | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:122:15:122:21 | /^\\d+$/ | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:122:15:122:21 | /^\\d+$/ | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:122:15:122:21 | /^\\d+$/ | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:122:15:122:21 | /^\\d+$/ | Xss | notASinkReason | MembershipCandidateTest | string | -| autogenerated/Xss/DomBasedXss/tst.js:122:15:122:21 | /^\\d+$/ | Xss | notASinkReason | StringRegExpTest | string | -| autogenerated/Xss/DomBasedXss/tst.js:122:15:122:21 | /^\\d+$/ | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:124:22:124:22 | v | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:124:22:124:22 | v | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:124:22:124:22 | v | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:124:22:124:22 | v | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/tst.js:127:15:127:22 | "^\\\\d+$" | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:127:15:127:22 | "^\\\\d+$" | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:127:15:127:22 | "^\\\\d+$" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:127:15:127:22 | "^\\\\d+$" | NosqlInjection | notASinkReason | MembershipCandidateTest | string | -| autogenerated/Xss/DomBasedXss/tst.js:127:15:127:22 | "^\\\\d+$" | NosqlInjection | notASinkReason | StringRegExpTest | string | -| autogenerated/Xss/DomBasedXss/tst.js:127:15:127:22 | "^\\\\d+$" | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:127:15:127:22 | "^\\\\d+$" | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:127:15:127:22 | "^\\\\d+$" | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:127:15:127:22 | "^\\\\d+$" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:127:15:127:22 | "^\\\\d+$" | SqlInjection | notASinkReason | MembershipCandidateTest | string | -| autogenerated/Xss/DomBasedXss/tst.js:127:15:127:22 | "^\\\\d+$" | SqlInjection | notASinkReason | StringRegExpTest | string | -| autogenerated/Xss/DomBasedXss/tst.js:127:15:127:22 | "^\\\\d+$" | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:127:15:127:22 | "^\\\\d+$" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:127:15:127:22 | "^\\\\d+$" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:127:15:127:22 | "^\\\\d+$" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:127:15:127:22 | "^\\\\d+$" | TaintedPath | notASinkReason | MembershipCandidateTest | string | -| autogenerated/Xss/DomBasedXss/tst.js:127:15:127:22 | "^\\\\d+$" | TaintedPath | notASinkReason | StringRegExpTest | string | -| autogenerated/Xss/DomBasedXss/tst.js:127:15:127:22 | "^\\\\d+$" | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:127:15:127:22 | "^\\\\d+$" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:127:15:127:22 | "^\\\\d+$" | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:127:15:127:22 | "^\\\\d+$" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:127:15:127:22 | "^\\\\d+$" | Xss | notASinkReason | MembershipCandidateTest | string | -| autogenerated/Xss/DomBasedXss/tst.js:127:15:127:22 | "^\\\\d+$" | Xss | notASinkReason | StringRegExpTest | string | -| autogenerated/Xss/DomBasedXss/tst.js:127:15:127:22 | "^\\\\d+$" | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:129:22:129:22 | v | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:129:22:129:22 | v | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:129:22:129:22 | v | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:129:22:129:22 | v | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/tst.js:132:20:132:20 | v | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:132:20:132:20 | v | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:132:20:132:20 | v | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:132:20:132:20 | v | NosqlInjection | notASinkReason | StringRegExpTest | string | -| autogenerated/Xss/DomBasedXss/tst.js:132:20:132:20 | v | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:132:20:132:20 | v | SqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:132:20:132:20 | v | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:132:20:132:20 | v | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:132:20:132:20 | v | SqlInjection | notASinkReason | StringRegExpTest | string | -| autogenerated/Xss/DomBasedXss/tst.js:132:20:132:20 | v | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:132:20:132:20 | v | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:132:20:132:20 | v | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:132:20:132:20 | v | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:132:20:132:20 | v | TaintedPath | notASinkReason | StringRegExpTest | string | -| autogenerated/Xss/DomBasedXss/tst.js:132:20:132:20 | v | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:132:20:132:20 | v | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:132:20:132:20 | v | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:132:20:132:20 | v | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:132:20:132:20 | v | Xss | notASinkReason | StringRegExpTest | string | -| autogenerated/Xss/DomBasedXss/tst.js:132:20:132:20 | v | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:136:18:136:18 | v | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:136:18:136:18 | v | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:136:18:136:18 | v | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:136:18:136:18 | v | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/tst.js:138:22:138:22 | v | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:138:22:138:22 | v | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:138:22:138:22 | v | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:138:22:138:22 | v | NosqlInjection | notASinkReason | MembershipCandidateTest | string | -| autogenerated/Xss/DomBasedXss/tst.js:138:22:138:22 | v | NosqlInjection | notASinkReason | StringRegExpTest | string | -| autogenerated/Xss/DomBasedXss/tst.js:138:22:138:22 | v | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:138:22:138:22 | v | SqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:138:22:138:22 | v | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:138:22:138:22 | v | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:138:22:138:22 | v | SqlInjection | notASinkReason | MembershipCandidateTest | string | -| autogenerated/Xss/DomBasedXss/tst.js:138:22:138:22 | v | SqlInjection | notASinkReason | StringRegExpTest | string | -| autogenerated/Xss/DomBasedXss/tst.js:138:22:138:22 | v | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:138:22:138:22 | v | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:138:22:138:22 | v | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:138:22:138:22 | v | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:138:22:138:22 | v | TaintedPath | notASinkReason | MembershipCandidateTest | string | -| autogenerated/Xss/DomBasedXss/tst.js:138:22:138:22 | v | TaintedPath | notASinkReason | StringRegExpTest | string | -| autogenerated/Xss/DomBasedXss/tst.js:138:22:138:22 | v | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:138:22:138:22 | v | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:138:22:138:22 | v | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:138:22:138:22 | v | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:138:22:138:22 | v | Xss | notASinkReason | MembershipCandidateTest | string | -| autogenerated/Xss/DomBasedXss/tst.js:138:22:138:22 | v | Xss | notASinkReason | StringRegExpTest | string | -| autogenerated/Xss/DomBasedXss/tst.js:138:22:138:22 | v | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:142:18:142:18 | v | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:142:18:142:18 | v | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:142:18:142:18 | v | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:142:18:142:18 | v | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/tst.js:146:20:146:26 | 'myApp' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:146:20:146:26 | 'myApp' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:146:20:146:26 | 'myApp' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:146:20:146:26 | 'myApp' | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:146:20:146:26 | 'myApp' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:146:20:146:26 | 'myApp' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:146:20:146:26 | 'myApp' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:146:20:146:26 | 'myApp' | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:146:20:146:26 | 'myApp' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:146:20:146:26 | 'myApp' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:146:20:146:26 | 'myApp' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:146:20:146:26 | 'myApp' | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:146:20:146:26 | 'myApp' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:146:20:146:26 | 'myApp' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:146:20:146:26 | 'myApp' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:146:20:146:26 | 'myApp' | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:146:29:146:30 | [] | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:146:29:146:30 | [] | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:146:29:146:30 | [] | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:146:29:146:30 | [] | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:146:29:146:30 | [] | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:146:29:146:30 | [] | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:146:29:146:30 | [] | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:146:29:146:30 | [] | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:146:29:146:30 | [] | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:146:29:146:30 | [] | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:146:29:146:30 | [] | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:146:29:146:30 | [] | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:147:18:147:39 | "xssSou ... ervice" | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:147:18:147:39 | "xssSou ... ervice" | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:147:18:147:39 | "xssSou ... ervice" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:147:18:147:39 | "xssSou ... ervice" | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:147:18:147:39 | "xssSou ... ervice" | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:147:18:147:39 | "xssSou ... ervice" | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:147:18:147:39 | "xssSou ... ervice" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:147:18:147:39 | "xssSou ... ervice" | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:147:18:147:39 | "xssSou ... ervice" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:147:18:147:39 | "xssSou ... ervice" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:147:18:147:39 | "xssSou ... ervice" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:147:18:147:39 | "xssSou ... ervice" | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:147:18:147:39 | "xssSou ... ervice" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:147:18:147:39 | "xssSou ... ervice" | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:147:18:147:39 | "xssSou ... ervice" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:147:18:147:39 | "xssSou ... ervice" | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:147:42:149:10 | ["xssSi ... }] | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:147:42:149:10 | ["xssSi ... }] | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:147:42:149:10 | ["xssSi ... }] | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:147:42:149:10 | ["xssSi ... }] | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:147:42:149:10 | ["xssSi ... }] | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:147:42:149:10 | ["xssSi ... }] | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:147:42:149:10 | ["xssSi ... }] | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:147:42:149:10 | ["xssSi ... }] | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:147:42:149:10 | ["xssSi ... }] | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:147:42:149:10 | ["xssSi ... }] | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:147:42:149:10 | ["xssSi ... }] | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:147:42:149:10 | ["xssSi ... }] | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:147:43:147:59 | "xssSinkService1" | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:147:43:147:59 | "xssSinkService1" | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:147:43:147:59 | "xssSinkService1" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:147:43:147:59 | "xssSinkService1" | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:147:43:147:59 | "xssSinkService1" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:147:43:147:59 | "xssSinkService1" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:147:43:147:59 | "xssSinkService1" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:147:43:147:59 | "xssSinkService1" | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:147:43:147:59 | "xssSinkService1" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:147:43:147:59 | "xssSinkService1" | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:147:43:147:59 | "xssSinkService1" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:147:43:147:59 | "xssSinkService1" | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:147:62:149:9 | functio ... } | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:147:62:149:9 | functio ... } | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:147:62:149:9 | functio ... } | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:147:62:149:9 | functio ... } | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:147:62:149:9 | functio ... } | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:147:62:149:9 | functio ... } | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:147:62:149:9 | functio ... } | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:147:62:149:9 | functio ... } | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:147:62:149:9 | functio ... } | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:147:62:149:9 | functio ... } | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:147:62:149:9 | functio ... } | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:147:62:149:9 | functio ... } | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:150:18:150:34 | "xssSinkService1" | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:150:18:150:34 | "xssSinkService1" | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:150:18:150:34 | "xssSinkService1" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:150:18:150:34 | "xssSinkService1" | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:150:18:150:34 | "xssSinkService1" | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:150:18:150:34 | "xssSinkService1" | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:150:18:150:34 | "xssSinkService1" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:150:18:150:34 | "xssSinkService1" | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:150:18:150:34 | "xssSinkService1" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:150:18:150:34 | "xssSinkService1" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:150:18:150:34 | "xssSinkService1" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:150:18:150:34 | "xssSinkService1" | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:150:18:150:34 | "xssSinkService1" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:150:18:150:34 | "xssSinkService1" | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:150:18:150:34 | "xssSinkService1" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:150:18:150:34 | "xssSinkService1" | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:150:37:152:9 | functio ... } | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:150:37:152:9 | functio ... } | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:150:37:152:9 | functio ... } | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:150:37:152:9 | functio ... } | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:150:37:152:9 | functio ... } | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:150:37:152:9 | functio ... } | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:150:37:152:9 | functio ... } | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:150:37:152:9 | functio ... } | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:150:37:152:9 | functio ... } | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:150:37:152:9 | functio ... } | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:150:37:152:9 | functio ... } | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:150:37:152:9 | functio ... } | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:150:37:152:9 | functio ... } | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:150:37:152:9 | functio ... } | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:150:37:152:9 | functio ... } | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:150:37:152:9 | functio ... } | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:151:35:151:41 | "
    " | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:151:35:151:41 | "
    " | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:151:35:151:41 | "
    " | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:151:35:151:41 | "
    " | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/tst.js:151:49:151:49 | v | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:151:49:151:49 | v | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:151:49:151:49 | v | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:151:49:151:49 | v | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/tst.js:154:18:154:41 | "xssSou ... ervice" | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:154:18:154:41 | "xssSou ... ervice" | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:154:18:154:41 | "xssSou ... ervice" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:154:18:154:41 | "xssSou ... ervice" | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:154:18:154:41 | "xssSou ... ervice" | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:154:18:154:41 | "xssSou ... ervice" | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:154:18:154:41 | "xssSou ... ervice" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:154:18:154:41 | "xssSou ... ervice" | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:154:18:154:41 | "xssSou ... ervice" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:154:18:154:41 | "xssSou ... ervice" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:154:18:154:41 | "xssSou ... ervice" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:154:18:154:41 | "xssSou ... ervice" | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:154:18:154:41 | "xssSou ... ervice" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:154:18:154:41 | "xssSou ... ervice" | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:154:18:154:41 | "xssSou ... ervice" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:154:18:154:41 | "xssSou ... ervice" | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:154:44:156:10 | ["xssSo ... }] | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:154:44:156:10 | ["xssSo ... }] | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:154:44:156:10 | ["xssSo ... }] | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:154:44:156:10 | ["xssSo ... }] | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:154:44:156:10 | ["xssSo ... }] | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:154:44:156:10 | ["xssSo ... }] | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:154:44:156:10 | ["xssSo ... }] | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:154:44:156:10 | ["xssSo ... }] | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:154:44:156:10 | ["xssSo ... }] | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:154:44:156:10 | ["xssSo ... }] | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:154:44:156:10 | ["xssSo ... }] | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:154:44:156:10 | ["xssSo ... }] | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:154:45:154:62 | "xssSourceService" | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:154:45:154:62 | "xssSourceService" | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:154:45:154:62 | "xssSourceService" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:154:45:154:62 | "xssSourceService" | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:154:45:154:62 | "xssSourceService" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:154:45:154:62 | "xssSourceService" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:154:45:154:62 | "xssSourceService" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:154:45:154:62 | "xssSourceService" | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:154:45:154:62 | "xssSourceService" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:154:45:154:62 | "xssSourceService" | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:154:45:154:62 | "xssSourceService" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:154:45:154:62 | "xssSourceService" | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:154:65:156:9 | functio ... } | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:154:65:156:9 | functio ... } | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:154:65:156:9 | functio ... } | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:154:65:156:9 | functio ... } | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:154:65:156:9 | functio ... } | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:154:65:156:9 | functio ... } | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:154:65:156:9 | functio ... } | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:154:65:156:9 | functio ... } | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:154:65:156:9 | functio ... } | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:154:65:156:9 | functio ... } | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:154:65:156:9 | functio ... } | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:154:65:156:9 | functio ... } | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:155:15:155:21 | "
    " | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:155:15:155:21 | "
    " | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:155:15:155:21 | "
    " | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:155:15:155:21 | "
    " | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/tst.js:155:29:155:46 | xssSourceService() | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:155:29:155:46 | xssSourceService() | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:155:29:155:46 | xssSourceService() | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:155:29:155:46 | xssSourceService() | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/tst.js:157:18:157:35 | "xssSourceService" | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:157:18:157:35 | "xssSourceService" | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:157:18:157:35 | "xssSourceService" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:157:18:157:35 | "xssSourceService" | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:157:18:157:35 | "xssSourceService" | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:157:18:157:35 | "xssSourceService" | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:157:18:157:35 | "xssSourceService" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:157:18:157:35 | "xssSourceService" | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:157:18:157:35 | "xssSourceService" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:157:18:157:35 | "xssSourceService" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:157:18:157:35 | "xssSourceService" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:157:18:157:35 | "xssSourceService" | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:157:18:157:35 | "xssSourceService" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:157:18:157:35 | "xssSourceService" | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:157:18:157:35 | "xssSourceService" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:157:18:157:35 | "xssSourceService" | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:157:38:159:9 | functio ... } | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:157:38:159:9 | functio ... } | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:157:38:159:9 | functio ... } | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:157:38:159:9 | functio ... } | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:157:38:159:9 | functio ... } | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:157:38:159:9 | functio ... } | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:157:38:159:9 | functio ... } | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:157:38:159:9 | functio ... } | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:157:38:159:9 | functio ... } | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:157:38:159:9 | functio ... } | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:157:38:159:9 | functio ... } | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:157:38:159:9 | functio ... } | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:157:38:159:9 | functio ... } | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:157:38:159:9 | functio ... } | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:157:38:159:9 | functio ... } | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:157:38:159:9 | functio ... } | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:161:18:161:44 | "innoce ... ervice" | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:161:18:161:44 | "innoce ... ervice" | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:161:18:161:44 | "innoce ... ervice" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:161:18:161:44 | "innoce ... ervice" | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:161:18:161:44 | "innoce ... ervice" | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:161:18:161:44 | "innoce ... ervice" | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:161:18:161:44 | "innoce ... ervice" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:161:18:161:44 | "innoce ... ervice" | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:161:18:161:44 | "innoce ... ervice" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:161:18:161:44 | "innoce ... ervice" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:161:18:161:44 | "innoce ... ervice" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:161:18:161:44 | "innoce ... ervice" | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:161:18:161:44 | "innoce ... ervice" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:161:18:161:44 | "innoce ... ervice" | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:161:18:161:44 | "innoce ... ervice" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:161:18:161:44 | "innoce ... ervice" | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:161:47:163:10 | ["xssSi ... }] | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:161:47:163:10 | ["xssSi ... }] | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:161:47:163:10 | ["xssSi ... }] | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:161:47:163:10 | ["xssSi ... }] | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:161:47:163:10 | ["xssSi ... }] | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:161:47:163:10 | ["xssSi ... }] | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:161:47:163:10 | ["xssSi ... }] | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:161:47:163:10 | ["xssSi ... }] | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:161:47:163:10 | ["xssSi ... }] | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:161:47:163:10 | ["xssSi ... }] | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:161:47:163:10 | ["xssSi ... }] | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:161:47:163:10 | ["xssSi ... }] | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:161:48:161:64 | "xssSinkService2" | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:161:48:161:64 | "xssSinkService2" | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:161:48:161:64 | "xssSinkService2" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:161:48:161:64 | "xssSinkService2" | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:161:48:161:64 | "xssSinkService2" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:161:48:161:64 | "xssSinkService2" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:161:48:161:64 | "xssSinkService2" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:161:48:161:64 | "xssSinkService2" | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:161:48:161:64 | "xssSinkService2" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:161:48:161:64 | "xssSinkService2" | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:161:48:161:64 | "xssSinkService2" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:161:48:161:64 | "xssSinkService2" | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:161:67:163:9 | functio ... } | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:161:67:163:9 | functio ... } | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:161:67:163:9 | functio ... } | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:161:67:163:9 | functio ... } | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:161:67:163:9 | functio ... } | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:161:67:163:9 | functio ... } | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:161:67:163:9 | functio ... } | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:161:67:163:9 | functio ... } | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:161:67:163:9 | functio ... } | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:161:67:163:9 | functio ... } | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:161:67:163:9 | functio ... } | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:161:67:163:9 | functio ... } | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:164:18:164:34 | "xssSinkService2" | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:164:18:164:34 | "xssSinkService2" | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:164:18:164:34 | "xssSinkService2" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:164:18:164:34 | "xssSinkService2" | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:164:18:164:34 | "xssSinkService2" | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:164:18:164:34 | "xssSinkService2" | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:164:18:164:34 | "xssSinkService2" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:164:18:164:34 | "xssSinkService2" | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:164:18:164:34 | "xssSinkService2" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:164:18:164:34 | "xssSinkService2" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:164:18:164:34 | "xssSinkService2" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:164:18:164:34 | "xssSinkService2" | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:164:18:164:34 | "xssSinkService2" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:164:18:164:34 | "xssSinkService2" | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:164:18:164:34 | "xssSinkService2" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:164:18:164:34 | "xssSinkService2" | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:164:37:166:9 | functio ... } | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:164:37:166:9 | functio ... } | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:164:37:166:9 | functio ... } | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:164:37:166:9 | functio ... } | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:164:37:166:9 | functio ... } | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:164:37:166:9 | functio ... } | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:164:37:166:9 | functio ... } | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:164:37:166:9 | functio ... } | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:164:37:166:9 | functio ... } | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:164:37:166:9 | functio ... } | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:164:37:166:9 | functio ... } | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:164:37:166:9 | functio ... } | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:164:37:166:9 | functio ... } | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:164:37:166:9 | functio ... } | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:164:37:166:9 | functio ... } | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:164:37:166:9 | functio ... } | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:165:35:165:41 | "
    " | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:165:35:165:41 | "
    " | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:165:35:165:41 | "
    " | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:165:35:165:41 | "
    " | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/tst.js:165:49:165:49 | v | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:165:49:165:49 | v | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:165:49:165:49 | v | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:165:49:165:49 | v | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/tst.js:168:18:168:46 | "innoce ... ervice" | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:168:18:168:46 | "innoce ... ervice" | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:168:18:168:46 | "innoce ... ervice" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:168:18:168:46 | "innoce ... ervice" | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:168:18:168:46 | "innoce ... ervice" | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:168:18:168:46 | "innoce ... ervice" | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:168:18:168:46 | "innoce ... ervice" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:168:18:168:46 | "innoce ... ervice" | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:168:18:168:46 | "innoce ... ervice" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:168:18:168:46 | "innoce ... ervice" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:168:18:168:46 | "innoce ... ervice" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:168:18:168:46 | "innoce ... ervice" | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:168:18:168:46 | "innoce ... ervice" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:168:18:168:46 | "innoce ... ervice" | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:168:18:168:46 | "innoce ... ervice" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:168:18:168:46 | "innoce ... ervice" | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:168:49:170:10 | ["innoc ... }] | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:168:49:170:10 | ["innoc ... }] | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:168:49:170:10 | ["innoc ... }] | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:168:49:170:10 | ["innoc ... }] | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:168:49:170:10 | ["innoc ... }] | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:168:49:170:10 | ["innoc ... }] | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:168:49:170:10 | ["innoc ... }] | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:168:49:170:10 | ["innoc ... }] | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:168:49:170:10 | ["innoc ... }] | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:168:49:170:10 | ["innoc ... }] | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:168:49:170:10 | ["innoc ... }] | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:168:49:170:10 | ["innoc ... }] | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:168:50:168:72 | "innoce ... ervice" | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:168:50:168:72 | "innoce ... ervice" | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:168:50:168:72 | "innoce ... ervice" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:168:50:168:72 | "innoce ... ervice" | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:168:50:168:72 | "innoce ... ervice" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:168:50:168:72 | "innoce ... ervice" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:168:50:168:72 | "innoce ... ervice" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:168:50:168:72 | "innoce ... ervice" | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:168:50:168:72 | "innoce ... ervice" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:168:50:168:72 | "innoce ... ervice" | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:168:50:168:72 | "innoce ... ervice" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:168:50:168:72 | "innoce ... ervice" | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:168:75:170:9 | functio ... } | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:168:75:170:9 | functio ... } | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:168:75:170:9 | functio ... } | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:168:75:170:9 | functio ... } | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:168:75:170:9 | functio ... } | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:168:75:170:9 | functio ... } | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:168:75:170:9 | functio ... } | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:168:75:170:9 | functio ... } | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:168:75:170:9 | functio ... } | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:168:75:170:9 | functio ... } | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:168:75:170:9 | functio ... } | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:168:75:170:9 | functio ... } | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:169:15:169:21 | "
    " | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:169:15:169:21 | "
    " | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:169:15:169:21 | "
    " | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:169:15:169:21 | "
    " | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/tst.js:169:29:169:51 | innocen ... rvice() | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:169:29:169:51 | innocen ... rvice() | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:169:29:169:51 | innocen ... rvice() | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:169:29:169:51 | innocen ... rvice() | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/tst.js:171:18:171:40 | "innoce ... ervice" | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:171:18:171:40 | "innoce ... ervice" | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:171:18:171:40 | "innoce ... ervice" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:171:18:171:40 | "innoce ... ervice" | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:171:18:171:40 | "innoce ... ervice" | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:171:18:171:40 | "innoce ... ervice" | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:171:18:171:40 | "innoce ... ervice" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:171:18:171:40 | "innoce ... ervice" | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:171:18:171:40 | "innoce ... ervice" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:171:18:171:40 | "innoce ... ervice" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:171:18:171:40 | "innoce ... ervice" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:171:18:171:40 | "innoce ... ervice" | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:171:18:171:40 | "innoce ... ervice" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:171:18:171:40 | "innoce ... ervice" | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:171:18:171:40 | "innoce ... ervice" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:171:18:171:40 | "innoce ... ervice" | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:171:43:173:9 | functio ... } | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:171:43:173:9 | functio ... } | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:171:43:173:9 | functio ... } | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:171:43:173:9 | functio ... } | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:171:43:173:9 | functio ... } | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:171:43:173:9 | functio ... } | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:171:43:173:9 | functio ... } | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:171:43:173:9 | functio ... } | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:171:43:173:9 | functio ... } | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:171:43:173:9 | functio ... } | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:171:43:173:9 | functio ... } | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:171:43:173:9 | functio ... } | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:171:43:173:9 | functio ... } | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:171:43:173:9 | functio ... } | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:171:43:173:9 | functio ... } | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:171:43:173:9 | functio ... } | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:180:28:180:33 | target | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:180:28:180:33 | target | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:180:28:180:33 | target | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:180:28:180:33 | target | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/tst.js:186:31:186:37 | tainted | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:186:31:186:37 | tainted | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:186:31:186:37 | tainted | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:186:31:186:37 | tainted | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/tst.js:188:42:188:48 | tainted | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:188:42:188:48 | tainted | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:188:42:188:48 | tainted | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:188:42:188:48 | tainted | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/tst.js:189:33:189:39 | tainted | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:189:33:189:39 | tainted | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:189:33:189:39 | tainted | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:189:33:189:39 | tainted | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/tst.js:191:54:191:60 | tainted | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:191:54:191:60 | tainted | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:191:54:191:60 | tainted | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:191:54:191:60 | tainted | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/tst.js:192:45:192:51 | tainted | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:192:45:192:51 | tainted | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:192:45:192:51 | tainted | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:192:45:192:51 | tainted | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/tst.js:193:49:193:55 | tainted | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:193:49:193:55 | tainted | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:193:49:193:55 | tainted | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:193:49:193:55 | tainted | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/tst.js:199:25:199:29 | "div" | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:199:25:199:29 | "div" | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:199:25:199:29 | "div" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:199:25:199:29 | "div" | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:199:25:199:29 | "div" | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:199:25:199:29 | "div" | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:199:25:199:29 | "div" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:199:25:199:29 | "div" | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:199:25:199:29 | "div" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:199:25:199:29 | "div" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:199:25:199:29 | "div" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:199:25:199:29 | "div" | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:199:25:199:29 | "div" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:199:25:199:29 | "div" | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:199:25:199:29 | "div" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:199:25:199:29 | "div" | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:199:32:199:75 | {danger ... inted}} | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:199:32:199:75 | {danger ... inted}} | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:199:32:199:75 | {danger ... inted}} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:199:32:199:75 | {danger ... inted}} | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:199:32:199:75 | {danger ... inted}} | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:199:32:199:75 | {danger ... inted}} | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:199:32:199:75 | {danger ... inted}} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:199:32:199:75 | {danger ... inted}} | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:199:32:199:75 | {danger ... inted}} | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:199:32:199:75 | {danger ... inted}} | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:199:32:199:75 | {danger ... inted}} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:199:32:199:75 | {danger ... inted}} | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:199:32:199:75 | {danger ... inted}} | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:199:32:199:75 | {danger ... inted}} | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:199:32:199:75 | {danger ... inted}} | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:199:32:199:75 | {danger ... inted}} | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:199:58:199:74 | {__html: tainted} | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:199:58:199:74 | {__html: tainted} | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:199:58:199:74 | {__html: tainted} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:199:58:199:74 | {__html: tainted} | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:199:58:199:74 | {__html: tainted} | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:199:58:199:74 | {__html: tainted} | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:199:58:199:74 | {__html: tainted} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:199:58:199:74 | {__html: tainted} | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:199:58:199:74 | {__html: tainted} | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:199:58:199:74 | {__html: tainted} | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:199:58:199:74 | {__html: tainted} | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:199:58:199:74 | {__html: tainted} | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:199:67:199:73 | tainted | SqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:199:67:199:73 | tainted | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:199:67:199:73 | tainted | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:199:67:199:73 | tainted | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:199:67:199:73 | tainted | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:199:67:199:73 | tainted | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:199:67:199:73 | tainted | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:199:67:199:73 | tainted | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:199:67:199:73 | tainted | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:199:67:199:73 | tainted | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:199:67:199:73 | tainted | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:199:67:199:73 | tainted | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/tst.js:200:25:200:29 | "div" | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:200:25:200:29 | "div" | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:200:25:200:29 | "div" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:200:25:200:29 | "div" | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:200:25:200:29 | "div" | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:200:25:200:29 | "div" | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:200:25:200:29 | "div" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:200:25:200:29 | "div" | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:200:25:200:29 | "div" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:200:25:200:29 | "div" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:200:25:200:29 | "div" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:200:25:200:29 | "div" | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:200:25:200:29 | "div" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:200:25:200:29 | "div" | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:200:25:200:29 | "div" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:200:25:200:29 | "div" | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:200:32:200:75 | {danger ... inted}} | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:200:32:200:75 | {danger ... inted}} | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:200:32:200:75 | {danger ... inted}} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:200:32:200:75 | {danger ... inted}} | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:200:32:200:75 | {danger ... inted}} | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:200:32:200:75 | {danger ... inted}} | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:200:32:200:75 | {danger ... inted}} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:200:32:200:75 | {danger ... inted}} | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:200:32:200:75 | {danger ... inted}} | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:200:32:200:75 | {danger ... inted}} | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:200:32:200:75 | {danger ... inted}} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:200:32:200:75 | {danger ... inted}} | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:200:32:200:75 | {danger ... inted}} | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:200:32:200:75 | {danger ... inted}} | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:200:32:200:75 | {danger ... inted}} | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:200:32:200:75 | {danger ... inted}} | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:200:58:200:74 | {__html: tainted} | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:200:58:200:74 | {__html: tainted} | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:200:58:200:74 | {__html: tainted} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:200:58:200:74 | {__html: tainted} | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:200:58:200:74 | {__html: tainted} | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:200:58:200:74 | {__html: tainted} | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:200:58:200:74 | {__html: tainted} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:200:58:200:74 | {__html: tainted} | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:200:58:200:74 | {__html: tainted} | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:200:58:200:74 | {__html: tainted} | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:200:58:200:74 | {__html: tainted} | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:200:58:200:74 | {__html: tainted} | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:200:67:200:73 | tainted | SqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:200:67:200:73 | tainted | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:200:67:200:73 | tainted | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:200:67:200:73 | tainted | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:200:67:200:73 | tainted | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:200:67:200:73 | tainted | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:200:67:200:73 | tainted | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:200:67:200:73 | tainted | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:200:67:200:73 | tainted | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:200:67:200:73 | tainted | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:200:67:200:73 | tainted | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:200:67:200:73 | tainted | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/tst.js:206:27:206:55 | () => ( ... nted }) | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:206:27:206:55 | () => ( ... nted }) | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:206:27:206:55 | () => ( ... nted }) | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:206:27:206:55 | () => ( ... nted }) | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:206:27:206:55 | () => ( ... nted }) | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:206:27:206:55 | () => ( ... nted }) | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:206:27:206:55 | () => ( ... nted }) | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:206:27:206:55 | () => ( ... nted }) | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:206:27:206:55 | () => ( ... nted }) | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:206:27:206:55 | () => ( ... nted }) | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:206:27:206:55 | () => ( ... nted }) | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:206:27:206:55 | () => ( ... nted }) | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:212:15:212:20 | 'myId' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:212:15:212:20 | 'myId' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:212:15:212:20 | 'myId' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:212:15:212:20 | 'myId' | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/tst.js:212:15:212:20 | 'myId' | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:212:15:212:20 | 'myId' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:212:15:212:20 | 'myId' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:212:15:212:20 | 'myId' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:212:15:212:20 | 'myId' | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/tst.js:212:15:212:20 | 'myId' | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:212:15:212:20 | 'myId' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:212:15:212:20 | 'myId' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:212:15:212:20 | 'myId' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:212:15:212:20 | 'myId' | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/tst.js:212:15:212:20 | 'myId' | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:212:15:212:20 | 'myId' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:212:15:212:20 | 'myId' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:212:15:212:20 | 'myId' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:212:15:212:20 | 'myId' | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/tst.js:212:15:212:20 | 'myId' | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:212:28:212:46 | this.state.tainted1 | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:212:28:212:46 | this.state.tainted1 | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:212:28:212:46 | this.state.tainted1 | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:212:28:212:46 | this.state.tainted1 | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/tst.js:213:15:213:20 | 'myId' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:213:15:213:20 | 'myId' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:213:15:213:20 | 'myId' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:213:15:213:20 | 'myId' | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/tst.js:213:15:213:20 | 'myId' | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:213:15:213:20 | 'myId' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:213:15:213:20 | 'myId' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:213:15:213:20 | 'myId' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:213:15:213:20 | 'myId' | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/tst.js:213:15:213:20 | 'myId' | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:213:15:213:20 | 'myId' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:213:15:213:20 | 'myId' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:213:15:213:20 | 'myId' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:213:15:213:20 | 'myId' | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/tst.js:213:15:213:20 | 'myId' | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:213:15:213:20 | 'myId' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:213:15:213:20 | 'myId' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:213:15:213:20 | 'myId' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:213:15:213:20 | 'myId' | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/tst.js:213:15:213:20 | 'myId' | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:213:28:213:46 | this.state.tainted2 | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:213:28:213:46 | this.state.tainted2 | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:213:28:213:46 | this.state.tainted2 | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:213:28:213:46 | this.state.tainted2 | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/tst.js:214:15:214:20 | 'myId' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:214:15:214:20 | 'myId' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:214:15:214:20 | 'myId' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:214:15:214:20 | 'myId' | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/tst.js:214:15:214:20 | 'myId' | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:214:15:214:20 | 'myId' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:214:15:214:20 | 'myId' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:214:15:214:20 | 'myId' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:214:15:214:20 | 'myId' | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/tst.js:214:15:214:20 | 'myId' | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:214:15:214:20 | 'myId' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:214:15:214:20 | 'myId' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:214:15:214:20 | 'myId' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:214:15:214:20 | 'myId' | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/tst.js:214:15:214:20 | 'myId' | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:214:15:214:20 | 'myId' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:214:15:214:20 | 'myId' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:214:15:214:20 | 'myId' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:214:15:214:20 | 'myId' | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/tst.js:214:15:214:20 | 'myId' | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:214:28:214:46 | this.state.tainted3 | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:214:28:214:46 | this.state.tainted3 | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:214:28:214:46 | this.state.tainted3 | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:214:28:214:46 | this.state.tainted3 | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/tst.js:215:15:215:20 | 'myId' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:215:15:215:20 | 'myId' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:215:15:215:20 | 'myId' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:215:15:215:20 | 'myId' | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/tst.js:215:15:215:20 | 'myId' | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:215:15:215:20 | 'myId' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:215:15:215:20 | 'myId' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:215:15:215:20 | 'myId' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:215:15:215:20 | 'myId' | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/tst.js:215:15:215:20 | 'myId' | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:215:15:215:20 | 'myId' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:215:15:215:20 | 'myId' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:215:15:215:20 | 'myId' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:215:15:215:20 | 'myId' | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/tst.js:215:15:215:20 | 'myId' | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:215:15:215:20 | 'myId' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:215:15:215:20 | 'myId' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:215:15:215:20 | 'myId' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:215:15:215:20 | 'myId' | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/tst.js:215:15:215:20 | 'myId' | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:215:28:215:48 | this.st ... Tainted | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:215:28:215:48 | this.st ... Tainted | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:215:28:215:48 | this.st ... Tainted | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:215:28:215:48 | this.st ... Tainted | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/tst.js:217:27:219:13 | prevSta ... } | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:217:27:219:13 | prevSta ... } | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:217:27:219:13 | prevSta ... } | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:217:27:219:13 | prevSta ... } | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:217:27:219:13 | prevSta ... } | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:217:27:219:13 | prevSta ... } | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:217:27:219:13 | prevSta ... } | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:217:27:219:13 | prevSta ... } | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:217:27:219:13 | prevSta ... } | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:217:27:219:13 | prevSta ... } | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:217:27:219:13 | prevSta ... } | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:217:27:219:13 | prevSta ... } | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:218:19:218:24 | 'myId' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:218:19:218:24 | 'myId' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:218:19:218:24 | 'myId' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:218:19:218:24 | 'myId' | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/tst.js:218:19:218:24 | 'myId' | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:218:19:218:24 | 'myId' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:218:19:218:24 | 'myId' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:218:19:218:24 | 'myId' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:218:19:218:24 | 'myId' | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/tst.js:218:19:218:24 | 'myId' | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:218:19:218:24 | 'myId' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:218:19:218:24 | 'myId' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:218:19:218:24 | 'myId' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:218:19:218:24 | 'myId' | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/tst.js:218:19:218:24 | 'myId' | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:218:19:218:24 | 'myId' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:218:19:218:24 | 'myId' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:218:19:218:24 | 'myId' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:218:19:218:24 | 'myId' | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/tst.js:218:19:218:24 | 'myId' | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:218:32:218:49 | prevState.tainted4 | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:218:32:218:49 | prevState.tainted4 | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:218:32:218:49 | prevState.tainted4 | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:218:32:218:49 | prevState.tainted4 | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/tst.js:225:15:225:20 | 'myId' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:225:15:225:20 | 'myId' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:225:15:225:20 | 'myId' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:225:15:225:20 | 'myId' | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/tst.js:225:15:225:20 | 'myId' | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:225:15:225:20 | 'myId' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:225:15:225:20 | 'myId' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:225:15:225:20 | 'myId' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:225:15:225:20 | 'myId' | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/tst.js:225:15:225:20 | 'myId' | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:225:15:225:20 | 'myId' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:225:15:225:20 | 'myId' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:225:15:225:20 | 'myId' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:225:15:225:20 | 'myId' | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/tst.js:225:15:225:20 | 'myId' | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:225:15:225:20 | 'myId' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:225:15:225:20 | 'myId' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:225:15:225:20 | 'myId' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:225:15:225:20 | 'myId' | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/tst.js:225:15:225:20 | 'myId' | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:225:28:225:46 | this.props.tainted1 | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:225:28:225:46 | this.props.tainted1 | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:225:28:225:46 | this.props.tainted1 | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:225:28:225:46 | this.props.tainted1 | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/tst.js:226:15:226:20 | 'myId' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:226:15:226:20 | 'myId' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:226:15:226:20 | 'myId' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:226:15:226:20 | 'myId' | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/tst.js:226:15:226:20 | 'myId' | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:226:15:226:20 | 'myId' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:226:15:226:20 | 'myId' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:226:15:226:20 | 'myId' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:226:15:226:20 | 'myId' | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/tst.js:226:15:226:20 | 'myId' | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:226:15:226:20 | 'myId' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:226:15:226:20 | 'myId' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:226:15:226:20 | 'myId' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:226:15:226:20 | 'myId' | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/tst.js:226:15:226:20 | 'myId' | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:226:15:226:20 | 'myId' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:226:15:226:20 | 'myId' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:226:15:226:20 | 'myId' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:226:15:226:20 | 'myId' | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/tst.js:226:15:226:20 | 'myId' | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:226:28:226:46 | this.props.tainted2 | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:226:28:226:46 | this.props.tainted2 | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:226:28:226:46 | this.props.tainted2 | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:226:28:226:46 | this.props.tainted2 | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/tst.js:227:15:227:20 | 'myId' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:227:15:227:20 | 'myId' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:227:15:227:20 | 'myId' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:227:15:227:20 | 'myId' | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/tst.js:227:15:227:20 | 'myId' | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:227:15:227:20 | 'myId' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:227:15:227:20 | 'myId' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:227:15:227:20 | 'myId' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:227:15:227:20 | 'myId' | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/tst.js:227:15:227:20 | 'myId' | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:227:15:227:20 | 'myId' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:227:15:227:20 | 'myId' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:227:15:227:20 | 'myId' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:227:15:227:20 | 'myId' | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/tst.js:227:15:227:20 | 'myId' | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:227:15:227:20 | 'myId' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:227:15:227:20 | 'myId' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:227:15:227:20 | 'myId' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:227:15:227:20 | 'myId' | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/tst.js:227:15:227:20 | 'myId' | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:227:28:227:46 | this.props.tainted3 | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:227:28:227:46 | this.props.tainted3 | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:227:28:227:46 | this.props.tainted3 | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:227:28:227:46 | this.props.tainted3 | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/tst.js:228:15:228:20 | 'myId' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:228:15:228:20 | 'myId' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:228:15:228:20 | 'myId' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:228:15:228:20 | 'myId' | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/tst.js:228:15:228:20 | 'myId' | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:228:15:228:20 | 'myId' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:228:15:228:20 | 'myId' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:228:15:228:20 | 'myId' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:228:15:228:20 | 'myId' | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/tst.js:228:15:228:20 | 'myId' | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:228:15:228:20 | 'myId' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:228:15:228:20 | 'myId' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:228:15:228:20 | 'myId' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:228:15:228:20 | 'myId' | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/tst.js:228:15:228:20 | 'myId' | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:228:15:228:20 | 'myId' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:228:15:228:20 | 'myId' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:228:15:228:20 | 'myId' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:228:15:228:20 | 'myId' | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/tst.js:228:15:228:20 | 'myId' | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:228:28:228:48 | this.pr ... Tainted | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:228:28:228:48 | this.pr ... Tainted | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:228:28:228:48 | this.pr ... Tainted | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:228:28:228:48 | this.pr ... Tainted | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/tst.js:230:27:232:13 | (prevSt ... } | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:230:27:232:13 | (prevSt ... } | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:230:27:232:13 | (prevSt ... } | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:230:27:232:13 | (prevSt ... } | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:230:27:232:13 | (prevSt ... } | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:230:27:232:13 | (prevSt ... } | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:230:27:232:13 | (prevSt ... } | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:230:27:232:13 | (prevSt ... } | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:230:27:232:13 | (prevSt ... } | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:230:27:232:13 | (prevSt ... } | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:230:27:232:13 | (prevSt ... } | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:230:27:232:13 | (prevSt ... } | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:231:19:231:24 | 'myId' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:231:19:231:24 | 'myId' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:231:19:231:24 | 'myId' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:231:19:231:24 | 'myId' | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/tst.js:231:19:231:24 | 'myId' | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:231:19:231:24 | 'myId' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:231:19:231:24 | 'myId' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:231:19:231:24 | 'myId' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:231:19:231:24 | 'myId' | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/tst.js:231:19:231:24 | 'myId' | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:231:19:231:24 | 'myId' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:231:19:231:24 | 'myId' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:231:19:231:24 | 'myId' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:231:19:231:24 | 'myId' | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/tst.js:231:19:231:24 | 'myId' | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:231:19:231:24 | 'myId' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:231:19:231:24 | 'myId' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:231:19:231:24 | 'myId' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:231:19:231:24 | 'myId' | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/tst.js:231:19:231:24 | 'myId' | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:231:32:231:49 | prevProps.tainted4 | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:231:32:231:49 | prevProps.tainted4 | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:231:32:231:49 | prevProps.tainted4 | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:231:32:231:49 | prevProps.tainted4 | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/tst.js:246:19:246:23 | props | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:246:19:246:23 | props | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:246:19:246:23 | props | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:246:19:246:23 | props | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:246:19:246:23 | props | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:246:19:246:23 | props | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:246:19:246:23 | props | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:246:19:246:23 | props | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:246:19:246:23 | props | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:246:19:246:23 | props | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:246:19:246:23 | props | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:246:19:246:23 | props | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:246:19:246:23 | props | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:246:19:246:23 | props | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:246:19:246:23 | props | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:246:19:246:23 | props | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:251:51:251:83 | {__html ... ainted} | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:251:51:251:83 | {__html ... ainted} | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:251:51:251:83 | {__html ... ainted} | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:251:51:251:83 | {__html ... ainted} | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:251:60:251:82 | this.st ... Tainted | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:251:60:251:82 | this.st ... Tainted | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:251:60:251:82 | this.st ... Tainted | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:251:60:251:82 | this.st ... Tainted | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/tst.js:259:7:259:17 | window.name | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:259:7:259:17 | window.name | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:259:7:259:17 | window.name | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:259:7:259:17 | window.name | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/tst.js:260:7:260:10 | name | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:260:7:260:10 | name | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:260:7:260:10 | name | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:260:7:260:10 | name | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/tst.js:264:11:264:21 | window.name | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:264:11:264:21 | window.name | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:264:11:264:21 | window.name | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:264:11:264:21 | window.name | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/tst.js:265:11:265:14 | name | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:265:11:265:14 | name | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:265:11:265:14 | name | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:265:11:265:14 | name | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/tst.js:270:7:270:14 | location | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:270:7:270:14 | location | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:270:7:270:14 | location | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:270:7:270:14 | location | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/tst.js:271:7:271:21 | window.location | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:271:7:271:21 | window.location | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:271:7:271:21 | window.location | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:271:7:271:21 | window.location | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/tst.js:272:7:272:23 | document.location | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:272:7:272:23 | document.location | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:272:7:272:23 | document.location | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:272:7:272:23 | document.location | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/tst.js:276:7:276:10 | loc1 | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:276:7:276:10 | loc1 | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:276:7:276:10 | loc1 | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:276:7:276:10 | loc1 | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/tst.js:277:7:277:10 | loc2 | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:277:7:277:10 | loc2 | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:277:7:277:10 | loc2 | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:277:7:277:10 | loc2 | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/tst.js:278:7:278:10 | loc3 | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:278:7:278:10 | loc3 | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:278:7:278:10 | loc3 | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:278:7:278:10 | loc3 | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/tst.js:280:7:280:12 | "body" | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:280:7:280:12 | "body" | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:280:7:280:12 | "body" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:280:7:280:12 | "body" | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/tst.js:280:7:280:12 | "body" | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:280:7:280:12 | "body" | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:280:7:280:12 | "body" | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:280:7:280:12 | "body" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:280:7:280:12 | "body" | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/tst.js:280:7:280:12 | "body" | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:280:7:280:12 | "body" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:280:7:280:12 | "body" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:280:7:280:12 | "body" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:280:7:280:12 | "body" | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/tst.js:280:7:280:12 | "body" | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:280:7:280:12 | "body" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:280:7:280:12 | "body" | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:280:7:280:12 | "body" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:280:7:280:12 | "body" | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/tst.js:280:7:280:12 | "body" | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:280:22:280:29 | location | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:280:22:280:29 | location | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:280:22:280:29 | location | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:280:22:280:29 | location | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/tst.js:287:22:287:65 | documen ... item(0) | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:287:22:287:65 | documen ... item(0) | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:287:22:287:65 | documen ... item(0) | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:287:22:287:65 | documen ... item(0) | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:287:22:287:65 | documen ... item(0) | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:287:22:287:65 | documen ... item(0) | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:287:22:287:65 | documen ... item(0) | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:287:22:287:65 | documen ... item(0) | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:287:22:287:65 | documen ... item(0) | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:287:22:287:65 | documen ... item(0) | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:287:22:287:65 | documen ... item(0) | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:287:22:287:65 | documen ... item(0) | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:287:22:287:65 | documen ... item(0) | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:287:22:287:65 | documen ... item(0) | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:287:22:287:65 | documen ... item(0) | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:287:22:287:65 | documen ... item(0) | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:287:52:287:56 | "div" | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:287:52:287:56 | "div" | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:287:52:287:56 | "div" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:287:52:287:56 | "div" | NosqlInjection | notASinkReason | DOM | string | -| autogenerated/Xss/DomBasedXss/tst.js:287:52:287:56 | "div" | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:287:52:287:56 | "div" | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:287:52:287:56 | "div" | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:287:52:287:56 | "div" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:287:52:287:56 | "div" | SqlInjection | notASinkReason | DOM | string | -| autogenerated/Xss/DomBasedXss/tst.js:287:52:287:56 | "div" | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:287:52:287:56 | "div" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:287:52:287:56 | "div" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:287:52:287:56 | "div" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:287:52:287:56 | "div" | TaintedPath | notASinkReason | DOM | string | -| autogenerated/Xss/DomBasedXss/tst.js:287:52:287:56 | "div" | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:287:52:287:56 | "div" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:287:52:287:56 | "div" | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:287:52:287:56 | "div" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:287:52:287:56 | "div" | Xss | notASinkReason | DOM | string | -| autogenerated/Xss/DomBasedXss/tst.js:287:52:287:56 | "div" | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:287:64:287:64 | 0 | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:287:64:287:64 | 0 | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:287:64:287:64 | 0 | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:287:64:287:64 | 0 | NosqlInjection | notASinkReason | DOM | string | -| autogenerated/Xss/DomBasedXss/tst.js:287:64:287:64 | 0 | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:287:64:287:64 | 0 | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:287:64:287:64 | 0 | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:287:64:287:64 | 0 | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:287:64:287:64 | 0 | SqlInjection | notASinkReason | DOM | string | -| autogenerated/Xss/DomBasedXss/tst.js:287:64:287:64 | 0 | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:287:64:287:64 | 0 | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:287:64:287:64 | 0 | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:287:64:287:64 | 0 | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:287:64:287:64 | 0 | TaintedPath | notASinkReason | DOM | string | -| autogenerated/Xss/DomBasedXss/tst.js:287:64:287:64 | 0 | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:287:64:287:64 | 0 | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:287:64:287:64 | 0 | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:287:64:287:64 | 0 | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:287:64:287:64 | 0 | Xss | notASinkReason | DOM | string | -| autogenerated/Xss/DomBasedXss/tst.js:287:64:287:64 | 0 | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:288:59:288:65 | tainted | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:288:59:288:65 | tainted | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:288:59:288:65 | tainted | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:288:59:288:65 | tainted | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/tst.js:289:31:289:46 | documentFragment | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:289:31:289:46 | documentFragment | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:289:31:289:46 | documentFragment | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:289:31:289:46 | documentFragment | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/tst.js:296:9:296:9 | p | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:296:9:296:9 | p | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:296:9:296:9 | p | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:296:9:296:9 | p | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/tst.js:303:5:303:10 | "body" | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:303:5:303:10 | "body" | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:303:5:303:10 | "body" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:303:5:303:10 | "body" | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/tst.js:303:5:303:10 | "body" | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:303:5:303:10 | "body" | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:303:5:303:10 | "body" | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:303:5:303:10 | "body" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:303:5:303:10 | "body" | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/tst.js:303:5:303:10 | "body" | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:303:5:303:10 | "body" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:303:5:303:10 | "body" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:303:5:303:10 | "body" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:303:5:303:10 | "body" | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/tst.js:303:5:303:10 | "body" | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:303:5:303:10 | "body" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:303:5:303:10 | "body" | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:303:5:303:10 | "body" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:303:5:303:10 | "body" | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/tst.js:303:5:303:10 | "body" | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:303:20:303:20 | e | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:303:20:303:20 | e | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:303:20:303:20 | e | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:303:20:303:20 | e | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/tst.js:311:5:311:10 | "body" | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:311:5:311:10 | "body" | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:311:5:311:10 | "body" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:311:5:311:10 | "body" | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/tst.js:311:5:311:10 | "body" | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:311:5:311:10 | "body" | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:311:5:311:10 | "body" | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:311:5:311:10 | "body" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:311:5:311:10 | "body" | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/tst.js:311:5:311:10 | "body" | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:311:5:311:10 | "body" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:311:5:311:10 | "body" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:311:5:311:10 | "body" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:311:5:311:10 | "body" | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/tst.js:311:5:311:10 | "body" | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:311:5:311:10 | "body" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:311:5:311:10 | "body" | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:311:5:311:10 | "body" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:311:5:311:10 | "body" | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/tst.js:311:5:311:10 | "body" | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:311:20:311:20 | e | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:311:20:311:20 | e | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:311:20:311:20 | e | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:311:20:311:20 | e | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/tst.js:316:35:316:42 | location | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:316:35:316:42 | location | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:316:35:316:42 | location | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:316:35:316:42 | location | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/tst.js:323:5:323:10 | 'myId' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:323:5:323:10 | 'myId' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:323:5:323:10 | 'myId' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:323:5:323:10 | 'myId' | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/tst.js:323:5:323:10 | 'myId' | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:323:5:323:10 | 'myId' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:323:5:323:10 | 'myId' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:323:5:323:10 | 'myId' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:323:5:323:10 | 'myId' | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/tst.js:323:5:323:10 | 'myId' | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:323:5:323:10 | 'myId' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:323:5:323:10 | 'myId' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:323:5:323:10 | 'myId' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:323:5:323:10 | 'myId' | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/tst.js:323:5:323:10 | 'myId' | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:323:5:323:10 | 'myId' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:323:5:323:10 | 'myId' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:323:5:323:10 | 'myId' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:323:5:323:10 | 'myId' | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/tst.js:323:5:323:10 | 'myId' | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:323:18:323:30 | target.length | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:323:18:323:30 | target.length | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:323:18:323:30 | target.length | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:323:18:323:30 | target.length | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/tst.js:332:5:332:10 | 'name' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:332:5:332:10 | 'name' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:332:5:332:10 | 'name' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:332:5:332:10 | 'name' | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/tst.js:332:5:332:10 | 'name' | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:332:5:332:10 | 'name' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:332:5:332:10 | 'name' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:332:5:332:10 | 'name' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:332:5:332:10 | 'name' | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/tst.js:332:5:332:10 | 'name' | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:332:5:332:10 | 'name' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:332:5:332:10 | 'name' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:332:5:332:10 | 'name' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:332:5:332:10 | 'name' | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/tst.js:332:5:332:10 | 'name' | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:332:5:332:10 | 'name' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:332:5:332:10 | 'name' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:332:5:332:10 | 'name' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:332:5:332:10 | 'name' | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/tst.js:332:5:332:10 | 'name' | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:332:18:332:35 | params.get('name') | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:332:18:332:35 | params.get('name') | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:332:18:332:35 | params.get('name') | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:332:18:332:35 | params.get('name') | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/tst.js:332:29:332:34 | 'name' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:332:29:332:34 | 'name' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:332:29:332:34 | 'name' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:332:29:332:34 | 'name' | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:332:29:332:34 | 'name' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:332:29:332:34 | 'name' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:332:29:332:34 | 'name' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:332:29:332:34 | 'name' | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:332:29:332:34 | 'name' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:332:29:332:34 | 'name' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:332:29:332:34 | 'name' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:332:29:332:34 | 'name' | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:332:29:332:34 | 'name' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:332:29:332:34 | 'name' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:332:29:332:34 | 'name' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:332:29:332:34 | 'name' | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:335:5:335:10 | 'name' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:335:5:335:10 | 'name' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:335:5:335:10 | 'name' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:335:5:335:10 | 'name' | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/tst.js:335:5:335:10 | 'name' | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:335:5:335:10 | 'name' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:335:5:335:10 | 'name' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:335:5:335:10 | 'name' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:335:5:335:10 | 'name' | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/tst.js:335:5:335:10 | 'name' | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:335:5:335:10 | 'name' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:335:5:335:10 | 'name' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:335:5:335:10 | 'name' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:335:5:335:10 | 'name' | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/tst.js:335:5:335:10 | 'name' | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:335:5:335:10 | 'name' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:335:5:335:10 | 'name' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:335:5:335:10 | 'name' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:335:5:335:10 | 'name' | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/tst.js:335:5:335:10 | 'name' | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:335:18:335:34 | myUrl.get('name') | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:335:18:335:34 | myUrl.get('name') | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:335:18:335:34 | myUrl.get('name') | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:335:18:335:34 | myUrl.get('name') | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/tst.js:335:28:335:33 | 'name' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:335:28:335:33 | 'name' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:335:28:335:33 | 'name' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:335:28:335:33 | 'name' | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:335:28:335:33 | 'name' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:335:28:335:33 | 'name' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:335:28:335:33 | 'name' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:335:28:335:33 | 'name' | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:335:28:335:33 | 'name' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:335:28:335:33 | 'name' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:335:28:335:33 | 'name' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:335:28:335:33 | 'name' | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:335:28:335:33 | 'name' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:335:28:335:33 | 'name' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:335:28:335:33 | 'name' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:335:28:335:33 | 'name' | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:343:5:343:30 | getUrl( ... ring(1) | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:343:5:343:30 | getUrl( ... ring(1) | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:343:5:343:30 | getUrl( ... ring(1) | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:343:5:343:30 | getUrl( ... ring(1) | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/tst.js:343:29:343:29 | 1 | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:343:29:343:29 | 1 | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:343:29:343:29 | 1 | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:343:29:343:29 | 1 | NosqlInjection | notASinkReason | BuiltinCallName | string | -| autogenerated/Xss/DomBasedXss/tst.js:343:29:343:29 | 1 | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:343:29:343:29 | 1 | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:343:29:343:29 | 1 | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:343:29:343:29 | 1 | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:343:29:343:29 | 1 | SqlInjection | notASinkReason | BuiltinCallName | string | -| autogenerated/Xss/DomBasedXss/tst.js:343:29:343:29 | 1 | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:343:29:343:29 | 1 | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:343:29:343:29 | 1 | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:343:29:343:29 | 1 | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:343:29:343:29 | 1 | TaintedPath | notASinkReason | BuiltinCallName | string | -| autogenerated/Xss/DomBasedXss/tst.js:343:29:343:29 | 1 | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:343:29:343:29 | 1 | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:343:29:343:29 | 1 | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:343:29:343:29 | 1 | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:343:29:343:29 | 1 | Xss | notASinkReason | BuiltinCallName | string | -| autogenerated/Xss/DomBasedXss/tst.js:343:29:343:29 | 1 | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:349:12:349:17 | target | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:349:12:349:17 | target | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:349:12:349:17 | target | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:349:12:349:17 | target | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/tst.js:356:16:356:21 | target | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:356:16:356:21 | target | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:356:16:356:21 | target | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:356:16:356:21 | target | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/tst.js:357:20:357:25 | target | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:357:20:357:25 | target | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:357:20:357:25 | target | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:357:20:357:25 | target | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:359:13:364:3 | functio ... OK.\\n\\t\\t} | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:359:13:364:3 | functio ... OK.\\n\\t\\t} | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:359:13:364:3 | functio ... OK.\\n\\t\\t} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:359:13:364:3 | functio ... OK.\\n\\t\\t} | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/tst.js:359:13:364:3 | functio ... OK.\\n\\t\\t} | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:359:13:364:3 | functio ... OK.\\n\\t\\t} | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:359:13:364:3 | functio ... OK.\\n\\t\\t} | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:359:13:364:3 | functio ... OK.\\n\\t\\t} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:359:13:364:3 | functio ... OK.\\n\\t\\t} | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/tst.js:359:13:364:3 | functio ... OK.\\n\\t\\t} | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:359:13:364:3 | functio ... OK.\\n\\t\\t} | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:359:13:364:3 | functio ... OK.\\n\\t\\t} | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:359:13:364:3 | functio ... OK.\\n\\t\\t} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:359:13:364:3 | functio ... OK.\\n\\t\\t} | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/tst.js:359:13:364:3 | functio ... OK.\\n\\t\\t} | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:359:13:364:3 | functio ... OK.\\n\\t\\t} | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:359:13:364:3 | functio ... OK.\\n\\t\\t} | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:359:13:364:3 | functio ... OK.\\n\\t\\t} | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:359:13:364:3 | functio ... OK.\\n\\t\\t} | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/tst.js:359:13:364:3 | functio ... OK.\\n\\t\\t} | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:360:21:360:26 | target | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:360:21:360:26 | target | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:360:21:360:26 | target | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:360:21:360:26 | target | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/tst.js:361:14:361:19 | target | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:361:14:361:19 | target | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:361:14:361:19 | target | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:361:14:361:19 | target | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:361:14:361:19 | target | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:361:14:361:19 | target | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:361:14:361:19 | target | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:361:14:361:19 | target | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:361:14:361:19 | target | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:361:14:361:19 | target | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:361:14:361:19 | target | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:361:14:361:19 | target | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:363:18:363:23 | target | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:363:18:363:23 | target | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:363:18:363:23 | target | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:363:18:363:23 | target | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/tst.js:374:5:374:10 | 'myId' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:374:5:374:10 | 'myId' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:374:5:374:10 | 'myId' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:374:5:374:10 | 'myId' | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/tst.js:374:5:374:10 | 'myId' | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:374:5:374:10 | 'myId' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:374:5:374:10 | 'myId' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:374:5:374:10 | 'myId' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:374:5:374:10 | 'myId' | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/tst.js:374:5:374:10 | 'myId' | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:374:5:374:10 | 'myId' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:374:5:374:10 | 'myId' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:374:5:374:10 | 'myId' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:374:5:374:10 | 'myId' | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/tst.js:374:5:374:10 | 'myId' | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:374:5:374:10 | 'myId' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:374:5:374:10 | 'myId' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:374:5:374:10 | 'myId' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:374:5:374:10 | 'myId' | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/tst.js:374:5:374:10 | 'myId' | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:374:18:374:23 | target | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:374:18:374:23 | target | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:374:18:374:23 | target | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:374:18:374:23 | target | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/tst.js:377:5:377:10 | 'myid' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:377:5:377:10 | 'myid' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:377:5:377:10 | 'myid' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:377:5:377:10 | 'myid' | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/tst.js:377:5:377:10 | 'myid' | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:377:5:377:10 | 'myid' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:377:5:377:10 | 'myid' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:377:5:377:10 | 'myid' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:377:5:377:10 | 'myid' | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/tst.js:377:5:377:10 | 'myid' | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:377:5:377:10 | 'myid' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:377:5:377:10 | 'myid' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:377:5:377:10 | 'myid' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:377:5:377:10 | 'myid' | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/tst.js:377:5:377:10 | 'myid' | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:377:5:377:10 | 'myid' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:377:5:377:10 | 'myid' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:377:5:377:10 | 'myid' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:377:5:377:10 | 'myid' | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/tst.js:377:5:377:10 | 'myid' | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:377:18:377:53 | documen ... "?")[0] | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:377:18:377:53 | documen ... "?")[0] | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:377:18:377:53 | documen ... "?")[0] | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:377:18:377:53 | documen ... "?")[0] | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/tst.js:377:47:377:49 | "?" | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:377:47:377:49 | "?" | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:377:47:377:49 | "?" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:377:47:377:49 | "?" | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:377:47:377:49 | "?" | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:377:47:377:49 | "?" | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:377:47:377:49 | "?" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:377:47:377:49 | "?" | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:377:47:377:49 | "?" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:377:47:377:49 | "?" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:377:47:377:49 | "?" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:377:47:377:49 | "?" | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:377:47:377:49 | "?" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:377:47:377:49 | "?" | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:377:47:377:49 | "?" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:377:47:377:49 | "?" | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:384:5:384:10 | 'myId' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:384:5:384:10 | 'myId' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:384:5:384:10 | 'myId' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:384:5:384:10 | 'myId' | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/tst.js:384:5:384:10 | 'myId' | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:384:5:384:10 | 'myId' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:384:5:384:10 | 'myId' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:384:5:384:10 | 'myId' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:384:5:384:10 | 'myId' | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/tst.js:384:5:384:10 | 'myId' | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:384:5:384:10 | 'myId' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:384:5:384:10 | 'myId' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:384:5:384:10 | 'myId' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:384:5:384:10 | 'myId' | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/tst.js:384:5:384:10 | 'myId' | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:384:5:384:10 | 'myId' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:384:5:384:10 | 'myId' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:384:5:384:10 | 'myId' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:384:5:384:10 | 'myId' | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/tst.js:384:5:384:10 | 'myId' | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:384:18:384:23 | target | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:384:18:384:23 | target | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:384:18:384:23 | target | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:384:18:384:23 | target | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/tst.js:386:5:386:10 | 'myId' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:386:5:386:10 | 'myId' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:386:5:386:10 | 'myId' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:386:5:386:10 | 'myId' | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/tst.js:386:5:386:10 | 'myId' | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:386:5:386:10 | 'myId' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:386:5:386:10 | 'myId' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:386:5:386:10 | 'myId' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:386:5:386:10 | 'myId' | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/tst.js:386:5:386:10 | 'myId' | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:386:5:386:10 | 'myId' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:386:5:386:10 | 'myId' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:386:5:386:10 | 'myId' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:386:5:386:10 | 'myId' | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/tst.js:386:5:386:10 | 'myId' | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:386:5:386:10 | 'myId' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:386:5:386:10 | 'myId' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:386:5:386:10 | 'myId' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:386:5:386:10 | 'myId' | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/tst.js:386:5:386:10 | 'myId' | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:386:18:386:29 | target.taint | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:386:18:386:29 | target.taint | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:386:18:386:29 | target.taint | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:386:18:386:29 | target.taint | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/tst.js:389:5:389:10 | 'myId' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:389:5:389:10 | 'myId' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:389:5:389:10 | 'myId' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:389:5:389:10 | 'myId' | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/tst.js:389:5:389:10 | 'myId' | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:389:5:389:10 | 'myId' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:389:5:389:10 | 'myId' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:389:5:389:10 | 'myId' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:389:5:389:10 | 'myId' | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/tst.js:389:5:389:10 | 'myId' | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:389:5:389:10 | 'myId' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:389:5:389:10 | 'myId' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:389:5:389:10 | 'myId' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:389:5:389:10 | 'myId' | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/tst.js:389:5:389:10 | 'myId' | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:389:5:389:10 | 'myId' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:389:5:389:10 | 'myId' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:389:5:389:10 | 'myId' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:389:5:389:10 | 'myId' | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/tst.js:389:5:389:10 | 'myId' | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:389:18:389:30 | target.taint2 | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:389:18:389:30 | target.taint2 | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:389:18:389:30 | target.taint2 | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:389:18:389:30 | target.taint2 | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/tst.js:392:5:392:10 | 'myId' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:392:5:392:10 | 'myId' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:392:5:392:10 | 'myId' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:392:5:392:10 | 'myId' | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/tst.js:392:5:392:10 | 'myId' | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:392:5:392:10 | 'myId' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:392:5:392:10 | 'myId' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:392:5:392:10 | 'myId' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:392:5:392:10 | 'myId' | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/tst.js:392:5:392:10 | 'myId' | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:392:5:392:10 | 'myId' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:392:5:392:10 | 'myId' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:392:5:392:10 | 'myId' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:392:5:392:10 | 'myId' | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/tst.js:392:5:392:10 | 'myId' | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:392:5:392:10 | 'myId' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:392:5:392:10 | 'myId' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:392:5:392:10 | 'myId' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:392:5:392:10 | 'myId' | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/tst.js:392:5:392:10 | 'myId' | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:392:18:392:30 | target.taint3 | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:392:18:392:30 | target.taint3 | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:392:18:392:30 | target.taint3 | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:392:18:392:30 | target.taint3 | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/tst.js:395:5:395:10 | 'myId' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:395:5:395:10 | 'myId' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:395:5:395:10 | 'myId' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:395:5:395:10 | 'myId' | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/tst.js:395:5:395:10 | 'myId' | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:395:5:395:10 | 'myId' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:395:5:395:10 | 'myId' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:395:5:395:10 | 'myId' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:395:5:395:10 | 'myId' | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/tst.js:395:5:395:10 | 'myId' | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:395:5:395:10 | 'myId' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:395:5:395:10 | 'myId' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:395:5:395:10 | 'myId' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:395:5:395:10 | 'myId' | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/tst.js:395:5:395:10 | 'myId' | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:395:5:395:10 | 'myId' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:395:5:395:10 | 'myId' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:395:5:395:10 | 'myId' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:395:5:395:10 | 'myId' | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/tst.js:395:5:395:10 | 'myId' | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:395:18:395:34 | target.sub.taint4 | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:395:18:395:34 | target.sub.taint4 | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:395:18:395:34 | target.sub.taint4 | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:395:18:395:34 | target.sub.taint4 | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/tst.js:397:5:397:10 | 'myId' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:397:5:397:10 | 'myId' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:397:5:397:10 | 'myId' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:397:5:397:10 | 'myId' | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/tst.js:397:5:397:10 | 'myId' | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:397:5:397:10 | 'myId' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:397:5:397:10 | 'myId' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:397:5:397:10 | 'myId' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:397:5:397:10 | 'myId' | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/tst.js:397:5:397:10 | 'myId' | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:397:5:397:10 | 'myId' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:397:5:397:10 | 'myId' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:397:5:397:10 | 'myId' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:397:5:397:10 | 'myId' | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/tst.js:397:5:397:10 | 'myId' | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:397:5:397:10 | 'myId' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:397:5:397:10 | 'myId' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:397:5:397:10 | 'myId' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:397:5:397:10 | 'myId' | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/tst.js:397:5:397:10 | 'myId' | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:397:18:397:30 | target.taint5 | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:397:18:397:30 | target.taint5 | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:397:18:397:30 | target.taint5 | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:397:18:397:30 | target.taint5 | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/tst.js:402:5:402:10 | 'myId' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:402:5:402:10 | 'myId' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:402:5:402:10 | 'myId' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:402:5:402:10 | 'myId' | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/tst.js:402:5:402:10 | 'myId' | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:402:5:402:10 | 'myId' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:402:5:402:10 | 'myId' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:402:5:402:10 | 'myId' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:402:5:402:10 | 'myId' | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/tst.js:402:5:402:10 | 'myId' | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:402:5:402:10 | 'myId' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:402:5:402:10 | 'myId' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:402:5:402:10 | 'myId' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:402:5:402:10 | 'myId' | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/tst.js:402:5:402:10 | 'myId' | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:402:5:402:10 | 'myId' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:402:5:402:10 | 'myId' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:402:5:402:10 | 'myId' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:402:5:402:10 | 'myId' | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/tst.js:402:5:402:10 | 'myId' | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:402:18:402:30 | target.taint6 | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:402:18:402:30 | target.taint6 | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:402:18:402:30 | target.taint6 | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:402:18:402:30 | target.taint6 | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/tst.js:406:5:406:10 | 'myId' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:406:5:406:10 | 'myId' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:406:5:406:10 | 'myId' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:406:5:406:10 | 'myId' | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/tst.js:406:5:406:10 | 'myId' | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:406:5:406:10 | 'myId' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:406:5:406:10 | 'myId' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:406:5:406:10 | 'myId' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:406:5:406:10 | 'myId' | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/tst.js:406:5:406:10 | 'myId' | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:406:5:406:10 | 'myId' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:406:5:406:10 | 'myId' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:406:5:406:10 | 'myId' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:406:5:406:10 | 'myId' | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/tst.js:406:5:406:10 | 'myId' | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:406:5:406:10 | 'myId' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:406:5:406:10 | 'myId' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:406:5:406:10 | 'myId' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:406:5:406:10 | 'myId' | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/tst.js:406:5:406:10 | 'myId' | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:406:18:406:30 | target.taint7 | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:406:18:406:30 | target.taint7 | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:406:18:406:30 | target.taint7 | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:406:18:406:30 | target.taint7 | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/tst.js:409:5:409:10 | 'myId' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:409:5:409:10 | 'myId' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:409:5:409:10 | 'myId' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:409:5:409:10 | 'myId' | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/tst.js:409:5:409:10 | 'myId' | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:409:5:409:10 | 'myId' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:409:5:409:10 | 'myId' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:409:5:409:10 | 'myId' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:409:5:409:10 | 'myId' | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/tst.js:409:5:409:10 | 'myId' | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:409:5:409:10 | 'myId' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:409:5:409:10 | 'myId' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:409:5:409:10 | 'myId' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:409:5:409:10 | 'myId' | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/tst.js:409:5:409:10 | 'myId' | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:409:5:409:10 | 'myId' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:409:5:409:10 | 'myId' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:409:5:409:10 | 'myId' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:409:5:409:10 | 'myId' | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/tst.js:409:5:409:10 | 'myId' | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:409:18:409:30 | target.taint8 | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:409:18:409:30 | target.taint8 | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:409:18:409:30 | target.taint8 | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:409:18:409:30 | target.taint8 | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/tst.js:412:5:412:10 | 'myId' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:412:5:412:10 | 'myId' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:412:5:412:10 | 'myId' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:412:5:412:10 | 'myId' | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/tst.js:412:5:412:10 | 'myId' | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:412:5:412:10 | 'myId' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:412:5:412:10 | 'myId' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:412:5:412:10 | 'myId' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:412:5:412:10 | 'myId' | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/tst.js:412:5:412:10 | 'myId' | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:412:5:412:10 | 'myId' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:412:5:412:10 | 'myId' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:412:5:412:10 | 'myId' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:412:5:412:10 | 'myId' | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/tst.js:412:5:412:10 | 'myId' | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:412:5:412:10 | 'myId' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:412:5:412:10 | 'myId' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:412:5:412:10 | 'myId' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:412:5:412:10 | 'myId' | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/tst.js:412:5:412:10 | 'myId' | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:412:18:412:30 | target.taint9 | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:412:18:412:30 | target.taint9 | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:412:18:412:30 | target.taint9 | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:412:18:412:30 | target.taint9 | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/tst.js:416:45:416:45 | 1 | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:416:45:416:45 | 1 | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:416:45:416:45 | 1 | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:416:45:416:45 | 1 | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:416:45:416:45 | 1 | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:416:45:416:45 | 1 | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:416:45:416:45 | 1 | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:416:45:416:45 | 1 | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:416:45:416:45 | 1 | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:416:45:416:45 | 1 | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:416:45:416:45 | 1 | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:416:45:416:45 | 1 | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:416:45:416:45 | 1 | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:416:45:416:45 | 1 | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:416:45:416:45 | 1 | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:416:45:416:45 | 1 | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:417:18:417:24 | payload | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:417:18:417:24 | payload | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:417:18:417:24 | payload | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:417:18:417:24 | payload | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/tst.js:419:42:419:54 | /hello (\\w+)/ | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:419:42:419:54 | /hello (\\w+)/ | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:419:42:419:54 | /hello (\\w+)/ | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:419:42:419:54 | /hello (\\w+)/ | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:419:42:419:54 | /hello (\\w+)/ | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:419:42:419:54 | /hello (\\w+)/ | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:419:42:419:54 | /hello (\\w+)/ | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:419:42:419:54 | /hello (\\w+)/ | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:419:42:419:54 | /hello (\\w+)/ | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:419:42:419:54 | /hello (\\w+)/ | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:419:42:419:54 | /hello (\\w+)/ | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:419:42:419:54 | /hello (\\w+)/ | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:419:42:419:54 | /hello (\\w+)/ | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:419:42:419:54 | /hello (\\w+)/ | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:419:42:419:54 | /hello (\\w+)/ | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:419:42:419:54 | /hello (\\w+)/ | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:421:20:421:27 | match[1] | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:421:20:421:27 | match[1] | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:421:20:421:27 | match[1] | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:421:20:421:27 | match[1] | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/tst.js:424:18:424:51 | window. ... '#')[1] | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:424:18:424:51 | window. ... '#')[1] | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:424:18:424:51 | window. ... '#')[1] | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:424:18:424:51 | window. ... '#')[1] | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/tst.js:424:45:424:47 | '#' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:424:45:424:47 | '#' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:424:45:424:47 | '#' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:424:45:424:47 | '#' | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:424:45:424:47 | '#' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:424:45:424:47 | '#' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:424:45:424:47 | '#' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:424:45:424:47 | '#' | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:424:45:424:47 | '#' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:424:45:424:47 | '#' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:424:45:424:47 | '#' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:424:45:424:47 | '#' | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:424:45:424:47 | '#' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:424:45:424:47 | '#' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:424:45:424:47 | '#' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:424:45:424:47 | '#' | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/tst.js:430:5:430:10 | "#foo" | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:430:5:430:10 | "#foo" | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:430:5:430:10 | "#foo" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:430:5:430:10 | "#foo" | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/tst.js:430:5:430:10 | "#foo" | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:430:5:430:10 | "#foo" | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:430:5:430:10 | "#foo" | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:430:5:430:10 | "#foo" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:430:5:430:10 | "#foo" | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/tst.js:430:5:430:10 | "#foo" | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:430:5:430:10 | "#foo" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:430:5:430:10 | "#foo" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:430:5:430:10 | "#foo" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:430:5:430:10 | "#foo" | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/tst.js:430:5:430:10 | "#foo" | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:430:5:430:10 | "#foo" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:430:5:430:10 | "#foo" | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:430:5:430:10 | "#foo" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:430:5:430:10 | "#foo" | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/tst.js:430:5:430:10 | "#foo" | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:430:18:430:89 | target. ... data>') | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:430:18:430:89 | target. ... data>') | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:430:18:430:89 | target. ... data>') | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:430:18:430:89 | target. ... data>') | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/tst.js:432:5:432:10 | "#foo" | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:432:5:432:10 | "#foo" | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:432:5:432:10 | "#foo" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:432:5:432:10 | "#foo" | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/tst.js:432:5:432:10 | "#foo" | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:432:5:432:10 | "#foo" | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:432:5:432:10 | "#foo" | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:432:5:432:10 | "#foo" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:432:5:432:10 | "#foo" | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/tst.js:432:5:432:10 | "#foo" | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:432:5:432:10 | "#foo" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:432:5:432:10 | "#foo" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:432:5:432:10 | "#foo" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:432:5:432:10 | "#foo" | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/tst.js:432:5:432:10 | "#foo" | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:432:5:432:10 | "#foo" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:432:5:432:10 | "#foo" | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:432:5:432:10 | "#foo" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:432:5:432:10 | "#foo" | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/tst.js:432:5:432:10 | "#foo" | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/tst.js:432:18:432:43 | target. ... /g, '') | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:432:18:432:43 | target. ... /g, '') | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:432:18:432:43 | target. ... /g, '') | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/tst.js:432:18:432:43 | target. ... /g, '') | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/typeahead.js:2:38:4:3 | {\\n p ... Url\\n } | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/typeahead.js:2:38:4:3 | {\\n p ... Url\\n } | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/typeahead.js:2:38:4:3 | {\\n p ... Url\\n } | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/typeahead.js:2:38:4:3 | {\\n p ... Url\\n } | NosqlInjection | notASinkReason | ClientRequest | string | -| autogenerated/Xss/DomBasedXss/typeahead.js:2:38:4:3 | {\\n p ... Url\\n } | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/typeahead.js:2:38:4:3 | {\\n p ... Url\\n } | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/typeahead.js:2:38:4:3 | {\\n p ... Url\\n } | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/typeahead.js:2:38:4:3 | {\\n p ... Url\\n } | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/typeahead.js:2:38:4:3 | {\\n p ... Url\\n } | SqlInjection | notASinkReason | ClientRequest | string | -| autogenerated/Xss/DomBasedXss/typeahead.js:2:38:4:3 | {\\n p ... Url\\n } | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/typeahead.js:2:38:4:3 | {\\n p ... Url\\n } | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/typeahead.js:2:38:4:3 | {\\n p ... Url\\n } | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/typeahead.js:2:38:4:3 | {\\n p ... Url\\n } | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/typeahead.js:2:38:4:3 | {\\n p ... Url\\n } | TaintedPath | notASinkReason | ClientRequest | string | -| autogenerated/Xss/DomBasedXss/typeahead.js:2:38:4:3 | {\\n p ... Url\\n } | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/typeahead.js:2:38:4:3 | {\\n p ... Url\\n } | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/typeahead.js:2:38:4:3 | {\\n p ... Url\\n } | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/typeahead.js:2:38:4:3 | {\\n p ... Url\\n } | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/typeahead.js:2:38:4:3 | {\\n p ... Url\\n } | Xss | notASinkReason | ClientRequest | string | -| autogenerated/Xss/DomBasedXss/typeahead.js:2:38:4:3 | {\\n p ... Url\\n } | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/typeahead.js:3:15:3:23 | remoteUrl | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/typeahead.js:3:15:3:23 | remoteUrl | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/typeahead.js:3:15:3:23 | remoteUrl | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/typeahead.js:3:15:3:23 | remoteUrl | NosqlInjection | notASinkReason | ClientRequest | string | -| autogenerated/Xss/DomBasedXss/typeahead.js:3:15:3:23 | remoteUrl | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/typeahead.js:3:15:3:23 | remoteUrl | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/typeahead.js:3:15:3:23 | remoteUrl | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/typeahead.js:3:15:3:23 | remoteUrl | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/typeahead.js:3:15:3:23 | remoteUrl | SqlInjection | notASinkReason | ClientRequest | string | -| autogenerated/Xss/DomBasedXss/typeahead.js:3:15:3:23 | remoteUrl | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/typeahead.js:3:15:3:23 | remoteUrl | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/typeahead.js:3:15:3:23 | remoteUrl | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/typeahead.js:3:15:3:23 | remoteUrl | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/typeahead.js:3:15:3:23 | remoteUrl | TaintedPath | notASinkReason | ClientRequest | string | -| autogenerated/Xss/DomBasedXss/typeahead.js:3:15:3:23 | remoteUrl | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/typeahead.js:3:15:3:23 | remoteUrl | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/typeahead.js:3:15:3:23 | remoteUrl | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/typeahead.js:3:15:3:23 | remoteUrl | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/typeahead.js:3:15:3:23 | remoteUrl | Xss | notASinkReason | ClientRequest | string | -| autogenerated/Xss/DomBasedXss/typeahead.js:3:15:3:23 | remoteUrl | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/typeahead.js:6:5:6:16 | '.typeahead' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/typeahead.js:6:5:6:16 | '.typeahead' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/typeahead.js:6:5:6:16 | '.typeahead' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/typeahead.js:6:5:6:16 | '.typeahead' | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/typeahead.js:6:5:6:16 | '.typeahead' | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/typeahead.js:6:5:6:16 | '.typeahead' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/typeahead.js:6:5:6:16 | '.typeahead' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/typeahead.js:6:5:6:16 | '.typeahead' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/typeahead.js:6:5:6:16 | '.typeahead' | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/typeahead.js:6:5:6:16 | '.typeahead' | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/typeahead.js:6:5:6:16 | '.typeahead' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/typeahead.js:6:5:6:16 | '.typeahead' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/typeahead.js:6:5:6:16 | '.typeahead' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/typeahead.js:6:5:6:16 | '.typeahead' | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/typeahead.js:6:5:6:16 | '.typeahead' | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/typeahead.js:6:5:6:16 | '.typeahead' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/typeahead.js:6:5:6:16 | '.typeahead' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/typeahead.js:6:5:6:16 | '.typeahead' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/typeahead.js:6:5:6:16 | '.typeahead' | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/typeahead.js:6:5:6:16 | '.typeahead' | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/typeahead.js:6:29:6:30 | {} | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/typeahead.js:6:29:6:30 | {} | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/typeahead.js:6:29:6:30 | {} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/typeahead.js:6:29:6:30 | {} | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/typeahead.js:6:29:6:30 | {} | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/typeahead.js:6:29:6:30 | {} | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/typeahead.js:6:29:6:30 | {} | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/typeahead.js:6:29:6:30 | {} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/typeahead.js:6:29:6:30 | {} | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/typeahead.js:6:29:6:30 | {} | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/typeahead.js:6:29:6:30 | {} | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/typeahead.js:6:29:6:30 | {} | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/typeahead.js:6:29:6:30 | {} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/typeahead.js:6:29:6:30 | {} | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/typeahead.js:6:29:6:30 | {} | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/typeahead.js:6:29:6:30 | {} | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/typeahead.js:6:29:6:30 | {} | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/typeahead.js:6:29:6:30 | {} | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/typeahead.js:6:29:6:30 | {} | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/typeahead.js:6:29:6:30 | {} | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/typeahead.js:6:33:13:3 | {\\n s ... }\\n } | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/typeahead.js:6:33:13:3 | {\\n s ... }\\n } | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/typeahead.js:6:33:13:3 | {\\n s ... }\\n } | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/typeahead.js:6:33:13:3 | {\\n s ... }\\n } | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/typeahead.js:6:33:13:3 | {\\n s ... }\\n } | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/typeahead.js:6:33:13:3 | {\\n s ... }\\n } | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/typeahead.js:6:33:13:3 | {\\n s ... }\\n } | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/typeahead.js:6:33:13:3 | {\\n s ... }\\n } | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/typeahead.js:6:33:13:3 | {\\n s ... }\\n } | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/typeahead.js:6:33:13:3 | {\\n s ... }\\n } | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/typeahead.js:6:33:13:3 | {\\n s ... }\\n } | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/typeahead.js:6:33:13:3 | {\\n s ... }\\n } | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/typeahead.js:6:33:13:3 | {\\n s ... }\\n } | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/typeahead.js:6:33:13:3 | {\\n s ... }\\n } | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/typeahead.js:6:33:13:3 | {\\n s ... }\\n } | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/typeahead.js:6:33:13:3 | {\\n s ... }\\n } | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/typeahead.js:6:33:13:3 | {\\n s ... }\\n } | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/typeahead.js:6:33:13:3 | {\\n s ... }\\n } | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/typeahead.js:6:33:13:3 | {\\n s ... }\\n } | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/typeahead.js:6:33:13:3 | {\\n s ... }\\n } | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/typeahead.js:7:13:7:37 | autocom ... apter() | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/typeahead.js:7:13:7:37 | autocom ... apter() | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/typeahead.js:7:13:7:37 | autocom ... apter() | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/typeahead.js:7:13:7:37 | autocom ... apter() | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/typeahead.js:7:13:7:37 | autocom ... apter() | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/typeahead.js:7:13:7:37 | autocom ... apter() | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/typeahead.js:7:13:7:37 | autocom ... apter() | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/typeahead.js:7:13:7:37 | autocom ... apter() | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/typeahead.js:7:13:7:37 | autocom ... apter() | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/typeahead.js:7:13:7:37 | autocom ... apter() | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/typeahead.js:7:13:7:37 | autocom ... apter() | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/typeahead.js:7:13:7:37 | autocom ... apter() | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/typeahead.js:8:16:12:5 | {\\n ... }\\n } | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/typeahead.js:8:16:12:5 | {\\n ... }\\n } | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/typeahead.js:8:16:12:5 | {\\n ... }\\n } | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/typeahead.js:8:16:12:5 | {\\n ... }\\n } | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/typeahead.js:8:16:12:5 | {\\n ... }\\n } | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/typeahead.js:8:16:12:5 | {\\n ... }\\n } | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/typeahead.js:8:16:12:5 | {\\n ... }\\n } | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/typeahead.js:8:16:12:5 | {\\n ... }\\n } | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/typeahead.js:8:16:12:5 | {\\n ... }\\n } | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/typeahead.js:8:16:12:5 | {\\n ... }\\n } | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/typeahead.js:8:16:12:5 | {\\n ... }\\n } | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/typeahead.js:8:16:12:5 | {\\n ... }\\n } | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/typeahead.js:9:19:11:7 | functio ... } | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/typeahead.js:9:19:11:7 | functio ... } | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/typeahead.js:9:19:11:7 | functio ... } | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/typeahead.js:9:19:11:7 | functio ... } | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/typeahead.js:9:19:11:7 | functio ... } | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/typeahead.js:9:19:11:7 | functio ... } | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/typeahead.js:9:19:11:7 | functio ... } | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/typeahead.js:9:19:11:7 | functio ... } | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/typeahead.js:9:19:11:7 | functio ... } | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/typeahead.js:9:19:11:7 | functio ... } | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/typeahead.js:9:19:11:7 | functio ... } | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/typeahead.js:9:19:11:7 | functio ... } | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/typeahead.js:10:16:10:18 | loc | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/typeahead.js:10:16:10:18 | loc | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/typeahead.js:10:16:10:18 | loc | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/typeahead.js:10:16:10:18 | loc | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/typeahead.js:16:5:16:16 | '.typeahead' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/typeahead.js:16:5:16:16 | '.typeahead' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/typeahead.js:16:5:16:16 | '.typeahead' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/typeahead.js:16:5:16:16 | '.typeahead' | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/typeahead.js:16:5:16:16 | '.typeahead' | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/typeahead.js:16:5:16:16 | '.typeahead' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/typeahead.js:16:5:16:16 | '.typeahead' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/typeahead.js:16:5:16:16 | '.typeahead' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/typeahead.js:16:5:16:16 | '.typeahead' | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/typeahead.js:16:5:16:16 | '.typeahead' | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/typeahead.js:16:5:16:16 | '.typeahead' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/typeahead.js:16:5:16:16 | '.typeahead' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/typeahead.js:16:5:16:16 | '.typeahead' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/typeahead.js:16:5:16:16 | '.typeahead' | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/typeahead.js:16:5:16:16 | '.typeahead' | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/typeahead.js:16:5:16:16 | '.typeahead' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/typeahead.js:16:5:16:16 | '.typeahead' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/typeahead.js:16:5:16:16 | '.typeahead' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/typeahead.js:16:5:16:16 | '.typeahead' | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/typeahead.js:16:5:16:16 | '.typeahead' | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/typeahead.js:16:29:16:30 | {} | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/typeahead.js:16:29:16:30 | {} | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/typeahead.js:16:29:16:30 | {} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/typeahead.js:16:29:16:30 | {} | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/typeahead.js:16:29:16:30 | {} | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/typeahead.js:16:29:16:30 | {} | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/typeahead.js:16:29:16:30 | {} | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/typeahead.js:16:29:16:30 | {} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/typeahead.js:16:29:16:30 | {} | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/typeahead.js:16:29:16:30 | {} | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/typeahead.js:16:29:16:30 | {} | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/typeahead.js:16:29:16:30 | {} | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/typeahead.js:16:29:16:30 | {} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/typeahead.js:16:29:16:30 | {} | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/typeahead.js:16:29:16:30 | {} | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/typeahead.js:16:29:16:30 | {} | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/typeahead.js:16:29:16:30 | {} | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/typeahead.js:16:29:16:30 | {} | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/typeahead.js:16:29:16:30 | {} | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/typeahead.js:16:29:16:30 | {} | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/typeahead.js:17:5:28:5 | {\\n ... }\\n } | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/typeahead.js:17:5:28:5 | {\\n ... }\\n } | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/typeahead.js:17:5:28:5 | {\\n ... }\\n } | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/typeahead.js:17:5:28:5 | {\\n ... }\\n } | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/typeahead.js:17:5:28:5 | {\\n ... }\\n } | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/typeahead.js:17:5:28:5 | {\\n ... }\\n } | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/typeahead.js:17:5:28:5 | {\\n ... }\\n } | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/typeahead.js:17:5:28:5 | {\\n ... }\\n } | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/typeahead.js:17:5:28:5 | {\\n ... }\\n } | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/typeahead.js:17:5:28:5 | {\\n ... }\\n } | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/typeahead.js:17:5:28:5 | {\\n ... }\\n } | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/typeahead.js:17:5:28:5 | {\\n ... }\\n } | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/typeahead.js:17:5:28:5 | {\\n ... }\\n } | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/typeahead.js:17:5:28:5 | {\\n ... }\\n } | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/typeahead.js:17:5:28:5 | {\\n ... }\\n } | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/typeahead.js:17:5:28:5 | {\\n ... }\\n } | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/typeahead.js:17:5:28:5 | {\\n ... }\\n } | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/typeahead.js:17:5:28:5 | {\\n ... }\\n } | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/typeahead.js:17:5:28:5 | {\\n ... }\\n } | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/typeahead.js:17:5:28:5 | {\\n ... }\\n } | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/typeahead.js:18:13:18:24 | 'dashboards' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/typeahead.js:18:13:18:24 | 'dashboards' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/typeahead.js:18:13:18:24 | 'dashboards' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/typeahead.js:18:13:18:24 | 'dashboards' | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/typeahead.js:18:13:18:24 | 'dashboards' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/typeahead.js:18:13:18:24 | 'dashboards' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/typeahead.js:18:13:18:24 | 'dashboards' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/typeahead.js:18:13:18:24 | 'dashboards' | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/typeahead.js:18:13:18:24 | 'dashboards' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/typeahead.js:18:13:18:24 | 'dashboards' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/typeahead.js:18:13:18:24 | 'dashboards' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/typeahead.js:18:13:18:24 | 'dashboards' | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/typeahead.js:19:15:22:7 | functio ... } | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/typeahead.js:19:15:22:7 | functio ... } | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/typeahead.js:19:15:22:7 | functio ... } | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/typeahead.js:19:15:22:7 | functio ... } | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/typeahead.js:19:15:22:7 | functio ... } | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/typeahead.js:19:15:22:7 | functio ... } | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/typeahead.js:19:15:22:7 | functio ... } | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/typeahead.js:19:15:22:7 | functio ... } | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/typeahead.js:19:15:22:7 | functio ... } | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/typeahead.js:19:15:22:7 | functio ... } | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/typeahead.js:19:15:22:7 | functio ... } | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/typeahead.js:19:15:22:7 | functio ... } | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/typeahead.js:23:18:27:7 | {\\n ... } | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/typeahead.js:23:18:27:7 | {\\n ... } | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/typeahead.js:23:18:27:7 | {\\n ... } | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/typeahead.js:23:18:27:7 | {\\n ... } | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/typeahead.js:23:18:27:7 | {\\n ... } | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/typeahead.js:23:18:27:7 | {\\n ... } | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/typeahead.js:23:18:27:7 | {\\n ... } | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/typeahead.js:23:18:27:7 | {\\n ... } | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/typeahead.js:23:18:27:7 | {\\n ... } | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/typeahead.js:23:18:27:7 | {\\n ... } | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/typeahead.js:23:18:27:7 | {\\n ... } | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/typeahead.js:23:18:27:7 | {\\n ... } | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/typeahead.js:24:21:26:9 | functio ... } | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/typeahead.js:24:21:26:9 | functio ... } | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/typeahead.js:24:21:26:9 | functio ... } | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/typeahead.js:24:21:26:9 | functio ... } | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/typeahead.js:24:21:26:9 | functio ... } | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/typeahead.js:24:21:26:9 | functio ... } | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/typeahead.js:24:21:26:9 | functio ... } | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/typeahead.js:24:21:26:9 | functio ... } | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/typeahead.js:24:21:26:9 | functio ... } | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/typeahead.js:24:21:26:9 | functio ... } | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/typeahead.js:24:21:26:9 | functio ... } | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/typeahead.js:24:21:26:9 | functio ... } | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/typeahead.js:25:18:25:20 | val | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/typeahead.js:25:18:25:20 | val | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/typeahead.js:25:18:25:20 | val | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/typeahead.js:25:18:25:20 | val | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:4:4:4:10 | "
    " | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:4:4:4:10 | "
    " | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:4:4:4:10 | "
    " | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:4:4:4:10 | "
    " | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:4:4:4:31 | "
    " ...
    " | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:4:4:4:31 | "
    " ...
    " | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:4:4:4:31 | "
    " ...
    " | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:4:4:4:31 | "
    " ...
    " | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:4:14:4:20 | tainted | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:4:14:4:20 | tainted | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:4:14:4:20 | tainted | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:4:14:4:20 | tainted | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:4:24:4:31 | "
    " | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:4:24:4:31 | "
    " | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:4:24:4:31 | "
    " | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:4:24:4:31 | "
    " | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:5:4:5:26 | `
    $ ...
    ` | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:5:4:5:26 | `
    $ ...
    ` | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:5:4:5:26 | `
    $ ...
    ` | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:5:4:5:26 | `
    $ ...
    ` | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:5:5:5:9 |
    | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:5:5:5:9 |
    | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:5:5:5:9 |
    | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:5:5:5:9 |
    | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:5:12:5:18 | tainted | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:5:12:5:18 | tainted | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:5:12:5:18 | tainted | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:5:12:5:18 | tainted | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:5:20:5:25 |
    | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:5:20:5:25 |
    | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:5:20:5:25 |
    | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:5:20:5:25 |
    | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:6:4:6:10 | "
    " | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:6:4:6:10 | "
    " | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:6:4:6:10 | "
    " | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:6:4:6:10 | "
    " | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:6:4:6:43 | "
    " ... /div>") | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:6:4:6:43 | "
    " ... /div>") | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:6:4:6:43 | "
    " ... /div>") | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:6:4:6:43 | "
    " ... /div>") | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:6:19:6:25 | tainted | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:6:19:6:25 | tainted | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:6:19:6:25 | tainted | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:6:19:6:25 | tainted | NosqlInjection | notASinkReason | ConstantReceiver | string | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:6:19:6:25 | tainted | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:6:19:6:25 | tainted | SqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:6:19:6:25 | tainted | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:6:19:6:25 | tainted | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:6:19:6:25 | tainted | SqlInjection | notASinkReason | ConstantReceiver | string | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:6:19:6:25 | tainted | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:6:19:6:25 | tainted | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:6:19:6:25 | tainted | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:6:19:6:25 | tainted | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:6:19:6:25 | tainted | TaintedPath | notASinkReason | ConstantReceiver | string | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:6:19:6:25 | tainted | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:6:19:6:25 | tainted | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:6:19:6:25 | tainted | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:6:19:6:25 | tainted | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:6:19:6:25 | tainted | Xss | notASinkReason | ConstantReceiver | string | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:6:19:6:25 | tainted | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:7:4:7:38 | ["
    ... .join() | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:7:4:7:38 | ["
    ... .join() | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:7:4:7:38 | ["
    ... .join() | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:7:4:7:38 | ["
    ... .join() | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:7:5:7:11 | "
    " | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:7:5:7:11 | "
    " | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:7:5:7:11 | "
    " | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:7:5:7:11 | "
    " | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:7:14:7:20 | tainted | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:7:14:7:20 | tainted | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:7:14:7:20 | tainted | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:7:14:7:20 | tainted | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:7:23:7:30 | "
    " | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:7:23:7:30 | "
    " | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:7:23:7:30 | "
    " | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:7:23:7:30 | "
    " | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:9:4:9:15 | "
    " | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:9:4:9:34 | "
    " | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:9:4:9:34 | "
    " | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:9:4:9:34 | "
    " | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:9:19:9:25 | tainted | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:9:19:9:25 | tainted | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:9:19:9:25 | tainted | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:9:19:9:25 | tainted | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:9:29:9:34 | "\\"/>" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:9:29:9:34 | "\\"/>" | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:9:29:9:34 | "\\"/>" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:9:29:9:34 | "\\"/>" | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:10:4:10:27 | `
    ` | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:10:4:10:27 | `
    ` | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:10:4:10:27 | `
    ` | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:10:4:10:27 | `
    ` | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:10:5:10:13 |
    | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:10:24:10:26 | "/> | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:10:24:10:26 | "/> | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:10:24:10:26 | "/> | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:11:4:11:15 | "
    ") | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:11:4:11:44 | "
    ") | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:11:4:11:44 | "
    ") | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:11:4:11:44 | "
    ") | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:11:24:11:30 | tainted | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:11:24:11:30 | tainted | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:11:24:11:30 | tainted | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:11:24:11:30 | tainted | NosqlInjection | notASinkReason | ConstantReceiver | string | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:11:24:11:30 | tainted | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:11:24:11:30 | tainted | SqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:11:24:11:30 | tainted | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:11:24:11:30 | tainted | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:11:24:11:30 | tainted | SqlInjection | notASinkReason | ConstantReceiver | string | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:11:24:11:30 | tainted | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:11:24:11:30 | tainted | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:11:24:11:30 | tainted | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:11:24:11:30 | tainted | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:11:24:11:30 | tainted | TaintedPath | notASinkReason | ConstantReceiver | string | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:11:24:11:30 | tainted | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:11:24:11:30 | tainted | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:11:24:11:30 | tainted | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:11:24:11:30 | tainted | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:11:24:11:30 | tainted | Xss | notASinkReason | ConstantReceiver | string | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:11:24:11:30 | tainted | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:12:4:12:41 | ["
    " | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:12:28:12:33 | "\\"/>" | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:12:28:12:33 | "\\"/>" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:12:28:12:33 | "\\"/>" | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:15:10:15:23 | '
    ' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:15:59:15:62 | '">' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:15:59:15:62 | '">' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:15:59:15:62 | '">' | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:15:66:15:72 | content | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:15:66:15:72 | content | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:15:66:15:72 | content | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:15:66:15:72 | content | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:15:76:15:83 | '
    ' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:15:76:15:83 | '
    ' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:15:76:15:83 | '
    ' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:15:76:15:83 | '
    ' | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:18:10:18:23 | '
    ' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:18:68:18:71 | '">' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:18:68:18:71 | '">' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:18:68:18:71 | '">' | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:18:80:18:86 | content | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:18:80:18:86 | content | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:18:80:18:86 | content | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:18:80:18:86 | content | NosqlInjection | notASinkReason | ConstantReceiver | string | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:18:80:18:86 | content | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:18:80:18:86 | content | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:18:80:18:86 | content | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:18:80:18:86 | content | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:18:80:18:86 | content | SqlInjection | notASinkReason | ConstantReceiver | string | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:18:80:18:86 | content | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:18:80:18:86 | content | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:18:80:18:86 | content | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:18:80:18:86 | content | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:18:80:18:86 | content | TaintedPath | notASinkReason | ConstantReceiver | string | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:18:80:18:86 | content | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:18:80:18:86 | content | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:18:80:18:86 | content | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:18:80:18:86 | content | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:18:80:18:86 | content | Xss | notASinkReason | ConstantReceiver | string | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:18:80:18:86 | content | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:20:4:20:47 | indirec ... .attrs) | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:20:4:20:47 | indirec ... .attrs) | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:20:4:20:47 | indirec ... .attrs) | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:20:4:20:47 | indirec ... .attrs) | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:21:4:21:47 | indirec ... .attrs) | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:21:4:21:47 | indirec ... .attrs) | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:21:4:21:47 | indirec ... .attrs) | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:21:4:21:47 | indirec ... .attrs) | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/winjs.js:2:52:2:52 | 1 | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/winjs.js:2:52:2:52 | 1 | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/winjs.js:2:52:2:52 | 1 | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/winjs.js:2:52:2:52 | 1 | NosqlInjection | notASinkReason | BuiltinCallName | string | -| autogenerated/Xss/DomBasedXss/winjs.js:2:52:2:52 | 1 | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/winjs.js:2:52:2:52 | 1 | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/winjs.js:2:52:2:52 | 1 | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/winjs.js:2:52:2:52 | 1 | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/winjs.js:2:52:2:52 | 1 | SqlInjection | notASinkReason | BuiltinCallName | string | -| autogenerated/Xss/DomBasedXss/winjs.js:2:52:2:52 | 1 | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/winjs.js:2:52:2:52 | 1 | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/winjs.js:2:52:2:52 | 1 | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/winjs.js:2:52:2:52 | 1 | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/winjs.js:2:52:2:52 | 1 | TaintedPath | notASinkReason | BuiltinCallName | string | -| autogenerated/Xss/DomBasedXss/winjs.js:2:52:2:52 | 1 | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/winjs.js:2:52:2:52 | 1 | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/winjs.js:2:52:2:52 | 1 | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/winjs.js:2:52:2:52 | 1 | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/winjs.js:2:52:2:52 | 1 | Xss | notASinkReason | BuiltinCallName | string | -| autogenerated/Xss/DomBasedXss/winjs.js:2:52:2:52 | 1 | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/winjs.js:3:43:3:49 | tainted | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/winjs.js:3:43:3:49 | tainted | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/winjs.js:3:43:3:49 | tainted | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/winjs.js:3:43:3:49 | tainted | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/winjs.js:4:43:4:49 | tainted | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/DomBasedXss/winjs.js:4:43:4:49 | tainted | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/winjs.js:4:43:4:49 | tainted | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/winjs.js:4:43:4:49 | tainted | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:1:3:1:10 | document | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:1:3:1:10 | document | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:1:3:1:10 | document | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:1:3:1:10 | document | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:1:19:16:1 | functio ... }\\n} | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:1:19:16:1 | functio ... }\\n} | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:1:19:16:1 | functio ... }\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:1:19:16:1 | functio ... }\\n} | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:1:19:16:1 | functio ... }\\n} | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:1:19:16:1 | functio ... }\\n} | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:1:19:16:1 | functio ... }\\n} | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:1:19:16:1 | functio ... }\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:1:19:16:1 | functio ... }\\n} | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:1:19:16:1 | functio ... }\\n} | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:1:19:16:1 | functio ... }\\n} | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:1:19:16:1 | functio ... }\\n} | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:1:19:16:1 | functio ... }\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:1:19:16:1 | functio ... }\\n} | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:1:19:16:1 | functio ... }\\n} | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:1:19:16:1 | functio ... }\\n} | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:1:19:16:1 | functio ... }\\n} | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:1:19:16:1 | functio ... }\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:1:19:16:1 | functio ... }\\n} | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:1:19:16:1 | functio ... }\\n} | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:4:21:4:23 | url | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:4:21:4:23 | url | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:4:21:4:23 | url | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:4:21:4:23 | url | NosqlInjection | notASinkReason | ClientRequest | string | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:4:21:4:23 | url | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:4:21:4:23 | url | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:4:21:4:23 | url | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:4:21:4:23 | url | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:4:21:4:23 | url | SqlInjection | notASinkReason | ClientRequest | string | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:4:21:4:23 | url | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:4:21:4:23 | url | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:4:21:4:23 | url | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:4:21:4:23 | url | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:4:21:4:23 | url | TaintedPath | notASinkReason | ClientRequest | string | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:4:21:4:23 | url | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:4:21:4:23 | url | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:4:21:4:23 | url | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:4:21:4:23 | url | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:4:21:4:23 | url | Xss | notASinkReason | ClientRequest | string | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:4:21:4:23 | url | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:5:26:5:39 | "Content-Type" | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:5:26:5:39 | "Content-Type" | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:5:26:5:39 | "Content-Type" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:5:26:5:39 | "Content-Type" | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:5:26:5:39 | "Content-Type" | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:5:26:5:39 | "Content-Type" | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:5:26:5:39 | "Content-Type" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:5:26:5:39 | "Content-Type" | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:5:26:5:39 | "Content-Type" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:5:26:5:39 | "Content-Type" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:5:26:5:39 | "Content-Type" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:5:26:5:39 | "Content-Type" | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:5:26:5:39 | "Content-Type" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:5:26:5:39 | "Content-Type" | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:5:26:5:39 | "Content-Type" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:5:26:5:39 | "Content-Type" | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:5:42:5:59 | "application/json" | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:5:42:5:59 | "application/json" | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:5:42:5:59 | "application/json" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:5:42:5:59 | "application/json" | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:5:42:5:59 | "application/json" | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:5:42:5:59 | "application/json" | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:5:42:5:59 | "application/json" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:5:42:5:59 | "application/json" | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:5:42:5:59 | "application/json" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:5:42:5:59 | "application/json" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:5:42:5:59 | "application/json" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:5:42:5:59 | "application/json" | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:5:42:5:59 | "application/json" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:5:42:5:59 | "application/json" | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:5:42:5:59 | "application/json" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:5:42:5:59 | "application/json" | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:9:11:9:20 | "#myThing" | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:9:11:9:20 | "#myThing" | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:9:11:9:20 | "#myThing" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:9:11:9:20 | "#myThing" | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:9:11:9:20 | "#myThing" | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:9:11:9:20 | "#myThing" | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:9:11:9:20 | "#myThing" | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:9:11:9:20 | "#myThing" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:9:11:9:20 | "#myThing" | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:9:11:9:20 | "#myThing" | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:9:11:9:20 | "#myThing" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:9:11:9:20 | "#myThing" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:9:11:9:20 | "#myThing" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:9:11:9:20 | "#myThing" | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:9:11:9:20 | "#myThing" | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:9:11:9:20 | "#myThing" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:9:11:9:20 | "#myThing" | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:9:11:9:20 | "#myThing" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:9:11:9:20 | "#myThing" | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:9:11:9:20 | "#myThing" | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:9:28:9:39 | json.message | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:9:28:9:39 | json.message | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:9:28:9:39 | json.message | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:9:28:9:39 | json.message | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:14:21:14:25 | error | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:14:21:14:25 | error | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:14:21:14:25 | error | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:14:21:14:25 | error | NosqlInjection | notASinkReason | LoggerMethod | string | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:14:21:14:25 | error | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:14:21:14:25 | error | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:14:21:14:25 | error | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:14:21:14:25 | error | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:14:21:14:25 | error | SqlInjection | notASinkReason | LoggerMethod | string | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:14:21:14:25 | error | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:14:21:14:25 | error | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:14:21:14:25 | error | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:14:21:14:25 | error | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:14:21:14:25 | error | TaintedPath | notASinkReason | LoggerMethod | string | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:14:21:14:25 | error | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:14:21:14:25 | error | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:14:21:14:25 | error | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:14:21:14:25 | error | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:14:21:14:25 | error | Xss | notASinkReason | LoggerMethod | string | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:14:21:14:25 | error | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/ExceptionXss/ajv.js:7:15:7:70 | {type: ... mber'}} | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/ajv.js:7:15:7:70 | {type: ... mber'}} | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ExceptionXss/ajv.js:7:15:7:70 | {type: ... mber'}} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/ajv.js:7:15:7:70 | {type: ... mber'}} | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ExceptionXss/ajv.js:7:15:7:70 | {type: ... mber'}} | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/ajv.js:7:15:7:70 | {type: ... mber'}} | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ExceptionXss/ajv.js:7:15:7:70 | {type: ... mber'}} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/ajv.js:7:15:7:70 | {type: ... mber'}} | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ExceptionXss/ajv.js:7:15:7:70 | {type: ... mber'}} | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/ajv.js:7:15:7:70 | {type: ... mber'}} | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/ExceptionXss/ajv.js:7:15:7:70 | {type: ... mber'}} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/ajv.js:7:15:7:70 | {type: ... mber'}} | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ExceptionXss/ajv.js:7:15:7:70 | {type: ... mber'}} | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/ajv.js:7:15:7:70 | {type: ... mber'}} | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/ExceptionXss/ajv.js:7:15:7:70 | {type: ... mber'}} | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/ajv.js:7:15:7:70 | {type: ... mber'}} | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ExceptionXss/ajv.js:7:22:7:29 | 'object' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/ajv.js:7:22:7:29 | 'object' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/ExceptionXss/ajv.js:7:22:7:29 | 'object' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/ajv.js:7:22:7:29 | 'object' | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ExceptionXss/ajv.js:7:22:7:29 | 'object' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/ajv.js:7:22:7:29 | 'object' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/ExceptionXss/ajv.js:7:22:7:29 | 'object' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/ajv.js:7:22:7:29 | 'object' | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ExceptionXss/ajv.js:7:22:7:29 | 'object' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/ajv.js:7:22:7:29 | 'object' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/ExceptionXss/ajv.js:7:22:7:29 | 'object' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/ajv.js:7:22:7:29 | 'object' | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ExceptionXss/ajv.js:7:54:7:69 | {type: 'number'} | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/ajv.js:7:54:7:69 | {type: 'number'} | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ExceptionXss/ajv.js:7:54:7:69 | {type: 'number'} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/ajv.js:7:54:7:69 | {type: 'number'} | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ExceptionXss/ajv.js:7:54:7:69 | {type: 'number'} | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/ajv.js:7:54:7:69 | {type: 'number'} | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/ExceptionXss/ajv.js:7:54:7:69 | {type: 'number'} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/ajv.js:7:54:7:69 | {type: 'number'} | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ExceptionXss/ajv.js:7:54:7:69 | {type: 'number'} | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/ajv.js:7:54:7:69 | {type: 'number'} | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/ExceptionXss/ajv.js:7:54:7:69 | {type: 'number'} | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/ajv.js:7:54:7:69 | {type: 'number'} | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ExceptionXss/ajv.js:7:61:7:68 | 'number' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/ajv.js:7:61:7:68 | 'number' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/ExceptionXss/ajv.js:7:61:7:68 | 'number' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/ajv.js:7:61:7:68 | 'number' | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ExceptionXss/ajv.js:7:61:7:68 | 'number' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/ajv.js:7:61:7:68 | 'number' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/ExceptionXss/ajv.js:7:61:7:68 | 'number' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/ajv.js:7:61:7:68 | 'number' | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ExceptionXss/ajv.js:7:61:7:68 | 'number' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/ajv.js:7:61:7:68 | 'number' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/ExceptionXss/ajv.js:7:61:7:68 | 'number' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/ajv.js:7:61:7:68 | 'number' | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ExceptionXss/ajv.js:7:73:7:82 | 'pollData' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/ajv.js:7:73:7:82 | 'pollData' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/ExceptionXss/ajv.js:7:73:7:82 | 'pollData' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/ajv.js:7:73:7:82 | 'pollData' | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ExceptionXss/ajv.js:7:73:7:82 | 'pollData' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/ajv.js:7:73:7:82 | 'pollData' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/ExceptionXss/ajv.js:7:73:7:82 | 'pollData' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/ajv.js:7:73:7:82 | 'pollData' | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ExceptionXss/ajv.js:7:73:7:82 | 'pollData' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/ajv.js:7:73:7:82 | 'pollData' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/ExceptionXss/ajv.js:7:73:7:82 | 'pollData' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/ajv.js:7:73:7:82 | 'pollData' | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ExceptionXss/ajv.js:7:73:7:82 | 'pollData' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/ajv.js:7:73:7:82 | 'pollData' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/ExceptionXss/ajv.js:7:73:7:82 | 'pollData' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/ajv.js:7:73:7:82 | 'pollData' | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ExceptionXss/ajv.js:9:10:9:20 | '/polldata' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/ajv.js:9:10:9:20 | '/polldata' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/ExceptionXss/ajv.js:9:10:9:20 | '/polldata' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/ajv.js:9:10:9:20 | '/polldata' | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ExceptionXss/ajv.js:9:10:9:20 | '/polldata' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/ajv.js:9:10:9:20 | '/polldata' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/ExceptionXss/ajv.js:9:10:9:20 | '/polldata' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/ajv.js:9:10:9:20 | '/polldata' | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ExceptionXss/ajv.js:9:10:9:20 | '/polldata' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/ajv.js:9:10:9:20 | '/polldata' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/ExceptionXss/ajv.js:9:10:9:20 | '/polldata' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/ajv.js:9:10:9:20 | '/polldata' | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ExceptionXss/ajv.js:9:10:9:20 | '/polldata' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/ajv.js:9:10:9:20 | '/polldata' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/ExceptionXss/ajv.js:9:10:9:20 | '/polldata' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/ajv.js:9:10:9:20 | '/polldata' | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ExceptionXss/ajv.js:9:23:13:1 | (req, r ... }\\n} | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/ajv.js:9:23:13:1 | (req, r ... }\\n} | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ExceptionXss/ajv.js:9:23:13:1 | (req, r ... }\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/ajv.js:9:23:13:1 | (req, r ... }\\n} | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ExceptionXss/ajv.js:9:23:13:1 | (req, r ... }\\n} | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/ajv.js:9:23:13:1 | (req, r ... }\\n} | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ExceptionXss/ajv.js:9:23:13:1 | (req, r ... }\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/ajv.js:9:23:13:1 | (req, r ... }\\n} | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ExceptionXss/ajv.js:9:23:13:1 | (req, r ... }\\n} | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/ajv.js:9:23:13:1 | (req, r ... }\\n} | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/ExceptionXss/ajv.js:9:23:13:1 | (req, r ... }\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/ajv.js:9:23:13:1 | (req, r ... }\\n} | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ExceptionXss/ajv.js:9:23:13:1 | (req, r ... }\\n} | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/ajv.js:9:23:13:1 | (req, r ... }\\n} | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/ExceptionXss/ajv.js:9:23:13:1 | (req, r ... }\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/ajv.js:9:23:13:1 | (req, r ... }\\n} | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:5:11:5:11 | x | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:5:11:5:11 | x | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:5:11:5:11 | x | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:5:11:5:11 | x | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:5:11:5:11 | x | SqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:5:11:5:11 | x | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:5:11:5:11 | x | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:5:11:5:11 | x | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:5:11:5:11 | x | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:5:11:5:11 | x | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:5:11:5:11 | x | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:5:11:5:11 | x | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:5:11:5:11 | x | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:5:11:5:11 | x | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:5:11:5:11 | x | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:5:11:5:11 | x | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:9:11:9:13 | foo | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:9:11:9:13 | foo | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:9:11:9:13 | foo | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:9:11:9:13 | foo | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:9:11:9:13 | foo | SqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:9:11:9:13 | foo | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:9:11:9:13 | foo | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:9:11:9:13 | foo | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:9:11:9:13 | foo | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:9:11:9:13 | foo | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:9:11:9:13 | foo | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:9:11:9:13 | foo | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:9:11:9:13 | foo | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:9:11:9:13 | foo | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:9:11:9:13 | foo | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:9:11:9:13 | foo | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:11:5:11:10 | 'myId' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:11:5:11:10 | 'myId' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:11:5:11:10 | 'myId' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:11:5:11:10 | 'myId' | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:11:5:11:10 | 'myId' | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:11:5:11:10 | 'myId' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:11:5:11:10 | 'myId' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:11:5:11:10 | 'myId' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:11:5:11:10 | 'myId' | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:11:5:11:10 | 'myId' | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:11:5:11:10 | 'myId' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:11:5:11:10 | 'myId' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:11:5:11:10 | 'myId' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:11:5:11:10 | 'myId' | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:11:5:11:10 | 'myId' | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:11:5:11:10 | 'myId' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:11:5:11:10 | 'myId' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:11:5:11:10 | 'myId' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:11:5:11:10 | 'myId' | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:11:5:11:10 | 'myId' | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:11:18:11:18 | e | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:11:18:11:18 | e | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:11:18:11:18 | e | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:11:18:11:18 | e | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:17:5:17:10 | 'myId' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:17:5:17:10 | 'myId' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:17:5:17:10 | 'myId' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:17:5:17:10 | 'myId' | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:17:5:17:10 | 'myId' | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:17:5:17:10 | 'myId' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:17:5:17:10 | 'myId' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:17:5:17:10 | 'myId' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:17:5:17:10 | 'myId' | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:17:5:17:10 | 'myId' | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:17:5:17:10 | 'myId' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:17:5:17:10 | 'myId' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:17:5:17:10 | 'myId' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:17:5:17:10 | 'myId' | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:17:5:17:10 | 'myId' | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:17:5:17:10 | 'myId' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:17:5:17:10 | 'myId' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:17:5:17:10 | 'myId' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:17:5:17:10 | 'myId' | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:17:5:17:10 | 'myId' | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:17:18:17:18 | e | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:17:18:17:18 | e | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:17:18:17:18 | e | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:17:18:17:18 | e | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:21:11:21:21 | foo + "bar" | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:21:11:21:21 | foo + "bar" | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:21:11:21:21 | foo + "bar" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:21:11:21:21 | foo + "bar" | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:21:11:21:21 | foo + "bar" | SqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:21:11:21:21 | foo + "bar" | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:21:11:21:21 | foo + "bar" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:21:11:21:21 | foo + "bar" | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:21:11:21:21 | foo + "bar" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:21:11:21:21 | foo + "bar" | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:21:11:21:21 | foo + "bar" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:21:11:21:21 | foo + "bar" | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:21:11:21:21 | foo + "bar" | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:21:11:21:21 | foo + "bar" | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:21:11:21:21 | foo + "bar" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:21:11:21:21 | foo + "bar" | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:23:5:23:10 | 'myId' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:23:5:23:10 | 'myId' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:23:5:23:10 | 'myId' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:23:5:23:10 | 'myId' | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:23:5:23:10 | 'myId' | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:23:5:23:10 | 'myId' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:23:5:23:10 | 'myId' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:23:5:23:10 | 'myId' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:23:5:23:10 | 'myId' | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:23:5:23:10 | 'myId' | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:23:5:23:10 | 'myId' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:23:5:23:10 | 'myId' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:23:5:23:10 | 'myId' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:23:5:23:10 | 'myId' | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:23:5:23:10 | 'myId' | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:23:5:23:10 | 'myId' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:23:5:23:10 | 'myId' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:23:5:23:10 | 'myId' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:23:5:23:10 | 'myId' | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:23:5:23:10 | 'myId' | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:23:18:23:18 | e | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:23:18:23:18 | e | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:23:18:23:18 | e | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:23:18:23:18 | e | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:27:11:27:23 | { prop: foo } | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:27:11:27:23 | { prop: foo } | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:27:11:27:23 | { prop: foo } | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:27:11:27:23 | { prop: foo } | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:27:11:27:23 | { prop: foo } | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:27:11:27:23 | { prop: foo } | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:27:11:27:23 | { prop: foo } | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:27:11:27:23 | { prop: foo } | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:27:11:27:23 | { prop: foo } | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:27:11:27:23 | { prop: foo } | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:27:11:27:23 | { prop: foo } | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:27:11:27:23 | { prop: foo } | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:27:11:27:23 | { prop: foo } | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:27:11:27:23 | { prop: foo } | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:27:11:27:23 | { prop: foo } | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:27:11:27:23 | { prop: foo } | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:27:19:27:21 | foo | SqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:27:19:27:21 | foo | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:27:19:27:21 | foo | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:27:19:27:21 | foo | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:27:19:27:21 | foo | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:27:19:27:21 | foo | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:27:19:27:21 | foo | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:27:19:27:21 | foo | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:27:19:27:21 | foo | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:27:19:27:21 | foo | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:27:19:27:21 | foo | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:27:19:27:21 | foo | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:29:5:29:10 | 'myId' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:29:5:29:10 | 'myId' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:29:5:29:10 | 'myId' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:29:5:29:10 | 'myId' | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:29:5:29:10 | 'myId' | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:29:5:29:10 | 'myId' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:29:5:29:10 | 'myId' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:29:5:29:10 | 'myId' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:29:5:29:10 | 'myId' | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:29:5:29:10 | 'myId' | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:29:5:29:10 | 'myId' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:29:5:29:10 | 'myId' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:29:5:29:10 | 'myId' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:29:5:29:10 | 'myId' | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:29:5:29:10 | 'myId' | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:29:5:29:10 | 'myId' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:29:5:29:10 | 'myId' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:29:5:29:10 | 'myId' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:29:5:29:10 | 'myId' | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:29:5:29:10 | 'myId' | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:29:18:29:18 | e | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:29:18:29:18 | e | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:29:18:29:18 | e | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:29:18:29:18 | e | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:33:11:33:22 | ["bar", foo] | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:33:11:33:22 | ["bar", foo] | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:33:11:33:22 | ["bar", foo] | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:33:11:33:22 | ["bar", foo] | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:33:11:33:22 | ["bar", foo] | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:33:11:33:22 | ["bar", foo] | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:33:11:33:22 | ["bar", foo] | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:33:11:33:22 | ["bar", foo] | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:33:11:33:22 | ["bar", foo] | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:33:11:33:22 | ["bar", foo] | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:33:11:33:22 | ["bar", foo] | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:33:11:33:22 | ["bar", foo] | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:33:12:33:16 | "bar" | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:33:12:33:16 | "bar" | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:33:12:33:16 | "bar" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:33:12:33:16 | "bar" | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:33:12:33:16 | "bar" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:33:12:33:16 | "bar" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:33:12:33:16 | "bar" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:33:12:33:16 | "bar" | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:33:12:33:16 | "bar" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:33:12:33:16 | "bar" | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:33:12:33:16 | "bar" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:33:12:33:16 | "bar" | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:33:19:33:21 | foo | SqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:33:19:33:21 | foo | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:33:19:33:21 | foo | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:33:19:33:21 | foo | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:33:19:33:21 | foo | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:33:19:33:21 | foo | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:33:19:33:21 | foo | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:33:19:33:21 | foo | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:33:19:33:21 | foo | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:33:19:33:21 | foo | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:33:19:33:21 | foo | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:33:19:33:21 | foo | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:35:5:35:10 | 'myId' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:35:5:35:10 | 'myId' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:35:5:35:10 | 'myId' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:35:5:35:10 | 'myId' | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:35:5:35:10 | 'myId' | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:35:5:35:10 | 'myId' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:35:5:35:10 | 'myId' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:35:5:35:10 | 'myId' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:35:5:35:10 | 'myId' | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:35:5:35:10 | 'myId' | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:35:5:35:10 | 'myId' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:35:5:35:10 | 'myId' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:35:5:35:10 | 'myId' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:35:5:35:10 | 'myId' | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:35:5:35:10 | 'myId' | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:35:5:35:10 | 'myId' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:35:5:35:10 | 'myId' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:35:5:35:10 | 'myId' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:35:5:35:10 | 'myId' | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:35:5:35:10 | 'myId' | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:35:18:35:18 | e | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:35:18:35:18 | e | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:35:18:35:18 | e | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:35:18:35:18 | e | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:48:5:48:10 | 'myId' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:48:5:48:10 | 'myId' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:48:5:48:10 | 'myId' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:48:5:48:10 | 'myId' | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:48:5:48:10 | 'myId' | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:48:5:48:10 | 'myId' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:48:5:48:10 | 'myId' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:48:5:48:10 | 'myId' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:48:5:48:10 | 'myId' | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:48:5:48:10 | 'myId' | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:48:5:48:10 | 'myId' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:48:5:48:10 | 'myId' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:48:5:48:10 | 'myId' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:48:5:48:10 | 'myId' | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:48:5:48:10 | 'myId' | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:48:5:48:10 | 'myId' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:48:5:48:10 | 'myId' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:48:5:48:10 | 'myId' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:48:5:48:10 | 'myId' | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:48:5:48:10 | 'myId' | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:48:18:48:18 | e | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:48:18:48:18 | e | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:48:18:48:18 | e | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:48:18:48:18 | e | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:54:5:54:10 | 'myId' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:54:5:54:10 | 'myId' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:54:5:54:10 | 'myId' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:54:5:54:10 | 'myId' | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:54:5:54:10 | 'myId' | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:54:5:54:10 | 'myId' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:54:5:54:10 | 'myId' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:54:5:54:10 | 'myId' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:54:5:54:10 | 'myId' | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:54:5:54:10 | 'myId' | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:54:5:54:10 | 'myId' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:54:5:54:10 | 'myId' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:54:5:54:10 | 'myId' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:54:5:54:10 | 'myId' | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:54:5:54:10 | 'myId' | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:54:5:54:10 | 'myId' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:54:5:54:10 | 'myId' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:54:5:54:10 | 'myId' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:54:5:54:10 | 'myId' | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:54:5:54:10 | 'myId' | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:54:18:54:18 | e | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:54:18:54:18 | e | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:54:18:54:18 | e | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:54:18:54:18 | e | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:64:5:64:10 | 'myId' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:64:5:64:10 | 'myId' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:64:5:64:10 | 'myId' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:64:5:64:10 | 'myId' | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:64:5:64:10 | 'myId' | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:64:5:64:10 | 'myId' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:64:5:64:10 | 'myId' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:64:5:64:10 | 'myId' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:64:5:64:10 | 'myId' | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:64:5:64:10 | 'myId' | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:64:5:64:10 | 'myId' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:64:5:64:10 | 'myId' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:64:5:64:10 | 'myId' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:64:5:64:10 | 'myId' | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:64:5:64:10 | 'myId' | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:64:5:64:10 | 'myId' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:64:5:64:10 | 'myId' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:64:5:64:10 | 'myId' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:64:5:64:10 | 'myId' | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:64:5:64:10 | 'myId' | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:64:18:64:18 | e | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:64:18:64:18 | e | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:64:18:64:18 | e | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:64:18:64:18 | e | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:68:13:68:16 | null | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:68:13:68:16 | null | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:68:13:68:16 | null | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:68:13:68:16 | null | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:68:13:68:16 | null | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:68:13:68:16 | null | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:68:13:68:16 | null | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:68:13:68:16 | null | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:68:13:68:16 | null | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:68:13:68:16 | null | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:68:13:68:16 | null | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:68:13:68:16 | null | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:68:13:68:16 | null | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:68:13:68:16 | null | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:68:13:68:16 | null | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:68:13:68:16 | null | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:68:19:68:21 | foo | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:68:19:68:21 | foo | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:68:19:68:21 | foo | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:68:19:68:21 | foo | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:68:19:68:21 | foo | SqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:68:19:68:21 | foo | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:68:19:68:21 | foo | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:68:19:68:21 | foo | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:68:19:68:21 | foo | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:68:19:68:21 | foo | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:68:19:68:21 | foo | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:68:19:68:21 | foo | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:68:19:68:21 | foo | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:68:19:68:21 | foo | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:68:19:68:21 | foo | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:68:19:68:21 | foo | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:70:5:70:10 | 'myId' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:70:5:70:10 | 'myId' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:70:5:70:10 | 'myId' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:70:5:70:10 | 'myId' | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:70:5:70:10 | 'myId' | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:70:5:70:10 | 'myId' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:70:5:70:10 | 'myId' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:70:5:70:10 | 'myId' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:70:5:70:10 | 'myId' | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:70:5:70:10 | 'myId' | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:70:5:70:10 | 'myId' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:70:5:70:10 | 'myId' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:70:5:70:10 | 'myId' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:70:5:70:10 | 'myId' | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:70:5:70:10 | 'myId' | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:70:5:70:10 | 'myId' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:70:5:70:10 | 'myId' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:70:5:70:10 | 'myId' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:70:5:70:10 | 'myId' | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:70:5:70:10 | 'myId' | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:70:18:70:18 | e | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:70:18:70:18 | e | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:70:18:70:18 | e | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:70:18:70:18 | e | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:78:5:78:10 | 'myId' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:78:5:78:10 | 'myId' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:78:5:78:10 | 'myId' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:78:5:78:10 | 'myId' | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:78:5:78:10 | 'myId' | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:78:5:78:10 | 'myId' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:78:5:78:10 | 'myId' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:78:5:78:10 | 'myId' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:78:5:78:10 | 'myId' | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:78:5:78:10 | 'myId' | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:78:5:78:10 | 'myId' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:78:5:78:10 | 'myId' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:78:5:78:10 | 'myId' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:78:5:78:10 | 'myId' | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:78:5:78:10 | 'myId' | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:78:5:78:10 | 'myId' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:78:5:78:10 | 'myId' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:78:5:78:10 | 'myId' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:78:5:78:10 | 'myId' | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:78:5:78:10 | 'myId' | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:78:18:78:18 | e | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:78:18:78:18 | e | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:78:18:78:18 | e | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:78:18:78:18 | e | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:83:5:83:10 | 'myId' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:83:5:83:10 | 'myId' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:83:5:83:10 | 'myId' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:83:5:83:10 | 'myId' | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:83:5:83:10 | 'myId' | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:83:5:83:10 | 'myId' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:83:5:83:10 | 'myId' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:83:5:83:10 | 'myId' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:83:5:83:10 | 'myId' | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:83:5:83:10 | 'myId' | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:83:5:83:10 | 'myId' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:83:5:83:10 | 'myId' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:83:5:83:10 | 'myId' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:83:5:83:10 | 'myId' | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:83:5:83:10 | 'myId' | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:83:5:83:10 | 'myId' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:83:5:83:10 | 'myId' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:83:5:83:10 | 'myId' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:83:5:83:10 | 'myId' | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:83:5:83:10 | 'myId' | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:83:18:83:18 | e | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:83:18:83:18 | e | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:83:18:83:18 | e | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:83:18:83:18 | e | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:86:4:86:9 | 'myId' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:86:4:86:9 | 'myId' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:86:4:86:9 | 'myId' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:86:4:86:9 | 'myId' | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:86:4:86:9 | 'myId' | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:86:4:86:9 | 'myId' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:86:4:86:9 | 'myId' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:86:4:86:9 | 'myId' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:86:4:86:9 | 'myId' | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:86:4:86:9 | 'myId' | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:86:4:86:9 | 'myId' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:86:4:86:9 | 'myId' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:86:4:86:9 | 'myId' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:86:4:86:9 | 'myId' | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:86:4:86:9 | 'myId' | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:86:4:86:9 | 'myId' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:86:4:86:9 | 'myId' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:86:4:86:9 | 'myId' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:86:4:86:9 | 'myId' | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:86:4:86:9 | 'myId' | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:86:17:86:19 | foo | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:86:17:86:19 | foo | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:86:17:86:19 | foo | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:86:17:86:19 | foo | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:89:11:89:26 | foo.match(/foo/) | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:89:11:89:26 | foo.match(/foo/) | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:89:11:89:26 | foo.match(/foo/) | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:89:11:89:26 | foo.match(/foo/) | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:89:11:89:26 | foo.match(/foo/) | SqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:89:11:89:26 | foo.match(/foo/) | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:89:11:89:26 | foo.match(/foo/) | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:89:11:89:26 | foo.match(/foo/) | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:89:11:89:26 | foo.match(/foo/) | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:89:11:89:26 | foo.match(/foo/) | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:89:11:89:26 | foo.match(/foo/) | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:89:11:89:26 | foo.match(/foo/) | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:89:11:89:26 | foo.match(/foo/) | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:89:11:89:26 | foo.match(/foo/) | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:89:11:89:26 | foo.match(/foo/) | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:89:11:89:26 | foo.match(/foo/) | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:89:21:89:25 | /foo/ | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:89:21:89:25 | /foo/ | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:89:21:89:25 | /foo/ | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:89:21:89:25 | /foo/ | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:89:21:89:25 | /foo/ | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:89:21:89:25 | /foo/ | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:89:21:89:25 | /foo/ | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:89:21:89:25 | /foo/ | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:89:21:89:25 | /foo/ | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:89:21:89:25 | /foo/ | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:89:21:89:25 | /foo/ | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:89:21:89:25 | /foo/ | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:89:21:89:25 | /foo/ | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:89:21:89:25 | /foo/ | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:89:21:89:25 | /foo/ | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:89:21:89:25 | /foo/ | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:91:5:91:10 | 'myId' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:91:5:91:10 | 'myId' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:91:5:91:10 | 'myId' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:91:5:91:10 | 'myId' | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:91:5:91:10 | 'myId' | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:91:5:91:10 | 'myId' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:91:5:91:10 | 'myId' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:91:5:91:10 | 'myId' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:91:5:91:10 | 'myId' | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:91:5:91:10 | 'myId' | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:91:5:91:10 | 'myId' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:91:5:91:10 | 'myId' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:91:5:91:10 | 'myId' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:91:5:91:10 | 'myId' | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:91:5:91:10 | 'myId' | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:91:5:91:10 | 'myId' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:91:5:91:10 | 'myId' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:91:5:91:10 | 'myId' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:91:5:91:10 | 'myId' | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:91:5:91:10 | 'myId' | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:91:18:91:18 | e | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:91:18:91:18 | e | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:91:18:91:18 | e | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:91:18:91:18 | e | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:95:11:95:22 | [foo, "bar"] | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:95:11:95:22 | [foo, "bar"] | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:95:11:95:22 | [foo, "bar"] | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:95:11:95:22 | [foo, "bar"] | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:95:11:95:22 | [foo, "bar"] | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:95:11:95:22 | [foo, "bar"] | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:95:11:95:22 | [foo, "bar"] | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:95:11:95:22 | [foo, "bar"] | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:95:11:95:22 | [foo, "bar"] | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:95:11:95:22 | [foo, "bar"] | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:95:11:95:22 | [foo, "bar"] | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:95:11:95:22 | [foo, "bar"] | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:95:12:95:14 | foo | SqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:95:12:95:14 | foo | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:95:12:95:14 | foo | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:95:12:95:14 | foo | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:95:12:95:14 | foo | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:95:12:95:14 | foo | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:95:12:95:14 | foo | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:95:12:95:14 | foo | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:95:12:95:14 | foo | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:95:12:95:14 | foo | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:95:12:95:14 | foo | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:95:12:95:14 | foo | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:95:17:95:21 | "bar" | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:95:17:95:21 | "bar" | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:95:17:95:21 | "bar" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:95:17:95:21 | "bar" | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:95:17:95:21 | "bar" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:95:17:95:21 | "bar" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:95:17:95:21 | "bar" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:95:17:95:21 | "bar" | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:95:17:95:21 | "bar" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:95:17:95:21 | "bar" | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:95:17:95:21 | "bar" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:95:17:95:21 | "bar" | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:97:5:97:10 | 'myId' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:97:5:97:10 | 'myId' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:97:5:97:10 | 'myId' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:97:5:97:10 | 'myId' | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:97:5:97:10 | 'myId' | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:97:5:97:10 | 'myId' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:97:5:97:10 | 'myId' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:97:5:97:10 | 'myId' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:97:5:97:10 | 'myId' | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:97:5:97:10 | 'myId' | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:97:5:97:10 | 'myId' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:97:5:97:10 | 'myId' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:97:5:97:10 | 'myId' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:97:5:97:10 | 'myId' | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:97:5:97:10 | 'myId' | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:97:5:97:10 | 'myId' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:97:5:97:10 | 'myId' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:97:5:97:10 | 'myId' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:97:5:97:10 | 'myId' | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:97:5:97:10 | 'myId' | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:97:18:97:18 | e | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:97:18:97:18 | e | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:97:18:97:18 | e | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:97:18:97:18 | e | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:102:12:102:14 | foo | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:102:12:102:14 | foo | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:102:12:102:14 | foo | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:102:12:102:14 | foo | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:102:12:102:14 | foo | SqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:102:12:102:14 | foo | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:102:12:102:14 | foo | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:102:12:102:14 | foo | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:102:12:102:14 | foo | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:102:12:102:14 | foo | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:102:12:102:14 | foo | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:102:12:102:14 | foo | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:102:12:102:14 | foo | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:102:12:102:14 | foo | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:102:12:102:14 | foo | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:102:12:102:14 | foo | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:107:5:107:10 | 'myId' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:107:5:107:10 | 'myId' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:107:5:107:10 | 'myId' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:107:5:107:10 | 'myId' | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:107:5:107:10 | 'myId' | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:107:5:107:10 | 'myId' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:107:5:107:10 | 'myId' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:107:5:107:10 | 'myId' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:107:5:107:10 | 'myId' | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:107:5:107:10 | 'myId' | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:107:5:107:10 | 'myId' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:107:5:107:10 | 'myId' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:107:5:107:10 | 'myId' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:107:5:107:10 | 'myId' | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:107:5:107:10 | 'myId' | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:107:5:107:10 | 'myId' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:107:5:107:10 | 'myId' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:107:5:107:10 | 'myId' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:107:5:107:10 | 'myId' | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:107:5:107:10 | 'myId' | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:107:18:107:18 | e | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:107:18:107:18 | e | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:107:18:107:18 | e | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:107:18:107:18 | e | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:111:23:111:31 | 'express' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:111:23:111:31 | 'express' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:111:23:111:31 | 'express' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:111:23:111:31 | 'express' | TaintedPath | sinkLabel | Sink | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:115:9:115:19 | '/user/:id' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:115:9:115:19 | '/user/:id' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:115:9:115:19 | '/user/:id' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:115:9:115:19 | '/user/:id' | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:115:9:115:19 | '/user/:id' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:115:9:115:19 | '/user/:id' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:115:9:115:19 | '/user/:id' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:115:9:115:19 | '/user/:id' | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:115:9:115:19 | '/user/:id' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:115:9:115:19 | '/user/:id' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:115:9:115:19 | '/user/:id' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:115:9:115:19 | '/user/:id' | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:115:9:115:19 | '/user/:id' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:115:9:115:19 | '/user/:id' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:115:9:115:19 | '/user/:id' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:115:9:115:19 | '/user/:id' | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:115:22:121:1 | functio ... K!\\n\\t}\\n} | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:115:22:121:1 | functio ... K!\\n\\t}\\n} | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:115:22:121:1 | functio ... K!\\n\\t}\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:115:22:121:1 | functio ... K!\\n\\t}\\n} | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:115:22:121:1 | functio ... K!\\n\\t}\\n} | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:115:22:121:1 | functio ... K!\\n\\t}\\n} | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:115:22:121:1 | functio ... K!\\n\\t}\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:115:22:121:1 | functio ... K!\\n\\t}\\n} | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:115:22:121:1 | functio ... K!\\n\\t}\\n} | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:115:22:121:1 | functio ... K!\\n\\t}\\n} | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:115:22:121:1 | functio ... K!\\n\\t}\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:115:22:121:1 | functio ... K!\\n\\t}\\n} | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:115:22:121:1 | functio ... K!\\n\\t}\\n} | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:115:22:121:1 | functio ... K!\\n\\t}\\n} | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:115:22:121:1 | functio ... K!\\n\\t}\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:115:22:121:1 | functio ... K!\\n\\t}\\n} | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:117:11:117:23 | req.params.id | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:117:11:117:23 | req.params.id | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:117:11:117:23 | req.params.id | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:117:11:117:23 | req.params.id | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:117:11:117:23 | req.params.id | SqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:117:11:117:23 | req.params.id | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:117:11:117:23 | req.params.id | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:117:11:117:23 | req.params.id | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:117:11:117:23 | req.params.id | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:117:11:117:23 | req.params.id | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:117:11:117:23 | req.params.id | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:117:11:117:23 | req.params.id | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:117:11:117:23 | req.params.id | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:117:11:117:23 | req.params.id | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:117:11:117:23 | req.params.id | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:117:11:117:23 | req.params.id | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:125:25:125:42 | 'exceptionSession' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:125:25:125:42 | 'exceptionSession' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:125:25:125:42 | 'exceptionSession' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:125:25:125:42 | 'exceptionSession' | NosqlInjection | notASinkReason | ReceiverStorage | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:125:25:125:42 | 'exceptionSession' | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:125:25:125:42 | 'exceptionSession' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:125:25:125:42 | 'exceptionSession' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:125:25:125:42 | 'exceptionSession' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:125:25:125:42 | 'exceptionSession' | SqlInjection | notASinkReason | ReceiverStorage | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:125:25:125:42 | 'exceptionSession' | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:125:25:125:42 | 'exceptionSession' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:125:25:125:42 | 'exceptionSession' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:125:25:125:42 | 'exceptionSession' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:125:25:125:42 | 'exceptionSession' | TaintedPath | notASinkReason | ReceiverStorage | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:125:25:125:42 | 'exceptionSession' | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:125:25:125:42 | 'exceptionSession' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:125:25:125:42 | 'exceptionSession' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:125:25:125:42 | 'exceptionSession' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:125:25:125:42 | 'exceptionSession' | Xss | notASinkReason | ReceiverStorage | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:125:25:125:42 | 'exceptionSession' | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:125:45:125:68 | documen ... .search | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:125:45:125:68 | documen ... .search | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:125:45:125:68 | documen ... .search | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:125:45:125:68 | documen ... .search | NosqlInjection | notASinkReason | ReceiverStorage | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:125:45:125:68 | documen ... .search | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:125:45:125:68 | documen ... .search | SqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:125:45:125:68 | documen ... .search | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:125:45:125:68 | documen ... .search | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:125:45:125:68 | documen ... .search | SqlInjection | notASinkReason | ReceiverStorage | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:125:45:125:68 | documen ... .search | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:125:45:125:68 | documen ... .search | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:125:45:125:68 | documen ... .search | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:125:45:125:68 | documen ... .search | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:125:45:125:68 | documen ... .search | TaintedPath | notASinkReason | ReceiverStorage | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:125:45:125:68 | documen ... .search | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:125:45:125:68 | documen ... .search | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:125:45:125:68 | documen ... .search | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:125:45:125:68 | documen ... .search | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:125:45:125:68 | documen ... .search | Xss | notASinkReason | ReceiverStorage | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:125:45:125:68 | documen ... .search | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:128:11:128:52 | session ... ssion') | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:128:11:128:52 | session ... ssion') | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:128:11:128:52 | session ... ssion') | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:128:11:128:52 | session ... ssion') | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:128:11:128:52 | session ... ssion') | SqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:128:11:128:52 | session ... ssion') | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:128:11:128:52 | session ... ssion') | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:128:11:128:52 | session ... ssion') | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:128:11:128:52 | session ... ssion') | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:128:11:128:52 | session ... ssion') | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:128:11:128:52 | session ... ssion') | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:128:11:128:52 | session ... ssion') | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:128:11:128:52 | session ... ssion') | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:128:11:128:52 | session ... ssion') | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:128:11:128:52 | session ... ssion') | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:128:11:128:52 | session ... ssion') | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:128:34:128:51 | 'exceptionSession' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:128:34:128:51 | 'exceptionSession' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:128:34:128:51 | 'exceptionSession' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:128:34:128:51 | 'exceptionSession' | NosqlInjection | notASinkReason | ReceiverStorage | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:128:34:128:51 | 'exceptionSession' | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:128:34:128:51 | 'exceptionSession' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:128:34:128:51 | 'exceptionSession' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:128:34:128:51 | 'exceptionSession' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:128:34:128:51 | 'exceptionSession' | SqlInjection | notASinkReason | ReceiverStorage | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:128:34:128:51 | 'exceptionSession' | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:128:34:128:51 | 'exceptionSession' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:128:34:128:51 | 'exceptionSession' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:128:34:128:51 | 'exceptionSession' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:128:34:128:51 | 'exceptionSession' | TaintedPath | notASinkReason | ReceiverStorage | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:128:34:128:51 | 'exceptionSession' | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:128:34:128:51 | 'exceptionSession' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:128:34:128:51 | 'exceptionSession' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:128:34:128:51 | 'exceptionSession' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:128:34:128:51 | 'exceptionSession' | Xss | notASinkReason | ReceiverStorage | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:128:34:128:51 | 'exceptionSession' | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:130:5:130:10 | 'myId' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:130:5:130:10 | 'myId' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:130:5:130:10 | 'myId' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:130:5:130:10 | 'myId' | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:130:5:130:10 | 'myId' | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:130:5:130:10 | 'myId' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:130:5:130:10 | 'myId' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:130:5:130:10 | 'myId' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:130:5:130:10 | 'myId' | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:130:5:130:10 | 'myId' | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:130:5:130:10 | 'myId' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:130:5:130:10 | 'myId' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:130:5:130:10 | 'myId' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:130:5:130:10 | 'myId' | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:130:5:130:10 | 'myId' | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:130:5:130:10 | 'myId' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:130:5:130:10 | 'myId' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:130:5:130:10 | 'myId' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:130:5:130:10 | 'myId' | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:130:5:130:10 | 'myId' | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:130:18:130:18 | e | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:130:18:130:18 | e | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:130:18:130:18 | e | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:130:18:130:18 | e | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:135:9:135:19 | '/user/:id' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:135:9:135:19 | '/user/:id' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:135:9:135:19 | '/user/:id' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:135:9:135:19 | '/user/:id' | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:135:9:135:19 | '/user/:id' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:135:9:135:19 | '/user/:id' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:135:9:135:19 | '/user/:id' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:135:9:135:19 | '/user/:id' | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:135:9:135:19 | '/user/:id' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:135:9:135:19 | '/user/:id' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:135:9:135:19 | '/user/:id' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:135:9:135:19 | '/user/:id' | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:135:9:135:19 | '/user/:id' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:135:9:135:19 | '/user/:id' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:135:9:135:19 | '/user/:id' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:135:9:135:19 | '/user/:id' | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:135:22:143:1 | functio ... \\n\\t});\\n} | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:135:22:143:1 | functio ... \\n\\t});\\n} | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:135:22:143:1 | functio ... \\n\\t});\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:135:22:143:1 | functio ... \\n\\t});\\n} | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:135:22:143:1 | functio ... \\n\\t});\\n} | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:135:22:143:1 | functio ... \\n\\t});\\n} | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:135:22:143:1 | functio ... \\n\\t});\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:135:22:143:1 | functio ... \\n\\t});\\n} | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:135:22:143:1 | functio ... \\n\\t});\\n} | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:135:22:143:1 | functio ... \\n\\t});\\n} | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:135:22:143:1 | functio ... \\n\\t});\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:135:22:143:1 | functio ... \\n\\t});\\n} | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:135:22:143:1 | functio ... \\n\\t});\\n} | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:135:22:143:1 | functio ... \\n\\t});\\n} | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:135:22:143:1 | functio ... \\n\\t});\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:135:22:143:1 | functio ... \\n\\t});\\n} | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:136:10:136:22 | req.params.id | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:136:10:136:22 | req.params.id | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:136:10:136:22 | req.params.id | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:136:10:136:22 | req.params.id | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:136:10:136:22 | req.params.id | SqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:136:10:136:22 | req.params.id | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:136:10:136:22 | req.params.id | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:136:10:136:22 | req.params.id | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:136:10:136:22 | req.params.id | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:136:10:136:22 | req.params.id | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:136:10:136:22 | req.params.id | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:136:10:136:22 | req.params.id | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:136:10:136:22 | req.params.id | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:136:10:136:22 | req.params.id | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:136:10:136:22 | req.params.id | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:136:10:136:22 | req.params.id | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:136:25:142:2 | (error, ... ow?)\\n\\t} | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:136:25:142:2 | (error, ... ow?)\\n\\t} | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:136:25:142:2 | (error, ... ow?)\\n\\t} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:136:25:142:2 | (error, ... ow?)\\n\\t} | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:136:25:142:2 | (error, ... ow?)\\n\\t} | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:136:25:142:2 | (error, ... ow?)\\n\\t} | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:136:25:142:2 | (error, ... ow?)\\n\\t} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:136:25:142:2 | (error, ... ow?)\\n\\t} | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:136:25:142:2 | (error, ... ow?)\\n\\t} | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:136:25:142:2 | (error, ... ow?)\\n\\t} | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:136:25:142:2 | (error, ... ow?)\\n\\t} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:136:25:142:2 | (error, ... ow?)\\n\\t} | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:136:25:142:2 | (error, ... ow?)\\n\\t} | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:136:25:142:2 | (error, ... ow?)\\n\\t} | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:136:25:142:2 | (error, ... ow?)\\n\\t} | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:136:25:142:2 | (error, ... ow?)\\n\\t} | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:138:6:138:11 | 'myId' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:138:6:138:11 | 'myId' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:138:6:138:11 | 'myId' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:138:6:138:11 | 'myId' | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:138:6:138:11 | 'myId' | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:138:6:138:11 | 'myId' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:138:6:138:11 | 'myId' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:138:6:138:11 | 'myId' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:138:6:138:11 | 'myId' | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:138:6:138:11 | 'myId' | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:138:6:138:11 | 'myId' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:138:6:138:11 | 'myId' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:138:6:138:11 | 'myId' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:138:6:138:11 | 'myId' | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:138:6:138:11 | 'myId' | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:138:6:138:11 | 'myId' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:138:6:138:11 | 'myId' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:138:6:138:11 | 'myId' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:138:6:138:11 | 'myId' | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:138:6:138:11 | 'myId' | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:138:19:138:23 | error | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:138:19:138:23 | error | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:138:19:138:23 | error | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:138:19:138:23 | error | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:141:5:141:10 | 'myId' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:141:5:141:10 | 'myId' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:141:5:141:10 | 'myId' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:141:5:141:10 | 'myId' | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:141:5:141:10 | 'myId' | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:141:5:141:10 | 'myId' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:141:5:141:10 | 'myId' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:141:5:141:10 | 'myId' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:141:5:141:10 | 'myId' | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:141:5:141:10 | 'myId' | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:141:5:141:10 | 'myId' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:141:5:141:10 | 'myId' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:141:5:141:10 | 'myId' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:141:5:141:10 | 'myId' | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:141:5:141:10 | 'myId' | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:141:5:141:10 | 'myId' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:141:5:141:10 | 'myId' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:141:5:141:10 | 'myId' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:141:5:141:10 | 'myId' | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:141:5:141:10 | 'myId' | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:141:18:141:20 | res | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:141:18:141:20 | res | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:141:18:141:20 | res | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:141:18:141:20 | res | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:148:33:148:35 | foo | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:148:33:148:35 | foo | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:148:33:148:35 | foo | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:148:33:148:35 | foo | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:148:33:148:35 | foo | SqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:148:33:148:35 | foo | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:148:33:148:35 | foo | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:148:33:148:35 | foo | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:148:33:148:35 | foo | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:148:33:148:35 | foo | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:148:33:148:35 | foo | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:148:33:148:35 | foo | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:148:33:148:35 | foo | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:148:33:148:35 | foo | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:148:33:148:35 | foo | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:148:33:148:35 | foo | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:148:38:148:44 | resolve | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:148:38:148:44 | resolve | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:148:38:148:44 | resolve | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:148:38:148:44 | resolve | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:148:38:148:44 | resolve | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:148:38:148:44 | resolve | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:148:38:148:44 | resolve | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:148:38:148:44 | resolve | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:148:38:148:44 | resolve | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:148:38:148:44 | resolve | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:148:38:148:44 | resolve | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:148:38:148:44 | resolve | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:148:38:148:44 | resolve | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:148:38:148:44 | resolve | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:148:38:148:44 | resolve | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:148:38:148:44 | resolve | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:148:54:150:2 | (e) => ... T OK\\n\\t} | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:148:54:150:2 | (e) => ... T OK\\n\\t} | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:148:54:150:2 | (e) => ... T OK\\n\\t} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:148:54:150:2 | (e) => ... T OK\\n\\t} | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:148:54:150:2 | (e) => ... T OK\\n\\t} | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:148:54:150:2 | (e) => ... T OK\\n\\t} | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:148:54:150:2 | (e) => ... T OK\\n\\t} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:148:54:150:2 | (e) => ... T OK\\n\\t} | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:148:54:150:2 | (e) => ... T OK\\n\\t} | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:148:54:150:2 | (e) => ... T OK\\n\\t} | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:148:54:150:2 | (e) => ... T OK\\n\\t} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:148:54:150:2 | (e) => ... T OK\\n\\t} | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:148:54:150:2 | (e) => ... T OK\\n\\t} | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:148:54:150:2 | (e) => ... T OK\\n\\t} | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:148:54:150:2 | (e) => ... T OK\\n\\t} | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:148:54:150:2 | (e) => ... T OK\\n\\t} | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:149:5:149:10 | 'myId' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:149:5:149:10 | 'myId' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:149:5:149:10 | 'myId' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:149:5:149:10 | 'myId' | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:149:5:149:10 | 'myId' | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:149:5:149:10 | 'myId' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:149:5:149:10 | 'myId' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:149:5:149:10 | 'myId' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:149:5:149:10 | 'myId' | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:149:5:149:10 | 'myId' | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:149:5:149:10 | 'myId' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:149:5:149:10 | 'myId' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:149:5:149:10 | 'myId' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:149:5:149:10 | 'myId' | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:149:5:149:10 | 'myId' | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:149:5:149:10 | 'myId' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:149:5:149:10 | 'myId' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:149:5:149:10 | 'myId' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:149:5:149:10 | 'myId' | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:149:5:149:10 | 'myId' | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:149:18:149:18 | e | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:149:18:149:18 | e | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:149:18:149:18 | e | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:149:18:149:18 | e | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:155:5:155:10 | 'myId' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:155:5:155:10 | 'myId' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:155:5:155:10 | 'myId' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:155:5:155:10 | 'myId' | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:155:5:155:10 | 'myId' | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:155:5:155:10 | 'myId' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:155:5:155:10 | 'myId' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:155:5:155:10 | 'myId' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:155:5:155:10 | 'myId' | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:155:5:155:10 | 'myId' | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:155:5:155:10 | 'myId' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:155:5:155:10 | 'myId' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:155:5:155:10 | 'myId' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:155:5:155:10 | 'myId' | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:155:5:155:10 | 'myId' | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:155:5:155:10 | 'myId' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:155:5:155:10 | 'myId' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:155:5:155:10 | 'myId' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:155:5:155:10 | 'myId' | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:155:5:155:10 | 'myId' | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:155:18:155:18 | e | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:155:18:155:18 | e | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:155:18:155:18 | e | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:155:18:155:18 | e | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:161:5:161:10 | 'myId' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:161:5:161:10 | 'myId' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:161:5:161:10 | 'myId' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:161:5:161:10 | 'myId' | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:161:5:161:10 | 'myId' | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:161:5:161:10 | 'myId' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:161:5:161:10 | 'myId' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:161:5:161:10 | 'myId' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:161:5:161:10 | 'myId' | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:161:5:161:10 | 'myId' | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:161:5:161:10 | 'myId' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:161:5:161:10 | 'myId' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:161:5:161:10 | 'myId' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:161:5:161:10 | 'myId' | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:161:5:161:10 | 'myId' | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:161:5:161:10 | 'myId' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:161:5:161:10 | 'myId' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:161:5:161:10 | 'myId' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:161:5:161:10 | 'myId' | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:161:5:161:10 | 'myId' | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:161:18:161:18 | e | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:161:18:161:18 | e | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:161:18:161:18 | e | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:161:18:161:18 | e | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:167:5:167:10 | 'myId' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:167:5:167:10 | 'myId' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:167:5:167:10 | 'myId' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:167:5:167:10 | 'myId' | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:167:5:167:10 | 'myId' | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:167:5:167:10 | 'myId' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:167:5:167:10 | 'myId' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:167:5:167:10 | 'myId' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:167:5:167:10 | 'myId' | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:167:5:167:10 | 'myId' | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:167:5:167:10 | 'myId' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:167:5:167:10 | 'myId' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:167:5:167:10 | 'myId' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:167:5:167:10 | 'myId' | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:167:5:167:10 | 'myId' | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:167:5:167:10 | 'myId' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:167:5:167:10 | 'myId' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:167:5:167:10 | 'myId' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:167:5:167:10 | 'myId' | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:167:5:167:10 | 'myId' | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:167:18:167:18 | e | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:167:18:167:18 | e | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:167:18:167:18 | e | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:167:18:167:18 | e | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:171:11:171:17 | tainted | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:171:11:171:17 | tainted | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:171:11:171:17 | tainted | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:171:11:171:17 | tainted | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:171:11:171:17 | tainted | SqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:171:11:171:17 | tainted | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:171:11:171:17 | tainted | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:171:11:171:17 | tainted | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:171:11:171:17 | tainted | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:171:11:171:17 | tainted | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:171:11:171:17 | tainted | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:171:11:171:17 | tainted | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:171:11:171:17 | tainted | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:171:11:171:17 | tainted | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:171:11:171:17 | tainted | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:171:11:171:17 | tainted | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:171:20:171:26 | resolve | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:171:20:171:26 | resolve | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:171:20:171:26 | resolve | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:171:20:171:26 | resolve | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:171:20:171:26 | resolve | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:171:20:171:26 | resolve | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:171:20:171:26 | resolve | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:171:20:171:26 | resolve | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:171:20:171:26 | resolve | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:171:20:171:26 | resolve | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:171:20:171:26 | resolve | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:171:20:171:26 | resolve | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:171:20:171:26 | resolve | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:171:20:171:26 | resolve | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:171:20:171:26 | resolve | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:171:20:171:26 | resolve | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:174:52:176:2 | (e) => ... T OK\\n\\t} | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:174:52:176:2 | (e) => ... T OK\\n\\t} | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:174:52:176:2 | (e) => ... T OK\\n\\t} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:174:52:176:2 | (e) => ... T OK\\n\\t} | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:174:52:176:2 | (e) => ... T OK\\n\\t} | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:174:52:176:2 | (e) => ... T OK\\n\\t} | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:174:52:176:2 | (e) => ... T OK\\n\\t} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:174:52:176:2 | (e) => ... T OK\\n\\t} | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:174:52:176:2 | (e) => ... T OK\\n\\t} | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:174:52:176:2 | (e) => ... T OK\\n\\t} | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:174:52:176:2 | (e) => ... T OK\\n\\t} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:174:52:176:2 | (e) => ... T OK\\n\\t} | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:174:52:176:2 | (e) => ... T OK\\n\\t} | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:174:52:176:2 | (e) => ... T OK\\n\\t} | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:174:52:176:2 | (e) => ... T OK\\n\\t} | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:174:52:176:2 | (e) => ... T OK\\n\\t} | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:175:5:175:10 | 'myId' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:175:5:175:10 | 'myId' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:175:5:175:10 | 'myId' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:175:5:175:10 | 'myId' | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:175:5:175:10 | 'myId' | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:175:5:175:10 | 'myId' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:175:5:175:10 | 'myId' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:175:5:175:10 | 'myId' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:175:5:175:10 | 'myId' | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:175:5:175:10 | 'myId' | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:175:5:175:10 | 'myId' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:175:5:175:10 | 'myId' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:175:5:175:10 | 'myId' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:175:5:175:10 | 'myId' | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:175:5:175:10 | 'myId' | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:175:5:175:10 | 'myId' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:175:5:175:10 | 'myId' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:175:5:175:10 | 'myId' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:175:5:175:10 | 'myId' | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:175:5:175:10 | 'myId' | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:175:18:175:18 | e | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:175:18:175:18 | e | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:175:18:175:18 | e | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:175:18:175:18 | e | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:179:9:179:19 | '/user/:id' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:179:9:179:19 | '/user/:id' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:179:9:179:19 | '/user/:id' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:179:9:179:19 | '/user/:id' | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:179:9:179:19 | '/user/:id' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:179:9:179:19 | '/user/:id' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:179:9:179:19 | '/user/:id' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:179:9:179:19 | '/user/:id' | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:179:9:179:19 | '/user/:id' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:179:9:179:19 | '/user/:id' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:179:9:179:19 | '/user/:id' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:179:9:179:19 | '/user/:id' | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:179:9:179:19 | '/user/:id' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:179:9:179:19 | '/user/:id' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:179:9:179:19 | '/user/:id' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:179:9:179:19 | '/user/:id' | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:179:22:186:1 | functio ... \\n\\t});\\n} | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:179:22:186:1 | functio ... \\n\\t});\\n} | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:179:22:186:1 | functio ... \\n\\t});\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:179:22:186:1 | functio ... \\n\\t});\\n} | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:179:22:186:1 | functio ... \\n\\t});\\n} | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:179:22:186:1 | functio ... \\n\\t});\\n} | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:179:22:186:1 | functio ... \\n\\t});\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:179:22:186:1 | functio ... \\n\\t});\\n} | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:179:22:186:1 | functio ... \\n\\t});\\n} | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:179:22:186:1 | functio ... \\n\\t});\\n} | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:179:22:186:1 | functio ... \\n\\t});\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:179:22:186:1 | functio ... \\n\\t});\\n} | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:179:22:186:1 | functio ... \\n\\t});\\n} | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:179:22:186:1 | functio ... \\n\\t});\\n} | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:179:22:186:1 | functio ... \\n\\t});\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:179:22:186:1 | functio ... \\n\\t});\\n} | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:180:10:180:22 | req.params.id | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:180:10:180:22 | req.params.id | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:180:10:180:22 | req.params.id | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:180:10:180:22 | req.params.id | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:180:10:180:22 | req.params.id | SqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:180:10:180:22 | req.params.id | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:180:10:180:22 | req.params.id | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:180:10:180:22 | req.params.id | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:180:10:180:22 | req.params.id | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:180:10:180:22 | req.params.id | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:180:10:180:22 | req.params.id | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:180:10:180:22 | req.params.id | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:180:10:180:22 | req.params.id | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:180:10:180:22 | req.params.id | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:180:10:180:22 | req.params.id | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:180:10:180:22 | req.params.id | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:180:25:185:2 | (error, ... wn. \\n\\t} | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:180:25:185:2 | (error, ... wn. \\n\\t} | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:180:25:185:2 | (error, ... wn. \\n\\t} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:180:25:185:2 | (error, ... wn. \\n\\t} | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:180:25:185:2 | (error, ... wn. \\n\\t} | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:180:25:185:2 | (error, ... wn. \\n\\t} | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:180:25:185:2 | (error, ... wn. \\n\\t} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:180:25:185:2 | (error, ... wn. \\n\\t} | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:180:25:185:2 | (error, ... wn. \\n\\t} | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:180:25:185:2 | (error, ... wn. \\n\\t} | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:180:25:185:2 | (error, ... wn. \\n\\t} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:180:25:185:2 | (error, ... wn. \\n\\t} | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:180:25:185:2 | (error, ... wn. \\n\\t} | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:180:25:185:2 | (error, ... wn. \\n\\t} | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:180:25:185:2 | (error, ... wn. \\n\\t} | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:180:25:185:2 | (error, ... wn. \\n\\t} | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:182:6:182:11 | 'myId' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:182:6:182:11 | 'myId' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:182:6:182:11 | 'myId' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:182:6:182:11 | 'myId' | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:182:6:182:11 | 'myId' | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:182:6:182:11 | 'myId' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:182:6:182:11 | 'myId' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:182:6:182:11 | 'myId' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:182:6:182:11 | 'myId' | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:182:6:182:11 | 'myId' | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:182:6:182:11 | 'myId' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:182:6:182:11 | 'myId' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:182:6:182:11 | 'myId' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:182:6:182:11 | 'myId' | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:182:6:182:11 | 'myId' | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:182:6:182:11 | 'myId' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:182:6:182:11 | 'myId' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:182:6:182:11 | 'myId' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:182:6:182:11 | 'myId' | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:182:6:182:11 | 'myId' | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:182:19:182:23 | error | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:182:19:182:23 | error | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:182:19:182:23 | error | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:182:19:182:23 | error | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:184:5:184:10 | 'myId' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:184:5:184:10 | 'myId' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:184:5:184:10 | 'myId' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:184:5:184:10 | 'myId' | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:184:5:184:10 | 'myId' | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:184:5:184:10 | 'myId' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:184:5:184:10 | 'myId' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:184:5:184:10 | 'myId' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:184:5:184:10 | 'myId' | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:184:5:184:10 | 'myId' | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:184:5:184:10 | 'myId' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:184:5:184:10 | 'myId' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:184:5:184:10 | 'myId' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:184:5:184:10 | 'myId' | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:184:5:184:10 | 'myId' | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:184:5:184:10 | 'myId' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:184:5:184:10 | 'myId' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:184:5:184:10 | 'myId' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:184:5:184:10 | 'myId' | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:184:5:184:10 | 'myId' | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:184:18:184:20 | res | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:184:18:184:20 | res | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:184:18:184:20 | res | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:184:18:184:20 | res | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:188:9:188:19 | '/user/:id' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:188:9:188:19 | '/user/:id' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:188:9:188:19 | '/user/:id' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:188:9:188:19 | '/user/:id' | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:188:9:188:19 | '/user/:id' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:188:9:188:19 | '/user/:id' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:188:9:188:19 | '/user/:id' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:188:9:188:19 | '/user/:id' | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:188:9:188:19 | '/user/:id' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:188:9:188:19 | '/user/:id' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:188:9:188:19 | '/user/:id' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:188:9:188:19 | '/user/:id' | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:188:9:188:19 | '/user/:id' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:188:9:188:19 | '/user/:id' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:188:9:188:19 | '/user/:id' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:188:9:188:19 | '/user/:id' | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:188:22:194:1 | functio ... s)\\n\\t}\\n} | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:188:22:194:1 | functio ... s)\\n\\t}\\n} | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:188:22:194:1 | functio ... s)\\n\\t}\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:188:22:194:1 | functio ... s)\\n\\t}\\n} | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:188:22:194:1 | functio ... s)\\n\\t}\\n} | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:188:22:194:1 | functio ... s)\\n\\t}\\n} | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:188:22:194:1 | functio ... s)\\n\\t}\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:188:22:194:1 | functio ... s)\\n\\t}\\n} | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:188:22:194:1 | functio ... s)\\n\\t}\\n} | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:188:22:194:1 | functio ... s)\\n\\t}\\n} | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:188:22:194:1 | functio ... s)\\n\\t}\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:188:22:194:1 | functio ... s)\\n\\t}\\n} | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:188:22:194:1 | functio ... s)\\n\\t}\\n} | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:188:22:194:1 | functio ... s)\\n\\t}\\n} | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:188:22:194:1 | functio ... s)\\n\\t}\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:188:22:194:1 | functio ... s)\\n\\t}\\n} | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:196:18:196:21 | "fs" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:196:18:196:21 | "fs" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:196:18:196:21 | "fs" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:196:18:196:21 | "fs" | TaintedPath | sinkLabel | Sink | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:204:10:204:12 | foo | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:204:10:204:12 | foo | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:204:10:204:12 | foo | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:204:10:204:12 | foo | NosqlInjection | notASinkReason | LodashUnderscoreArgument | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:204:10:204:12 | foo | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:204:10:204:12 | foo | SqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:204:10:204:12 | foo | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:204:10:204:12 | foo | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:204:10:204:12 | foo | SqlInjection | notASinkReason | LodashUnderscoreArgument | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:204:10:204:12 | foo | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:204:10:204:12 | foo | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:204:10:204:12 | foo | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:204:10:204:12 | foo | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:204:10:204:12 | foo | TaintedPath | notASinkReason | LodashUnderscoreArgument | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:204:10:204:12 | foo | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:204:10:204:12 | foo | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:204:10:204:12 | foo | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:204:10:204:12 | foo | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:204:10:204:12 | foo | Xss | notASinkReason | LodashUnderscoreArgument | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:204:10:204:12 | foo | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:204:15:204:17 | foo | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:204:15:204:17 | foo | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:204:15:204:17 | foo | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:204:15:204:17 | foo | NosqlInjection | notASinkReason | LodashUnderscoreArgument | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:204:15:204:17 | foo | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:204:15:204:17 | foo | SqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:204:15:204:17 | foo | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:204:15:204:17 | foo | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:204:15:204:17 | foo | SqlInjection | notASinkReason | LodashUnderscoreArgument | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:204:15:204:17 | foo | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:204:15:204:17 | foo | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:204:15:204:17 | foo | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:204:15:204:17 | foo | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:204:15:204:17 | foo | TaintedPath | notASinkReason | LodashUnderscoreArgument | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:204:15:204:17 | foo | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:204:15:204:17 | foo | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:204:15:204:17 | foo | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:204:15:204:17 | foo | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:204:15:204:17 | foo | Xss | notASinkReason | LodashUnderscoreArgument | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:204:15:204:17 | foo | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:206:9:206:11 | foo | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:206:9:206:11 | foo | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:206:9:206:11 | foo | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:206:9:206:11 | foo | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:206:9:206:11 | foo | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:206:9:206:11 | foo | SqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:206:9:206:11 | foo | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:206:9:206:11 | foo | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:206:9:206:11 | foo | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:206:9:206:11 | foo | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:206:9:206:11 | foo | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:206:9:206:11 | foo | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:206:9:206:11 | foo | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:206:9:206:11 | foo | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:206:9:206:11 | foo | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:206:9:206:11 | foo | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:206:9:206:11 | foo | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:206:9:206:11 | foo | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:206:9:206:11 | foo | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:206:9:206:11 | foo | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:208:14:208:16 | foo | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:208:14:208:16 | foo | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:208:14:208:16 | foo | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:208:14:208:16 | foo | NosqlInjection | notASinkReason | StringRegExpTest | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:208:14:208:16 | foo | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:208:14:208:16 | foo | SqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:208:14:208:16 | foo | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:208:14:208:16 | foo | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:208:14:208:16 | foo | SqlInjection | notASinkReason | StringRegExpTest | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:208:14:208:16 | foo | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:208:14:208:16 | foo | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:208:14:208:16 | foo | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:208:14:208:16 | foo | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:208:14:208:16 | foo | TaintedPath | notASinkReason | StringRegExpTest | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:208:14:208:16 | foo | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:208:14:208:16 | foo | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:208:14:208:16 | foo | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:208:14:208:16 | foo | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:208:14:208:16 | foo | Xss | notASinkReason | StringRegExpTest | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:208:14:208:16 | foo | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:209:15:209:17 | foo | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:209:15:209:17 | foo | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:209:15:209:17 | foo | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:209:15:209:17 | foo | NosqlInjection | notASinkReason | LoggerMethod | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:209:15:209:17 | foo | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:209:15:209:17 | foo | SqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:209:15:209:17 | foo | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:209:15:209:17 | foo | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:209:15:209:17 | foo | SqlInjection | notASinkReason | LoggerMethod | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:209:15:209:17 | foo | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:209:15:209:17 | foo | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:209:15:209:17 | foo | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:209:15:209:17 | foo | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:209:15:209:17 | foo | TaintedPath | notASinkReason | LoggerMethod | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:209:15:209:17 | foo | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:209:15:209:17 | foo | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:209:15:209:17 | foo | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:209:15:209:17 | foo | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:209:15:209:17 | foo | Xss | notASinkReason | LoggerMethod | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:209:15:209:17 | foo | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:210:12:210:14 | foo | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:210:12:210:14 | foo | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:210:12:210:14 | foo | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:210:12:210:14 | foo | NosqlInjection | notASinkReason | LoggerMethod | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:210:12:210:14 | foo | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:210:12:210:14 | foo | SqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:210:12:210:14 | foo | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:210:12:210:14 | foo | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:210:12:210:14 | foo | SqlInjection | notASinkReason | LoggerMethod | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:210:12:210:14 | foo | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:210:12:210:14 | foo | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:210:12:210:14 | foo | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:210:12:210:14 | foo | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:210:12:210:14 | foo | TaintedPath | notASinkReason | LoggerMethod | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:210:12:210:14 | foo | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:210:12:210:14 | foo | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:210:12:210:14 | foo | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:210:12:210:14 | foo | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:210:12:210:14 | foo | Xss | notASinkReason | LoggerMethod | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:210:12:210:14 | foo | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:211:24:211:26 | foo | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:211:24:211:26 | foo | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:211:24:211:26 | foo | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:211:24:211:26 | foo | NosqlInjection | notASinkReason | ReceiverStorage | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:211:24:211:26 | foo | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:211:24:211:26 | foo | SqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:211:24:211:26 | foo | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:211:24:211:26 | foo | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:211:24:211:26 | foo | SqlInjection | notASinkReason | ReceiverStorage | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:211:24:211:26 | foo | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:211:24:211:26 | foo | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:211:24:211:26 | foo | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:211:24:211:26 | foo | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:211:24:211:26 | foo | TaintedPath | notASinkReason | ReceiverStorage | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:211:24:211:26 | foo | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:211:24:211:26 | foo | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:211:24:211:26 | foo | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:211:24:211:26 | foo | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:211:24:211:26 | foo | Xss | notASinkReason | ReceiverStorage | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:211:24:211:26 | foo | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:213:5:213:10 | 'myId' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:213:5:213:10 | 'myId' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:213:5:213:10 | 'myId' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:213:5:213:10 | 'myId' | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:213:5:213:10 | 'myId' | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:213:5:213:10 | 'myId' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:213:5:213:10 | 'myId' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:213:5:213:10 | 'myId' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:213:5:213:10 | 'myId' | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:213:5:213:10 | 'myId' | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:213:5:213:10 | 'myId' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:213:5:213:10 | 'myId' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:213:5:213:10 | 'myId' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:213:5:213:10 | 'myId' | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:213:5:213:10 | 'myId' | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:213:5:213:10 | 'myId' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:213:5:213:10 | 'myId' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:213:5:213:10 | 'myId' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:213:5:213:10 | 'myId' | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:213:5:213:10 | 'myId' | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/ExceptionXss/exception-xss.js:213:18:213:18 | e | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:213:18:213:18 | e | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:213:18:213:18 | e | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ExceptionXss/exception-xss.js:213:18:213:18 | e | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:1:23:1:31 | 'express' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:1:23:1:31 | 'express' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:1:23:1:31 | 'express' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:1:23:1:31 | 'express' | TaintedPath | sinkLabel | Sink | string | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:5:9:5:19 | '/user/:id' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:5:9:5:19 | '/user/:id' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:5:9:5:19 | '/user/:id' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:5:9:5:19 | '/user/:id' | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:5:9:5:19 | '/user/:id' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:5:9:5:19 | '/user/:id' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:5:9:5:19 | '/user/:id' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:5:9:5:19 | '/user/:id' | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:5:9:5:19 | '/user/:id' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:5:9:5:19 | '/user/:id' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:5:9:5:19 | '/user/:id' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:5:9:5:19 | '/user/:id' | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:5:9:5:19 | '/user/:id' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:5:9:5:19 | '/user/:id' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:5:9:5:19 | '/user/:id' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:5:9:5:19 | '/user/:id' | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:5:22:14:1 | functio ... ;\\n }\\n} | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:5:22:14:1 | functio ... ;\\n }\\n} | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:5:22:14:1 | functio ... ;\\n }\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:5:22:14:1 | functio ... ;\\n }\\n} | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:5:22:14:1 | functio ... ;\\n }\\n} | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:5:22:14:1 | functio ... ;\\n }\\n} | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:5:22:14:1 | functio ... ;\\n }\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:5:22:14:1 | functio ... ;\\n }\\n} | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:5:22:14:1 | functio ... ;\\n }\\n} | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:5:22:14:1 | functio ... ;\\n }\\n} | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:5:22:14:1 | functio ... ;\\n }\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:5:22:14:1 | functio ... ;\\n }\\n} | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:5:22:14:1 | functio ... ;\\n }\\n} | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:5:22:14:1 | functio ... ;\\n }\\n} | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:5:22:14:1 | functio ... ;\\n }\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:5:22:14:1 | functio ... ;\\n }\\n} | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:20:22:20:29 | "marked" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:20:22:20:29 | "marked" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:20:22:20:29 | "marked" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:20:22:20:29 | "marked" | TaintedPath | sinkLabel | Sink | string | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:21:9:21:19 | '/user/:id' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:21:9:21:19 | '/user/:id' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:21:9:21:19 | '/user/:id' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:21:9:21:19 | '/user/:id' | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:21:9:21:19 | '/user/:id' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:21:9:21:19 | '/user/:id' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:21:9:21:19 | '/user/:id' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:21:9:21:19 | '/user/:id' | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:21:9:21:19 | '/user/:id' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:21:9:21:19 | '/user/:id' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:21:9:21:19 | '/user/:id' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:21:9:21:19 | '/user/:id' | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:21:9:21:19 | '/user/:id' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:21:9:21:19 | '/user/:id' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:21:9:21:19 | '/user/:id' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:21:9:21:19 | '/user/:id' | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:21:22:24:1 | functio ... OT OK\\n} | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:21:22:24:1 | functio ... OT OK\\n} | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:21:22:24:1 | functio ... OT OK\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:21:22:24:1 | functio ... OT OK\\n} | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:21:22:24:1 | functio ... OT OK\\n} | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:21:22:24:1 | functio ... OT OK\\n} | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:21:22:24:1 | functio ... OT OK\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:21:22:24:1 | functio ... OT OK\\n} | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:21:22:24:1 | functio ... OT OK\\n} | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:21:22:24:1 | functio ... OT OK\\n} | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:21:22:24:1 | functio ... OT OK\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:21:22:24:1 | functio ... OT OK\\n} | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:21:22:24:1 | functio ... OT OK\\n} | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:21:22:24:1 | functio ... OT OK\\n} | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:21:22:24:1 | functio ... OT OK\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:21:22:24:1 | functio ... OT OK\\n} | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:27:21:27:36 | 'markdown-table' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:27:21:27:36 | 'markdown-table' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:27:21:27:36 | 'markdown-table' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:27:21:27:36 | 'markdown-table' | TaintedPath | sinkLabel | Sink | string | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:28:9:28:19 | '/user/:id' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:28:9:28:19 | '/user/:id' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:28:9:28:19 | '/user/:id' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:28:9:28:19 | '/user/:id' | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:28:9:28:19 | '/user/:id' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:28:9:28:19 | '/user/:id' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:28:9:28:19 | '/user/:id' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:28:9:28:19 | '/user/:id' | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:28:9:28:19 | '/user/:id' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:28:9:28:19 | '/user/:id' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:28:9:28:19 | '/user/:id' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:28:9:28:19 | '/user/:id' | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:28:9:28:19 | '/user/:id' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:28:9:28:19 | '/user/:id' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:28:9:28:19 | '/user/:id' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:28:9:28:19 | '/user/:id' | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:28:22:35:1 | functio ... OT OK\\n} | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:28:22:35:1 | functio ... OT OK\\n} | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:28:22:35:1 | functio ... OT OK\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:28:22:35:1 | functio ... OT OK\\n} | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:28:22:35:1 | functio ... OT OK\\n} | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:28:22:35:1 | functio ... OT OK\\n} | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:28:22:35:1 | functio ... OT OK\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:28:22:35:1 | functio ... OT OK\\n} | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:28:22:35:1 | functio ... OT OK\\n} | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:28:22:35:1 | functio ... OT OK\\n} | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:28:22:35:1 | functio ... OT OK\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:28:22:35:1 | functio ... OT OK\\n} | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:28:22:35:1 | functio ... OT OK\\n} | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:28:22:35:1 | functio ... OT OK\\n} | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:28:22:35:1 | functio ... OT OK\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:28:22:35:1 | functio ... OT OK\\n} | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:31:5:31:23 | ['Name', 'Content'] | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:31:5:31:23 | ['Name', 'Content'] | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:31:5:31:23 | ['Name', 'Content'] | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:31:5:31:23 | ['Name', 'Content'] | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:31:5:31:23 | ['Name', 'Content'] | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:31:5:31:23 | ['Name', 'Content'] | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:31:5:31:23 | ['Name', 'Content'] | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:31:5:31:23 | ['Name', 'Content'] | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:31:5:31:23 | ['Name', 'Content'] | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:31:5:31:23 | ['Name', 'Content'] | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:31:5:31:23 | ['Name', 'Content'] | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:31:5:31:23 | ['Name', 'Content'] | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:31:6:31:11 | 'Name' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:31:6:31:11 | 'Name' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:31:6:31:11 | 'Name' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:31:6:31:11 | 'Name' | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:31:6:31:11 | 'Name' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:31:6:31:11 | 'Name' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:31:6:31:11 | 'Name' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:31:6:31:11 | 'Name' | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:31:6:31:11 | 'Name' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:31:6:31:11 | 'Name' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:31:6:31:11 | 'Name' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:31:6:31:11 | 'Name' | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:31:14:31:22 | 'Content' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:31:14:31:22 | 'Content' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:31:14:31:22 | 'Content' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:31:14:31:22 | 'Content' | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:31:14:31:22 | 'Content' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:31:14:31:22 | 'Content' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:31:14:31:22 | 'Content' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:31:14:31:22 | 'Content' | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:31:14:31:22 | 'Content' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:31:14:31:22 | 'Content' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:31:14:31:22 | 'Content' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:31:14:31:22 | 'Content' | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:32:5:32:22 | ['body', req.body] | SqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:32:5:32:22 | ['body', req.body] | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:32:5:32:22 | ['body', req.body] | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:32:5:32:22 | ['body', req.body] | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:32:5:32:22 | ['body', req.body] | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:32:5:32:22 | ['body', req.body] | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:32:5:32:22 | ['body', req.body] | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:32:5:32:22 | ['body', req.body] | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:32:5:32:22 | ['body', req.body] | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:32:5:32:22 | ['body', req.body] | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:32:5:32:22 | ['body', req.body] | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:32:5:32:22 | ['body', req.body] | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:32:6:32:11 | 'body' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:32:6:32:11 | 'body' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:32:6:32:11 | 'body' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:32:6:32:11 | 'body' | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:32:6:32:11 | 'body' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:32:6:32:11 | 'body' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:32:6:32:11 | 'body' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:32:6:32:11 | 'body' | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:32:6:32:11 | 'body' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:32:6:32:11 | 'body' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:32:6:32:11 | 'body' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:32:6:32:11 | 'body' | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:32:14:32:21 | req.body | SqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:32:14:32:21 | req.body | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:32:14:32:21 | req.body | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:32:14:32:21 | req.body | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:32:14:32:21 | req.body | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:32:14:32:21 | req.body | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:32:14:32:21 | req.body | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:32:14:32:21 | req.body | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:32:14:32:21 | req.body | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:32:14:32:21 | req.body | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:32:14:32:21 | req.body | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:32:14:32:21 | req.body | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:37:25:37:34 | 'showdown' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:37:25:37:34 | 'showdown' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:37:25:37:34 | 'showdown' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:37:25:37:34 | 'showdown' | TaintedPath | sinkLabel | Sink | string | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:40:9:40:19 | '/user/:id' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:40:9:40:19 | '/user/:id' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:40:9:40:19 | '/user/:id' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:40:9:40:19 | '/user/:id' | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:40:9:40:19 | '/user/:id' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:40:9:40:19 | '/user/:id' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:40:9:40:19 | '/user/:id' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:40:9:40:19 | '/user/:id' | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:40:9:40:19 | '/user/:id' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:40:9:40:19 | '/user/:id' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:40:9:40:19 | '/user/:id' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:40:9:40:19 | '/user/:id' | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:40:9:40:19 | '/user/:id' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:40:9:40:19 | '/user/:id' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:40:9:40:19 | '/user/:id' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:40:9:40:19 | '/user/:id' | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:40:22:43:1 | functio ... OT OK\\n} | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:40:22:43:1 | functio ... OT OK\\n} | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:40:22:43:1 | functio ... OT OK\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:40:22:43:1 | functio ... OT OK\\n} | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:40:22:43:1 | functio ... OT OK\\n} | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:40:22:43:1 | functio ... OT OK\\n} | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:40:22:43:1 | functio ... OT OK\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:40:22:43:1 | functio ... OT OK\\n} | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:40:22:43:1 | functio ... OT OK\\n} | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:40:22:43:1 | functio ... OT OK\\n} | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:40:22:43:1 | functio ... OT OK\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:40:22:43:1 | functio ... OT OK\\n} | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:40:22:43:1 | functio ... OT OK\\n} | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:40:22:43:1 | functio ... OT OK\\n} | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:40:22:43:1 | functio ... OT OK\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:40:22:43:1 | functio ... OT OK\\n} | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:45:23:45:31 | 'unified' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:45:23:45:31 | 'unified' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:45:23:45:31 | 'unified' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:45:23:45:31 | 'unified' | TaintedPath | sinkLabel | Sink | string | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:46:24:46:37 | 'remark-parse' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:46:24:46:37 | 'remark-parse' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:46:24:46:37 | 'remark-parse' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:46:24:46:37 | 'remark-parse' | TaintedPath | sinkLabel | Sink | string | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:47:29:47:43 | 'remark-rehype' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:47:29:47:43 | 'remark-rehype' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:47:29:47:43 | 'remark-rehype' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:47:29:47:43 | 'remark-rehype' | TaintedPath | sinkLabel | Sink | string | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:48:19:48:35 | 'rehype-document' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:48:19:48:35 | 'rehype-document' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:48:19:48:35 | 'rehype-document' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:48:19:48:35 | 'rehype-document' | TaintedPath | sinkLabel | Sink | string | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:49:22:49:36 | 'rehype-format' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:49:22:49:36 | 'rehype-format' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:49:22:49:36 | 'rehype-format' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:49:22:49:36 | 'rehype-format' | TaintedPath | sinkLabel | Sink | string | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:50:12:50:38 | require ... ngify') | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:50:12:50:38 | require ... ngify') | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:50:12:50:38 | require ... ngify') | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:50:12:50:38 | require ... ngify') | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:50:20:50:37 | 'rehype-stringify' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:50:20:50:37 | 'rehype-stringify' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:50:20:50:37 | 'rehype-stringify' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:50:20:50:37 | 'rehype-stringify' | TaintedPath | sinkLabel | Sink | string | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:51:22:51:29 | "remark" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:51:22:51:29 | "remark" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:51:22:51:29 | "remark" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:51:22:51:29 | "remark" | TaintedPath | sinkLabel | Sink | string | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:52:24:52:40 | "rehype-sanitize" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:52:24:52:40 | "rehype-sanitize" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:52:24:52:40 | "rehype-sanitize" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:52:24:52:40 | "rehype-sanitize" | TaintedPath | sinkLabel | Sink | string | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:53:37:53:46 | 'showdown' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:53:37:53:46 | 'showdown' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:53:37:53:46 | 'showdown' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:53:37:53:46 | 'showdown' | TaintedPath | sinkLabel | Sink | string | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:55:9:55:19 | '/user/:id' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:55:9:55:19 | '/user/:id' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:55:9:55:19 | '/user/:id' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:55:9:55:19 | '/user/:id' | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:55:9:55:19 | '/user/:id' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:55:9:55:19 | '/user/:id' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:55:9:55:19 | '/user/:id' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:55:9:55:19 | '/user/:id' | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:55:9:55:19 | '/user/:id' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:55:9:55:19 | '/user/:id' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:55:9:55:19 | '/user/:id' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:55:9:55:19 | '/user/:id' | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:55:9:55:19 | '/user/:id' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:55:9:55:19 | '/user/:id' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:55:9:55:19 | '/user/:id' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:55:9:55:19 | '/user/:id' | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:55:22:77:1 | functio ... \\n })\\n} | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:55:22:77:1 | functio ... \\n })\\n} | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:55:22:77:1 | functio ... \\n })\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:55:22:77:1 | functio ... \\n })\\n} | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:55:22:77:1 | functio ... \\n })\\n} | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:55:22:77:1 | functio ... \\n })\\n} | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:55:22:77:1 | functio ... \\n })\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:55:22:77:1 | functio ... \\n })\\n} | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:55:22:77:1 | functio ... \\n })\\n} | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:55:22:77:1 | functio ... \\n })\\n} | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:55:22:77:1 | functio ... \\n })\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:55:22:77:1 | functio ... \\n })\\n} | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:55:22:77:1 | functio ... \\n })\\n} | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:55:22:77:1 | functio ... \\n })\\n} | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:55:22:77:1 | functio ... \\n })\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:55:22:77:1 | functio ... \\n })\\n} | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:59:10:59:17 | markdown | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:59:10:59:17 | markdown | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:59:10:59:17 | markdown | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:59:10:59:17 | markdown | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:59:10:59:17 | markdown | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:59:10:59:17 | markdown | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:59:10:59:17 | markdown | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:59:10:59:17 | markdown | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:59:10:59:17 | markdown | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:59:10:59:17 | markdown | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:59:10:59:17 | markdown | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:59:10:59:17 | markdown | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:59:10:59:17 | markdown | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:59:10:59:17 | markdown | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:59:10:59:17 | markdown | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:59:10:59:17 | markdown | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:60:10:60:22 | remark2rehype | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:60:10:60:22 | remark2rehype | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:60:10:60:22 | remark2rehype | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:60:10:60:22 | remark2rehype | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:60:10:60:22 | remark2rehype | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:60:10:60:22 | remark2rehype | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:60:10:60:22 | remark2rehype | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:60:10:60:22 | remark2rehype | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:60:10:60:22 | remark2rehype | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:60:10:60:22 | remark2rehype | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:60:10:60:22 | remark2rehype | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:60:10:60:22 | remark2rehype | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:60:10:60:22 | remark2rehype | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:60:10:60:22 | remark2rehype | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:60:10:60:22 | remark2rehype | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:60:10:60:22 | remark2rehype | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:61:10:61:12 | doc | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:61:10:61:12 | doc | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:61:10:61:12 | doc | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:61:10:61:12 | doc | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:61:10:61:12 | doc | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:61:10:61:12 | doc | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:61:10:61:12 | doc | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:61:10:61:12 | doc | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:61:10:61:12 | doc | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:61:10:61:12 | doc | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:61:10:61:12 | doc | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:61:10:61:12 | doc | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:61:10:61:12 | doc | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:61:10:61:12 | doc | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:61:10:61:12 | doc | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:61:10:61:12 | doc | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:61:15:61:31 | { title: '\\u1f44b\\udc4b\\u1f30d\\udf0d' } | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:61:15:61:31 | { title: '\\u1f44b\\udc4b\\u1f30d\\udf0d' } | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:61:15:61:31 | { title: '\\u1f44b\\udc4b\\u1f30d\\udf0d' } | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:61:15:61:31 | { title: '\\u1f44b\\udc4b\\u1f30d\\udf0d' } | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:61:15:61:31 | { title: '\\u1f44b\\udc4b\\u1f30d\\udf0d' } | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:61:15:61:31 | { title: '\\u1f44b\\udc4b\\u1f30d\\udf0d' } | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:61:15:61:31 | { title: '\\u1f44b\\udc4b\\u1f30d\\udf0d' } | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:61:15:61:31 | { title: '\\u1f44b\\udc4b\\u1f30d\\udf0d' } | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:61:15:61:31 | { title: '\\u1f44b\\udc4b\\u1f30d\\udf0d' } | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:61:15:61:31 | { title: '\\u1f44b\\udc4b\\u1f30d\\udf0d' } | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:61:15:61:31 | { title: '\\u1f44b\\udc4b\\u1f30d\\udf0d' } | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:61:15:61:31 | { title: '\\u1f44b\\udc4b\\u1f30d\\udf0d' } | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:61:15:61:31 | { title: '\\u1f44b\\udc4b\\u1f30d\\udf0d' } | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:61:15:61:31 | { title: '\\u1f44b\\udc4b\\u1f30d\\udf0d' } | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:61:15:61:31 | { title: '\\u1f44b\\udc4b\\u1f30d\\udf0d' } | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:61:15:61:31 | { title: '\\u1f44b\\udc4b\\u1f30d\\udf0d' } | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:61:24:61:29 | '\\u1f44b\\udc4b\\u1f30d\\udf0d' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:61:24:61:29 | '\\u1f44b\\udc4b\\u1f30d\\udf0d' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:61:24:61:29 | '\\u1f44b\\udc4b\\u1f30d\\udf0d' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:61:24:61:29 | '\\u1f44b\\udc4b\\u1f30d\\udf0d' | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:61:24:61:29 | '\\u1f44b\\udc4b\\u1f30d\\udf0d' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:61:24:61:29 | '\\u1f44b\\udc4b\\u1f30d\\udf0d' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:61:24:61:29 | '\\u1f44b\\udc4b\\u1f30d\\udf0d' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:61:24:61:29 | '\\u1f44b\\udc4b\\u1f30d\\udf0d' | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:61:24:61:29 | '\\u1f44b\\udc4b\\u1f30d\\udf0d' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:61:24:61:29 | '\\u1f44b\\udc4b\\u1f30d\\udf0d' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:61:24:61:29 | '\\u1f44b\\udc4b\\u1f30d\\udf0d' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:61:24:61:29 | '\\u1f44b\\udc4b\\u1f30d\\udf0d' | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:62:10:62:15 | format | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:62:10:62:15 | format | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:62:10:62:15 | format | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:62:10:62:15 | format | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:62:10:62:15 | format | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:62:10:62:15 | format | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:62:10:62:15 | format | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:62:10:62:15 | format | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:62:10:62:15 | format | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:62:10:62:15 | format | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:62:10:62:15 | format | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:62:10:62:15 | format | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:62:10:62:15 | format | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:62:10:62:15 | format | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:62:10:62:15 | format | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:62:10:62:15 | format | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:63:10:63:13 | html | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:63:10:63:13 | html | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:63:10:63:13 | html | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:63:10:63:13 | html | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:63:10:63:13 | html | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:63:10:63:13 | html | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:63:10:63:13 | html | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:63:10:63:13 | html | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:63:10:63:13 | html | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:63:10:63:13 | html | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:63:10:63:13 | html | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:63:10:63:13 | html | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:63:10:63:13 | html | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:63:10:63:13 | html | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:63:10:63:13 | html | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:63:10:63:13 | html | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:70:25:70:32 | sanitize | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:70:25:70:32 | sanitize | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:70:25:70:32 | sanitize | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:70:25:70:32 | sanitize | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:70:25:70:32 | sanitize | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:70:25:70:32 | sanitize | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:70:25:70:32 | sanitize | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:70:25:70:32 | sanitize | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:70:25:70:32 | sanitize | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:70:25:70:32 | sanitize | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:70:25:70:32 | sanitize | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:70:25:70:32 | sanitize | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:70:25:70:32 | sanitize | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:70:25:70:32 | sanitize | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:70:25:70:32 | sanitize | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:70:25:70:32 | sanitize | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:70:47:70:54 | req.body | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:70:47:70:54 | req.body | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:70:47:70:54 | req.body | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:70:47:70:54 | req.body | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:70:47:70:54 | req.body | SqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:70:47:70:54 | req.body | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:70:47:70:54 | req.body | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:70:47:70:54 | req.body | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:70:47:70:54 | req.body | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:70:47:70:54 | req.body | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:70:47:70:54 | req.body | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:70:47:70:54 | req.body | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:70:47:70:54 | req.body | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:70:47:70:54 | req.body | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:70:47:70:54 | req.body | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:70:47:70:54 | req.body | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:72:26:72:33 | markdown | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:72:26:72:33 | markdown | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:72:26:72:33 | markdown | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:72:26:72:33 | markdown | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:72:26:72:33 | markdown | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:72:26:72:33 | markdown | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:72:26:72:33 | markdown | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:72:26:72:33 | markdown | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:72:26:72:33 | markdown | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:72:26:72:33 | markdown | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:72:26:72:33 | markdown | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:72:26:72:33 | markdown | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:72:26:72:33 | markdown | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:72:26:72:33 | markdown | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:72:26:72:33 | markdown | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:72:26:72:33 | markdown | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:80:26:80:36 | "snarkdown" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:80:26:80:36 | "snarkdown" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:80:26:80:36 | "snarkdown" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:80:26:80:36 | "snarkdown" | TaintedPath | sinkLabel | Sink | string | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:82:9:82:19 | '/user/:id' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:82:9:82:19 | '/user/:id' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:82:9:82:19 | '/user/:id' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:82:9:82:19 | '/user/:id' | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:82:9:82:19 | '/user/:id' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:82:9:82:19 | '/user/:id' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:82:9:82:19 | '/user/:id' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:82:9:82:19 | '/user/:id' | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:82:9:82:19 | '/user/:id' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:82:9:82:19 | '/user/:id' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:82:9:82:19 | '/user/:id' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:82:9:82:19 | '/user/:id' | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:82:9:82:19 | '/user/:id' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:82:9:82:19 | '/user/:id' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:82:9:82:19 | '/user/:id' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:82:9:82:19 | '/user/:id' | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:82:22:86:1 | functio ... OT OK\\n} | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:82:22:86:1 | functio ... OT OK\\n} | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:82:22:86:1 | functio ... OT OK\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:82:22:86:1 | functio ... OT OK\\n} | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:82:22:86:1 | functio ... OT OK\\n} | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:82:22:86:1 | functio ... OT OK\\n} | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:82:22:86:1 | functio ... OT OK\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:82:22:86:1 | functio ... OT OK\\n} | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:82:22:86:1 | functio ... OT OK\\n} | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:82:22:86:1 | functio ... OT OK\\n} | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:82:22:86:1 | functio ... OT OK\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:82:22:86:1 | functio ... OT OK\\n} | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:82:22:86:1 | functio ... OT OK\\n} | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:82:22:86:1 | functio ... OT OK\\n} | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:82:22:86:1 | functio ... OT OK\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:82:22:86:1 | functio ... OT OK\\n} | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:88:28:88:40 | 'markdown-it' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:88:28:88:40 | 'markdown-it' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:88:28:88:40 | 'markdown-it' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:88:28:88:40 | 'markdown-it' | TaintedPath | sinkLabel | Sink | string | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:88:43:90:1 | {\\n html: true\\n} | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:88:43:90:1 | {\\n html: true\\n} | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:88:43:90:1 | {\\n html: true\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:88:43:90:1 | {\\n html: true\\n} | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:88:43:90:1 | {\\n html: true\\n} | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:88:43:90:1 | {\\n html: true\\n} | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:88:43:90:1 | {\\n html: true\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:88:43:90:1 | {\\n html: true\\n} | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:88:43:90:1 | {\\n html: true\\n} | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:88:43:90:1 | {\\n html: true\\n} | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:88:43:90:1 | {\\n html: true\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:88:43:90:1 | {\\n html: true\\n} | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:88:43:90:1 | {\\n html: true\\n} | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:88:43:90:1 | {\\n html: true\\n} | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:88:43:90:1 | {\\n html: true\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:88:43:90:1 | {\\n html: true\\n} | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:89:9:89:12 | true | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:89:9:89:12 | true | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:89:9:89:12 | true | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:89:9:89:12 | true | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:89:9:89:12 | true | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:89:9:89:12 | true | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:89:9:89:12 | true | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:89:9:89:12 | true | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:89:9:89:12 | true | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:89:9:89:12 | true | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:89:9:89:12 | true | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:89:9:89:12 | true | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:91:29:91:41 | 'markdown-it' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:91:29:91:41 | 'markdown-it' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:91:29:91:41 | 'markdown-it' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:91:29:91:41 | 'markdown-it' | TaintedPath | sinkLabel | Sink | string | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:91:44:91:45 | {} | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:91:44:91:45 | {} | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:91:44:91:45 | {} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:91:44:91:45 | {} | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:91:44:91:45 | {} | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:91:44:91:45 | {} | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:91:44:91:45 | {} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:91:44:91:45 | {} | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:91:44:91:45 | {} | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:91:44:91:45 | {} | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:91:44:91:45 | {} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:91:44:91:45 | {} | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:91:44:91:45 | {} | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:91:44:91:45 | {} | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:91:44:91:45 | {} | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:91:44:91:45 | {} | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:93:29:93:41 | 'markdown-it' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:93:29:93:41 | 'markdown-it' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:93:29:93:41 | 'markdown-it' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:93:29:93:41 | 'markdown-it' | TaintedPath | sinkLabel | Sink | string | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:93:44:93:55 | {html: true} | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:93:44:93:55 | {html: true} | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:93:44:93:55 | {html: true} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:93:44:93:55 | {html: true} | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:93:44:93:55 | {html: true} | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:93:44:93:55 | {html: true} | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:93:44:93:55 | {html: true} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:93:44:93:55 | {html: true} | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:93:44:93:55 | {html: true} | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:93:44:93:55 | {html: true} | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:93:44:93:55 | {html: true} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:93:44:93:55 | {html: true} | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:93:44:93:55 | {html: true} | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:93:44:93:55 | {html: true} | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:93:44:93:55 | {html: true} | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:93:44:93:55 | {html: true} | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:93:51:93:54 | true | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:93:51:93:54 | true | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:93:51:93:54 | true | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:93:51:93:54 | true | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:93:51:93:54 | true | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:93:51:93:54 | true | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:93:51:93:54 | true | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:93:51:93:54 | true | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:93:51:93:54 | true | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:93:51:93:54 | true | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:93:51:93:54 | true | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:93:51:93:54 | true | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:94:8:94:41 | require ... ghtjs') | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:94:8:94:41 | require ... ghtjs') | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:94:8:94:41 | require ... ghtjs') | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:94:8:94:41 | require ... ghtjs') | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:94:8:94:41 | require ... ghtjs') | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:94:8:94:41 | require ... ghtjs') | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:94:8:94:41 | require ... ghtjs') | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:94:8:94:41 | require ... ghtjs') | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:94:8:94:41 | require ... ghtjs') | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:94:8:94:41 | require ... ghtjs') | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:94:8:94:41 | require ... ghtjs') | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:94:8:94:41 | require ... ghtjs') | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:94:8:94:41 | require ... ghtjs') | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:94:8:94:41 | require ... ghtjs') | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:94:8:94:41 | require ... ghtjs') | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:94:8:94:41 | require ... ghtjs') | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:94:16:94:40 | 'markdo ... ightjs' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:94:16:94:40 | 'markdo ... ightjs' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:94:16:94:40 | 'markdo ... ightjs' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:94:16:94:40 | 'markdo ... ightjs' | TaintedPath | sinkLabel | Sink | string | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:96:9:96:19 | '/user/:id' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:96:9:96:19 | '/user/:id' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:96:9:96:19 | '/user/:id' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:96:9:96:19 | '/user/:id' | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:96:9:96:19 | '/user/:id' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:96:9:96:19 | '/user/:id' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:96:9:96:19 | '/user/:id' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:96:9:96:19 | '/user/:id' | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:96:9:96:19 | '/user/:id' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:96:9:96:19 | '/user/:id' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:96:9:96:19 | '/user/:id' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:96:9:96:19 | '/user/:id' | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:96:9:96:19 | '/user/:id' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:96:9:96:19 | '/user/:id' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:96:9:96:19 | '/user/:id' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:96:9:96:19 | '/user/:id' | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:96:22:104:1 | functio ... OT OK\\n} | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:96:22:104:1 | functio ... OT OK\\n} | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:96:22:104:1 | functio ... OT OK\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:96:22:104:1 | functio ... OT OK\\n} | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:96:22:104:1 | functio ... OT OK\\n} | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:96:22:104:1 | functio ... OT OK\\n} | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:96:22:104:1 | functio ... OT OK\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:96:22:104:1 | functio ... OT OK\\n} | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:96:22:104:1 | functio ... OT OK\\n} | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:96:22:104:1 | functio ... OT OK\\n} | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:96:22:104:1 | functio ... OT OK\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:96:22:104:1 | functio ... OT OK\\n} | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:96:22:104:1 | functio ... OT OK\\n} | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:96:22:104:1 | functio ... OT OK\\n} | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:96:22:104:1 | functio ... OT OK\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:96:22:104:1 | functio ... OT OK\\n} | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:99:31:99:38 | req.body | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:99:31:99:38 | req.body | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:99:31:99:38 | req.body | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:99:31:99:38 | req.body | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:99:31:99:38 | req.body | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:99:31:99:38 | req.body | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:99:31:99:38 | req.body | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:99:31:99:38 | req.body | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:99:31:99:38 | req.body | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:99:31:99:38 | req.body | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:99:31:99:38 | req.body | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:99:31:99:38 | req.body | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:102:27:102:58 | require ... tizer') | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:102:27:102:58 | require ... tizer') | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:102:27:102:58 | require ... tizer') | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:102:27:102:58 | require ... tizer') | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:102:27:102:58 | require ... tizer') | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:102:27:102:58 | require ... tizer') | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:102:27:102:58 | require ... tizer') | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:102:27:102:58 | require ... tizer') | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:102:27:102:58 | require ... tizer') | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:102:27:102:58 | require ... tizer') | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:102:27:102:58 | require ... tizer') | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:102:27:102:58 | require ... tizer') | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:102:27:102:58 | require ... tizer') | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:102:27:102:58 | require ... tizer') | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:102:27:102:58 | require ... tizer') | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:102:27:102:58 | require ... tizer') | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:102:35:102:57 | 'markdo ... itizer' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:102:35:102:57 | 'markdo ... itizer' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:102:35:102:57 | 'markdo ... itizer' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:102:35:102:57 | 'markdo ... itizer' | TaintedPath | sinkLabel | Sink | string | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:102:68:102:75 | req.body | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:102:68:102:75 | req.body | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:102:68:102:75 | req.body | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:102:68:102:75 | req.body | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:102:68:102:75 | req.body | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:102:68:102:75 | req.body | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:102:68:102:75 | req.body | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:102:68:102:75 | req.body | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:102:68:102:75 | req.body | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:102:68:102:75 | req.body | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:102:68:102:75 | req.body | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:102:68:102:75 | req.body | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:103:27:103:53 | require ... -abbr') | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:103:27:103:53 | require ... -abbr') | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:103:27:103:53 | require ... -abbr') | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:103:27:103:53 | require ... -abbr') | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:103:27:103:53 | require ... -abbr') | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:103:27:103:53 | require ... -abbr') | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:103:27:103:53 | require ... -abbr') | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:103:27:103:53 | require ... -abbr') | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:103:27:103:53 | require ... -abbr') | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:103:27:103:53 | require ... -abbr') | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:103:27:103:53 | require ... -abbr') | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:103:27:103:53 | require ... -abbr') | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:103:27:103:53 | require ... -abbr') | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:103:27:103:53 | require ... -abbr') | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:103:27:103:53 | require ... -abbr') | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:103:27:103:53 | require ... -abbr') | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:103:35:103:52 | 'markdown-it-abbr' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:103:35:103:52 | 'markdown-it-abbr' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:103:35:103:52 | 'markdown-it-abbr' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:103:35:103:52 | 'markdown-it-abbr' | TaintedPath | sinkLabel | Sink | string | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:103:60:103:66 | unknown | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:103:60:103:66 | unknown | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:103:60:103:66 | unknown | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:103:60:103:66 | unknown | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:103:60:103:66 | unknown | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:103:60:103:66 | unknown | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:103:60:103:66 | unknown | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:103:60:103:66 | unknown | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:103:60:103:66 | unknown | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:103:60:103:66 | unknown | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:103:60:103:66 | unknown | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:103:60:103:66 | unknown | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:103:60:103:66 | unknown | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:103:60:103:66 | unknown | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:103:60:103:66 | unknown | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:103:60:103:66 | unknown | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:1:23:1:31 | 'express' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:1:23:1:31 | 'express' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:1:23:1:31 | 'express' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:1:23:1:31 | 'express' | TaintedPath | sinkLabel | Sink | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:4:9:4:19 | '/user/:id' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:4:9:4:19 | '/user/:id' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:4:9:4:19 | '/user/:id' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:4:9:4:19 | '/user/:id' | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:4:9:4:19 | '/user/:id' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:4:9:4:19 | '/user/:id' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:4:9:4:19 | '/user/:id' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:4:9:4:19 | '/user/:id' | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:4:9:4:19 | '/user/:id' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:4:9:4:19 | '/user/:id' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:4:9:4:19 | '/user/:id' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:4:9:4:19 | '/user/:id' | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:4:9:4:19 | '/user/:id' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:4:9:4:19 | '/user/:id' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:4:9:4:19 | '/user/:id' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:4:9:4:19 | '/user/:id' | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:4:22:12:1 | functio ... .\\n }\\n} | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:4:22:12:1 | functio ... .\\n }\\n} | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:4:22:12:1 | functio ... .\\n }\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:4:22:12:1 | functio ... .\\n }\\n} | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:4:22:12:1 | functio ... .\\n }\\n} | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:4:22:12:1 | functio ... .\\n }\\n} | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:4:22:12:1 | functio ... .\\n }\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:4:22:12:1 | functio ... .\\n }\\n} | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:4:22:12:1 | functio ... .\\n }\\n} | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:4:22:12:1 | functio ... .\\n }\\n} | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:4:22:12:1 | functio ... .\\n }\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:4:22:12:1 | functio ... .\\n }\\n} | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:4:22:12:1 | functio ... .\\n }\\n} | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:4:22:12:1 | functio ... .\\n }\\n} | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:4:22:12:1 | functio ... .\\n }\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:4:22:12:1 | functio ... .\\n }\\n} | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:6:13:6:26 | 'Content-Type' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:6:13:6:26 | 'Content-Type' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:6:13:6:26 | 'Content-Type' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:6:13:6:26 | 'Content-Type' | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:6:13:6:26 | 'Content-Type' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:6:13:6:26 | 'Content-Type' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:6:13:6:26 | 'Content-Type' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:6:13:6:26 | 'Content-Type' | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:6:13:6:26 | 'Content-Type' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:6:13:6:26 | 'Content-Type' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:6:13:6:26 | 'Content-Type' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:6:13:6:26 | 'Content-Type' | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:6:29:6:40 | 'text/plain' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:6:29:6:40 | 'text/plain' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:6:29:6:40 | 'text/plain' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:6:29:6:40 | 'text/plain' | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:6:29:6:40 | 'text/plain' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:6:29:6:40 | 'text/plain' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:6:29:6:40 | 'text/plain' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:6:29:6:40 | 'text/plain' | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:6:29:6:40 | 'text/plain' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:6:29:6:40 | 'text/plain' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:6:29:6:40 | 'text/plain' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:6:29:6:40 | 'text/plain' | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:9:13:9:26 | 'Content-Type' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:9:13:9:26 | 'Content-Type' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:9:13:9:26 | 'Content-Type' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:9:13:9:26 | 'Content-Type' | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:9:13:9:26 | 'Content-Type' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:9:13:9:26 | 'Content-Type' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:9:13:9:26 | 'Content-Type' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:9:13:9:26 | 'Content-Type' | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:9:13:9:26 | 'Content-Type' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:9:13:9:26 | 'Content-Type' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:9:13:9:26 | 'Content-Type' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:9:13:9:26 | 'Content-Type' | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:9:29:9:39 | 'text/html' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:9:29:9:39 | 'text/html' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:9:29:9:39 | 'text/html' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:9:29:9:39 | 'text/html' | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:9:29:9:39 | 'text/html' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:9:29:9:39 | 'text/html' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:9:29:9:39 | 'text/html' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:9:29:9:39 | 'text/html' | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:9:29:9:39 | 'text/html' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:9:29:9:39 | 'text/html' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:9:29:9:39 | 'text/html' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:9:29:9:39 | 'text/html' | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:14:9:14:19 | '/user/:id' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:14:9:14:19 | '/user/:id' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:14:9:14:19 | '/user/:id' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:14:9:14:19 | '/user/:id' | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:14:9:14:19 | '/user/:id' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:14:9:14:19 | '/user/:id' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:14:9:14:19 | '/user/:id' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:14:9:14:19 | '/user/:id' | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:14:9:14:19 | '/user/:id' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:14:9:14:19 | '/user/:id' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:14:9:14:19 | '/user/:id' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:14:9:14:19 | '/user/:id' | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:14:9:14:19 | '/user/:id' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:14:9:14:19 | '/user/:id' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:14:9:14:19 | '/user/:id' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:14:9:14:19 | '/user/:id' | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:14:22:22:1 | functio ... .\\n }\\n} | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:14:22:22:1 | functio ... .\\n }\\n} | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:14:22:22:1 | functio ... .\\n }\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:14:22:22:1 | functio ... .\\n }\\n} | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:14:22:22:1 | functio ... .\\n }\\n} | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:14:22:22:1 | functio ... .\\n }\\n} | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:14:22:22:1 | functio ... .\\n }\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:14:22:22:1 | functio ... .\\n }\\n} | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:14:22:22:1 | functio ... .\\n }\\n} | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:14:22:22:1 | functio ... .\\n }\\n} | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:14:22:22:1 | functio ... .\\n }\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:14:22:22:1 | functio ... .\\n }\\n} | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:14:22:22:1 | functio ... .\\n }\\n} | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:14:22:22:1 | functio ... .\\n }\\n} | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:14:22:22:1 | functio ... .\\n }\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:14:22:22:1 | functio ... .\\n }\\n} | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:16:19:16:21 | 200 | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:16:19:16:21 | 200 | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:16:19:16:21 | 200 | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:16:19:16:21 | 200 | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:16:19:16:21 | 200 | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:16:19:16:21 | 200 | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:16:19:16:21 | 200 | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:16:19:16:21 | 200 | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:16:19:16:21 | 200 | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:16:19:16:21 | 200 | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:16:19:16:21 | 200 | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:16:19:16:21 | 200 | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:16:24:16:59 | {'Conte ... /json'} | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:16:24:16:59 | {'Conte ... /json'} | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:16:24:16:59 | {'Conte ... /json'} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:16:24:16:59 | {'Conte ... /json'} | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:16:24:16:59 | {'Conte ... /json'} | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:16:24:16:59 | {'Conte ... /json'} | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:16:24:16:59 | {'Conte ... /json'} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:16:24:16:59 | {'Conte ... /json'} | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:16:24:16:59 | {'Conte ... /json'} | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:16:24:16:59 | {'Conte ... /json'} | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:16:24:16:59 | {'Conte ... /json'} | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:16:24:16:59 | {'Conte ... /json'} | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:16:41:16:58 | 'application/json' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:16:41:16:58 | 'application/json' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:16:41:16:58 | 'application/json' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:16:41:16:58 | 'application/json' | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:16:41:16:58 | 'application/json' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:16:41:16:58 | 'application/json' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:16:41:16:58 | 'application/json' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:16:41:16:58 | 'application/json' | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:16:41:16:58 | 'application/json' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:16:41:16:58 | 'application/json' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:16:41:16:58 | 'application/json' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:16:41:16:58 | 'application/json' | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:19:19:19:21 | 404 | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:19:19:19:21 | 404 | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:19:19:19:21 | 404 | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:19:19:19:21 | 404 | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:19:19:19:21 | 404 | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:19:19:19:21 | 404 | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:19:19:19:21 | 404 | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:19:19:19:21 | 404 | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:19:19:19:21 | 404 | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:19:19:19:21 | 404 | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:19:19:19:21 | 404 | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:19:19:19:21 | 404 | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:25:9:25:19 | '/user/:id' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:25:9:25:19 | '/user/:id' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:25:9:25:19 | '/user/:id' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:25:9:25:19 | '/user/:id' | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:25:9:25:19 | '/user/:id' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:25:9:25:19 | '/user/:id' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:25:9:25:19 | '/user/:id' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:25:9:25:19 | '/user/:id' | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:25:9:25:19 | '/user/:id' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:25:9:25:19 | '/user/:id' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:25:9:25:19 | '/user/:id' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:25:9:25:19 | '/user/:id' | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:25:9:25:19 | '/user/:id' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:25:9:25:19 | '/user/:id' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:25:9:25:19 | '/user/:id' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:25:9:25:19 | '/user/:id' | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:25:22:33:1 | functio ... JSON\\n} | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:25:22:33:1 | functio ... JSON\\n} | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:25:22:33:1 | functio ... JSON\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:25:22:33:1 | functio ... JSON\\n} | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:25:22:33:1 | functio ... JSON\\n} | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:25:22:33:1 | functio ... JSON\\n} | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:25:22:33:1 | functio ... JSON\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:25:22:33:1 | functio ... JSON\\n} | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:25:22:33:1 | functio ... JSON\\n} | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:25:22:33:1 | functio ... JSON\\n} | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:25:22:33:1 | functio ... JSON\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:25:22:33:1 | functio ... JSON\\n} | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:25:22:33:1 | functio ... JSON\\n} | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:25:22:33:1 | functio ... JSON\\n} | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:25:22:33:1 | functio ... JSON\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:25:22:33:1 | functio ... JSON\\n} | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:26:17:26:19 | 200 | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:26:17:26:19 | 200 | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:26:17:26:19 | 200 | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:26:17:26:19 | 200 | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:26:17:26:19 | 200 | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:26:17:26:19 | 200 | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:26:17:26:19 | 200 | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:26:17:26:19 | 200 | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:26:17:26:19 | 200 | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:26:17:26:19 | 200 | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:26:17:26:19 | 200 | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:26:17:26:19 | 200 | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:26:22:26:57 | {'Conte ... /json'} | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:26:22:26:57 | {'Conte ... /json'} | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:26:22:26:57 | {'Conte ... /json'} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:26:22:26:57 | {'Conte ... /json'} | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:26:22:26:57 | {'Conte ... /json'} | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:26:22:26:57 | {'Conte ... /json'} | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:26:22:26:57 | {'Conte ... /json'} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:26:22:26:57 | {'Conte ... /json'} | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:26:22:26:57 | {'Conte ... /json'} | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:26:22:26:57 | {'Conte ... /json'} | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:26:22:26:57 | {'Conte ... /json'} | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:26:22:26:57 | {'Conte ... /json'} | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:26:39:26:56 | 'application/json' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:26:39:26:56 | 'application/json' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:26:39:26:56 | 'application/json' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:26:39:26:56 | 'application/json' | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:26:39:26:56 | 'application/json' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:26:39:26:56 | 'application/json' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:26:39:26:56 | 'application/json' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:26:39:26:56 | 'application/json' | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:26:39:26:56 | 'application/json' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:26:39:26:56 | 'application/json' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:26:39:26:56 | 'application/json' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:26:39:26:56 | 'application/json' | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:36:9:36:19 | '/user/:id' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:36:9:36:19 | '/user/:id' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:36:9:36:19 | '/user/:id' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:36:9:36:19 | '/user/:id' | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:36:9:36:19 | '/user/:id' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:36:9:36:19 | '/user/:id' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:36:9:36:19 | '/user/:id' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:36:9:36:19 | '/user/:id' | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:36:9:36:19 | '/user/:id' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:36:9:36:19 | '/user/:id' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:36:9:36:19 | '/user/:id' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:36:9:36:19 | '/user/:id' | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:36:9:36:19 | '/user/:id' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:36:9:36:19 | '/user/:id' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:36:9:36:19 | '/user/:id' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:36:9:36:19 | '/user/:id' | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:36:22:44:1 | functio ... K\\n }\\n} | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:36:22:44:1 | functio ... K\\n }\\n} | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:36:22:44:1 | functio ... K\\n }\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:36:22:44:1 | functio ... K\\n }\\n} | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:36:22:44:1 | functio ... K\\n }\\n} | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:36:22:44:1 | functio ... K\\n }\\n} | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:36:22:44:1 | functio ... K\\n }\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:36:22:44:1 | functio ... K\\n }\\n} | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:36:22:44:1 | functio ... K\\n }\\n} | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:36:22:44:1 | functio ... K\\n }\\n} | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:36:22:44:1 | functio ... K\\n }\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:36:22:44:1 | functio ... K\\n }\\n} | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:36:22:44:1 | functio ... K\\n }\\n} | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:36:22:44:1 | functio ... K\\n }\\n} | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:36:22:44:1 | functio ... K\\n }\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:36:22:44:1 | functio ... K\\n }\\n} | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:41:19:41:32 | 'Content-Type' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:41:19:41:32 | 'Content-Type' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:41:19:41:32 | 'Content-Type' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:41:19:41:32 | 'Content-Type' | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:41:19:41:32 | 'Content-Type' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:41:19:41:32 | 'Content-Type' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:41:19:41:32 | 'Content-Type' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:41:19:41:32 | 'Content-Type' | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:41:19:41:32 | 'Content-Type' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:41:19:41:32 | 'Content-Type' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:41:19:41:32 | 'Content-Type' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:41:19:41:32 | 'Content-Type' | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:41:35:41:59 | 'text/p ... t=utf8' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:41:35:41:59 | 'text/p ... t=utf8' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:41:35:41:59 | 'text/p ... t=utf8' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:41:35:41:59 | 'text/p ... t=utf8' | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:41:35:41:59 | 'text/p ... t=utf8' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:41:35:41:59 | 'text/p ... t=utf8' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:41:35:41:59 | 'text/p ... t=utf8' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:41:35:41:59 | 'text/p ... t=utf8' | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:41:35:41:59 | 'text/p ... t=utf8' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:41:35:41:59 | 'text/p ... t=utf8' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:41:35:41:59 | 'text/p ... t=utf8' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:41:35:41:59 | 'text/p ... t=utf8' | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:50:9:50:19 | '/user/:id' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:50:9:50:19 | '/user/:id' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:50:9:50:19 | '/user/:id' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:50:9:50:19 | '/user/:id' | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:50:9:50:19 | '/user/:id' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:50:9:50:19 | '/user/:id' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:50:9:50:19 | '/user/:id' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:50:9:50:19 | '/user/:id' | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:50:9:50:19 | '/user/:id' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:50:9:50:19 | '/user/:id' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:50:9:50:19 | '/user/:id' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:50:9:50:19 | '/user/:id' | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:50:9:50:19 | '/user/:id' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:50:9:50:19 | '/user/:id' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:50:9:50:19 | '/user/:id' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:50:9:50:19 | '/user/:id' | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:50:22:58:1 | functio ... K\\n }\\n} | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:50:22:58:1 | functio ... K\\n }\\n} | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:50:22:58:1 | functio ... K\\n }\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:50:22:58:1 | functio ... K\\n }\\n} | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:50:22:58:1 | functio ... K\\n }\\n} | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:50:22:58:1 | functio ... K\\n }\\n} | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:50:22:58:1 | functio ... K\\n }\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:50:22:58:1 | functio ... K\\n }\\n} | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:50:22:58:1 | functio ... K\\n }\\n} | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:50:22:58:1 | functio ... K\\n }\\n} | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:50:22:58:1 | functio ... K\\n }\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:50:22:58:1 | functio ... K\\n }\\n} | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:50:22:58:1 | functio ... K\\n }\\n} | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:50:22:58:1 | functio ... K\\n }\\n} | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:50:22:58:1 | functio ... K\\n }\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:50:22:58:1 | functio ... K\\n }\\n} | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:52:16:52:50 | {'Conte ... Type()} | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:52:16:52:50 | {'Conte ... Type()} | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:52:16:52:50 | {'Conte ... Type()} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:52:16:52:50 | {'Conte ... Type()} | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:52:16:52:50 | {'Conte ... Type()} | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:52:16:52:50 | {'Conte ... Type()} | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:52:16:52:50 | {'Conte ... Type()} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:52:16:52:50 | {'Conte ... Type()} | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:52:16:52:50 | {'Conte ... Type()} | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:52:16:52:50 | {'Conte ... Type()} | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:52:16:52:50 | {'Conte ... Type()} | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:52:16:52:50 | {'Conte ... Type()} | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:52:33:52:49 | textContentType() | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:52:33:52:49 | textContentType() | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:52:33:52:49 | textContentType() | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:52:33:52:49 | textContentType() | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:52:33:52:49 | textContentType() | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:52:33:52:49 | textContentType() | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:52:33:52:49 | textContentType() | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:52:33:52:49 | textContentType() | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:52:33:52:49 | textContentType() | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:52:33:52:49 | textContentType() | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:52:33:52:49 | textContentType() | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:52:33:52:49 | textContentType() | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:55:19:55:32 | 'Content-Type' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:55:19:55:32 | 'Content-Type' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:55:19:55:32 | 'Content-Type' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:55:19:55:32 | 'Content-Type' | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:55:19:55:32 | 'Content-Type' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:55:19:55:32 | 'Content-Type' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:55:19:55:32 | 'Content-Type' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:55:19:55:32 | 'Content-Type' | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:55:19:55:32 | 'Content-Type' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:55:19:55:32 | 'Content-Type' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:55:19:55:32 | 'Content-Type' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:55:19:55:32 | 'Content-Type' | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:55:35:55:59 | 'text/p ... t=utf8' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:55:35:55:59 | 'text/p ... t=utf8' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:55:35:55:59 | 'text/p ... t=utf8' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:55:35:55:59 | 'text/p ... t=utf8' | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:55:35:55:59 | 'text/p ... t=utf8' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:55:35:55:59 | 'text/p ... t=utf8' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:55:35:55:59 | 'text/p ... t=utf8' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:55:35:55:59 | 'text/p ... t=utf8' | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:55:35:55:59 | 'text/p ... t=utf8' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:55:35:55:59 | 'text/p ... t=utf8' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:55:35:55:59 | 'text/p ... t=utf8' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:55:35:55:59 | 'text/p ... t=utf8' | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:60:9:60:19 | '/user/:id' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:60:9:60:19 | '/user/:id' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:60:9:60:19 | '/user/:id' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:60:9:60:19 | '/user/:id' | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:60:9:60:19 | '/user/:id' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:60:9:60:19 | '/user/:id' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:60:9:60:19 | '/user/:id' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:60:9:60:19 | '/user/:id' | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:60:9:60:19 | '/user/:id' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:60:9:60:19 | '/user/:id' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:60:9:60:19 | '/user/:id' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:60:9:60:19 | '/user/:id' | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:60:9:60:19 | '/user/:id' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:60:9:60:19 | '/user/:id' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:60:9:60:19 | '/user/:id' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:60:9:60:19 | '/user/:id' | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:60:22:71:1 | functio ... set.\\n} | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:60:22:71:1 | functio ... set.\\n} | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:60:22:71:1 | functio ... set.\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:60:22:71:1 | functio ... set.\\n} | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:60:22:71:1 | functio ... set.\\n} | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:60:22:71:1 | functio ... set.\\n} | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:60:22:71:1 | functio ... set.\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:60:22:71:1 | functio ... set.\\n} | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:60:22:71:1 | functio ... set.\\n} | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:60:22:71:1 | functio ... set.\\n} | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:60:22:71:1 | functio ... set.\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:60:22:71:1 | functio ... set.\\n} | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:60:22:71:1 | functio ... set.\\n} | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:60:22:71:1 | functio ... set.\\n} | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:60:22:71:1 | functio ... set.\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:60:22:71:1 | functio ... set.\\n} | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:62:19:62:21 | 200 | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:62:19:62:21 | 200 | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:62:19:62:21 | 200 | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:62:19:62:21 | 200 | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:62:19:62:21 | 200 | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:62:19:62:21 | 200 | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:62:19:62:21 | 200 | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:62:19:62:21 | 200 | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:62:19:62:21 | 200 | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:62:19:62:21 | 200 | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:62:19:62:21 | 200 | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:62:19:62:21 | 200 | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:62:24:62:59 | {'Conte ... /json'} | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:62:24:62:59 | {'Conte ... /json'} | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:62:24:62:59 | {'Conte ... /json'} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:62:24:62:59 | {'Conte ... /json'} | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:62:24:62:59 | {'Conte ... /json'} | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:62:24:62:59 | {'Conte ... /json'} | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:62:24:62:59 | {'Conte ... /json'} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:62:24:62:59 | {'Conte ... /json'} | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:62:24:62:59 | {'Conte ... /json'} | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:62:24:62:59 | {'Conte ... /json'} | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:62:24:62:59 | {'Conte ... /json'} | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:62:24:62:59 | {'Conte ... /json'} | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:62:41:62:58 | 'application/json' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:62:41:62:58 | 'application/json' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:62:41:62:58 | 'application/json' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:62:41:62:58 | 'application/json' | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:62:41:62:58 | 'application/json' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:62:41:62:58 | 'application/json' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:62:41:62:58 | 'application/json' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:62:41:62:58 | 'application/json' | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:62:41:62:58 | 'application/json' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:62:41:62:58 | 'application/json' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:62:41:62:58 | 'application/json' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:62:41:62:58 | 'application/json' | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:69:17:69:19 | 404 | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:69:17:69:19 | 404 | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:69:17:69:19 | 404 | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:69:17:69:19 | 404 | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:69:17:69:19 | 404 | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:69:17:69:19 | 404 | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:69:17:69:19 | 404 | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:69:17:69:19 | 404 | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:69:17:69:19 | 404 | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:69:17:69:19 | 404 | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:69:17:69:19 | 404 | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:69:17:69:19 | 404 | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:73:9:73:19 | '/user/:id' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:73:9:73:19 | '/user/:id' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:73:9:73:19 | '/user/:id' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:73:9:73:19 | '/user/:id' | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:73:9:73:19 | '/user/:id' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:73:9:73:19 | '/user/:id' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:73:9:73:19 | '/user/:id' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:73:9:73:19 | '/user/:id' | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:73:9:73:19 | '/user/:id' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:73:9:73:19 | '/user/:id' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:73:9:73:19 | '/user/:id' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:73:9:73:19 | '/user/:id' | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:73:9:73:19 | '/user/:id' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:73:9:73:19 | '/user/:id' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:73:9:73:19 | '/user/:id' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:73:9:73:19 | '/user/:id' | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:73:22:79:1 | functio ... // OK\\n} | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:73:22:79:1 | functio ... // OK\\n} | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:73:22:79:1 | functio ... // OK\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:73:22:79:1 | functio ... // OK\\n} | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:73:22:79:1 | functio ... // OK\\n} | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:73:22:79:1 | functio ... // OK\\n} | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:73:22:79:1 | functio ... // OK\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:73:22:79:1 | functio ... // OK\\n} | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:73:22:79:1 | functio ... // OK\\n} | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:73:22:79:1 | functio ... // OK\\n} | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:73:22:79:1 | functio ... // OK\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:73:22:79:1 | functio ... // OK\\n} | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:73:22:79:1 | functio ... // OK\\n} | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:73:22:79:1 | functio ... // OK\\n} | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:73:22:79:1 | functio ... // OK\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:73:22:79:1 | functio ... // OK\\n} | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:74:14:74:48 | {'Conte ... Type()} | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:74:14:74:48 | {'Conte ... Type()} | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:74:14:74:48 | {'Conte ... Type()} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:74:14:74:48 | {'Conte ... Type()} | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:74:14:74:48 | {'Conte ... Type()} | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:74:14:74:48 | {'Conte ... Type()} | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:74:14:74:48 | {'Conte ... Type()} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:74:14:74:48 | {'Conte ... Type()} | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:74:14:74:48 | {'Conte ... Type()} | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:74:14:74:48 | {'Conte ... Type()} | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:74:14:74:48 | {'Conte ... Type()} | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:74:14:74:48 | {'Conte ... Type()} | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:74:31:74:47 | textContentType() | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:74:31:74:47 | textContentType() | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:74:31:74:47 | textContentType() | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:74:31:74:47 | textContentType() | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:74:31:74:47 | textContentType() | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:74:31:74:47 | textContentType() | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:74:31:74:47 | textContentType() | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:74:31:74:47 | textContentType() | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:74:31:74:47 | textContentType() | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:74:31:74:47 | textContentType() | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:74:31:74:47 | textContentType() | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:74:31:74:47 | textContentType() | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:75:19:77:3 | () => { ... OK\\n } | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:75:19:77:3 | () => { ... OK\\n } | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:75:19:77:3 | () => { ... OK\\n } | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:75:19:77:3 | () => { ... OK\\n } | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:75:19:77:3 | () => { ... OK\\n } | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:75:19:77:3 | () => { ... OK\\n } | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:75:19:77:3 | () => { ... OK\\n } | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:75:19:77:3 | () => { ... OK\\n } | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:75:19:77:3 | () => { ... OK\\n } | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:75:19:77:3 | () => { ... OK\\n } | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:75:19:77:3 | () => { ... OK\\n } | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:75:19:77:3 | () => { ... OK\\n } | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:75:19:77:3 | () => { ... OK\\n } | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:75:19:77:3 | () => { ... OK\\n } | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:75:19:77:3 | () => { ... OK\\n } | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:75:19:77:3 | () => { ... OK\\n } | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:1:21:1:25 | "url" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:1:21:1:25 | "url" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:1:21:1:25 | "url" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:1:21:1:25 | "url" | TaintedPath | sinkLabel | Sink | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:3:9:3:14 | "http" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:3:9:3:14 | "http" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:3:9:3:14 | "http" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:3:9:3:14 | "http" | TaintedPath | sinkLabel | Sink | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:3:30:6:1 | functio ... name)\\n} | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:3:30:6:1 | functio ... name)\\n} | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:3:30:6:1 | functio ... name)\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:3:30:6:1 | functio ... name)\\n} | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:3:30:6:1 | functio ... name)\\n} | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:3:30:6:1 | functio ... name)\\n} | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:3:30:6:1 | functio ... name)\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:3:30:6:1 | functio ... name)\\n} | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:3:30:6:1 | functio ... name)\\n} | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:3:30:6:1 | functio ... name)\\n} | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:3:30:6:1 | functio ... name)\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:3:30:6:1 | functio ... name)\\n} | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:3:30:6:1 | functio ... name)\\n} | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:3:30:6:1 | functio ... name)\\n} | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:3:30:6:1 | functio ... name)\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:3:30:6:1 | functio ... name)\\n} | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:9:18:9:20 | 200 | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:9:18:9:20 | 200 | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:9:18:9:20 | 200 | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:9:18:9:20 | 200 | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:9:18:9:20 | 200 | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:9:18:9:20 | 200 | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:9:18:9:20 | 200 | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:9:18:9:20 | 200 | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:9:18:9:20 | 200 | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:9:18:9:20 | 200 | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:9:18:9:20 | 200 | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:9:18:9:20 | 200 | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:9:23:9:67 | {"conte ... utf-8"} | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:9:23:9:67 | {"conte ... utf-8"} | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:9:23:9:67 | {"conte ... utf-8"} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:9:23:9:67 | {"conte ... utf-8"} | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:9:23:9:67 | {"conte ... utf-8"} | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:9:23:9:67 | {"conte ... utf-8"} | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:9:23:9:67 | {"conte ... utf-8"} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:9:23:9:67 | {"conte ... utf-8"} | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:9:23:9:67 | {"conte ... utf-8"} | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:9:23:9:67 | {"conte ... utf-8"} | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:9:23:9:67 | {"conte ... utf-8"} | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:9:23:9:67 | {"conte ... utf-8"} | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:9:40:9:66 | "text/p ... =utf-8" | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:9:40:9:66 | "text/p ... =utf-8" | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:9:40:9:66 | "text/p ... =utf-8" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:9:40:9:66 | "text/p ... =utf-8" | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:9:40:9:66 | "text/p ... =utf-8" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:9:40:9:66 | "text/p ... =utf-8" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:9:40:9:66 | "text/p ... =utf-8" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:9:40:9:66 | "text/p ... =utf-8" | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:9:40:9:66 | "text/p ... =utf-8" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:9:40:9:66 | "text/p ... =utf-8" | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:9:40:9:66 | "text/p ... =utf-8" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:9:40:9:66 | "text/p ... =utf-8" | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:1:23:1:31 | 'express' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:1:23:1:31 | 'express' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:1:23:1:31 | 'express' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:1:23:1:31 | 'express' | TaintedPath | sinkLabel | Sink | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:8:14:8:15 | '' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:8:14:8:15 | '' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:8:14:8:15 | '' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:8:14:8:15 | '' | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:7:33:45 | html | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:7:33:45 | html | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:7:33:45 | html | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:7:33:45 | html | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:7:33:45 | html += ... index) | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:7:33:45 | html += ... index) | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:7:33:45 | html += ... index) | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:7:33:45 | html += ... index) | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:15:33:45 | str.sub ... index) | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:15:33:45 | str.sub ... index) | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:15:33:45 | str.sub ... index) | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:15:33:45 | str.sub ... index) | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:29:33:37 | lastIndex | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:29:33:37 | lastIndex | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:29:33:37 | lastIndex | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:29:33:37 | lastIndex | NosqlInjection | notASinkReason | BuiltinCallName | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:29:33:37 | lastIndex | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:29:33:37 | lastIndex | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:29:33:37 | lastIndex | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:29:33:37 | lastIndex | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:29:33:37 | lastIndex | SqlInjection | notASinkReason | BuiltinCallName | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:29:33:37 | lastIndex | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:29:33:37 | lastIndex | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:29:33:37 | lastIndex | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:29:33:37 | lastIndex | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:29:33:37 | lastIndex | TaintedPath | notASinkReason | BuiltinCallName | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:29:33:37 | lastIndex | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:29:33:37 | lastIndex | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:29:33:37 | lastIndex | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:29:33:37 | lastIndex | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:29:33:37 | lastIndex | Xss | notASinkReason | BuiltinCallName | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:29:33:37 | lastIndex | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:40:33:44 | index | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:40:33:44 | index | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:40:33:44 | index | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:40:33:44 | index | NosqlInjection | notASinkReason | BuiltinCallName | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:40:33:44 | index | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:40:33:44 | index | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:40:33:44 | index | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:40:33:44 | index | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:40:33:44 | index | SqlInjection | notASinkReason | BuiltinCallName | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:40:33:44 | index | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:40:33:44 | index | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:40:33:44 | index | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:40:33:44 | index | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:40:33:44 | index | TaintedPath | notASinkReason | BuiltinCallName | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:40:33:44 | index | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:40:33:44 | index | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:40:33:44 | index | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:40:33:44 | index | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:40:33:44 | index | Xss | notASinkReason | BuiltinCallName | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:40:33:44 | index | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:37:5:37:18 | html | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:37:5:37:18 | html | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:37:5:37:18 | html | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:37:5:37:18 | html | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:37:5:37:18 | html += escape | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:37:5:37:18 | html += escape | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:37:5:37:18 | html += escape | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:37:5:37:18 | html += escape | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:37:13:37:18 | escape | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:37:13:37:18 | escape | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:37:13:37:18 | escape | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:37:13:37:18 | escape | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:41:7:41:44 | html + ... index) | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:41:7:41:44 | html + ... index) | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:41:7:41:44 | html + ... index) | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:41:7:41:44 | html + ... index) | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:41:28:41:36 | lastIndex | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:41:28:41:36 | lastIndex | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:41:28:41:36 | lastIndex | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:41:28:41:36 | lastIndex | NosqlInjection | notASinkReason | BuiltinCallName | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:41:28:41:36 | lastIndex | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:41:28:41:36 | lastIndex | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:41:28:41:36 | lastIndex | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:41:28:41:36 | lastIndex | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:41:28:41:36 | lastIndex | SqlInjection | notASinkReason | BuiltinCallName | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:41:28:41:36 | lastIndex | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:41:28:41:36 | lastIndex | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:41:28:41:36 | lastIndex | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:41:28:41:36 | lastIndex | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:41:28:41:36 | lastIndex | TaintedPath | notASinkReason | BuiltinCallName | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:41:28:41:36 | lastIndex | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:41:28:41:36 | lastIndex | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:41:28:41:36 | lastIndex | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:41:28:41:36 | lastIndex | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:41:28:41:36 | lastIndex | Xss | notASinkReason | BuiltinCallName | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:41:28:41:36 | lastIndex | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:41:39:41:43 | index | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:41:39:41:43 | index | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:41:39:41:43 | index | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:41:39:41:43 | index | NosqlInjection | notASinkReason | BuiltinCallName | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:41:39:41:43 | index | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:41:39:41:43 | index | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:41:39:41:43 | index | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:41:39:41:43 | index | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:41:39:41:43 | index | SqlInjection | notASinkReason | BuiltinCallName | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:41:39:41:43 | index | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:41:39:41:43 | index | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:41:39:41:43 | index | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:41:39:41:43 | index | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:41:39:41:43 | index | TaintedPath | notASinkReason | BuiltinCallName | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:41:39:41:43 | index | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:41:39:41:43 | index | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:41:39:41:43 | index | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:41:39:41:43 | index | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:41:39:41:43 | index | Xss | notASinkReason | BuiltinCallName | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:41:39:41:43 | index | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:77:32:77:32 | 0 | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:77:32:77:32 | 0 | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:77:32:77:32 | 0 | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:77:32:77:32 | 0 | NosqlInjection | notASinkReason | BuiltinCallName | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:77:32:77:32 | 0 | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:77:32:77:32 | 0 | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:77:32:77:32 | 0 | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:77:32:77:32 | 0 | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:77:32:77:32 | 0 | SqlInjection | notASinkReason | BuiltinCallName | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:77:32:77:32 | 0 | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:77:32:77:32 | 0 | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:77:32:77:32 | 0 | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:77:32:77:32 | 0 | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:77:32:77:32 | 0 | TaintedPath | notASinkReason | BuiltinCallName | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:77:32:77:32 | 0 | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:77:32:77:32 | 0 | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:77:32:77:32 | 0 | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:77:32:77:32 | 0 | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:77:32:77:32 | 0 | Xss | notASinkReason | BuiltinCallName | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:77:32:77:32 | 0 | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:77:35:77:35 | i | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:77:35:77:35 | i | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:77:35:77:35 | i | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:77:35:77:35 | i | NosqlInjection | notASinkReason | BuiltinCallName | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:77:35:77:35 | i | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:77:35:77:35 | i | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:77:35:77:35 | i | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:77:35:77:35 | i | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:77:35:77:35 | i | SqlInjection | notASinkReason | BuiltinCallName | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:77:35:77:35 | i | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:77:35:77:35 | i | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:77:35:77:35 | i | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:77:35:77:35 | i | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:77:35:77:35 | i | TaintedPath | notASinkReason | BuiltinCallName | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:77:35:77:35 | i | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:77:35:77:35 | i | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:77:35:77:35 | i | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:77:35:77:35 | i | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:77:35:77:35 | i | Xss | notASinkReason | BuiltinCallName | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:77:35:77:35 | i | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:96:29:96:29 | i | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:96:29:96:29 | i | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:96:29:96:29 | i | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:96:29:96:29 | i | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:96:29:96:29 | i | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:96:29:96:29 | i | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:96:29:96:29 | i | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:96:29:96:29 | i | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:96:29:96:29 | i | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:96:29:96:29 | i | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:96:29:96:29 | i | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:96:29:96:29 | i | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:96:29:96:29 | i | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:96:29:96:29 | i | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:96:29:96:29 | i | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:96:29:96:29 | i | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:105:34:105:34 | j | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:105:34:105:34 | j | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:105:34:105:34 | j | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:105:34:105:34 | j | NosqlInjection | notASinkReason | BuiltinCallName | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:105:34:105:34 | j | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:105:34:105:34 | j | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:105:34:105:34 | j | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:105:34:105:34 | j | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:105:34:105:34 | j | SqlInjection | notASinkReason | BuiltinCallName | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:105:34:105:34 | j | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:105:34:105:34 | j | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:105:34:105:34 | j | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:105:34:105:34 | j | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:105:34:105:34 | j | TaintedPath | notASinkReason | BuiltinCallName | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:105:34:105:34 | j | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:105:34:105:34 | j | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:105:34:105:34 | j | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:105:34:105:34 | j | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:105:34:105:34 | j | Xss | notASinkReason | BuiltinCallName | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:105:34:105:34 | j | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:105:37:105:37 | i | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:105:37:105:37 | i | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:105:37:105:37 | i | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:105:37:105:37 | i | NosqlInjection | notASinkReason | BuiltinCallName | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:105:37:105:37 | i | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:105:37:105:37 | i | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:105:37:105:37 | i | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:105:37:105:37 | i | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:105:37:105:37 | i | SqlInjection | notASinkReason | BuiltinCallName | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:105:37:105:37 | i | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:105:37:105:37 | i | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:105:37:105:37 | i | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:105:37:105:37 | i | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:105:37:105:37 | i | TaintedPath | notASinkReason | BuiltinCallName | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:105:37:105:37 | i | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:105:37:105:37 | i | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:105:37:105:37 | i | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:105:37:105:37 | i | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:105:37:105:37 | i | Xss | notASinkReason | BuiltinCallName | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:105:37:105:37 | i | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:115:23:115:25 | i++ | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:115:23:115:25 | i++ | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:115:23:115:25 | i++ | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:115:23:115:25 | i++ | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:115:23:115:25 | i++ | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:115:23:115:25 | i++ | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:115:23:115:25 | i++ | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:115:23:115:25 | i++ | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:115:23:115:25 | i++ | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:115:23:115:25 | i++ | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:115:23:115:25 | i++ | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:115:23:115:25 | i++ | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:115:23:115:25 | i++ | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:115:23:115:25 | i++ | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:115:23:115:25 | i++ | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:115:23:115:25 | i++ | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:134:9:134:19 | '/user/:id' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:134:9:134:19 | '/user/:id' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:134:9:134:19 | '/user/:id' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:134:9:134:19 | '/user/:id' | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:134:9:134:19 | '/user/:id' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:134:9:134:19 | '/user/:id' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:134:9:134:19 | '/user/:id' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:134:9:134:19 | '/user/:id' | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:134:9:134:19 | '/user/:id' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:134:9:134:19 | '/user/:id' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:134:9:134:19 | '/user/:id' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:134:9:134:19 | '/user/:id' | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:134:9:134:19 | '/user/:id' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:134:9:134:19 | '/user/:id' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:134:9:134:19 | '/user/:id' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:134:9:134:19 | '/user/:id' | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:134:22:141:1 | functio ... // OK\\n} | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:134:22:141:1 | functio ... // OK\\n} | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:134:22:141:1 | functio ... // OK\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:134:22:141:1 | functio ... // OK\\n} | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:134:22:141:1 | functio ... // OK\\n} | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:134:22:141:1 | functio ... // OK\\n} | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:134:22:141:1 | functio ... // OK\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:134:22:141:1 | functio ... // OK\\n} | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:134:22:141:1 | functio ... // OK\\n} | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:134:22:141:1 | functio ... // OK\\n} | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:134:22:141:1 | functio ... // OK\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:134:22:141:1 | functio ... // OK\\n} | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:134:22:141:1 | functio ... // OK\\n} | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:134:22:141:1 | functio ... // OK\\n} | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:134:22:141:1 | functio ... // OK\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:134:22:141:1 | functio ... // OK\\n} | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:1:22:1:34 | 'escape-html' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:1:22:1:34 | 'escape-html' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:1:22:1:34 | 'escape-html' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:1:22:1:34 | 'escape-html' | TaintedPath | sinkLabel | Sink | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:2:23:2:31 | 'express' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:2:23:2:31 | 'express' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:2:23:2:31 | 'express' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:2:23:2:31 | 'express' | TaintedPath | sinkLabel | Sink | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:6:9:6:19 | '/user/:id' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:6:9:6:19 | '/user/:id' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:6:9:6:19 | '/user/:id' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:6:9:6:19 | '/user/:id' | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:6:9:6:19 | '/user/:id' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:6:9:6:19 | '/user/:id' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:6:9:6:19 | '/user/:id' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:6:9:6:19 | '/user/:id' | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:6:9:6:19 | '/user/:id' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:6:9:6:19 | '/user/:id' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:6:9:6:19 | '/user/:id' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:6:9:6:19 | '/user/:id' | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:6:9:6:19 | '/user/:id' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:6:9:6:19 | '/user/:id' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:6:9:6:19 | '/user/:id' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:6:9:6:19 | '/user/:id' | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:6:22:13:1 | functio ... ;\\n} | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:6:22:13:1 | functio ... ;\\n} | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:6:22:13:1 | functio ... ;\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:6:22:13:1 | functio ... ;\\n} | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:6:22:13:1 | functio ... ;\\n} | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:6:22:13:1 | functio ... ;\\n} | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:6:22:13:1 | functio ... ;\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:6:22:13:1 | functio ... ;\\n} | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:6:22:13:1 | functio ... ;\\n} | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:6:22:13:1 | functio ... ;\\n} | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:6:22:13:1 | functio ... ;\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:6:22:13:1 | functio ... ;\\n} | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:6:22:13:1 | functio ... ;\\n} | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:6:22:13:1 | functio ... ;\\n} | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:6:22:13:1 | functio ... ;\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:6:22:13:1 | functio ... ;\\n} | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:16:9:16:19 | '/user/:id' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:16:9:16:19 | '/user/:id' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:16:9:16:19 | '/user/:id' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:16:9:16:19 | '/user/:id' | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:16:9:16:19 | '/user/:id' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:16:9:16:19 | '/user/:id' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:16:9:16:19 | '/user/:id' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:16:9:16:19 | '/user/:id' | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:16:9:16:19 | '/user/:id' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:16:9:16:19 | '/user/:id' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:16:9:16:19 | '/user/:id' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:16:9:16:19 | '/user/:id' | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:16:9:16:19 | '/user/:id' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:16:9:16:19 | '/user/:id' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:16:9:16:19 | '/user/:id' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:16:9:16:19 | '/user/:id' | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:16:22:20:1 | functio ... d });\\n} | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:16:22:20:1 | functio ... d });\\n} | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:16:22:20:1 | functio ... d });\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:16:22:20:1 | functio ... d });\\n} | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:16:22:20:1 | functio ... d });\\n} | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:16:22:20:1 | functio ... d });\\n} | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:16:22:20:1 | functio ... d });\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:16:22:20:1 | functio ... d });\\n} | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:16:22:20:1 | functio ... d });\\n} | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:16:22:20:1 | functio ... d });\\n} | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:16:22:20:1 | functio ... d });\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:16:22:20:1 | functio ... d });\\n} | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:16:22:20:1 | functio ... d });\\n} | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:16:22:20:1 | functio ... d });\\n} | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:16:22:20:1 | functio ... d });\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:16:22:20:1 | functio ... d });\\n} | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:19:16:19:36 | invalid ... emplate | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:19:16:19:36 | invalid ... emplate | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:19:16:19:36 | invalid ... emplate | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:19:16:19:36 | invalid ... emplate | TaintedPath | sinkLabel | Sink | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:19:45:19:57 | req.params.id | SqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:19:45:19:57 | req.params.id | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:19:45:19:57 | req.params.id | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:19:45:19:57 | req.params.id | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:19:45:19:57 | req.params.id | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:19:45:19:57 | req.params.id | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:19:45:19:57 | req.params.id | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:19:45:19:57 | req.params.id | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:19:45:19:57 | req.params.id | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:19:45:19:57 | req.params.id | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:19:45:19:57 | req.params.id | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:19:45:19:57 | req.params.id | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:22:9:22:19 | '/user/:id' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:22:9:22:19 | '/user/:id' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:22:9:22:19 | '/user/:id' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:22:9:22:19 | '/user/:id' | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:22:9:22:19 | '/user/:id' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:22:9:22:19 | '/user/:id' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:22:9:22:19 | '/user/:id' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:22:9:22:19 | '/user/:id' | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:22:9:22:19 | '/user/:id' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:22:9:22:19 | '/user/:id' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:22:9:22:19 | '/user/:id' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:22:9:22:19 | '/user/:id' | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:22:9:22:19 | '/user/:id' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:22:9:22:19 | '/user/:id' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:22:9:22:19 | '/user/:id' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:22:9:22:19 | '/user/:id' | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:22:22:30:1 | functio ... ;\\n} | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:22:22:30:1 | functio ... ;\\n} | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:22:22:30:1 | functio ... ;\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:22:22:30:1 | functio ... ;\\n} | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:22:22:30:1 | functio ... ;\\n} | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:22:22:30:1 | functio ... ;\\n} | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:22:22:30:1 | functio ... ;\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:22:22:30:1 | functio ... ;\\n} | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:22:22:30:1 | functio ... ;\\n} | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:22:22:30:1 | functio ... ;\\n} | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:22:22:30:1 | functio ... ;\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:22:22:30:1 | functio ... ;\\n} | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:22:22:30:1 | functio ... ;\\n} | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:22:22:30:1 | functio ... ;\\n} | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:22:22:30:1 | functio ... ;\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:22:22:30:1 | functio ... ;\\n} | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:25:13:25:26 | 'Content-Type' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:25:13:25:26 | 'Content-Type' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:25:13:25:26 | 'Content-Type' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:25:13:25:26 | 'Content-Type' | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:25:13:25:26 | 'Content-Type' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:25:13:25:26 | 'Content-Type' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:25:13:25:26 | 'Content-Type' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:25:13:25:26 | 'Content-Type' | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:25:13:25:26 | 'Content-Type' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:25:13:25:26 | 'Content-Type' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:25:13:25:26 | 'Content-Type' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:25:13:25:26 | 'Content-Type' | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:25:29:25:40 | 'text/plain' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:25:29:25:40 | 'text/plain' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:25:29:25:40 | 'text/plain' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:25:29:25:40 | 'text/plain' | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:25:29:25:40 | 'text/plain' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:25:29:25:40 | 'text/plain' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:25:29:25:40 | 'text/plain' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:25:29:25:40 | 'text/plain' | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:25:29:25:40 | 'text/plain' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:25:29:25:40 | 'text/plain' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:25:29:25:40 | 'text/plain' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:25:29:25:40 | 'text/plain' | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:36:9:36:19 | '/user/:id' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:36:9:36:19 | '/user/:id' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:36:9:36:19 | '/user/:id' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:36:9:36:19 | '/user/:id' | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:36:9:36:19 | '/user/:id' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:36:9:36:19 | '/user/:id' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:36:9:36:19 | '/user/:id' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:36:9:36:19 | '/user/:id' | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:36:9:36:19 | '/user/:id' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:36:9:36:19 | '/user/:id' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:36:9:36:19 | '/user/:id' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:36:9:36:19 | '/user/:id' | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:36:9:36:19 | '/user/:id' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:36:9:36:19 | '/user/:id' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:36:9:36:19 | '/user/:id' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:36:9:36:19 | '/user/:id' | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:36:22:44:1 | functio ... ;\\n} | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:36:22:44:1 | functio ... ;\\n} | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:36:22:44:1 | functio ... ;\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:36:22:44:1 | functio ... ;\\n} | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:36:22:44:1 | functio ... ;\\n} | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:36:22:44:1 | functio ... ;\\n} | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:36:22:44:1 | functio ... ;\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:36:22:44:1 | functio ... ;\\n} | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:36:22:44:1 | functio ... ;\\n} | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:36:22:44:1 | functio ... ;\\n} | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:36:22:44:1 | functio ... ;\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:36:22:44:1 | functio ... ;\\n} | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:36:22:44:1 | functio ... ;\\n} | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:36:22:44:1 | functio ... ;\\n} | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:36:22:44:1 | functio ... ;\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:36:22:44:1 | functio ... ;\\n} | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:39:13:39:26 | 'Content-Type' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:39:13:39:26 | 'Content-Type' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:39:13:39:26 | 'Content-Type' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:39:13:39:26 | 'Content-Type' | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:39:13:39:26 | 'Content-Type' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:39:13:39:26 | 'Content-Type' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:39:13:39:26 | 'Content-Type' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:39:13:39:26 | 'Content-Type' | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:39:13:39:26 | 'Content-Type' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:39:13:39:26 | 'Content-Type' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:39:13:39:26 | 'Content-Type' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:39:13:39:26 | 'Content-Type' | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:39:29:39:45 | textContentType() | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:39:29:39:45 | textContentType() | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:39:29:39:45 | textContentType() | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:39:29:39:45 | textContentType() | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:39:29:39:45 | textContentType() | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:39:29:39:45 | textContentType() | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:39:29:39:45 | textContentType() | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:39:29:39:45 | textContentType() | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:39:29:39:45 | textContentType() | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:39:29:39:45 | textContentType() | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:39:29:39:45 | textContentType() | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:39:29:39:45 | textContentType() | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:46:9:46:15 | '/echo' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:46:9:46:15 | '/echo' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:46:9:46:15 | '/echo' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:46:9:46:15 | '/echo' | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:46:9:46:15 | '/echo' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:46:9:46:15 | '/echo' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:46:9:46:15 | '/echo' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:46:9:46:15 | '/echo' | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:46:9:46:15 | '/echo' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:46:9:46:15 | '/echo' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:46:9:46:15 | '/echo' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:46:9:46:15 | '/echo' | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:46:9:46:15 | '/echo' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:46:9:46:15 | '/echo' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:46:9:46:15 | '/echo' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:46:9:46:15 | '/echo' | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:46:18:51:1 | functio ... msg);\\n} | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:46:18:51:1 | functio ... msg);\\n} | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:46:18:51:1 | functio ... msg);\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:46:18:51:1 | functio ... msg);\\n} | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:46:18:51:1 | functio ... msg);\\n} | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:46:18:51:1 | functio ... msg);\\n} | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:46:18:51:1 | functio ... msg);\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:46:18:51:1 | functio ... msg);\\n} | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:46:18:51:1 | functio ... msg);\\n} | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:46:18:51:1 | functio ... msg);\\n} | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:46:18:51:1 | functio ... msg);\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:46:18:51:1 | functio ... msg);\\n} | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:46:18:51:1 | functio ... msg);\\n} | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:46:18:51:1 | functio ... msg);\\n} | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:46:18:51:1 | functio ... msg);\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:46:18:51:1 | functio ... msg);\\n} | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:48:16:48:29 | 'Content-Type' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:48:16:48:29 | 'Content-Type' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:48:16:48:29 | 'Content-Type' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:48:16:48:29 | 'Content-Type' | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:48:16:48:29 | 'Content-Type' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:48:16:48:29 | 'Content-Type' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:48:16:48:29 | 'Content-Type' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:48:16:48:29 | 'Content-Type' | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:48:16:48:29 | 'Content-Type' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:48:16:48:29 | 'Content-Type' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:48:16:48:29 | 'Content-Type' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:48:16:48:29 | 'Content-Type' | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:48:32:48:49 | 'application/json' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:48:32:48:49 | 'application/json' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:48:32:48:49 | 'application/json' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:48:32:48:49 | 'application/json' | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:48:32:48:49 | 'application/json' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:48:32:48:49 | 'application/json' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:48:32:48:49 | 'application/json' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:48:32:48:49 | 'application/json' | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:48:32:48:49 | 'application/json' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:48:32:48:49 | 'application/json' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:48:32:48:49 | 'application/json' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:48:32:48:49 | 'application/json' | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:49:16:49:31 | 'Content-Length' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:49:16:49:31 | 'Content-Length' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:49:16:49:31 | 'Content-Length' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:49:16:49:31 | 'Content-Length' | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:49:16:49:31 | 'Content-Length' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:49:16:49:31 | 'Content-Length' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:49:16:49:31 | 'Content-Length' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:49:16:49:31 | 'Content-Length' | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:49:16:49:31 | 'Content-Length' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:49:16:49:31 | 'Content-Length' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:49:16:49:31 | 'Content-Length' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:49:16:49:31 | 'Content-Length' | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:49:34:49:43 | msg.length | SqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:49:34:49:43 | msg.length | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:49:34:49:43 | msg.length | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:49:34:49:43 | msg.length | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:49:34:49:43 | msg.length | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:49:34:49:43 | msg.length | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:49:34:49:43 | msg.length | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:49:34:49:43 | msg.length | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:49:34:49:43 | msg.length | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:49:34:49:43 | msg.length | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:49:34:49:43 | msg.length | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:49:34:49:43 | msg.length | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:53:9:53:19 | '/user/:id' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:53:9:53:19 | '/user/:id' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:53:9:53:19 | '/user/:id' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:53:9:53:19 | '/user/:id' | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:53:9:53:19 | '/user/:id' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:53:9:53:19 | '/user/:id' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:53:9:53:19 | '/user/:id' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:53:9:53:19 | '/user/:id' | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:53:9:53:19 | '/user/:id' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:53:9:53:19 | '/user/:id' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:53:9:53:19 | '/user/:id' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:53:9:53:19 | '/user/:id' | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:53:9:53:19 | '/user/:id' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:53:9:53:19 | '/user/:id' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:53:9:53:19 | '/user/:id' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:53:9:53:19 | '/user/:id' | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:53:22:58:1 | functio ... K\\n }\\n} | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:53:22:58:1 | functio ... K\\n }\\n} | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:53:22:58:1 | functio ... K\\n }\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:53:22:58:1 | functio ... K\\n }\\n} | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:53:22:58:1 | functio ... K\\n }\\n} | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:53:22:58:1 | functio ... K\\n }\\n} | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:53:22:58:1 | functio ... K\\n }\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:53:22:58:1 | functio ... K\\n }\\n} | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:53:22:58:1 | functio ... K\\n }\\n} | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:53:22:58:1 | functio ... K\\n }\\n} | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:53:22:58:1 | functio ... K\\n }\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:53:22:58:1 | functio ... K\\n }\\n} | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:53:22:58:1 | functio ... K\\n }\\n} | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:53:22:58:1 | functio ... K\\n }\\n} | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:53:22:58:1 | functio ... K\\n }\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:53:22:58:1 | functio ... K\\n }\\n} | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:55:23:55:25 | url | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:55:23:55:25 | url | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:55:23:55:25 | url | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:55:23:55:25 | url | NosqlInjection | notASinkReason | StringRegExpTest | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:55:23:55:25 | url | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:55:23:55:25 | url | SqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:55:23:55:25 | url | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:55:23:55:25 | url | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:55:23:55:25 | url | SqlInjection | notASinkReason | StringRegExpTest | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:55:23:55:25 | url | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:55:23:55:25 | url | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:55:23:55:25 | url | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:55:23:55:25 | url | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:55:23:55:25 | url | TaintedPath | notASinkReason | StringRegExpTest | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:55:23:55:25 | url | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:55:23:55:25 | url | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:55:23:55:25 | url | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:55:23:55:25 | url | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:55:23:55:25 | url | Xss | notASinkReason | StringRegExpTest | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:55:23:55:25 | url | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:61:23:61:25 | str | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:61:23:61:25 | str | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:61:23:61:25 | str | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:61:23:61:25 | str | NosqlInjection | notASinkReason | StringRegExpTest | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:61:23:61:25 | str | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:61:23:61:25 | str | SqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:61:23:61:25 | str | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:61:23:61:25 | str | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:61:23:61:25 | str | SqlInjection | notASinkReason | StringRegExpTest | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:61:23:61:25 | str | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:61:23:61:25 | str | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:61:23:61:25 | str | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:61:23:61:25 | str | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:61:23:61:25 | str | TaintedPath | notASinkReason | StringRegExpTest | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:61:23:61:25 | str | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:61:23:61:25 | str | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:61:23:61:25 | str | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:61:23:61:25 | str | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:61:23:61:25 | str | Xss | notASinkReason | StringRegExpTest | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:61:23:61:25 | str | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:66:9:66:19 | '/user/:id' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:66:9:66:19 | '/user/:id' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:66:9:66:19 | '/user/:id' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:66:9:66:19 | '/user/:id' | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:66:9:66:19 | '/user/:id' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:66:9:66:19 | '/user/:id' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:66:9:66:19 | '/user/:id' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:66:9:66:19 | '/user/:id' | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:66:9:66:19 | '/user/:id' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:66:9:66:19 | '/user/:id' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:66:9:66:19 | '/user/:id' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:66:9:66:19 | '/user/:id' | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:66:9:66:19 | '/user/:id' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:66:9:66:19 | '/user/:id' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:66:9:66:19 | '/user/:id' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:66:9:66:19 | '/user/:id' | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:66:22:70:1 | functio ... // OK\\n} | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:66:22:70:1 | functio ... // OK\\n} | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:66:22:70:1 | functio ... // OK\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:66:22:70:1 | functio ... // OK\\n} | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:66:22:70:1 | functio ... // OK\\n} | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:66:22:70:1 | functio ... // OK\\n} | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:66:22:70:1 | functio ... // OK\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:66:22:70:1 | functio ... // OK\\n} | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:66:22:70:1 | functio ... // OK\\n} | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:66:22:70:1 | functio ... // OK\\n} | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:66:22:70:1 | functio ... // OK\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:66:22:70:1 | functio ... // OK\\n} | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:66:22:70:1 | functio ... // OK\\n} | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:66:22:70:1 | functio ... // OK\\n} | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:66:22:70:1 | functio ... // OK\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:66:22:70:1 | functio ... // OK\\n} | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:82:9:82:19 | '/user/:id' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:82:9:82:19 | '/user/:id' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:82:9:82:19 | '/user/:id' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:82:9:82:19 | '/user/:id' | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:82:9:82:19 | '/user/:id' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:82:9:82:19 | '/user/:id' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:82:9:82:19 | '/user/:id' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:82:9:82:19 | '/user/:id' | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:82:9:82:19 | '/user/:id' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:82:9:82:19 | '/user/:id' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:82:9:82:19 | '/user/:id' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:82:9:82:19 | '/user/:id' | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:82:9:82:19 | '/user/:id' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:82:9:82:19 | '/user/:id' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:82:9:82:19 | '/user/:id' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:82:9:82:19 | '/user/:id' | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:82:22:86:1 | functio ... // OK\\n} | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:82:22:86:1 | functio ... // OK\\n} | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:82:22:86:1 | functio ... // OK\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:82:22:86:1 | functio ... // OK\\n} | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:82:22:86:1 | functio ... // OK\\n} | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:82:22:86:1 | functio ... // OK\\n} | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:82:22:86:1 | functio ... // OK\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:82:22:86:1 | functio ... // OK\\n} | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:82:22:86:1 | functio ... // OK\\n} | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:82:22:86:1 | functio ... // OK\\n} | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:82:22:86:1 | functio ... // OK\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:82:22:86:1 | functio ... // OK\\n} | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:82:22:86:1 | functio ... // OK\\n} | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:82:22:86:1 | functio ... // OK\\n} | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:82:22:86:1 | functio ... // OK\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:82:22:86:1 | functio ... // OK\\n} | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/cookies.js:1:23:1:31 | 'express' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/cookies.js:1:23:1:31 | 'express' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/cookies.js:1:23:1:31 | 'express' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/cookies.js:1:23:1:31 | 'express' | TaintedPath | sinkLabel | Sink | string | -| autogenerated/Xss/ReflectedXss/cookies.js:2:28:2:42 | 'cookie-parser' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/cookies.js:2:28:2:42 | 'cookie-parser' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/cookies.js:2:28:2:42 | 'cookie-parser' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/cookies.js:2:28:2:42 | 'cookie-parser' | TaintedPath | sinkLabel | Sink | string | -| autogenerated/Xss/ReflectedXss/cookies.js:5:9:5:22 | cookieParser() | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/cookies.js:5:9:5:22 | cookieParser() | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/cookies.js:5:9:5:22 | cookieParser() | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/cookies.js:5:9:5:22 | cookieParser() | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/cookies.js:5:9:5:22 | cookieParser() | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/cookies.js:5:9:5:22 | cookieParser() | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/cookies.js:5:9:5:22 | cookieParser() | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/cookies.js:5:9:5:22 | cookieParser() | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/cookies.js:5:9:5:22 | cookieParser() | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/cookies.js:5:9:5:22 | cookieParser() | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/cookies.js:5:9:5:22 | cookieParser() | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/cookies.js:5:9:5:22 | cookieParser() | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/cookies.js:5:9:5:22 | cookieParser() | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/cookies.js:5:9:5:22 | cookieParser() | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/cookies.js:5:9:5:22 | cookieParser() | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/cookies.js:5:9:5:22 | cookieParser() | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/cookies.js:7:9:7:23 | '/cookie/:name' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/cookies.js:7:9:7:23 | '/cookie/:name' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/cookies.js:7:9:7:23 | '/cookie/:name' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/cookies.js:7:9:7:23 | '/cookie/:name' | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/cookies.js:7:9:7:23 | '/cookie/:name' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/cookies.js:7:9:7:23 | '/cookie/:name' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/cookies.js:7:9:7:23 | '/cookie/:name' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/cookies.js:7:9:7:23 | '/cookie/:name' | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/cookies.js:7:9:7:23 | '/cookie/:name' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/cookies.js:7:9:7:23 | '/cookie/:name' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/cookies.js:7:9:7:23 | '/cookie/:name' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/cookies.js:7:9:7:23 | '/cookie/:name' | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/cookies.js:7:9:7:23 | '/cookie/:name' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/cookies.js:7:9:7:23 | '/cookie/:name' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/cookies.js:7:9:7:23 | '/cookie/:name' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/cookies.js:7:9:7:23 | '/cookie/:name' | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/cookies.js:7:26:10:1 | functio ... me]);\\n} | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/cookies.js:7:26:10:1 | functio ... me]);\\n} | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/cookies.js:7:26:10:1 | functio ... me]);\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/cookies.js:7:26:10:1 | functio ... me]);\\n} | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/cookies.js:7:26:10:1 | functio ... me]);\\n} | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/cookies.js:7:26:10:1 | functio ... me]);\\n} | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/cookies.js:7:26:10:1 | functio ... me]);\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/cookies.js:7:26:10:1 | functio ... me]);\\n} | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/cookies.js:7:26:10:1 | functio ... me]);\\n} | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/cookies.js:7:26:10:1 | functio ... me]);\\n} | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/cookies.js:7:26:10:1 | functio ... me]);\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/cookies.js:7:26:10:1 | functio ... me]);\\n} | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/cookies.js:7:26:10:1 | functio ... me]);\\n} | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/cookies.js:7:26:10:1 | functio ... me]);\\n} | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/cookies.js:7:26:10:1 | functio ... me]);\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/cookies.js:7:26:10:1 | functio ... me]);\\n} | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/etherpad.js:1:23:1:31 | 'express' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/etherpad.js:1:23:1:31 | 'express' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/etherpad.js:1:23:1:31 | 'express' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/etherpad.js:1:23:1:31 | 'express' | TaintedPath | sinkLabel | Sink | string | -| autogenerated/Xss/ReflectedXss/etherpad.js:2:25:2:37 | 'is-var-name' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/etherpad.js:2:25:2:37 | 'is-var-name' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/etherpad.js:2:25:2:37 | 'is-var-name' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/etherpad.js:2:25:2:37 | 'is-var-name' | TaintedPath | sinkLabel | Sink | string | -| autogenerated/Xss/ReflectedXss/etherpad.js:5:9:5:20 | "/some/path" | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/etherpad.js:5:9:5:20 | "/some/path" | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/etherpad.js:5:9:5:20 | "/some/path" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/etherpad.js:5:9:5:20 | "/some/path" | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/etherpad.js:5:9:5:20 | "/some/path" | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/etherpad.js:5:9:5:20 | "/some/path" | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/etherpad.js:5:9:5:20 | "/some/path" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/etherpad.js:5:9:5:20 | "/some/path" | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/etherpad.js:5:9:5:20 | "/some/path" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/etherpad.js:5:9:5:20 | "/some/path" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/etherpad.js:5:9:5:20 | "/some/path" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/etherpad.js:5:9:5:20 | "/some/path" | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/etherpad.js:5:9:5:20 | "/some/path" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/etherpad.js:5:9:5:20 | "/some/path" | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/etherpad.js:5:9:5:20 | "/some/path" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/etherpad.js:5:9:5:20 | "/some/path" | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/etherpad.js:5:23:12:1 | (req, r ... nse);\\n} | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/etherpad.js:5:23:12:1 | (req, r ... nse);\\n} | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/etherpad.js:5:23:12:1 | (req, r ... nse);\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/etherpad.js:5:23:12:1 | (req, r ... nse);\\n} | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/etherpad.js:5:23:12:1 | (req, r ... nse);\\n} | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/etherpad.js:5:23:12:1 | (req, r ... nse);\\n} | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/etherpad.js:5:23:12:1 | (req, r ... nse);\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/etherpad.js:5:23:12:1 | (req, r ... nse);\\n} | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/etherpad.js:5:23:12:1 | (req, r ... nse);\\n} | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/etherpad.js:5:23:12:1 | (req, r ... nse);\\n} | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/etherpad.js:5:23:12:1 | (req, r ... nse);\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/etherpad.js:5:23:12:1 | (req, r ... nse);\\n} | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/etherpad.js:5:23:12:1 | (req, r ... nse);\\n} | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/etherpad.js:5:23:12:1 | (req, r ... nse);\\n} | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/etherpad.js:5:23:12:1 | (req, r ... nse);\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/etherpad.js:5:23:12:1 | (req, r ... nse);\\n} | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/formatting.js:1:23:1:31 | 'express' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/formatting.js:1:23:1:31 | 'express' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/formatting.js:1:23:1:31 | 'express' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/formatting.js:1:23:1:31 | 'express' | TaintedPath | sinkLabel | Sink | string | -| autogenerated/Xss/ReflectedXss/formatting.js:3:15:3:22 | '/user/' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/formatting.js:3:15:3:22 | '/user/' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/formatting.js:3:15:3:22 | '/user/' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/formatting.js:3:15:3:22 | '/user/' | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/formatting.js:3:15:3:22 | '/user/' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/formatting.js:3:15:3:22 | '/user/' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/formatting.js:3:15:3:22 | '/user/' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/formatting.js:3:15:3:22 | '/user/' | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/formatting.js:3:15:3:22 | '/user/' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/formatting.js:3:15:3:22 | '/user/' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/formatting.js:3:15:3:22 | '/user/' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/formatting.js:3:15:3:22 | '/user/' | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/formatting.js:3:15:3:22 | '/user/' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/formatting.js:3:15:3:22 | '/user/' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/formatting.js:3:15:3:22 | '/user/' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/formatting.js:3:15:3:22 | '/user/' | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/formatting.js:3:25:8:1 | functio ... OT OK\\n} | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/formatting.js:3:25:8:1 | functio ... OT OK\\n} | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/formatting.js:3:25:8:1 | functio ... OT OK\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/formatting.js:3:25:8:1 | functio ... OT OK\\n} | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/formatting.js:3:25:8:1 | functio ... OT OK\\n} | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/formatting.js:3:25:8:1 | functio ... OT OK\\n} | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/formatting.js:3:25:8:1 | functio ... OT OK\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/formatting.js:3:25:8:1 | functio ... OT OK\\n} | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/formatting.js:3:25:8:1 | functio ... OT OK\\n} | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/formatting.js:3:25:8:1 | functio ... OT OK\\n} | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/formatting.js:3:25:8:1 | functio ... OT OK\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/formatting.js:3:25:8:1 | functio ... OT OK\\n} | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/formatting.js:3:25:8:1 | functio ... OT OK\\n} | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/formatting.js:3:25:8:1 | functio ... OT OK\\n} | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/formatting.js:3:25:8:1 | functio ... OT OK\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/formatting.js:3:25:8:1 | functio ... OT OK\\n} | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/formatting.js:5:26:5:40 | "
    %s
    " | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/formatting.js:5:26:5:40 | "
    %s
    " | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/formatting.js:5:26:5:40 | "
    %s
    " | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/formatting.js:5:26:5:40 | "
    %s
    " | NosqlInjection | notASinkReason | LoggerMethod | string | -| autogenerated/Xss/ReflectedXss/formatting.js:5:26:5:40 | "
    %s
    " | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/ReflectedXss/formatting.js:5:26:5:40 | "
    %s
    " | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/formatting.js:5:26:5:40 | "
    %s
    " | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/formatting.js:5:26:5:40 | "
    %s
    " | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/formatting.js:5:26:5:40 | "
    %s
    " | SqlInjection | notASinkReason | LoggerMethod | string | -| autogenerated/Xss/ReflectedXss/formatting.js:5:26:5:40 | "
    %s
    " | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/ReflectedXss/formatting.js:5:26:5:40 | "
    %s
    " | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/formatting.js:5:26:5:40 | "
    %s
    " | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/formatting.js:5:26:5:40 | "
    %s
    " | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/formatting.js:5:26:5:40 | "
    %s
    " | TaintedPath | notASinkReason | LoggerMethod | string | -| autogenerated/Xss/ReflectedXss/formatting.js:5:26:5:40 | "
    %s
    " | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/ReflectedXss/formatting.js:5:26:5:40 | "
    %s
    " | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/formatting.js:5:26:5:40 | "
    %s
    " | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/formatting.js:5:26:5:40 | "
    %s
    " | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/formatting.js:5:26:5:40 | "
    %s
    " | Xss | notASinkReason | LoggerMethod | string | -| autogenerated/Xss/ReflectedXss/formatting.js:5:26:5:40 | "
    %s
    " | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/ReflectedXss/formatting.js:5:43:5:46 | evil | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/Xss/ReflectedXss/formatting.js:5:43:5:46 | evil | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/formatting.js:5:43:5:46 | evil | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/formatting.js:5:43:5:46 | evil | NosqlInjection | notASinkReason | LoggerMethod | string | -| autogenerated/Xss/ReflectedXss/formatting.js:5:43:5:46 | evil | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/ReflectedXss/formatting.js:5:43:5:46 | evil | SqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/Xss/ReflectedXss/formatting.js:5:43:5:46 | evil | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/formatting.js:5:43:5:46 | evil | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/formatting.js:5:43:5:46 | evil | SqlInjection | notASinkReason | LoggerMethod | string | -| autogenerated/Xss/ReflectedXss/formatting.js:5:43:5:46 | evil | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/ReflectedXss/formatting.js:5:43:5:46 | evil | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/Xss/ReflectedXss/formatting.js:5:43:5:46 | evil | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/formatting.js:5:43:5:46 | evil | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/formatting.js:5:43:5:46 | evil | TaintedPath | notASinkReason | LoggerMethod | string | -| autogenerated/Xss/ReflectedXss/formatting.js:5:43:5:46 | evil | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/ReflectedXss/formatting.js:5:43:5:46 | evil | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/ReflectedXss/formatting.js:5:43:5:46 | evil | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/formatting.js:5:43:5:46 | evil | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/formatting.js:5:43:5:46 | evil | Xss | notASinkReason | LoggerMethod | string | -| autogenerated/Xss/ReflectedXss/formatting.js:5:43:5:46 | evil | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/ReflectedXss/formatting.js:7:22:7:29 | "printf" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/formatting.js:7:22:7:29 | "printf" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/formatting.js:7:22:7:29 | "printf" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/formatting.js:7:22:7:29 | "printf" | TaintedPath | sinkLabel | Sink | string | -| autogenerated/Xss/ReflectedXss/pages/api/myapi.js:2:14:2:20 | req.url | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/pages/api/myapi.js:2:14:2:20 | req.url | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/pages/api/myapi.js:2:14:2:20 | req.url | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/pages/api/myapi.js:2:14:2:20 | req.url | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/pages/api/myapi.js:2:14:2:20 | req.url | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/pages/api/myapi.js:2:14:2:20 | req.url | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/pages/api/myapi.js:2:14:2:20 | req.url | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/pages/api/myapi.js:2:14:2:20 | req.url | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/pages/api/myapi.js:2:14:2:20 | req.url | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/pages/api/myapi.js:2:14:2:20 | req.url | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/pages/api/myapi.js:2:14:2:20 | req.url | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/pages/api/myapi.js:2:14:2:20 | req.url | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/pages/api/myapi.js:2:14:2:20 | req.url | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/pages/api/myapi.js:2:14:2:20 | req.url | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/pages/api/myapi.js:2:14:2:20 | req.url | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/pages/api/myapi.js:2:14:2:20 | req.url | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/partial.js:1:23:1:31 | 'express' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:1:23:1:31 | 'express' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:1:23:1:31 | 'express' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:1:23:1:31 | 'express' | TaintedPath | sinkLabel | Sink | string | -| autogenerated/Xss/ReflectedXss/partial.js:2:26:2:37 | 'underscore' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:2:26:2:37 | 'underscore' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:2:26:2:37 | 'underscore' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:2:26:2:37 | 'underscore' | TaintedPath | sinkLabel | Sink | string | -| autogenerated/Xss/ReflectedXss/partial.js:3:22:3:29 | 'lodash' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:3:22:3:29 | 'lodash' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:3:22:3:29 | 'lodash' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:3:22:3:29 | 'lodash' | TaintedPath | sinkLabel | Sink | string | -| autogenerated/Xss/ReflectedXss/partial.js:4:17:4:23 | 'ramda' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:4:17:4:23 | 'ramda' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:4:17:4:23 | 'ramda' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:4:17:4:23 | 'ramda' | TaintedPath | sinkLabel | Sink | string | -| autogenerated/Xss/ReflectedXss/partial.js:8:9:8:20 | "/some/path" | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:8:9:8:20 | "/some/path" | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:8:9:8:20 | "/some/path" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:8:9:8:20 | "/some/path" | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/partial.js:8:9:8:20 | "/some/path" | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:8:9:8:20 | "/some/path" | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:8:9:8:20 | "/some/path" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:8:9:8:20 | "/some/path" | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/partial.js:8:9:8:20 | "/some/path" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:8:9:8:20 | "/some/path" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:8:9:8:20 | "/some/path" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:8:9:8:20 | "/some/path" | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/partial.js:8:9:8:20 | "/some/path" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:8:9:8:20 | "/some/path" | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:8:9:8:20 | "/some/path" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:8:9:8:20 | "/some/path" | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/partial.js:8:23:15:1 | (req, r ... ack);\\n} | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:8:23:15:1 | (req, r ... ack);\\n} | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:8:23:15:1 | (req, r ... ack);\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:8:23:15:1 | (req, r ... ack);\\n} | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/partial.js:8:23:15:1 | (req, r ... ack);\\n} | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:8:23:15:1 | (req, r ... ack);\\n} | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:8:23:15:1 | (req, r ... ack);\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:8:23:15:1 | (req, r ... ack);\\n} | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/partial.js:8:23:15:1 | (req, r ... ack);\\n} | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:8:23:15:1 | (req, r ... ack);\\n} | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:8:23:15:1 | (req, r ... ack);\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:8:23:15:1 | (req, r ... ack);\\n} | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/partial.js:8:23:15:1 | (req, r ... ack);\\n} | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:8:23:15:1 | (req, r ... ack);\\n} | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:8:23:15:1 | (req, r ... ack);\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:8:23:15:1 | (req, r ... ack);\\n} | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/partial.js:13:36:13:39 | null | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:13:36:13:39 | null | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:13:36:13:39 | null | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:13:36:13:39 | null | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/partial.js:13:36:13:39 | null | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:13:36:13:39 | null | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:13:36:13:39 | null | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:13:36:13:39 | null | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/partial.js:13:36:13:39 | null | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:13:36:13:39 | null | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:13:36:13:39 | null | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:13:36:13:39 | null | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/partial.js:13:36:13:39 | null | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:13:36:13:39 | null | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:13:36:13:39 | null | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:13:36:13:39 | null | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/partial.js:13:42:13:48 | req.url | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:13:42:13:48 | req.url | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:13:42:13:48 | req.url | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:13:42:13:48 | req.url | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/partial.js:13:42:13:48 | req.url | SqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:13:42:13:48 | req.url | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:13:42:13:48 | req.url | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:13:42:13:48 | req.url | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/partial.js:13:42:13:48 | req.url | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:13:42:13:48 | req.url | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:13:42:13:48 | req.url | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:13:42:13:48 | req.url | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/partial.js:13:42:13:48 | req.url | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:13:42:13:48 | req.url | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:13:42:13:48 | req.url | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:13:42:13:48 | req.url | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/partial.js:17:9:17:21 | "/underscore" | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:17:9:17:21 | "/underscore" | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:17:9:17:21 | "/underscore" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:17:9:17:21 | "/underscore" | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/partial.js:17:9:17:21 | "/underscore" | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:17:9:17:21 | "/underscore" | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:17:9:17:21 | "/underscore" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:17:9:17:21 | "/underscore" | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/partial.js:17:9:17:21 | "/underscore" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:17:9:17:21 | "/underscore" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:17:9:17:21 | "/underscore" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:17:9:17:21 | "/underscore" | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/partial.js:17:9:17:21 | "/underscore" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:17:9:17:21 | "/underscore" | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:17:9:17:21 | "/underscore" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:17:9:17:21 | "/underscore" | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/partial.js:17:24:24:1 | (req, r ... ack);\\n} | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:17:24:24:1 | (req, r ... ack);\\n} | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:17:24:24:1 | (req, r ... ack);\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:17:24:24:1 | (req, r ... ack);\\n} | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/partial.js:17:24:24:1 | (req, r ... ack);\\n} | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:17:24:24:1 | (req, r ... ack);\\n} | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:17:24:24:1 | (req, r ... ack);\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:17:24:24:1 | (req, r ... ack);\\n} | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/partial.js:17:24:24:1 | (req, r ... ack);\\n} | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:17:24:24:1 | (req, r ... ack);\\n} | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:17:24:24:1 | (req, r ... ack);\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:17:24:24:1 | (req, r ... ack);\\n} | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/partial.js:17:24:24:1 | (req, r ... ack);\\n} | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:17:24:24:1 | (req, r ... ack);\\n} | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:17:24:24:1 | (req, r ... ack);\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:17:24:24:1 | (req, r ... ack);\\n} | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/partial.js:22:37:22:48 | sendResponse | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:22:37:22:48 | sendResponse | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:22:37:22:48 | sendResponse | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:22:37:22:48 | sendResponse | NosqlInjection | notASinkReason | LodashUnderscoreArgument | string | -| autogenerated/Xss/ReflectedXss/partial.js:22:37:22:48 | sendResponse | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/ReflectedXss/partial.js:22:37:22:48 | sendResponse | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:22:37:22:48 | sendResponse | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:22:37:22:48 | sendResponse | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:22:37:22:48 | sendResponse | SqlInjection | notASinkReason | LodashUnderscoreArgument | string | -| autogenerated/Xss/ReflectedXss/partial.js:22:37:22:48 | sendResponse | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/ReflectedXss/partial.js:22:37:22:48 | sendResponse | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:22:37:22:48 | sendResponse | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:22:37:22:48 | sendResponse | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:22:37:22:48 | sendResponse | TaintedPath | notASinkReason | LodashUnderscoreArgument | string | -| autogenerated/Xss/ReflectedXss/partial.js:22:37:22:48 | sendResponse | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/ReflectedXss/partial.js:22:37:22:48 | sendResponse | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:22:37:22:48 | sendResponse | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:22:37:22:48 | sendResponse | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:22:37:22:48 | sendResponse | Xss | notASinkReason | LodashUnderscoreArgument | string | -| autogenerated/Xss/ReflectedXss/partial.js:22:37:22:48 | sendResponse | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/ReflectedXss/partial.js:22:51:22:57 | req.url | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:22:51:22:57 | req.url | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:22:51:22:57 | req.url | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:22:51:22:57 | req.url | NosqlInjection | notASinkReason | LodashUnderscoreArgument | string | -| autogenerated/Xss/ReflectedXss/partial.js:22:51:22:57 | req.url | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/ReflectedXss/partial.js:22:51:22:57 | req.url | SqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:22:51:22:57 | req.url | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:22:51:22:57 | req.url | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:22:51:22:57 | req.url | SqlInjection | notASinkReason | LodashUnderscoreArgument | string | -| autogenerated/Xss/ReflectedXss/partial.js:22:51:22:57 | req.url | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/ReflectedXss/partial.js:22:51:22:57 | req.url | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:22:51:22:57 | req.url | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:22:51:22:57 | req.url | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:22:51:22:57 | req.url | TaintedPath | notASinkReason | LodashUnderscoreArgument | string | -| autogenerated/Xss/ReflectedXss/partial.js:22:51:22:57 | req.url | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/ReflectedXss/partial.js:22:51:22:57 | req.url | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:22:51:22:57 | req.url | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:22:51:22:57 | req.url | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:22:51:22:57 | req.url | Xss | notASinkReason | LodashUnderscoreArgument | string | -| autogenerated/Xss/ReflectedXss/partial.js:22:51:22:57 | req.url | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/ReflectedXss/partial.js:26:9:26:17 | "/lodash" | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:26:9:26:17 | "/lodash" | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:26:9:26:17 | "/lodash" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:26:9:26:17 | "/lodash" | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/partial.js:26:9:26:17 | "/lodash" | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:26:9:26:17 | "/lodash" | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:26:9:26:17 | "/lodash" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:26:9:26:17 | "/lodash" | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/partial.js:26:9:26:17 | "/lodash" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:26:9:26:17 | "/lodash" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:26:9:26:17 | "/lodash" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:26:9:26:17 | "/lodash" | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/partial.js:26:9:26:17 | "/lodash" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:26:9:26:17 | "/lodash" | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:26:9:26:17 | "/lodash" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:26:9:26:17 | "/lodash" | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/partial.js:26:20:33:1 | (req, r ... ack);\\n} | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:26:20:33:1 | (req, r ... ack);\\n} | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:26:20:33:1 | (req, r ... ack);\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:26:20:33:1 | (req, r ... ack);\\n} | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/partial.js:26:20:33:1 | (req, r ... ack);\\n} | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:26:20:33:1 | (req, r ... ack);\\n} | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:26:20:33:1 | (req, r ... ack);\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:26:20:33:1 | (req, r ... ack);\\n} | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/partial.js:26:20:33:1 | (req, r ... ack);\\n} | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:26:20:33:1 | (req, r ... ack);\\n} | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:26:20:33:1 | (req, r ... ack);\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:26:20:33:1 | (req, r ... ack);\\n} | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/partial.js:26:20:33:1 | (req, r ... ack);\\n} | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:26:20:33:1 | (req, r ... ack);\\n} | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:26:20:33:1 | (req, r ... ack);\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:26:20:33:1 | (req, r ... ack);\\n} | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/partial.js:31:33:31:44 | sendResponse | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:31:33:31:44 | sendResponse | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:31:33:31:44 | sendResponse | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:31:33:31:44 | sendResponse | NosqlInjection | notASinkReason | LodashUnderscoreArgument | string | -| autogenerated/Xss/ReflectedXss/partial.js:31:33:31:44 | sendResponse | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/ReflectedXss/partial.js:31:33:31:44 | sendResponse | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:31:33:31:44 | sendResponse | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:31:33:31:44 | sendResponse | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:31:33:31:44 | sendResponse | SqlInjection | notASinkReason | LodashUnderscoreArgument | string | -| autogenerated/Xss/ReflectedXss/partial.js:31:33:31:44 | sendResponse | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/ReflectedXss/partial.js:31:33:31:44 | sendResponse | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:31:33:31:44 | sendResponse | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:31:33:31:44 | sendResponse | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:31:33:31:44 | sendResponse | TaintedPath | notASinkReason | LodashUnderscoreArgument | string | -| autogenerated/Xss/ReflectedXss/partial.js:31:33:31:44 | sendResponse | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/ReflectedXss/partial.js:31:33:31:44 | sendResponse | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:31:33:31:44 | sendResponse | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:31:33:31:44 | sendResponse | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:31:33:31:44 | sendResponse | Xss | notASinkReason | LodashUnderscoreArgument | string | -| autogenerated/Xss/ReflectedXss/partial.js:31:33:31:44 | sendResponse | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/ReflectedXss/partial.js:31:47:31:53 | req.url | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:31:47:31:53 | req.url | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:31:47:31:53 | req.url | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:31:47:31:53 | req.url | NosqlInjection | notASinkReason | LodashUnderscoreArgument | string | -| autogenerated/Xss/ReflectedXss/partial.js:31:47:31:53 | req.url | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/ReflectedXss/partial.js:31:47:31:53 | req.url | SqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:31:47:31:53 | req.url | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:31:47:31:53 | req.url | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:31:47:31:53 | req.url | SqlInjection | notASinkReason | LodashUnderscoreArgument | string | -| autogenerated/Xss/ReflectedXss/partial.js:31:47:31:53 | req.url | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/ReflectedXss/partial.js:31:47:31:53 | req.url | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:31:47:31:53 | req.url | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:31:47:31:53 | req.url | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:31:47:31:53 | req.url | TaintedPath | notASinkReason | LodashUnderscoreArgument | string | -| autogenerated/Xss/ReflectedXss/partial.js:31:47:31:53 | req.url | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/ReflectedXss/partial.js:31:47:31:53 | req.url | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:31:47:31:53 | req.url | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:31:47:31:53 | req.url | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:31:47:31:53 | req.url | Xss | notASinkReason | LodashUnderscoreArgument | string | -| autogenerated/Xss/ReflectedXss/partial.js:31:47:31:53 | req.url | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/ReflectedXss/partial.js:35:9:35:16 | "/ramda" | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:35:9:35:16 | "/ramda" | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:35:9:35:16 | "/ramda" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:35:9:35:16 | "/ramda" | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/partial.js:35:9:35:16 | "/ramda" | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:35:9:35:16 | "/ramda" | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:35:9:35:16 | "/ramda" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:35:9:35:16 | "/ramda" | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/partial.js:35:9:35:16 | "/ramda" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:35:9:35:16 | "/ramda" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:35:9:35:16 | "/ramda" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:35:9:35:16 | "/ramda" | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/partial.js:35:9:35:16 | "/ramda" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:35:9:35:16 | "/ramda" | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:35:9:35:16 | "/ramda" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:35:9:35:16 | "/ramda" | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/partial.js:35:19:42:1 | (req, r ... ack);\\n} | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:35:19:42:1 | (req, r ... ack);\\n} | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:35:19:42:1 | (req, r ... ack);\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:35:19:42:1 | (req, r ... ack);\\n} | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/partial.js:35:19:42:1 | (req, r ... ack);\\n} | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:35:19:42:1 | (req, r ... ack);\\n} | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:35:19:42:1 | (req, r ... ack);\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:35:19:42:1 | (req, r ... ack);\\n} | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/partial.js:35:19:42:1 | (req, r ... ack);\\n} | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:35:19:42:1 | (req, r ... ack);\\n} | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:35:19:42:1 | (req, r ... ack);\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:35:19:42:1 | (req, r ... ack);\\n} | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/partial.js:35:19:42:1 | (req, r ... ack);\\n} | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:35:19:42:1 | (req, r ... ack);\\n} | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:35:19:42:1 | (req, r ... ack);\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:35:19:42:1 | (req, r ... ack);\\n} | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/partial.js:40:28:40:39 | sendResponse | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:40:28:40:39 | sendResponse | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:40:28:40:39 | sendResponse | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:40:28:40:39 | sendResponse | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/partial.js:40:28:40:39 | sendResponse | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:40:28:40:39 | sendResponse | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:40:28:40:39 | sendResponse | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:40:28:40:39 | sendResponse | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/partial.js:40:28:40:39 | sendResponse | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:40:28:40:39 | sendResponse | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:40:28:40:39 | sendResponse | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:40:28:40:39 | sendResponse | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/partial.js:40:28:40:39 | sendResponse | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:40:28:40:39 | sendResponse | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:40:28:40:39 | sendResponse | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:40:28:40:39 | sendResponse | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/partial.js:40:42:40:50 | [req.url] | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:40:42:40:50 | [req.url] | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:40:42:40:50 | [req.url] | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:40:42:40:50 | [req.url] | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/partial.js:40:42:40:50 | [req.url] | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:40:42:40:50 | [req.url] | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:40:42:40:50 | [req.url] | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:40:42:40:50 | [req.url] | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/partial.js:40:42:40:50 | [req.url] | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:40:42:40:50 | [req.url] | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:40:42:40:50 | [req.url] | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:40:42:40:50 | [req.url] | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/partial.js:40:43:40:49 | req.url | SqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:40:43:40:49 | req.url | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:40:43:40:49 | req.url | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:40:43:40:49 | req.url | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/partial.js:40:43:40:49 | req.url | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:40:43:40:49 | req.url | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:40:43:40:49 | req.url | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:40:43:40:49 | req.url | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/partial.js:40:43:40:49 | req.url | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:40:43:40:49 | req.url | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:40:43:40:49 | req.url | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:40:43:40:49 | req.url | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/partial.js:44:9:44:17 | "/return" | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:44:9:44:17 | "/return" | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:44:9:44:17 | "/return" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:44:9:44:17 | "/return" | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/partial.js:44:9:44:17 | "/return" | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:44:9:44:17 | "/return" | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:44:9:44:17 | "/return" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:44:9:44:17 | "/return" | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/partial.js:44:9:44:17 | "/return" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:44:9:44:17 | "/return" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:44:9:44:17 | "/return" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:44:9:44:17 | "/return" | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/partial.js:44:9:44:17 | "/return" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:44:9:44:17 | "/return" | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:44:9:44:17 | "/return" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:44:9:44:17 | "/return" | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/partial.js:44:20:55:1 | (req, r ... site\\n} | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:44:20:55:1 | (req, r ... site\\n} | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:44:20:55:1 | (req, r ... site\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:44:20:55:1 | (req, r ... site\\n} | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/partial.js:44:20:55:1 | (req, r ... site\\n} | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:44:20:55:1 | (req, r ... site\\n} | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:44:20:55:1 | (req, r ... site\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:44:20:55:1 | (req, r ... site\\n} | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/partial.js:44:20:55:1 | (req, r ... site\\n} | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:44:20:55:1 | (req, r ... site\\n} | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:44:20:55:1 | (req, r ... site\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:44:20:55:1 | (req, r ... site\\n} | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/partial.js:44:20:55:1 | (req, r ... site\\n} | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:44:20:55:1 | (req, r ... site\\n} | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:44:20:55:1 | (req, r ... site\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:44:20:55:1 | (req, r ... site\\n} | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/partial.js:49:32:49:35 | null | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:49:32:49:35 | null | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:49:32:49:35 | null | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:49:32:49:35 | null | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/partial.js:49:32:49:35 | null | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:49:32:49:35 | null | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:49:32:49:35 | null | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:49:32:49:35 | null | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/partial.js:49:32:49:35 | null | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:49:32:49:35 | null | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:49:32:49:35 | null | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:49:32:49:35 | null | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/partial.js:49:32:49:35 | null | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:49:32:49:35 | null | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:49:32:49:35 | null | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:49:32:49:35 | null | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/partial.js:49:38:49:44 | req.url | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:49:38:49:44 | req.url | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:49:38:49:44 | req.url | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:49:38:49:44 | req.url | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/partial.js:49:38:49:44 | req.url | SqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:49:38:49:44 | req.url | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:49:38:49:44 | req.url | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:49:38:49:44 | req.url | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/partial.js:49:38:49:44 | req.url | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:49:38:49:44 | req.url | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:49:38:49:44 | req.url | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:49:38:49:44 | req.url | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/partial.js:49:38:49:44 | req.url | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:49:38:49:44 | req.url | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:49:38:49:44 | req.url | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/partial.js:49:38:49:44 | req.url | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/promises.js:1:23:1:31 | 'express' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/promises.js:1:23:1:31 | 'express' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/promises.js:1:23:1:31 | 'express' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/promises.js:1:23:1:31 | 'express' | TaintedPath | sinkLabel | Sink | string | -| autogenerated/Xss/ReflectedXss/promises.js:4:9:4:20 | "/some/path" | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/promises.js:4:9:4:20 | "/some/path" | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/promises.js:4:9:4:20 | "/some/path" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/promises.js:4:9:4:20 | "/some/path" | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/promises.js:4:9:4:20 | "/some/path" | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/promises.js:4:9:4:20 | "/some/path" | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/promises.js:4:9:4:20 | "/some/path" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/promises.js:4:9:4:20 | "/some/path" | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/promises.js:4:9:4:20 | "/some/path" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/promises.js:4:9:4:20 | "/some/path" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/promises.js:4:9:4:20 | "/some/path" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/promises.js:4:9:4:20 | "/some/path" | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/promises.js:4:9:4:20 | "/some/path" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/promises.js:4:9:4:20 | "/some/path" | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/promises.js:4:9:4:20 | "/some/path" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/promises.js:4:9:4:20 | "/some/path" | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/promises.js:4:23:11:1 | (req, r ... // OK\\n} | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/promises.js:4:23:11:1 | (req, r ... // OK\\n} | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/promises.js:4:23:11:1 | (req, r ... // OK\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/promises.js:4:23:11:1 | (req, r ... // OK\\n} | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/promises.js:4:23:11:1 | (req, r ... // OK\\n} | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/promises.js:4:23:11:1 | (req, r ... // OK\\n} | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/promises.js:4:23:11:1 | (req, r ... // OK\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/promises.js:4:23:11:1 | (req, r ... // OK\\n} | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/promises.js:4:23:11:1 | (req, r ... // OK\\n} | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/promises.js:4:23:11:1 | (req, r ... // OK\\n} | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/promises.js:4:23:11:1 | (req, r ... // OK\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/promises.js:4:23:11:1 | (req, r ... // OK\\n} | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/promises.js:4:23:11:1 | (req, r ... // OK\\n} | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/promises.js:4:23:11:1 | (req, r ... // OK\\n} | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/promises.js:4:23:11:1 | (req, r ... // OK\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/promises.js:4:23:11:1 | (req, r ... // OK\\n} | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/promises.js:5:44:5:57 | req.query.data | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/Xss/ReflectedXss/promises.js:5:44:5:57 | req.query.data | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/promises.js:5:44:5:57 | req.query.data | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/promises.js:5:44:5:57 | req.query.data | NosqlInjection | notASinkReason | PromiseDefinition | string | -| autogenerated/Xss/ReflectedXss/promises.js:5:44:5:57 | req.query.data | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/ReflectedXss/promises.js:5:44:5:57 | req.query.data | SqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/Xss/ReflectedXss/promises.js:5:44:5:57 | req.query.data | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/promises.js:5:44:5:57 | req.query.data | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/promises.js:5:44:5:57 | req.query.data | SqlInjection | notASinkReason | PromiseDefinition | string | -| autogenerated/Xss/ReflectedXss/promises.js:5:44:5:57 | req.query.data | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/ReflectedXss/promises.js:5:44:5:57 | req.query.data | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/Xss/ReflectedXss/promises.js:5:44:5:57 | req.query.data | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/promises.js:5:44:5:57 | req.query.data | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/promises.js:5:44:5:57 | req.query.data | TaintedPath | notASinkReason | PromiseDefinition | string | -| autogenerated/Xss/ReflectedXss/promises.js:5:44:5:57 | req.query.data | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/ReflectedXss/promises.js:5:44:5:57 | req.query.data | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/ReflectedXss/promises.js:5:44:5:57 | req.query.data | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/promises.js:5:44:5:57 | req.query.data | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/promises.js:5:44:5:57 | req.query.data | Xss | notASinkReason | PromiseDefinition | string | -| autogenerated/Xss/ReflectedXss/promises.js:5:44:5:57 | req.query.data | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/ReflectedXss/promises.js:6:11:6:26 | x => res.send(x) | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/promises.js:6:11:6:26 | x => res.send(x) | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/promises.js:6:11:6:26 | x => res.send(x) | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/promises.js:6:11:6:26 | x => res.send(x) | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/promises.js:6:11:6:26 | x => res.send(x) | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/promises.js:6:11:6:26 | x => res.send(x) | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/promises.js:6:11:6:26 | x => res.send(x) | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/promises.js:6:11:6:26 | x => res.send(x) | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/promises.js:6:11:6:26 | x => res.send(x) | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/promises.js:6:11:6:26 | x => res.send(x) | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/promises.js:6:11:6:26 | x => res.send(x) | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/promises.js:6:11:6:26 | x => res.send(x) | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/promises.js:6:11:6:26 | x => res.send(x) | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/promises.js:6:11:6:26 | x => res.send(x) | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/promises.js:6:11:6:26 | x => res.send(x) | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/promises.js:6:11:6:26 | x => res.send(x) | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/promises.js:8:44:8:57 | req.query.data | NosqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/Xss/ReflectedXss/promises.js:8:44:8:57 | req.query.data | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/promises.js:8:44:8:57 | req.query.data | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/promises.js:8:44:8:57 | req.query.data | NosqlInjection | notASinkReason | PromiseDefinition | string | -| autogenerated/Xss/ReflectedXss/promises.js:8:44:8:57 | req.query.data | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/ReflectedXss/promises.js:8:44:8:57 | req.query.data | SqlInjection | hasFlowFromSource | true | boolean | -| autogenerated/Xss/ReflectedXss/promises.js:8:44:8:57 | req.query.data | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/promises.js:8:44:8:57 | req.query.data | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/promises.js:8:44:8:57 | req.query.data | SqlInjection | notASinkReason | PromiseDefinition | string | -| autogenerated/Xss/ReflectedXss/promises.js:8:44:8:57 | req.query.data | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/ReflectedXss/promises.js:8:44:8:57 | req.query.data | TaintedPath | hasFlowFromSource | true | boolean | -| autogenerated/Xss/ReflectedXss/promises.js:8:44:8:57 | req.query.data | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/promises.js:8:44:8:57 | req.query.data | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/promises.js:8:44:8:57 | req.query.data | TaintedPath | notASinkReason | PromiseDefinition | string | -| autogenerated/Xss/ReflectedXss/promises.js:8:44:8:57 | req.query.data | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/ReflectedXss/promises.js:8:44:8:57 | req.query.data | Xss | hasFlowFromSource | true | boolean | -| autogenerated/Xss/ReflectedXss/promises.js:8:44:8:57 | req.query.data | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/promises.js:8:44:8:57 | req.query.data | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/promises.js:8:44:8:57 | req.query.data | Xss | notASinkReason | PromiseDefinition | string | -| autogenerated/Xss/ReflectedXss/promises.js:8:44:8:57 | req.query.data | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/ReflectedXss/promises.js:9:11:9:28 | x => escapeHtml(x) | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/promises.js:9:11:9:28 | x => escapeHtml(x) | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/promises.js:9:11:9:28 | x => escapeHtml(x) | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/promises.js:9:11:9:28 | x => escapeHtml(x) | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/promises.js:9:11:9:28 | x => escapeHtml(x) | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/promises.js:9:11:9:28 | x => escapeHtml(x) | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/promises.js:9:11:9:28 | x => escapeHtml(x) | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/promises.js:9:11:9:28 | x => escapeHtml(x) | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/promises.js:9:11:9:28 | x => escapeHtml(x) | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/promises.js:9:11:9:28 | x => escapeHtml(x) | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/promises.js:9:11:9:28 | x => escapeHtml(x) | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/promises.js:9:11:9:28 | x => escapeHtml(x) | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/promises.js:9:11:9:28 | x => escapeHtml(x) | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/promises.js:9:11:9:28 | x => escapeHtml(x) | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/promises.js:9:11:9:28 | x => escapeHtml(x) | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/promises.js:9:11:9:28 | x => escapeHtml(x) | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/promises.js:10:11:10:26 | x => res.send(x) | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/promises.js:10:11:10:26 | x => res.send(x) | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/promises.js:10:11:10:26 | x => res.send(x) | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/promises.js:10:11:10:26 | x => res.send(x) | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/promises.js:10:11:10:26 | x => res.send(x) | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/promises.js:10:11:10:26 | x => res.send(x) | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/promises.js:10:11:10:26 | x => res.send(x) | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/promises.js:10:11:10:26 | x => res.send(x) | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/promises.js:10:11:10:26 | x => res.send(x) | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/promises.js:10:11:10:26 | x => res.send(x) | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/promises.js:10:11:10:26 | x => res.send(x) | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/promises.js:10:11:10:26 | x => res.send(x) | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/promises.js:10:11:10:26 | x => res.send(x) | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/promises.js:10:11:10:26 | x => res.send(x) | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/promises.js:10:11:10:26 | x => res.send(x) | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/promises.js:10:11:10:26 | x => res.send(x) | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/tst2.js:1:23:1:31 | 'express' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/tst2.js:1:23:1:31 | 'express' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/tst2.js:1:23:1:31 | 'express' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/tst2.js:1:23:1:31 | 'express' | TaintedPath | sinkLabel | Sink | string | -| autogenerated/Xss/ReflectedXss/tst2.js:5:9:5:19 | '/user/:id' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/tst2.js:5:9:5:19 | '/user/:id' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/tst2.js:5:9:5:19 | '/user/:id' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/tst2.js:5:9:5:19 | '/user/:id' | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/tst2.js:5:9:5:19 | '/user/:id' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/tst2.js:5:9:5:19 | '/user/:id' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/tst2.js:5:9:5:19 | '/user/:id' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/tst2.js:5:9:5:19 | '/user/:id' | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/tst2.js:5:9:5:19 | '/user/:id' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/tst2.js:5:9:5:19 | '/user/:id' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/tst2.js:5:9:5:19 | '/user/:id' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/tst2.js:5:9:5:19 | '/user/:id' | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/tst2.js:5:9:5:19 | '/user/:id' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/tst2.js:5:9:5:19 | '/user/:id' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/tst2.js:5:9:5:19 | '/user/:id' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/tst2.js:5:9:5:19 | '/user/:id' | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/tst2.js:5:22:9:1 | functio ... OT OK\\n} | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/tst2.js:5:22:9:1 | functio ... OT OK\\n} | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/tst2.js:5:22:9:1 | functio ... OT OK\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/tst2.js:5:22:9:1 | functio ... OT OK\\n} | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/tst2.js:5:22:9:1 | functio ... OT OK\\n} | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/tst2.js:5:22:9:1 | functio ... OT OK\\n} | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/tst2.js:5:22:9:1 | functio ... OT OK\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/tst2.js:5:22:9:1 | functio ... OT OK\\n} | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/tst2.js:5:22:9:1 | functio ... OT OK\\n} | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/tst2.js:5:22:9:1 | functio ... OT OK\\n} | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/tst2.js:5:22:9:1 | functio ... OT OK\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/tst2.js:5:22:9:1 | functio ... OT OK\\n} | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/tst2.js:5:22:9:1 | functio ... OT OK\\n} | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/tst2.js:5:22:9:1 | functio ... OT OK\\n} | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/tst2.js:5:22:9:1 | functio ... OT OK\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/tst2.js:5:22:9:1 | functio ... OT OK\\n} | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/tst2.js:13:9:13:14 | '/bar' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/tst2.js:13:9:13:14 | '/bar' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/tst2.js:13:9:13:14 | '/bar' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/tst2.js:13:9:13:14 | '/bar' | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/tst2.js:13:9:13:14 | '/bar' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/tst2.js:13:9:13:14 | '/bar' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/tst2.js:13:9:13:14 | '/bar' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/tst2.js:13:9:13:14 | '/bar' | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/tst2.js:13:9:13:14 | '/bar' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/tst2.js:13:9:13:14 | '/bar' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/tst2.js:13:9:13:14 | '/bar' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/tst2.js:13:9:13:14 | '/bar' | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/tst2.js:13:9:13:14 | '/bar' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/tst2.js:13:9:13:14 | '/bar' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/ReflectedXss/tst2.js:13:9:13:14 | '/bar' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/tst2.js:13:9:13:14 | '/bar' | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/tst2.js:13:17:24:1 | functio ... // OK\\n} | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/tst2.js:13:17:24:1 | functio ... // OK\\n} | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/tst2.js:13:17:24:1 | functio ... // OK\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/tst2.js:13:17:24:1 | functio ... // OK\\n} | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/tst2.js:13:17:24:1 | functio ... // OK\\n} | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/tst2.js:13:17:24:1 | functio ... // OK\\n} | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/tst2.js:13:17:24:1 | functio ... // OK\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/tst2.js:13:17:24:1 | functio ... // OK\\n} | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/tst2.js:13:17:24:1 | functio ... // OK\\n} | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/tst2.js:13:17:24:1 | functio ... // OK\\n} | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/tst2.js:13:17:24:1 | functio ... // OK\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/tst2.js:13:17:24:1 | functio ... // OK\\n} | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/ReflectedXss/tst2.js:13:17:24:1 | functio ... // OK\\n} | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/ReflectedXss/tst2.js:13:17:24:1 | functio ... // OK\\n} | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/ReflectedXss/tst2.js:13:17:24:1 | functio ... // OK\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/ReflectedXss/tst2.js:13:17:24:1 | functio ... // OK\\n} | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:1:20:1:25 | 'http' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:1:20:1:25 | 'http' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:1:20:1:25 | 'http' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:1:20:1:25 | 'http' | TaintedPath | sinkLabel | Sink | string | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:2:18:2:21 | 'fs' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:2:18:2:21 | 'fs' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:2:18:2:21 | 'fs' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:2:18:2:21 | 'fs' | TaintedPath | sinkLabel | Sink | string | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:4:23:4:31 | 'express' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:4:23:4:31 | 'express' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:4:23:4:31 | 'express' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:4:23:4:31 | 'express' | TaintedPath | sinkLabel | Sink | string | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:6:15:6:17 | '/' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:6:15:6:17 | '/' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:6:15:6:17 | '/' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:6:15:6:17 | '/' | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:6:15:6:17 | '/' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:6:15:6:17 | '/' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:6:15:6:17 | '/' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:6:15:6:17 | '/' | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:6:15:6:17 | '/' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:6:15:6:17 | '/' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:6:15:6:17 | '/' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:6:15:6:17 | '/' | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:6:15:6:17 | '/' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:6:15:6:17 | '/' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:6:15:6:17 | '/' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:6:15:6:17 | '/' | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:6:20:10:1 | functio ... });\\n} | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:6:20:10:1 | functio ... });\\n} | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:6:20:10:1 | functio ... });\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:6:20:10:1 | functio ... });\\n} | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:6:20:10:1 | functio ... });\\n} | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:6:20:10:1 | functio ... });\\n} | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:6:20:10:1 | functio ... });\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:6:20:10:1 | functio ... });\\n} | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:6:20:10:1 | functio ... });\\n} | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:6:20:10:1 | functio ... });\\n} | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:6:20:10:1 | functio ... });\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:6:20:10:1 | functio ... });\\n} | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:6:20:10:1 | functio ... });\\n} | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:6:20:10:1 | functio ... });\\n} | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:6:20:10:1 | functio ... });\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:6:20:10:1 | functio ... });\\n} | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:7:16:7:23 | "/myDir" | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:7:16:7:23 | "/myDir" | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:7:16:7:23 | "/myDir" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:7:16:7:23 | "/myDir" | NosqlInjection | notASinkReason | FileSystemAccess | string | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:7:16:7:23 | "/myDir" | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:7:16:7:23 | "/myDir" | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:7:16:7:23 | "/myDir" | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:7:16:7:23 | "/myDir" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:7:16:7:23 | "/myDir" | SqlInjection | notASinkReason | FileSystemAccess | string | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:7:16:7:23 | "/myDir" | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:7:16:7:23 | "/myDir" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:7:16:7:23 | "/myDir" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:7:16:7:23 | "/myDir" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:7:16:7:23 | "/myDir" | TaintedPath | notASinkReason | FileSystemAccess | string | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:7:16:7:23 | "/myDir" | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:7:16:7:23 | "/myDir" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:7:16:7:23 | "/myDir" | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:7:16:7:23 | "/myDir" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:7:16:7:23 | "/myDir" | Xss | notASinkReason | FileSystemAccess | string | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:7:16:7:23 | "/myDir" | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:7:26:9:5 | functio ... K\\n } | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:7:26:9:5 | functio ... K\\n } | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:7:26:9:5 | functio ... K\\n } | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:7:26:9:5 | functio ... K\\n } | NosqlInjection | notASinkReason | FileSystemAccess | string | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:7:26:9:5 | functio ... K\\n } | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:7:26:9:5 | functio ... K\\n } | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:7:26:9:5 | functio ... K\\n } | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:7:26:9:5 | functio ... K\\n } | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:7:26:9:5 | functio ... K\\n } | SqlInjection | notASinkReason | FileSystemAccess | string | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:7:26:9:5 | functio ... K\\n } | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:7:26:9:5 | functio ... K\\n } | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:7:26:9:5 | functio ... K\\n } | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:7:26:9:5 | functio ... K\\n } | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:7:26:9:5 | functio ... K\\n } | TaintedPath | notASinkReason | FileSystemAccess | string | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:7:26:9:5 | functio ... K\\n } | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:7:26:9:5 | functio ... K\\n } | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:7:26:9:5 | functio ... K\\n } | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:7:26:9:5 | functio ... K\\n } | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:7:26:9:5 | functio ... K\\n } | Xss | notASinkReason | FileSystemAccess | string | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:7:26:9:5 | functio ... K\\n } | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:15:19:40:1 | functio ... });\\n} | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:15:19:40:1 | functio ... });\\n} | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:15:19:40:1 | functio ... });\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:15:19:40:1 | functio ... });\\n} | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:15:19:40:1 | functio ... });\\n} | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:15:19:40:1 | functio ... });\\n} | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:15:19:40:1 | functio ... });\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:15:19:40:1 | functio ... });\\n} | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:15:19:40:1 | functio ... });\\n} | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:15:19:40:1 | functio ... });\\n} | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:15:19:40:1 | functio ... });\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:15:19:40:1 | functio ... });\\n} | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:15:19:40:1 | functio ... });\\n} | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:15:19:40:1 | functio ... });\\n} | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:15:19:40:1 | functio ... });\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:15:19:40:1 | functio ... });\\n} | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:19:21:19:24 | sort | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:19:21:19:24 | sort | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:19:21:19:24 | sort | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:19:21:19:24 | sort | NosqlInjection | notASinkReason | BuiltinCallName | string | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:19:21:19:24 | sort | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:19:21:19:24 | sort | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:19:21:19:24 | sort | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:19:21:19:24 | sort | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:19:21:19:24 | sort | SqlInjection | notASinkReason | BuiltinCallName | string | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:19:21:19:24 | sort | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:19:21:19:24 | sort | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:19:21:19:24 | sort | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:19:21:19:24 | sort | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:19:21:19:24 | sort | TaintedPath | notASinkReason | BuiltinCallName | string | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:19:21:19:24 | sort | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:19:21:19:24 | sort | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:19:21:19:24 | sort | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:19:21:19:24 | sort | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:19:21:19:24 | sort | Xss | notASinkReason | BuiltinCallName | string | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:19:21:19:24 | sort | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:19:35:21:9 | functio ... } | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:19:35:21:9 | functio ... } | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:19:35:21:9 | functio ... } | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:19:35:21:9 | functio ... } | NosqlInjection | notASinkReason | BuiltinCallName | string | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:19:35:21:9 | functio ... } | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:19:35:21:9 | functio ... } | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:19:35:21:9 | functio ... } | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:19:35:21:9 | functio ... } | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:19:35:21:9 | functio ... } | SqlInjection | notASinkReason | BuiltinCallName | string | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:19:35:21:9 | functio ... } | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:19:35:21:9 | functio ... } | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:19:35:21:9 | functio ... } | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:19:35:21:9 | functio ... } | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:19:35:21:9 | functio ... } | TaintedPath | notASinkReason | BuiltinCallName | string | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:19:35:21:9 | functio ... } | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:19:35:21:9 | functio ... } | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:19:35:21:9 | functio ... } | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:19:35:21:9 | functio ... } | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:19:35:21:9 | functio ... } | Xss | notASinkReason | BuiltinCallName | string | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:19:35:21:9 | functio ... } | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:20:25:20:30 | '
  • ' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:20:25:20:30 | '
  • ' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:20:25:20:30 | '
  • ' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:20:25:20:30 | '
  • ' | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:20:25:20:37 | '
  • ' + file | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:20:25:20:37 | '
  • ' + file | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:20:25:20:37 | '
  • ' + file | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:20:25:20:37 | '
  • ' + file | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:20:34:20:37 | file | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:20:34:20:37 | file | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:20:34:20:37 | file | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:20:34:20:37 | file | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:20:41:20:47 | '
    • ' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:20:41:20:47 | '' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:20:41:20:47 | '' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:20:41:20:47 | '' | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:25:16:25:23 | "/myDir" | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:25:16:25:23 | "/myDir" | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:25:16:25:23 | "/myDir" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:25:16:25:23 | "/myDir" | NosqlInjection | notASinkReason | FileSystemAccess | string | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:25:16:25:23 | "/myDir" | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:25:16:25:23 | "/myDir" | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:25:16:25:23 | "/myDir" | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:25:16:25:23 | "/myDir" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:25:16:25:23 | "/myDir" | SqlInjection | notASinkReason | FileSystemAccess | string | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:25:16:25:23 | "/myDir" | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:25:16:25:23 | "/myDir" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:25:16:25:23 | "/myDir" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:25:16:25:23 | "/myDir" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:25:16:25:23 | "/myDir" | TaintedPath | notASinkReason | FileSystemAccess | string | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:25:16:25:23 | "/myDir" | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:25:16:25:23 | "/myDir" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:25:16:25:23 | "/myDir" | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:25:16:25:23 | "/myDir" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:25:16:25:23 | "/myDir" | Xss | notASinkReason | FileSystemAccess | string | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:25:16:25:23 | "/myDir" | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:25:26:39:5 | functio ... \\n\\n } | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:25:26:39:5 | functio ... \\n\\n } | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:25:26:39:5 | functio ... \\n\\n } | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:25:26:39:5 | functio ... \\n\\n } | NosqlInjection | notASinkReason | FileSystemAccess | string | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:25:26:39:5 | functio ... \\n\\n } | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:25:26:39:5 | functio ... \\n\\n } | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:25:26:39:5 | functio ... \\n\\n } | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:25:26:39:5 | functio ... \\n\\n } | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:25:26:39:5 | functio ... \\n\\n } | SqlInjection | notASinkReason | FileSystemAccess | string | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:25:26:39:5 | functio ... \\n\\n } | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:25:26:39:5 | functio ... \\n\\n } | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:25:26:39:5 | functio ... \\n\\n } | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:25:26:39:5 | functio ... \\n\\n } | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:25:26:39:5 | functio ... \\n\\n } | TaintedPath | notASinkReason | FileSystemAccess | string | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:25:26:39:5 | functio ... \\n\\n } | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:25:26:39:5 | functio ... \\n\\n } | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:25:26:39:5 | functio ... \\n\\n } | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:25:26:39:5 | functio ... \\n\\n } | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:25:26:39:5 | functio ... \\n\\n } | Xss | notASinkReason | FileSystemAccess | string | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:25:26:39:5 | functio ... \\n\\n } | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:30:24:32:9 | functio ... } | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:30:24:32:9 | functio ... } | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:30:24:32:9 | functio ... } | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:30:24:32:9 | functio ... } | NosqlInjection | notASinkReason | BuiltinCallName | string | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:30:24:32:9 | functio ... } | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:30:24:32:9 | functio ... } | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:30:24:32:9 | functio ... } | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:30:24:32:9 | functio ... } | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:30:24:32:9 | functio ... } | SqlInjection | notASinkReason | BuiltinCallName | string | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:30:24:32:9 | functio ... } | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:30:24:32:9 | functio ... } | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:30:24:32:9 | functio ... } | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:30:24:32:9 | functio ... } | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:30:24:32:9 | functio ... } | TaintedPath | notASinkReason | BuiltinCallName | string | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:30:24:32:9 | functio ... } | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:30:24:32:9 | functio ... } | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:30:24:32:9 | functio ... } | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:30:24:32:9 | functio ... } | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:30:24:32:9 | functio ... } | Xss | notASinkReason | BuiltinCallName | string | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:30:24:32:9 | functio ... } | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/StoredXss/xss-through-torrent.js:1:30:1:44 | 'parse-torrent' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/StoredXss/xss-through-torrent.js:1:30:1:44 | 'parse-torrent' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/StoredXss/xss-through-torrent.js:1:30:1:44 | 'parse-torrent' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/StoredXss/xss-through-torrent.js:1:30:1:44 | 'parse-torrent' | TaintedPath | sinkLabel | Sink | string | -| autogenerated/Xss/StoredXss/xss-through-torrent.js:2:25:2:33 | 'express' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/StoredXss/xss-through-torrent.js:2:25:2:33 | 'express' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/StoredXss/xss-through-torrent.js:2:25:2:33 | 'express' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/StoredXss/xss-through-torrent.js:2:25:2:33 | 'express' | TaintedPath | sinkLabel | Sink | string | -| autogenerated/Xss/StoredXss/xss-through-torrent.js:4:15:4:25 | '/user/:id' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/StoredXss/xss-through-torrent.js:4:15:4:25 | '/user/:id' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/StoredXss/xss-through-torrent.js:4:15:4:25 | '/user/:id' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/StoredXss/xss-through-torrent.js:4:15:4:25 | '/user/:id' | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/StoredXss/xss-through-torrent.js:4:15:4:25 | '/user/:id' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/StoredXss/xss-through-torrent.js:4:15:4:25 | '/user/:id' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/StoredXss/xss-through-torrent.js:4:15:4:25 | '/user/:id' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/StoredXss/xss-through-torrent.js:4:15:4:25 | '/user/:id' | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/StoredXss/xss-through-torrent.js:4:15:4:25 | '/user/:id' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/StoredXss/xss-through-torrent.js:4:15:4:25 | '/user/:id' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/StoredXss/xss-through-torrent.js:4:15:4:25 | '/user/:id' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/StoredXss/xss-through-torrent.js:4:15:4:25 | '/user/:id' | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/StoredXss/xss-through-torrent.js:4:15:4:25 | '/user/:id' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/StoredXss/xss-through-torrent.js:4:15:4:25 | '/user/:id' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/StoredXss/xss-through-torrent.js:4:15:4:25 | '/user/:id' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/StoredXss/xss-through-torrent.js:4:15:4:25 | '/user/:id' | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/StoredXss/xss-through-torrent.js:4:28:8:1 | functio ... OT OK\\n} | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/StoredXss/xss-through-torrent.js:4:28:8:1 | functio ... OT OK\\n} | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/StoredXss/xss-through-torrent.js:4:28:8:1 | functio ... OT OK\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/StoredXss/xss-through-torrent.js:4:28:8:1 | functio ... OT OK\\n} | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/StoredXss/xss-through-torrent.js:4:28:8:1 | functio ... OT OK\\n} | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/StoredXss/xss-through-torrent.js:4:28:8:1 | functio ... OT OK\\n} | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/StoredXss/xss-through-torrent.js:4:28:8:1 | functio ... OT OK\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/StoredXss/xss-through-torrent.js:4:28:8:1 | functio ... OT OK\\n} | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/StoredXss/xss-through-torrent.js:4:28:8:1 | functio ... OT OK\\n} | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/StoredXss/xss-through-torrent.js:4:28:8:1 | functio ... OT OK\\n} | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/StoredXss/xss-through-torrent.js:4:28:8:1 | functio ... OT OK\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/StoredXss/xss-through-torrent.js:4:28:8:1 | functio ... OT OK\\n} | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/StoredXss/xss-through-torrent.js:4:28:8:1 | functio ... OT OK\\n} | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/StoredXss/xss-through-torrent.js:4:28:8:1 | functio ... OT OK\\n} | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/StoredXss/xss-through-torrent.js:4:28:8:1 | functio ... OT OK\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/StoredXss/xss-through-torrent.js:4:28:8:1 | functio ... OT OK\\n} | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/StoredXss/xss-through-torrent.js:5:29:5:35 | unknown | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/StoredXss/xss-through-torrent.js:5:29:5:35 | unknown | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/StoredXss/xss-through-torrent.js:5:29:5:35 | unknown | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/StoredXss/xss-through-torrent.js:5:29:5:35 | unknown | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/StoredXss/xss-through-torrent.js:5:29:5:35 | unknown | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/StoredXss/xss-through-torrent.js:5:29:5:35 | unknown | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/StoredXss/xss-through-torrent.js:5:29:5:35 | unknown | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/StoredXss/xss-through-torrent.js:5:29:5:35 | unknown | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/StoredXss/xss-through-torrent.js:5:29:5:35 | unknown | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/StoredXss/xss-through-torrent.js:5:29:5:35 | unknown | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/StoredXss/xss-through-torrent.js:5:29:5:35 | unknown | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/StoredXss/xss-through-torrent.js:5:29:5:35 | unknown | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/StoredXss/xss-through-torrent.js:5:29:5:35 | unknown | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/StoredXss/xss-through-torrent.js:5:29:5:35 | unknown | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/StoredXss/xss-through-torrent.js:5:29:5:35 | unknown | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/StoredXss/xss-through-torrent.js:5:29:5:35 | unknown | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:3:10:3:32 | ['jquer ... ry-ui'] | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:3:10:3:32 | ['jquer ... ry-ui'] | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:3:10:3:32 | ['jquer ... ry-ui'] | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:3:10:3:32 | ['jquer ... ry-ui'] | TaintedPath | sinkLabel | Sink | string | -| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:3:11:3:18 | 'jquery' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:3:11:3:18 | 'jquery' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:3:11:3:18 | 'jquery' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:3:11:3:18 | 'jquery' | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:3:11:3:18 | 'jquery' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:3:11:3:18 | 'jquery' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:3:11:3:18 | 'jquery' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:3:11:3:18 | 'jquery' | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:3:11:3:18 | 'jquery' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:3:11:3:18 | 'jquery' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:3:11:3:18 | 'jquery' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:3:11:3:18 | 'jquery' | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:3:21:3:31 | 'jquery-ui' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:3:21:3:31 | 'jquery-ui' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:3:21:3:31 | 'jquery-ui' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:3:21:3:31 | 'jquery-ui' | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:3:21:3:31 | 'jquery-ui' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:3:21:3:31 | 'jquery-ui' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:3:21:3:31 | 'jquery-ui' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:3:21:3:31 | 'jquery-ui' | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:3:21:3:31 | 'jquery-ui' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:3:21:3:31 | 'jquery-ui' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:3:21:3:31 | 'jquery-ui' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:3:21:3:31 | 'jquery-ui' | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:7:8:14 | "" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:7:8:14 | "" | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:7:8:14 | "" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:7:8:14 | "" | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:7:8:42 | " ... /span>" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:7:8:42 | " ... /span>" | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:7:8:42 | " ... /span>" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:7:8:42 | " ... /span>" | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:18:8:30 | $.trim("foo") | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:18:8:30 | $.trim("foo") | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:18:8:30 | $.trim("foo") | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:18:8:30 | $.trim("foo") | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:25:8:29 | "foo" | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:25:8:29 | "foo" | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:25:8:29 | "foo" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:25:8:29 | "foo" | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:25:8:29 | "foo" | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:25:8:29 | "foo" | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:25:8:29 | "foo" | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:25:8:29 | "foo" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:25:8:29 | "foo" | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:25:8:29 | "foo" | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:25:8:29 | "foo" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:25:8:29 | "foo" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:25:8:29 | "foo" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:25:8:29 | "foo" | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:25:8:29 | "foo" | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:25:8:29 | "foo" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:25:8:29 | "foo" | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:25:8:29 | "foo" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:25:8:29 | "foo" | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:25:8:29 | "foo" | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:34:8:42 | "" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:34:8:42 | "" | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:34:8:42 | "" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:34:8:42 | "" | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:2:18:2:25 | "" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:2:18:2:25 | "" | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:2:18:2:25 | "" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:2:18:2:25 | "" | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:2:18:2:41 | " ... /span>" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:2:18:2:41 | " ... /span>" | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:2:18:2:41 | " ... /span>" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:2:18:2:41 | " ... /span>" | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:2:29:2:29 | s | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:2:29:2:29 | s | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:2:29:2:29 | s | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:2:29:2:29 | s | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:2:33:2:41 | "" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:2:33:2:41 | "" | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:2:33:2:41 | "" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:2:33:2:41 | "" | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:3:28:3:34 | "#html" | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:3:28:3:34 | "#html" | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:3:28:3:34 | "#html" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:3:28:3:34 | "#html" | NosqlInjection | notASinkReason | DOM | string | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:3:28:3:34 | "#html" | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:3:28:3:34 | "#html" | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:3:28:3:34 | "#html" | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:3:28:3:34 | "#html" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:3:28:3:34 | "#html" | SqlInjection | notASinkReason | DOM | string | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:3:28:3:34 | "#html" | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:3:28:3:34 | "#html" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:3:28:3:34 | "#html" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:3:28:3:34 | "#html" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:3:28:3:34 | "#html" | TaintedPath | notASinkReason | DOM | string | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:3:28:3:34 | "#html" | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:3:28:3:34 | "#html" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:3:28:3:34 | "#html" | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:3:28:3:34 | "#html" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:3:28:3:34 | "#html" | Xss | notASinkReason | DOM | string | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:3:28:3:34 | "#html" | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:3:49:3:52 | html | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:3:49:3:52 | html | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:3:49:3:52 | html | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:3:49:3:52 | html | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:7:49:7:49 | s | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:7:49:7:49 | s | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:7:49:7:49 | s | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:7:49:7:49 | s | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:8:28:8:33 | "#xml" | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:8:28:8:33 | "#xml" | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:8:28:8:33 | "#xml" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:8:28:8:33 | "#xml" | NosqlInjection | notASinkReason | DOM | string | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:8:28:8:33 | "#xml" | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:8:28:8:33 | "#xml" | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:8:28:8:33 | "#xml" | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:8:28:8:33 | "#xml" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:8:28:8:33 | "#xml" | SqlInjection | notASinkReason | DOM | string | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:8:28:8:33 | "#xml" | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:8:28:8:33 | "#xml" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:8:28:8:33 | "#xml" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:8:28:8:33 | "#xml" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:8:28:8:33 | "#xml" | TaintedPath | notASinkReason | DOM | string | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:8:28:8:33 | "#xml" | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:8:28:8:33 | "#xml" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:8:28:8:33 | "#xml" | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:8:28:8:33 | "#xml" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:8:28:8:33 | "#xml" | Xss | notASinkReason | DOM | string | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:8:28:8:33 | "#xml" | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:8:48:8:66 | doc.documentElement | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:8:48:8:66 | doc.documentElement | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:8:48:8:66 | doc.documentElement | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:8:48:8:66 | doc.documentElement | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:12:49:12:49 | s | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:12:49:12:49 | s | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:12:49:12:49 | s | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:12:49:12:49 | s | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:15:40:15:45 | 'span' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:15:40:15:45 | 'span' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:15:40:15:45 | 'span' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:15:40:15:45 | 'span' | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:16:21:16:35 | xml.cloneNode() | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:16:21:16:35 | xml.cloneNode() | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:16:21:16:35 | xml.cloneNode() | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:16:21:16:35 | xml.cloneNode() | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:17:28:17:33 | "#xml" | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:17:28:17:33 | "#xml" | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:17:28:17:33 | "#xml" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:17:28:17:33 | "#xml" | NosqlInjection | notASinkReason | DOM | string | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:17:28:17:33 | "#xml" | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:17:28:17:33 | "#xml" | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:17:28:17:33 | "#xml" | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:17:28:17:33 | "#xml" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:17:28:17:33 | "#xml" | SqlInjection | notASinkReason | DOM | string | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:17:28:17:33 | "#xml" | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:17:28:17:33 | "#xml" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:17:28:17:33 | "#xml" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:17:28:17:33 | "#xml" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:17:28:17:33 | "#xml" | TaintedPath | notASinkReason | DOM | string | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:17:28:17:33 | "#xml" | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:17:28:17:33 | "#xml" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:17:28:17:33 | "#xml" | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:17:28:17:33 | "#xml" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:17:28:17:33 | "#xml" | Xss | notASinkReason | DOM | string | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:17:28:17:33 | "#xml" | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:17:48:17:50 | tmp | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:17:48:17:50 | tmp | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:17:48:17:50 | tmp | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:17:48:17:50 | tmp | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:20:26:20:38 | 'markdown-it' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:20:26:20:38 | 'markdown-it' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:20:26:20:38 | 'markdown-it' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:20:26:20:38 | 'markdown-it' | TaintedPath | sinkLabel | Sink | string | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:20:41:20:52 | {html: true} | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:20:41:20:52 | {html: true} | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:20:41:20:52 | {html: true} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:20:41:20:52 | {html: true} | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:20:41:20:52 | {html: true} | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:20:41:20:52 | {html: true} | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:20:41:20:52 | {html: true} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:20:41:20:52 | {html: true} | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:20:41:20:52 | {html: true} | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:20:41:20:52 | {html: true} | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:20:41:20:52 | {html: true} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:20:41:20:52 | {html: true} | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:20:41:20:52 | {html: true} | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:20:41:20:52 | {html: true} | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:20:41:20:52 | {html: true} | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:20:41:20:52 | {html: true} | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:20:48:20:51 | true | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:20:48:20:51 | true | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:20:48:20:51 | true | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:20:48:20:51 | true | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:20:48:20:51 | true | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:20:48:20:51 | true | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:20:48:20:51 | true | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:20:48:20:51 | true | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:20:48:20:51 | true | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:20:48:20:51 | true | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:20:48:20:51 | true | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:20:48:20:51 | true | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:22:18:22:35 | markdown.render(s) | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:22:18:22:35 | markdown.render(s) | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:22:18:22:35 | markdown.render(s) | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:22:18:22:35 | markdown.render(s) | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:23:28:23:38 | "#markdown" | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:23:28:23:38 | "#markdown" | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:23:28:23:38 | "#markdown" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:23:28:23:38 | "#markdown" | NosqlInjection | notASinkReason | DOM | string | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:23:28:23:38 | "#markdown" | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:23:28:23:38 | "#markdown" | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:23:28:23:38 | "#markdown" | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:23:28:23:38 | "#markdown" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:23:28:23:38 | "#markdown" | SqlInjection | notASinkReason | DOM | string | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:23:28:23:38 | "#markdown" | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:23:28:23:38 | "#markdown" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:23:28:23:38 | "#markdown" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:23:28:23:38 | "#markdown" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:23:28:23:38 | "#markdown" | TaintedPath | notASinkReason | DOM | string | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:23:28:23:38 | "#markdown" | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:23:28:23:38 | "#markdown" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:23:28:23:38 | "#markdown" | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:23:28:23:38 | "#markdown" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:23:28:23:38 | "#markdown" | Xss | notASinkReason | DOM | string | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:23:28:23:38 | "#markdown" | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:23:53:23:56 | html | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:23:53:23:56 | html | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:23:53:23:56 | html | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:23:53:23:56 | html | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:26:27:26:37 | 'striptags' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:26:27:26:37 | 'striptags' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:26:27:26:37 | 'striptags' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:26:27:26:37 | 'striptags' | TaintedPath | sinkLabel | Sink | string | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:27:32:30:1 | functio ... html;\\n} | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:27:32:30:1 | functio ... html;\\n} | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:27:32:30:1 | functio ... html;\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:27:32:30:1 | functio ... html;\\n} | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:28:18:28:52 | stripta ... span>") | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:28:18:28:52 | stripta ... span>") | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:28:18:28:52 | stripta ... span>") | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:28:18:28:52 | stripta ... span>") | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:28:28:28:35 | "" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:28:28:28:35 | "" | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:28:28:28:35 | "" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:28:28:28:35 | "" | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:28:39:28:39 | s | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:28:39:28:39 | s | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:28:39:28:39 | s | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:28:39:28:39 | s | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:28:43:28:51 | "" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:28:43:28:51 | "" | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:28:43:28:51 | "" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:28:43:28:51 | "" | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:29:28:29:39 | "#sanitized" | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:29:28:29:39 | "#sanitized" | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:29:28:29:39 | "#sanitized" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:29:28:29:39 | "#sanitized" | NosqlInjection | notASinkReason | DOM | string | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:29:28:29:39 | "#sanitized" | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:29:28:29:39 | "#sanitized" | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:29:28:29:39 | "#sanitized" | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:29:28:29:39 | "#sanitized" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:29:28:29:39 | "#sanitized" | SqlInjection | notASinkReason | DOM | string | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:29:28:29:39 | "#sanitized" | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:29:28:29:39 | "#sanitized" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:29:28:29:39 | "#sanitized" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:29:28:29:39 | "#sanitized" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:29:28:29:39 | "#sanitized" | TaintedPath | notASinkReason | DOM | string | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:29:28:29:39 | "#sanitized" | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:29:28:29:39 | "#sanitized" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:29:28:29:39 | "#sanitized" | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:29:28:29:39 | "#sanitized" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:29:28:29:39 | "#sanitized" | Xss | notASinkReason | DOM | string | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:29:28:29:39 | "#sanitized" | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:29:54:29:57 | html | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:29:54:29:57 | html | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:29:54:29:57 | html | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:29:54:29:57 | html | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:32:29:32:37 | "./typed" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:32:29:32:37 | "./typed" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:32:29:32:37 | "./typed" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:32:29:32:37 | "./typed" | TaintedPath | sinkLabel | Sink | string | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:34:33:34:49 | "./jquery-plugin" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:34:33:34:49 | "./jquery-plugin" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:34:33:34:49 | "./jquery-plugin" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:34:33:34:49 | "./jquery-plugin" | TaintedPath | sinkLabel | Sink | string | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:37:49:37:49 | s | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:37:49:37:49 | s | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:37:49:37:49 | s | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:37:49:37:49 | s | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:32:47:39 | "#class" | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:32:47:39 | "#class" | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:32:47:39 | "#class" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:32:47:39 | "#class" | NosqlInjection | notASinkReason | DOM | string | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:32:47:39 | "#class" | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:32:47:39 | "#class" | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:32:47:39 | "#class" | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:32:47:39 | "#class" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:32:47:39 | "#class" | SqlInjection | notASinkReason | DOM | string | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:32:47:39 | "#class" | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:32:47:39 | "#class" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:32:47:39 | "#class" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:32:47:39 | "#class" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:32:47:39 | "#class" | TaintedPath | notASinkReason | DOM | string | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:32:47:39 | "#class" | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:32:47:39 | "#class" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:32:47:39 | "#class" | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:32:47:39 | "#class" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:32:47:39 | "#class" | Xss | notASinkReason | DOM | string | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:32:47:39 | "#class" | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:54:47:61 | "" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:54:47:61 | "" | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:54:47:61 | "" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:54:47:61 | "" | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:54:47:85 | " ... /span>" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:54:47:85 | " ... /span>" | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:54:47:85 | " ... /span>" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:54:47:85 | " ... /span>" | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:65:47:73 | this.step | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:65:47:73 | this.step | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:65:47:73 | this.step | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:65:47:73 | this.step | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:77:47:85 | "" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:77:47:85 | "" | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:77:47:85 | "" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:77:47:85 | "" | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:60:31:60:38 | defaults | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:60:31:60:38 | defaults | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:60:31:60:38 | defaults | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:60:31:60:38 | defaults | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:60:31:60:38 | defaults | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:60:31:60:38 | defaults | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:60:31:60:38 | defaults | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:60:31:60:38 | defaults | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:60:31:60:38 | defaults | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:60:31:60:38 | defaults | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:60:31:60:38 | defaults | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:60:31:60:38 | defaults | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:60:31:60:38 | defaults | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:60:31:60:38 | defaults | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:60:31:60:38 | defaults | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:60:31:60:38 | defaults | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:60:31:60:38 | defaults | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:60:31:60:38 | defaults | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:60:31:60:38 | defaults | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:60:31:60:38 | defaults | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:60:41:60:47 | options | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:60:41:60:47 | options | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:60:41:60:47 | options | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:60:41:60:47 | options | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:60:41:60:47 | options | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:60:41:60:47 | options | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:60:41:60:47 | options | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:60:41:60:47 | options | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:60:41:60:47 | options | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:60:41:60:47 | options | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:60:41:60:47 | options | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:60:41:60:47 | options | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:60:41:60:47 | options | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:60:41:60:47 | options | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:60:41:60:47 | options | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:60:41:60:47 | options | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:60:41:60:47 | options | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:60:41:60:47 | options | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:60:41:60:47 | options | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:60:41:60:47 | options | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:61:22:63:5 | functio ... K\\n } | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:61:22:63:5 | functio ... K\\n } | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:61:22:63:5 | functio ... K\\n } | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:61:22:63:5 | functio ... K\\n } | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:61:22:63:5 | functio ... K\\n } | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:61:22:63:5 | functio ... K\\n } | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:61:22:63:5 | functio ... K\\n } | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:61:22:63:5 | functio ... K\\n } | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:61:22:63:5 | functio ... K\\n } | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:61:22:63:5 | functio ... K\\n } | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:61:22:63:5 | functio ... K\\n } | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:61:22:63:5 | functio ... K\\n } | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:61:22:63:5 | functio ... K\\n } | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:61:22:63:5 | functio ... K\\n } | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:61:22:63:5 | functio ... K\\n } | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:61:22:63:5 | functio ... K\\n } | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:61:22:63:5 | functio ... K\\n } | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:61:22:63:5 | functio ... K\\n } | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:61:22:63:5 | functio ... K\\n } | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:61:22:63:5 | functio ... K\\n } | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:11:62:15 | "" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:11:62:15 | "" | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:11:62:15 | "" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:11:62:15 | "" | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:11:62:40 | "" + ... "" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:11:62:40 | "" + ... "" | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:11:62:40 | "" + ... "" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:11:62:40 | "" + ... "" | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:19:62:31 | settings.name | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:19:62:31 | settings.name | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:19:62:31 | settings.name | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:19:62:31 | settings.name | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:35:62:40 | "" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:35:62:40 | "" | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:35:62:40 | "" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:35:62:40 | "" | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:52:62:55 | this | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:52:62:55 | this | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:52:62:55 | this | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:52:62:55 | this | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:28:67:32 | "#id" | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:28:67:32 | "#id" | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:28:67:32 | "#id" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:28:67:32 | "#id" | NosqlInjection | notASinkReason | DOM | string | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:28:67:32 | "#id" | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:28:67:32 | "#id" | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:28:67:32 | "#id" | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:28:67:32 | "#id" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:28:67:32 | "#id" | SqlInjection | notASinkReason | DOM | string | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:28:67:32 | "#id" | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:28:67:32 | "#id" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:28:67:32 | "#id" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:28:67:32 | "#id" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:28:67:32 | "#id" | TaintedPath | notASinkReason | DOM | string | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:28:67:32 | "#id" | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:28:67:32 | "#id" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:28:67:32 | "#id" | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:28:67:32 | "#id" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:28:67:32 | "#id" | Xss | notASinkReason | DOM | string | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:28:67:32 | "#id" | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:47:67:59 | "\\""" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:47:67:78 | "" | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:47:67:78 | "" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:47:67:78 | "" | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:63:67:69 | attrVal | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:63:67:69 | attrVal | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:63:67:69 | attrVal | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:63:67:69 | attrVal | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:73:67:78 | "\\"/>" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:73:67:78 | "\\"/>" | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:73:67:78 | "\\"/>" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:73:67:78 | "\\"/>" | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:28:68:32 | "#id" | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:28:68:32 | "#id" | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:28:68:32 | "#id" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:28:68:32 | "#id" | NosqlInjection | notASinkReason | DOM | string | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:28:68:32 | "#id" | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:28:68:32 | "#id" | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:28:68:32 | "#id" | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:28:68:32 | "#id" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:28:68:32 | "#id" | SqlInjection | notASinkReason | DOM | string | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:28:68:32 | "#id" | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:28:68:32 | "#id" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:28:68:32 | "#id" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:28:68:32 | "#id" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:28:68:32 | "#id" | TaintedPath | notASinkReason | DOM | string | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:28:68:32 | "#id" | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:28:68:32 | "#id" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:28:68:32 | "#id" | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:28:68:32 | "#id" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:28:68:32 | "#id" | Xss | notASinkReason | DOM | string | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:28:68:32 | "#id" | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:47:68:59 | "\\""" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:47:68:98 | "" | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:47:68:98 | "" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:47:68:98 | "" | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:63:68:89 | attrVal ... /g, "") | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:63:68:89 | attrVal ... /g, "") | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:63:68:89 | attrVal ... /g, "") | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:63:68:89 | attrVal ... /g, "") | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:93:68:98 | "\\"/>" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:93:68:98 | "\\"/>" | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:93:68:98 | "\\"/>" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:93:68:98 | "\\"/>" | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:69:25:69:28 | "\\"" | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:69:25:69:28 | "\\"" | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:69:25:69:28 | "\\"" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:69:25:69:28 | "\\"" | NosqlInjection | notASinkReason | BuiltinCallName | string | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:69:25:69:28 | "\\"" | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:69:25:69:28 | "\\"" | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:69:25:69:28 | "\\"" | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:69:25:69:28 | "\\"" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:69:25:69:28 | "\\"" | SqlInjection | notASinkReason | BuiltinCallName | string | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:69:25:69:28 | "\\"" | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:69:25:69:28 | "\\"" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:69:25:69:28 | "\\"" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:69:25:69:28 | "\\"" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:69:25:69:28 | "\\"" | TaintedPath | notASinkReason | BuiltinCallName | string | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:69:25:69:28 | "\\"" | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:69:25:69:28 | "\\"" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:69:25:69:28 | "\\"" | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:69:25:69:28 | "\\"" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:69:25:69:28 | "\\"" | Xss | notASinkReason | BuiltinCallName | string | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:69:25:69:28 | "\\"" | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:69:57:69:59 | "'" | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:69:57:69:59 | "'" | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:69:57:69:59 | "'" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:69:57:69:59 | "'" | NosqlInjection | notASinkReason | BuiltinCallName | string | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:69:57:69:59 | "'" | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:69:57:69:59 | "'" | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:69:57:69:59 | "'" | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:69:57:69:59 | "'" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:69:57:69:59 | "'" | SqlInjection | notASinkReason | BuiltinCallName | string | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:69:57:69:59 | "'" | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:69:57:69:59 | "'" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:69:57:69:59 | "'" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:69:57:69:59 | "'" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:69:57:69:59 | "'" | TaintedPath | notASinkReason | BuiltinCallName | string | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:69:57:69:59 | "'" | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:69:57:69:59 | "'" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:69:57:69:59 | "'" | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:69:57:69:59 | "'" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:69:57:69:59 | "'" | Xss | notASinkReason | BuiltinCallName | string | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:69:57:69:59 | "'" | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:32:70:36 | "#id" | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:32:70:36 | "#id" | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:32:70:36 | "#id" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:32:70:36 | "#id" | NosqlInjection | notASinkReason | DOM | string | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:32:70:36 | "#id" | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:32:70:36 | "#id" | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:32:70:36 | "#id" | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:32:70:36 | "#id" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:32:70:36 | "#id" | SqlInjection | notASinkReason | DOM | string | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:32:70:36 | "#id" | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:32:70:36 | "#id" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:32:70:36 | "#id" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:32:70:36 | "#id" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:32:70:36 | "#id" | TaintedPath | notASinkReason | DOM | string | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:32:70:36 | "#id" | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:32:70:36 | "#id" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:32:70:36 | "#id" | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:32:70:36 | "#id" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:32:70:36 | "#id" | Xss | notASinkReason | DOM | string | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:32:70:36 | "#id" | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:51:70:63 | "\\""" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:51:70:82 | "" | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:51:70:82 | "" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:51:70:82 | "" | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:67:70:73 | attrVal | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:67:70:73 | attrVal | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:67:70:73 | attrVal | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:67:70:73 | attrVal | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:77:70:82 | "\\"/>" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:77:70:82 | "\\"/>" | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:77:70:82 | "\\"/>" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:77:70:82 | "\\"/>" | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:75:18:75:25 | "" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:75:18:75:25 | "" | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:75:18:75:25 | "" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:75:18:75:25 | "" | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:75:18:75:56 | " ... /span>" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:75:18:75:56 | " ... /span>" | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:75:18:75:56 | " ... /span>" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:75:18:75:56 | " ... /span>" | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:75:29:75:44 | obj.spanTemplate | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:75:29:75:44 | obj.spanTemplate | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:75:29:75:44 | obj.spanTemplate | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:75:29:75:44 | obj.spanTemplate | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:75:48:75:56 | "" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:75:48:75:56 | "" | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:75:48:75:56 | "" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:75:48:75:56 | "" | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:76:28:76:38 | "#template" | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:76:28:76:38 | "#template" | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:76:28:76:38 | "#template" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:76:28:76:38 | "#template" | NosqlInjection | notASinkReason | DOM | string | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:76:28:76:38 | "#template" | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:76:28:76:38 | "#template" | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:76:28:76:38 | "#template" | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:76:28:76:38 | "#template" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:76:28:76:38 | "#template" | SqlInjection | notASinkReason | DOM | string | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:76:28:76:38 | "#template" | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:76:28:76:38 | "#template" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:76:28:76:38 | "#template" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:76:28:76:38 | "#template" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:76:28:76:38 | "#template" | TaintedPath | notASinkReason | DOM | string | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:76:28:76:38 | "#template" | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:76:28:76:38 | "#template" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:76:28:76:38 | "#template" | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:76:28:76:38 | "#template" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:76:28:76:38 | "#template" | Xss | notASinkReason | DOM | string | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:76:28:76:38 | "#template" | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:76:53:76:56 | html | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:76:53:76:56 | html | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:76:53:76:56 | html | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:76:53:76:56 | html | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:2:18:2:25 | "" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:2:18:2:25 | "" | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:2:18:2:25 | "" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:2:18:2:25 | "" | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:2:18:2:41 | " ... /span>" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:2:18:2:41 | " ... /span>" | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:2:18:2:41 | " ... /span>" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:2:18:2:41 | " ... /span>" | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:2:29:2:29 | s | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:2:29:2:29 | s | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:2:29:2:29 | s | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:2:29:2:29 | s | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:2:33:2:41 | "" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:2:33:2:41 | "" | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:2:33:2:41 | "" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:2:33:2:41 | "" | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:3:31:3:34 | html | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:3:31:3:34 | html | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:3:31:3:34 | html | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:3:31:3:34 | html | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:7:63:7:64 | "" | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:7:63:7:64 | "" | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:7:63:7:64 | "" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:7:63:7:64 | "" | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:7:63:7:64 | "" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:7:63:7:64 | "" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:7:63:7:64 | "" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:7:63:7:64 | "" | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:7:63:7:64 | "" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:7:63:7:64 | "" | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:7:63:7:64 | "" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:7:63:7:64 | "" | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:8:29:8:36 | "" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:8:29:8:36 | "" | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:8:29:8:36 | "" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:8:29:8:36 | "" | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:8:29:8:52 | " ... /span>" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:8:29:8:52 | " ... /span>" | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:8:29:8:52 | " ... /span>" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:8:29:8:52 | " ... /span>" | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:8:40:8:40 | s | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:8:40:8:40 | s | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:8:40:8:40 | s | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:8:40:8:40 | s | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:8:44:8:52 | "" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:8:44:8:52 | "" | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:8:44:8:52 | "" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:8:44:8:52 | "" | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:17:18:17:25 | "" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:17:18:17:25 | "" | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:17:18:17:25 | "" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:17:18:17:25 | "" | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:17:18:17:41 | " ... /span>" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:17:18:17:41 | " ... /span>" | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:17:18:17:41 | " ... /span>" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:17:18:17:41 | " ... /span>" | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:17:29:17:29 | s | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:17:29:17:29 | s | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:17:29:17:29 | s | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:17:29:17:29 | s | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:17:33:17:41 | "" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:17:33:17:41 | "" | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:17:33:17:41 | "" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:17:33:17:41 | "" | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:18:31:18:34 | html | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:18:31:18:34 | html | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:18:31:18:34 | html | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:18:31:18:34 | html | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:3:5:3:11 | options | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:3:5:3:11 | options | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:3:5:3:11 | options | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:3:5:3:11 | options | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:5:5:5:18 | options.target | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:5:5:5:18 | options.target | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:5:5:5:18 | options.target | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:5:5:5:18 | options.target | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:8:6:8:19 | options.target | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:8:6:8:19 | options.target | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:8:6:8:19 | options.target | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:8:6:8:19 | options.target | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:14:6:14:11 | target | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:14:6:14:11 | target | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:14:6:14:11 | target | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:14:6:14:11 | target | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:18:6:18:11 | target | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:18:6:18:11 | target | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:18:6:18:11 | target | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:18:6:18:11 | target | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:18:6:18:11 | target | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:18:6:18:11 | target | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:18:6:18:11 | target | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:18:6:18:11 | target | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:18:6:18:11 | target | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:18:6:18:11 | target | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:18:6:18:11 | target | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:18:6:18:11 | target | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:18:6:18:11 | target | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:18:6:18:11 | target | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:18:6:18:11 | target | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:18:6:18:11 | target | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:18:6:18:11 | target | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:18:6:18:11 | target | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:18:6:18:11 | target | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:18:6:18:11 | target | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:22:6:22:11 | target | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:22:6:22:11 | target | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:22:6:22:11 | target | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:22:6:22:11 | target | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:24:6:24:11 | target | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:24:6:24:11 | target | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:24:6:24:11 | target | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:24:6:24:11 | target | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:28:6:28:11 | target | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:28:6:28:11 | target | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:28:6:28:11 | target | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:28:6:28:11 | target | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:30:6:30:11 | target | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:30:6:30:11 | target | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:30:6:30:11 | target | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:30:6:30:11 | target | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:34:6:34:11 | target | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:34:6:34:11 | target | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:34:6:34:11 | target | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:34:6:34:11 | target | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:36:6:36:11 | target | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:36:6:36:11 | target | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:36:6:36:11 | target | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:36:6:36:11 | target | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:40:6:40:11 | target | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:40:6:40:11 | target | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:40:6:40:11 | target | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:40:6:40:11 | target | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:42:6:42:11 | target | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:42:6:42:11 | target | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:42:6:42:11 | target | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:42:6:42:11 | target | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:46:6:46:11 | target | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:46:6:46:11 | target | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:46:6:46:11 | target | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:46:6:46:11 | target | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:48:6:48:11 | target | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:48:6:48:11 | target | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:48:6:48:11 | target | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:48:6:48:11 | target | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:52:6:52:11 | target | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:52:6:52:11 | target | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:52:6:52:11 | target | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:52:6:52:11 | target | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:54:6:54:11 | target | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:54:6:54:11 | target | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:54:6:54:11 | target | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:54:6:54:11 | target | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:58:6:58:11 | target | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:58:6:58:11 | target | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:58:6:58:11 | target | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:58:6:58:11 | target | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:60:6:60:11 | target | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:60:6:60:11 | target | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:60:6:60:11 | target | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:60:6:60:11 | target | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:66:26:66:32 | element | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:66:26:66:32 | element | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:66:26:66:32 | element | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:66:26:66:32 | element | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:67:33:67:34 | {} | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:67:33:67:34 | {} | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:67:33:67:34 | {} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:67:33:67:34 | {} | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:67:33:67:34 | {} | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:67:33:67:34 | {} | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:67:33:67:34 | {} | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:67:33:67:34 | {} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:67:33:67:34 | {} | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:67:33:67:34 | {} | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:67:33:67:34 | {} | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:67:33:67:34 | {} | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:67:33:67:34 | {} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:67:33:67:34 | {} | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:67:33:67:34 | {} | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:67:33:67:34 | {} | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:67:33:67:34 | {} | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:67:33:67:34 | {} | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:67:33:67:34 | {} | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:67:33:67:34 | {} | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:67:37:67:43 | options | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:67:37:67:43 | options | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:67:37:67:43 | options | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:67:37:67:43 | options | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:67:37:67:43 | options | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:67:37:67:43 | options | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:67:37:67:43 | options | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:67:37:67:43 | options | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:67:37:67:43 | options | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:67:37:67:43 | options | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:67:37:67:43 | options | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:67:37:67:43 | options | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:67:37:67:43 | options | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:67:37:67:43 | options | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:67:37:67:43 | options | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:67:37:67:43 | options | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:67:37:67:43 | options | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:67:37:67:43 | options | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:67:37:67:43 | options | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:67:37:67:43 | options | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:68:45:68:63 | this.options.parent | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:68:45:68:63 | this.options.parent | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:68:45:68:63 | this.options.parent | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:68:45:68:63 | this.options.parent | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:72:5:72:23 | options.foo.bar.baz | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:72:5:72:23 | options.foo.bar.baz | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:72:5:72:23 | options.foo.bar.baz | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:72:5:72:23 | options.foo.bar.baz | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:73:5:73:16 | options.html | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:73:5:73:16 | options.html | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:73:5:73:16 | options.html | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:73:5:73:16 | options.html | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:77:5:77:5 | x | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:77:5:77:5 | x | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:77:5:77:5 | x | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:77:5:77:5 | x | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:77:17:77:35 | options.foo.bar.baz | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:77:17:77:35 | options.foo.bar.baz | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:77:17:77:35 | options.foo.bar.baz | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:77:17:77:35 | options.foo.bar.baz | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:81:5:81:24 | "#" + options.target | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:81:5:81:24 | "#" + options.target | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:81:5:81:24 | "#" + options.target | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:81:5:81:24 | "#" + options.target | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:81:5:81:24 | "#" + options.target | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:81:5:81:24 | "#" + options.target | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:81:5:81:24 | "#" + options.target | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:81:5:81:24 | "#" + options.target | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:81:5:81:24 | "#" + options.target | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:81:5:81:24 | "#" + options.target | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:81:5:81:24 | "#" + options.target | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:81:5:81:24 | "#" + options.target | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:81:5:81:24 | "#" + options.target | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:81:5:81:24 | "#" + options.target | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:81:5:81:24 | "#" + options.target | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:81:5:81:24 | "#" + options.target | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:81:5:81:24 | "#" + options.target | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:81:5:81:24 | "#" + options.target | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:81:5:81:24 | "#" + options.target | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:81:5:81:24 | "#" + options.target | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:86:22:86:23 | {} | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:86:22:86:23 | {} | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:86:22:86:23 | {} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:86:22:86:23 | {} | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:86:22:86:23 | {} | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:86:22:86:23 | {} | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:86:22:86:23 | {} | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:86:22:86:23 | {} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:86:22:86:23 | {} | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:86:22:86:23 | {} | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:86:22:86:23 | {} | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:86:22:86:23 | {} | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:86:22:86:23 | {} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:86:22:86:23 | {} | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:86:22:86:23 | {} | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:86:22:86:23 | {} | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:86:22:86:23 | {} | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:86:22:86:23 | {} | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:86:22:86:23 | {} | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:86:22:86:23 | {} | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:86:26:86:26 | o | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:86:26:86:26 | o | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:86:26:86:26 | o | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:86:26:86:26 | o | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:86:26:86:26 | o | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:86:26:86:26 | o | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:86:26:86:26 | o | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:86:26:86:26 | o | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:86:26:86:26 | o | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:86:26:86:26 | o | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:86:26:86:26 | o | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:86:26:86:26 | o | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:86:26:86:26 | o | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:86:26:86:26 | o | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:86:26:86:26 | o | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:86:26:86:26 | o | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:86:26:86:26 | o | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:86:26:86:26 | o | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:86:26:86:26 | o | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:86:26:86:26 | o | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:89:16:89:16 | t | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:89:16:89:16 | t | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:89:16:89:16 | t | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:89:16:89:16 | t | NosqlInjection | notASinkReason | LoggerMethod | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:89:16:89:16 | t | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:89:16:89:16 | t | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:89:16:89:16 | t | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:89:16:89:16 | t | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:89:16:89:16 | t | SqlInjection | notASinkReason | LoggerMethod | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:89:16:89:16 | t | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:89:16:89:16 | t | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:89:16:89:16 | t | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:89:16:89:16 | t | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:89:16:89:16 | t | TaintedPath | notASinkReason | LoggerMethod | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:89:16:89:16 | t | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:89:16:89:16 | t | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:89:16:89:16 | t | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:89:16:89:16 | t | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:89:16:89:16 | t | Xss | notASinkReason | LoggerMethod | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:89:16:89:16 | t | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:90:6:90:6 | t | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:90:6:90:6 | t | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:90:6:90:6 | t | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:90:6:90:6 | t | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:97:16:97:21 | target | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:97:16:97:21 | target | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:97:16:97:21 | target | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:97:16:97:21 | target | NosqlInjection | notASinkReason | MembershipCandidateTest | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:97:16:97:21 | target | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:97:16:97:21 | target | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:97:16:97:21 | target | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:97:16:97:21 | target | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:97:16:97:21 | target | SqlInjection | notASinkReason | MembershipCandidateTest | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:97:16:97:21 | target | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:97:16:97:21 | target | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:97:16:97:21 | target | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:97:16:97:21 | target | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:97:16:97:21 | target | TaintedPath | notASinkReason | MembershipCandidateTest | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:97:16:97:21 | target | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:97:16:97:21 | target | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:97:16:97:21 | target | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:97:16:97:21 | target | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:97:16:97:21 | target | Xss | notASinkReason | MembershipCandidateTest | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:97:16:97:21 | target | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:98:6:98:11 | target | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:98:6:98:11 | target | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:98:6:98:11 | target | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:98:6:98:11 | target | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:102:22:105:3 | {\\n\\t\\t\\tme ... in'\\n\\t\\t} | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:102:22:105:3 | {\\n\\t\\t\\tme ... in'\\n\\t\\t} | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:102:22:105:3 | {\\n\\t\\t\\tme ... in'\\n\\t\\t} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:102:22:105:3 | {\\n\\t\\t\\tme ... in'\\n\\t\\t} | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:102:22:105:3 | {\\n\\t\\t\\tme ... in'\\n\\t\\t} | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:102:22:105:3 | {\\n\\t\\t\\tme ... in'\\n\\t\\t} | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:102:22:105:3 | {\\n\\t\\t\\tme ... in'\\n\\t\\t} | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:102:22:105:3 | {\\n\\t\\t\\tme ... in'\\n\\t\\t} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:102:22:105:3 | {\\n\\t\\t\\tme ... in'\\n\\t\\t} | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:102:22:105:3 | {\\n\\t\\t\\tme ... in'\\n\\t\\t} | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:102:22:105:3 | {\\n\\t\\t\\tme ... in'\\n\\t\\t} | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:102:22:105:3 | {\\n\\t\\t\\tme ... in'\\n\\t\\t} | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:102:22:105:3 | {\\n\\t\\t\\tme ... in'\\n\\t\\t} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:102:22:105:3 | {\\n\\t\\t\\tme ... in'\\n\\t\\t} | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:102:22:105:3 | {\\n\\t\\t\\tme ... in'\\n\\t\\t} | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:102:22:105:3 | {\\n\\t\\t\\tme ... in'\\n\\t\\t} | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:102:22:105:3 | {\\n\\t\\t\\tme ... in'\\n\\t\\t} | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:102:22:105:3 | {\\n\\t\\t\\tme ... in'\\n\\t\\t} | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:102:22:105:3 | {\\n\\t\\t\\tme ... in'\\n\\t\\t} | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:102:22:105:3 | {\\n\\t\\t\\tme ... in'\\n\\t\\t} | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:103:10:103:22 | '
    ' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:103:10:103:22 | '
    ' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:103:10:103:22 | '
    ' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:103:10:103:22 | '
    ' | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:103:10:103:22 | '
    ' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:103:10:103:22 | '
    ' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:103:10:103:22 | '
    ' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:103:10:103:22 | '
    ' | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:103:10:103:22 | '
    ' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:103:10:103:22 | '
    ' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:103:10:103:22 | '
    ' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:103:10:103:22 | '
    ' | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:104:12:104:23 | '.my_plugin' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:104:12:104:23 | '.my_plugin' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:104:12:104:23 | '.my_plugin' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:104:12:104:23 | '.my_plugin' | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:104:12:104:23 | '.my_plugin' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:104:12:104:23 | '.my_plugin' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:104:12:104:23 | '.my_plugin' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:104:12:104:23 | '.my_plugin' | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:104:12:104:23 | '.my_plugin' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:104:12:104:23 | '.my_plugin' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:104:12:104:23 | '.my_plugin' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:104:12:104:23 | '.my_plugin' | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:105:6:105:12 | options | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:105:6:105:12 | options | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:105:6:105:12 | options | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:105:6:105:12 | options | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:105:6:105:12 | options | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:105:6:105:12 | options | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:105:6:105:12 | options | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:105:6:105:12 | options | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:105:6:105:12 | options | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:105:6:105:12 | options | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:105:6:105:12 | options | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:105:6:105:12 | options | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:105:6:105:12 | options | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:105:6:105:12 | options | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:105:6:105:12 | options | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:105:6:105:12 | options | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:105:6:105:12 | options | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:105:6:105:12 | options | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:105:6:105:12 | options | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:105:6:105:12 | options | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:106:5:106:16 | options.menu | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:106:5:106:16 | options.menu | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:106:5:106:16 | options.menu | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:106:5:106:16 | options.menu | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:107:5:107:18 | options.target | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:107:5:107:18 | options.target | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:107:5:107:18 | options.target | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:107:5:107:18 | options.target | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:22:115:23 | {} | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:22:115:23 | {} | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:22:115:23 | {} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:22:115:23 | {} | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:22:115:23 | {} | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:22:115:23 | {} | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:22:115:23 | {} | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:22:115:23 | {} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:22:115:23 | {} | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:22:115:23 | {} | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:22:115:23 | {} | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:22:115:23 | {} | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:22:115:23 | {} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:22:115:23 | {} | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:22:115:23 | {} | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:22:115:23 | {} | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:22:115:23 | {} | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:22:115:23 | {} | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:22:115:23 | {} | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:22:115:23 | {} | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:26:115:48 | $.fn.my ... efaults | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:26:115:48 | $.fn.my ... efaults | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:26:115:48 | $.fn.my ... efaults | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:26:115:48 | $.fn.my ... efaults | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:26:115:48 | $.fn.my ... efaults | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:26:115:48 | $.fn.my ... efaults | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:26:115:48 | $.fn.my ... efaults | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:26:115:48 | $.fn.my ... efaults | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:26:115:48 | $.fn.my ... efaults | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:26:115:48 | $.fn.my ... efaults | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:26:115:48 | $.fn.my ... efaults | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:26:115:48 | $.fn.my ... efaults | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:26:115:48 | $.fn.my ... efaults | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:26:115:48 | $.fn.my ... efaults | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:26:115:48 | $.fn.my ... efaults | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:26:115:48 | $.fn.my ... efaults | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:26:115:48 | $.fn.my ... efaults | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:26:115:48 | $.fn.my ... efaults | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:26:115:48 | $.fn.my ... efaults | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:26:115:48 | $.fn.my ... efaults | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:51:115:57 | options | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:51:115:57 | options | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:51:115:57 | options | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:51:115:57 | options | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:51:115:57 | options | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:51:115:57 | options | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:51:115:57 | options | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:51:115:57 | options | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:51:115:57 | options | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:51:115:57 | options | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:51:115:57 | options | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:51:115:57 | options | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:51:115:57 | options | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:51:115:57 | options | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:51:115:57 | options | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:51:115:57 | options | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:51:115:57 | options | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:51:115:57 | options | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:51:115:57 | options | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:51:115:57 | options | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:116:5:116:16 | options.menu | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:116:5:116:16 | options.menu | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:116:5:116:16 | options.menu | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:116:5:116:16 | options.menu | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:117:5:117:18 | options.target | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:117:5:117:18 | options.target | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:117:5:117:18 | options.target | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:117:5:117:18 | options.target | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:122:5:122:18 | options.target | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:122:5:122:18 | options.target | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:122:5:122:18 | options.target | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:122:5:122:18 | options.target | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:125:11:125:14 | $.fn | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:125:11:125:14 | $.fn | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:125:11:125:14 | $.fn | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:125:11:125:14 | $.fn | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:125:11:125:14 | $.fn | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:125:11:125:14 | $.fn | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:125:11:125:14 | $.fn | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:125:11:125:14 | $.fn | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:125:11:125:14 | $.fn | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:125:11:125:14 | $.fn | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:125:11:125:14 | $.fn | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:125:11:125:14 | $.fn | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:125:11:125:14 | $.fn | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:125:11:125:14 | $.fn | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:125:11:125:14 | $.fn | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:125:11:125:14 | $.fn | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:125:11:125:14 | $.fn | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:125:11:125:14 | $.fn | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:125:11:125:14 | $.fn | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:125:11:125:14 | $.fn | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:125:17:129:2 | {\\n\\t\\tmy_ ... \\n\\t\\t}\\n\\t} | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:125:17:129:2 | {\\n\\t\\tmy_ ... \\n\\t\\t}\\n\\t} | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:125:17:129:2 | {\\n\\t\\tmy_ ... \\n\\t\\t}\\n\\t} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:125:17:129:2 | {\\n\\t\\tmy_ ... \\n\\t\\t}\\n\\t} | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:125:17:129:2 | {\\n\\t\\tmy_ ... \\n\\t\\t}\\n\\t} | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:125:17:129:2 | {\\n\\t\\tmy_ ... \\n\\t\\t}\\n\\t} | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:125:17:129:2 | {\\n\\t\\tmy_ ... \\n\\t\\t}\\n\\t} | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:125:17:129:2 | {\\n\\t\\tmy_ ... \\n\\t\\t}\\n\\t} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:125:17:129:2 | {\\n\\t\\tmy_ ... \\n\\t\\t}\\n\\t} | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:125:17:129:2 | {\\n\\t\\tmy_ ... \\n\\t\\t}\\n\\t} | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:125:17:129:2 | {\\n\\t\\tmy_ ... \\n\\t\\t}\\n\\t} | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:125:17:129:2 | {\\n\\t\\tmy_ ... \\n\\t\\t}\\n\\t} | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:125:17:129:2 | {\\n\\t\\tmy_ ... \\n\\t\\t}\\n\\t} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:125:17:129:2 | {\\n\\t\\tmy_ ... \\n\\t\\t}\\n\\t} | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:125:17:129:2 | {\\n\\t\\tmy_ ... \\n\\t\\t}\\n\\t} | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:125:17:129:2 | {\\n\\t\\tmy_ ... \\n\\t\\t}\\n\\t} | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:125:17:129:2 | {\\n\\t\\tmy_ ... \\n\\t\\t}\\n\\t} | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:125:17:129:2 | {\\n\\t\\tmy_ ... \\n\\t\\t}\\n\\t} | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:125:17:129:2 | {\\n\\t\\tmy_ ... \\n\\t\\t}\\n\\t} | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:125:17:129:2 | {\\n\\t\\tmy_ ... \\n\\t\\t}\\n\\t} | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:126:14:128:3 | functio ... OK\\n\\t\\t} | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:126:14:128:3 | functio ... OK\\n\\t\\t} | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:126:14:128:3 | functio ... OK\\n\\t\\t} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:126:14:128:3 | functio ... OK\\n\\t\\t} | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:126:14:128:3 | functio ... OK\\n\\t\\t} | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:126:14:128:3 | functio ... OK\\n\\t\\t} | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:126:14:128:3 | functio ... OK\\n\\t\\t} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:126:14:128:3 | functio ... OK\\n\\t\\t} | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:126:14:128:3 | functio ... OK\\n\\t\\t} | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:126:14:128:3 | functio ... OK\\n\\t\\t} | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:126:14:128:3 | functio ... OK\\n\\t\\t} | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:126:14:128:3 | functio ... OK\\n\\t\\t} | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:127:6:127:19 | options.target | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:127:6:127:19 | options.target | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:127:6:127:19 | options.target | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:127:6:127:19 | options.target | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:132:5:132:18 | options.target | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:132:5:132:18 | options.target | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:132:5:132:18 | options.target | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:132:5:132:18 | options.target | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:136:5:136:29 | options ... elector | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:136:5:136:29 | options ... elector | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:136:5:136:29 | options ... elector | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:136:5:136:29 | options ... elector | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:140:41:140:56 |
    hello
    | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:140:41:140:56 |
    hello
    | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:140:41:140:56 |
    hello
    | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:140:41:140:56 |
    hello
    | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:141:5:141:16 | intentional1 | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:141:5:141:16 | intentional1 | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:141:5:141:16 | intentional1 | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:141:5:141:16 | intentional1 | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:143:23:143:27 |
    | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:143:23:143:27 |
    | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:143:23:143:27 |
    | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:143:23:143:27 |
    | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:143:30:143:43 | options.target | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:143:30:143:43 | options.target | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:143:30:143:43 | options.target | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:143:30:143:43 | options.target | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:143:45:143:50 |
    | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:143:45:143:50 |
    | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:143:45:143:50 |
    | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:143:45:143:50 |
    | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:144:5:144:16 | intentional2 | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:144:5:144:16 | intentional2 | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:144:5:144:16 | intentional2 | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:144:5:144:16 | intentional2 | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:146:23:146:27 |
    | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:146:23:146:27 |
    | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:146:23:146:27 |
    | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:146:23:146:27 |
    | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:146:32:146:54 | options ...
    ` | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:146:32:146:54 | options ...
    ` | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:146:32:146:54 | options ...
    ` | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:146:32:146:54 | options ...
    ` | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:147:5:147:16 | intentional3 | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:147:5:147:16 | intentional3 | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:147:5:147:16 | intentional3 | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:147:5:147:16 | intentional3 | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:149:24:149:35 |
    | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:149:53:149:60 | ">
    | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:149:53:149:60 | ">
    | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:149:53:149:60 | ">
    | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:150:5:150:17 | unintentional | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:150:5:150:17 | unintentional | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:150:5:150:17 | unintentional | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:150:5:150:17 | unintentional | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:155:33:155:38 | target | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:155:33:155:38 | target | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:155:33:155:38 | target | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:155:33:155:38 | target | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:155:44:155:51 | document | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:155:44:155:51 | document | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:155:44:155:51 | document | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:155:44:155:51 | document | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:155:59:155:64 | target | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:155:59:155:64 | target | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:155:59:155:64 | target | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:155:59:155:64 | target | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:155:59:155:64 | target | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:155:59:155:64 | target | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:155:59:155:64 | target | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:155:59:155:64 | target | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:155:59:155:64 | target | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:155:59:155:64 | target | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:155:59:155:64 | target | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:155:59:155:64 | target | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:155:59:155:64 | target | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:155:59:155:64 | target | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:155:59:155:64 | target | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:155:59:155:64 | target | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:155:59:155:64 | target | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:155:59:155:64 | target | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:155:59:155:64 | target | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:155:59:155:64 | target | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:156:41:156:54 | options.target | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:156:41:156:54 | options.target | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:156:41:156:54 | options.target | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:156:41:156:54 | options.target | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:156:60:156:67 | document | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:156:60:156:67 | document | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:156:60:156:67 | document | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:156:60:156:67 | document | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:156:75:156:88 | options.target | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:156:75:156:88 | options.target | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:156:75:156:88 | options.target | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:156:75:156:88 | options.target | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:156:75:156:88 | options.target | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:156:75:156:88 | options.target | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:156:75:156:88 | options.target | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:156:75:156:88 | options.target | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:156:75:156:88 | options.target | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:156:75:156:88 | options.target | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:156:75:156:88 | options.target | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:156:75:156:88 | options.target | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:156:75:156:88 | options.target | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:156:75:156:88 | options.target | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:156:75:156:88 | options.target | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:156:75:156:88 | options.target | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:156:75:156:88 | options.target | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:156:75:156:88 | options.target | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:156:75:156:88 | options.target | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:156:75:156:88 | options.target | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:157:44:157:59 | options.target.a | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:157:44:157:59 | options.target.a | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:157:44:157:59 | options.target.a | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:157:44:157:59 | options.target.a | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:157:65:157:72 | document | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:157:65:157:72 | document | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:157:65:157:72 | document | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:157:65:157:72 | document | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:157:80:157:95 | options.target.a | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:157:80:157:95 | options.target.a | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:157:80:157:95 | options.target.a | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:157:80:157:95 | options.target.a | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:157:80:157:95 | options.target.a | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:157:80:157:95 | options.target.a | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:157:80:157:95 | options.target.a | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:157:80:157:95 | options.target.a | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:157:80:157:95 | options.target.a | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:157:80:157:95 | options.target.a | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:157:80:157:95 | options.target.a | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:157:80:157:95 | options.target.a | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:157:80:157:95 | options.target.a | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:157:80:157:95 | options.target.a | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:157:80:157:95 | options.target.a | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:157:80:157:95 | options.target.a | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:157:80:157:95 | options.target.a | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:157:80:157:95 | options.target.a | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:157:80:157:95 | options.target.a | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:157:80:157:95 | options.target.a | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:161:5:161:30 | anyPref ... .target | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:161:5:161:30 | anyPref ... .target | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:161:5:161:30 | anyPref ... .target | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:161:5:161:30 | anyPref ... .target | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:163:5:163:54 | somethi ... target) | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:163:5:163:54 | somethi ... target) | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:163:5:163:54 | somethi ... target) | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:163:5:163:54 | somethi ... target) | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:167:6:167:11 | target | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:167:6:167:11 | target | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:167:6:167:11 | target | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:167:6:167:11 | target | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:170:6:170:11 | target | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:170:6:170:11 | target | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:170:6:170:11 | target | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:170:6:170:11 | target | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:179:5:179:18 | options.target | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:179:5:179:18 | options.target | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:179:5:179:18 | options.target | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:179:5:179:18 | options.target | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:182:5:182:12 | document | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:182:5:182:12 | document | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:182:5:182:12 | document | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:182:5:182:12 | document | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:182:20:182:33 | options.target | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:182:20:182:33 | options.target | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:182:20:182:33 | options.target | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:182:20:182:33 | options.target | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:182:20:182:33 | options.target | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:182:20:182:33 | options.target | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:182:20:182:33 | options.target | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:182:20:182:33 | options.target | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:182:20:182:33 | options.target | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:182:20:182:33 | options.target | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:182:20:182:33 | options.target | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:182:20:182:33 | options.target | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:182:20:182:33 | options.target | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:182:20:182:33 | options.target | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:182:20:182:33 | options.target | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:182:20:182:33 | options.target | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:182:20:182:33 | options.target | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:182:20:182:33 | options.target | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:182:20:182:33 | options.target | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:182:20:182:33 | options.target | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/forms.js:9:19:9:23 | "#id" | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:9:19:9:23 | "#id" | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:9:19:9:23 | "#id" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:9:19:9:23 | "#id" | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/forms.js:9:19:9:23 | "#id" | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/forms.js:9:19:9:23 | "#id" | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:9:19:9:23 | "#id" | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:9:19:9:23 | "#id" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:9:19:9:23 | "#id" | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/forms.js:9:19:9:23 | "#id" | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/forms.js:9:19:9:23 | "#id" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:9:19:9:23 | "#id" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:9:19:9:23 | "#id" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:9:19:9:23 | "#id" | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/forms.js:9:19:9:23 | "#id" | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/forms.js:9:19:9:23 | "#id" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:9:19:9:23 | "#id" | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:9:19:9:23 | "#id" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:9:19:9:23 | "#id" | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/forms.js:9:19:9:23 | "#id" | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/forms.js:9:31:9:40 | values.foo | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:9:31:9:40 | values.foo | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:9:31:9:40 | values.foo | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:9:31:9:40 | values.foo | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/XssThroughDom/forms.js:12:19:12:23 | "#id" | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:12:19:12:23 | "#id" | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:12:19:12:23 | "#id" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:12:19:12:23 | "#id" | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/forms.js:12:19:12:23 | "#id" | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/forms.js:12:19:12:23 | "#id" | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:12:19:12:23 | "#id" | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:12:19:12:23 | "#id" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:12:19:12:23 | "#id" | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/forms.js:12:19:12:23 | "#id" | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/forms.js:12:19:12:23 | "#id" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:12:19:12:23 | "#id" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:12:19:12:23 | "#id" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:12:19:12:23 | "#id" | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/forms.js:12:19:12:23 | "#id" | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/forms.js:12:19:12:23 | "#id" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:12:19:12:23 | "#id" | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:12:19:12:23 | "#id" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:12:19:12:23 | "#id" | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/forms.js:12:19:12:23 | "#id" | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/forms.js:12:31:12:40 | values.bar | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:12:31:12:40 | values.bar | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:12:31:12:40 | values.bar | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:12:31:12:40 | values.bar | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/XssThroughDom/forms.js:22:35:31:1 | {\\n m ... }\\n} | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:22:35:31:1 | {\\n m ... }\\n} | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:22:35:31:1 | {\\n m ... }\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:22:35:31:1 | {\\n m ... }\\n} | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/XssThroughDom/forms.js:22:35:31:1 | {\\n m ... }\\n} | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:22:35:31:1 | {\\n m ... }\\n} | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:22:35:31:1 | {\\n m ... }\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:22:35:31:1 | {\\n m ... }\\n} | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/XssThroughDom/forms.js:22:35:31:1 | {\\n m ... }\\n} | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:22:35:31:1 | {\\n m ... }\\n} | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:22:35:31:1 | {\\n m ... }\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:22:35:31:1 | {\\n m ... }\\n} | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/XssThroughDom/forms.js:22:35:31:1 | {\\n m ... }\\n} | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:22:35:31:1 | {\\n m ... }\\n} | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:22:35:31:1 | {\\n m ... }\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:22:35:31:1 | {\\n m ... }\\n} | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/XssThroughDom/forms.js:23:23:23:42 | () => ({ name: '' }) | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:23:23:23:42 | () => ({ name: '' }) | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:23:23:23:42 | () => ({ name: '' }) | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:23:23:23:42 | () => ({ name: '' }) | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/XssThroughDom/forms.js:23:23:23:42 | () => ({ name: '' }) | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:23:23:23:42 | () => ({ name: '' }) | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:23:23:23:42 | () => ({ name: '' }) | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:23:23:23:42 | () => ({ name: '' }) | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/XssThroughDom/forms.js:23:23:23:42 | () => ({ name: '' }) | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:23:23:23:42 | () => ({ name: '' }) | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:23:23:23:42 | () => ({ name: '' }) | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:23:23:23:42 | () => ({ name: '' }) | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/XssThroughDom/forms.js:24:15:26:5 | values ... K\\n } | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:24:15:26:5 | values ... K\\n } | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:24:15:26:5 | values ... K\\n } | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:24:15:26:5 | values ... K\\n } | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/XssThroughDom/forms.js:24:15:26:5 | values ... K\\n } | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:24:15:26:5 | values ... K\\n } | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:24:15:26:5 | values ... K\\n } | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:24:15:26:5 | values ... K\\n } | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/XssThroughDom/forms.js:24:15:26:5 | values ... K\\n } | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:24:15:26:5 | values ... K\\n } | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:24:15:26:5 | values ... K\\n } | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:24:15:26:5 | values ... K\\n } | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/XssThroughDom/forms.js:25:11:25:15 | "#id" | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:25:11:25:15 | "#id" | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:25:11:25:15 | "#id" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:25:11:25:15 | "#id" | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/forms.js:25:11:25:15 | "#id" | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/forms.js:25:11:25:15 | "#id" | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:25:11:25:15 | "#id" | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:25:11:25:15 | "#id" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:25:11:25:15 | "#id" | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/forms.js:25:11:25:15 | "#id" | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/forms.js:25:11:25:15 | "#id" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:25:11:25:15 | "#id" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:25:11:25:15 | "#id" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:25:11:25:15 | "#id" | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/forms.js:25:11:25:15 | "#id" | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/forms.js:25:11:25:15 | "#id" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:25:11:25:15 | "#id" | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:25:11:25:15 | "#id" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:25:11:25:15 | "#id" | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/forms.js:25:11:25:15 | "#id" | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/forms.js:25:23:25:34 | values.email | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:25:23:25:34 | values.email | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:25:23:25:34 | values.email | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:25:23:25:34 | values.email | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/XssThroughDom/forms.js:28:19:30:5 | (values ... K\\n } | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:28:19:30:5 | (values ... K\\n } | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:28:19:30:5 | (values ... K\\n } | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:28:19:30:5 | (values ... K\\n } | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/XssThroughDom/forms.js:28:19:30:5 | (values ... K\\n } | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:28:19:30:5 | (values ... K\\n } | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:28:19:30:5 | (values ... K\\n } | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:28:19:30:5 | (values ... K\\n } | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/XssThroughDom/forms.js:28:19:30:5 | (values ... K\\n } | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:28:19:30:5 | (values ... K\\n } | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:28:19:30:5 | (values ... K\\n } | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:28:19:30:5 | (values ... K\\n } | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/XssThroughDom/forms.js:29:11:29:15 | "#id" | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:29:11:29:15 | "#id" | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:29:11:29:15 | "#id" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:29:11:29:15 | "#id" | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/forms.js:29:11:29:15 | "#id" | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/forms.js:29:11:29:15 | "#id" | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:29:11:29:15 | "#id" | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:29:11:29:15 | "#id" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:29:11:29:15 | "#id" | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/forms.js:29:11:29:15 | "#id" | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/forms.js:29:11:29:15 | "#id" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:29:11:29:15 | "#id" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:29:11:29:15 | "#id" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:29:11:29:15 | "#id" | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/forms.js:29:11:29:15 | "#id" | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/forms.js:29:11:29:15 | "#id" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:29:11:29:15 | "#id" | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:29:11:29:15 | "#id" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:29:11:29:15 | "#id" | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/forms.js:29:11:29:15 | "#id" | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/forms.js:29:23:29:34 | values.email | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:29:23:29:34 | values.email | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:29:23:29:34 | values.email | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:29:23:29:34 | values.email | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/XssThroughDom/forms.js:31:4:31:9 | MyForm | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:31:4:31:9 | MyForm | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:31:4:31:9 | MyForm | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:31:4:31:9 | MyForm | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/XssThroughDom/forms.js:31:4:31:9 | MyForm | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:31:4:31:9 | MyForm | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:31:4:31:9 | MyForm | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:31:4:31:9 | MyForm | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/XssThroughDom/forms.js:31:4:31:9 | MyForm | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:31:4:31:9 | MyForm | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:31:4:31:9 | MyForm | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:31:4:31:9 | MyForm | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/XssThroughDom/forms.js:31:4:31:9 | MyForm | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:31:4:31:9 | MyForm | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:31:4:31:9 | MyForm | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:31:4:31:9 | MyForm | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/XssThroughDom/forms.js:35:7:35:11 | "#id" | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:35:7:35:11 | "#id" | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:35:7:35:11 | "#id" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:35:7:35:11 | "#id" | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/forms.js:35:7:35:11 | "#id" | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/forms.js:35:7:35:11 | "#id" | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:35:7:35:11 | "#id" | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:35:7:35:11 | "#id" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:35:7:35:11 | "#id" | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/forms.js:35:7:35:11 | "#id" | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/forms.js:35:7:35:11 | "#id" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:35:7:35:11 | "#id" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:35:7:35:11 | "#id" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:35:7:35:11 | "#id" | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/forms.js:35:7:35:11 | "#id" | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/forms.js:35:7:35:11 | "#id" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:35:7:35:11 | "#id" | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:35:7:35:11 | "#id" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:35:7:35:11 | "#id" | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/forms.js:35:7:35:11 | "#id" | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/forms.js:35:19:35:30 | values.email | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:35:19:35:30 | values.email | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:35:19:35:30 | values.email | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:35:19:35:30 | values.email | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/XssThroughDom/forms.js:37:7:37:11 | "#id" | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:37:7:37:11 | "#id" | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:37:7:37:11 | "#id" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:37:7:37:11 | "#id" | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/forms.js:37:7:37:11 | "#id" | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/forms.js:37:7:37:11 | "#id" | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:37:7:37:11 | "#id" | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:37:7:37:11 | "#id" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:37:7:37:11 | "#id" | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/forms.js:37:7:37:11 | "#id" | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/forms.js:37:7:37:11 | "#id" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:37:7:37:11 | "#id" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:37:7:37:11 | "#id" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:37:7:37:11 | "#id" | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/forms.js:37:7:37:11 | "#id" | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/forms.js:37:7:37:11 | "#id" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:37:7:37:11 | "#id" | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:37:7:37:11 | "#id" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:37:7:37:11 | "#id" | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/forms.js:37:7:37:11 | "#id" | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/forms.js:37:19:37:34 | submitForm.email | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:37:19:37:34 | submitForm.email | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:37:19:37:34 | submitForm.email | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:37:19:37:34 | submitForm.email | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/XssThroughDom/forms.js:45:9:45:13 | "#id" | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:45:9:45:13 | "#id" | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:45:9:45:13 | "#id" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:45:9:45:13 | "#id" | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/forms.js:45:9:45:13 | "#id" | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/forms.js:45:9:45:13 | "#id" | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:45:9:45:13 | "#id" | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:45:9:45:13 | "#id" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:45:9:45:13 | "#id" | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/forms.js:45:9:45:13 | "#id" | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/forms.js:45:9:45:13 | "#id" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:45:9:45:13 | "#id" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:45:9:45:13 | "#id" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:45:9:45:13 | "#id" | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/forms.js:45:9:45:13 | "#id" | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/forms.js:45:9:45:13 | "#id" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:45:9:45:13 | "#id" | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:45:9:45:13 | "#id" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:45:9:45:13 | "#id" | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/forms.js:45:9:45:13 | "#id" | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/forms.js:45:21:45:33 | values.stooge | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:45:21:45:33 | values.stooge | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:45:21:45:33 | values.stooge | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:45:21:45:33 | values.stooge | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/XssThroughDom/forms.js:57:7:57:11 | "#id" | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:57:7:57:11 | "#id" | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:57:7:57:11 | "#id" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:57:7:57:11 | "#id" | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/forms.js:57:7:57:11 | "#id" | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/forms.js:57:7:57:11 | "#id" | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:57:7:57:11 | "#id" | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:57:7:57:11 | "#id" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:57:7:57:11 | "#id" | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/forms.js:57:7:57:11 | "#id" | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/forms.js:57:7:57:11 | "#id" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:57:7:57:11 | "#id" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:57:7:57:11 | "#id" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:57:7:57:11 | "#id" | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/forms.js:57:7:57:11 | "#id" | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/forms.js:57:7:57:11 | "#id" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:57:7:57:11 | "#id" | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:57:7:57:11 | "#id" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:57:7:57:11 | "#id" | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/forms.js:57:7:57:11 | "#id" | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/forms.js:57:19:57:32 | e.target.value | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:57:19:57:32 | e.target.value | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:57:19:57:32 | e.target.value | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:57:19:57:32 | e.target.value | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/XssThroughDom/forms.js:72:7:72:11 | "#id" | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:72:7:72:11 | "#id" | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:72:7:72:11 | "#id" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:72:7:72:11 | "#id" | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/forms.js:72:7:72:11 | "#id" | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/forms.js:72:7:72:11 | "#id" | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:72:7:72:11 | "#id" | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:72:7:72:11 | "#id" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:72:7:72:11 | "#id" | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/forms.js:72:7:72:11 | "#id" | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/forms.js:72:7:72:11 | "#id" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:72:7:72:11 | "#id" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:72:7:72:11 | "#id" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:72:7:72:11 | "#id" | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/forms.js:72:7:72:11 | "#id" | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/forms.js:72:7:72:11 | "#id" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:72:7:72:11 | "#id" | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:72:7:72:11 | "#id" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:72:7:72:11 | "#id" | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/forms.js:72:7:72:11 | "#id" | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/forms.js:72:19:72:27 | data.name | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:72:19:72:27 | data.name | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:72:19:72:27 | data.name | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:72:19:72:27 | data.name | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/XssThroughDom/forms.js:76:34:76:41 | onSubmit | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:76:34:76:41 | onSubmit | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:76:34:76:41 | onSubmit | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:76:34:76:41 | onSubmit | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/XssThroughDom/forms.js:76:34:76:41 | onSubmit | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:76:34:76:41 | onSubmit | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:76:34:76:41 | onSubmit | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:76:34:76:41 | onSubmit | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/XssThroughDom/forms.js:76:34:76:41 | onSubmit | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:76:34:76:41 | onSubmit | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:76:34:76:41 | onSubmit | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:76:34:76:41 | onSubmit | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/XssThroughDom/forms.js:76:34:76:41 | onSubmit | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:76:34:76:41 | onSubmit | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:76:34:76:41 | onSubmit | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:76:34:76:41 | onSubmit | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/XssThroughDom/forms.js:77:42:77:59 | { required: true } | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:77:42:77:59 | { required: true } | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:77:42:77:59 | { required: true } | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:77:42:77:59 | { required: true } | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/XssThroughDom/forms.js:77:42:77:59 | { required: true } | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:77:42:77:59 | { required: true } | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:77:42:77:59 | { required: true } | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:77:42:77:59 | { required: true } | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/XssThroughDom/forms.js:77:42:77:59 | { required: true } | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:77:42:77:59 | { required: true } | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:77:42:77:59 | { required: true } | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:77:42:77:59 | { required: true } | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/XssThroughDom/forms.js:77:42:77:59 | { required: true } | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:77:42:77:59 | { required: true } | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:77:42:77:59 | { required: true } | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:77:42:77:59 | { required: true } | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/XssThroughDom/forms.js:77:54:77:57 | true | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:77:54:77:57 | true | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:77:54:77:57 | true | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:77:54:77:57 | true | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/XssThroughDom/forms.js:77:54:77:57 | true | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:77:54:77:57 | true | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:77:54:77:57 | true | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:77:54:77:57 | true | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/XssThroughDom/forms.js:77:54:77:57 | true | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:77:54:77:57 | true | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:77:54:77:57 | true | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:77:54:77:57 | true | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/XssThroughDom/forms.js:93:13:93:17 | "#id" | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:93:13:93:17 | "#id" | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:93:13:93:17 | "#id" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:93:13:93:17 | "#id" | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/forms.js:93:13:93:17 | "#id" | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/forms.js:93:13:93:17 | "#id" | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:93:13:93:17 | "#id" | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:93:13:93:17 | "#id" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:93:13:93:17 | "#id" | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/forms.js:93:13:93:17 | "#id" | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/forms.js:93:13:93:17 | "#id" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:93:13:93:17 | "#id" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:93:13:93:17 | "#id" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:93:13:93:17 | "#id" | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/forms.js:93:13:93:17 | "#id" | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/forms.js:93:13:93:17 | "#id" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:93:13:93:17 | "#id" | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:93:13:93:17 | "#id" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:93:13:93:17 | "#id" | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/forms.js:93:13:93:17 | "#id" | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/forms.js:93:25:93:35 | values.name | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:93:25:93:35 | values.name | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:93:25:93:35 | values.name | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:93:25:93:35 | values.name | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/XssThroughDom/forms.js:102:28:102:40 | "form.myform" | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:102:28:102:40 | "form.myform" | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:102:28:102:40 | "form.myform" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:102:28:102:40 | "form.myform" | NosqlInjection | notASinkReason | DOM | string | -| autogenerated/Xss/XssThroughDom/forms.js:102:28:102:40 | "form.myform" | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/forms.js:102:28:102:40 | "form.myform" | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:102:28:102:40 | "form.myform" | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:102:28:102:40 | "form.myform" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:102:28:102:40 | "form.myform" | SqlInjection | notASinkReason | DOM | string | -| autogenerated/Xss/XssThroughDom/forms.js:102:28:102:40 | "form.myform" | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/forms.js:102:28:102:40 | "form.myform" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:102:28:102:40 | "form.myform" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:102:28:102:40 | "form.myform" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:102:28:102:40 | "form.myform" | TaintedPath | notASinkReason | DOM | string | -| autogenerated/Xss/XssThroughDom/forms.js:102:28:102:40 | "form.myform" | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/forms.js:102:28:102:40 | "form.myform" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:102:28:102:40 | "form.myform" | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:102:28:102:40 | "form.myform" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:102:28:102:40 | "form.myform" | Xss | notASinkReason | DOM | string | -| autogenerated/Xss/XssThroughDom/forms.js:102:28:102:40 | "form.myform" | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/forms.js:102:60:102:67 | "submit" | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:102:60:102:67 | "submit" | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:102:60:102:67 | "submit" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:102:60:102:67 | "submit" | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/XssThroughDom/forms.js:102:60:102:67 | "submit" | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:102:60:102:67 | "submit" | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:102:60:102:67 | "submit" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:102:60:102:67 | "submit" | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/XssThroughDom/forms.js:102:60:102:67 | "submit" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:102:60:102:67 | "submit" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:102:60:102:67 | "submit" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:102:60:102:67 | "submit" | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/XssThroughDom/forms.js:102:60:102:67 | "submit" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:102:60:102:67 | "submit" | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:102:60:102:67 | "submit" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:102:60:102:67 | "submit" | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/XssThroughDom/forms.js:102:70:104:5 | e => {\\n ... K\\n } | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:102:70:104:5 | e => {\\n ... K\\n } | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:102:70:104:5 | e => {\\n ... K\\n } | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:102:70:104:5 | e => {\\n ... K\\n } | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/XssThroughDom/forms.js:102:70:104:5 | e => {\\n ... K\\n } | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:102:70:104:5 | e => {\\n ... K\\n } | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:102:70:104:5 | e => {\\n ... K\\n } | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:102:70:104:5 | e => {\\n ... K\\n } | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/XssThroughDom/forms.js:102:70:104:5 | e => {\\n ... K\\n } | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:102:70:104:5 | e => {\\n ... K\\n } | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:102:70:104:5 | e => {\\n ... K\\n } | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:102:70:104:5 | e => {\\n ... K\\n } | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/XssThroughDom/forms.js:102:70:104:5 | e => {\\n ... K\\n } | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:102:70:104:5 | e => {\\n ... K\\n } | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:102:70:104:5 | e => {\\n ... K\\n } | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:102:70:104:5 | e => {\\n ... K\\n } | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/XssThroughDom/forms.js:103:11:103:15 | "#id" | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:103:11:103:15 | "#id" | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:103:11:103:15 | "#id" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:103:11:103:15 | "#id" | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/forms.js:103:11:103:15 | "#id" | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/forms.js:103:11:103:15 | "#id" | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:103:11:103:15 | "#id" | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:103:11:103:15 | "#id" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:103:11:103:15 | "#id" | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/forms.js:103:11:103:15 | "#id" | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/forms.js:103:11:103:15 | "#id" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:103:11:103:15 | "#id" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:103:11:103:15 | "#id" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:103:11:103:15 | "#id" | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/forms.js:103:11:103:15 | "#id" | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/forms.js:103:11:103:15 | "#id" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:103:11:103:15 | "#id" | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:103:11:103:15 | "#id" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:103:11:103:15 | "#id" | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/forms.js:103:11:103:15 | "#id" | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/forms.js:103:23:103:36 | e.target.value | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:103:23:103:36 | e.target.value | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:103:23:103:36 | e.target.value | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:103:23:103:36 | e.target.value | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/XssThroughDom/forms.js:106:28:106:40 | "form.myform" | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:106:28:106:40 | "form.myform" | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:106:28:106:40 | "form.myform" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:106:28:106:40 | "form.myform" | NosqlInjection | notASinkReason | DOM | string | -| autogenerated/Xss/XssThroughDom/forms.js:106:28:106:40 | "form.myform" | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/forms.js:106:28:106:40 | "form.myform" | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:106:28:106:40 | "form.myform" | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:106:28:106:40 | "form.myform" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:106:28:106:40 | "form.myform" | SqlInjection | notASinkReason | DOM | string | -| autogenerated/Xss/XssThroughDom/forms.js:106:28:106:40 | "form.myform" | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/forms.js:106:28:106:40 | "form.myform" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:106:28:106:40 | "form.myform" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:106:28:106:40 | "form.myform" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:106:28:106:40 | "form.myform" | TaintedPath | notASinkReason | DOM | string | -| autogenerated/Xss/XssThroughDom/forms.js:106:28:106:40 | "form.myform" | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/forms.js:106:28:106:40 | "form.myform" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:106:28:106:40 | "form.myform" | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:106:28:106:40 | "form.myform" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:106:28:106:40 | "form.myform" | Xss | notASinkReason | DOM | string | -| autogenerated/Xss/XssThroughDom/forms.js:106:28:106:40 | "form.myform" | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/forms.js:107:11:107:15 | "#id" | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:107:11:107:15 | "#id" | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:107:11:107:15 | "#id" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:107:11:107:15 | "#id" | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/forms.js:107:11:107:15 | "#id" | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/forms.js:107:11:107:15 | "#id" | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:107:11:107:15 | "#id" | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:107:11:107:15 | "#id" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:107:11:107:15 | "#id" | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/forms.js:107:11:107:15 | "#id" | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/forms.js:107:11:107:15 | "#id" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:107:11:107:15 | "#id" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:107:11:107:15 | "#id" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:107:11:107:15 | "#id" | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/forms.js:107:11:107:15 | "#id" | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/forms.js:107:11:107:15 | "#id" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:107:11:107:15 | "#id" | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:107:11:107:15 | "#id" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:107:11:107:15 | "#id" | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/forms.js:107:11:107:15 | "#id" | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/forms.js:107:23:107:36 | e.target.value | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:107:23:107:36 | e.target.value | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:107:23:107:36 | e.target.value | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/forms.js:107:23:107:36 | e.target.value | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:2:4:2:8 | "#id" | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:2:4:2:8 | "#id" | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:2:4:2:8 | "#id" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:2:4:2:8 | "#id" | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:2:4:2:8 | "#id" | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:2:4:2:8 | "#id" | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:2:4:2:8 | "#id" | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:2:4:2:8 | "#id" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:2:4:2:8 | "#id" | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:2:4:2:8 | "#id" | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:2:4:2:8 | "#id" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:2:4:2:8 | "#id" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:2:4:2:8 | "#id" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:2:4:2:8 | "#id" | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:2:4:2:8 | "#id" | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:2:4:2:8 | "#id" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:2:4:2:8 | "#id" | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:2:4:2:8 | "#id" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:2:4:2:8 | "#id" | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:2:4:2:8 | "#id" | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:2:16:2:34 | $("textarea").val() | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:2:16:2:34 | $("textarea").val() | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:2:16:2:34 | $("textarea").val() | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:2:16:2:34 | $("textarea").val() | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:2:18:2:27 | "textarea" | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:2:18:2:27 | "textarea" | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:2:18:2:27 | "textarea" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:2:18:2:27 | "textarea" | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:2:18:2:27 | "textarea" | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:2:18:2:27 | "textarea" | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:2:18:2:27 | "textarea" | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:2:18:2:27 | "textarea" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:2:18:2:27 | "textarea" | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:2:18:2:27 | "textarea" | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:2:18:2:27 | "textarea" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:2:18:2:27 | "textarea" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:2:18:2:27 | "textarea" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:2:18:2:27 | "textarea" | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:2:18:2:27 | "textarea" | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:2:18:2:27 | "textarea" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:2:18:2:27 | "textarea" | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:2:18:2:27 | "textarea" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:2:18:2:27 | "textarea" | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:2:18:2:27 | "textarea" | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:4:4:4:8 | "#id" | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:4:4:4:8 | "#id" | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:4:4:4:8 | "#id" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:4:4:4:8 | "#id" | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:4:4:4:8 | "#id" | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:4:4:4:8 | "#id" | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:4:4:4:8 | "#id" | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:4:4:4:8 | "#id" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:4:4:4:8 | "#id" | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:4:4:4:8 | "#id" | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:4:4:4:8 | "#id" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:4:4:4:8 | "#id" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:4:4:4:8 | "#id" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:4:4:4:8 | "#id" | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:4:4:4:8 | "#id" | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:4:4:4:8 | "#id" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:4:4:4:8 | "#id" | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:4:4:4:8 | "#id" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:4:4:4:8 | "#id" | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:4:4:4:8 | "#id" | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:4:16:4:40 | $(".som ... .text() | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:4:16:4:40 | $(".som ... .text() | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:4:16:4:40 | $(".som ... .text() | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:4:16:4:40 | $(".som ... .text() | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:4:18:4:32 | ".some-element" | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:4:18:4:32 | ".some-element" | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:4:18:4:32 | ".some-element" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:4:18:4:32 | ".some-element" | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:4:18:4:32 | ".some-element" | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:4:18:4:32 | ".some-element" | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:4:18:4:32 | ".some-element" | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:4:18:4:32 | ".some-element" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:4:18:4:32 | ".some-element" | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:4:18:4:32 | ".some-element" | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:4:18:4:32 | ".some-element" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:4:18:4:32 | ".some-element" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:4:18:4:32 | ".some-element" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:4:18:4:32 | ".some-element" | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:4:18:4:32 | ".some-element" | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:4:18:4:32 | ".some-element" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:4:18:4:32 | ".some-element" | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:4:18:4:32 | ".some-element" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:4:18:4:32 | ".some-element" | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:4:18:4:32 | ".some-element" | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:4:6:8 | "#id" | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:4:6:8 | "#id" | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:4:6:8 | "#id" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:4:6:8 | "#id" | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:4:6:8 | "#id" | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:4:6:8 | "#id" | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:4:6:8 | "#id" | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:4:6:8 | "#id" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:4:6:8 | "#id" | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:4:6:8 | "#id" | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:4:6:8 | "#id" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:4:6:8 | "#id" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:4:6:8 | "#id" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:4:6:8 | "#id" | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:4:6:8 | "#id" | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:4:6:8 | "#id" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:4:6:8 | "#id" | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:4:6:8 | "#id" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:4:6:8 | "#id" | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:4:6:8 | "#id" | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:16:6:52 | $(".som ... "bar") | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:16:6:52 | $(".som ... "bar") | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:16:6:52 | $(".som ... "bar") | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:16:6:52 | $(".som ... "bar") | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:18:6:32 | ".some-element" | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:18:6:32 | ".some-element" | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:18:6:32 | ".some-element" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:18:6:32 | ".some-element" | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:18:6:32 | ".some-element" | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:18:6:32 | ".some-element" | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:18:6:32 | ".some-element" | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:18:6:32 | ".some-element" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:18:6:32 | ".some-element" | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:18:6:32 | ".some-element" | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:18:6:32 | ".some-element" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:18:6:32 | ".some-element" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:18:6:32 | ".some-element" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:18:6:32 | ".some-element" | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:18:6:32 | ".some-element" | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:18:6:32 | ".some-element" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:18:6:32 | ".some-element" | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:18:6:32 | ".some-element" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:18:6:32 | ".some-element" | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:18:6:32 | ".some-element" | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:40:6:44 | "foo" | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:40:6:44 | "foo" | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:40:6:44 | "foo" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:40:6:44 | "foo" | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:40:6:44 | "foo" | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:40:6:44 | "foo" | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:40:6:44 | "foo" | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:40:6:44 | "foo" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:40:6:44 | "foo" | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:40:6:44 | "foo" | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:40:6:44 | "foo" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:40:6:44 | "foo" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:40:6:44 | "foo" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:40:6:44 | "foo" | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:40:6:44 | "foo" | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:40:6:44 | "foo" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:40:6:44 | "foo" | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:40:6:44 | "foo" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:40:6:44 | "foo" | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:40:6:44 | "foo" | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:47:6:51 | "bar" | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:47:6:51 | "bar" | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:47:6:51 | "bar" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:47:6:51 | "bar" | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:47:6:51 | "bar" | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:47:6:51 | "bar" | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:47:6:51 | "bar" | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:47:6:51 | "bar" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:47:6:51 | "bar" | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:47:6:51 | "bar" | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:47:6:51 | "bar" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:47:6:51 | "bar" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:47:6:51 | "bar" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:47:6:51 | "bar" | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:47:6:51 | "bar" | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:47:6:51 | "bar" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:47:6:51 | "bar" | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:47:6:51 | "bar" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:47:6:51 | "bar" | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:47:6:51 | "bar" | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:4:7:8 | "#id" | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:4:7:8 | "#id" | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:4:7:8 | "#id" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:4:7:8 | "#id" | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:4:7:8 | "#id" | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:4:7:8 | "#id" | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:4:7:8 | "#id" | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:4:7:8 | "#id" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:4:7:8 | "#id" | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:4:7:8 | "#id" | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:4:7:8 | "#id" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:4:7:8 | "#id" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:4:7:8 | "#id" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:4:7:8 | "#id" | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:4:7:8 | "#id" | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:4:7:8 | "#id" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:4:7:8 | "#id" | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:4:7:8 | "#id" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:4:7:8 | "#id" | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:4:7:8 | "#id" | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:16:7:54 | $(".som ... "bar"}) | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:16:7:54 | $(".som ... "bar"}) | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:16:7:54 | $(".som ... "bar"}) | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:16:7:54 | $(".som ... "bar"}) | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:18:7:32 | ".some-element" | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:18:7:32 | ".some-element" | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:18:7:32 | ".some-element" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:18:7:32 | ".some-element" | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:18:7:32 | ".some-element" | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:18:7:32 | ".some-element" | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:18:7:32 | ".some-element" | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:18:7:32 | ".some-element" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:18:7:32 | ".some-element" | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:18:7:32 | ".some-element" | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:18:7:32 | ".some-element" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:18:7:32 | ".some-element" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:18:7:32 | ".some-element" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:18:7:32 | ".some-element" | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:18:7:32 | ".some-element" | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:18:7:32 | ".some-element" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:18:7:32 | ".some-element" | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:18:7:32 | ".some-element" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:18:7:32 | ".some-element" | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:18:7:32 | ".some-element" | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:40:7:53 | {"foo": "bar"} | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:40:7:53 | {"foo": "bar"} | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:40:7:53 | {"foo": "bar"} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:40:7:53 | {"foo": "bar"} | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:40:7:53 | {"foo": "bar"} | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:40:7:53 | {"foo": "bar"} | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:40:7:53 | {"foo": "bar"} | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:40:7:53 | {"foo": "bar"} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:40:7:53 | {"foo": "bar"} | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:40:7:53 | {"foo": "bar"} | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:40:7:53 | {"foo": "bar"} | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:40:7:53 | {"foo": "bar"} | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:40:7:53 | {"foo": "bar"} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:40:7:53 | {"foo": "bar"} | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:40:7:53 | {"foo": "bar"} | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:40:7:53 | {"foo": "bar"} | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:40:7:53 | {"foo": "bar"} | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:40:7:53 | {"foo": "bar"} | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:40:7:53 | {"foo": "bar"} | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:40:7:53 | {"foo": "bar"} | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:48:7:52 | "bar" | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:48:7:52 | "bar" | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:48:7:52 | "bar" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:48:7:52 | "bar" | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:48:7:52 | "bar" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:48:7:52 | "bar" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:48:7:52 | "bar" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:48:7:52 | "bar" | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:48:7:52 | "bar" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:48:7:52 | "bar" | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:48:7:52 | "bar" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:48:7:52 | "bar" | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:4:8:8 | "#id" | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:4:8:8 | "#id" | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:4:8:8 | "#id" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:4:8:8 | "#id" | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:4:8:8 | "#id" | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:4:8:8 | "#id" | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:4:8:8 | "#id" | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:4:8:8 | "#id" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:4:8:8 | "#id" | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:4:8:8 | "#id" | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:4:8:8 | "#id" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:4:8:8 | "#id" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:4:8:8 | "#id" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:4:8:8 | "#id" | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:4:8:8 | "#id" | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:4:8:8 | "#id" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:4:8:8 | "#id" | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:4:8:8 | "#id" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:4:8:8 | "#id" | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:4:8:8 | "#id" | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:16:8:53 | $(".som ... arget") | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:16:8:53 | $(".som ... arget") | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:16:8:53 | $(".som ... arget") | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:16:8:53 | $(".som ... arget") | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:18:8:32 | ".some-element" | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:18:8:32 | ".some-element" | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:18:8:32 | ".some-element" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:18:8:32 | ".some-element" | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:18:8:32 | ".some-element" | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:18:8:32 | ".some-element" | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:18:8:32 | ".some-element" | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:18:8:32 | ".some-element" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:18:8:32 | ".some-element" | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:18:8:32 | ".some-element" | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:18:8:32 | ".some-element" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:18:8:32 | ".some-element" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:18:8:32 | ".some-element" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:18:8:32 | ".some-element" | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:18:8:32 | ".some-element" | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:18:8:32 | ".some-element" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:18:8:32 | ".some-element" | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:18:8:32 | ".some-element" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:18:8:32 | ".some-element" | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:18:8:32 | ".some-element" | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:40:8:52 | "data-target" | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:40:8:52 | "data-target" | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:40:8:52 | "data-target" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:40:8:52 | "data-target" | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:40:8:52 | "data-target" | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:40:8:52 | "data-target" | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:40:8:52 | "data-target" | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:40:8:52 | "data-target" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:40:8:52 | "data-target" | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:40:8:52 | "data-target" | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:40:8:52 | "data-target" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:40:8:52 | "data-target" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:40:8:52 | "data-target" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:40:8:52 | "data-target" | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:40:8:52 | "data-target" | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:40:8:52 | "data-target" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:40:8:52 | "data-target" | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:40:8:52 | "data-target" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:40:8:52 | "data-target" | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:40:8:52 | "data-target" | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:10:4:10:8 | "#id" | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:10:4:10:8 | "#id" | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:10:4:10:8 | "#id" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:10:4:10:8 | "#id" | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:10:4:10:8 | "#id" | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:10:4:10:8 | "#id" | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:10:4:10:8 | "#id" | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:10:4:10:8 | "#id" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:10:4:10:8 | "#id" | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:10:4:10:8 | "#id" | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:10:4:10:8 | "#id" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:10:4:10:8 | "#id" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:10:4:10:8 | "#id" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:10:4:10:8 | "#id" | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:10:4:10:8 | "#id" | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:10:4:10:8 | "#id" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:10:4:10:8 | "#id" | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:10:4:10:8 | "#id" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:10:4:10:8 | "#id" | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:10:4:10:8 | "#id" | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:11:3:11:42 | documen ... nerText | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:11:3:11:42 | documen ... nerText | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:11:3:11:42 | documen ... nerText | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:11:3:11:42 | documen ... nerText | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:11:27:11:31 | "foo" | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:11:27:11:31 | "foo" | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:11:27:11:31 | "foo" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:11:27:11:31 | "foo" | NosqlInjection | notASinkReason | DOM | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:11:27:11:31 | "foo" | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:11:27:11:31 | "foo" | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:11:27:11:31 | "foo" | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:11:27:11:31 | "foo" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:11:27:11:31 | "foo" | SqlInjection | notASinkReason | DOM | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:11:27:11:31 | "foo" | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:11:27:11:31 | "foo" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:11:27:11:31 | "foo" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:11:27:11:31 | "foo" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:11:27:11:31 | "foo" | TaintedPath | notASinkReason | DOM | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:11:27:11:31 | "foo" | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:11:27:11:31 | "foo" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:11:27:11:31 | "foo" | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:11:27:11:31 | "foo" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:11:27:11:31 | "foo" | Xss | notASinkReason | DOM | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:11:27:11:31 | "foo" | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:14:4:14:8 | "#id" | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:14:4:14:8 | "#id" | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:14:4:14:8 | "#id" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:14:4:14:8 | "#id" | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:14:4:14:8 | "#id" | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:14:4:14:8 | "#id" | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:14:4:14:8 | "#id" | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:14:4:14:8 | "#id" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:14:4:14:8 | "#id" | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:14:4:14:8 | "#id" | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:14:4:14:8 | "#id" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:14:4:14:8 | "#id" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:14:4:14:8 | "#id" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:14:4:14:8 | "#id" | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:14:4:14:8 | "#id" | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:14:4:14:8 | "#id" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:14:4:14:8 | "#id" | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:14:4:14:8 | "#id" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:14:4:14:8 | "#id" | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:14:4:14:8 | "#id" | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:15:3:15:42 | documen ... nerHTML | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:15:3:15:42 | documen ... nerHTML | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:15:3:15:42 | documen ... nerHTML | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:15:3:15:42 | documen ... nerHTML | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:15:27:15:31 | "foo" | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:15:27:15:31 | "foo" | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:15:27:15:31 | "foo" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:15:27:15:31 | "foo" | NosqlInjection | notASinkReason | DOM | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:15:27:15:31 | "foo" | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:15:27:15:31 | "foo" | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:15:27:15:31 | "foo" | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:15:27:15:31 | "foo" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:15:27:15:31 | "foo" | SqlInjection | notASinkReason | DOM | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:15:27:15:31 | "foo" | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:15:27:15:31 | "foo" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:15:27:15:31 | "foo" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:15:27:15:31 | "foo" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:15:27:15:31 | "foo" | TaintedPath | notASinkReason | DOM | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:15:27:15:31 | "foo" | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:15:27:15:31 | "foo" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:15:27:15:31 | "foo" | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:15:27:15:31 | "foo" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:15:27:15:31 | "foo" | Xss | notASinkReason | DOM | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:15:27:15:31 | "foo" | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:18:4:18:8 | "#id" | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:18:4:18:8 | "#id" | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:18:4:18:8 | "#id" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:18:4:18:8 | "#id" | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:18:4:18:8 | "#id" | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:18:4:18:8 | "#id" | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:18:4:18:8 | "#id" | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:18:4:18:8 | "#id" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:18:4:18:8 | "#id" | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:18:4:18:8 | "#id" | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:18:4:18:8 | "#id" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:18:4:18:8 | "#id" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:18:4:18:8 | "#id" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:18:4:18:8 | "#id" | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:18:4:18:8 | "#id" | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:18:4:18:8 | "#id" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:18:4:18:8 | "#id" | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:18:4:18:8 | "#id" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:18:4:18:8 | "#id" | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:18:4:18:8 | "#id" | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:19:3:19:44 | documen ... Content | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:19:3:19:44 | documen ... Content | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:19:3:19:44 | documen ... Content | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:19:3:19:44 | documen ... Content | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:19:27:19:31 | "foo" | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:19:27:19:31 | "foo" | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:19:27:19:31 | "foo" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:19:27:19:31 | "foo" | NosqlInjection | notASinkReason | DOM | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:19:27:19:31 | "foo" | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:19:27:19:31 | "foo" | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:19:27:19:31 | "foo" | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:19:27:19:31 | "foo" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:19:27:19:31 | "foo" | SqlInjection | notASinkReason | DOM | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:19:27:19:31 | "foo" | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:19:27:19:31 | "foo" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:19:27:19:31 | "foo" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:19:27:19:31 | "foo" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:19:27:19:31 | "foo" | TaintedPath | notASinkReason | DOM | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:19:27:19:31 | "foo" | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:19:27:19:31 | "foo" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:19:27:19:31 | "foo" | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:19:27:19:31 | "foo" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:19:27:19:31 | "foo" | Xss | notASinkReason | DOM | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:19:27:19:31 | "foo" | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:22:4:22:8 | "#id" | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:22:4:22:8 | "#id" | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:22:4:22:8 | "#id" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:22:4:22:8 | "#id" | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:22:4:22:8 | "#id" | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:22:4:22:8 | "#id" | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:22:4:22:8 | "#id" | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:22:4:22:8 | "#id" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:22:4:22:8 | "#id" | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:22:4:22:8 | "#id" | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:22:4:22:8 | "#id" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:22:4:22:8 | "#id" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:22:4:22:8 | "#id" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:22:4:22:8 | "#id" | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:22:4:22:8 | "#id" | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:22:4:22:8 | "#id" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:22:4:22:8 | "#id" | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:22:4:22:8 | "#id" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:22:4:22:8 | "#id" | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:22:4:22:8 | "#id" | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:23:3:23:48 | documen ... ].value | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:23:3:23:48 | documen ... ].value | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:23:3:23:48 | documen ... ].value | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:23:3:23:48 | documen ... ].value | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:23:29:23:38 | "textarea" | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:23:29:23:38 | "textarea" | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:23:29:23:38 | "textarea" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:23:29:23:38 | "textarea" | NosqlInjection | notASinkReason | DOM | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:23:29:23:38 | "textarea" | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:23:29:23:38 | "textarea" | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:23:29:23:38 | "textarea" | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:23:29:23:38 | "textarea" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:23:29:23:38 | "textarea" | SqlInjection | notASinkReason | DOM | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:23:29:23:38 | "textarea" | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:23:29:23:38 | "textarea" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:23:29:23:38 | "textarea" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:23:29:23:38 | "textarea" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:23:29:23:38 | "textarea" | TaintedPath | notASinkReason | DOM | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:23:29:23:38 | "textarea" | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:23:29:23:38 | "textarea" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:23:29:23:38 | "textarea" | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:23:29:23:38 | "textarea" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:23:29:23:38 | "textarea" | Xss | notASinkReason | DOM | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:23:29:23:38 | "textarea" | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:26:4:26:8 | "#id" | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:26:4:26:8 | "#id" | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:26:4:26:8 | "#id" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:26:4:26:8 | "#id" | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:26:4:26:8 | "#id" | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:26:4:26:8 | "#id" | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:26:4:26:8 | "#id" | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:26:4:26:8 | "#id" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:26:4:26:8 | "#id" | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:26:4:26:8 | "#id" | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:26:4:26:8 | "#id" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:26:4:26:8 | "#id" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:26:4:26:8 | "#id" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:26:4:26:8 | "#id" | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:26:4:26:8 | "#id" | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:26:4:26:8 | "#id" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:26:4:26:8 | "#id" | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:26:4:26:8 | "#id" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:26:4:26:8 | "#id" | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:26:4:26:8 | "#id" | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:27:3:27:61 | documen ... arget') | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:27:3:27:61 | documen ... arget') | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:27:3:27:61 | documen ... arget') | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:27:3:27:61 | documen ... arget') | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:27:27:27:32 | 'div1' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:27:27:27:32 | 'div1' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:27:27:27:32 | 'div1' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:27:27:27:32 | 'div1' | NosqlInjection | notASinkReason | DOM | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:27:27:27:32 | 'div1' | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:27:27:27:32 | 'div1' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:27:27:27:32 | 'div1' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:27:27:27:32 | 'div1' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:27:27:27:32 | 'div1' | SqlInjection | notASinkReason | DOM | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:27:27:27:32 | 'div1' | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:27:27:27:32 | 'div1' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:27:27:27:32 | 'div1' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:27:27:27:32 | 'div1' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:27:27:27:32 | 'div1' | TaintedPath | notASinkReason | DOM | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:27:27:27:32 | 'div1' | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:27:27:27:32 | 'div1' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:27:27:27:32 | 'div1' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:27:27:27:32 | 'div1' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:27:27:27:32 | 'div1' | Xss | notASinkReason | DOM | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:27:27:27:32 | 'div1' | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:27:48:27:60 | 'data-target' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:27:48:27:60 | 'data-target' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:27:48:27:60 | 'data-target' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:27:48:27:60 | 'data-target' | NosqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:27:48:27:60 | 'data-target' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:27:48:27:60 | 'data-target' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:27:48:27:60 | 'data-target' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:27:48:27:60 | 'data-target' | SqlInjection | sinkLabel | Unknown | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:27:48:27:60 | 'data-target' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:27:48:27:60 | 'data-target' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:27:48:27:60 | 'data-target' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:27:48:27:60 | 'data-target' | TaintedPath | sinkLabel | Unknown | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:27:48:27:60 | 'data-target' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:27:48:27:60 | 'data-target' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:27:48:27:60 | 'data-target' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:27:48:27:60 | 'data-target' | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:32:16:32:16 | x | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:32:16:32:16 | x | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:32:16:32:16 | x | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:32:16:32:16 | x | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:36:10:36:19 | "textarea" | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:36:10:36:19 | "textarea" | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:36:10:36:19 | "textarea" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:36:10:36:19 | "textarea" | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:36:10:36:19 | "textarea" | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:36:10:36:19 | "textarea" | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:36:10:36:19 | "textarea" | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:36:10:36:19 | "textarea" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:36:10:36:19 | "textarea" | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:36:10:36:19 | "textarea" | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:36:10:36:19 | "textarea" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:36:10:36:19 | "textarea" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:36:10:36:19 | "textarea" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:36:10:36:19 | "textarea" | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:36:10:36:19 | "textarea" | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:36:10:36:19 | "textarea" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:36:10:36:19 | "textarea" | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:36:10:36:19 | "textarea" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:36:10:36:19 | "textarea" | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:36:10:36:19 | "textarea" | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:40:16:40:16 | x | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:40:16:40:16 | x | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:40:16:40:16 | x | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:40:16:40:16 | x | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:40:16:40:16 | x | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:40:16:40:16 | x | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:40:16:40:16 | x | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:40:16:40:16 | x | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:40:16:40:16 | x | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:40:16:40:16 | x | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:40:16:40:16 | x | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:40:16:40:16 | x | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:40:16:40:16 | x | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:40:16:40:16 | x | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:40:16:40:16 | x | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:40:16:40:16 | x | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:40:16:40:16 | x | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:40:16:40:16 | x | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:40:16:40:16 | x | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:40:16:40:16 | x | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:43:10:43:19 | "textarea" | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:43:10:43:19 | "textarea" | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:43:10:43:19 | "textarea" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:43:10:43:19 | "textarea" | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:43:10:43:19 | "textarea" | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:43:10:43:19 | "textarea" | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:43:10:43:19 | "textarea" | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:43:10:43:19 | "textarea" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:43:10:43:19 | "textarea" | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:43:10:43:19 | "textarea" | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:43:10:43:19 | "textarea" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:43:10:43:19 | "textarea" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:43:10:43:19 | "textarea" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:43:10:43:19 | "textarea" | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:43:10:43:19 | "textarea" | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:43:10:43:19 | "textarea" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:43:10:43:19 | "textarea" | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:43:10:43:19 | "textarea" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:43:10:43:19 | "textarea" | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:43:10:43:19 | "textarea" | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:46:4:46:8 | "#id" | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:46:4:46:8 | "#id" | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:46:4:46:8 | "#id" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:46:4:46:8 | "#id" | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:46:4:46:8 | "#id" | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:46:4:46:8 | "#id" | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:46:4:46:8 | "#id" | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:46:4:46:8 | "#id" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:46:4:46:8 | "#id" | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:46:4:46:8 | "#id" | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:46:4:46:8 | "#id" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:46:4:46:8 | "#id" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:46:4:46:8 | "#id" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:46:4:46:8 | "#id" | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:46:4:46:8 | "#id" | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:46:4:46:8 | "#id" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:46:4:46:8 | "#id" | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:46:4:46:8 | "#id" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:46:4:46:8 | "#id" | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:46:4:46:8 | "#id" | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:3:47:40 | $("

    " ... .text() | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:3:47:40 | $("

    " ... .text() | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:3:47:40 | $("

    " ... .text() | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:3:47:40 | $("

    " ... .text() | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:5:47:9 | "

    " | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:5:47:9 | "

    " | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:5:47:9 | "

    " | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:5:47:9 | "

    " | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:5:47:32 | "

    " + ... "

    " | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:5:47:32 | "

    " + ... "

    " | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:5:47:32 | "

    " + ... "

    " | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:5:47:32 | "

    " + ... "

    " | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:13:47:23 | something() | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:13:47:23 | something() | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:13:47:23 | something() | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:13:47:23 | something() | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:27:47:32 | "

    " | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:27:47:32 | "

    " | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:27:47:32 | "

    " | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:27:47:32 | "

    " | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:4:51:8 | "#id" | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:4:51:8 | "#id" | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:4:51:8 | "#id" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:4:51:8 | "#id" | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:4:51:8 | "#id" | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:4:51:8 | "#id" | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:4:51:8 | "#id" | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:4:51:8 | "#id" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:4:51:8 | "#id" | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:4:51:8 | "#id" | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:4:51:8 | "#id" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:4:51:8 | "#id" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:4:51:8 | "#id" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:4:51:8 | "#id" | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:4:51:8 | "#id" | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:4:51:8 | "#id" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:4:51:8 | "#id" | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:4:51:8 | "#id" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:4:51:8 | "#id" | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:4:51:8 | "#id" | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:15:51:15 | 0 | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:15:51:15 | 0 | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:15:51:15 | 0 | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:15:51:15 | 0 | NosqlInjection | notASinkReason | DOM | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:15:51:15 | 0 | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:15:51:15 | 0 | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:15:51:15 | 0 | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:15:51:15 | 0 | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:15:51:15 | 0 | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:15:51:15 | 0 | SqlInjection | notASinkReason | DOM | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:15:51:15 | 0 | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:15:51:15 | 0 | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:15:51:15 | 0 | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:15:51:15 | 0 | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:15:51:15 | 0 | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:15:51:15 | 0 | TaintedPath | notASinkReason | DOM | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:15:51:15 | 0 | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:15:51:15 | 0 | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:15:51:15 | 0 | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:15:51:15 | 0 | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:15:51:15 | 0 | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:15:51:15 | 0 | Xss | notASinkReason | DOM | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:15:51:15 | 0 | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:15:51:15 | 0 | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:30:51:48 | $("textarea").val() | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:30:51:48 | $("textarea").val() | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:30:51:48 | $("textarea").val() | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:30:51:48 | $("textarea").val() | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:32:51:41 | "textarea" | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:32:51:41 | "textarea" | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:32:51:41 | "textarea" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:32:51:41 | "textarea" | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:32:51:41 | "textarea" | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:32:51:41 | "textarea" | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:32:51:41 | "textarea" | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:32:51:41 | "textarea" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:32:51:41 | "textarea" | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:32:51:41 | "textarea" | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:32:51:41 | "textarea" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:32:51:41 | "textarea" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:32:51:41 | "textarea" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:32:51:41 | "textarea" | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:32:51:41 | "textarea" | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:32:51:41 | "textarea" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:32:51:41 | "textarea" | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:32:51:41 | "textarea" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:32:51:41 | "textarea" | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:32:51:41 | "textarea" | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:53:15:53:19 | "#id" | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:53:15:53:19 | "#id" | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:53:15:53:19 | "#id" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:53:15:53:19 | "#id" | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:53:15:53:19 | "#id" | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:53:15:53:19 | "#id" | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:53:15:53:19 | "#id" | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:53:15:53:19 | "#id" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:53:15:53:19 | "#id" | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:53:15:53:19 | "#id" | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:53:15:53:19 | "#id" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:53:15:53:19 | "#id" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:53:15:53:19 | "#id" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:53:15:53:19 | "#id" | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:53:15:53:19 | "#id" | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:53:15:53:19 | "#id" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:53:15:53:19 | "#id" | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:53:15:53:19 | "#id" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:53:15:53:19 | "#id" | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:53:15:53:19 | "#id" | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:54:31:54:49 | $("textarea").val() | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:54:31:54:49 | $("textarea").val() | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:54:31:54:49 | $("textarea").val() | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:54:31:54:49 | $("textarea").val() | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:54:33:54:42 | "textarea" | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:54:33:54:42 | "textarea" | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:54:33:54:42 | "textarea" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:54:33:54:42 | "textarea" | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:54:33:54:42 | "textarea" | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:54:33:54:42 | "textarea" | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:54:33:54:42 | "textarea" | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:54:33:54:42 | "textarea" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:54:33:54:42 | "textarea" | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:54:33:54:42 | "textarea" | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:54:33:54:42 | "textarea" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:54:33:54:42 | "textarea" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:54:33:54:42 | "textarea" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:54:33:54:42 | "textarea" | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:54:33:54:42 | "textarea" | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:54:33:54:42 | "textarea" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:54:33:54:42 | "textarea" | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:54:33:54:42 | "textarea" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:54:33:54:42 | "textarea" | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:54:33:54:42 | "textarea" | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:4:56:8 | "#id" | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:4:56:8 | "#id" | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:4:56:8 | "#id" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:4:56:8 | "#id" | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:4:56:8 | "#id" | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:4:56:8 | "#id" | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:4:56:8 | "#id" | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:4:56:8 | "#id" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:4:56:8 | "#id" | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:4:56:8 | "#id" | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:4:56:8 | "#id" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:4:56:8 | "#id" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:4:56:8 | "#id" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:4:56:8 | "#id" | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:4:56:8 | "#id" | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:4:56:8 | "#id" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:4:56:8 | "#id" | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:4:56:8 | "#id" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:4:56:8 | "#id" | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:4:56:8 | "#id" | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:15:56:15 | 0 | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:15:56:15 | 0 | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:15:56:15 | 0 | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:15:56:15 | 0 | NosqlInjection | notASinkReason | DOM | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:15:56:15 | 0 | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:15:56:15 | 0 | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:15:56:15 | 0 | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:15:56:15 | 0 | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:15:56:15 | 0 | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:15:56:15 | 0 | SqlInjection | notASinkReason | DOM | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:15:56:15 | 0 | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:15:56:15 | 0 | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:15:56:15 | 0 | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:15:56:15 | 0 | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:15:56:15 | 0 | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:15:56:15 | 0 | TaintedPath | notASinkReason | DOM | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:15:56:15 | 0 | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:15:56:15 | 0 | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:15:56:15 | 0 | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:15:56:15 | 0 | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:15:56:15 | 0 | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:15:56:15 | 0 | Xss | notASinkReason | DOM | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:15:56:15 | 0 | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:15:56:15 | 0 | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:30:56:51 | $("inpu ... 0).name | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:30:56:51 | $("inpu ... 0).name | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:30:56:51 | $("inpu ... 0).name | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:30:56:51 | $("inpu ... 0).name | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:32:56:38 | "input" | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:32:56:38 | "input" | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:32:56:38 | "input" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:32:56:38 | "input" | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:32:56:38 | "input" | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:32:56:38 | "input" | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:32:56:38 | "input" | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:32:56:38 | "input" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:32:56:38 | "input" | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:32:56:38 | "input" | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:32:56:38 | "input" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:32:56:38 | "input" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:32:56:38 | "input" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:32:56:38 | "input" | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:32:56:38 | "input" | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:32:56:38 | "input" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:32:56:38 | "input" | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:32:56:38 | "input" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:32:56:38 | "input" | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:32:56:38 | "input" | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:45:56:45 | 0 | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:45:56:45 | 0 | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:45:56:45 | 0 | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:45:56:45 | 0 | NosqlInjection | notASinkReason | DOM | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:45:56:45 | 0 | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:45:56:45 | 0 | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:45:56:45 | 0 | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:45:56:45 | 0 | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:45:56:45 | 0 | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:45:56:45 | 0 | SqlInjection | notASinkReason | DOM | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:45:56:45 | 0 | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:45:56:45 | 0 | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:45:56:45 | 0 | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:45:56:45 | 0 | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:45:56:45 | 0 | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:45:56:45 | 0 | TaintedPath | notASinkReason | DOM | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:45:56:45 | 0 | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:45:56:45 | 0 | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:45:56:45 | 0 | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:45:56:45 | 0 | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:45:56:45 | 0 | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:45:56:45 | 0 | Xss | notASinkReason | DOM | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:45:56:45 | 0 | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:45:56:45 | 0 | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:4:57:8 | "#id" | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:4:57:8 | "#id" | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:4:57:8 | "#id" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:4:57:8 | "#id" | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:4:57:8 | "#id" | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:4:57:8 | "#id" | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:4:57:8 | "#id" | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:4:57:8 | "#id" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:4:57:8 | "#id" | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:4:57:8 | "#id" | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:4:57:8 | "#id" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:4:57:8 | "#id" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:4:57:8 | "#id" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:4:57:8 | "#id" | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:4:57:8 | "#id" | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:4:57:8 | "#id" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:4:57:8 | "#id" | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:4:57:8 | "#id" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:4:57:8 | "#id" | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:4:57:8 | "#id" | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:15:57:15 | 0 | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:15:57:15 | 0 | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:15:57:15 | 0 | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:15:57:15 | 0 | NosqlInjection | notASinkReason | DOM | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:15:57:15 | 0 | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:15:57:15 | 0 | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:15:57:15 | 0 | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:15:57:15 | 0 | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:15:57:15 | 0 | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:15:57:15 | 0 | SqlInjection | notASinkReason | DOM | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:15:57:15 | 0 | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:15:57:15 | 0 | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:15:57:15 | 0 | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:15:57:15 | 0 | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:15:57:15 | 0 | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:15:57:15 | 0 | TaintedPath | notASinkReason | DOM | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:15:57:15 | 0 | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:15:57:15 | 0 | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:15:57:15 | 0 | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:15:57:15 | 0 | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:15:57:15 | 0 | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:15:57:15 | 0 | Xss | notASinkReason | DOM | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:15:57:15 | 0 | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:15:57:15 | 0 | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:30:57:67 | $("inpu ... "name") | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:30:57:67 | $("inpu ... "name") | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:30:57:67 | $("inpu ... "name") | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:30:57:67 | $("inpu ... "name") | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:32:57:38 | "input" | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:32:57:38 | "input" | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:32:57:38 | "input" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:32:57:38 | "input" | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:32:57:38 | "input" | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:32:57:38 | "input" | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:32:57:38 | "input" | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:32:57:38 | "input" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:32:57:38 | "input" | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:32:57:38 | "input" | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:32:57:38 | "input" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:32:57:38 | "input" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:32:57:38 | "input" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:32:57:38 | "input" | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:32:57:38 | "input" | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:32:57:38 | "input" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:32:57:38 | "input" | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:32:57:38 | "input" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:32:57:38 | "input" | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:32:57:38 | "input" | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:45:57:45 | 0 | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:45:57:45 | 0 | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:45:57:45 | 0 | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:45:57:45 | 0 | NosqlInjection | notASinkReason | DOM | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:45:57:45 | 0 | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:45:57:45 | 0 | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:45:57:45 | 0 | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:45:57:45 | 0 | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:45:57:45 | 0 | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:45:57:45 | 0 | SqlInjection | notASinkReason | DOM | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:45:57:45 | 0 | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:45:57:45 | 0 | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:45:57:45 | 0 | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:45:57:45 | 0 | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:45:57:45 | 0 | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:45:57:45 | 0 | TaintedPath | notASinkReason | DOM | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:45:57:45 | 0 | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:45:57:45 | 0 | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:45:57:45 | 0 | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:45:57:45 | 0 | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:45:57:45 | 0 | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:45:57:45 | 0 | Xss | notASinkReason | DOM | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:45:57:45 | 0 | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:45:57:45 | 0 | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:61:57:66 | "name" | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:61:57:66 | "name" | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:61:57:66 | "name" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:61:57:66 | "name" | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:61:57:66 | "name" | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:61:57:66 | "name" | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:61:57:66 | "name" | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:61:57:66 | "name" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:61:57:66 | "name" | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:61:57:66 | "name" | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:61:57:66 | "name" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:61:57:66 | "name" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:61:57:66 | "name" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:61:57:66 | "name" | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:61:57:66 | "name" | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:61:57:66 | "name" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:61:57:66 | "name" | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:61:57:66 | "name" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:61:57:66 | "name" | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:61:57:66 | "name" | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:4:59:8 | "#id" | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:4:59:8 | "#id" | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:4:59:8 | "#id" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:4:59:8 | "#id" | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:4:59:8 | "#id" | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:4:59:8 | "#id" | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:4:59:8 | "#id" | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:4:59:8 | "#id" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:4:59:8 | "#id" | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:4:59:8 | "#id" | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:4:59:8 | "#id" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:4:59:8 | "#id" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:4:59:8 | "#id" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:4:59:8 | "#id" | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:4:59:8 | "#id" | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:4:59:8 | "#id" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:4:59:8 | "#id" | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:4:59:8 | "#id" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:4:59:8 | "#id" | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:4:59:8 | "#id" | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:15:59:15 | 0 | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:15:59:15 | 0 | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:15:59:15 | 0 | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:15:59:15 | 0 | NosqlInjection | notASinkReason | DOM | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:15:59:15 | 0 | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:15:59:15 | 0 | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:15:59:15 | 0 | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:15:59:15 | 0 | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:15:59:15 | 0 | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:15:59:15 | 0 | SqlInjection | notASinkReason | DOM | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:15:59:15 | 0 | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:15:59:15 | 0 | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:15:59:15 | 0 | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:15:59:15 | 0 | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:15:59:15 | 0 | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:15:59:15 | 0 | TaintedPath | notASinkReason | DOM | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:15:59:15 | 0 | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:15:59:15 | 0 | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:15:59:15 | 0 | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:15:59:15 | 0 | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:15:59:15 | 0 | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:15:59:15 | 0 | Xss | notASinkReason | DOM | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:15:59:15 | 0 | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:15:59:15 | 0 | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:30:59:58 | $("inpu ... e("id") | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:30:59:58 | $("inpu ... e("id") | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:30:59:58 | $("inpu ... e("id") | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:30:59:58 | $("inpu ... e("id") | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:32:59:38 | "input" | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:32:59:38 | "input" | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:32:59:38 | "input" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:32:59:38 | "input" | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:32:59:38 | "input" | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:32:59:38 | "input" | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:32:59:38 | "input" | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:32:59:38 | "input" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:32:59:38 | "input" | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:32:59:38 | "input" | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:32:59:38 | "input" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:32:59:38 | "input" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:32:59:38 | "input" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:32:59:38 | "input" | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:32:59:38 | "input" | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:32:59:38 | "input" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:32:59:38 | "input" | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:32:59:38 | "input" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:32:59:38 | "input" | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:32:59:38 | "input" | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:54:59:57 | "id" | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:54:59:57 | "id" | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:54:59:57 | "id" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:54:59:57 | "id" | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:54:59:57 | "id" | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:54:59:57 | "id" | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:54:59:57 | "id" | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:54:59:57 | "id" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:54:59:57 | "id" | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:54:59:57 | "id" | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:54:59:57 | "id" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:54:59:57 | "id" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:54:59:57 | "id" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:54:59:57 | "id" | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:54:59:57 | "id" | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:54:59:57 | "id" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:54:59:57 | "id" | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:54:59:57 | "id" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:54:59:57 | "id" | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:54:59:57 | "id" | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:4:61:8 | "#id" | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:4:61:8 | "#id" | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:4:61:8 | "#id" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:4:61:8 | "#id" | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:4:61:8 | "#id" | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:4:61:8 | "#id" | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:4:61:8 | "#id" | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:4:61:8 | "#id" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:4:61:8 | "#id" | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:4:61:8 | "#id" | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:4:61:8 | "#id" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:4:61:8 | "#id" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:4:61:8 | "#id" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:4:61:8 | "#id" | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:4:61:8 | "#id" | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:4:61:8 | "#id" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:4:61:8 | "#id" | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:4:61:8 | "#id" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:4:61:8 | "#id" | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:4:61:8 | "#id" | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:15:61:15 | 0 | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:15:61:15 | 0 | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:15:61:15 | 0 | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:15:61:15 | 0 | NosqlInjection | notASinkReason | DOM | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:15:61:15 | 0 | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:15:61:15 | 0 | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:15:61:15 | 0 | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:15:61:15 | 0 | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:15:61:15 | 0 | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:15:61:15 | 0 | SqlInjection | notASinkReason | DOM | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:15:61:15 | 0 | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:15:61:15 | 0 | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:15:61:15 | 0 | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:15:61:15 | 0 | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:15:61:15 | 0 | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:15:61:15 | 0 | TaintedPath | notASinkReason | DOM | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:15:61:15 | 0 | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:15:61:15 | 0 | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:15:61:15 | 0 | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:15:61:15 | 0 | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:15:61:15 | 0 | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:15:61:15 | 0 | Xss | notASinkReason | DOM | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:15:61:15 | 0 | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:15:61:15 | 0 | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:30:61:69 | $(docum ... value") | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:30:61:69 | $(docum ... value") | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:30:61:69 | $(docum ... value") | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:30:61:69 | $(docum ... value") | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:32:61:39 | document | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:32:61:39 | document | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:32:61:39 | document | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:32:61:39 | document | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:47:61:54 | "option" | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:47:61:54 | "option" | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:47:61:54 | "option" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:47:61:54 | "option" | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:47:61:54 | "option" | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:47:61:54 | "option" | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:47:61:54 | "option" | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:47:61:54 | "option" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:47:61:54 | "option" | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:47:61:54 | "option" | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:47:61:54 | "option" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:47:61:54 | "option" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:47:61:54 | "option" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:47:61:54 | "option" | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:47:61:54 | "option" | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:47:61:54 | "option" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:47:61:54 | "option" | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:47:61:54 | "option" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:47:61:54 | "option" | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:47:61:54 | "option" | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:62:61:68 | "value" | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:62:61:68 | "value" | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:62:61:68 | "value" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:62:61:68 | "value" | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:62:61:68 | "value" | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:62:61:68 | "value" | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:62:61:68 | "value" | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:62:61:68 | "value" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:62:61:68 | "value" | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:62:61:68 | "value" | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:62:61:68 | "value" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:62:61:68 | "value" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:62:61:68 | "value" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:62:61:68 | "value" | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:62:61:68 | "value" | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:62:61:68 | "value" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:62:61:68 | "value" | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:62:61:68 | "value" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:62:61:68 | "value" | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:62:61:68 | "value" | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:63:20:63:29 | "textarea" | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:63:20:63:29 | "textarea" | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:63:20:63:29 | "textarea" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:63:20:63:29 | "textarea" | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:63:20:63:29 | "textarea" | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:63:20:63:29 | "textarea" | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:63:20:63:29 | "textarea" | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:63:20:63:29 | "textarea" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:63:20:63:29 | "textarea" | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:63:20:63:29 | "textarea" | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:63:20:63:29 | "textarea" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:63:20:63:29 | "textarea" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:63:20:63:29 | "textarea" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:63:20:63:29 | "textarea" | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:63:20:63:29 | "textarea" | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:63:20:63:29 | "textarea" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:63:20:63:29 | "textarea" | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:63:20:63:29 | "textarea" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:63:20:63:29 | "textarea" | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:63:20:63:29 | "textarea" | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:64:4:64:8 | "#id" | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:64:4:64:8 | "#id" | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:64:4:64:8 | "#id" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:64:4:64:8 | "#id" | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:64:4:64:8 | "#id" | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:64:4:64:8 | "#id" | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:64:4:64:8 | "#id" | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:64:4:64:8 | "#id" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:64:4:64:8 | "#id" | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:64:4:64:8 | "#id" | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:64:4:64:8 | "#id" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:64:4:64:8 | "#id" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:64:4:64:8 | "#id" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:64:4:64:8 | "#id" | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:64:4:64:8 | "#id" | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:64:4:64:8 | "#id" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:64:4:64:8 | "#id" | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:64:4:64:8 | "#id" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:64:4:64:8 | "#id" | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:64:4:64:8 | "#id" | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:64:15:64:15 | 0 | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:64:15:64:15 | 0 | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:64:15:64:15 | 0 | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:64:15:64:15 | 0 | NosqlInjection | notASinkReason | DOM | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:64:15:64:15 | 0 | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:64:15:64:15 | 0 | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:64:15:64:15 | 0 | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:64:15:64:15 | 0 | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:64:15:64:15 | 0 | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:64:15:64:15 | 0 | SqlInjection | notASinkReason | DOM | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:64:15:64:15 | 0 | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:64:15:64:15 | 0 | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:64:15:64:15 | 0 | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:64:15:64:15 | 0 | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:64:15:64:15 | 0 | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:64:15:64:15 | 0 | TaintedPath | notASinkReason | DOM | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:64:15:64:15 | 0 | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:64:15:64:15 | 0 | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:64:15:64:15 | 0 | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:64:15:64:15 | 0 | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:64:15:64:15 | 0 | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:64:15:64:15 | 0 | Xss | notASinkReason | DOM | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:64:15:64:15 | 0 | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:64:15:64:15 | 0 | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:64:30:64:40 | valMethod() | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:64:30:64:40 | valMethod() | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:64:30:64:40 | valMethod() | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:64:30:64:40 | valMethod() | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:66:18:66:25 | document | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:66:18:66:25 | document | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:66:18:66:25 | document | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:66:18:66:25 | document | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:66:33:66:40 | "option" | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:66:33:66:40 | "option" | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:66:33:66:40 | "option" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:66:33:66:40 | "option" | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:66:33:66:40 | "option" | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:66:33:66:40 | "option" | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:66:33:66:40 | "option" | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:66:33:66:40 | "option" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:66:33:66:40 | "option" | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:66:33:66:40 | "option" | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:66:33:66:40 | "option" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:66:33:66:40 | "option" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:66:33:66:40 | "option" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:66:33:66:40 | "option" | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:66:33:66:40 | "option" | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:66:33:66:40 | "option" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:66:33:66:40 | "option" | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:66:33:66:40 | "option" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:66:33:66:40 | "option" | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:66:33:66:40 | "option" | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:66:48:66:54 | "value" | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:66:48:66:54 | "value" | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:66:48:66:54 | "value" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:66:48:66:54 | "value" | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:66:48:66:54 | "value" | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:66:48:66:54 | "value" | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:66:48:66:54 | "value" | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:66:48:66:54 | "value" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:66:48:66:54 | "value" | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:66:48:66:54 | "value" | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:66:48:66:54 | "value" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:66:48:66:54 | "value" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:66:48:66:54 | "value" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:66:48:66:54 | "value" | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:66:48:66:54 | "value" | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:66:48:66:54 | "value" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:66:48:66:54 | "value" | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:66:48:66:54 | "value" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:66:48:66:54 | "value" | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:66:48:66:54 | "value" | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:68:5:68:9 | "#id" | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:68:5:68:9 | "#id" | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:68:5:68:9 | "#id" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:68:5:68:9 | "#id" | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:68:5:68:9 | "#id" | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:68:5:68:9 | "#id" | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:68:5:68:9 | "#id" | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:68:5:68:9 | "#id" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:68:5:68:9 | "#id" | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:68:5:68:9 | "#id" | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:68:5:68:9 | "#id" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:68:5:68:9 | "#id" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:68:5:68:9 | "#id" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:68:5:68:9 | "#id" | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:68:5:68:9 | "#id" | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:68:5:68:9 | "#id" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:68:5:68:9 | "#id" | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:68:5:68:9 | "#id" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:68:5:68:9 | "#id" | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:68:5:68:9 | "#id" | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:68:16:68:16 | 0 | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:68:16:68:16 | 0 | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:68:16:68:16 | 0 | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:68:16:68:16 | 0 | NosqlInjection | notASinkReason | DOM | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:68:16:68:16 | 0 | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:68:16:68:16 | 0 | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:68:16:68:16 | 0 | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:68:16:68:16 | 0 | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:68:16:68:16 | 0 | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:68:16:68:16 | 0 | SqlInjection | notASinkReason | DOM | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:68:16:68:16 | 0 | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:68:16:68:16 | 0 | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:68:16:68:16 | 0 | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:68:16:68:16 | 0 | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:68:16:68:16 | 0 | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:68:16:68:16 | 0 | TaintedPath | notASinkReason | DOM | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:68:16:68:16 | 0 | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:68:16:68:16 | 0 | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:68:16:68:16 | 0 | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:68:16:68:16 | 0 | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:68:16:68:16 | 0 | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:68:16:68:16 | 0 | Xss | notASinkReason | DOM | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:68:16:68:16 | 0 | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:68:16:68:16 | 0 | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:68:31:68:37 | myValue | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:68:31:68:37 | myValue | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:68:31:68:37 | myValue | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:68:31:68:37 | myValue | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:71:11:71:32 | $("inpu ... 0).name | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:71:11:71:32 | $("inpu ... 0).name | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:71:11:71:32 | $("inpu ... 0).name | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:71:11:71:32 | $("inpu ... 0).name | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:71:13:71:19 | "input" | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:71:13:71:19 | "input" | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:71:13:71:19 | "input" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:71:13:71:19 | "input" | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:71:13:71:19 | "input" | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:71:13:71:19 | "input" | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:71:13:71:19 | "input" | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:71:13:71:19 | "input" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:71:13:71:19 | "input" | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:71:13:71:19 | "input" | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:71:13:71:19 | "input" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:71:13:71:19 | "input" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:71:13:71:19 | "input" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:71:13:71:19 | "input" | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:71:13:71:19 | "input" | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:71:13:71:19 | "input" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:71:13:71:19 | "input" | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:71:13:71:19 | "input" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:71:13:71:19 | "input" | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:71:13:71:19 | "input" | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:71:26:71:26 | 0 | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:71:26:71:26 | 0 | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:71:26:71:26 | 0 | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:71:26:71:26 | 0 | NosqlInjection | notASinkReason | DOM | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:71:26:71:26 | 0 | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:71:26:71:26 | 0 | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:71:26:71:26 | 0 | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:71:26:71:26 | 0 | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:71:26:71:26 | 0 | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:71:26:71:26 | 0 | SqlInjection | notASinkReason | DOM | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:71:26:71:26 | 0 | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:71:26:71:26 | 0 | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:71:26:71:26 | 0 | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:71:26:71:26 | 0 | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:71:26:71:26 | 0 | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:71:26:71:26 | 0 | TaintedPath | notASinkReason | DOM | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:71:26:71:26 | 0 | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:71:26:71:26 | 0 | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:71:26:71:26 | 0 | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:71:26:71:26 | 0 | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:71:26:71:26 | 0 | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:71:26:71:26 | 0 | Xss | notASinkReason | DOM | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:71:26:71:26 | 0 | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:71:26:71:26 | 0 | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:73:22:73:28 | "input" | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:73:22:73:28 | "input" | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:73:22:73:28 | "input" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:73:22:73:28 | "input" | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:73:22:73:28 | "input" | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:73:22:73:28 | "input" | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:73:22:73:28 | "input" | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:73:22:73:28 | "input" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:73:22:73:28 | "input" | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:73:22:73:28 | "input" | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:73:22:73:28 | "input" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:73:22:73:28 | "input" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:73:22:73:28 | "input" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:73:22:73:28 | "input" | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:73:22:73:28 | "input" | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:73:22:73:28 | "input" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:73:22:73:28 | "input" | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:73:22:73:28 | "input" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:73:22:73:28 | "input" | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:73:22:73:28 | "input" | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:73:35:73:35 | 0 | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:73:35:73:35 | 0 | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:73:35:73:35 | 0 | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:73:35:73:35 | 0 | NosqlInjection | notASinkReason | DOM | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:73:35:73:35 | 0 | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:73:35:73:35 | 0 | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:73:35:73:35 | 0 | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:73:35:73:35 | 0 | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:73:35:73:35 | 0 | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:73:35:73:35 | 0 | SqlInjection | notASinkReason | DOM | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:73:35:73:35 | 0 | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:73:35:73:35 | 0 | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:73:35:73:35 | 0 | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:73:35:73:35 | 0 | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:73:35:73:35 | 0 | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:73:35:73:35 | 0 | TaintedPath | notASinkReason | DOM | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:73:35:73:35 | 0 | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:73:35:73:35 | 0 | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:73:35:73:35 | 0 | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:73:35:73:35 | 0 | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:73:35:73:35 | 0 | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:73:35:73:35 | 0 | Xss | notASinkReason | DOM | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:73:35:73:35 | 0 | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:73:35:73:35 | 0 | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:75:22:75:31 | "textarea" | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:75:22:75:31 | "textarea" | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:75:22:75:31 | "textarea" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:75:22:75:31 | "textarea" | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:75:22:75:31 | "textarea" | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:75:22:75:31 | "textarea" | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:75:22:75:31 | "textarea" | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:75:22:75:31 | "textarea" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:75:22:75:31 | "textarea" | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:75:22:75:31 | "textarea" | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:75:22:75:31 | "textarea" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:75:22:75:31 | "textarea" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:75:22:75:31 | "textarea" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:75:22:75:31 | "textarea" | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:75:22:75:31 | "textarea" | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:75:22:75:31 | "textarea" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:75:22:75:31 | "textarea" | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:75:22:75:31 | "textarea" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:75:22:75:31 | "textarea" | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:75:22:75:31 | "textarea" | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:77:4:77:11 | selector | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:77:4:77:11 | selector | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:77:4:77:11 | selector | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:77:4:77:11 | selector | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:79:4:79:34 | documen ... t.value | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:79:4:79:34 | documen ... t.value | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:79:4:79:34 | documen ... t.value | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:79:4:79:34 | documen ... t.value | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:4:81:8 | "#id" | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:4:81:8 | "#id" | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:4:81:8 | "#id" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:4:81:8 | "#id" | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:4:81:8 | "#id" | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:4:81:8 | "#id" | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:4:81:8 | "#id" | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:4:81:8 | "#id" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:4:81:8 | "#id" | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:4:81:8 | "#id" | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:4:81:8 | "#id" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:4:81:8 | "#id" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:4:81:8 | "#id" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:4:81:8 | "#id" | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:4:81:8 | "#id" | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:4:81:8 | "#id" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:4:81:8 | "#id" | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:4:81:8 | "#id" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:4:81:8 | "#id" | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:4:81:8 | "#id" | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:17:81:43 | $('#foo ... rText') | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:17:81:43 | $('#foo ... rText') | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:17:81:43 | $('#foo ... rText') | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:17:81:43 | $('#foo ... rText') | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:19:81:24 | '#foo' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:19:81:24 | '#foo' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:19:81:24 | '#foo' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:19:81:24 | '#foo' | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:19:81:24 | '#foo' | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:19:81:24 | '#foo' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:19:81:24 | '#foo' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:19:81:24 | '#foo' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:19:81:24 | '#foo' | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:19:81:24 | '#foo' | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:19:81:24 | '#foo' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:19:81:24 | '#foo' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:19:81:24 | '#foo' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:19:81:24 | '#foo' | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:19:81:24 | '#foo' | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:19:81:24 | '#foo' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:19:81:24 | '#foo' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:19:81:24 | '#foo' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:19:81:24 | '#foo' | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:19:81:24 | '#foo' | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:32:81:42 | 'innerText' | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:32:81:42 | 'innerText' | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:32:81:42 | 'innerText' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:32:81:42 | 'innerText' | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:32:81:42 | 'innerText' | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:32:81:42 | 'innerText' | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:32:81:42 | 'innerText' | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:32:81:42 | 'innerText' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:32:81:42 | 'innerText' | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:32:81:42 | 'innerText' | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:32:81:42 | 'innerText' | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:32:81:42 | 'innerText' | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:32:81:42 | 'innerText' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:32:81:42 | 'innerText' | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:32:81:42 | 'innerText' | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:32:81:42 | 'innerText' | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:32:81:42 | 'innerText' | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:32:81:42 | 'innerText' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:32:81:42 | 'innerText' | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:32:81:42 | 'innerText' | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:83:24:83:30 | "anser" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:83:24:83:30 | "anser" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:83:24:83:30 | "anser" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:83:24:83:30 | "anser" | TaintedPath | sinkLabel | Sink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:84:17:84:22 | "text" | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:84:17:84:22 | "text" | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:84:17:84:22 | "text" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:84:17:84:22 | "text" | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:84:17:84:22 | "text" | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:84:17:84:22 | "text" | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:84:17:84:22 | "text" | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:84:17:84:22 | "text" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:84:17:84:22 | "text" | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:84:17:84:22 | "text" | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:84:17:84:22 | "text" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:84:17:84:22 | "text" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:84:17:84:22 | "text" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:84:17:84:22 | "text" | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:84:17:84:22 | "text" | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:84:17:84:22 | "text" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:84:17:84:22 | "text" | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:84:17:84:22 | "text" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:84:17:84:22 | "text" | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:84:17:84:22 | "text" | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:86:4:86:8 | "#id" | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:86:4:86:8 | "#id" | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:86:4:86:8 | "#id" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:86:4:86:8 | "#id" | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:86:4:86:8 | "#id" | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:86:4:86:8 | "#id" | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:86:4:86:8 | "#id" | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:86:4:86:8 | "#id" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:86:4:86:8 | "#id" | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:86:4:86:8 | "#id" | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:86:4:86:8 | "#id" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:86:4:86:8 | "#id" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:86:4:86:8 | "#id" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:86:4:86:8 | "#id" | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:86:4:86:8 | "#id" | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:86:4:86:8 | "#id" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:86:4:86:8 | "#id" | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:86:4:86:8 | "#id" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:86:4:86:8 | "#id" | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:86:4:86:8 | "#id" | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:86:16:86:37 | anser.a ... l(text) | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:86:16:86:37 | anser.a ... l(text) | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:86:16:86:37 | anser.a ... l(text) | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:86:16:86:37 | anser.a ... l(text) | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:87:4:87:8 | "#id" | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:87:4:87:8 | "#id" | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:87:4:87:8 | "#id" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:87:4:87:8 | "#id" | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:87:4:87:8 | "#id" | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:87:4:87:8 | "#id" | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:87:4:87:8 | "#id" | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:87:4:87:8 | "#id" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:87:4:87:8 | "#id" | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:87:4:87:8 | "#id" | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:87:4:87:8 | "#id" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:87:4:87:8 | "#id" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:87:4:87:8 | "#id" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:87:4:87:8 | "#id" | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:87:4:87:8 | "#id" | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:87:4:87:8 | "#id" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:87:4:87:8 | "#id" | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:87:4:87:8 | "#id" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:87:4:87:8 | "#id" | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:87:4:87:8 | "#id" | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:87:16:87:40 | new ans ... s(text) | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:87:16:87:40 | new ans ... s(text) | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:87:16:87:40 | new ans ... s(text) | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:87:16:87:40 | new ans ... s(text) | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:89:4:89:15 | "section h1" | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:89:4:89:15 | "section h1" | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:89:4:89:15 | "section h1" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:89:4:89:15 | "section h1" | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:89:4:89:15 | "section h1" | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:89:4:89:15 | "section h1" | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:89:4:89:15 | "section h1" | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:89:4:89:15 | "section h1" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:89:4:89:15 | "section h1" | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:89:4:89:15 | "section h1" | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:89:4:89:15 | "section h1" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:89:4:89:15 | "section h1" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:89:4:89:15 | "section h1" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:89:4:89:15 | "section h1" | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:89:4:89:15 | "section h1" | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:89:4:89:15 | "section h1" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:89:4:89:15 | "section h1" | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:89:4:89:15 | "section h1" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:89:4:89:15 | "section h1" | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:89:4:89:15 | "section h1" | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:89:23:91:2 | functio ... / OK\\n\\t} | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:89:23:91:2 | functio ... / OK\\n\\t} | NosqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:89:23:91:2 | functio ... / OK\\n\\t} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:89:23:91:2 | functio ... / OK\\n\\t} | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:89:23:91:2 | functio ... / OK\\n\\t} | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:89:23:91:2 | functio ... / OK\\n\\t} | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:89:23:91:2 | functio ... / OK\\n\\t} | SqlInjection | isConstantExpression | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:89:23:91:2 | functio ... / OK\\n\\t} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:89:23:91:2 | functio ... / OK\\n\\t} | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:89:23:91:2 | functio ... / OK\\n\\t} | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:89:23:91:2 | functio ... / OK\\n\\t} | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:89:23:91:2 | functio ... / OK\\n\\t} | TaintedPath | isConstantExpression | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:89:23:91:2 | functio ... / OK\\n\\t} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:89:23:91:2 | functio ... / OK\\n\\t} | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:89:23:91:2 | functio ... / OK\\n\\t} | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:89:23:91:2 | functio ... / OK\\n\\t} | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:89:23:91:2 | functio ... / OK\\n\\t} | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:89:23:91:2 | functio ... / OK\\n\\t} | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:89:23:91:2 | functio ... / OK\\n\\t} | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:89:23:91:2 | functio ... / OK\\n\\t} | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:5:90:12 | "nav ul" | NosqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:5:90:12 | "nav ul" | NosqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:5:90:12 | "nav ul" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:5:90:12 | "nav ul" | NosqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:5:90:12 | "nav ul" | NosqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:5:90:12 | "nav ul" | SqlInjection | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:5:90:12 | "nav ul" | SqlInjection | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:5:90:12 | "nav ul" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:5:90:12 | "nav ul" | SqlInjection | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:5:90:12 | "nav ul" | SqlInjection | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:5:90:12 | "nav ul" | TaintedPath | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:5:90:12 | "nav ul" | TaintedPath | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:5:90:12 | "nav ul" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:5:90:12 | "nav ul" | TaintedPath | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:5:90:12 | "nav ul" | TaintedPath | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:5:90:12 | "nav ul" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:5:90:12 | "nav ul" | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:5:90:12 | "nav ul" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:5:90:12 | "nav ul" | Xss | notASinkReason | JQueryArgument | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:5:90:12 | "nav ul" | Xss | sinkLabel | NotASink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:22:90:33 | "" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:22:90:124 | "" | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:22:90:124 | "" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:22:90:124 | "" | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:37:90:106 | $(this) ... +/g,'') | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:37:90:106 | $(this) ... +/g,'') | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:37:90:106 | $(this) ... +/g,'') | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:37:90:106 | $(this) ... +/g,'') | Xss | sinkLabel | Unknown | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:39:90:42 | this | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:39:90:42 | this | Xss | isConstantExpression | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:39:90:42 | this | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:39:90:42 | this | Xss | sinkLabel | Sink | string | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:110:90:124 | "'>Section" | Xss | hasFlowFromSource | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:110:90:124 | "'>Section" | Xss | isConstantExpression | true | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:110:90:124 | "'>Section" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:110:90:124 | "'>Section" | Xss | sinkLabel | Unknown | string | -| index.js:1:20:1:23 | "fs" | TaintedPath | hasFlowFromSource | false | boolean | -| index.js:1:20:1:23 | "fs" | TaintedPath | isConstantExpression | true | boolean | -| index.js:1:20:1:23 | "fs" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| index.js:1:20:1:23 | "fs" | TaintedPath | sinkLabel | Sink | string | -| index.js:16:19:16:30 | "underscore" | TaintedPath | hasFlowFromSource | false | boolean | -| index.js:16:19:16:30 | "underscore" | TaintedPath | isConstantExpression | true | boolean | -| index.js:16:19:16:30 | "underscore" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| index.js:16:19:16:30 | "underscore" | TaintedPath | sinkLabel | Sink | string | -| index.js:17:16:17:30 | "child_process" | TaintedPath | hasFlowFromSource | false | boolean | -| index.js:17:16:17:30 | "child_process" | TaintedPath | isConstantExpression | true | boolean | -| index.js:17:16:17:30 | "child_process" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| index.js:17:16:17:30 | "child_process" | TaintedPath | sinkLabel | Sink | string | -| index.js:21:9:21:9 | x | NosqlInjection | hasFlowFromSource | false | boolean | -| index.js:21:9:21:9 | x | NosqlInjection | isConstantExpression | false | boolean | -| index.js:21:9:21:9 | x | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| index.js:21:9:21:9 | x | NosqlInjection | notASinkReason | LodashUnderscoreArgument | string | -| index.js:21:9:21:9 | x | NosqlInjection | sinkLabel | NotASink | string | -| index.js:21:9:21:9 | x | SqlInjection | hasFlowFromSource | false | boolean | -| index.js:21:9:21:9 | x | SqlInjection | isConstantExpression | false | boolean | -| index.js:21:9:21:9 | x | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| index.js:21:9:21:9 | x | SqlInjection | notASinkReason | LodashUnderscoreArgument | string | -| index.js:21:9:21:9 | x | SqlInjection | sinkLabel | NotASink | string | -| index.js:21:9:21:9 | x | TaintedPath | hasFlowFromSource | false | boolean | -| index.js:21:9:21:9 | x | TaintedPath | isConstantExpression | false | boolean | -| index.js:21:9:21:9 | x | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| index.js:21:9:21:9 | x | TaintedPath | notASinkReason | LodashUnderscoreArgument | string | -| index.js:21:9:21:9 | x | TaintedPath | sinkLabel | NotASink | string | -| index.js:21:9:21:9 | x | Xss | hasFlowFromSource | false | boolean | -| index.js:21:9:21:9 | x | Xss | isConstantExpression | false | boolean | -| index.js:21:9:21:9 | x | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| index.js:21:9:21:9 | x | Xss | notASinkReason | LodashUnderscoreArgument | string | -| index.js:21:9:21:9 | x | Xss | sinkLabel | NotASink | string | -| index.js:25:26:25:35 | 'mongoose' | TaintedPath | hasFlowFromSource | false | boolean | -| index.js:25:26:25:35 | 'mongoose' | TaintedPath | isConstantExpression | true | boolean | -| index.js:25:26:25:35 | 'mongoose' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| index.js:25:26:25:35 | 'mongoose' | TaintedPath | sinkLabel | Sink | string | -| index.js:26:25:26:30 | 'User' | NosqlInjection | hasFlowFromSource | false | boolean | -| index.js:26:25:26:30 | 'User' | NosqlInjection | isConstantExpression | true | boolean | -| index.js:26:25:26:30 | 'User' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| index.js:26:25:26:30 | 'User' | NosqlInjection | sinkLabel | Unknown | string | -| index.js:26:25:26:30 | 'User' | SqlInjection | hasFlowFromSource | false | boolean | -| index.js:26:25:26:30 | 'User' | SqlInjection | isConstantExpression | true | boolean | -| index.js:26:25:26:30 | 'User' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| index.js:26:25:26:30 | 'User' | SqlInjection | sinkLabel | Unknown | string | -| index.js:26:25:26:30 | 'User' | TaintedPath | hasFlowFromSource | false | boolean | -| index.js:26:25:26:30 | 'User' | TaintedPath | isConstantExpression | true | boolean | -| index.js:26:25:26:30 | 'User' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| index.js:26:25:26:30 | 'User' | TaintedPath | sinkLabel | Unknown | string | -| index.js:26:25:26:30 | 'User' | Xss | hasFlowFromSource | false | boolean | -| index.js:26:25:26:30 | 'User' | Xss | isConstantExpression | true | boolean | -| index.js:26:25:26:30 | 'User' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| index.js:26:25:26:30 | 'User' | Xss | sinkLabel | Unknown | string | -| index.js:26:33:26:36 | null | NosqlInjection | hasFlowFromSource | false | boolean | -| index.js:26:33:26:36 | null | NosqlInjection | isConstantExpression | true | boolean | -| index.js:26:33:26:36 | null | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| index.js:26:33:26:36 | null | NosqlInjection | sinkLabel | Unknown | string | -| index.js:26:33:26:36 | null | SqlInjection | hasFlowFromSource | false | boolean | -| index.js:26:33:26:36 | null | SqlInjection | isConstantExpression | true | boolean | -| index.js:26:33:26:36 | null | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| index.js:26:33:26:36 | null | SqlInjection | sinkLabel | Unknown | string | -| index.js:26:33:26:36 | null | TaintedPath | hasFlowFromSource | false | boolean | -| index.js:26:33:26:36 | null | TaintedPath | isConstantExpression | true | boolean | -| index.js:26:33:26:36 | null | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| index.js:26:33:26:36 | null | TaintedPath | sinkLabel | Unknown | string | -| index.js:26:33:26:36 | null | Xss | hasFlowFromSource | false | boolean | -| index.js:26:33:26:36 | null | Xss | isConstantExpression | true | boolean | -| index.js:26:33:26:36 | null | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| index.js:26:33:26:36 | null | Xss | sinkLabel | Unknown | string | -| index.js:29:13:29:31 | { 'isAdmin': true } | NosqlInjection | hasFlowFromSource | false | boolean | -| index.js:29:13:29:31 | { 'isAdmin': true } | NosqlInjection | isConstantExpression | false | boolean | -| index.js:29:13:29:31 | { 'isAdmin': true } | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| index.js:29:13:29:31 | { 'isAdmin': true } | NosqlInjection | sinkLabel | Sink | string | -| index.js:29:26:29:29 | true | SqlInjection | hasFlowFromSource | false | boolean | -| index.js:29:26:29:29 | true | SqlInjection | isConstantExpression | true | boolean | -| index.js:29:26:29:29 | true | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| index.js:29:26:29:29 | true | SqlInjection | sinkLabel | Unknown | string | -| index.js:29:26:29:29 | true | TaintedPath | hasFlowFromSource | false | boolean | -| index.js:29:26:29:29 | true | TaintedPath | isConstantExpression | true | boolean | -| index.js:29:26:29:29 | true | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| index.js:29:26:29:29 | true | TaintedPath | sinkLabel | Unknown | string | -| index.js:29:26:29:29 | true | Xss | hasFlowFromSource | false | boolean | -| index.js:29:26:29:29 | true | Xss | isConstantExpression | true | boolean | -| index.js:29:26:29:29 | true | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| index.js:29:26:29:29 | true | Xss | sinkLabel | Unknown | string | -| index.js:30:11:38:5 | functio ... }\\n } | NosqlInjection | hasFlowFromSource | false | boolean | -| index.js:30:11:38:5 | functio ... }\\n } | NosqlInjection | isConstantExpression | false | boolean | -| index.js:30:11:38:5 | functio ... }\\n } | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| index.js:30:11:38:5 | functio ... }\\n } | NosqlInjection | notASinkReason | DatabaseAccess | string | -| index.js:30:11:38:5 | functio ... }\\n } | NosqlInjection | sinkLabel | NotASink | string | -| index.js:30:11:38:5 | functio ... }\\n } | SqlInjection | hasFlowFromSource | false | boolean | -| index.js:30:11:38:5 | functio ... }\\n } | SqlInjection | isConstantExpression | false | boolean | -| index.js:30:11:38:5 | functio ... }\\n } | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| index.js:30:11:38:5 | functio ... }\\n } | SqlInjection | notASinkReason | DatabaseAccess | string | -| index.js:30:11:38:5 | functio ... }\\n } | SqlInjection | sinkLabel | NotASink | string | -| index.js:30:11:38:5 | functio ... }\\n } | TaintedPath | hasFlowFromSource | false | boolean | -| index.js:30:11:38:5 | functio ... }\\n } | TaintedPath | isConstantExpression | false | boolean | -| index.js:30:11:38:5 | functio ... }\\n } | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| index.js:30:11:38:5 | functio ... }\\n } | TaintedPath | notASinkReason | DatabaseAccess | string | -| index.js:30:11:38:5 | functio ... }\\n } | TaintedPath | sinkLabel | NotASink | string | -| index.js:30:11:38:5 | functio ... }\\n } | Xss | hasFlowFromSource | false | boolean | -| index.js:30:11:38:5 | functio ... }\\n } | Xss | isConstantExpression | false | boolean | -| index.js:30:11:38:5 | functio ... }\\n } | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| index.js:30:11:38:5 | functio ... }\\n } | Xss | notASinkReason | DatabaseAccess | string | -| index.js:30:11:38:5 | functio ... }\\n } | Xss | sinkLabel | NotASink | string | -| index.js:36:21:36:33 | adminUsers[i] | NosqlInjection | hasFlowFromSource | false | boolean | -| index.js:36:21:36:33 | adminUsers[i] | NosqlInjection | isConstantExpression | false | boolean | -| index.js:36:21:36:33 | adminUsers[i] | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| index.js:36:21:36:33 | adminUsers[i] | NosqlInjection | notASinkReason | LoggerMethod | string | -| index.js:36:21:36:33 | adminUsers[i] | NosqlInjection | sinkLabel | NotASink | string | -| index.js:36:21:36:33 | adminUsers[i] | SqlInjection | hasFlowFromSource | false | boolean | -| index.js:36:21:36:33 | adminUsers[i] | SqlInjection | isConstantExpression | false | boolean | -| index.js:36:21:36:33 | adminUsers[i] | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| index.js:36:21:36:33 | adminUsers[i] | SqlInjection | notASinkReason | LoggerMethod | string | -| index.js:36:21:36:33 | adminUsers[i] | SqlInjection | sinkLabel | NotASink | string | -| index.js:36:21:36:33 | adminUsers[i] | TaintedPath | hasFlowFromSource | false | boolean | -| index.js:36:21:36:33 | adminUsers[i] | TaintedPath | isConstantExpression | false | boolean | -| index.js:36:21:36:33 | adminUsers[i] | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| index.js:36:21:36:33 | adminUsers[i] | TaintedPath | notASinkReason | LoggerMethod | string | -| index.js:36:21:36:33 | adminUsers[i] | TaintedPath | sinkLabel | NotASink | string | -| index.js:36:21:36:33 | adminUsers[i] | Xss | hasFlowFromSource | false | boolean | -| index.js:36:21:36:33 | adminUsers[i] | Xss | isConstantExpression | false | boolean | -| index.js:36:21:36:33 | adminUsers[i] | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| index.js:36:21:36:33 | adminUsers[i] | Xss | notASinkReason | LoggerMethod | string | -| index.js:36:21:36:33 | adminUsers[i] | Xss | sinkLabel | NotASink | string | -| index.js:44:22:44:36 | o.success_scope | NosqlInjection | hasFlowFromSource | false | boolean | -| index.js:44:22:44:36 | o.success_scope | NosqlInjection | isConstantExpression | false | boolean | -| index.js:44:22:44:36 | o.success_scope | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| index.js:44:22:44:36 | o.success_scope | NosqlInjection | sinkLabel | Unknown | string | -| index.js:44:22:44:36 | o.success_scope | SqlInjection | hasFlowFromSource | false | boolean | -| index.js:44:22:44:36 | o.success_scope | SqlInjection | isConstantExpression | false | boolean | -| index.js:44:22:44:36 | o.success_scope | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| index.js:44:22:44:36 | o.success_scope | SqlInjection | sinkLabel | Unknown | string | -| index.js:44:22:44:36 | o.success_scope | TaintedPath | hasFlowFromSource | false | boolean | -| index.js:44:22:44:36 | o.success_scope | TaintedPath | isConstantExpression | false | boolean | -| index.js:44:22:44:36 | o.success_scope | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| index.js:44:22:44:36 | o.success_scope | TaintedPath | sinkLabel | Unknown | string | -| index.js:44:22:44:36 | o.success_scope | Xss | hasFlowFromSource | false | boolean | -| index.js:44:22:44:36 | o.success_scope | Xss | isConstantExpression | false | boolean | -| index.js:44:22:44:36 | o.success_scope | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| index.js:44:22:44:36 | o.success_scope | Xss | sinkLabel | Unknown | string | -| index.js:44:39:44:57 | '' + x.responseText | NosqlInjection | hasFlowFromSource | false | boolean | -| index.js:44:39:44:57 | '' + x.responseText | NosqlInjection | isConstantExpression | false | boolean | -| index.js:44:39:44:57 | '' + x.responseText | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| index.js:44:39:44:57 | '' + x.responseText | NosqlInjection | sinkLabel | Unknown | string | -| index.js:44:39:44:57 | '' + x.responseText | SqlInjection | hasFlowFromSource | false | boolean | -| index.js:44:39:44:57 | '' + x.responseText | SqlInjection | isConstantExpression | false | boolean | -| index.js:44:39:44:57 | '' + x.responseText | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| index.js:44:39:44:57 | '' + x.responseText | SqlInjection | sinkLabel | Unknown | string | -| index.js:44:39:44:57 | '' + x.responseText | TaintedPath | hasFlowFromSource | false | boolean | -| index.js:44:39:44:57 | '' + x.responseText | TaintedPath | isConstantExpression | false | boolean | -| index.js:44:39:44:57 | '' + x.responseText | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| index.js:44:39:44:57 | '' + x.responseText | TaintedPath | sinkLabel | Unknown | string | -| index.js:44:39:44:57 | '' + x.responseText | Xss | hasFlowFromSource | false | boolean | -| index.js:44:39:44:57 | '' + x.responseText | Xss | isConstantExpression | false | boolean | -| index.js:44:39:44:57 | '' + x.responseText | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| index.js:44:39:44:57 | '' + x.responseText | Xss | sinkLabel | Unknown | string | -| index.js:44:60:44:60 | x | NosqlInjection | hasFlowFromSource | false | boolean | -| index.js:44:60:44:60 | x | NosqlInjection | isConstantExpression | false | boolean | -| index.js:44:60:44:60 | x | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| index.js:44:60:44:60 | x | NosqlInjection | sinkLabel | Unknown | string | -| index.js:44:60:44:60 | x | SqlInjection | hasFlowFromSource | false | boolean | -| index.js:44:60:44:60 | x | SqlInjection | isConstantExpression | false | boolean | -| index.js:44:60:44:60 | x | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| index.js:44:60:44:60 | x | SqlInjection | sinkLabel | Unknown | string | -| index.js:44:60:44:60 | x | TaintedPath | hasFlowFromSource | false | boolean | -| index.js:44:60:44:60 | x | TaintedPath | isConstantExpression | false | boolean | -| index.js:44:60:44:60 | x | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| index.js:44:60:44:60 | x | TaintedPath | sinkLabel | Unknown | string | -| index.js:44:60:44:60 | x | Xss | hasFlowFromSource | false | boolean | -| index.js:44:60:44:60 | x | Xss | isConstantExpression | false | boolean | -| index.js:44:60:44:60 | x | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| index.js:44:60:44:60 | x | Xss | sinkLabel | Unknown | string | -| index.js:44:63:44:63 | o | NosqlInjection | hasFlowFromSource | false | boolean | -| index.js:44:63:44:63 | o | NosqlInjection | isConstantExpression | false | boolean | -| index.js:44:63:44:63 | o | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| index.js:44:63:44:63 | o | NosqlInjection | sinkLabel | Unknown | string | -| index.js:44:63:44:63 | o | SqlInjection | hasFlowFromSource | false | boolean | -| index.js:44:63:44:63 | o | SqlInjection | isConstantExpression | false | boolean | -| index.js:44:63:44:63 | o | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| index.js:44:63:44:63 | o | SqlInjection | sinkLabel | Unknown | string | -| index.js:44:63:44:63 | o | TaintedPath | hasFlowFromSource | false | boolean | -| index.js:44:63:44:63 | o | TaintedPath | isConstantExpression | false | boolean | -| index.js:44:63:44:63 | o | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| index.js:44:63:44:63 | o | TaintedPath | sinkLabel | Unknown | string | -| index.js:44:63:44:63 | o | Xss | hasFlowFromSource | false | boolean | -| index.js:44:63:44:63 | o | Xss | isConstantExpression | false | boolean | -| index.js:44:63:44:63 | o | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| index.js:44:63:44:63 | o | Xss | sinkLabel | Unknown | string | -| index.js:46:35:46:69 | c > 100 ... ENERAL' | NosqlInjection | hasFlowFromSource | false | boolean | -| index.js:46:35:46:69 | c > 100 ... ENERAL' | NosqlInjection | isConstantExpression | false | boolean | -| index.js:46:35:46:69 | c > 100 ... ENERAL' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| index.js:46:35:46:69 | c > 100 ... ENERAL' | NosqlInjection | notASinkReason | LoggerMethod | string | -| index.js:46:35:46:69 | c > 100 ... ENERAL' | NosqlInjection | sinkLabel | NotASink | string | -| index.js:46:35:46:69 | c > 100 ... ENERAL' | SqlInjection | hasFlowFromSource | false | boolean | -| index.js:46:35:46:69 | c > 100 ... ENERAL' | SqlInjection | isConstantExpression | false | boolean | -| index.js:46:35:46:69 | c > 100 ... ENERAL' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| index.js:46:35:46:69 | c > 100 ... ENERAL' | SqlInjection | notASinkReason | LoggerMethod | string | -| index.js:46:35:46:69 | c > 100 ... ENERAL' | SqlInjection | sinkLabel | NotASink | string | -| index.js:46:35:46:69 | c > 100 ... ENERAL' | TaintedPath | hasFlowFromSource | false | boolean | -| index.js:46:35:46:69 | c > 100 ... ENERAL' | TaintedPath | isConstantExpression | false | boolean | -| index.js:46:35:46:69 | c > 100 ... ENERAL' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| index.js:46:35:46:69 | c > 100 ... ENERAL' | TaintedPath | notASinkReason | LoggerMethod | string | -| index.js:46:35:46:69 | c > 100 ... ENERAL' | TaintedPath | sinkLabel | NotASink | string | -| index.js:46:35:46:69 | c > 100 ... ENERAL' | Xss | hasFlowFromSource | false | boolean | -| index.js:46:35:46:69 | c > 100 ... ENERAL' | Xss | isConstantExpression | false | boolean | -| index.js:46:35:46:69 | c > 100 ... ENERAL' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| index.js:46:35:46:69 | c > 100 ... ENERAL' | Xss | notASinkReason | LoggerMethod | string | -| index.js:46:35:46:69 | c > 100 ... ENERAL' | Xss | sinkLabel | NotASink | string | -| index.js:46:72:46:72 | x | NosqlInjection | hasFlowFromSource | false | boolean | -| index.js:46:72:46:72 | x | NosqlInjection | isConstantExpression | false | boolean | -| index.js:46:72:46:72 | x | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| index.js:46:72:46:72 | x | NosqlInjection | notASinkReason | LoggerMethod | string | -| index.js:46:72:46:72 | x | NosqlInjection | sinkLabel | NotASink | string | -| index.js:46:72:46:72 | x | SqlInjection | hasFlowFromSource | false | boolean | -| index.js:46:72:46:72 | x | SqlInjection | isConstantExpression | false | boolean | -| index.js:46:72:46:72 | x | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| index.js:46:72:46:72 | x | SqlInjection | notASinkReason | LoggerMethod | string | -| index.js:46:72:46:72 | x | SqlInjection | sinkLabel | NotASink | string | -| index.js:46:72:46:72 | x | TaintedPath | hasFlowFromSource | false | boolean | -| index.js:46:72:46:72 | x | TaintedPath | isConstantExpression | false | boolean | -| index.js:46:72:46:72 | x | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| index.js:46:72:46:72 | x | TaintedPath | notASinkReason | LoggerMethod | string | -| index.js:46:72:46:72 | x | TaintedPath | sinkLabel | NotASink | string | -| index.js:46:72:46:72 | x | Xss | hasFlowFromSource | false | boolean | -| index.js:46:72:46:72 | x | Xss | isConstantExpression | false | boolean | -| index.js:46:72:46:72 | x | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| index.js:46:72:46:72 | x | Xss | notASinkReason | LoggerMethod | string | -| index.js:46:72:46:72 | x | Xss | sinkLabel | NotASink | string | -| index.js:46:75:46:75 | o | NosqlInjection | hasFlowFromSource | false | boolean | -| index.js:46:75:46:75 | o | NosqlInjection | isConstantExpression | false | boolean | -| index.js:46:75:46:75 | o | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| index.js:46:75:46:75 | o | NosqlInjection | notASinkReason | LoggerMethod | string | -| index.js:46:75:46:75 | o | NosqlInjection | sinkLabel | NotASink | string | -| index.js:46:75:46:75 | o | SqlInjection | hasFlowFromSource | false | boolean | -| index.js:46:75:46:75 | o | SqlInjection | isConstantExpression | false | boolean | -| index.js:46:75:46:75 | o | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| index.js:46:75:46:75 | o | SqlInjection | notASinkReason | LoggerMethod | string | -| index.js:46:75:46:75 | o | SqlInjection | sinkLabel | NotASink | string | -| index.js:46:75:46:75 | o | TaintedPath | hasFlowFromSource | false | boolean | -| index.js:46:75:46:75 | o | TaintedPath | isConstantExpression | false | boolean | -| index.js:46:75:46:75 | o | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| index.js:46:75:46:75 | o | TaintedPath | notASinkReason | LoggerMethod | string | -| index.js:46:75:46:75 | o | TaintedPath | sinkLabel | NotASink | string | -| index.js:46:75:46:75 | o | Xss | hasFlowFromSource | false | boolean | -| index.js:46:75:46:75 | o | Xss | isConstantExpression | false | boolean | -| index.js:46:75:46:75 | o | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| index.js:46:75:46:75 | o | Xss | notASinkReason | LoggerMethod | string | -| index.js:46:75:46:75 | o | Xss | sinkLabel | NotASink | string | -| index.js:50:15:50:19 | ready | NosqlInjection | hasFlowFromSource | false | boolean | -| index.js:50:15:50:19 | ready | NosqlInjection | isConstantExpression | false | boolean | -| index.js:50:15:50:19 | ready | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| index.js:50:15:50:19 | ready | NosqlInjection | notASinkReason | Timeout | string | -| index.js:50:15:50:19 | ready | NosqlInjection | sinkLabel | NotASink | string | -| index.js:50:15:50:19 | ready | SqlInjection | hasFlowFromSource | false | boolean | -| index.js:50:15:50:19 | ready | SqlInjection | isConstantExpression | false | boolean | -| index.js:50:15:50:19 | ready | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| index.js:50:15:50:19 | ready | SqlInjection | notASinkReason | Timeout | string | -| index.js:50:15:50:19 | ready | SqlInjection | sinkLabel | NotASink | string | -| index.js:50:15:50:19 | ready | TaintedPath | hasFlowFromSource | false | boolean | -| index.js:50:15:50:19 | ready | TaintedPath | isConstantExpression | false | boolean | -| index.js:50:15:50:19 | ready | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| index.js:50:15:50:19 | ready | TaintedPath | notASinkReason | Timeout | string | -| index.js:50:15:50:19 | ready | TaintedPath | sinkLabel | NotASink | string | -| index.js:50:15:50:19 | ready | Xss | hasFlowFromSource | false | boolean | -| index.js:50:15:50:19 | ready | Xss | isConstantExpression | false | boolean | -| index.js:50:15:50:19 | ready | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| index.js:50:15:50:19 | ready | Xss | notASinkReason | Timeout | string | -| index.js:50:15:50:19 | ready | Xss | sinkLabel | NotASink | string | -| index.js:50:22:50:23 | 10 | NosqlInjection | hasFlowFromSource | false | boolean | -| index.js:50:22:50:23 | 10 | NosqlInjection | isConstantExpression | true | boolean | -| index.js:50:22:50:23 | 10 | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| index.js:50:22:50:23 | 10 | NosqlInjection | notASinkReason | Timeout | string | -| index.js:50:22:50:23 | 10 | NosqlInjection | sinkLabel | NotASink | string | -| index.js:50:22:50:23 | 10 | SqlInjection | hasFlowFromSource | false | boolean | -| index.js:50:22:50:23 | 10 | SqlInjection | isConstantExpression | true | boolean | -| index.js:50:22:50:23 | 10 | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| index.js:50:22:50:23 | 10 | SqlInjection | notASinkReason | Timeout | string | -| index.js:50:22:50:23 | 10 | SqlInjection | sinkLabel | NotASink | string | -| index.js:50:22:50:23 | 10 | TaintedPath | hasFlowFromSource | false | boolean | -| index.js:50:22:50:23 | 10 | TaintedPath | isConstantExpression | true | boolean | -| index.js:50:22:50:23 | 10 | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| index.js:50:22:50:23 | 10 | TaintedPath | notASinkReason | Timeout | string | -| index.js:50:22:50:23 | 10 | TaintedPath | sinkLabel | NotASink | string | -| index.js:50:22:50:23 | 10 | Xss | hasFlowFromSource | false | boolean | -| index.js:50:22:50:23 | 10 | Xss | isConstantExpression | true | boolean | -| index.js:50:22:50:23 | 10 | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| index.js:50:22:50:23 | 10 | Xss | notASinkReason | Timeout | string | -| index.js:50:22:50:23 | 10 | Xss | sinkLabel | NotASink | string | -tokenFeatures -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:3:25:3:33 | "express" | CalleeFlexibleAccessPath | require | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:3:25:3:33 | "express" | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:3:25:3:33 | "express" | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:3:25:3:33 | "express" | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:3:25:3:33 | "express" | calleeImports | | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:3:25:3:33 | "express" | contextFunctionInterfaces | getCollection()\ngetMongooseModel()\ngetMongooseQuery() | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:3:25:3:33 | "express" | contextSurroundingFunctionParameters | | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:3:25:3:33 | "express" | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:3:25:3:33 | "express" | enclosingFunctionName | | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:3:25:3:33 | "express" | fileImports | body-parser express mongodb mongoose | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:3:25:3:33 | "express" | receiverName | | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:3:25:3:33 | "express" | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:4:28:4:40 | "body-parser" | CalleeFlexibleAccessPath | require | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:4:28:4:40 | "body-parser" | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:4:28:4:40 | "body-parser" | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:4:28:4:40 | "body-parser" | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:4:28:4:40 | "body-parser" | calleeImports | | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:4:28:4:40 | "body-parser" | contextFunctionInterfaces | getCollection()\ngetMongooseModel()\ngetMongooseQuery() | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:4:28:4:40 | "body-parser" | contextSurroundingFunctionParameters | | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:4:28:4:40 | "body-parser" | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:4:28:4:40 | "body-parser" | enclosingFunctionName | | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:4:28:4:40 | "body-parser" | fileImports | body-parser express mongodb mongoose | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:4:28:4:40 | "body-parser" | receiverName | | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:4:28:4:40 | "body-parser" | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:10:9:10:25 | bodyParser.json() | CalleeFlexibleAccessPath | app.use | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:10:9:10:25 | bodyParser.json() | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:10:9:10:25 | bodyParser.json() | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:10:9:10:25 | bodyParser.json() | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:10:9:10:25 | bodyParser.json() | calleeImports | express | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:10:9:10:25 | bodyParser.json() | contextFunctionInterfaces | getCollection()\ngetMongooseModel()\ngetMongooseQuery() | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:10:9:10:25 | bodyParser.json() | contextSurroundingFunctionParameters | | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:10:9:10:25 | bodyParser.json() | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:10:9:10:25 | bodyParser.json() | enclosingFunctionName | | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:10:9:10:25 | bodyParser.json() | fileImports | body-parser express mongodb mongoose | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:10:9:10:25 | bodyParser.json() | receiverName | app | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:10:9:10:25 | bodyParser.json() | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:12:10:12:16 | "/find" | CalleeFlexibleAccessPath | app.post | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:12:10:12:16 | "/find" | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:12:10:12:16 | "/find" | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:12:10:12:16 | "/find" | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:12:10:12:16 | "/find" | calleeImports | express | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:12:10:12:16 | "/find" | contextFunctionInterfaces | getCollection()\ngetMongooseModel()\ngetMongooseQuery() | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:12:10:12:16 | "/find" | contextSurroundingFunctionParameters | | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:12:10:12:16 | "/find" | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:12:10:12:16 | "/find" | enclosingFunctionName | | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:12:10:12:16 | "/find" | fileImports | body-parser express mongodb mongoose | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:12:10:12:16 | "/find" | receiverName | app | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:12:10:12:16 | "/find" | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:12:19:15:1 | (req, r ... OT OK\\n} | CalleeFlexibleAccessPath | app.post | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:12:19:15:1 | (req, r ... OT OK\\n} | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:12:19:15:1 | (req, r ... OT OK\\n} | InputArgumentIndex | 1 | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:12:19:15:1 | (req, r ... OT OK\\n} | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:12:19:15:1 | (req, r ... OT OK\\n} | calleeImports | express | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:12:19:15:1 | (req, r ... OT OK\\n} | contextFunctionInterfaces | getCollection()\ngetMongooseModel()\ngetMongooseQuery() | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:12:19:15:1 | (req, r ... OT OK\\n} | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:12:19:15:1 | (req, r ... OT OK\\n} | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:12:19:15:1 | (req, r ... OT OK\\n} | enclosingFunctionName | | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:12:19:15:1 | (req, r ... OT OK\\n} | fileImports | body-parser express mongodb mongoose | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:12:19:15:1 | (req, r ... OT OK\\n} | receiverName | app | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:12:19:15:1 | (req, r ... OT OK\\n} | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:14:24:14:32 | { id: v } | CalleeFlexibleAccessPath | getCollection().find | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:14:24:14:32 | { id: v } | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:14:24:14:32 | { id: v } | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:14:24:14:32 | { id: v } | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:14:24:14:32 | { id: v } | calleeImports | | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:14:24:14:32 | { id: v } | contextFunctionInterfaces | getCollection()\ngetMongooseModel()\ngetMongooseQuery() | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:14:24:14:32 | { id: v } | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:14:24:14:32 | { id: v } | enclosingFunctionBody | req res v JSON parse req body x getCollection find id v | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:14:24:14:32 | { id: v } | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:14:24:14:32 | { id: v } | fileImports | body-parser express mongodb mongoose | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:14:24:14:32 | { id: v } | receiverName | | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:14:24:14:32 | { id: v } | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:14:30:14:30 | v | CalleeFlexibleAccessPath | getCollection().find | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:14:30:14:30 | v | InputAccessPathFromCallee | 0.id | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:14:30:14:30 | v | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:14:30:14:30 | v | assignedToPropName | id | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:14:30:14:30 | v | calleeImports | | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:14:30:14:30 | v | contextFunctionInterfaces | getCollection()\ngetMongooseModel()\ngetMongooseQuery() | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:14:30:14:30 | v | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:14:30:14:30 | v | enclosingFunctionBody | req res v JSON parse req body x getCollection find id v | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:14:30:14:30 | v | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:14:30:14:30 | v | fileImports | body-parser express mongodb mongoose | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:14:30:14:30 | v | receiverName | | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:14:30:14:30 | v | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:20:10:20:16 | "/find" | CalleeFlexibleAccessPath | app.post | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:20:10:20:16 | "/find" | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:20:10:20:16 | "/find" | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:20:10:20:16 | "/find" | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:20:10:20:16 | "/find" | calleeImports | express | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:20:10:20:16 | "/find" | contextFunctionInterfaces | getCollection()\ngetMongooseModel()\ngetMongooseQuery() | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:20:10:20:16 | "/find" | contextSurroundingFunctionParameters | | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:20:10:20:16 | "/find" | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:20:10:20:16 | "/find" | enclosingFunctionName | | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:20:10:20:16 | "/find" | fileImports | body-parser express mongodb mongoose | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:20:10:20:16 | "/find" | receiverName | app | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:20:10:20:16 | "/find" | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:20:19:24:1 | (req, r ... OT OK\\n} | CalleeFlexibleAccessPath | app.post | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:20:19:24:1 | (req, r ... OT OK\\n} | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:20:19:24:1 | (req, r ... OT OK\\n} | InputArgumentIndex | 1 | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:20:19:24:1 | (req, r ... OT OK\\n} | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:20:19:24:1 | (req, r ... OT OK\\n} | calleeImports | express | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:20:19:24:1 | (req, r ... OT OK\\n} | contextFunctionInterfaces | getCollection()\ngetMongooseModel()\ngetMongooseQuery() | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:20:19:24:1 | (req, r ... OT OK\\n} | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:20:19:24:1 | (req, r ... OT OK\\n} | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:20:19:24:1 | (req, r ... OT OK\\n} | enclosingFunctionName | | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:20:19:24:1 | (req, r ... OT OK\\n} | fileImports | body-parser express mongodb mongoose | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:20:19:24:1 | (req, r ... OT OK\\n} | receiverName | app | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:20:19:24:1 | (req, r ... OT OK\\n} | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:22:27:22:35 | { id: v } | CalleeFlexibleAccessPath | getMongooseModel().find | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:22:27:22:35 | { id: v } | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:22:27:22:35 | { id: v } | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:22:27:22:35 | { id: v } | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:22:27:22:35 | { id: v } | calleeImports | | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:22:27:22:35 | { id: v } | contextFunctionInterfaces | getCollection()\ngetMongooseModel()\ngetMongooseQuery() | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:22:27:22:35 | { id: v } | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:22:27:22:35 | { id: v } | enclosingFunctionBody | req res v JSON parse req body x getMongooseModel find id v getMongooseQuery find id v | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:22:27:22:35 | { id: v } | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:22:27:22:35 | { id: v } | fileImports | body-parser express mongodb mongoose | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:22:27:22:35 | { id: v } | receiverName | | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:22:27:22:35 | { id: v } | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:22:33:22:33 | v | CalleeFlexibleAccessPath | getMongooseModel().find | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:22:33:22:33 | v | InputAccessPathFromCallee | 0.id | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:22:33:22:33 | v | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:22:33:22:33 | v | assignedToPropName | id | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:22:33:22:33 | v | calleeImports | | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:22:33:22:33 | v | contextFunctionInterfaces | getCollection()\ngetMongooseModel()\ngetMongooseQuery() | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:22:33:22:33 | v | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:22:33:22:33 | v | enclosingFunctionBody | req res v JSON parse req body x getMongooseModel find id v getMongooseQuery find id v | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:22:33:22:33 | v | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:22:33:22:33 | v | fileImports | body-parser express mongodb mongoose | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:22:33:22:33 | v | receiverName | | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:22:33:22:33 | v | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:23:27:23:35 | { id: v } | CalleeFlexibleAccessPath | getMongooseQuery().find | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:23:27:23:35 | { id: v } | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:23:27:23:35 | { id: v } | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:23:27:23:35 | { id: v } | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:23:27:23:35 | { id: v } | calleeImports | | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:23:27:23:35 | { id: v } | contextFunctionInterfaces | getCollection()\ngetMongooseModel()\ngetMongooseQuery() | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:23:27:23:35 | { id: v } | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:23:27:23:35 | { id: v } | enclosingFunctionBody | req res v JSON parse req body x getMongooseModel find id v getMongooseQuery find id v | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:23:27:23:35 | { id: v } | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:23:27:23:35 | { id: v } | fileImports | body-parser express mongodb mongoose | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:23:27:23:35 | { id: v } | receiverName | | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:23:27:23:35 | { id: v } | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:23:33:23:33 | v | CalleeFlexibleAccessPath | getMongooseQuery().find | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:23:33:23:33 | v | InputAccessPathFromCallee | 0.id | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:23:33:23:33 | v | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:23:33:23:33 | v | assignedToPropName | id | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:23:33:23:33 | v | calleeImports | | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:23:33:23:33 | v | contextFunctionInterfaces | getCollection()\ngetMongooseModel()\ngetMongooseQuery() | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:23:33:23:33 | v | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:23:33:23:33 | v | enclosingFunctionBody | req res v JSON parse req body x getMongooseModel find id v getMongooseQuery find id v | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:23:33:23:33 | v | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:23:33:23:33 | v | fileImports | body-parser express mongodb mongoose | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:23:33:23:33 | v | receiverName | | -| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:23:33:23:33 | v | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:1:24:1:32 | "mongodb" | CalleeFlexibleAccessPath | require | -| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:1:24:1:32 | "mongodb" | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:1:24:1:32 | "mongodb" | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:1:24:1:32 | "mongodb" | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:1:24:1:32 | "mongodb" | calleeImports | | -| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:1:24:1:32 | "mongodb" | contextFunctionInterfaces | connect(fn)\ndb() | -| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:1:24:1:32 | "mongodb" | contextSurroundingFunctionParameters | | -| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:1:24:1:32 | "mongodb" | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:1:24:1:32 | "mongodb" | enclosingFunctionName | | -| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:1:24:1:32 | "mongodb" | fileImports | mongodb | -| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:1:24:1:32 | "mongodb" | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:1:24:1:32 | "mongodb" | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:8:22:8:39 | process.env.DB_URL | CalleeFlexibleAccessPath | dbClient.connect | -| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:8:22:8:39 | process.env.DB_URL | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:8:22:8:39 | process.env.DB_URL | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:8:22:8:39 | process.env.DB_URL | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:8:22:8:39 | process.env.DB_URL | calleeImports | mongodb | -| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:8:22:8:39 | process.env.DB_URL | contextFunctionInterfaces | connect(fn)\ndb() | -| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:8:22:8:39 | process.env.DB_URL | contextSurroundingFunctionParameters | (fn) | -| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:8:22:8:39 | process.env.DB_URL | enclosingFunctionBody | fn dbClient connect process env DB_URL err client db client db process env DB_NAME fn err | -| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:8:22:8:39 | process.env.DB_URL | enclosingFunctionName | connect | -| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:8:22:8:39 | process.env.DB_URL | fileImports | mongodb | -| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:8:22:8:39 | process.env.DB_URL | receiverName | dbClient | -| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:8:22:8:39 | process.env.DB_URL | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:8:42:8:43 | {} | CalleeFlexibleAccessPath | dbClient.connect | -| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:8:42:8:43 | {} | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:8:42:8:43 | {} | InputArgumentIndex | 1 | -| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:8:42:8:43 | {} | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:8:42:8:43 | {} | calleeImports | mongodb | -| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:8:42:8:43 | {} | contextFunctionInterfaces | connect(fn)\ndb() | -| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:8:42:8:43 | {} | contextSurroundingFunctionParameters | (fn) | -| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:8:42:8:43 | {} | enclosingFunctionBody | fn dbClient connect process env DB_URL err client db client db process env DB_NAME fn err | -| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:8:42:8:43 | {} | enclosingFunctionName | connect | -| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:8:42:8:43 | {} | fileImports | mongodb | -| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:8:42:8:43 | {} | receiverName | dbClient | -| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:8:42:8:43 | {} | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:8:46:11:5 | (err, c ... ;\\n } | CalleeFlexibleAccessPath | dbClient.connect | -| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:8:46:11:5 | (err, c ... ;\\n } | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:8:46:11:5 | (err, c ... ;\\n } | InputArgumentIndex | 2 | -| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:8:46:11:5 | (err, c ... ;\\n } | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:8:46:11:5 | (err, c ... ;\\n } | calleeImports | mongodb | -| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:8:46:11:5 | (err, c ... ;\\n } | contextFunctionInterfaces | connect(fn)\ndb() | -| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:8:46:11:5 | (err, c ... ;\\n } | contextSurroundingFunctionParameters | (fn)\n(err, client) | -| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:8:46:11:5 | (err, c ... ;\\n } | enclosingFunctionBody | fn dbClient connect process env DB_URL err client db client db process env DB_NAME fn err | -| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:8:46:11:5 | (err, c ... ;\\n } | enclosingFunctionName | connect | -| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:8:46:11:5 | (err, c ... ;\\n } | fileImports | mongodb | -| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:8:46:11:5 | (err, c ... ;\\n } | receiverName | dbClient | -| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:8:46:11:5 | (err, c ... ;\\n } | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:9:22:9:40 | process.env.DB_NAME | CalleeFlexibleAccessPath | client.db | -| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:9:22:9:40 | process.env.DB_NAME | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:9:22:9:40 | process.env.DB_NAME | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:9:22:9:40 | process.env.DB_NAME | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:9:22:9:40 | process.env.DB_NAME | calleeImports | | -| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:9:22:9:40 | process.env.DB_NAME | contextFunctionInterfaces | connect(fn)\ndb() | -| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:9:22:9:40 | process.env.DB_NAME | contextSurroundingFunctionParameters | (fn)\n(err, client) | -| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:9:22:9:40 | process.env.DB_NAME | enclosingFunctionBody | fn dbClient connect process env DB_URL err client db client db process env DB_NAME fn err | -| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:9:22:9:40 | process.env.DB_NAME | enclosingFunctionName | connect | -| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:9:22:9:40 | process.env.DB_NAME | fileImports | mongodb | -| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:9:22:9:40 | process.env.DB_NAME | receiverName | client | -| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:9:22:9:40 | process.env.DB_NAME | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:10:17:10:19 | err | CalleeFlexibleAccessPath | fn | -| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:10:17:10:19 | err | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:10:17:10:19 | err | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:10:17:10:19 | err | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:10:17:10:19 | err | calleeImports | | -| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:10:17:10:19 | err | contextFunctionInterfaces | connect(fn)\ndb() | -| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:10:17:10:19 | err | contextSurroundingFunctionParameters | (fn)\n(err, client) | -| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:10:17:10:19 | err | enclosingFunctionBody | fn dbClient connect process env DB_URL err client db client db process env DB_NAME fn err | -| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:10:17:10:19 | err | enclosingFunctionName | connect | -| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:10:17:10:19 | err | fileImports | mongodb | -| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:10:17:10:19 | err | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:10:17:10:19 | err | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:15:33:15:38 | schema | CalleeFlexibleAccessPath | ajv.compile | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:15:33:15:38 | schema | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:15:33:15:38 | schema | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:15:33:15:38 | schema | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:15:33:15:38 | schema | calleeImports | ajv | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:15:33:15:38 | schema | contextFunctionInterfaces | validate(x) | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:15:33:15:38 | schema | contextSurroundingFunctionParameters | | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:15:33:15:38 | schema | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:15:33:15:38 | schema | enclosingFunctionName | | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:15:33:15:38 | schema | fileImports | ajv express mongodb | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:15:33:15:38 | schema | receiverName | ajv | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:15:33:15:38 | schema | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:21:10:21:26 | '/documents/find' | CalleeFlexibleAccessPath | app.post | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:21:10:21:26 | '/documents/find' | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:21:10:21:26 | '/documents/find' | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:21:10:21:26 | '/documents/find' | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:21:10:21:26 | '/documents/find' | calleeImports | express | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:21:10:21:26 | '/documents/find' | contextFunctionInterfaces | validate(x) | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:21:10:21:26 | '/documents/find' | contextSurroundingFunctionParameters | | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:21:10:21:26 | '/documents/find' | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:21:10:21:26 | '/documents/find' | enclosingFunctionName | | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:21:10:21:26 | '/documents/find' | fileImports | ajv express mongodb | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:21:10:21:26 | '/documents/find' | receiverName | app | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:21:10:21:26 | '/documents/find' | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:21:29:37:1 | (req, r ... });\\n} | CalleeFlexibleAccessPath | app.post | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:21:29:37:1 | (req, r ... });\\n} | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:21:29:37:1 | (req, r ... });\\n} | InputArgumentIndex | 1 | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:21:29:37:1 | (req, r ... });\\n} | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:21:29:37:1 | (req, r ... });\\n} | calleeImports | express | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:21:29:37:1 | (req, r ... });\\n} | contextFunctionInterfaces | validate(x) | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:21:29:37:1 | (req, r ... });\\n} | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:21:29:37:1 | (req, r ... });\\n} | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:21:29:37:1 | (req, r ... });\\n} | enclosingFunctionName | | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:21:29:37:1 | (req, r ... });\\n} | fileImports | ajv express mongodb | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:21:29:37:1 | (req, r ... });\\n} | receiverName | app | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:21:29:37:1 | (req, r ... });\\n} | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:22:25:22:56 | 'mongod ... 7/test' | CalleeFlexibleAccessPath | MongoClient.connect | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:22:25:22:56 | 'mongod ... 7/test' | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:22:25:22:56 | 'mongod ... 7/test' | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:22:25:22:56 | 'mongod ... 7/test' | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:22:25:22:56 | 'mongod ... 7/test' | calleeImports | mongodb | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:22:25:22:56 | 'mongod ... 7/test' | contextFunctionInterfaces | validate(x) | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:22:25:22:56 | 'mongod ... 7/test' | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:22:25:22:56 | 'mongod ... 7/test' | enclosingFunctionBody | req res MongoClient connect mongodb://localhost:27017/test err db doc db collection doc query JSON parse req query data checkSchema query doc find query ajv validate schema query doc find query validate query doc find query doc find query | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:22:25:22:56 | 'mongod ... 7/test' | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:22:25:22:56 | 'mongod ... 7/test' | fileImports | ajv express mongodb | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:22:25:22:56 | 'mongod ... 7/test' | receiverName | MongoClient | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:22:25:22:56 | 'mongod ... 7/test' | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:22:59:36:5 | (err, d ... K\\n } | CalleeFlexibleAccessPath | MongoClient.connect | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:22:59:36:5 | (err, d ... K\\n } | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:22:59:36:5 | (err, d ... K\\n } | InputArgumentIndex | 1 | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:22:59:36:5 | (err, d ... K\\n } | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:22:59:36:5 | (err, d ... K\\n } | calleeImports | mongodb | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:22:59:36:5 | (err, d ... K\\n } | contextFunctionInterfaces | validate(x) | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:22:59:36:5 | (err, d ... K\\n } | contextSurroundingFunctionParameters | (req, res)\n(err, db) | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:22:59:36:5 | (err, d ... K\\n } | enclosingFunctionBody | req res MongoClient connect mongodb://localhost:27017/test err db doc db collection doc query JSON parse req query data checkSchema query doc find query ajv validate schema query doc find query validate query doc find query doc find query | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:22:59:36:5 | (err, d ... K\\n } | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:22:59:36:5 | (err, d ... K\\n } | fileImports | ajv express mongodb | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:22:59:36:5 | (err, d ... K\\n } | receiverName | MongoClient | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:22:59:36:5 | (err, d ... K\\n } | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:23:33:23:37 | 'doc' | CalleeFlexibleAccessPath | db.collection | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:23:33:23:37 | 'doc' | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:23:33:23:37 | 'doc' | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:23:33:23:37 | 'doc' | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:23:33:23:37 | 'doc' | calleeImports | | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:23:33:23:37 | 'doc' | contextFunctionInterfaces | validate(x) | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:23:33:23:37 | 'doc' | contextSurroundingFunctionParameters | (req, res)\n(err, db) | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:23:33:23:37 | 'doc' | enclosingFunctionBody | req res MongoClient connect mongodb://localhost:27017/test err db doc db collection doc query JSON parse req query data checkSchema query doc find query ajv validate schema query doc find query validate query doc find query doc find query | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:23:33:23:37 | 'doc' | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:23:33:23:37 | 'doc' | fileImports | ajv express mongodb | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:23:33:23:37 | 'doc' | receiverName | db | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:23:33:23:37 | 'doc' | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:25:23:25:48 | JSON.pa ... y.data) | CalleeFlexibleAccessPath | | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:25:23:25:48 | JSON.pa ... y.data) | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:25:23:25:48 | JSON.pa ... y.data) | InputArgumentIndex | | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:25:23:25:48 | JSON.pa ... y.data) | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:25:23:25:48 | JSON.pa ... y.data) | calleeImports | | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:25:23:25:48 | JSON.pa ... y.data) | contextFunctionInterfaces | validate(x) | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:25:23:25:48 | JSON.pa ... y.data) | contextSurroundingFunctionParameters | (req, res)\n(err, db) | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:25:23:25:48 | JSON.pa ... y.data) | enclosingFunctionBody | req res MongoClient connect mongodb://localhost:27017/test err db doc db collection doc query JSON parse req query data checkSchema query doc find query ajv validate schema query doc find query validate query doc find query doc find query | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:25:23:25:48 | JSON.pa ... y.data) | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:25:23:25:48 | JSON.pa ... y.data) | fileImports | ajv express mongodb | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:25:23:25:48 | JSON.pa ... y.data) | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:25:23:25:48 | JSON.pa ... y.data) | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:26:25:26:29 | query | CalleeFlexibleAccessPath | checkSchema | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:26:25:26:29 | query | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:26:25:26:29 | query | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:26:25:26:29 | query | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:26:25:26:29 | query | calleeImports | ajv | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:26:25:26:29 | query | contextFunctionInterfaces | validate(x) | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:26:25:26:29 | query | contextSurroundingFunctionParameters | (req, res)\n(err, db) | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:26:25:26:29 | query | enclosingFunctionBody | req res MongoClient connect mongodb://localhost:27017/test err db doc db collection doc query JSON parse req query data checkSchema query doc find query ajv validate schema query doc find query validate query doc find query doc find query | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:26:25:26:29 | query | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:26:25:26:29 | query | fileImports | ajv express mongodb | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:26:25:26:29 | query | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:26:25:26:29 | query | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:27:22:27:26 | query | CalleeFlexibleAccessPath | doc.find | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:27:22:27:26 | query | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:27:22:27:26 | query | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:27:22:27:26 | query | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:27:22:27:26 | query | calleeImports | | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:27:22:27:26 | query | contextFunctionInterfaces | validate(x) | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:27:22:27:26 | query | contextSurroundingFunctionParameters | (req, res)\n(err, db) | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:27:22:27:26 | query | enclosingFunctionBody | req res MongoClient connect mongodb://localhost:27017/test err db doc db collection doc query JSON parse req query data checkSchema query doc find query ajv validate schema query doc find query validate query doc find query doc find query | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:27:22:27:26 | query | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:27:22:27:26 | query | fileImports | ajv express mongodb | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:27:22:27:26 | query | receiverName | doc | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:27:22:27:26 | query | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:30:22:30:26 | query | CalleeFlexibleAccessPath | doc.find | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:30:22:30:26 | query | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:30:22:30:26 | query | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:30:22:30:26 | query | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:30:22:30:26 | query | calleeImports | | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:30:22:30:26 | query | contextFunctionInterfaces | validate(x) | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:30:22:30:26 | query | contextSurroundingFunctionParameters | (req, res)\n(err, db) | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:30:22:30:26 | query | enclosingFunctionBody | req res MongoClient connect mongodb://localhost:27017/test err db doc db collection doc query JSON parse req query data checkSchema query doc find query ajv validate schema query doc find query validate query doc find query doc find query | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:30:22:30:26 | query | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:30:22:30:26 | query | fileImports | ajv express mongodb | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:30:22:30:26 | query | receiverName | doc | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:30:22:30:26 | query | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:33:22:33:26 | query | CalleeFlexibleAccessPath | doc.find | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:33:22:33:26 | query | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:33:22:33:26 | query | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:33:22:33:26 | query | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:33:22:33:26 | query | calleeImports | | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:33:22:33:26 | query | contextFunctionInterfaces | validate(x) | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:33:22:33:26 | query | contextSurroundingFunctionParameters | (req, res)\n(err, db) | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:33:22:33:26 | query | enclosingFunctionBody | req res MongoClient connect mongodb://localhost:27017/test err db doc db collection doc query JSON parse req query data checkSchema query doc find query ajv validate schema query doc find query validate query doc find query doc find query | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:33:22:33:26 | query | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:33:22:33:26 | query | fileImports | ajv express mongodb | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:33:22:33:26 | query | receiverName | doc | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:33:22:33:26 | query | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:35:18:35:22 | query | CalleeFlexibleAccessPath | doc.find | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:35:18:35:22 | query | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:35:18:35:22 | query | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:35:18:35:22 | query | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:35:18:35:22 | query | calleeImports | | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:35:18:35:22 | query | contextFunctionInterfaces | validate(x) | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:35:18:35:22 | query | contextSurroundingFunctionParameters | (req, res)\n(err, db) | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:35:18:35:22 | query | enclosingFunctionBody | req res MongoClient connect mongodb://localhost:27017/test err db doc db collection doc query JSON parse req query data checkSchema query doc find query ajv validate schema query doc find query validate query doc find query doc find query | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:35:18:35:22 | query | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:35:18:35:22 | query | fileImports | ajv express mongodb | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:35:18:35:22 | query | receiverName | doc | -| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:35:18:35:22 | query | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-from.js:1:24:1:31 | "marsdb" | CalleeFlexibleAccessPath | require | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-from.js:1:24:1:31 | "marsdb" | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-from.js:1:24:1:31 | "marsdb" | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-from.js:1:24:1:31 | "marsdb" | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-from.js:1:24:1:31 | "marsdb" | calleeImports | | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-from.js:1:24:1:31 | "marsdb" | contextFunctionInterfaces | | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-from.js:1:24:1:31 | "marsdb" | contextSurroundingFunctionParameters | | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-from.js:1:24:1:31 | "marsdb" | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-from.js:1:24:1:31 | "marsdb" | enclosingFunctionName | | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-from.js:1:24:1:31 | "marsdb" | fileImports | marsdb | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-from.js:1:24:1:31 | "marsdb" | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-from.js:1:24:1:31 | "marsdb" | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:1:25:1:33 | "express" | CalleeFlexibleAccessPath | require | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:1:25:1:33 | "express" | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:1:25:1:33 | "express" | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:1:25:1:33 | "express" | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:1:25:1:33 | "express" | calleeImports | | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:1:25:1:33 | "express" | contextFunctionInterfaces | | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:1:25:1:33 | "express" | contextSurroundingFunctionParameters | | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:1:25:1:33 | "express" | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:1:25:1:33 | "express" | enclosingFunctionName | | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:1:25:1:33 | "express" | fileImports | ./marsdb-flow-from body-parser express | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:1:25:1:33 | "express" | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:1:25:1:33 | "express" | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:2:28:2:40 | "body-parser" | CalleeFlexibleAccessPath | require | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:2:28:2:40 | "body-parser" | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:2:28:2:40 | "body-parser" | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:2:28:2:40 | "body-parser" | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:2:28:2:40 | "body-parser" | calleeImports | | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:2:28:2:40 | "body-parser" | contextFunctionInterfaces | | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:2:28:2:40 | "body-parser" | contextSurroundingFunctionParameters | | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:2:28:2:40 | "body-parser" | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:2:28:2:40 | "body-parser" | enclosingFunctionName | | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:2:28:2:40 | "body-parser" | fileImports | ./marsdb-flow-from body-parser express | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:2:28:2:40 | "body-parser" | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:2:28:2:40 | "body-parser" | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:3:20:3:39 | './marsdb-flow-from' | CalleeFlexibleAccessPath | require | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:3:20:3:39 | './marsdb-flow-from' | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:3:20:3:39 | './marsdb-flow-from' | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:3:20:3:39 | './marsdb-flow-from' | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:3:20:3:39 | './marsdb-flow-from' | calleeImports | | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:3:20:3:39 | './marsdb-flow-from' | contextFunctionInterfaces | | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:3:20:3:39 | './marsdb-flow-from' | contextSurroundingFunctionParameters | | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:3:20:3:39 | './marsdb-flow-from' | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:3:20:3:39 | './marsdb-flow-from' | enclosingFunctionName | | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:3:20:3:39 | './marsdb-flow-from' | fileImports | ./marsdb-flow-from body-parser express | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:3:20:3:39 | './marsdb-flow-from' | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:3:20:3:39 | './marsdb-flow-from' | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:7:9:7:49 | bodyPar ... true }) | CalleeFlexibleAccessPath | app.use | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:7:9:7:49 | bodyPar ... true }) | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:7:9:7:49 | bodyPar ... true }) | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:7:9:7:49 | bodyPar ... true }) | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:7:9:7:49 | bodyPar ... true }) | calleeImports | express | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:7:9:7:49 | bodyPar ... true }) | contextFunctionInterfaces | | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:7:9:7:49 | bodyPar ... true }) | contextSurroundingFunctionParameters | | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:7:9:7:49 | bodyPar ... true }) | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:7:9:7:49 | bodyPar ... true }) | enclosingFunctionName | | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:7:9:7:49 | bodyPar ... true }) | fileImports | ./marsdb-flow-from body-parser express | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:7:9:7:49 | bodyPar ... true }) | receiverName | app | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:7:9:7:49 | bodyPar ... true }) | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:7:31:7:48 | { extended: true } | CalleeFlexibleAccessPath | bodyParser.urlencoded | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:7:31:7:48 | { extended: true } | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:7:31:7:48 | { extended: true } | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:7:31:7:48 | { extended: true } | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:7:31:7:48 | { extended: true } | calleeImports | body-parser | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:7:31:7:48 | { extended: true } | contextFunctionInterfaces | | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:7:31:7:48 | { extended: true } | contextSurroundingFunctionParameters | | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:7:31:7:48 | { extended: true } | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:7:31:7:48 | { extended: true } | enclosingFunctionName | | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:7:31:7:48 | { extended: true } | fileImports | ./marsdb-flow-from body-parser express | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:7:31:7:48 | { extended: true } | receiverName | bodyParser | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:7:31:7:48 | { extended: true } | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:7:43:7:46 | true | CalleeFlexibleAccessPath | bodyParser.urlencoded | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:7:43:7:46 | true | InputAccessPathFromCallee | 0.extended | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:7:43:7:46 | true | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:7:43:7:46 | true | assignedToPropName | extended | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:7:43:7:46 | true | calleeImports | body-parser | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:7:43:7:46 | true | contextFunctionInterfaces | | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:7:43:7:46 | true | contextSurroundingFunctionParameters | | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:7:43:7:46 | true | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:7:43:7:46 | true | enclosingFunctionName | | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:7:43:7:46 | true | fileImports | ./marsdb-flow-from body-parser express | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:7:43:7:46 | true | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:7:43:7:46 | true | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:9:10:9:26 | "/documents/find" | CalleeFlexibleAccessPath | app.post | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:9:10:9:26 | "/documents/find" | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:9:10:9:26 | "/documents/find" | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:9:10:9:26 | "/documents/find" | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:9:10:9:26 | "/documents/find" | calleeImports | express | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:9:10:9:26 | "/documents/find" | contextFunctionInterfaces | | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:9:10:9:26 | "/documents/find" | contextSurroundingFunctionParameters | | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:9:10:9:26 | "/documents/find" | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:9:10:9:26 | "/documents/find" | enclosingFunctionName | | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:9:10:9:26 | "/documents/find" | fileImports | ./marsdb-flow-from body-parser express | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:9:10:9:26 | "/documents/find" | receiverName | app | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:9:10:9:26 | "/documents/find" | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:9:29:15:1 | (req, r ... ery);\\n} | CalleeFlexibleAccessPath | app.post | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:9:29:15:1 | (req, r ... ery);\\n} | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:9:29:15:1 | (req, r ... ery);\\n} | InputArgumentIndex | 1 | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:9:29:15:1 | (req, r ... ery);\\n} | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:9:29:15:1 | (req, r ... ery);\\n} | calleeImports | express | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:9:29:15:1 | (req, r ... ery);\\n} | contextFunctionInterfaces | | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:9:29:15:1 | (req, r ... ery);\\n} | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:9:29:15:1 | (req, r ... ery);\\n} | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:9:29:15:1 | (req, r ... ery);\\n} | enclosingFunctionName | | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:9:29:15:1 | (req, r ... ery);\\n} | fileImports | ./marsdb-flow-from body-parser express | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:9:29:15:1 | (req, r ... ery);\\n} | receiverName | app | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:9:29:15:1 | (req, r ... ery);\\n} | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:10:17:10:18 | {} | CalleeFlexibleAccessPath | | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:10:17:10:18 | {} | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:10:17:10:18 | {} | InputArgumentIndex | | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:10:17:10:18 | {} | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:10:17:10:18 | {} | calleeImports | | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:10:17:10:18 | {} | contextFunctionInterfaces | | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:10:17:10:18 | {} | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:10:17:10:18 | {} | enclosingFunctionBody | req res query query title req body title db myDoc find query | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:10:17:10:18 | {} | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:10:17:10:18 | {} | fileImports | ./marsdb-flow-from body-parser express | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:10:17:10:18 | {} | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:10:17:10:18 | {} | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:14:17:14:21 | query | CalleeFlexibleAccessPath | db.myDoc.find | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:14:17:14:21 | query | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:14:17:14:21 | query | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:14:17:14:21 | query | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:14:17:14:21 | query | calleeImports | ./marsdb-flow-from | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:14:17:14:21 | query | contextFunctionInterfaces | | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:14:17:14:21 | query | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:14:17:14:21 | query | enclosingFunctionBody | req res query query title req body title db myDoc find query | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:14:17:14:21 | query | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:14:17:14:21 | query | fileImports | ./marsdb-flow-from body-parser express | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:14:17:14:21 | query | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:14:17:14:21 | query | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:1:25:1:33 | "express" | CalleeFlexibleAccessPath | require | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:1:25:1:33 | "express" | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:1:25:1:33 | "express" | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:1:25:1:33 | "express" | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:1:25:1:33 | "express" | calleeImports | | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:1:25:1:33 | "express" | contextFunctionInterfaces | | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:1:25:1:33 | "express" | contextSurroundingFunctionParameters | | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:1:25:1:33 | "express" | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:1:25:1:33 | "express" | enclosingFunctionName | | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:1:25:1:33 | "express" | fileImports | body-parser express marsdb | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:1:25:1:33 | "express" | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:1:25:1:33 | "express" | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:2:20:2:27 | "marsdb" | CalleeFlexibleAccessPath | require | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:2:20:2:27 | "marsdb" | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:2:20:2:27 | "marsdb" | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:2:20:2:27 | "marsdb" | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:2:20:2:27 | "marsdb" | calleeImports | | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:2:20:2:27 | "marsdb" | contextFunctionInterfaces | | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:2:20:2:27 | "marsdb" | contextSurroundingFunctionParameters | | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:2:20:2:27 | "marsdb" | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:2:20:2:27 | "marsdb" | enclosingFunctionName | | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:2:20:2:27 | "marsdb" | fileImports | body-parser express marsdb | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:2:20:2:27 | "marsdb" | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:2:20:2:27 | "marsdb" | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:3:24:3:36 | "body-parser" | CalleeFlexibleAccessPath | require | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:3:24:3:36 | "body-parser" | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:3:24:3:36 | "body-parser" | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:3:24:3:36 | "body-parser" | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:3:24:3:36 | "body-parser" | calleeImports | | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:3:24:3:36 | "body-parser" | contextFunctionInterfaces | | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:3:24:3:36 | "body-parser" | contextSurroundingFunctionParameters | | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:3:24:3:36 | "body-parser" | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:3:24:3:36 | "body-parser" | enclosingFunctionName | | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:3:24:3:36 | "body-parser" | fileImports | body-parser express marsdb | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:3:24:3:36 | "body-parser" | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:3:24:3:36 | "body-parser" | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:9:9:9:49 | bodyPar ... true }) | CalleeFlexibleAccessPath | app.use | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:9:9:9:49 | bodyPar ... true }) | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:9:9:9:49 | bodyPar ... true }) | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:9:9:9:49 | bodyPar ... true }) | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:9:9:9:49 | bodyPar ... true }) | calleeImports | express | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:9:9:9:49 | bodyPar ... true }) | contextFunctionInterfaces | | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:9:9:9:49 | bodyPar ... true }) | contextSurroundingFunctionParameters | | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:9:9:9:49 | bodyPar ... true }) | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:9:9:9:49 | bodyPar ... true }) | enclosingFunctionName | | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:9:9:9:49 | bodyPar ... true }) | fileImports | body-parser express marsdb | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:9:9:9:49 | bodyPar ... true }) | receiverName | app | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:9:9:9:49 | bodyPar ... true }) | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:9:31:9:48 | { extended: true } | CalleeFlexibleAccessPath | bodyParser.urlencoded | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:9:31:9:48 | { extended: true } | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:9:31:9:48 | { extended: true } | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:9:31:9:48 | { extended: true } | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:9:31:9:48 | { extended: true } | calleeImports | body-parser | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:9:31:9:48 | { extended: true } | contextFunctionInterfaces | | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:9:31:9:48 | { extended: true } | contextSurroundingFunctionParameters | | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:9:31:9:48 | { extended: true } | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:9:31:9:48 | { extended: true } | enclosingFunctionName | | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:9:31:9:48 | { extended: true } | fileImports | body-parser express marsdb | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:9:31:9:48 | { extended: true } | receiverName | bodyParser | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:9:31:9:48 | { extended: true } | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:9:43:9:46 | true | CalleeFlexibleAccessPath | bodyParser.urlencoded | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:9:43:9:46 | true | InputAccessPathFromCallee | 0.extended | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:9:43:9:46 | true | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:9:43:9:46 | true | assignedToPropName | extended | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:9:43:9:46 | true | calleeImports | body-parser | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:9:43:9:46 | true | contextFunctionInterfaces | | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:9:43:9:46 | true | contextSurroundingFunctionParameters | | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:9:43:9:46 | true | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:9:43:9:46 | true | enclosingFunctionName | | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:9:43:9:46 | true | fileImports | body-parser express marsdb | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:9:43:9:46 | true | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:9:43:9:46 | true | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:11:10:11:26 | "/documents/find" | CalleeFlexibleAccessPath | app.post | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:11:10:11:26 | "/documents/find" | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:11:10:11:26 | "/documents/find" | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:11:10:11:26 | "/documents/find" | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:11:10:11:26 | "/documents/find" | calleeImports | express | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:11:10:11:26 | "/documents/find" | contextFunctionInterfaces | | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:11:10:11:26 | "/documents/find" | contextSurroundingFunctionParameters | | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:11:10:11:26 | "/documents/find" | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:11:10:11:26 | "/documents/find" | enclosingFunctionName | | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:11:10:11:26 | "/documents/find" | fileImports | body-parser express marsdb | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:11:10:11:26 | "/documents/find" | receiverName | app | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:11:10:11:26 | "/documents/find" | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:11:29:17:1 | (req, r ... ery);\\n} | CalleeFlexibleAccessPath | app.post | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:11:29:17:1 | (req, r ... ery);\\n} | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:11:29:17:1 | (req, r ... ery);\\n} | InputArgumentIndex | 1 | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:11:29:17:1 | (req, r ... ery);\\n} | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:11:29:17:1 | (req, r ... ery);\\n} | calleeImports | express | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:11:29:17:1 | (req, r ... ery);\\n} | contextFunctionInterfaces | | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:11:29:17:1 | (req, r ... ery);\\n} | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:11:29:17:1 | (req, r ... ery);\\n} | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:11:29:17:1 | (req, r ... ery);\\n} | enclosingFunctionName | | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:11:29:17:1 | (req, r ... ery);\\n} | fileImports | body-parser express marsdb | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:11:29:17:1 | (req, r ... ery);\\n} | receiverName | app | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:11:29:17:1 | (req, r ... ery);\\n} | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:12:17:12:18 | {} | CalleeFlexibleAccessPath | | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:12:17:12:18 | {} | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:12:17:12:18 | {} | InputArgumentIndex | | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:12:17:12:18 | {} | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:12:17:12:18 | {} | calleeImports | | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:12:17:12:18 | {} | contextFunctionInterfaces | | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:12:17:12:18 | {} | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:12:17:12:18 | {} | enclosingFunctionBody | req res query query title req body title doc find query | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:12:17:12:18 | {} | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:12:17:12:18 | {} | fileImports | body-parser express marsdb | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:12:17:12:18 | {} | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:12:17:12:18 | {} | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:16:12:16:16 | query | CalleeFlexibleAccessPath | doc.find | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:16:12:16:16 | query | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:16:12:16:16 | query | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:16:12:16:16 | query | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:16:12:16:16 | query | calleeImports | marsdb | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:16:12:16:16 | query | contextFunctionInterfaces | | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:16:12:16:16 | query | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:16:12:16:16 | query | enclosingFunctionBody | req res query query title req body title doc find query | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:16:12:16:16 | query | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:16:12:16:16 | query | fileImports | body-parser express marsdb | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:16:12:16:16 | query | receiverName | doc | -| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:16:12:16:16 | query | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:1:25:1:33 | "express" | CalleeFlexibleAccessPath | require | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:1:25:1:33 | "express" | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:1:25:1:33 | "express" | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:1:25:1:33 | "express" | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:1:25:1:33 | "express" | calleeImports | | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:1:25:1:33 | "express" | contextFunctionInterfaces | | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:1:25:1:33 | "express" | contextSurroundingFunctionParameters | | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:1:25:1:33 | "express" | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:1:25:1:33 | "express" | enclosingFunctionName | | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:1:25:1:33 | "express" | fileImports | body-parser express minimongo | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:1:25:1:33 | "express" | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:1:25:1:33 | "express" | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:2:23:2:33 | "minimongo" | CalleeFlexibleAccessPath | require | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:2:23:2:33 | "minimongo" | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:2:23:2:33 | "minimongo" | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:2:23:2:33 | "minimongo" | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:2:23:2:33 | "minimongo" | calleeImports | | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:2:23:2:33 | "minimongo" | contextFunctionInterfaces | | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:2:23:2:33 | "minimongo" | contextSurroundingFunctionParameters | | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:2:23:2:33 | "minimongo" | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:2:23:2:33 | "minimongo" | enclosingFunctionName | | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:2:23:2:33 | "minimongo" | fileImports | body-parser express minimongo | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:2:23:2:33 | "minimongo" | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:2:23:2:33 | "minimongo" | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:3:24:3:36 | "body-parser" | CalleeFlexibleAccessPath | require | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:3:24:3:36 | "body-parser" | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:3:24:3:36 | "body-parser" | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:3:24:3:36 | "body-parser" | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:3:24:3:36 | "body-parser" | calleeImports | | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:3:24:3:36 | "body-parser" | contextFunctionInterfaces | | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:3:24:3:36 | "body-parser" | contextSurroundingFunctionParameters | | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:3:24:3:36 | "body-parser" | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:3:24:3:36 | "body-parser" | enclosingFunctionName | | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:3:24:3:36 | "body-parser" | fileImports | body-parser express minimongo | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:3:24:3:36 | "body-parser" | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:3:24:3:36 | "body-parser" | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:11:9:11:49 | bodyPar ... true }) | CalleeFlexibleAccessPath | app.use | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:11:9:11:49 | bodyPar ... true }) | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:11:9:11:49 | bodyPar ... true }) | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:11:9:11:49 | bodyPar ... true }) | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:11:9:11:49 | bodyPar ... true }) | calleeImports | express | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:11:9:11:49 | bodyPar ... true }) | contextFunctionInterfaces | | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:11:9:11:49 | bodyPar ... true }) | contextSurroundingFunctionParameters | | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:11:9:11:49 | bodyPar ... true }) | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:11:9:11:49 | bodyPar ... true }) | enclosingFunctionName | | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:11:9:11:49 | bodyPar ... true }) | fileImports | body-parser express minimongo | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:11:9:11:49 | bodyPar ... true }) | receiverName | app | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:11:9:11:49 | bodyPar ... true }) | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:11:31:11:48 | { extended: true } | CalleeFlexibleAccessPath | bodyParser.urlencoded | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:11:31:11:48 | { extended: true } | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:11:31:11:48 | { extended: true } | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:11:31:11:48 | { extended: true } | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:11:31:11:48 | { extended: true } | calleeImports | body-parser | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:11:31:11:48 | { extended: true } | contextFunctionInterfaces | | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:11:31:11:48 | { extended: true } | contextSurroundingFunctionParameters | | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:11:31:11:48 | { extended: true } | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:11:31:11:48 | { extended: true } | enclosingFunctionName | | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:11:31:11:48 | { extended: true } | fileImports | body-parser express minimongo | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:11:31:11:48 | { extended: true } | receiverName | bodyParser | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:11:31:11:48 | { extended: true } | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:11:43:11:46 | true | CalleeFlexibleAccessPath | bodyParser.urlencoded | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:11:43:11:46 | true | InputAccessPathFromCallee | 0.extended | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:11:43:11:46 | true | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:11:43:11:46 | true | assignedToPropName | extended | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:11:43:11:46 | true | calleeImports | body-parser | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:11:43:11:46 | true | contextFunctionInterfaces | | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:11:43:11:46 | true | contextSurroundingFunctionParameters | | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:11:43:11:46 | true | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:11:43:11:46 | true | enclosingFunctionName | | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:11:43:11:46 | true | fileImports | body-parser express minimongo | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:11:43:11:46 | true | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:11:43:11:46 | true | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:13:10:13:26 | "/documents/find" | CalleeFlexibleAccessPath | app.post | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:13:10:13:26 | "/documents/find" | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:13:10:13:26 | "/documents/find" | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:13:10:13:26 | "/documents/find" | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:13:10:13:26 | "/documents/find" | calleeImports | express | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:13:10:13:26 | "/documents/find" | contextFunctionInterfaces | | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:13:10:13:26 | "/documents/find" | contextSurroundingFunctionParameters | | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:13:10:13:26 | "/documents/find" | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:13:10:13:26 | "/documents/find" | enclosingFunctionName | | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:13:10:13:26 | "/documents/find" | fileImports | body-parser express minimongo | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:13:10:13:26 | "/documents/find" | receiverName | app | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:13:10:13:26 | "/documents/find" | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:13:29:19:1 | (req, r ... ery);\\n} | CalleeFlexibleAccessPath | app.post | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:13:29:19:1 | (req, r ... ery);\\n} | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:13:29:19:1 | (req, r ... ery);\\n} | InputArgumentIndex | 1 | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:13:29:19:1 | (req, r ... ery);\\n} | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:13:29:19:1 | (req, r ... ery);\\n} | calleeImports | express | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:13:29:19:1 | (req, r ... ery);\\n} | contextFunctionInterfaces | | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:13:29:19:1 | (req, r ... ery);\\n} | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:13:29:19:1 | (req, r ... ery);\\n} | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:13:29:19:1 | (req, r ... ery);\\n} | enclosingFunctionName | | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:13:29:19:1 | (req, r ... ery);\\n} | fileImports | body-parser express minimongo | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:13:29:19:1 | (req, r ... ery);\\n} | receiverName | app | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:13:29:19:1 | (req, r ... ery);\\n} | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:14:17:14:18 | {} | CalleeFlexibleAccessPath | | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:14:17:14:18 | {} | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:14:17:14:18 | {} | InputArgumentIndex | | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:14:17:14:18 | {} | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:14:17:14:18 | {} | calleeImports | | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:14:17:14:18 | {} | contextFunctionInterfaces | | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:14:17:14:18 | {} | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:14:17:14:18 | {} | enclosingFunctionBody | req res query query title req body title doc find query | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:14:17:14:18 | {} | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:14:17:14:18 | {} | fileImports | body-parser express minimongo | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:14:17:14:18 | {} | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:14:17:14:18 | {} | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:18:12:18:16 | query | CalleeFlexibleAccessPath | doc.find | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:18:12:18:16 | query | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:18:12:18:16 | query | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:18:12:18:16 | query | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:18:12:18:16 | query | calleeImports | minimongo | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:18:12:18:16 | query | contextFunctionInterfaces | | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:18:12:18:16 | query | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:18:12:18:16 | query | enclosingFunctionBody | req res query query title req body title doc find query | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:18:12:18:16 | query | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:18:12:18:16 | query | fileImports | body-parser express minimongo | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:18:12:18:16 | query | receiverName | doc | -| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:18:12:18:16 | query | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:1:25:1:33 | 'express' | CalleeFlexibleAccessPath | require | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:1:25:1:33 | 'express' | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:1:25:1:33 | 'express' | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:1:25:1:33 | 'express' | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:1:25:1:33 | 'express' | calleeImports | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:1:25:1:33 | 'express' | contextFunctionInterfaces | useParams(params)\nuseQuery(queries) | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:1:25:1:33 | 'express' | contextSurroundingFunctionParameters | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:1:25:1:33 | 'express' | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:1:25:1:33 | 'express' | enclosingFunctionName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:1:25:1:33 | 'express' | fileImports | ./dbo.js body-parser express mongodb | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:1:25:1:33 | 'express' | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:1:25:1:33 | 'express' | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:2:25:2:33 | 'mongodb' | CalleeFlexibleAccessPath | require | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:2:25:2:33 | 'mongodb' | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:2:25:2:33 | 'mongodb' | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:2:25:2:33 | 'mongodb' | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:2:25:2:33 | 'mongodb' | calleeImports | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:2:25:2:33 | 'mongodb' | contextFunctionInterfaces | useParams(params)\nuseQuery(queries) | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:2:25:2:33 | 'mongodb' | contextSurroundingFunctionParameters | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:2:25:2:33 | 'mongodb' | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:2:25:2:33 | 'mongodb' | enclosingFunctionName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:2:25:2:33 | 'mongodb' | fileImports | ./dbo.js body-parser express mongodb | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:2:25:2:33 | 'mongodb' | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:2:25:2:33 | 'mongodb' | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:3:28:3:40 | 'body-parser' | CalleeFlexibleAccessPath | require | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:3:28:3:40 | 'body-parser' | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:3:28:3:40 | 'body-parser' | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:3:28:3:40 | 'body-parser' | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:3:28:3:40 | 'body-parser' | calleeImports | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:3:28:3:40 | 'body-parser' | contextFunctionInterfaces | useParams(params)\nuseQuery(queries) | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:3:28:3:40 | 'body-parser' | contextSurroundingFunctionParameters | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:3:28:3:40 | 'body-parser' | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:3:28:3:40 | 'body-parser' | enclosingFunctionName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:3:28:3:40 | 'body-parser' | fileImports | ./dbo.js body-parser express mongodb | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:3:28:3:40 | 'body-parser' | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:3:28:3:40 | 'body-parser' | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:9:9:9:49 | bodyPar ... true }) | CalleeFlexibleAccessPath | app.use | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:9:9:9:49 | bodyPar ... true }) | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:9:9:9:49 | bodyPar ... true }) | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:9:9:9:49 | bodyPar ... true }) | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:9:9:9:49 | bodyPar ... true }) | calleeImports | express | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:9:9:9:49 | bodyPar ... true }) | contextFunctionInterfaces | useParams(params)\nuseQuery(queries) | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:9:9:9:49 | bodyPar ... true }) | contextSurroundingFunctionParameters | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:9:9:9:49 | bodyPar ... true }) | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:9:9:9:49 | bodyPar ... true }) | enclosingFunctionName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:9:9:9:49 | bodyPar ... true }) | fileImports | ./dbo.js body-parser express mongodb | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:9:9:9:49 | bodyPar ... true }) | receiverName | app | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:9:9:9:49 | bodyPar ... true }) | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:9:31:9:48 | { extended: true } | CalleeFlexibleAccessPath | bodyParser.urlencoded | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:9:31:9:48 | { extended: true } | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:9:31:9:48 | { extended: true } | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:9:31:9:48 | { extended: true } | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:9:31:9:48 | { extended: true } | calleeImports | body-parser | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:9:31:9:48 | { extended: true } | contextFunctionInterfaces | useParams(params)\nuseQuery(queries) | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:9:31:9:48 | { extended: true } | contextSurroundingFunctionParameters | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:9:31:9:48 | { extended: true } | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:9:31:9:48 | { extended: true } | enclosingFunctionName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:9:31:9:48 | { extended: true } | fileImports | ./dbo.js body-parser express mongodb | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:9:31:9:48 | { extended: true } | receiverName | bodyParser | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:9:31:9:48 | { extended: true } | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:9:43:9:46 | true | CalleeFlexibleAccessPath | bodyParser.urlencoded | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:9:43:9:46 | true | InputAccessPathFromCallee | 0.extended | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:9:43:9:46 | true | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:9:43:9:46 | true | assignedToPropName | extended | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:9:43:9:46 | true | calleeImports | body-parser | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:9:43:9:46 | true | contextFunctionInterfaces | useParams(params)\nuseQuery(queries) | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:9:43:9:46 | true | contextSurroundingFunctionParameters | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:9:43:9:46 | true | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:9:43:9:46 | true | enclosingFunctionName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:9:43:9:46 | true | fileImports | ./dbo.js body-parser express mongodb | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:9:43:9:46 | true | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:9:43:9:46 | true | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:11:10:11:26 | '/documents/find' | CalleeFlexibleAccessPath | app.post | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:11:10:11:26 | '/documents/find' | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:11:10:11:26 | '/documents/find' | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:11:10:11:26 | '/documents/find' | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:11:10:11:26 | '/documents/find' | calleeImports | express | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:11:10:11:26 | '/documents/find' | contextFunctionInterfaces | useParams(params)\nuseQuery(queries) | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:11:10:11:26 | '/documents/find' | contextSurroundingFunctionParameters | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:11:10:11:26 | '/documents/find' | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:11:10:11:26 | '/documents/find' | enclosingFunctionName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:11:10:11:26 | '/documents/find' | fileImports | ./dbo.js body-parser express mongodb | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:11:10:11:26 | '/documents/find' | receiverName | app | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:11:10:11:26 | '/documents/find' | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:11:29:35:1 | (req, r ... });\\n} | CalleeFlexibleAccessPath | app.post | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:11:29:35:1 | (req, r ... });\\n} | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:11:29:35:1 | (req, r ... });\\n} | InputArgumentIndex | 1 | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:11:29:35:1 | (req, r ... });\\n} | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:11:29:35:1 | (req, r ... });\\n} | calleeImports | express | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:11:29:35:1 | (req, r ... });\\n} | contextFunctionInterfaces | useParams(params)\nuseQuery(queries) | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:11:29:35:1 | (req, r ... });\\n} | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:11:29:35:1 | (req, r ... });\\n} | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:11:29:35:1 | (req, r ... });\\n} | enclosingFunctionName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:11:29:35:1 | (req, r ... });\\n} | fileImports | ./dbo.js body-parser express mongodb | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:11:29:35:1 | (req, r ... });\\n} | receiverName | app | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:11:29:35:1 | (req, r ... });\\n} | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:12:19:12:20 | {} | CalleeFlexibleAccessPath | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:12:19:12:20 | {} | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:12:19:12:20 | {} | InputArgumentIndex | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:12:19:12:20 | {} | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:12:19:12:20 | {} | calleeImports | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:12:19:12:20 | {} | contextFunctionInterfaces | useParams(params)\nuseQuery(queries) | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:12:19:12:20 | {} | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:12:19:12:20 | {} | enclosingFunctionBody | req res query query title req body title MongoClient connect mongodb://localhost:27017/test err db doc db collection doc doc find query doc find title query body title doc find title query body title substr 1 title req body title title string doc find title title doc find title JSON parse title | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:12:19:12:20 | {} | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:12:19:12:20 | {} | fileImports | ./dbo.js body-parser express mongodb | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:12:19:12:20 | {} | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:12:19:12:20 | {} | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:14:25:14:56 | 'mongod ... 7/test' | CalleeFlexibleAccessPath | MongoClient.connect | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:14:25:14:56 | 'mongod ... 7/test' | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:14:25:14:56 | 'mongod ... 7/test' | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:14:25:14:56 | 'mongod ... 7/test' | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:14:25:14:56 | 'mongod ... 7/test' | calleeImports | mongodb | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:14:25:14:56 | 'mongod ... 7/test' | contextFunctionInterfaces | useParams(params)\nuseQuery(queries) | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:14:25:14:56 | 'mongod ... 7/test' | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:14:25:14:56 | 'mongod ... 7/test' | enclosingFunctionBody | req res query query title req body title MongoClient connect mongodb://localhost:27017/test err db doc db collection doc doc find query doc find title query body title doc find title query body title substr 1 title req body title title string doc find title title doc find title JSON parse title | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:14:25:14:56 | 'mongod ... 7/test' | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:14:25:14:56 | 'mongod ... 7/test' | fileImports | ./dbo.js body-parser express mongodb | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:14:25:14:56 | 'mongod ... 7/test' | receiverName | MongoClient | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:14:25:14:56 | 'mongod ... 7/test' | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:14:59:34:5 | (err, d ... }\\n } | CalleeFlexibleAccessPath | MongoClient.connect | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:14:59:34:5 | (err, d ... }\\n } | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:14:59:34:5 | (err, d ... }\\n } | InputArgumentIndex | 1 | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:14:59:34:5 | (err, d ... }\\n } | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:14:59:34:5 | (err, d ... }\\n } | calleeImports | mongodb | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:14:59:34:5 | (err, d ... }\\n } | contextFunctionInterfaces | useParams(params)\nuseQuery(queries) | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:14:59:34:5 | (err, d ... }\\n } | contextSurroundingFunctionParameters | (req, res)\n(err, db) | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:14:59:34:5 | (err, d ... }\\n } | enclosingFunctionBody | req res query query title req body title MongoClient connect mongodb://localhost:27017/test err db doc db collection doc doc find query doc find title query body title doc find title query body title substr 1 title req body title title string doc find title title doc find title JSON parse title | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:14:59:34:5 | (err, d ... }\\n } | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:14:59:34:5 | (err, d ... }\\n } | fileImports | ./dbo.js body-parser express mongodb | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:14:59:34:5 | (err, d ... }\\n } | receiverName | MongoClient | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:14:59:34:5 | (err, d ... }\\n } | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:15:31:15:35 | 'doc' | CalleeFlexibleAccessPath | db.collection | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:15:31:15:35 | 'doc' | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:15:31:15:35 | 'doc' | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:15:31:15:35 | 'doc' | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:15:31:15:35 | 'doc' | calleeImports | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:15:31:15:35 | 'doc' | contextFunctionInterfaces | useParams(params)\nuseQuery(queries) | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:15:31:15:35 | 'doc' | contextSurroundingFunctionParameters | (req, res)\n(err, db) | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:15:31:15:35 | 'doc' | enclosingFunctionBody | req res query query title req body title MongoClient connect mongodb://localhost:27017/test err db doc db collection doc doc find query doc find title query body title doc find title query body title substr 1 title req body title title string doc find title title doc find title JSON parse title | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:15:31:15:35 | 'doc' | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:15:31:15:35 | 'doc' | fileImports | ./dbo.js body-parser express mongodb | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:15:31:15:35 | 'doc' | receiverName | db | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:15:31:15:35 | 'doc' | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:18:16:18:20 | query | CalleeFlexibleAccessPath | doc.find | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:18:16:18:20 | query | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:18:16:18:20 | query | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:18:16:18:20 | query | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:18:16:18:20 | query | calleeImports | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:18:16:18:20 | query | contextFunctionInterfaces | useParams(params)\nuseQuery(queries) | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:18:16:18:20 | query | contextSurroundingFunctionParameters | (req, res)\n(err, db) | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:18:16:18:20 | query | enclosingFunctionBody | req res query query title req body title MongoClient connect mongodb://localhost:27017/test err db doc db collection doc doc find query doc find title query body title doc find title query body title substr 1 title req body title title string doc find title title doc find title JSON parse title | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:18:16:18:20 | query | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:18:16:18:20 | query | fileImports | ./dbo.js body-parser express mongodb | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:18:16:18:20 | query | receiverName | doc | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:18:16:18:20 | query | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:21:16:21:47 | { title ... title } | CalleeFlexibleAccessPath | doc.find | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:21:16:21:47 | { title ... title } | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:21:16:21:47 | { title ... title } | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:21:16:21:47 | { title ... title } | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:21:16:21:47 | { title ... title } | calleeImports | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:21:16:21:47 | { title ... title } | contextFunctionInterfaces | useParams(params)\nuseQuery(queries) | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:21:16:21:47 | { title ... title } | contextSurroundingFunctionParameters | (req, res)\n(err, db) | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:21:16:21:47 | { title ... title } | enclosingFunctionBody | req res query query title req body title MongoClient connect mongodb://localhost:27017/test err db doc db collection doc doc find query doc find title query body title doc find title query body title substr 1 title req body title title string doc find title title doc find title JSON parse title | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:21:16:21:47 | { title ... title } | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:21:16:21:47 | { title ... title } | fileImports | ./dbo.js body-parser express mongodb | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:21:16:21:47 | { title ... title } | receiverName | doc | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:21:16:21:47 | { title ... title } | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:21:25:21:45 | '' + qu ... y.title | CalleeFlexibleAccessPath | doc.find | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:21:25:21:45 | '' + qu ... y.title | InputAccessPathFromCallee | 0.title | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:21:25:21:45 | '' + qu ... y.title | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:21:25:21:45 | '' + qu ... y.title | assignedToPropName | title | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:21:25:21:45 | '' + qu ... y.title | calleeImports | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:21:25:21:45 | '' + qu ... y.title | contextFunctionInterfaces | useParams(params)\nuseQuery(queries) | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:21:25:21:45 | '' + qu ... y.title | contextSurroundingFunctionParameters | (req, res)\n(err, db) | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:21:25:21:45 | '' + qu ... y.title | enclosingFunctionBody | req res query query title req body title MongoClient connect mongodb://localhost:27017/test err db doc db collection doc doc find query doc find title query body title doc find title query body title substr 1 title req body title title string doc find title title doc find title JSON parse title | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:21:25:21:45 | '' + qu ... y.title | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:21:25:21:45 | '' + qu ... y.title | fileImports | ./dbo.js body-parser express mongodb | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:21:25:21:45 | '' + qu ... y.title | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:21:25:21:45 | '' + qu ... y.title | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:24:16:24:52 | { title ... tr(1) } | CalleeFlexibleAccessPath | doc.find | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:24:16:24:52 | { title ... tr(1) } | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:24:16:24:52 | { title ... tr(1) } | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:24:16:24:52 | { title ... tr(1) } | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:24:16:24:52 | { title ... tr(1) } | calleeImports | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:24:16:24:52 | { title ... tr(1) } | contextFunctionInterfaces | useParams(params)\nuseQuery(queries) | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:24:16:24:52 | { title ... tr(1) } | contextSurroundingFunctionParameters | (req, res)\n(err, db) | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:24:16:24:52 | { title ... tr(1) } | enclosingFunctionBody | req res query query title req body title MongoClient connect mongodb://localhost:27017/test err db doc db collection doc doc find query doc find title query body title doc find title query body title substr 1 title req body title title string doc find title title doc find title JSON parse title | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:24:16:24:52 | { title ... tr(1) } | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:24:16:24:52 | { title ... tr(1) } | fileImports | ./dbo.js body-parser express mongodb | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:24:16:24:52 | { title ... tr(1) } | receiverName | doc | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:24:16:24:52 | { title ... tr(1) } | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:24:25:24:50 | query.b ... bstr(1) | CalleeFlexibleAccessPath | doc.find | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:24:25:24:50 | query.b ... bstr(1) | InputAccessPathFromCallee | 0.title | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:24:25:24:50 | query.b ... bstr(1) | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:24:25:24:50 | query.b ... bstr(1) | assignedToPropName | title | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:24:25:24:50 | query.b ... bstr(1) | calleeImports | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:24:25:24:50 | query.b ... bstr(1) | contextFunctionInterfaces | useParams(params)\nuseQuery(queries) | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:24:25:24:50 | query.b ... bstr(1) | contextSurroundingFunctionParameters | (req, res)\n(err, db) | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:24:25:24:50 | query.b ... bstr(1) | enclosingFunctionBody | req res query query title req body title MongoClient connect mongodb://localhost:27017/test err db doc db collection doc doc find query doc find title query body title doc find title query body title substr 1 title req body title title string doc find title title doc find title JSON parse title | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:24:25:24:50 | query.b ... bstr(1) | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:24:25:24:50 | query.b ... bstr(1) | fileImports | ./dbo.js body-parser express mongodb | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:24:25:24:50 | query.b ... bstr(1) | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:24:25:24:50 | query.b ... bstr(1) | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:24:49:24:49 | 1 | CalleeFlexibleAccessPath | query.body.title.substr | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:24:49:24:49 | 1 | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:24:49:24:49 | 1 | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:24:49:24:49 | 1 | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:24:49:24:49 | 1 | calleeImports | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:24:49:24:49 | 1 | contextFunctionInterfaces | useParams(params)\nuseQuery(queries) | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:24:49:24:49 | 1 | contextSurroundingFunctionParameters | (req, res)\n(err, db) | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:24:49:24:49 | 1 | enclosingFunctionBody | req res query query title req body title MongoClient connect mongodb://localhost:27017/test err db doc db collection doc doc find query doc find title query body title doc find title query body title substr 1 title req body title title string doc find title title doc find title JSON parse title | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:24:49:24:49 | 1 | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:24:49:24:49 | 1 | fileImports | ./dbo.js body-parser express mongodb | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:24:49:24:49 | 1 | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:24:49:24:49 | 1 | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:29:18:29:33 | { title: title } | CalleeFlexibleAccessPath | doc.find | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:29:18:29:33 | { title: title } | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:29:18:29:33 | { title: title } | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:29:18:29:33 | { title: title } | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:29:18:29:33 | { title: title } | calleeImports | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:29:18:29:33 | { title: title } | contextFunctionInterfaces | useParams(params)\nuseQuery(queries) | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:29:18:29:33 | { title: title } | contextSurroundingFunctionParameters | (req, res)\n(err, db) | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:29:18:29:33 | { title: title } | enclosingFunctionBody | req res query query title req body title MongoClient connect mongodb://localhost:27017/test err db doc db collection doc doc find query doc find title query body title doc find title query body title substr 1 title req body title title string doc find title title doc find title JSON parse title | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:29:18:29:33 | { title: title } | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:29:18:29:33 | { title: title } | fileImports | ./dbo.js body-parser express mongodb | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:29:18:29:33 | { title: title } | receiverName | doc | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:29:18:29:33 | { title: title } | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:29:27:29:31 | title | CalleeFlexibleAccessPath | doc.find | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:29:27:29:31 | title | InputAccessPathFromCallee | 0.title | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:29:27:29:31 | title | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:29:27:29:31 | title | assignedToPropName | title | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:29:27:29:31 | title | calleeImports | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:29:27:29:31 | title | contextFunctionInterfaces | useParams(params)\nuseQuery(queries) | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:29:27:29:31 | title | contextSurroundingFunctionParameters | (req, res)\n(err, db) | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:29:27:29:31 | title | enclosingFunctionBody | req res query query title req body title MongoClient connect mongodb://localhost:27017/test err db doc db collection doc doc find query doc find title query body title doc find title query body title substr 1 title req body title title string doc find title title doc find title JSON parse title | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:29:27:29:31 | title | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:29:27:29:31 | title | fileImports | ./dbo.js body-parser express mongodb | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:29:27:29:31 | title | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:29:27:29:31 | title | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:32:18:32:45 | { title ... itle) } | CalleeFlexibleAccessPath | doc.find | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:32:18:32:45 | { title ... itle) } | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:32:18:32:45 | { title ... itle) } | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:32:18:32:45 | { title ... itle) } | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:32:18:32:45 | { title ... itle) } | calleeImports | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:32:18:32:45 | { title ... itle) } | contextFunctionInterfaces | useParams(params)\nuseQuery(queries) | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:32:18:32:45 | { title ... itle) } | contextSurroundingFunctionParameters | (req, res)\n(err, db) | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:32:18:32:45 | { title ... itle) } | enclosingFunctionBody | req res query query title req body title MongoClient connect mongodb://localhost:27017/test err db doc db collection doc doc find query doc find title query body title doc find title query body title substr 1 title req body title title string doc find title title doc find title JSON parse title | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:32:18:32:45 | { title ... itle) } | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:32:18:32:45 | { title ... itle) } | fileImports | ./dbo.js body-parser express mongodb | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:32:18:32:45 | { title ... itle) } | receiverName | doc | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:32:18:32:45 | { title ... itle) } | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:32:27:32:43 | JSON.parse(title) | CalleeFlexibleAccessPath | doc.find | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:32:27:32:43 | JSON.parse(title) | InputAccessPathFromCallee | 0.title | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:32:27:32:43 | JSON.parse(title) | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:32:27:32:43 | JSON.parse(title) | assignedToPropName | title | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:32:27:32:43 | JSON.parse(title) | calleeImports | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:32:27:32:43 | JSON.parse(title) | contextFunctionInterfaces | useParams(params)\nuseQuery(queries) | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:32:27:32:43 | JSON.parse(title) | contextSurroundingFunctionParameters | (req, res)\n(err, db) | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:32:27:32:43 | JSON.parse(title) | enclosingFunctionBody | req res query query title req body title MongoClient connect mongodb://localhost:27017/test err db doc db collection doc doc find query doc find title query body title doc find title query body title substr 1 title req body title title string doc find title title doc find title JSON parse title | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:32:27:32:43 | JSON.parse(title) | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:32:27:32:43 | JSON.parse(title) | fileImports | ./dbo.js body-parser express mongodb | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:32:27:32:43 | JSON.parse(title) | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:32:27:32:43 | JSON.parse(title) | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:37:9:37:14 | '/:id' | CalleeFlexibleAccessPath | app.get | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:37:9:37:14 | '/:id' | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:37:9:37:14 | '/:id' | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:37:9:37:14 | '/:id' | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:37:9:37:14 | '/:id' | calleeImports | express | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:37:9:37:14 | '/:id' | contextFunctionInterfaces | useParams(params)\nuseQuery(queries) | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:37:9:37:14 | '/:id' | contextSurroundingFunctionParameters | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:37:9:37:14 | '/:id' | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:37:9:37:14 | '/:id' | enclosingFunctionName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:37:9:37:14 | '/:id' | fileImports | ./dbo.js body-parser express mongodb | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:37:9:37:14 | '/:id' | receiverName | app | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:37:9:37:14 | '/:id' | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:37:17:45:1 | (req, r ... });\\n} | CalleeFlexibleAccessPath | app.get | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:37:17:45:1 | (req, r ... });\\n} | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:37:17:45:1 | (req, r ... });\\n} | InputArgumentIndex | 1 | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:37:17:45:1 | (req, r ... });\\n} | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:37:17:45:1 | (req, r ... });\\n} | calleeImports | express | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:37:17:45:1 | (req, r ... });\\n} | contextFunctionInterfaces | useParams(params)\nuseQuery(queries) | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:37:17:45:1 | (req, r ... });\\n} | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:37:17:45:1 | (req, r ... });\\n} | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:37:17:45:1 | (req, r ... });\\n} | enclosingFunctionName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:37:17:45:1 | (req, r ... });\\n} | fileImports | ./dbo.js body-parser express mongodb | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:37:17:45:1 | (req, r ... });\\n} | receiverName | app | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:37:17:45:1 | (req, r ... });\\n} | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:38:17:38:36 | { id: req.param.id } | CalleeFlexibleAccessPath | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:38:17:38:36 | { id: req.param.id } | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:38:17:38:36 | { id: req.param.id } | InputArgumentIndex | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:38:17:38:36 | { id: req.param.id } | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:38:17:38:36 | { id: req.param.id } | calleeImports | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:38:17:38:36 | { id: req.param.id } | contextFunctionInterfaces | useParams(params)\nuseQuery(queries) | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:38:17:38:36 | { id: req.param.id } | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:38:17:38:36 | { id: req.param.id } | enclosingFunctionBody | req res query id req param id MongoClient connect mongodb://localhost:27017/test err db doc db collection doc doc find query | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:38:17:38:36 | { id: req.param.id } | enclosingFunctionName | app.get#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:38:17:38:36 | { id: req.param.id } | fileImports | ./dbo.js body-parser express mongodb | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:38:17:38:36 | { id: req.param.id } | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:38:17:38:36 | { id: req.param.id } | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:39:25:39:56 | 'mongod ... 7/test' | CalleeFlexibleAccessPath | MongoClient.connect | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:39:25:39:56 | 'mongod ... 7/test' | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:39:25:39:56 | 'mongod ... 7/test' | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:39:25:39:56 | 'mongod ... 7/test' | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:39:25:39:56 | 'mongod ... 7/test' | calleeImports | mongodb | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:39:25:39:56 | 'mongod ... 7/test' | contextFunctionInterfaces | useParams(params)\nuseQuery(queries) | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:39:25:39:56 | 'mongod ... 7/test' | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:39:25:39:56 | 'mongod ... 7/test' | enclosingFunctionBody | req res query id req param id MongoClient connect mongodb://localhost:27017/test err db doc db collection doc doc find query | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:39:25:39:56 | 'mongod ... 7/test' | enclosingFunctionName | app.get#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:39:25:39:56 | 'mongod ... 7/test' | fileImports | ./dbo.js body-parser express mongodb | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:39:25:39:56 | 'mongod ... 7/test' | receiverName | MongoClient | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:39:25:39:56 | 'mongod ... 7/test' | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:39:59:44:5 | (err, d ... ;\\n } | CalleeFlexibleAccessPath | MongoClient.connect | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:39:59:44:5 | (err, d ... ;\\n } | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:39:59:44:5 | (err, d ... ;\\n } | InputArgumentIndex | 1 | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:39:59:44:5 | (err, d ... ;\\n } | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:39:59:44:5 | (err, d ... ;\\n } | calleeImports | mongodb | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:39:59:44:5 | (err, d ... ;\\n } | contextFunctionInterfaces | useParams(params)\nuseQuery(queries) | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:39:59:44:5 | (err, d ... ;\\n } | contextSurroundingFunctionParameters | (req, res)\n(err, db) | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:39:59:44:5 | (err, d ... ;\\n } | enclosingFunctionBody | req res query id req param id MongoClient connect mongodb://localhost:27017/test err db doc db collection doc doc find query | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:39:59:44:5 | (err, d ... ;\\n } | enclosingFunctionName | app.get#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:39:59:44:5 | (err, d ... ;\\n } | fileImports | ./dbo.js body-parser express mongodb | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:39:59:44:5 | (err, d ... ;\\n } | receiverName | MongoClient | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:39:59:44:5 | (err, d ... ;\\n } | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:40:31:40:35 | 'doc' | CalleeFlexibleAccessPath | db.collection | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:40:31:40:35 | 'doc' | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:40:31:40:35 | 'doc' | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:40:31:40:35 | 'doc' | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:40:31:40:35 | 'doc' | calleeImports | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:40:31:40:35 | 'doc' | contextFunctionInterfaces | useParams(params)\nuseQuery(queries) | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:40:31:40:35 | 'doc' | contextSurroundingFunctionParameters | (req, res)\n(err, db) | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:40:31:40:35 | 'doc' | enclosingFunctionBody | req res query id req param id MongoClient connect mongodb://localhost:27017/test err db doc db collection doc doc find query | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:40:31:40:35 | 'doc' | enclosingFunctionName | app.get#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:40:31:40:35 | 'doc' | fileImports | ./dbo.js body-parser express mongodb | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:40:31:40:35 | 'doc' | receiverName | db | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:40:31:40:35 | 'doc' | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:43:16:43:20 | query | CalleeFlexibleAccessPath | doc.find | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:43:16:43:20 | query | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:43:16:43:20 | query | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:43:16:43:20 | query | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:43:16:43:20 | query | calleeImports | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:43:16:43:20 | query | contextFunctionInterfaces | useParams(params)\nuseQuery(queries) | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:43:16:43:20 | query | contextSurroundingFunctionParameters | (req, res)\n(err, db) | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:43:16:43:20 | query | enclosingFunctionBody | req res query id req param id MongoClient connect mongodb://localhost:27017/test err db doc db collection doc doc find query | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:43:16:43:20 | query | enclosingFunctionName | app.get#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:43:16:43:20 | query | fileImports | ./dbo.js body-parser express mongodb | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:43:16:43:20 | query | receiverName | doc | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:43:16:43:20 | query | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:47:10:47:26 | '/documents/find' | CalleeFlexibleAccessPath | app.post | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:47:10:47:26 | '/documents/find' | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:47:10:47:26 | '/documents/find' | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:47:10:47:26 | '/documents/find' | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:47:10:47:26 | '/documents/find' | calleeImports | express | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:47:10:47:26 | '/documents/find' | contextFunctionInterfaces | useParams(params)\nuseQuery(queries) | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:47:10:47:26 | '/documents/find' | contextSurroundingFunctionParameters | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:47:10:47:26 | '/documents/find' | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:47:10:47:26 | '/documents/find' | enclosingFunctionName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:47:10:47:26 | '/documents/find' | fileImports | ./dbo.js body-parser express mongodb | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:47:10:47:26 | '/documents/find' | receiverName | app | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:47:10:47:26 | '/documents/find' | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:47:29:56:1 | (req, r ... });\\n} | CalleeFlexibleAccessPath | app.post | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:47:29:56:1 | (req, r ... });\\n} | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:47:29:56:1 | (req, r ... });\\n} | InputArgumentIndex | 1 | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:47:29:56:1 | (req, r ... });\\n} | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:47:29:56:1 | (req, r ... });\\n} | calleeImports | express | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:47:29:56:1 | (req, r ... });\\n} | contextFunctionInterfaces | useParams(params)\nuseQuery(queries) | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:47:29:56:1 | (req, r ... });\\n} | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:47:29:56:1 | (req, r ... });\\n} | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:47:29:56:1 | (req, r ... });\\n} | enclosingFunctionName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:47:29:56:1 | (req, r ... });\\n} | fileImports | ./dbo.js body-parser express mongodb | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:47:29:56:1 | (req, r ... });\\n} | receiverName | app | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:47:29:56:1 | (req, r ... });\\n} | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:48:19:48:20 | {} | CalleeFlexibleAccessPath | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:48:19:48:20 | {} | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:48:19:48:20 | {} | InputArgumentIndex | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:48:19:48:20 | {} | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:48:19:48:20 | {} | calleeImports | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:48:19:48:20 | {} | contextFunctionInterfaces | useParams(params)\nuseQuery(queries) | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:48:19:48:20 | {} | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:48:19:48:20 | {} | enclosingFunctionBody | req res query query title req query title MongoClient connect mongodb://localhost:27017/test err db doc db collection doc doc find query | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:48:19:48:20 | {} | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:48:19:48:20 | {} | fileImports | ./dbo.js body-parser express mongodb | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:48:19:48:20 | {} | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:48:19:48:20 | {} | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:50:25:50:56 | 'mongod ... 7/test' | CalleeFlexibleAccessPath | MongoClient.connect | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:50:25:50:56 | 'mongod ... 7/test' | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:50:25:50:56 | 'mongod ... 7/test' | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:50:25:50:56 | 'mongod ... 7/test' | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:50:25:50:56 | 'mongod ... 7/test' | calleeImports | mongodb | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:50:25:50:56 | 'mongod ... 7/test' | contextFunctionInterfaces | useParams(params)\nuseQuery(queries) | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:50:25:50:56 | 'mongod ... 7/test' | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:50:25:50:56 | 'mongod ... 7/test' | enclosingFunctionBody | req res query query title req query title MongoClient connect mongodb://localhost:27017/test err db doc db collection doc doc find query | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:50:25:50:56 | 'mongod ... 7/test' | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:50:25:50:56 | 'mongod ... 7/test' | fileImports | ./dbo.js body-parser express mongodb | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:50:25:50:56 | 'mongod ... 7/test' | receiverName | MongoClient | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:50:25:50:56 | 'mongod ... 7/test' | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:50:59:55:5 | (err, d ... ;\\n } | CalleeFlexibleAccessPath | MongoClient.connect | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:50:59:55:5 | (err, d ... ;\\n } | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:50:59:55:5 | (err, d ... ;\\n } | InputArgumentIndex | 1 | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:50:59:55:5 | (err, d ... ;\\n } | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:50:59:55:5 | (err, d ... ;\\n } | calleeImports | mongodb | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:50:59:55:5 | (err, d ... ;\\n } | contextFunctionInterfaces | useParams(params)\nuseQuery(queries) | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:50:59:55:5 | (err, d ... ;\\n } | contextSurroundingFunctionParameters | (req, res)\n(err, db) | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:50:59:55:5 | (err, d ... ;\\n } | enclosingFunctionBody | req res query query title req query title MongoClient connect mongodb://localhost:27017/test err db doc db collection doc doc find query | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:50:59:55:5 | (err, d ... ;\\n } | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:50:59:55:5 | (err, d ... ;\\n } | fileImports | ./dbo.js body-parser express mongodb | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:50:59:55:5 | (err, d ... ;\\n } | receiverName | MongoClient | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:50:59:55:5 | (err, d ... ;\\n } | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:51:31:51:35 | 'doc' | CalleeFlexibleAccessPath | db.collection | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:51:31:51:35 | 'doc' | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:51:31:51:35 | 'doc' | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:51:31:51:35 | 'doc' | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:51:31:51:35 | 'doc' | calleeImports | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:51:31:51:35 | 'doc' | contextFunctionInterfaces | useParams(params)\nuseQuery(queries) | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:51:31:51:35 | 'doc' | contextSurroundingFunctionParameters | (req, res)\n(err, db) | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:51:31:51:35 | 'doc' | enclosingFunctionBody | req res query query title req query title MongoClient connect mongodb://localhost:27017/test err db doc db collection doc doc find query | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:51:31:51:35 | 'doc' | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:51:31:51:35 | 'doc' | fileImports | ./dbo.js body-parser express mongodb | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:51:31:51:35 | 'doc' | receiverName | db | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:51:31:51:35 | 'doc' | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:54:16:54:20 | query | CalleeFlexibleAccessPath | doc.find | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:54:16:54:20 | query | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:54:16:54:20 | query | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:54:16:54:20 | query | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:54:16:54:20 | query | calleeImports | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:54:16:54:20 | query | contextFunctionInterfaces | useParams(params)\nuseQuery(queries) | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:54:16:54:20 | query | contextSurroundingFunctionParameters | (req, res)\n(err, db) | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:54:16:54:20 | query | enclosingFunctionBody | req res query query title req query title MongoClient connect mongodb://localhost:27017/test err db doc db collection doc doc find query | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:54:16:54:20 | query | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:54:16:54:20 | query | fileImports | ./dbo.js body-parser express mongodb | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:54:16:54:20 | query | receiverName | doc | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:54:16:54:20 | query | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:58:10:58:26 | '/documents/find' | CalleeFlexibleAccessPath | app.post | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:58:10:58:26 | '/documents/find' | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:58:10:58:26 | '/documents/find' | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:58:10:58:26 | '/documents/find' | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:58:10:58:26 | '/documents/find' | calleeImports | express | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:58:10:58:26 | '/documents/find' | contextFunctionInterfaces | useParams(params)\nuseQuery(queries) | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:58:10:58:26 | '/documents/find' | contextSurroundingFunctionParameters | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:58:10:58:26 | '/documents/find' | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:58:10:58:26 | '/documents/find' | enclosingFunctionName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:58:10:58:26 | '/documents/find' | fileImports | ./dbo.js body-parser express mongodb | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:58:10:58:26 | '/documents/find' | receiverName | app | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:58:10:58:26 | '/documents/find' | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:58:29:67:1 | (req, r ... \\n\\t});\\n} | CalleeFlexibleAccessPath | app.post | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:58:29:67:1 | (req, r ... \\n\\t});\\n} | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:58:29:67:1 | (req, r ... \\n\\t});\\n} | InputArgumentIndex | 1 | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:58:29:67:1 | (req, r ... \\n\\t});\\n} | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:58:29:67:1 | (req, r ... \\n\\t});\\n} | calleeImports | express | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:58:29:67:1 | (req, r ... \\n\\t});\\n} | contextFunctionInterfaces | useParams(params)\nuseQuery(queries) | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:58:29:67:1 | (req, r ... \\n\\t});\\n} | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:58:29:67:1 | (req, r ... \\n\\t});\\n} | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:58:29:67:1 | (req, r ... \\n\\t});\\n} | enclosingFunctionName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:58:29:67:1 | (req, r ... \\n\\t});\\n} | fileImports | ./dbo.js body-parser express mongodb | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:58:29:67:1 | (req, r ... \\n\\t});\\n} | receiverName | app | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:58:29:67:1 | (req, r ... \\n\\t});\\n} | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:59:16:59:17 | {} | CalleeFlexibleAccessPath | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:59:16:59:17 | {} | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:59:16:59:17 | {} | InputArgumentIndex | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:59:16:59:17 | {} | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:59:16:59:17 | {} | calleeImports | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:59:16:59:17 | {} | contextFunctionInterfaces | useParams(params)\nuseQuery(queries) | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:59:16:59:17 | {} | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:59:16:59:17 | {} | enclosingFunctionBody | req res query query title req query title MongoClient connect mongodb://localhost:27017/test err client doc client db MASTER collection doc doc find query | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:59:16:59:17 | {} | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:59:16:59:17 | {} | fileImports | ./dbo.js body-parser express mongodb | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:59:16:59:17 | {} | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:59:16:59:17 | {} | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:61:22:61:53 | 'mongod ... 7/test' | CalleeFlexibleAccessPath | MongoClient.connect | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:61:22:61:53 | 'mongod ... 7/test' | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:61:22:61:53 | 'mongod ... 7/test' | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:61:22:61:53 | 'mongod ... 7/test' | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:61:22:61:53 | 'mongod ... 7/test' | calleeImports | mongodb | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:61:22:61:53 | 'mongod ... 7/test' | contextFunctionInterfaces | useParams(params)\nuseQuery(queries) | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:61:22:61:53 | 'mongod ... 7/test' | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:61:22:61:53 | 'mongod ... 7/test' | enclosingFunctionBody | req res query query title req query title MongoClient connect mongodb://localhost:27017/test err client doc client db MASTER collection doc doc find query | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:61:22:61:53 | 'mongod ... 7/test' | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:61:22:61:53 | 'mongod ... 7/test' | fileImports | ./dbo.js body-parser express mongodb | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:61:22:61:53 | 'mongod ... 7/test' | receiverName | MongoClient | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:61:22:61:53 | 'mongod ... 7/test' | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:61:56:66:2 | (err, c ... ry);\\n\\t} | CalleeFlexibleAccessPath | MongoClient.connect | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:61:56:66:2 | (err, c ... ry);\\n\\t} | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:61:56:66:2 | (err, c ... ry);\\n\\t} | InputArgumentIndex | 1 | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:61:56:66:2 | (err, c ... ry);\\n\\t} | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:61:56:66:2 | (err, c ... ry);\\n\\t} | calleeImports | mongodb | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:61:56:66:2 | (err, c ... ry);\\n\\t} | contextFunctionInterfaces | useParams(params)\nuseQuery(queries) | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:61:56:66:2 | (err, c ... ry);\\n\\t} | contextSurroundingFunctionParameters | (req, res)\n(err, client) | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:61:56:66:2 | (err, c ... ry);\\n\\t} | enclosingFunctionBody | req res query query title req query title MongoClient connect mongodb://localhost:27017/test err client doc client db MASTER collection doc doc find query | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:61:56:66:2 | (err, c ... ry);\\n\\t} | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:61:56:66:2 | (err, c ... ry);\\n\\t} | fileImports | ./dbo.js body-parser express mongodb | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:61:56:66:2 | (err, c ... ry);\\n\\t} | receiverName | MongoClient | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:61:56:66:2 | (err, c ... ry);\\n\\t} | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:62:23:62:30 | "MASTER" | CalleeFlexibleAccessPath | client.db | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:62:23:62:30 | "MASTER" | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:62:23:62:30 | "MASTER" | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:62:23:62:30 | "MASTER" | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:62:23:62:30 | "MASTER" | calleeImports | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:62:23:62:30 | "MASTER" | contextFunctionInterfaces | useParams(params)\nuseQuery(queries) | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:62:23:62:30 | "MASTER" | contextSurroundingFunctionParameters | (req, res)\n(err, client) | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:62:23:62:30 | "MASTER" | enclosingFunctionBody | req res query query title req query title MongoClient connect mongodb://localhost:27017/test err client doc client db MASTER collection doc doc find query | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:62:23:62:30 | "MASTER" | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:62:23:62:30 | "MASTER" | fileImports | ./dbo.js body-parser express mongodb | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:62:23:62:30 | "MASTER" | receiverName | client | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:62:23:62:30 | "MASTER" | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:62:44:62:48 | 'doc' | CalleeFlexibleAccessPath | client.db().collection | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:62:44:62:48 | 'doc' | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:62:44:62:48 | 'doc' | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:62:44:62:48 | 'doc' | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:62:44:62:48 | 'doc' | calleeImports | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:62:44:62:48 | 'doc' | contextFunctionInterfaces | useParams(params)\nuseQuery(queries) | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:62:44:62:48 | 'doc' | contextSurroundingFunctionParameters | (req, res)\n(err, client) | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:62:44:62:48 | 'doc' | enclosingFunctionBody | req res query query title req query title MongoClient connect mongodb://localhost:27017/test err client doc client db MASTER collection doc doc find query | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:62:44:62:48 | 'doc' | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:62:44:62:48 | 'doc' | fileImports | ./dbo.js body-parser express mongodb | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:62:44:62:48 | 'doc' | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:62:44:62:48 | 'doc' | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:65:12:65:16 | query | CalleeFlexibleAccessPath | doc.find | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:65:12:65:16 | query | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:65:12:65:16 | query | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:65:12:65:16 | query | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:65:12:65:16 | query | calleeImports | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:65:12:65:16 | query | contextFunctionInterfaces | useParams(params)\nuseQuery(queries) | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:65:12:65:16 | query | contextSurroundingFunctionParameters | (req, res)\n(err, client) | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:65:12:65:16 | query | enclosingFunctionBody | req res query query title req query title MongoClient connect mongodb://localhost:27017/test err client doc client db MASTER collection doc doc find query | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:65:12:65:16 | query | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:65:12:65:16 | query | fileImports | ./dbo.js body-parser express mongodb | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:65:12:65:16 | query | receiverName | doc | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:65:12:65:16 | query | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:69:10:69:29 | "/logs/count-by-tag" | CalleeFlexibleAccessPath | app.post | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:69:10:69:29 | "/logs/count-by-tag" | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:69:10:69:29 | "/logs/count-by-tag" | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:69:10:69:29 | "/logs/count-by-tag" | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:69:10:69:29 | "/logs/count-by-tag" | calleeImports | express | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:69:10:69:29 | "/logs/count-by-tag" | contextFunctionInterfaces | useParams(params)\nuseQuery(queries) | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:69:10:69:29 | "/logs/count-by-tag" | contextSurroundingFunctionParameters | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:69:10:69:29 | "/logs/count-by-tag" | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:69:10:69:29 | "/logs/count-by-tag" | enclosingFunctionName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:69:10:69:29 | "/logs/count-by-tag" | fileImports | ./dbo.js body-parser express mongodb | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:69:10:69:29 | "/logs/count-by-tag" | receiverName | app | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:69:10:69:29 | "/logs/count-by-tag" | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:69:32:86:1 | (req, r ... g });\\n} | CalleeFlexibleAccessPath | app.post | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:69:32:86:1 | (req, r ... g });\\n} | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:69:32:86:1 | (req, r ... g });\\n} | InputArgumentIndex | 1 | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:69:32:86:1 | (req, r ... g });\\n} | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:69:32:86:1 | (req, r ... g });\\n} | calleeImports | express | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:69:32:86:1 | (req, r ... g });\\n} | contextFunctionInterfaces | useParams(params)\nuseQuery(queries) | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:69:32:86:1 | (req, r ... g });\\n} | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:69:32:86:1 | (req, r ... g });\\n} | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:69:32:86:1 | (req, r ... g });\\n} | enclosingFunctionName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:69:32:86:1 | (req, r ... g });\\n} | fileImports | ./dbo.js body-parser express mongodb | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:69:32:86:1 | (req, r ... g });\\n} | receiverName | app | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:69:32:86:1 | (req, r ... g });\\n} | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:72:23:72:40 | process.env.DB_URL | CalleeFlexibleAccessPath | MongoClient.connect | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:72:23:72:40 | process.env.DB_URL | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:72:23:72:40 | process.env.DB_URL | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:72:23:72:40 | process.env.DB_URL | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:72:23:72:40 | process.env.DB_URL | calleeImports | mongodb | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:72:23:72:40 | process.env.DB_URL | contextFunctionInterfaces | useParams(params)\nuseQuery(queries) | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:72:23:72:40 | process.env.DB_URL | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:72:23:72:40 | process.env.DB_URL | enclosingFunctionBody | req res tag req query tag MongoClient connect process env DB_URL err client client db process env DB_NAME collection logs count tags tag importedDbo require ./dbo.js importedDbo db collection logs count tags tag | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:72:23:72:40 | process.env.DB_URL | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:72:23:72:40 | process.env.DB_URL | fileImports | ./dbo.js body-parser express mongodb | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:72:23:72:40 | process.env.DB_URL | receiverName | MongoClient | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:72:23:72:40 | process.env.DB_URL | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:72:43:72:44 | {} | CalleeFlexibleAccessPath | MongoClient.connect | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:72:43:72:44 | {} | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:72:43:72:44 | {} | InputArgumentIndex | 1 | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:72:43:72:44 | {} | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:72:43:72:44 | {} | calleeImports | mongodb | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:72:43:72:44 | {} | contextFunctionInterfaces | useParams(params)\nuseQuery(queries) | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:72:43:72:44 | {} | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:72:43:72:44 | {} | enclosingFunctionBody | req res tag req query tag MongoClient connect process env DB_URL err client client db process env DB_NAME collection logs count tags tag importedDbo require ./dbo.js importedDbo db collection logs count tags tag | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:72:43:72:44 | {} | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:72:43:72:44 | {} | fileImports | ./dbo.js body-parser express mongodb | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:72:43:72:44 | {} | receiverName | MongoClient | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:72:43:72:44 | {} | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:72:47:78:3 | (err, c ... });\\n } | CalleeFlexibleAccessPath | MongoClient.connect | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:72:47:78:3 | (err, c ... });\\n } | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:72:47:78:3 | (err, c ... });\\n } | InputArgumentIndex | 2 | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:72:47:78:3 | (err, c ... });\\n } | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:72:47:78:3 | (err, c ... });\\n } | calleeImports | mongodb | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:72:47:78:3 | (err, c ... });\\n } | contextFunctionInterfaces | useParams(params)\nuseQuery(queries) | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:72:47:78:3 | (err, c ... });\\n } | contextSurroundingFunctionParameters | (req, res)\n(err, client) | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:72:47:78:3 | (err, c ... });\\n } | enclosingFunctionBody | req res tag req query tag MongoClient connect process env DB_URL err client client db process env DB_NAME collection logs count tags tag importedDbo require ./dbo.js importedDbo db collection logs count tags tag | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:72:47:78:3 | (err, c ... });\\n } | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:72:47:78:3 | (err, c ... });\\n } | fileImports | ./dbo.js body-parser express mongodb | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:72:47:78:3 | (err, c ... });\\n } | receiverName | MongoClient | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:72:47:78:3 | (err, c ... });\\n } | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:74:11:74:29 | process.env.DB_NAME | CalleeFlexibleAccessPath | client.db | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:74:11:74:29 | process.env.DB_NAME | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:74:11:74:29 | process.env.DB_NAME | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:74:11:74:29 | process.env.DB_NAME | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:74:11:74:29 | process.env.DB_NAME | calleeImports | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:74:11:74:29 | process.env.DB_NAME | contextFunctionInterfaces | useParams(params)\nuseQuery(queries) | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:74:11:74:29 | process.env.DB_NAME | contextSurroundingFunctionParameters | (req, res)\n(err, client) | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:74:11:74:29 | process.env.DB_NAME | enclosingFunctionBody | req res tag req query tag MongoClient connect process env DB_URL err client client db process env DB_NAME collection logs count tags tag importedDbo require ./dbo.js importedDbo db collection logs count tags tag | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:74:11:74:29 | process.env.DB_NAME | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:74:11:74:29 | process.env.DB_NAME | fileImports | ./dbo.js body-parser express mongodb | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:74:11:74:29 | process.env.DB_NAME | receiverName | client | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:74:11:74:29 | process.env.DB_NAME | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:75:19:75:24 | "logs" | CalleeFlexibleAccessPath | client.db().collection | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:75:19:75:24 | "logs" | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:75:19:75:24 | "logs" | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:75:19:75:24 | "logs" | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:75:19:75:24 | "logs" | calleeImports | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:75:19:75:24 | "logs" | contextFunctionInterfaces | useParams(params)\nuseQuery(queries) | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:75:19:75:24 | "logs" | contextSurroundingFunctionParameters | (req, res)\n(err, client) | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:75:19:75:24 | "logs" | enclosingFunctionBody | req res tag req query tag MongoClient connect process env DB_URL err client client db process env DB_NAME collection logs count tags tag importedDbo require ./dbo.js importedDbo db collection logs count tags tag | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:75:19:75:24 | "logs" | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:75:19:75:24 | "logs" | fileImports | ./dbo.js body-parser express mongodb | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:75:19:75:24 | "logs" | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:75:19:75:24 | "logs" | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:77:14:77:26 | { tags: tag } | CalleeFlexibleAccessPath | client.db().collection().count | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:77:14:77:26 | { tags: tag } | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:77:14:77:26 | { tags: tag } | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:77:14:77:26 | { tags: tag } | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:77:14:77:26 | { tags: tag } | calleeImports | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:77:14:77:26 | { tags: tag } | contextFunctionInterfaces | useParams(params)\nuseQuery(queries) | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:77:14:77:26 | { tags: tag } | contextSurroundingFunctionParameters | (req, res)\n(err, client) | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:77:14:77:26 | { tags: tag } | enclosingFunctionBody | req res tag req query tag MongoClient connect process env DB_URL err client client db process env DB_NAME collection logs count tags tag importedDbo require ./dbo.js importedDbo db collection logs count tags tag | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:77:14:77:26 | { tags: tag } | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:77:14:77:26 | { tags: tag } | fileImports | ./dbo.js body-parser express mongodb | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:77:14:77:26 | { tags: tag } | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:77:14:77:26 | { tags: tag } | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:77:22:77:24 | tag | CalleeFlexibleAccessPath | client.db().collection().count | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:77:22:77:24 | tag | InputAccessPathFromCallee | 0.tags | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:77:22:77:24 | tag | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:77:22:77:24 | tag | assignedToPropName | tags | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:77:22:77:24 | tag | calleeImports | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:77:22:77:24 | tag | contextFunctionInterfaces | useParams(params)\nuseQuery(queries) | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:77:22:77:24 | tag | contextSurroundingFunctionParameters | (req, res)\n(err, client) | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:77:22:77:24 | tag | enclosingFunctionBody | req res tag req query tag MongoClient connect process env DB_URL err client client db process env DB_NAME collection logs count tags tag importedDbo require ./dbo.js importedDbo db collection logs count tags tag | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:77:22:77:24 | tag | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:77:22:77:24 | tag | fileImports | ./dbo.js body-parser express mongodb | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:77:22:77:24 | tag | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:77:22:77:24 | tag | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:80:29:80:38 | "./dbo.js" | CalleeFlexibleAccessPath | require | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:80:29:80:38 | "./dbo.js" | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:80:29:80:38 | "./dbo.js" | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:80:29:80:38 | "./dbo.js" | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:80:29:80:38 | "./dbo.js" | calleeImports | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:80:29:80:38 | "./dbo.js" | contextFunctionInterfaces | useParams(params)\nuseQuery(queries) | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:80:29:80:38 | "./dbo.js" | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:80:29:80:38 | "./dbo.js" | enclosingFunctionBody | req res tag req query tag MongoClient connect process env DB_URL err client client db process env DB_NAME collection logs count tags tag importedDbo require ./dbo.js importedDbo db collection logs count tags tag | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:80:29:80:38 | "./dbo.js" | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:80:29:80:38 | "./dbo.js" | fileImports | ./dbo.js body-parser express mongodb | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:80:29:80:38 | "./dbo.js" | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:80:29:80:38 | "./dbo.js" | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:83:17:83:22 | "logs" | CalleeFlexibleAccessPath | importedDbo.db().collection | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:83:17:83:22 | "logs" | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:83:17:83:22 | "logs" | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:83:17:83:22 | "logs" | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:83:17:83:22 | "logs" | calleeImports | ./dbo.js | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:83:17:83:22 | "logs" | contextFunctionInterfaces | useParams(params)\nuseQuery(queries) | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:83:17:83:22 | "logs" | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:83:17:83:22 | "logs" | enclosingFunctionBody | req res tag req query tag MongoClient connect process env DB_URL err client client db process env DB_NAME collection logs count tags tag importedDbo require ./dbo.js importedDbo db collection logs count tags tag | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:83:17:83:22 | "logs" | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:83:17:83:22 | "logs" | fileImports | ./dbo.js body-parser express mongodb | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:83:17:83:22 | "logs" | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:83:17:83:22 | "logs" | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:85:12:85:24 | { tags: tag } | CalleeFlexibleAccessPath | importedDbo.db().collection().count | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:85:12:85:24 | { tags: tag } | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:85:12:85:24 | { tags: tag } | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:85:12:85:24 | { tags: tag } | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:85:12:85:24 | { tags: tag } | calleeImports | ./dbo.js | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:85:12:85:24 | { tags: tag } | contextFunctionInterfaces | useParams(params)\nuseQuery(queries) | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:85:12:85:24 | { tags: tag } | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:85:12:85:24 | { tags: tag } | enclosingFunctionBody | req res tag req query tag MongoClient connect process env DB_URL err client client db process env DB_NAME collection logs count tags tag importedDbo require ./dbo.js importedDbo db collection logs count tags tag | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:85:12:85:24 | { tags: tag } | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:85:12:85:24 | { tags: tag } | fileImports | ./dbo.js body-parser express mongodb | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:85:12:85:24 | { tags: tag } | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:85:12:85:24 | { tags: tag } | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:85:20:85:22 | tag | CalleeFlexibleAccessPath | importedDbo.db().collection().count | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:85:20:85:22 | tag | InputAccessPathFromCallee | 0.tags | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:85:20:85:22 | tag | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:85:20:85:22 | tag | assignedToPropName | tags | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:85:20:85:22 | tag | calleeImports | ./dbo.js | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:85:20:85:22 | tag | contextFunctionInterfaces | useParams(params)\nuseQuery(queries) | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:85:20:85:22 | tag | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:85:20:85:22 | tag | enclosingFunctionBody | req res tag req query tag MongoClient connect process env DB_URL err client client db process env DB_NAME collection logs count tags tag importedDbo require ./dbo.js importedDbo db collection logs count tags tag | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:85:20:85:22 | tag | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:85:20:85:22 | tag | fileImports | ./dbo.js body-parser express mongodb | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:85:20:85:22 | tag | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:85:20:85:22 | tag | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:89:9:89:14 | '/:id' | CalleeFlexibleAccessPath | app.get | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:89:9:89:14 | '/:id' | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:89:9:89:14 | '/:id' | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:89:9:89:14 | '/:id' | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:89:9:89:14 | '/:id' | calleeImports | express | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:89:9:89:14 | '/:id' | contextFunctionInterfaces | useParams(params)\nuseQuery(queries) | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:89:9:89:14 | '/:id' | contextSurroundingFunctionParameters | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:89:9:89:14 | '/:id' | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:89:9:89:14 | '/:id' | enclosingFunctionName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:89:9:89:14 | '/:id' | fileImports | ./dbo.js body-parser express mongodb | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:89:9:89:14 | '/:id' | receiverName | app | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:89:9:89:14 | '/:id' | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:89:17:91:1 | (req, r ... ram);\\n} | CalleeFlexibleAccessPath | app.get | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:89:17:91:1 | (req, r ... ram);\\n} | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:89:17:91:1 | (req, r ... ram);\\n} | InputArgumentIndex | 1 | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:89:17:91:1 | (req, r ... ram);\\n} | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:89:17:91:1 | (req, r ... ram);\\n} | calleeImports | express | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:89:17:91:1 | (req, r ... ram);\\n} | contextFunctionInterfaces | useParams(params)\nuseQuery(queries) | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:89:17:91:1 | (req, r ... ram);\\n} | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:89:17:91:1 | (req, r ... ram);\\n} | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:89:17:91:1 | (req, r ... ram);\\n} | enclosingFunctionName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:89:17:91:1 | (req, r ... ram);\\n} | fileImports | ./dbo.js body-parser express mongodb | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:89:17:91:1 | (req, r ... ram);\\n} | receiverName | app | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:89:17:91:1 | (req, r ... ram);\\n} | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:93:15:93:31 | { id: params.id } | CalleeFlexibleAccessPath | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:93:15:93:31 | { id: params.id } | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:93:15:93:31 | { id: params.id } | InputArgumentIndex | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:93:15:93:31 | { id: params.id } | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:93:15:93:31 | { id: params.id } | calleeImports | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:93:15:93:31 | { id: params.id } | contextFunctionInterfaces | useParams(params)\nuseQuery(queries) | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:93:15:93:31 | { id: params.id } | contextSurroundingFunctionParameters | (params) | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:93:15:93:31 | { id: params.id } | enclosingFunctionBody | params query id params id MongoClient connect mongodb://localhost:27017/test err db doc db collection doc doc find query | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:93:15:93:31 | { id: params.id } | enclosingFunctionName | useParams | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:93:15:93:31 | { id: params.id } | fileImports | ./dbo.js body-parser express mongodb | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:93:15:93:31 | { id: params.id } | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:93:15:93:31 | { id: params.id } | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:94:23:94:54 | 'mongod ... 7/test' | CalleeFlexibleAccessPath | MongoClient.connect | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:94:23:94:54 | 'mongod ... 7/test' | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:94:23:94:54 | 'mongod ... 7/test' | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:94:23:94:54 | 'mongod ... 7/test' | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:94:23:94:54 | 'mongod ... 7/test' | calleeImports | mongodb | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:94:23:94:54 | 'mongod ... 7/test' | contextFunctionInterfaces | useParams(params)\nuseQuery(queries) | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:94:23:94:54 | 'mongod ... 7/test' | contextSurroundingFunctionParameters | (params) | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:94:23:94:54 | 'mongod ... 7/test' | enclosingFunctionBody | params query id params id MongoClient connect mongodb://localhost:27017/test err db doc db collection doc doc find query | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:94:23:94:54 | 'mongod ... 7/test' | enclosingFunctionName | useParams | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:94:23:94:54 | 'mongod ... 7/test' | fileImports | ./dbo.js body-parser express mongodb | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:94:23:94:54 | 'mongod ... 7/test' | receiverName | MongoClient | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:94:23:94:54 | 'mongod ... 7/test' | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:94:57:99:3 | (err, d ... y);\\n } | CalleeFlexibleAccessPath | MongoClient.connect | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:94:57:99:3 | (err, d ... y);\\n } | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:94:57:99:3 | (err, d ... y);\\n } | InputArgumentIndex | 1 | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:94:57:99:3 | (err, d ... y);\\n } | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:94:57:99:3 | (err, d ... y);\\n } | calleeImports | mongodb | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:94:57:99:3 | (err, d ... y);\\n } | contextFunctionInterfaces | useParams(params)\nuseQuery(queries) | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:94:57:99:3 | (err, d ... y);\\n } | contextSurroundingFunctionParameters | (params)\n(err, db) | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:94:57:99:3 | (err, d ... y);\\n } | enclosingFunctionBody | params query id params id MongoClient connect mongodb://localhost:27017/test err db doc db collection doc doc find query | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:94:57:99:3 | (err, d ... y);\\n } | enclosingFunctionName | useParams | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:94:57:99:3 | (err, d ... y);\\n } | fileImports | ./dbo.js body-parser express mongodb | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:94:57:99:3 | (err, d ... y);\\n } | receiverName | MongoClient | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:94:57:99:3 | (err, d ... y);\\n } | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:95:29:95:33 | 'doc' | CalleeFlexibleAccessPath | db.collection | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:95:29:95:33 | 'doc' | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:95:29:95:33 | 'doc' | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:95:29:95:33 | 'doc' | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:95:29:95:33 | 'doc' | calleeImports | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:95:29:95:33 | 'doc' | contextFunctionInterfaces | useParams(params)\nuseQuery(queries) | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:95:29:95:33 | 'doc' | contextSurroundingFunctionParameters | (params)\n(err, db) | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:95:29:95:33 | 'doc' | enclosingFunctionBody | params query id params id MongoClient connect mongodb://localhost:27017/test err db doc db collection doc doc find query | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:95:29:95:33 | 'doc' | enclosingFunctionName | useParams | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:95:29:95:33 | 'doc' | fileImports | ./dbo.js body-parser express mongodb | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:95:29:95:33 | 'doc' | receiverName | db | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:95:29:95:33 | 'doc' | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:98:14:98:18 | query | CalleeFlexibleAccessPath | doc.find | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:98:14:98:18 | query | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:98:14:98:18 | query | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:98:14:98:18 | query | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:98:14:98:18 | query | calleeImports | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:98:14:98:18 | query | contextFunctionInterfaces | useParams(params)\nuseQuery(queries) | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:98:14:98:18 | query | contextSurroundingFunctionParameters | (params)\n(err, db) | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:98:14:98:18 | query | enclosingFunctionBody | params query id params id MongoClient connect mongodb://localhost:27017/test err db doc db collection doc doc find query | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:98:14:98:18 | query | enclosingFunctionName | useParams | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:98:14:98:18 | query | fileImports | ./dbo.js body-parser express mongodb | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:98:14:98:18 | query | receiverName | doc | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:98:14:98:18 | query | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:102:10:102:26 | '/documents/find' | CalleeFlexibleAccessPath | app.post | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:102:10:102:26 | '/documents/find' | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:102:10:102:26 | '/documents/find' | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:102:10:102:26 | '/documents/find' | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:102:10:102:26 | '/documents/find' | calleeImports | express | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:102:10:102:26 | '/documents/find' | contextFunctionInterfaces | useParams(params)\nuseQuery(queries) | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:102:10:102:26 | '/documents/find' | contextSurroundingFunctionParameters | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:102:10:102:26 | '/documents/find' | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:102:10:102:26 | '/documents/find' | enclosingFunctionName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:102:10:102:26 | '/documents/find' | fileImports | ./dbo.js body-parser express mongodb | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:102:10:102:26 | '/documents/find' | receiverName | app | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:102:10:102:26 | '/documents/find' | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:102:29:104:1 | (req, r ... ery);\\n} | CalleeFlexibleAccessPath | app.post | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:102:29:104:1 | (req, r ... ery);\\n} | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:102:29:104:1 | (req, r ... ery);\\n} | InputArgumentIndex | 1 | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:102:29:104:1 | (req, r ... ery);\\n} | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:102:29:104:1 | (req, r ... ery);\\n} | calleeImports | express | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:102:29:104:1 | (req, r ... ery);\\n} | contextFunctionInterfaces | useParams(params)\nuseQuery(queries) | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:102:29:104:1 | (req, r ... ery);\\n} | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:102:29:104:1 | (req, r ... ery);\\n} | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:102:29:104:1 | (req, r ... ery);\\n} | enclosingFunctionName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:102:29:104:1 | (req, r ... ery);\\n} | fileImports | ./dbo.js body-parser express mongodb | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:102:29:104:1 | (req, r ... ery);\\n} | receiverName | app | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:102:29:104:1 | (req, r ... ery);\\n} | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:106:17:106:18 | {} | CalleeFlexibleAccessPath | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:106:17:106:18 | {} | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:106:17:106:18 | {} | InputArgumentIndex | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:106:17:106:18 | {} | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:106:17:106:18 | {} | calleeImports | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:106:17:106:18 | {} | contextFunctionInterfaces | useParams(params)\nuseQuery(queries) | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:106:17:106:18 | {} | contextSurroundingFunctionParameters | (queries) | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:106:17:106:18 | {} | enclosingFunctionBody | queries query query title queries title MongoClient connect mongodb://localhost:27017/test err db doc db collection doc doc find query | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:106:17:106:18 | {} | enclosingFunctionName | useQuery | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:106:17:106:18 | {} | fileImports | ./dbo.js body-parser express mongodb | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:106:17:106:18 | {} | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:106:17:106:18 | {} | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:108:23:108:54 | 'mongod ... 7/test' | CalleeFlexibleAccessPath | MongoClient.connect | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:108:23:108:54 | 'mongod ... 7/test' | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:108:23:108:54 | 'mongod ... 7/test' | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:108:23:108:54 | 'mongod ... 7/test' | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:108:23:108:54 | 'mongod ... 7/test' | calleeImports | mongodb | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:108:23:108:54 | 'mongod ... 7/test' | contextFunctionInterfaces | useParams(params)\nuseQuery(queries) | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:108:23:108:54 | 'mongod ... 7/test' | contextSurroundingFunctionParameters | (queries) | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:108:23:108:54 | 'mongod ... 7/test' | enclosingFunctionBody | queries query query title queries title MongoClient connect mongodb://localhost:27017/test err db doc db collection doc doc find query | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:108:23:108:54 | 'mongod ... 7/test' | enclosingFunctionName | useQuery | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:108:23:108:54 | 'mongod ... 7/test' | fileImports | ./dbo.js body-parser express mongodb | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:108:23:108:54 | 'mongod ... 7/test' | receiverName | MongoClient | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:108:23:108:54 | 'mongod ... 7/test' | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:108:57:113:3 | (err, d ... y);\\n } | CalleeFlexibleAccessPath | MongoClient.connect | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:108:57:113:3 | (err, d ... y);\\n } | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:108:57:113:3 | (err, d ... y);\\n } | InputArgumentIndex | 1 | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:108:57:113:3 | (err, d ... y);\\n } | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:108:57:113:3 | (err, d ... y);\\n } | calleeImports | mongodb | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:108:57:113:3 | (err, d ... y);\\n } | contextFunctionInterfaces | useParams(params)\nuseQuery(queries) | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:108:57:113:3 | (err, d ... y);\\n } | contextSurroundingFunctionParameters | (queries)\n(err, db) | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:108:57:113:3 | (err, d ... y);\\n } | enclosingFunctionBody | queries query query title queries title MongoClient connect mongodb://localhost:27017/test err db doc db collection doc doc find query | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:108:57:113:3 | (err, d ... y);\\n } | enclosingFunctionName | useQuery | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:108:57:113:3 | (err, d ... y);\\n } | fileImports | ./dbo.js body-parser express mongodb | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:108:57:113:3 | (err, d ... y);\\n } | receiverName | MongoClient | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:108:57:113:3 | (err, d ... y);\\n } | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:109:29:109:33 | 'doc' | CalleeFlexibleAccessPath | db.collection | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:109:29:109:33 | 'doc' | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:109:29:109:33 | 'doc' | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:109:29:109:33 | 'doc' | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:109:29:109:33 | 'doc' | calleeImports | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:109:29:109:33 | 'doc' | contextFunctionInterfaces | useParams(params)\nuseQuery(queries) | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:109:29:109:33 | 'doc' | contextSurroundingFunctionParameters | (queries)\n(err, db) | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:109:29:109:33 | 'doc' | enclosingFunctionBody | queries query query title queries title MongoClient connect mongodb://localhost:27017/test err db doc db collection doc doc find query | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:109:29:109:33 | 'doc' | enclosingFunctionName | useQuery | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:109:29:109:33 | 'doc' | fileImports | ./dbo.js body-parser express mongodb | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:109:29:109:33 | 'doc' | receiverName | db | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:109:29:109:33 | 'doc' | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:112:14:112:18 | query | CalleeFlexibleAccessPath | doc.find | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:112:14:112:18 | query | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:112:14:112:18 | query | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:112:14:112:18 | query | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:112:14:112:18 | query | calleeImports | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:112:14:112:18 | query | contextFunctionInterfaces | useParams(params)\nuseQuery(queries) | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:112:14:112:18 | query | contextSurroundingFunctionParameters | (queries)\n(err, db) | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:112:14:112:18 | query | enclosingFunctionBody | queries query query title queries title MongoClient connect mongodb://localhost:27017/test err db doc db collection doc doc find query | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:112:14:112:18 | query | enclosingFunctionName | useQuery | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:112:14:112:18 | query | fileImports | ./dbo.js body-parser express mongodb | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:112:14:112:18 | query | receiverName | doc | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:112:14:112:18 | query | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:1:25:1:33 | 'express' | CalleeFlexibleAccessPath | require | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:1:25:1:33 | 'express' | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:1:25:1:33 | 'express' | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:1:25:1:33 | 'express' | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:1:25:1:33 | 'express' | calleeImports | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:1:25:1:33 | 'express' | contextFunctionInterfaces | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:1:25:1:33 | 'express' | contextSurroundingFunctionParameters | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:1:25:1:33 | 'express' | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:1:25:1:33 | 'express' | enclosingFunctionName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:1:25:1:33 | 'express' | fileImports | body-parser express mongodb | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:1:25:1:33 | 'express' | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:1:25:1:33 | 'express' | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:2:25:2:33 | 'mongodb' | CalleeFlexibleAccessPath | require | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:2:25:2:33 | 'mongodb' | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:2:25:2:33 | 'mongodb' | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:2:25:2:33 | 'mongodb' | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:2:25:2:33 | 'mongodb' | calleeImports | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:2:25:2:33 | 'mongodb' | contextFunctionInterfaces | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:2:25:2:33 | 'mongodb' | contextSurroundingFunctionParameters | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:2:25:2:33 | 'mongodb' | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:2:25:2:33 | 'mongodb' | enclosingFunctionName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:2:25:2:33 | 'mongodb' | fileImports | body-parser express mongodb | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:2:25:2:33 | 'mongodb' | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:2:25:2:33 | 'mongodb' | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:3:28:3:40 | 'body-parser' | CalleeFlexibleAccessPath | require | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:3:28:3:40 | 'body-parser' | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:3:28:3:40 | 'body-parser' | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:3:28:3:40 | 'body-parser' | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:3:28:3:40 | 'body-parser' | calleeImports | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:3:28:3:40 | 'body-parser' | contextFunctionInterfaces | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:3:28:3:40 | 'body-parser' | contextSurroundingFunctionParameters | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:3:28:3:40 | 'body-parser' | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:3:28:3:40 | 'body-parser' | enclosingFunctionName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:3:28:3:40 | 'body-parser' | fileImports | body-parser express mongodb | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:3:28:3:40 | 'body-parser' | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:3:28:3:40 | 'body-parser' | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:9:9:9:50 | bodyPar ... alse }) | CalleeFlexibleAccessPath | app.use | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:9:9:9:50 | bodyPar ... alse }) | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:9:9:9:50 | bodyPar ... alse }) | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:9:9:9:50 | bodyPar ... alse }) | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:9:9:9:50 | bodyPar ... alse }) | calleeImports | express | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:9:9:9:50 | bodyPar ... alse }) | contextFunctionInterfaces | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:9:9:9:50 | bodyPar ... alse }) | contextSurroundingFunctionParameters | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:9:9:9:50 | bodyPar ... alse }) | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:9:9:9:50 | bodyPar ... alse }) | enclosingFunctionName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:9:9:9:50 | bodyPar ... alse }) | fileImports | body-parser express mongodb | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:9:9:9:50 | bodyPar ... alse }) | receiverName | app | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:9:9:9:50 | bodyPar ... alse }) | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:9:31:9:49 | { extended: false } | CalleeFlexibleAccessPath | bodyParser.urlencoded | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:9:31:9:49 | { extended: false } | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:9:31:9:49 | { extended: false } | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:9:31:9:49 | { extended: false } | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:9:31:9:49 | { extended: false } | calleeImports | body-parser | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:9:31:9:49 | { extended: false } | contextFunctionInterfaces | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:9:31:9:49 | { extended: false } | contextSurroundingFunctionParameters | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:9:31:9:49 | { extended: false } | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:9:31:9:49 | { extended: false } | enclosingFunctionName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:9:31:9:49 | { extended: false } | fileImports | body-parser express mongodb | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:9:31:9:49 | { extended: false } | receiverName | bodyParser | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:9:31:9:49 | { extended: false } | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:9:43:9:47 | false | CalleeFlexibleAccessPath | bodyParser.urlencoded | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:9:43:9:47 | false | InputAccessPathFromCallee | 0.extended | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:9:43:9:47 | false | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:9:43:9:47 | false | assignedToPropName | extended | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:9:43:9:47 | false | calleeImports | body-parser | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:9:43:9:47 | false | contextFunctionInterfaces | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:9:43:9:47 | false | contextSurroundingFunctionParameters | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:9:43:9:47 | false | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:9:43:9:47 | false | enclosingFunctionName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:9:43:9:47 | false | fileImports | body-parser express mongodb | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:9:43:9:47 | false | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:9:43:9:47 | false | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:11:10:11:26 | '/documents/find' | CalleeFlexibleAccessPath | app.post | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:11:10:11:26 | '/documents/find' | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:11:10:11:26 | '/documents/find' | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:11:10:11:26 | '/documents/find' | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:11:10:11:26 | '/documents/find' | calleeImports | express | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:11:10:11:26 | '/documents/find' | contextFunctionInterfaces | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:11:10:11:26 | '/documents/find' | contextSurroundingFunctionParameters | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:11:10:11:26 | '/documents/find' | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:11:10:11:26 | '/documents/find' | enclosingFunctionName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:11:10:11:26 | '/documents/find' | fileImports | body-parser express mongodb | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:11:10:11:26 | '/documents/find' | receiverName | app | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:11:10:11:26 | '/documents/find' | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:11:29:20:1 | (req, r ... });\\n} | CalleeFlexibleAccessPath | app.post | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:11:29:20:1 | (req, r ... });\\n} | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:11:29:20:1 | (req, r ... });\\n} | InputArgumentIndex | 1 | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:11:29:20:1 | (req, r ... });\\n} | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:11:29:20:1 | (req, r ... });\\n} | calleeImports | express | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:11:29:20:1 | (req, r ... });\\n} | contextFunctionInterfaces | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:11:29:20:1 | (req, r ... });\\n} | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:11:29:20:1 | (req, r ... });\\n} | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:11:29:20:1 | (req, r ... });\\n} | enclosingFunctionName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:11:29:20:1 | (req, r ... });\\n} | fileImports | body-parser express mongodb | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:11:29:20:1 | (req, r ... });\\n} | receiverName | app | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:11:29:20:1 | (req, r ... });\\n} | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:12:19:12:20 | {} | CalleeFlexibleAccessPath | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:12:19:12:20 | {} | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:12:19:12:20 | {} | InputArgumentIndex | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:12:19:12:20 | {} | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:12:19:12:20 | {} | calleeImports | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:12:19:12:20 | {} | contextFunctionInterfaces | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:12:19:12:20 | {} | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:12:19:12:20 | {} | enclosingFunctionBody | req res query query title req body title MongoClient connect mongodb://localhost:27017/test err db doc db collection doc doc find query | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:12:19:12:20 | {} | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:12:19:12:20 | {} | fileImports | body-parser express mongodb | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:12:19:12:20 | {} | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:12:19:12:20 | {} | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:14:25:14:56 | 'mongod ... 7/test' | CalleeFlexibleAccessPath | MongoClient.connect | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:14:25:14:56 | 'mongod ... 7/test' | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:14:25:14:56 | 'mongod ... 7/test' | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:14:25:14:56 | 'mongod ... 7/test' | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:14:25:14:56 | 'mongod ... 7/test' | calleeImports | mongodb | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:14:25:14:56 | 'mongod ... 7/test' | contextFunctionInterfaces | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:14:25:14:56 | 'mongod ... 7/test' | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:14:25:14:56 | 'mongod ... 7/test' | enclosingFunctionBody | req res query query title req body title MongoClient connect mongodb://localhost:27017/test err db doc db collection doc doc find query | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:14:25:14:56 | 'mongod ... 7/test' | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:14:25:14:56 | 'mongod ... 7/test' | fileImports | body-parser express mongodb | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:14:25:14:56 | 'mongod ... 7/test' | receiverName | MongoClient | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:14:25:14:56 | 'mongod ... 7/test' | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:14:59:19:5 | (err, d ... ;\\n } | CalleeFlexibleAccessPath | MongoClient.connect | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:14:59:19:5 | (err, d ... ;\\n } | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:14:59:19:5 | (err, d ... ;\\n } | InputArgumentIndex | 1 | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:14:59:19:5 | (err, d ... ;\\n } | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:14:59:19:5 | (err, d ... ;\\n } | calleeImports | mongodb | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:14:59:19:5 | (err, d ... ;\\n } | contextFunctionInterfaces | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:14:59:19:5 | (err, d ... ;\\n } | contextSurroundingFunctionParameters | (req, res)\n(err, db) | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:14:59:19:5 | (err, d ... ;\\n } | enclosingFunctionBody | req res query query title req body title MongoClient connect mongodb://localhost:27017/test err db doc db collection doc doc find query | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:14:59:19:5 | (err, d ... ;\\n } | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:14:59:19:5 | (err, d ... ;\\n } | fileImports | body-parser express mongodb | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:14:59:19:5 | (err, d ... ;\\n } | receiverName | MongoClient | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:14:59:19:5 | (err, d ... ;\\n } | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:15:31:15:35 | 'doc' | CalleeFlexibleAccessPath | db.collection | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:15:31:15:35 | 'doc' | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:15:31:15:35 | 'doc' | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:15:31:15:35 | 'doc' | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:15:31:15:35 | 'doc' | calleeImports | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:15:31:15:35 | 'doc' | contextFunctionInterfaces | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:15:31:15:35 | 'doc' | contextSurroundingFunctionParameters | (req, res)\n(err, db) | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:15:31:15:35 | 'doc' | enclosingFunctionBody | req res query query title req body title MongoClient connect mongodb://localhost:27017/test err db doc db collection doc doc find query | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:15:31:15:35 | 'doc' | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:15:31:15:35 | 'doc' | fileImports | body-parser express mongodb | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:15:31:15:35 | 'doc' | receiverName | db | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:15:31:15:35 | 'doc' | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:18:16:18:20 | query | CalleeFlexibleAccessPath | doc.find | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:18:16:18:20 | query | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:18:16:18:20 | query | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:18:16:18:20 | query | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:18:16:18:20 | query | calleeImports | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:18:16:18:20 | query | contextFunctionInterfaces | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:18:16:18:20 | query | contextSurroundingFunctionParameters | (req, res)\n(err, db) | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:18:16:18:20 | query | enclosingFunctionBody | req res query query title req body title MongoClient connect mongodb://localhost:27017/test err db doc db collection doc doc find query | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:18:16:18:20 | query | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:18:16:18:20 | query | fileImports | body-parser express mongodb | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:18:16:18:20 | query | receiverName | doc | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:18:16:18:20 | query | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:22:10:22:26 | '/documents/find' | CalleeFlexibleAccessPath | app.post | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:22:10:22:26 | '/documents/find' | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:22:10:22:26 | '/documents/find' | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:22:10:22:26 | '/documents/find' | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:22:10:22:26 | '/documents/find' | calleeImports | express | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:22:10:22:26 | '/documents/find' | contextFunctionInterfaces | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:22:10:22:26 | '/documents/find' | contextSurroundingFunctionParameters | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:22:10:22:26 | '/documents/find' | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:22:10:22:26 | '/documents/find' | enclosingFunctionName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:22:10:22:26 | '/documents/find' | fileImports | body-parser express mongodb | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:22:10:22:26 | '/documents/find' | receiverName | app | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:22:10:22:26 | '/documents/find' | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:22:29:31:1 | (req, r ... });\\n} | CalleeFlexibleAccessPath | app.post | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:22:29:31:1 | (req, r ... });\\n} | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:22:29:31:1 | (req, r ... });\\n} | InputArgumentIndex | 1 | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:22:29:31:1 | (req, r ... });\\n} | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:22:29:31:1 | (req, r ... });\\n} | calleeImports | express | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:22:29:31:1 | (req, r ... });\\n} | contextFunctionInterfaces | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:22:29:31:1 | (req, r ... });\\n} | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:22:29:31:1 | (req, r ... });\\n} | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:22:29:31:1 | (req, r ... });\\n} | enclosingFunctionName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:22:29:31:1 | (req, r ... });\\n} | fileImports | body-parser express mongodb | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:22:29:31:1 | (req, r ... });\\n} | receiverName | app | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:22:29:31:1 | (req, r ... });\\n} | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:23:19:23:20 | {} | CalleeFlexibleAccessPath | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:23:19:23:20 | {} | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:23:19:23:20 | {} | InputArgumentIndex | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:23:19:23:20 | {} | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:23:19:23:20 | {} | calleeImports | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:23:19:23:20 | {} | contextFunctionInterfaces | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:23:19:23:20 | {} | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:23:19:23:20 | {} | enclosingFunctionBody | req res query query title req query title MongoClient connect mongodb://localhost:27017/test err db doc db collection doc doc find query | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:23:19:23:20 | {} | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:23:19:23:20 | {} | fileImports | body-parser express mongodb | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:23:19:23:20 | {} | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:23:19:23:20 | {} | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:25:25:25:56 | 'mongod ... 7/test' | CalleeFlexibleAccessPath | MongoClient.connect | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:25:25:25:56 | 'mongod ... 7/test' | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:25:25:25:56 | 'mongod ... 7/test' | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:25:25:25:56 | 'mongod ... 7/test' | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:25:25:25:56 | 'mongod ... 7/test' | calleeImports | mongodb | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:25:25:25:56 | 'mongod ... 7/test' | contextFunctionInterfaces | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:25:25:25:56 | 'mongod ... 7/test' | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:25:25:25:56 | 'mongod ... 7/test' | enclosingFunctionBody | req res query query title req query title MongoClient connect mongodb://localhost:27017/test err db doc db collection doc doc find query | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:25:25:25:56 | 'mongod ... 7/test' | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:25:25:25:56 | 'mongod ... 7/test' | fileImports | body-parser express mongodb | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:25:25:25:56 | 'mongod ... 7/test' | receiverName | MongoClient | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:25:25:25:56 | 'mongod ... 7/test' | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:25:59:30:5 | (err, d ... ;\\n } | CalleeFlexibleAccessPath | MongoClient.connect | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:25:59:30:5 | (err, d ... ;\\n } | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:25:59:30:5 | (err, d ... ;\\n } | InputArgumentIndex | 1 | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:25:59:30:5 | (err, d ... ;\\n } | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:25:59:30:5 | (err, d ... ;\\n } | calleeImports | mongodb | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:25:59:30:5 | (err, d ... ;\\n } | contextFunctionInterfaces | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:25:59:30:5 | (err, d ... ;\\n } | contextSurroundingFunctionParameters | (req, res)\n(err, db) | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:25:59:30:5 | (err, d ... ;\\n } | enclosingFunctionBody | req res query query title req query title MongoClient connect mongodb://localhost:27017/test err db doc db collection doc doc find query | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:25:59:30:5 | (err, d ... ;\\n } | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:25:59:30:5 | (err, d ... ;\\n } | fileImports | body-parser express mongodb | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:25:59:30:5 | (err, d ... ;\\n } | receiverName | MongoClient | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:25:59:30:5 | (err, d ... ;\\n } | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:26:31:26:35 | 'doc' | CalleeFlexibleAccessPath | db.collection | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:26:31:26:35 | 'doc' | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:26:31:26:35 | 'doc' | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:26:31:26:35 | 'doc' | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:26:31:26:35 | 'doc' | calleeImports | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:26:31:26:35 | 'doc' | contextFunctionInterfaces | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:26:31:26:35 | 'doc' | contextSurroundingFunctionParameters | (req, res)\n(err, db) | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:26:31:26:35 | 'doc' | enclosingFunctionBody | req res query query title req query title MongoClient connect mongodb://localhost:27017/test err db doc db collection doc doc find query | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:26:31:26:35 | 'doc' | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:26:31:26:35 | 'doc' | fileImports | body-parser express mongodb | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:26:31:26:35 | 'doc' | receiverName | db | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:26:31:26:35 | 'doc' | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:29:16:29:20 | query | CalleeFlexibleAccessPath | doc.find | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:29:16:29:20 | query | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:29:16:29:20 | query | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:29:16:29:20 | query | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:29:16:29:20 | query | calleeImports | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:29:16:29:20 | query | contextFunctionInterfaces | | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:29:16:29:20 | query | contextSurroundingFunctionParameters | (req, res)\n(err, db) | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:29:16:29:20 | query | enclosingFunctionBody | req res query query title req query title MongoClient connect mongodb://localhost:27017/test err db doc db collection doc doc find query | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:29:16:29:20 | query | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:29:16:29:20 | query | fileImports | body-parser express mongodb | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:29:16:29:20 | query | receiverName | doc | -| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:29:16:29:20 | query | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:2:25:2:33 | 'express' | CalleeFlexibleAccessPath | require | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:2:25:2:33 | 'express' | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:2:25:2:33 | 'express' | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:2:25:2:33 | 'express' | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:2:25:2:33 | 'express' | calleeImports | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:2:25:2:33 | 'express' | contextFunctionInterfaces | getQueryConstructor()\ninnocent(X, Y, query) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:2:25:2:33 | 'express' | contextSurroundingFunctionParameters | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:2:25:2:33 | 'express' | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:2:25:2:33 | 'express' | enclosingFunctionName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:2:25:2:33 | 'express' | fileImports | body-parser express mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:2:25:2:33 | 'express' | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:2:25:2:33 | 'express' | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:3:28:3:40 | 'body-parser' | CalleeFlexibleAccessPath | require | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:3:28:3:40 | 'body-parser' | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:3:28:3:40 | 'body-parser' | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:3:28:3:40 | 'body-parser' | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:3:28:3:40 | 'body-parser' | calleeImports | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:3:28:3:40 | 'body-parser' | contextFunctionInterfaces | getQueryConstructor()\ninnocent(X, Y, query) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:3:28:3:40 | 'body-parser' | contextSurroundingFunctionParameters | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:3:28:3:40 | 'body-parser' | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:3:28:3:40 | 'body-parser' | enclosingFunctionName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:3:28:3:40 | 'body-parser' | fileImports | body-parser express mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:3:28:3:40 | 'body-parser' | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:3:28:3:40 | 'body-parser' | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:4:26:4:35 | 'mongoose' | CalleeFlexibleAccessPath | require | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:4:26:4:35 | 'mongoose' | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:4:26:4:35 | 'mongoose' | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:4:26:4:35 | 'mongoose' | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:4:26:4:35 | 'mongoose' | calleeImports | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:4:26:4:35 | 'mongoose' | contextFunctionInterfaces | getQueryConstructor()\ninnocent(X, Y, query) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:4:26:4:35 | 'mongoose' | contextSurroundingFunctionParameters | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:4:26:4:35 | 'mongoose' | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:4:26:4:35 | 'mongoose' | enclosingFunctionName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:4:26:4:35 | 'mongoose' | fileImports | body-parser express mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:4:26:4:35 | 'mongoose' | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:4:26:4:35 | 'mongoose' | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:6:18:6:50 | 'mongod ... table1' | CalleeFlexibleAccessPath | Mongoose.connect | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:6:18:6:50 | 'mongod ... table1' | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:6:18:6:50 | 'mongod ... table1' | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:6:18:6:50 | 'mongod ... table1' | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:6:18:6:50 | 'mongod ... table1' | calleeImports | mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:6:18:6:50 | 'mongod ... table1' | contextFunctionInterfaces | getQueryConstructor()\ninnocent(X, Y, query) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:6:18:6:50 | 'mongod ... table1' | contextSurroundingFunctionParameters | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:6:18:6:50 | 'mongod ... table1' | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:6:18:6:50 | 'mongod ... table1' | enclosingFunctionName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:6:18:6:50 | 'mongod ... table1' | fileImports | body-parser express mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:6:18:6:50 | 'mongod ... table1' | receiverName | Mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:6:18:6:50 | 'mongod ... table1' | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:9:9:9:25 | BodyParser.json() | CalleeFlexibleAccessPath | app.use | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:9:9:9:25 | BodyParser.json() | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:9:9:9:25 | BodyParser.json() | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:9:9:9:25 | BodyParser.json() | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:9:9:9:25 | BodyParser.json() | calleeImports | express | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:9:9:9:25 | BodyParser.json() | contextFunctionInterfaces | getQueryConstructor()\ninnocent(X, Y, query) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:9:9:9:25 | BodyParser.json() | contextSurroundingFunctionParameters | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:9:9:9:25 | BodyParser.json() | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:9:9:9:25 | BodyParser.json() | enclosingFunctionName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:9:9:9:25 | BodyParser.json() | fileImports | body-parser express mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:9:9:9:25 | BodyParser.json() | receiverName | app | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:9:9:9:25 | BodyParser.json() | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:11:33:11:42 | 'Document' | CalleeFlexibleAccessPath | Mongoose.model | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:11:33:11:42 | 'Document' | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:11:33:11:42 | 'Document' | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:11:33:11:42 | 'Document' | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:11:33:11:42 | 'Document' | calleeImports | mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:11:33:11:42 | 'Document' | contextFunctionInterfaces | getQueryConstructor()\ninnocent(X, Y, query) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:11:33:11:42 | 'Document' | contextSurroundingFunctionParameters | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:11:33:11:42 | 'Document' | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:11:33:11:42 | 'Document' | enclosingFunctionName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:11:33:11:42 | 'Document' | fileImports | body-parser express mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:11:33:11:42 | 'Document' | receiverName | Mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:11:33:11:42 | 'Document' | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:11:45:17:1 | {\\n t ... tring\\n} | CalleeFlexibleAccessPath | Mongoose.model | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:11:45:17:1 | {\\n t ... tring\\n} | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:11:45:17:1 | {\\n t ... tring\\n} | InputArgumentIndex | 1 | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:11:45:17:1 | {\\n t ... tring\\n} | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:11:45:17:1 | {\\n t ... tring\\n} | calleeImports | mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:11:45:17:1 | {\\n t ... tring\\n} | contextFunctionInterfaces | getQueryConstructor()\ninnocent(X, Y, query) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:11:45:17:1 | {\\n t ... tring\\n} | contextSurroundingFunctionParameters | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:11:45:17:1 | {\\n t ... tring\\n} | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:11:45:17:1 | {\\n t ... tring\\n} | enclosingFunctionName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:11:45:17:1 | {\\n t ... tring\\n} | fileImports | body-parser express mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:11:45:17:1 | {\\n t ... tring\\n} | receiverName | Mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:11:45:17:1 | {\\n t ... tring\\n} | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:12:12:15:5 | {\\n ... e\\n } | CalleeFlexibleAccessPath | Mongoose.model | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:12:12:15:5 | {\\n ... e\\n } | InputAccessPathFromCallee | 1.title | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:12:12:15:5 | {\\n ... e\\n } | InputArgumentIndex | 1 | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:12:12:15:5 | {\\n ... e\\n } | assignedToPropName | title | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:12:12:15:5 | {\\n ... e\\n } | calleeImports | mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:12:12:15:5 | {\\n ... e\\n } | contextFunctionInterfaces | getQueryConstructor()\ninnocent(X, Y, query) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:12:12:15:5 | {\\n ... e\\n } | contextSurroundingFunctionParameters | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:12:12:15:5 | {\\n ... e\\n } | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:12:12:15:5 | {\\n ... e\\n } | enclosingFunctionName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:12:12:15:5 | {\\n ... e\\n } | fileImports | body-parser express mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:12:12:15:5 | {\\n ... e\\n } | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:12:12:15:5 | {\\n ... e\\n } | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:13:15:13:20 | String | CalleeFlexibleAccessPath | Mongoose.model | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:13:15:13:20 | String | InputAccessPathFromCallee | 1.title.type | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:13:15:13:20 | String | InputArgumentIndex | 1 | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:13:15:13:20 | String | assignedToPropName | type | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:13:15:13:20 | String | calleeImports | mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:13:15:13:20 | String | contextFunctionInterfaces | getQueryConstructor()\ninnocent(X, Y, query) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:13:15:13:20 | String | contextSurroundingFunctionParameters | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:13:15:13:20 | String | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:13:15:13:20 | String | enclosingFunctionName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:13:15:13:20 | String | fileImports | body-parser express mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:13:15:13:20 | String | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:13:15:13:20 | String | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:14:17:14:20 | true | CalleeFlexibleAccessPath | Mongoose.model | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:14:17:14:20 | true | InputAccessPathFromCallee | 1.title.unique | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:14:17:14:20 | true | InputArgumentIndex | 1 | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:14:17:14:20 | true | assignedToPropName | unique | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:14:17:14:20 | true | calleeImports | mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:14:17:14:20 | true | contextFunctionInterfaces | getQueryConstructor()\ninnocent(X, Y, query) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:14:17:14:20 | true | contextSurroundingFunctionParameters | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:14:17:14:20 | true | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:14:17:14:20 | true | enclosingFunctionName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:14:17:14:20 | true | fileImports | body-parser express mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:14:17:14:20 | true | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:14:17:14:20 | true | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:16:11:16:16 | String | CalleeFlexibleAccessPath | Mongoose.model | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:16:11:16:16 | String | InputAccessPathFromCallee | 1.type | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:16:11:16:16 | String | InputArgumentIndex | 1 | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:16:11:16:16 | String | assignedToPropName | type | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:16:11:16:16 | String | calleeImports | mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:16:11:16:16 | String | contextFunctionInterfaces | getQueryConstructor()\ninnocent(X, Y, query) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:16:11:16:16 | String | contextSurroundingFunctionParameters | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:16:11:16:16 | String | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:16:11:16:16 | String | enclosingFunctionName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:16:11:16:16 | String | fileImports | body-parser express mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:16:11:16:16 | String | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:16:11:16:16 | String | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:19:10:19:26 | '/documents/find' | CalleeFlexibleAccessPath | app.post | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:19:10:19:26 | '/documents/find' | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:19:10:19:26 | '/documents/find' | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:19:10:19:26 | '/documents/find' | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:19:10:19:26 | '/documents/find' | calleeImports | express | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:19:10:19:26 | '/documents/find' | contextFunctionInterfaces | getQueryConstructor()\ninnocent(X, Y, query) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:19:10:19:26 | '/documents/find' | contextSurroundingFunctionParameters | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:19:10:19:26 | '/documents/find' | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:19:10:19:26 | '/documents/find' | enclosingFunctionName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:19:10:19:26 | '/documents/find' | fileImports | body-parser express mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:19:10:19:26 | '/documents/find' | receiverName | app | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:19:10:19:26 | '/documents/find' | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:19:29:132:1 | (req, r ... // OK\\n} | CalleeFlexibleAccessPath | app.post | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:19:29:132:1 | (req, r ... // OK\\n} | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:19:29:132:1 | (req, r ... // OK\\n} | InputArgumentIndex | 1 | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:19:29:132:1 | (req, r ... // OK\\n} | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:19:29:132:1 | (req, r ... // OK\\n} | calleeImports | express | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:19:29:132:1 | (req, r ... // OK\\n} | contextFunctionInterfaces | getQueryConstructor()\ninnocent(X, Y, query) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:19:29:132:1 | (req, r ... // OK\\n} | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:19:29:132:1 | (req, r ... // OK\\n} | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:19:29:132:1 | (req, r ... // OK\\n} | enclosingFunctionName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:19:29:132:1 | (req, r ... // OK\\n} | fileImports | body-parser express mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:19:29:132:1 | (req, r ... // OK\\n} | receiverName | app | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:19:29:132:1 | (req, r ... // OK\\n} | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:20:19:20:20 | {} | CalleeFlexibleAccessPath | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:20:19:20:20 | {} | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:20:19:20:20 | {} | InputArgumentIndex | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:20:19:20:20 | {} | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:20:19:20:20 | {} | calleeImports | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:20:19:20:20 | {} | contextFunctionInterfaces | getQueryConstructor()\ninnocent(X, Y, query) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:20:19:20:20 | {} | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:20:19:20:20 | {} | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:20:19:20:20 | {} | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:20:19:20:20 | {} | fileImports | body-parser express mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:20:19:20:20 | {} | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:20:19:20:20 | {} | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:24:24:24:30 | [query] | CalleeFlexibleAccessPath | Document.aggregate | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:24:24:24:30 | [query] | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:24:24:24:30 | [query] | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:24:24:24:30 | [query] | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:24:24:24:30 | [query] | calleeImports | mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:24:24:24:30 | [query] | contextFunctionInterfaces | getQueryConstructor()\ninnocent(X, Y, query) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:24:24:24:30 | [query] | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:24:24:24:30 | [query] | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:24:24:24:30 | [query] | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:24:24:24:30 | [query] | fileImports | body-parser express mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:24:24:24:30 | [query] | receiverName | Document | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:24:24:24:30 | [query] | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:24:25:24:29 | query | CalleeFlexibleAccessPath | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:24:25:24:29 | query | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:24:25:24:29 | query | InputArgumentIndex | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:24:25:24:29 | query | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:24:25:24:29 | query | calleeImports | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:24:25:24:29 | query | contextFunctionInterfaces | getQueryConstructor()\ninnocent(X, Y, query) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:24:25:24:29 | query | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:24:25:24:29 | query | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:24:25:24:29 | query | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:24:25:24:29 | query | fileImports | body-parser express mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:24:25:24:29 | query | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:24:25:24:29 | query | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:27:20:27:24 | query | CalleeFlexibleAccessPath | Document.count | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:27:20:27:24 | query | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:27:20:27:24 | query | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:27:20:27:24 | query | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:27:20:27:24 | query | calleeImports | mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:27:20:27:24 | query | contextFunctionInterfaces | getQueryConstructor()\ninnocent(X, Y, query) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:27:20:27:24 | query | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:27:20:27:24 | query | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:27:20:27:24 | query | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:27:20:27:24 | query | fileImports | body-parser express mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:27:20:27:24 | query | receiverName | Document | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:27:20:27:24 | query | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:30:25:30:29 | query | CalleeFlexibleAccessPath | Document.deleteMany | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:30:25:30:29 | query | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:30:25:30:29 | query | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:30:25:30:29 | query | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:30:25:30:29 | query | calleeImports | mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:30:25:30:29 | query | contextFunctionInterfaces | getQueryConstructor()\ninnocent(X, Y, query) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:30:25:30:29 | query | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:30:25:30:29 | query | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:30:25:30:29 | query | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:30:25:30:29 | query | fileImports | body-parser express mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:30:25:30:29 | query | receiverName | Document | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:30:25:30:29 | query | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:33:24:33:28 | query | CalleeFlexibleAccessPath | Document.deleteOne | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:33:24:33:28 | query | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:33:24:33:28 | query | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:33:24:33:28 | query | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:33:24:33:28 | query | calleeImports | mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:33:24:33:28 | query | contextFunctionInterfaces | getQueryConstructor()\ninnocent(X, Y, query) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:33:24:33:28 | query | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:33:24:33:28 | query | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:33:24:33:28 | query | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:33:24:33:28 | query | fileImports | body-parser express mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:33:24:33:28 | query | receiverName | Document | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:33:24:33:28 | query | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:36:31:36:35 | query | CalleeFlexibleAccessPath | Document.distinct | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:36:31:36:35 | query | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:36:31:36:35 | query | InputArgumentIndex | 1 | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:36:31:36:35 | query | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:36:31:36:35 | query | calleeImports | mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:36:31:36:35 | query | contextFunctionInterfaces | getQueryConstructor()\ninnocent(X, Y, query) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:36:31:36:35 | query | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:36:31:36:35 | query | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:36:31:36:35 | query | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:36:31:36:35 | query | fileImports | body-parser express mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:36:31:36:35 | query | receiverName | Document | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:36:31:36:35 | query | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:39:19:39:23 | query | CalleeFlexibleAccessPath | Document.find | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:39:19:39:23 | query | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:39:19:39:23 | query | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:39:19:39:23 | query | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:39:19:39:23 | query | calleeImports | mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:39:19:39:23 | query | contextFunctionInterfaces | getQueryConstructor()\ninnocent(X, Y, query) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:39:19:39:23 | query | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:39:19:39:23 | query | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:39:19:39:23 | query | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:39:19:39:23 | query | fileImports | body-parser express mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:39:19:39:23 | query | receiverName | Document | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:39:19:39:23 | query | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:42:22:42:26 | query | CalleeFlexibleAccessPath | Document.findOne | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:42:22:42:26 | query | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:42:22:42:26 | query | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:42:22:42:26 | query | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:42:22:42:26 | query | calleeImports | mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:42:22:42:26 | query | contextFunctionInterfaces | getQueryConstructor()\ninnocent(X, Y, query) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:42:22:42:26 | query | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:42:22:42:26 | query | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:42:22:42:26 | query | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:42:22:42:26 | query | fileImports | body-parser express mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:42:22:42:26 | query | receiverName | Document | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:42:22:42:26 | query | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:45:31:45:35 | query | CalleeFlexibleAccessPath | Document.findOneAndDelete | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:45:31:45:35 | query | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:45:31:45:35 | query | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:45:31:45:35 | query | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:45:31:45:35 | query | calleeImports | mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:45:31:45:35 | query | contextFunctionInterfaces | getQueryConstructor()\ninnocent(X, Y, query) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:45:31:45:35 | query | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:45:31:45:35 | query | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:45:31:45:35 | query | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:45:31:45:35 | query | fileImports | body-parser express mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:45:31:45:35 | query | receiverName | Document | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:45:31:45:35 | query | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:48:31:48:35 | query | CalleeFlexibleAccessPath | Document.findOneAndRemove | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:48:31:48:35 | query | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:48:31:48:35 | query | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:48:31:48:35 | query | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:48:31:48:35 | query | calleeImports | mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:48:31:48:35 | query | contextFunctionInterfaces | getQueryConstructor()\ninnocent(X, Y, query) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:48:31:48:35 | query | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:48:31:48:35 | query | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:48:31:48:35 | query | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:48:31:48:35 | query | fileImports | body-parser express mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:48:31:48:35 | query | receiverName | Document | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:48:31:48:35 | query | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:51:31:51:35 | query | CalleeFlexibleAccessPath | Document.findOneAndUpdate | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:51:31:51:35 | query | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:51:31:51:35 | query | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:51:31:51:35 | query | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:51:31:51:35 | query | calleeImports | mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:51:31:51:35 | query | contextFunctionInterfaces | getQueryConstructor()\ninnocent(X, Y, query) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:51:31:51:35 | query | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:51:31:51:35 | query | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:51:31:51:35 | query | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:51:31:51:35 | query | fileImports | body-parser express mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:51:31:51:35 | query | receiverName | Document | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:51:31:51:35 | query | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:54:25:54:29 | query | CalleeFlexibleAccessPath | Document.replaceOne | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:54:25:54:29 | query | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:54:25:54:29 | query | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:54:25:54:29 | query | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:54:25:54:29 | query | calleeImports | mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:54:25:54:29 | query | contextFunctionInterfaces | getQueryConstructor()\ninnocent(X, Y, query) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:54:25:54:29 | query | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:54:25:54:29 | query | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:54:25:54:29 | query | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:54:25:54:29 | query | fileImports | body-parser express mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:54:25:54:29 | query | receiverName | Document | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:54:25:54:29 | query | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:57:21:57:25 | query | CalleeFlexibleAccessPath | Document.update | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:57:21:57:25 | query | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:57:21:57:25 | query | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:57:21:57:25 | query | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:57:21:57:25 | query | calleeImports | mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:57:21:57:25 | query | contextFunctionInterfaces | getQueryConstructor()\ninnocent(X, Y, query) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:57:21:57:25 | query | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:57:21:57:25 | query | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:57:21:57:25 | query | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:57:21:57:25 | query | fileImports | body-parser express mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:57:21:57:25 | query | receiverName | Document | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:57:21:57:25 | query | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:60:25:60:29 | query | CalleeFlexibleAccessPath | Document.updateMany | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:60:25:60:29 | query | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:60:25:60:29 | query | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:60:25:60:29 | query | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:60:25:60:29 | query | calleeImports | mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:60:25:60:29 | query | contextFunctionInterfaces | getQueryConstructor()\ninnocent(X, Y, query) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:60:25:60:29 | query | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:60:25:60:29 | query | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:60:25:60:29 | query | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:60:25:60:29 | query | fileImports | body-parser express mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:60:25:60:29 | query | receiverName | Document | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:60:25:60:29 | query | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:63:21:63:25 | query | CalleeFlexibleAccessPath | Document.updateOne | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:63:21:63:25 | query | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:63:21:63:25 | query | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:63:21:63:25 | query | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:63:21:63:25 | query | calleeImports | mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:63:21:63:25 | query | contextFunctionInterfaces | getQueryConstructor()\ninnocent(X, Y, query) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:63:21:63:25 | query | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:63:21:63:25 | query | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:63:21:63:25 | query | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:63:21:63:25 | query | fileImports | body-parser express mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:63:21:63:25 | query | receiverName | Document | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:63:21:63:25 | query | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:63:33:63:33 | X | CalleeFlexibleAccessPath | Document.updateOne().then | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:63:33:63:33 | X | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:63:33:63:33 | X | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:63:33:63:33 | X | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:63:33:63:33 | X | calleeImports | mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:63:33:63:33 | X | contextFunctionInterfaces | getQueryConstructor()\ninnocent(X, Y, query) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:63:33:63:33 | X | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:63:33:63:33 | X | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:63:33:63:33 | X | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:63:33:63:33 | X | fileImports | body-parser express mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:63:33:63:33 | X | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:63:33:63:33 | X | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:65:29:65:29 | X | CalleeFlexibleAccessPath | Document.findByIdAndUpdate | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:65:29:65:29 | X | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:65:29:65:29 | X | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:65:29:65:29 | X | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:65:29:65:29 | X | calleeImports | mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:65:29:65:29 | X | contextFunctionInterfaces | getQueryConstructor()\ninnocent(X, Y, query) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:65:29:65:29 | X | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:65:29:65:29 | X | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:65:29:65:29 | X | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:65:29:65:29 | X | fileImports | body-parser express mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:65:29:65:29 | X | receiverName | Document | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:65:29:65:29 | X | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:65:32:65:36 | query | CalleeFlexibleAccessPath | Document.findByIdAndUpdate | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:65:32:65:36 | query | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:65:32:65:36 | query | InputArgumentIndex | 1 | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:65:32:65:36 | query | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:65:32:65:36 | query | calleeImports | mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:65:32:65:36 | query | contextFunctionInterfaces | getQueryConstructor()\ninnocent(X, Y, query) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:65:32:65:36 | query | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:65:32:65:36 | query | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:65:32:65:36 | query | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:65:32:65:36 | query | fileImports | body-parser express mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:65:32:65:36 | query | receiverName | Document | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:65:32:65:36 | query | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:65:39:65:50 | function(){} | CalleeFlexibleAccessPath | Document.findByIdAndUpdate | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:65:39:65:50 | function(){} | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:65:39:65:50 | function(){} | InputArgumentIndex | 2 | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:65:39:65:50 | function(){} | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:65:39:65:50 | function(){} | calleeImports | mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:65:39:65:50 | function(){} | contextFunctionInterfaces | getQueryConstructor()\ninnocent(X, Y, query) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:65:39:65:50 | function(){} | contextSurroundingFunctionParameters | (req, res)\n() | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:65:39:65:50 | function(){} | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:65:39:65:50 | function(){} | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:65:39:65:50 | function(){} | fileImports | body-parser express mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:65:39:65:50 | function(){} | receiverName | Document | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:65:39:65:50 | function(){} | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:67:27:67:31 | query | CalleeFlexibleAccessPath | Mongoose.Query | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:67:27:67:31 | query | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:67:27:67:31 | query | InputArgumentIndex | 2 | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:67:27:67:31 | query | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:67:27:67:31 | query | calleeImports | mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:67:27:67:31 | query | contextFunctionInterfaces | getQueryConstructor()\ninnocent(X, Y, query) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:67:27:67:31 | query | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:67:27:67:31 | query | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:67:27:67:31 | query | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:67:27:67:31 | query | fileImports | body-parser express mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:67:27:67:31 | query | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:67:27:67:31 | query | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:68:8:68:12 | query | CalleeFlexibleAccessPath | Mongoose.Query().and | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:68:8:68:12 | query | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:68:8:68:12 | query | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:68:8:68:12 | query | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:68:8:68:12 | query | calleeImports | mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:68:8:68:12 | query | contextFunctionInterfaces | getQueryConstructor()\ninnocent(X, Y, query) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:68:8:68:12 | query | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:68:8:68:12 | query | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:68:8:68:12 | query | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:68:8:68:12 | query | fileImports | body-parser express mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:68:8:68:12 | query | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:68:8:68:12 | query | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:68:15:68:26 | function(){} | CalleeFlexibleAccessPath | Mongoose.Query().and | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:68:15:68:26 | function(){} | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:68:15:68:26 | function(){} | InputArgumentIndex | 1 | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:68:15:68:26 | function(){} | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:68:15:68:26 | function(){} | calleeImports | mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:68:15:68:26 | function(){} | contextFunctionInterfaces | getQueryConstructor()\ninnocent(X, Y, query) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:68:15:68:26 | function(){} | contextSurroundingFunctionParameters | (req, res)\n() | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:68:15:68:26 | function(){} | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:68:15:68:26 | function(){} | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:68:15:68:26 | function(){} | fileImports | body-parser express mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:68:15:68:26 | function(){} | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:68:15:68:26 | function(){} | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:71:20:71:24 | query | CalleeFlexibleAccessPath | Document.where | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:71:20:71:24 | query | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:71:20:71:24 | query | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:71:20:71:24 | query | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:71:20:71:24 | query | calleeImports | mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:71:20:71:24 | query | contextFunctionInterfaces | getQueryConstructor()\ninnocent(X, Y, query) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:71:20:71:24 | query | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:71:20:71:24 | query | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:71:20:71:24 | query | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:71:20:71:24 | query | fileImports | body-parser express mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:71:20:71:24 | query | receiverName | Document | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:71:20:71:24 | query | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:72:16:72:20 | query | CalleeFlexibleAccessPath | Document.where().where | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:72:16:72:20 | query | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:72:16:72:20 | query | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:72:16:72:20 | query | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:72:16:72:20 | query | calleeImports | mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:72:16:72:20 | query | contextFunctionInterfaces | getQueryConstructor()\ninnocent(X, Y, query) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:72:16:72:20 | query | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:72:16:72:20 | query | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:72:16:72:20 | query | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:72:16:72:20 | query | fileImports | body-parser express mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:72:16:72:20 | query | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:72:16:72:20 | query | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:73:8:73:12 | query | CalleeFlexibleAccessPath | Document.where().where().and | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:73:8:73:12 | query | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:73:8:73:12 | query | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:73:8:73:12 | query | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:73:8:73:12 | query | calleeImports | mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:73:8:73:12 | query | contextFunctionInterfaces | getQueryConstructor()\ninnocent(X, Y, query) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:73:8:73:12 | query | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:73:8:73:12 | query | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:73:8:73:12 | query | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:73:8:73:12 | query | fileImports | body-parser express mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:73:8:73:12 | query | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:73:8:73:12 | query | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:74:7:74:11 | query | CalleeFlexibleAccessPath | Document.where().where().and().or | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:74:7:74:11 | query | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:74:7:74:11 | query | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:74:7:74:11 | query | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:74:7:74:11 | query | calleeImports | mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:74:7:74:11 | query | contextFunctionInterfaces | getQueryConstructor()\ninnocent(X, Y, query) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:74:7:74:11 | query | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:74:7:74:11 | query | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:74:7:74:11 | query | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:74:7:74:11 | query | fileImports | body-parser express mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:74:7:74:11 | query | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:74:7:74:11 | query | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:75:16:75:20 | query | CalleeFlexibleAccessPath | Document.where().where().and().or().distinct | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:75:16:75:20 | query | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:75:16:75:20 | query | InputArgumentIndex | 1 | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:75:16:75:20 | query | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:75:16:75:20 | query | calleeImports | mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:75:16:75:20 | query | contextFunctionInterfaces | getQueryConstructor()\ninnocent(X, Y, query) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:75:16:75:20 | query | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:75:16:75:20 | query | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:75:16:75:20 | query | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:75:16:75:20 | query | fileImports | body-parser express mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:75:16:75:20 | query | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:75:16:75:20 | query | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:76:12:76:16 | query | CalleeFlexibleAccessPath | Document.where().where().and().or().distinct().comment | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:76:12:76:16 | query | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:76:12:76:16 | query | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:76:12:76:16 | query | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:76:12:76:16 | query | calleeImports | mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:76:12:76:16 | query | contextFunctionInterfaces | getQueryConstructor()\ninnocent(X, Y, query) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:76:12:76:16 | query | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:76:12:76:16 | query | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:76:12:76:16 | query | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:76:12:76:16 | query | fileImports | body-parser express mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:76:12:76:16 | query | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:76:12:76:16 | query | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:77:10:77:14 | query | CalleeFlexibleAccessPath | Document.where().where().and().or().distinct().comment().count | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:77:10:77:14 | query | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:77:10:77:14 | query | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:77:10:77:14 | query | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:77:10:77:14 | query | calleeImports | mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:77:10:77:14 | query | contextFunctionInterfaces | getQueryConstructor()\ninnocent(X, Y, query) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:77:10:77:14 | query | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:77:10:77:14 | query | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:77:10:77:14 | query | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:77:10:77:14 | query | fileImports | body-parser express mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:77:10:77:14 | query | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:77:10:77:14 | query | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:81:28:81:28 | X | CalleeFlexibleAccessPath | Mongoose.createConnection | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:81:28:81:28 | X | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:81:28:81:28 | X | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:81:28:81:28 | X | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:81:28:81:28 | X | calleeImports | mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:81:28:81:28 | X | contextFunctionInterfaces | getQueryConstructor()\ninnocent(X, Y, query) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:81:28:81:28 | X | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:81:28:81:28 | X | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:81:28:81:28 | X | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:81:28:81:28 | X | fileImports | body-parser express mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:81:28:81:28 | X | receiverName | Mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:81:28:81:28 | X | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:81:37:81:41 | query | CalleeFlexibleAccessPath | Mongoose.createConnection().count | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:81:37:81:41 | query | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:81:37:81:41 | query | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:81:37:81:41 | query | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:81:37:81:41 | query | calleeImports | mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:81:37:81:41 | query | contextFunctionInterfaces | getQueryConstructor()\ninnocent(X, Y, query) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:81:37:81:41 | query | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:81:37:81:41 | query | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:81:37:81:41 | query | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:81:37:81:41 | query | fileImports | body-parser express mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:81:37:81:41 | query | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:81:37:81:41 | query | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:82:28:82:28 | X | CalleeFlexibleAccessPath | Mongoose.createConnection | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:82:28:82:28 | X | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:82:28:82:28 | X | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:82:28:82:28 | X | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:82:28:82:28 | X | calleeImports | mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:82:28:82:28 | X | contextFunctionInterfaces | getQueryConstructor()\ninnocent(X, Y, query) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:82:28:82:28 | X | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:82:28:82:28 | X | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:82:28:82:28 | X | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:82:28:82:28 | X | fileImports | body-parser express mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:82:28:82:28 | X | receiverName | Mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:82:28:82:28 | X | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:82:37:82:37 | Y | CalleeFlexibleAccessPath | Mongoose.createConnection().model | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:82:37:82:37 | Y | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:82:37:82:37 | Y | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:82:37:82:37 | Y | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:82:37:82:37 | Y | calleeImports | mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:82:37:82:37 | Y | contextFunctionInterfaces | getQueryConstructor()\ninnocent(X, Y, query) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:82:37:82:37 | Y | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:82:37:82:37 | Y | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:82:37:82:37 | Y | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:82:37:82:37 | Y | fileImports | body-parser express mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:82:37:82:37 | Y | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:82:37:82:37 | Y | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:82:46:82:50 | query | CalleeFlexibleAccessPath | Mongoose.createConnection().model().count | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:82:46:82:50 | query | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:82:46:82:50 | query | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:82:46:82:50 | query | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:82:46:82:50 | query | calleeImports | mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:82:46:82:50 | query | contextFunctionInterfaces | getQueryConstructor()\ninnocent(X, Y, query) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:82:46:82:50 | query | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:82:46:82:50 | query | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:82:46:82:50 | query | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:82:46:82:50 | query | fileImports | body-parser express mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:82:46:82:50 | query | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:82:46:82:50 | query | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:83:28:83:28 | X | CalleeFlexibleAccessPath | Mongoose.createConnection | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:83:28:83:28 | X | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:83:28:83:28 | X | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:83:28:83:28 | X | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:83:28:83:28 | X | calleeImports | mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:83:28:83:28 | X | contextFunctionInterfaces | getQueryConstructor()\ninnocent(X, Y, query) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:83:28:83:28 | X | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:83:28:83:28 | X | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:83:28:83:28 | X | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:83:28:83:28 | X | fileImports | body-parser express mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:83:28:83:28 | X | receiverName | Mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:83:28:83:28 | X | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:83:47:83:51 | query | CalleeFlexibleAccessPath | Mongoose.createConnection().models.?.count | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:83:47:83:51 | query | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:83:47:83:51 | query | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:83:47:83:51 | query | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:83:47:83:51 | query | calleeImports | mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:83:47:83:51 | query | contextFunctionInterfaces | getQueryConstructor()\ninnocent(X, Y, query) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:83:47:83:51 | query | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:83:47:83:51 | query | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:83:47:83:51 | query | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:83:47:83:51 | query | fileImports | body-parser express mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:83:47:83:51 | query | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:83:47:83:51 | query | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:85:19:85:19 | X | CalleeFlexibleAccessPath | Document.findOne | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:85:19:85:19 | X | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:85:19:85:19 | X | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:85:19:85:19 | X | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:85:19:85:19 | X | calleeImports | mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:85:19:85:19 | X | contextFunctionInterfaces | getQueryConstructor()\ninnocent(X, Y, query) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:85:19:85:19 | X | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:85:19:85:19 | X | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:85:19:85:19 | X | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:85:19:85:19 | X | fileImports | body-parser express mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:85:19:85:19 | X | receiverName | Document | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:85:19:85:19 | X | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:85:22:85:51 | (err, r ... (query) | CalleeFlexibleAccessPath | Document.findOne | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:85:22:85:51 | (err, r ... (query) | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:85:22:85:51 | (err, r ... (query) | InputArgumentIndex | 1 | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:85:22:85:51 | (err, r ... (query) | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:85:22:85:51 | (err, r ... (query) | calleeImports | mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:85:22:85:51 | (err, r ... (query) | contextFunctionInterfaces | getQueryConstructor()\ninnocent(X, Y, query) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:85:22:85:51 | (err, r ... (query) | contextSurroundingFunctionParameters | (req, res)\n(err, res) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:85:22:85:51 | (err, r ... (query) | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:85:22:85:51 | (err, r ... (query) | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:85:22:85:51 | (err, r ... (query) | fileImports | body-parser express mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:85:22:85:51 | (err, r ... (query) | receiverName | Document | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:85:22:85:51 | (err, r ... (query) | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:85:46:85:50 | query | CalleeFlexibleAccessPath | res.count | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:85:46:85:50 | query | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:85:46:85:50 | query | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:85:46:85:50 | query | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:85:46:85:50 | query | calleeImports | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:85:46:85:50 | query | contextFunctionInterfaces | getQueryConstructor()\ninnocent(X, Y, query) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:85:46:85:50 | query | contextSurroundingFunctionParameters | (req, res)\n(err, res) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:85:46:85:50 | query | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:85:46:85:50 | query | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:85:46:85:50 | query | fileImports | body-parser express mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:85:46:85:50 | query | receiverName | res | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:85:46:85:50 | query | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:86:19:86:19 | X | CalleeFlexibleAccessPath | Document.findOne | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:86:19:86:19 | X | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:86:19:86:19 | X | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:86:19:86:19 | X | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:86:19:86:19 | X | calleeImports | mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:86:19:86:19 | X | contextFunctionInterfaces | getQueryConstructor()\ninnocent(X, Y, query) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:86:19:86:19 | X | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:86:19:86:19 | X | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:86:19:86:19 | X | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:86:19:86:19 | X | fileImports | body-parser express mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:86:19:86:19 | X | receiverName | Document | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:86:19:86:19 | X | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:86:22:86:51 | (err, r ... (query) | CalleeFlexibleAccessPath | Document.findOne | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:86:22:86:51 | (err, r ... (query) | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:86:22:86:51 | (err, r ... (query) | InputArgumentIndex | 1 | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:86:22:86:51 | (err, r ... (query) | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:86:22:86:51 | (err, r ... (query) | calleeImports | mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:86:22:86:51 | (err, r ... (query) | contextFunctionInterfaces | getQueryConstructor()\ninnocent(X, Y, query) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:86:22:86:51 | (err, r ... (query) | contextSurroundingFunctionParameters | (req, res)\n(err, res) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:86:22:86:51 | (err, r ... (query) | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:86:22:86:51 | (err, r ... (query) | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:86:22:86:51 | (err, r ... (query) | fileImports | body-parser express mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:86:22:86:51 | (err, r ... (query) | receiverName | Document | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:86:22:86:51 | (err, r ... (query) | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:86:46:86:50 | query | CalleeFlexibleAccessPath | err.count | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:86:46:86:50 | query | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:86:46:86:50 | query | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:86:46:86:50 | query | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:86:46:86:50 | query | calleeImports | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:86:46:86:50 | query | contextFunctionInterfaces | getQueryConstructor()\ninnocent(X, Y, query) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:86:46:86:50 | query | contextSurroundingFunctionParameters | (req, res)\n(err, res) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:86:46:86:50 | query | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:86:46:86:50 | query | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:86:46:86:50 | query | fileImports | body-parser express mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:86:46:86:50 | query | receiverName | err | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:86:46:86:50 | query | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:87:19:87:19 | X | CalleeFlexibleAccessPath | Document.findOne | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:87:19:87:19 | X | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:87:19:87:19 | X | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:87:19:87:19 | X | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:87:19:87:19 | X | calleeImports | mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:87:19:87:19 | X | contextFunctionInterfaces | getQueryConstructor()\ninnocent(X, Y, query) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:87:19:87:19 | X | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:87:19:87:19 | X | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:87:19:87:19 | X | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:87:19:87:19 | X | fileImports | body-parser express mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:87:19:87:19 | X | receiverName | Document | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:87:19:87:19 | X | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:87:27:87:56 | (err, r ... (query) | CalleeFlexibleAccessPath | Document.findOne().exec | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:87:27:87:56 | (err, r ... (query) | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:87:27:87:56 | (err, r ... (query) | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:87:27:87:56 | (err, r ... (query) | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:87:27:87:56 | (err, r ... (query) | calleeImports | mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:87:27:87:56 | (err, r ... (query) | contextFunctionInterfaces | getQueryConstructor()\ninnocent(X, Y, query) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:87:27:87:56 | (err, r ... (query) | contextSurroundingFunctionParameters | (req, res)\n(err, res) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:87:27:87:56 | (err, r ... (query) | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:87:27:87:56 | (err, r ... (query) | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:87:27:87:56 | (err, r ... (query) | fileImports | body-parser express mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:87:27:87:56 | (err, r ... (query) | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:87:27:87:56 | (err, r ... (query) | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:87:51:87:55 | query | CalleeFlexibleAccessPath | res.count | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:87:51:87:55 | query | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:87:51:87:55 | query | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:87:51:87:55 | query | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:87:51:87:55 | query | calleeImports | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:87:51:87:55 | query | contextFunctionInterfaces | getQueryConstructor()\ninnocent(X, Y, query) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:87:51:87:55 | query | contextSurroundingFunctionParameters | (req, res)\n(err, res) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:87:51:87:55 | query | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:87:51:87:55 | query | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:87:51:87:55 | query | fileImports | body-parser express mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:87:51:87:55 | query | receiverName | res | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:87:51:87:55 | query | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:88:19:88:19 | X | CalleeFlexibleAccessPath | Document.findOne | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:88:19:88:19 | X | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:88:19:88:19 | X | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:88:19:88:19 | X | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:88:19:88:19 | X | calleeImports | mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:88:19:88:19 | X | contextFunctionInterfaces | getQueryConstructor()\ninnocent(X, Y, query) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:88:19:88:19 | X | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:88:19:88:19 | X | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:88:19:88:19 | X | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:88:19:88:19 | X | fileImports | body-parser express mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:88:19:88:19 | X | receiverName | Document | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:88:19:88:19 | X | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:88:27:88:56 | (err, r ... (query) | CalleeFlexibleAccessPath | Document.findOne().exec | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:88:27:88:56 | (err, r ... (query) | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:88:27:88:56 | (err, r ... (query) | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:88:27:88:56 | (err, r ... (query) | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:88:27:88:56 | (err, r ... (query) | calleeImports | mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:88:27:88:56 | (err, r ... (query) | contextFunctionInterfaces | getQueryConstructor()\ninnocent(X, Y, query) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:88:27:88:56 | (err, r ... (query) | contextSurroundingFunctionParameters | (req, res)\n(err, res) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:88:27:88:56 | (err, r ... (query) | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:88:27:88:56 | (err, r ... (query) | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:88:27:88:56 | (err, r ... (query) | fileImports | body-parser express mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:88:27:88:56 | (err, r ... (query) | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:88:27:88:56 | (err, r ... (query) | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:88:51:88:55 | query | CalleeFlexibleAccessPath | err.count | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:88:51:88:55 | query | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:88:51:88:55 | query | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:88:51:88:55 | query | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:88:51:88:55 | query | calleeImports | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:88:51:88:55 | query | contextFunctionInterfaces | getQueryConstructor()\ninnocent(X, Y, query) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:88:51:88:55 | query | contextSurroundingFunctionParameters | (req, res)\n(err, res) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:88:51:88:55 | query | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:88:51:88:55 | query | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:88:51:88:55 | query | fileImports | body-parser express mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:88:51:88:55 | query | receiverName | err | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:88:51:88:55 | query | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:89:19:89:19 | X | CalleeFlexibleAccessPath | Document.findOne | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:89:19:89:19 | X | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:89:19:89:19 | X | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:89:19:89:19 | X | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:89:19:89:19 | X | calleeImports | mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:89:19:89:19 | X | contextFunctionInterfaces | getQueryConstructor()\ninnocent(X, Y, query) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:89:19:89:19 | X | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:89:19:89:19 | X | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:89:19:89:19 | X | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:89:19:89:19 | X | fileImports | body-parser express mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:89:19:89:19 | X | receiverName | Document | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:89:19:89:19 | X | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:89:27:89:51 | (res) = ... (query) | CalleeFlexibleAccessPath | Document.findOne().then | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:89:27:89:51 | (res) = ... (query) | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:89:27:89:51 | (res) = ... (query) | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:89:27:89:51 | (res) = ... (query) | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:89:27:89:51 | (res) = ... (query) | calleeImports | mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:89:27:89:51 | (res) = ... (query) | contextFunctionInterfaces | getQueryConstructor()\ninnocent(X, Y, query) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:89:27:89:51 | (res) = ... (query) | contextSurroundingFunctionParameters | (req, res)\n(res) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:89:27:89:51 | (res) = ... (query) | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:89:27:89:51 | (res) = ... (query) | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:89:27:89:51 | (res) = ... (query) | fileImports | body-parser express mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:89:27:89:51 | (res) = ... (query) | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:89:27:89:51 | (res) = ... (query) | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:89:46:89:50 | query | CalleeFlexibleAccessPath | res.count | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:89:46:89:50 | query | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:89:46:89:50 | query | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:89:46:89:50 | query | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:89:46:89:50 | query | calleeImports | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:89:46:89:50 | query | contextFunctionInterfaces | getQueryConstructor()\ninnocent(X, Y, query) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:89:46:89:50 | query | contextSurroundingFunctionParameters | (req, res)\n(res) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:89:46:89:50 | query | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:89:46:89:50 | query | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:89:46:89:50 | query | fileImports | body-parser express mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:89:46:89:50 | query | receiverName | res | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:89:46:89:50 | query | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:19:90:19 | X | CalleeFlexibleAccessPath | Document.findOne | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:19:90:19 | X | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:19:90:19 | X | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:19:90:19 | X | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:19:90:19 | X | calleeImports | mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:19:90:19 | X | contextFunctionInterfaces | getQueryConstructor()\ninnocent(X, Y, query) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:19:90:19 | X | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:19:90:19 | X | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:19:90:19 | X | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:19:90:19 | X | fileImports | body-parser express mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:19:90:19 | X | receiverName | Document | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:19:90:19 | X | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:27:90:27 | Y | CalleeFlexibleAccessPath | Document.findOne().then | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:27:90:27 | Y | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:27:90:27 | Y | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:27:90:27 | Y | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:27:90:27 | Y | calleeImports | mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:27:90:27 | Y | contextFunctionInterfaces | getQueryConstructor()\ninnocent(X, Y, query) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:27:90:27 | Y | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:27:90:27 | Y | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:27:90:27 | Y | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:27:90:27 | Y | fileImports | body-parser express mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:27:90:27 | Y | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:27:90:27 | Y | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:30:90:54 | (err) = ... (query) | CalleeFlexibleAccessPath | Document.findOne().then | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:30:90:54 | (err) = ... (query) | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:30:90:54 | (err) = ... (query) | InputArgumentIndex | 1 | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:30:90:54 | (err) = ... (query) | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:30:90:54 | (err) = ... (query) | calleeImports | mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:30:90:54 | (err) = ... (query) | contextFunctionInterfaces | getQueryConstructor()\ninnocent(X, Y, query) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:30:90:54 | (err) = ... (query) | contextSurroundingFunctionParameters | (req, res)\n(err) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:30:90:54 | (err) = ... (query) | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:30:90:54 | (err) = ... (query) | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:30:90:54 | (err) = ... (query) | fileImports | body-parser express mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:30:90:54 | (err) = ... (query) | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:30:90:54 | (err) = ... (query) | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:49:90:53 | query | CalleeFlexibleAccessPath | err.count | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:49:90:53 | query | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:49:90:53 | query | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:49:90:53 | query | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:49:90:53 | query | calleeImports | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:49:90:53 | query | contextFunctionInterfaces | getQueryConstructor()\ninnocent(X, Y, query) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:49:90:53 | query | contextSurroundingFunctionParameters | (req, res)\n(err) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:49:90:53 | query | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:49:90:53 | query | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:49:90:53 | query | fileImports | body-parser express mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:49:90:53 | query | receiverName | err | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:49:90:53 | query | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:92:16:92:16 | X | CalleeFlexibleAccessPath | Document.find | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:92:16:92:16 | X | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:92:16:92:16 | X | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:92:16:92:16 | X | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:92:16:92:16 | X | calleeImports | mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:92:16:92:16 | X | contextFunctionInterfaces | getQueryConstructor()\ninnocent(X, Y, query) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:92:16:92:16 | X | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:92:16:92:16 | X | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:92:16:92:16 | X | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:92:16:92:16 | X | fileImports | body-parser express mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:92:16:92:16 | X | receiverName | Document | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:92:16:92:16 | X | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:92:19:92:51 | (err, r ... (query) | CalleeFlexibleAccessPath | Document.find | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:92:19:92:51 | (err, r ... (query) | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:92:19:92:51 | (err, r ... (query) | InputArgumentIndex | 1 | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:92:19:92:51 | (err, r ... (query) | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:92:19:92:51 | (err, r ... (query) | calleeImports | mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:92:19:92:51 | (err, r ... (query) | contextFunctionInterfaces | getQueryConstructor()\ninnocent(X, Y, query) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:92:19:92:51 | (err, r ... (query) | contextSurroundingFunctionParameters | (req, res)\n(err, res) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:92:19:92:51 | (err, r ... (query) | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:92:19:92:51 | (err, r ... (query) | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:92:19:92:51 | (err, r ... (query) | fileImports | body-parser express mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:92:19:92:51 | (err, r ... (query) | receiverName | Document | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:92:19:92:51 | (err, r ... (query) | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:92:46:92:50 | query | CalleeFlexibleAccessPath | res.?.count | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:92:46:92:50 | query | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:92:46:92:50 | query | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:92:46:92:50 | query | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:92:46:92:50 | query | calleeImports | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:92:46:92:50 | query | contextFunctionInterfaces | getQueryConstructor()\ninnocent(X, Y, query) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:92:46:92:50 | query | contextSurroundingFunctionParameters | (req, res)\n(err, res) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:92:46:92:50 | query | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:92:46:92:50 | query | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:92:46:92:50 | query | fileImports | body-parser express mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:92:46:92:50 | query | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:92:46:92:50 | query | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:93:16:93:16 | X | CalleeFlexibleAccessPath | Document.find | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:93:16:93:16 | X | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:93:16:93:16 | X | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:93:16:93:16 | X | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:93:16:93:16 | X | calleeImports | mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:93:16:93:16 | X | contextFunctionInterfaces | getQueryConstructor()\ninnocent(X, Y, query) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:93:16:93:16 | X | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:93:16:93:16 | X | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:93:16:93:16 | X | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:93:16:93:16 | X | fileImports | body-parser express mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:93:16:93:16 | X | receiverName | Document | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:93:16:93:16 | X | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:93:19:93:48 | (err, r ... (query) | CalleeFlexibleAccessPath | Document.find | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:93:19:93:48 | (err, r ... (query) | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:93:19:93:48 | (err, r ... (query) | InputArgumentIndex | 1 | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:93:19:93:48 | (err, r ... (query) | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:93:19:93:48 | (err, r ... (query) | calleeImports | mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:93:19:93:48 | (err, r ... (query) | contextFunctionInterfaces | getQueryConstructor()\ninnocent(X, Y, query) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:93:19:93:48 | (err, r ... (query) | contextSurroundingFunctionParameters | (req, res)\n(err, res) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:93:19:93:48 | (err, r ... (query) | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:93:19:93:48 | (err, r ... (query) | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:93:19:93:48 | (err, r ... (query) | fileImports | body-parser express mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:93:19:93:48 | (err, r ... (query) | receiverName | Document | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:93:19:93:48 | (err, r ... (query) | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:93:43:93:47 | query | CalleeFlexibleAccessPath | err.count | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:93:43:93:47 | query | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:93:43:93:47 | query | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:93:43:93:47 | query | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:93:43:93:47 | query | calleeImports | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:93:43:93:47 | query | contextFunctionInterfaces | getQueryConstructor()\ninnocent(X, Y, query) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:93:43:93:47 | query | contextSurroundingFunctionParameters | (req, res)\n(err, res) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:93:43:93:47 | query | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:93:43:93:47 | query | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:93:43:93:47 | query | fileImports | body-parser express mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:93:43:93:47 | query | receiverName | err | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:93:43:93:47 | query | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:94:16:94:16 | X | CalleeFlexibleAccessPath | Document.find | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:94:16:94:16 | X | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:94:16:94:16 | X | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:94:16:94:16 | X | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:94:16:94:16 | X | calleeImports | mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:94:16:94:16 | X | contextFunctionInterfaces | getQueryConstructor()\ninnocent(X, Y, query) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:94:16:94:16 | X | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:94:16:94:16 | X | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:94:16:94:16 | X | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:94:16:94:16 | X | fileImports | body-parser express mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:94:16:94:16 | X | receiverName | Document | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:94:16:94:16 | X | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:94:24:94:56 | (err, r ... (query) | CalleeFlexibleAccessPath | Document.find().exec | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:94:24:94:56 | (err, r ... (query) | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:94:24:94:56 | (err, r ... (query) | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:94:24:94:56 | (err, r ... (query) | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:94:24:94:56 | (err, r ... (query) | calleeImports | mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:94:24:94:56 | (err, r ... (query) | contextFunctionInterfaces | getQueryConstructor()\ninnocent(X, Y, query) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:94:24:94:56 | (err, r ... (query) | contextSurroundingFunctionParameters | (req, res)\n(err, res) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:94:24:94:56 | (err, r ... (query) | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:94:24:94:56 | (err, r ... (query) | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:94:24:94:56 | (err, r ... (query) | fileImports | body-parser express mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:94:24:94:56 | (err, r ... (query) | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:94:24:94:56 | (err, r ... (query) | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:94:51:94:55 | query | CalleeFlexibleAccessPath | res.?.count | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:94:51:94:55 | query | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:94:51:94:55 | query | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:94:51:94:55 | query | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:94:51:94:55 | query | calleeImports | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:94:51:94:55 | query | contextFunctionInterfaces | getQueryConstructor()\ninnocent(X, Y, query) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:94:51:94:55 | query | contextSurroundingFunctionParameters | (req, res)\n(err, res) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:94:51:94:55 | query | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:94:51:94:55 | query | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:94:51:94:55 | query | fileImports | body-parser express mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:94:51:94:55 | query | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:94:51:94:55 | query | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:95:16:95:16 | X | CalleeFlexibleAccessPath | Document.find | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:95:16:95:16 | X | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:95:16:95:16 | X | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:95:16:95:16 | X | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:95:16:95:16 | X | calleeImports | mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:95:16:95:16 | X | contextFunctionInterfaces | getQueryConstructor()\ninnocent(X, Y, query) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:95:16:95:16 | X | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:95:16:95:16 | X | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:95:16:95:16 | X | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:95:16:95:16 | X | fileImports | body-parser express mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:95:16:95:16 | X | receiverName | Document | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:95:16:95:16 | X | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:95:24:95:53 | (err, r ... (query) | CalleeFlexibleAccessPath | Document.find().exec | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:95:24:95:53 | (err, r ... (query) | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:95:24:95:53 | (err, r ... (query) | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:95:24:95:53 | (err, r ... (query) | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:95:24:95:53 | (err, r ... (query) | calleeImports | mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:95:24:95:53 | (err, r ... (query) | contextFunctionInterfaces | getQueryConstructor()\ninnocent(X, Y, query) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:95:24:95:53 | (err, r ... (query) | contextSurroundingFunctionParameters | (req, res)\n(err, res) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:95:24:95:53 | (err, r ... (query) | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:95:24:95:53 | (err, r ... (query) | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:95:24:95:53 | (err, r ... (query) | fileImports | body-parser express mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:95:24:95:53 | (err, r ... (query) | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:95:24:95:53 | (err, r ... (query) | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:95:48:95:52 | query | CalleeFlexibleAccessPath | err.count | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:95:48:95:52 | query | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:95:48:95:52 | query | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:95:48:95:52 | query | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:95:48:95:52 | query | calleeImports | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:95:48:95:52 | query | contextFunctionInterfaces | getQueryConstructor()\ninnocent(X, Y, query) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:95:48:95:52 | query | contextSurroundingFunctionParameters | (req, res)\n(err, res) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:95:48:95:52 | query | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:95:48:95:52 | query | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:95:48:95:52 | query | fileImports | body-parser express mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:95:48:95:52 | query | receiverName | err | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:95:48:95:52 | query | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:96:16:96:16 | X | CalleeFlexibleAccessPath | Document.find | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:96:16:96:16 | X | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:96:16:96:16 | X | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:96:16:96:16 | X | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:96:16:96:16 | X | calleeImports | mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:96:16:96:16 | X | contextFunctionInterfaces | getQueryConstructor()\ninnocent(X, Y, query) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:96:16:96:16 | X | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:96:16:96:16 | X | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:96:16:96:16 | X | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:96:16:96:16 | X | fileImports | body-parser express mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:96:16:96:16 | X | receiverName | Document | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:96:16:96:16 | X | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:96:24:96:51 | (res) = ... (query) | CalleeFlexibleAccessPath | Document.find().then | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:96:24:96:51 | (res) = ... (query) | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:96:24:96:51 | (res) = ... (query) | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:96:24:96:51 | (res) = ... (query) | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:96:24:96:51 | (res) = ... (query) | calleeImports | mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:96:24:96:51 | (res) = ... (query) | contextFunctionInterfaces | getQueryConstructor()\ninnocent(X, Y, query) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:96:24:96:51 | (res) = ... (query) | contextSurroundingFunctionParameters | (req, res)\n(res) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:96:24:96:51 | (res) = ... (query) | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:96:24:96:51 | (res) = ... (query) | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:96:24:96:51 | (res) = ... (query) | fileImports | body-parser express mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:96:24:96:51 | (res) = ... (query) | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:96:24:96:51 | (res) = ... (query) | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:96:46:96:50 | query | CalleeFlexibleAccessPath | res.?.count | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:96:46:96:50 | query | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:96:46:96:50 | query | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:96:46:96:50 | query | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:96:46:96:50 | query | calleeImports | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:96:46:96:50 | query | contextFunctionInterfaces | getQueryConstructor()\ninnocent(X, Y, query) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:96:46:96:50 | query | contextSurroundingFunctionParameters | (req, res)\n(res) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:96:46:96:50 | query | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:96:46:96:50 | query | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:96:46:96:50 | query | fileImports | body-parser express mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:96:46:96:50 | query | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:96:46:96:50 | query | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:16:97:16 | X | CalleeFlexibleAccessPath | Document.find | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:16:97:16 | X | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:16:97:16 | X | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:16:97:16 | X | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:16:97:16 | X | calleeImports | mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:16:97:16 | X | contextFunctionInterfaces | getQueryConstructor()\ninnocent(X, Y, query) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:16:97:16 | X | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:16:97:16 | X | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:16:97:16 | X | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:16:97:16 | X | fileImports | body-parser express mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:16:97:16 | X | receiverName | Document | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:16:97:16 | X | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:24:97:24 | Y | CalleeFlexibleAccessPath | Document.find().then | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:24:97:24 | Y | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:24:97:24 | Y | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:24:97:24 | Y | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:24:97:24 | Y | calleeImports | mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:24:97:24 | Y | contextFunctionInterfaces | getQueryConstructor()\ninnocent(X, Y, query) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:24:97:24 | Y | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:24:97:24 | Y | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:24:97:24 | Y | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:24:97:24 | Y | fileImports | body-parser express mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:24:97:24 | Y | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:24:97:24 | Y | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:27:97:51 | (err) = ... (query) | CalleeFlexibleAccessPath | Document.find().then | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:27:97:51 | (err) = ... (query) | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:27:97:51 | (err) = ... (query) | InputArgumentIndex | 1 | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:27:97:51 | (err) = ... (query) | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:27:97:51 | (err) = ... (query) | calleeImports | mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:27:97:51 | (err) = ... (query) | contextFunctionInterfaces | getQueryConstructor()\ninnocent(X, Y, query) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:27:97:51 | (err) = ... (query) | contextSurroundingFunctionParameters | (req, res)\n(err) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:27:97:51 | (err) = ... (query) | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:27:97:51 | (err) = ... (query) | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:27:97:51 | (err) = ... (query) | fileImports | body-parser express mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:27:97:51 | (err) = ... (query) | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:27:97:51 | (err) = ... (query) | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:46:97:50 | query | CalleeFlexibleAccessPath | err.count | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:46:97:50 | query | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:46:97:50 | query | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:46:97:50 | query | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:46:97:50 | query | calleeImports | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:46:97:50 | query | contextFunctionInterfaces | getQueryConstructor()\ninnocent(X, Y, query) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:46:97:50 | query | contextSurroundingFunctionParameters | (req, res)\n(err) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:46:97:50 | query | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:46:97:50 | query | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:46:97:50 | query | fileImports | body-parser express mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:46:97:50 | query | receiverName | err | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:46:97:50 | query | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:99:17:99:17 | X | CalleeFlexibleAccessPath | Document.count | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:99:17:99:17 | X | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:99:17:99:17 | X | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:99:17:99:17 | X | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:99:17:99:17 | X | calleeImports | mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:99:17:99:17 | X | contextFunctionInterfaces | getQueryConstructor()\ninnocent(X, Y, query) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:99:17:99:17 | X | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:99:17:99:17 | X | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:99:17:99:17 | X | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:99:17:99:17 | X | fileImports | body-parser express mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:99:17:99:17 | X | receiverName | Document | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:99:17:99:17 | X | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:99:20:99:49 | (err, r ... (query) | CalleeFlexibleAccessPath | Document.count | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:99:20:99:49 | (err, r ... (query) | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:99:20:99:49 | (err, r ... (query) | InputArgumentIndex | 1 | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:99:20:99:49 | (err, r ... (query) | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:99:20:99:49 | (err, r ... (query) | calleeImports | mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:99:20:99:49 | (err, r ... (query) | contextFunctionInterfaces | getQueryConstructor()\ninnocent(X, Y, query) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:99:20:99:49 | (err, r ... (query) | contextSurroundingFunctionParameters | (req, res)\n(err, res) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:99:20:99:49 | (err, r ... (query) | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:99:20:99:49 | (err, r ... (query) | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:99:20:99:49 | (err, r ... (query) | fileImports | body-parser express mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:99:20:99:49 | (err, r ... (query) | receiverName | Document | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:99:20:99:49 | (err, r ... (query) | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:99:44:99:48 | query | CalleeFlexibleAccessPath | res.count | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:99:44:99:48 | query | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:99:44:99:48 | query | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:99:44:99:48 | query | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:99:44:99:48 | query | calleeImports | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:99:44:99:48 | query | contextFunctionInterfaces | getQueryConstructor()\ninnocent(X, Y, query) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:99:44:99:48 | query | contextSurroundingFunctionParameters | (req, res)\n(err, res) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:99:44:99:48 | query | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:99:44:99:48 | query | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:99:44:99:48 | query | fileImports | body-parser express mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:99:44:99:48 | query | receiverName | res | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:99:44:99:48 | query | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:102:53:102:62 | "constant" | CalleeFlexibleAccessPath | Mongoose.Query | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:102:53:102:62 | "constant" | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:102:53:102:62 | "constant" | InputArgumentIndex | 2 | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:102:53:102:62 | "constant" | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:102:53:102:62 | "constant" | calleeImports | mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:102:53:102:62 | "constant" | contextFunctionInterfaces | getQueryConstructor()\ninnocent(X, Y, query) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:102:53:102:62 | "constant" | contextSurroundingFunctionParameters | (X, Y, query) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:102:53:102:62 | "constant" | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:102:53:102:62 | "constant" | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:102:53:102:62 | "constant" | fileImports | body-parser express mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:102:53:102:62 | "constant" | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:102:53:102:62 | "constant" | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:111:14:111:18 | query | CalleeFlexibleAccessPath | C | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:111:14:111:18 | query | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:111:14:111:18 | query | InputArgumentIndex | 2 | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:111:14:111:18 | query | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:111:14:111:18 | query | calleeImports | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:111:14:111:18 | query | contextFunctionInterfaces | getQueryConstructor()\ninnocent(X, Y, query) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:111:14:111:18 | query | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:111:14:111:18 | query | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:111:14:111:18 | query | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:111:14:111:18 | query | fileImports | body-parser express mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:111:14:111:18 | query | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:111:14:111:18 | query | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:113:28:113:28 | X | CalleeFlexibleAccessPath | Document.findOneAndUpdate | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:113:28:113:28 | X | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:113:28:113:28 | X | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:113:28:113:28 | X | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:113:28:113:28 | X | calleeImports | mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:113:28:113:28 | X | contextFunctionInterfaces | getQueryConstructor()\ninnocent(X, Y, query) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:113:28:113:28 | X | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:113:28:113:28 | X | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:113:28:113:28 | X | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:113:28:113:28 | X | fileImports | body-parser express mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:113:28:113:28 | X | receiverName | Document | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:113:28:113:28 | X | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:113:31:113:35 | query | CalleeFlexibleAccessPath | Document.findOneAndUpdate | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:113:31:113:35 | query | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:113:31:113:35 | query | InputArgumentIndex | 1 | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:113:31:113:35 | query | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:113:31:113:35 | query | calleeImports | mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:113:31:113:35 | query | contextFunctionInterfaces | getQueryConstructor()\ninnocent(X, Y, query) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:113:31:113:35 | query | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:113:31:113:35 | query | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:113:31:113:35 | query | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:113:31:113:35 | query | fileImports | body-parser express mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:113:31:113:35 | query | receiverName | Document | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:113:31:113:35 | query | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:113:38:113:52 | function () { } | CalleeFlexibleAccessPath | Document.findOneAndUpdate | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:113:38:113:52 | function () { } | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:113:38:113:52 | function () { } | InputArgumentIndex | 2 | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:113:38:113:52 | function () { } | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:113:38:113:52 | function () { } | calleeImports | mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:113:38:113:52 | function () { } | contextFunctionInterfaces | getQueryConstructor()\ninnocent(X, Y, query) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:113:38:113:52 | function () { } | contextSurroundingFunctionParameters | (req, res)\n() | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:113:38:113:52 | function () { } | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:113:38:113:52 | function () { } | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:113:38:113:52 | function () { } | fileImports | body-parser express mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:113:38:113:52 | function () { } | receiverName | Document | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:113:38:113:52 | function () { } | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:116:22:116:25 | cond | CalleeFlexibleAccessPath | Document.deleteMany | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:116:22:116:25 | cond | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:116:22:116:25 | cond | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:116:22:116:25 | cond | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:116:22:116:25 | cond | calleeImports | mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:116:22:116:25 | cond | contextFunctionInterfaces | getQueryConstructor()\ninnocent(X, Y, query) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:116:22:116:25 | cond | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:116:22:116:25 | cond | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:116:22:116:25 | cond | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:116:22:116:25 | cond | fileImports | body-parser express mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:116:22:116:25 | cond | receiverName | Document | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:116:22:116:25 | cond | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:117:21:117:24 | cond | CalleeFlexibleAccessPath | Document.deleteOne | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:117:21:117:24 | cond | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:117:21:117:24 | cond | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:117:21:117:24 | cond | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:117:21:117:24 | cond | calleeImports | mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:117:21:117:24 | cond | contextFunctionInterfaces | getQueryConstructor()\ninnocent(X, Y, query) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:117:21:117:24 | cond | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:117:21:117:24 | cond | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:117:21:117:24 | cond | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:117:21:117:24 | cond | fileImports | body-parser express mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:117:21:117:24 | cond | receiverName | Document | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:117:21:117:24 | cond | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:118:21:118:24 | cond | CalleeFlexibleAccessPath | Document.geoSearch | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:118:21:118:24 | cond | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:118:21:118:24 | cond | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:118:21:118:24 | cond | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:118:21:118:24 | cond | calleeImports | mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:118:21:118:24 | cond | contextFunctionInterfaces | getQueryConstructor()\ninnocent(X, Y, query) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:118:21:118:24 | cond | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:118:21:118:24 | cond | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:118:21:118:24 | cond | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:118:21:118:24 | cond | fileImports | body-parser express mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:118:21:118:24 | cond | receiverName | Document | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:118:21:118:24 | cond | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:119:18:119:21 | cond | CalleeFlexibleAccessPath | Document.remove | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:119:18:119:21 | cond | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:119:18:119:21 | cond | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:119:18:119:21 | cond | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:119:18:119:21 | cond | calleeImports | mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:119:18:119:21 | cond | contextFunctionInterfaces | getQueryConstructor()\ninnocent(X, Y, query) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:119:18:119:21 | cond | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:119:18:119:21 | cond | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:119:18:119:21 | cond | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:119:18:119:21 | cond | fileImports | body-parser express mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:119:18:119:21 | cond | receiverName | Document | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:119:18:119:21 | cond | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:120:22:120:25 | cond | CalleeFlexibleAccessPath | Document.replaceOne | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:120:22:120:25 | cond | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:120:22:120:25 | cond | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:120:22:120:25 | cond | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:120:22:120:25 | cond | calleeImports | mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:120:22:120:25 | cond | contextFunctionInterfaces | getQueryConstructor()\ninnocent(X, Y, query) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:120:22:120:25 | cond | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:120:22:120:25 | cond | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:120:22:120:25 | cond | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:120:22:120:25 | cond | fileImports | body-parser express mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:120:22:120:25 | cond | receiverName | Document | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:120:22:120:25 | cond | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:121:16:121:19 | cond | CalleeFlexibleAccessPath | Document.find | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:121:16:121:19 | cond | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:121:16:121:19 | cond | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:121:16:121:19 | cond | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:121:16:121:19 | cond | calleeImports | mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:121:16:121:19 | cond | contextFunctionInterfaces | getQueryConstructor()\ninnocent(X, Y, query) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:121:16:121:19 | cond | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:121:16:121:19 | cond | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:121:16:121:19 | cond | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:121:16:121:19 | cond | fileImports | body-parser express mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:121:16:121:19 | cond | receiverName | Document | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:121:16:121:19 | cond | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:122:19:122:22 | cond | CalleeFlexibleAccessPath | Document.findOne | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:122:19:122:22 | cond | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:122:19:122:22 | cond | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:122:19:122:22 | cond | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:122:19:122:22 | cond | calleeImports | mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:122:19:122:22 | cond | contextFunctionInterfaces | getQueryConstructor()\ninnocent(X, Y, query) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:122:19:122:22 | cond | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:122:19:122:22 | cond | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:122:19:122:22 | cond | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:122:19:122:22 | cond | fileImports | body-parser express mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:122:19:122:22 | cond | receiverName | Document | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:122:19:122:22 | cond | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:123:20:123:21 | id | CalleeFlexibleAccessPath | Document.findById | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:123:20:123:21 | id | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:123:20:123:21 | id | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:123:20:123:21 | id | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:123:20:123:21 | id | calleeImports | mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:123:20:123:21 | id | contextFunctionInterfaces | getQueryConstructor()\ninnocent(X, Y, query) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:123:20:123:21 | id | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:123:20:123:21 | id | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:123:20:123:21 | id | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:123:20:123:21 | id | fileImports | body-parser express mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:123:20:123:21 | id | receiverName | Document | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:123:20:123:21 | id | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:124:28:124:31 | cond | CalleeFlexibleAccessPath | Document.findOneAndDelete | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:124:28:124:31 | cond | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:124:28:124:31 | cond | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:124:28:124:31 | cond | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:124:28:124:31 | cond | calleeImports | mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:124:28:124:31 | cond | contextFunctionInterfaces | getQueryConstructor()\ninnocent(X, Y, query) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:124:28:124:31 | cond | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:124:28:124:31 | cond | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:124:28:124:31 | cond | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:124:28:124:31 | cond | fileImports | body-parser express mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:124:28:124:31 | cond | receiverName | Document | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:124:28:124:31 | cond | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:125:28:125:31 | cond | CalleeFlexibleAccessPath | Document.findOneAndRemove | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:125:28:125:31 | cond | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:125:28:125:31 | cond | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:125:28:125:31 | cond | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:125:28:125:31 | cond | calleeImports | mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:125:28:125:31 | cond | contextFunctionInterfaces | getQueryConstructor()\ninnocent(X, Y, query) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:125:28:125:31 | cond | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:125:28:125:31 | cond | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:125:28:125:31 | cond | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:125:28:125:31 | cond | fileImports | body-parser express mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:125:28:125:31 | cond | receiverName | Document | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:125:28:125:31 | cond | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:126:28:126:31 | cond | CalleeFlexibleAccessPath | Document.findOneAndUpdate | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:126:28:126:31 | cond | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:126:28:126:31 | cond | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:126:28:126:31 | cond | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:126:28:126:31 | cond | calleeImports | mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:126:28:126:31 | cond | contextFunctionInterfaces | getQueryConstructor()\ninnocent(X, Y, query) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:126:28:126:31 | cond | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:126:28:126:31 | cond | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:126:28:126:31 | cond | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:126:28:126:31 | cond | fileImports | body-parser express mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:126:28:126:31 | cond | receiverName | Document | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:126:28:126:31 | cond | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:126:34:126:34 | Y | CalleeFlexibleAccessPath | Document.findOneAndUpdate | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:126:34:126:34 | Y | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:126:34:126:34 | Y | InputArgumentIndex | 1 | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:126:34:126:34 | Y | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:126:34:126:34 | Y | calleeImports | mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:126:34:126:34 | Y | contextFunctionInterfaces | getQueryConstructor()\ninnocent(X, Y, query) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:126:34:126:34 | Y | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:126:34:126:34 | Y | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:126:34:126:34 | Y | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:126:34:126:34 | Y | fileImports | body-parser express mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:126:34:126:34 | Y | receiverName | Document | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:126:34:126:34 | Y | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:127:18:127:21 | cond | CalleeFlexibleAccessPath | Document.update | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:127:18:127:21 | cond | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:127:18:127:21 | cond | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:127:18:127:21 | cond | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:127:18:127:21 | cond | calleeImports | mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:127:18:127:21 | cond | contextFunctionInterfaces | getQueryConstructor()\ninnocent(X, Y, query) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:127:18:127:21 | cond | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:127:18:127:21 | cond | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:127:18:127:21 | cond | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:127:18:127:21 | cond | fileImports | body-parser express mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:127:18:127:21 | cond | receiverName | Document | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:127:18:127:21 | cond | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:127:24:127:24 | Y | CalleeFlexibleAccessPath | Document.update | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:127:24:127:24 | Y | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:127:24:127:24 | Y | InputArgumentIndex | 1 | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:127:24:127:24 | Y | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:127:24:127:24 | Y | calleeImports | mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:127:24:127:24 | Y | contextFunctionInterfaces | getQueryConstructor()\ninnocent(X, Y, query) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:127:24:127:24 | Y | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:127:24:127:24 | Y | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:127:24:127:24 | Y | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:127:24:127:24 | Y | fileImports | body-parser express mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:127:24:127:24 | Y | receiverName | Document | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:127:24:127:24 | Y | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:128:22:128:25 | cond | CalleeFlexibleAccessPath | Document.updateMany | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:128:22:128:25 | cond | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:128:22:128:25 | cond | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:128:22:128:25 | cond | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:128:22:128:25 | cond | calleeImports | mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:128:22:128:25 | cond | contextFunctionInterfaces | getQueryConstructor()\ninnocent(X, Y, query) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:128:22:128:25 | cond | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:128:22:128:25 | cond | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:128:22:128:25 | cond | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:128:22:128:25 | cond | fileImports | body-parser express mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:128:22:128:25 | cond | receiverName | Document | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:128:22:128:25 | cond | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:128:28:128:28 | Y | CalleeFlexibleAccessPath | Document.updateMany | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:128:28:128:28 | Y | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:128:28:128:28 | Y | InputArgumentIndex | 1 | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:128:28:128:28 | Y | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:128:28:128:28 | Y | calleeImports | mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:128:28:128:28 | Y | contextFunctionInterfaces | getQueryConstructor()\ninnocent(X, Y, query) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:128:28:128:28 | Y | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:128:28:128:28 | Y | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:128:28:128:28 | Y | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:128:28:128:28 | Y | fileImports | body-parser express mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:128:28:128:28 | Y | receiverName | Document | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:128:28:128:28 | Y | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:129:21:129:24 | cond | CalleeFlexibleAccessPath | Document.updateOne | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:129:21:129:24 | cond | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:129:21:129:24 | cond | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:129:21:129:24 | cond | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:129:21:129:24 | cond | calleeImports | mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:129:21:129:24 | cond | contextFunctionInterfaces | getQueryConstructor()\ninnocent(X, Y, query) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:129:21:129:24 | cond | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:129:21:129:24 | cond | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:129:21:129:24 | cond | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:129:21:129:24 | cond | fileImports | body-parser express mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:129:21:129:24 | cond | receiverName | Document | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:129:21:129:24 | cond | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:129:27:129:27 | Y | CalleeFlexibleAccessPath | Document.updateOne | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:129:27:129:27 | Y | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:129:27:129:27 | Y | InputArgumentIndex | 1 | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:129:27:129:27 | Y | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:129:27:129:27 | Y | calleeImports | mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:129:27:129:27 | Y | contextFunctionInterfaces | getQueryConstructor()\ninnocent(X, Y, query) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:129:27:129:27 | Y | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:129:27:129:27 | Y | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:129:27:129:27 | Y | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:129:27:129:27 | Y | fileImports | body-parser express mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:129:27:129:27 | Y | receiverName | Document | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:129:27:129:27 | Y | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:130:16:130:26 | { _id: id } | CalleeFlexibleAccessPath | Document.find | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:130:16:130:26 | { _id: id } | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:130:16:130:26 | { _id: id } | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:130:16:130:26 | { _id: id } | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:130:16:130:26 | { _id: id } | calleeImports | mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:130:16:130:26 | { _id: id } | contextFunctionInterfaces | getQueryConstructor()\ninnocent(X, Y, query) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:130:16:130:26 | { _id: id } | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:130:16:130:26 | { _id: id } | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:130:16:130:26 | { _id: id } | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:130:16:130:26 | { _id: id } | fileImports | body-parser express mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:130:16:130:26 | { _id: id } | receiverName | Document | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:130:16:130:26 | { _id: id } | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:130:23:130:24 | id | CalleeFlexibleAccessPath | Document.find | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:130:23:130:24 | id | InputAccessPathFromCallee | 0._id | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:130:23:130:24 | id | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:130:23:130:24 | id | assignedToPropName | _id | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:130:23:130:24 | id | calleeImports | mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:130:23:130:24 | id | contextFunctionInterfaces | getQueryConstructor()\ninnocent(X, Y, query) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:130:23:130:24 | id | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:130:23:130:24 | id | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:130:23:130:24 | id | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:130:23:130:24 | id | fileImports | body-parser express mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:130:23:130:24 | id | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:130:23:130:24 | id | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:131:16:131:35 | { _id: { $eq: id } } | CalleeFlexibleAccessPath | Document.find | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:131:16:131:35 | { _id: { $eq: id } } | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:131:16:131:35 | { _id: { $eq: id } } | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:131:16:131:35 | { _id: { $eq: id } } | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:131:16:131:35 | { _id: { $eq: id } } | calleeImports | mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:131:16:131:35 | { _id: { $eq: id } } | contextFunctionInterfaces | getQueryConstructor()\ninnocent(X, Y, query) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:131:16:131:35 | { _id: { $eq: id } } | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:131:16:131:35 | { _id: { $eq: id } } | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:131:16:131:35 | { _id: { $eq: id } } | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:131:16:131:35 | { _id: { $eq: id } } | fileImports | body-parser express mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:131:16:131:35 | { _id: { $eq: id } } | receiverName | Document | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:131:16:131:35 | { _id: { $eq: id } } | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:131:23:131:33 | { $eq: id } | CalleeFlexibleAccessPath | Document.find | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:131:23:131:33 | { $eq: id } | InputAccessPathFromCallee | 0._id | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:131:23:131:33 | { $eq: id } | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:131:23:131:33 | { $eq: id } | assignedToPropName | _id | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:131:23:131:33 | { $eq: id } | calleeImports | mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:131:23:131:33 | { $eq: id } | contextFunctionInterfaces | getQueryConstructor()\ninnocent(X, Y, query) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:131:23:131:33 | { $eq: id } | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:131:23:131:33 | { $eq: id } | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:131:23:131:33 | { $eq: id } | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:131:23:131:33 | { $eq: id } | fileImports | body-parser express mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:131:23:131:33 | { $eq: id } | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:131:23:131:33 | { $eq: id } | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:131:30:131:31 | id | CalleeFlexibleAccessPath | Document.find | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:131:30:131:31 | id | InputAccessPathFromCallee | 0._id.$eq | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:131:30:131:31 | id | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:131:30:131:31 | id | assignedToPropName | $eq | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:131:30:131:31 | id | calleeImports | mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:131:30:131:31 | id | contextFunctionInterfaces | getQueryConstructor()\ninnocent(X, Y, query) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:131:30:131:31 | id | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:131:30:131:31 | id | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:131:30:131:31 | id | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:131:30:131:31 | id | fileImports | body-parser express mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:131:30:131:31 | id | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:131:30:131:31 | id | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:2:25:2:33 | 'express' | CalleeFlexibleAccessPath | require | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:2:25:2:33 | 'express' | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:2:25:2:33 | 'express' | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:2:25:2:33 | 'express' | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:2:25:2:33 | 'express' | calleeImports | | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:2:25:2:33 | 'express' | contextFunctionInterfaces | | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:2:25:2:33 | 'express' | contextSurroundingFunctionParameters | | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:2:25:2:33 | 'express' | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:2:25:2:33 | 'express' | enclosingFunctionName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:2:25:2:33 | 'express' | fileImports | body-parser express mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:2:25:2:33 | 'express' | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:2:25:2:33 | 'express' | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:3:28:3:40 | 'body-parser' | CalleeFlexibleAccessPath | require | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:3:28:3:40 | 'body-parser' | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:3:28:3:40 | 'body-parser' | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:3:28:3:40 | 'body-parser' | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:3:28:3:40 | 'body-parser' | calleeImports | | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:3:28:3:40 | 'body-parser' | contextFunctionInterfaces | | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:3:28:3:40 | 'body-parser' | contextSurroundingFunctionParameters | | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:3:28:3:40 | 'body-parser' | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:3:28:3:40 | 'body-parser' | enclosingFunctionName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:3:28:3:40 | 'body-parser' | fileImports | body-parser express mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:3:28:3:40 | 'body-parser' | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:3:28:3:40 | 'body-parser' | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:4:26:4:35 | 'mongoose' | CalleeFlexibleAccessPath | require | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:4:26:4:35 | 'mongoose' | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:4:26:4:35 | 'mongoose' | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:4:26:4:35 | 'mongoose' | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:4:26:4:35 | 'mongoose' | calleeImports | | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:4:26:4:35 | 'mongoose' | contextFunctionInterfaces | | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:4:26:4:35 | 'mongoose' | contextSurroundingFunctionParameters | | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:4:26:4:35 | 'mongoose' | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:4:26:4:35 | 'mongoose' | enclosingFunctionName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:4:26:4:35 | 'mongoose' | fileImports | body-parser express mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:4:26:4:35 | 'mongoose' | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:4:26:4:35 | 'mongoose' | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:6:18:6:50 | 'mongod ... table1' | CalleeFlexibleAccessPath | Mongoose.connect | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:6:18:6:50 | 'mongod ... table1' | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:6:18:6:50 | 'mongod ... table1' | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:6:18:6:50 | 'mongod ... table1' | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:6:18:6:50 | 'mongod ... table1' | calleeImports | mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:6:18:6:50 | 'mongod ... table1' | contextFunctionInterfaces | | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:6:18:6:50 | 'mongod ... table1' | contextSurroundingFunctionParameters | | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:6:18:6:50 | 'mongod ... table1' | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:6:18:6:50 | 'mongod ... table1' | enclosingFunctionName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:6:18:6:50 | 'mongod ... table1' | fileImports | body-parser express mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:6:18:6:50 | 'mongod ... table1' | receiverName | Mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:6:18:6:50 | 'mongod ... table1' | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:10:33:10:42 | 'Document' | CalleeFlexibleAccessPath | Mongoose.model | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:10:33:10:42 | 'Document' | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:10:33:10:42 | 'Document' | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:10:33:10:42 | 'Document' | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:10:33:10:42 | 'Document' | calleeImports | mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:10:33:10:42 | 'Document' | contextFunctionInterfaces | | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:10:33:10:42 | 'Document' | contextSurroundingFunctionParameters | | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:10:33:10:42 | 'Document' | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:10:33:10:42 | 'Document' | enclosingFunctionName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:10:33:10:42 | 'Document' | fileImports | body-parser express mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:10:33:10:42 | 'Document' | receiverName | Mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:10:33:10:42 | 'Document' | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:10:45:16:1 | {\\n t ... tring\\n} | CalleeFlexibleAccessPath | Mongoose.model | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:10:45:16:1 | {\\n t ... tring\\n} | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:10:45:16:1 | {\\n t ... tring\\n} | InputArgumentIndex | 1 | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:10:45:16:1 | {\\n t ... tring\\n} | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:10:45:16:1 | {\\n t ... tring\\n} | calleeImports | mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:10:45:16:1 | {\\n t ... tring\\n} | contextFunctionInterfaces | | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:10:45:16:1 | {\\n t ... tring\\n} | contextSurroundingFunctionParameters | | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:10:45:16:1 | {\\n t ... tring\\n} | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:10:45:16:1 | {\\n t ... tring\\n} | enclosingFunctionName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:10:45:16:1 | {\\n t ... tring\\n} | fileImports | body-parser express mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:10:45:16:1 | {\\n t ... tring\\n} | receiverName | Mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:10:45:16:1 | {\\n t ... tring\\n} | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:11:12:14:5 | {\\n ... e\\n } | CalleeFlexibleAccessPath | Mongoose.model | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:11:12:14:5 | {\\n ... e\\n } | InputAccessPathFromCallee | 1.title | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:11:12:14:5 | {\\n ... e\\n } | InputArgumentIndex | 1 | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:11:12:14:5 | {\\n ... e\\n } | assignedToPropName | title | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:11:12:14:5 | {\\n ... e\\n } | calleeImports | mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:11:12:14:5 | {\\n ... e\\n } | contextFunctionInterfaces | | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:11:12:14:5 | {\\n ... e\\n } | contextSurroundingFunctionParameters | | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:11:12:14:5 | {\\n ... e\\n } | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:11:12:14:5 | {\\n ... e\\n } | enclosingFunctionName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:11:12:14:5 | {\\n ... e\\n } | fileImports | body-parser express mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:11:12:14:5 | {\\n ... e\\n } | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:11:12:14:5 | {\\n ... e\\n } | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:12:15:12:20 | String | CalleeFlexibleAccessPath | Mongoose.model | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:12:15:12:20 | String | InputAccessPathFromCallee | 1.title.type | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:12:15:12:20 | String | InputArgumentIndex | 1 | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:12:15:12:20 | String | assignedToPropName | type | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:12:15:12:20 | String | calleeImports | mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:12:15:12:20 | String | contextFunctionInterfaces | | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:12:15:12:20 | String | contextSurroundingFunctionParameters | | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:12:15:12:20 | String | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:12:15:12:20 | String | enclosingFunctionName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:12:15:12:20 | String | fileImports | body-parser express mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:12:15:12:20 | String | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:12:15:12:20 | String | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:13:17:13:20 | true | CalleeFlexibleAccessPath | Mongoose.model | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:13:17:13:20 | true | InputAccessPathFromCallee | 1.title.unique | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:13:17:13:20 | true | InputArgumentIndex | 1 | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:13:17:13:20 | true | assignedToPropName | unique | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:13:17:13:20 | true | calleeImports | mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:13:17:13:20 | true | contextFunctionInterfaces | | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:13:17:13:20 | true | contextSurroundingFunctionParameters | | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:13:17:13:20 | true | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:13:17:13:20 | true | enclosingFunctionName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:13:17:13:20 | true | fileImports | body-parser express mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:13:17:13:20 | true | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:13:17:13:20 | true | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:15:11:15:16 | String | CalleeFlexibleAccessPath | Mongoose.model | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:15:11:15:16 | String | InputAccessPathFromCallee | 1.type | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:15:11:15:16 | String | InputArgumentIndex | 1 | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:15:11:15:16 | String | assignedToPropName | type | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:15:11:15:16 | String | calleeImports | mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:15:11:15:16 | String | contextFunctionInterfaces | | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:15:11:15:16 | String | contextSurroundingFunctionParameters | | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:15:11:15:16 | String | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:15:11:15:16 | String | enclosingFunctionName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:15:11:15:16 | String | fileImports | body-parser express mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:15:11:15:16 | String | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:15:11:15:16 | String | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:18:9:18:25 | '/documents/find' | CalleeFlexibleAccessPath | app.get | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:18:9:18:25 | '/documents/find' | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:18:9:18:25 | '/documents/find' | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:18:9:18:25 | '/documents/find' | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:18:9:18:25 | '/documents/find' | calleeImports | express | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:18:9:18:25 | '/documents/find' | contextFunctionInterfaces | | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:18:9:18:25 | '/documents/find' | contextSurroundingFunctionParameters | | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:18:9:18:25 | '/documents/find' | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:18:9:18:25 | '/documents/find' | enclosingFunctionName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:18:9:18:25 | '/documents/find' | fileImports | body-parser express mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:18:9:18:25 | '/documents/find' | receiverName | app | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:18:9:18:25 | '/documents/find' | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:18:28:24:1 | (req, r ... ery);\\n} | CalleeFlexibleAccessPath | app.get | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:18:28:24:1 | (req, r ... ery);\\n} | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:18:28:24:1 | (req, r ... ery);\\n} | InputArgumentIndex | 1 | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:18:28:24:1 | (req, r ... ery);\\n} | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:18:28:24:1 | (req, r ... ery);\\n} | calleeImports | express | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:18:28:24:1 | (req, r ... ery);\\n} | contextFunctionInterfaces | | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:18:28:24:1 | (req, r ... ery);\\n} | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:18:28:24:1 | (req, r ... ery);\\n} | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:18:28:24:1 | (req, r ... ery);\\n} | enclosingFunctionName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:18:28:24:1 | (req, r ... ery);\\n} | fileImports | body-parser express mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:18:28:24:1 | (req, r ... ery);\\n} | receiverName | app | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:18:28:24:1 | (req, r ... ery);\\n} | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:19:19:19:20 | {} | CalleeFlexibleAccessPath | | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:19:19:19:20 | {} | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:19:19:19:20 | {} | InputArgumentIndex | | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:19:19:19:20 | {} | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:19:19:19:20 | {} | calleeImports | | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:19:19:19:20 | {} | contextFunctionInterfaces | | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:19:19:19:20 | {} | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:19:19:19:20 | {} | enclosingFunctionBody | req res query query title JSON parse req query data title Document find query | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:19:19:19:20 | {} | enclosingFunctionName | app.get#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:19:19:19:20 | {} | fileImports | body-parser express mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:19:19:19:20 | {} | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:19:19:19:20 | {} | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:23:19:23:23 | query | CalleeFlexibleAccessPath | Document.find | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:23:19:23:23 | query | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:23:19:23:23 | query | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:23:19:23:23 | query | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:23:19:23:23 | query | calleeImports | mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:23:19:23:23 | query | contextFunctionInterfaces | | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:23:19:23:23 | query | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:23:19:23:23 | query | enclosingFunctionBody | req res query query title JSON parse req query data title Document find query | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:23:19:23:23 | query | enclosingFunctionName | app.get#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:23:19:23:23 | query | fileImports | body-parser express mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:23:19:23:23 | query | receiverName | Document | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:23:19:23:23 | query | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModel.js:3:39:3:47 | 'MyModel' | CalleeFlexibleAccessPath | mongoose.model | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModel.js:3:39:3:47 | 'MyModel' | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModel.js:3:39:3:47 | 'MyModel' | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModel.js:3:39:3:47 | 'MyModel' | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModel.js:3:39:3:47 | 'MyModel' | calleeImports | mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModel.js:3:39:3:47 | 'MyModel' | contextFunctionInterfaces | | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModel.js:3:39:3:47 | 'MyModel' | contextSurroundingFunctionParameters | | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModel.js:3:39:3:47 | 'MyModel' | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModel.js:3:39:3:47 | 'MyModel' | enclosingFunctionName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModel.js:3:39:3:47 | 'MyModel' | fileImports | mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModel.js:3:39:3:47 | 'MyModel' | receiverName | mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModel.js:3:39:3:47 | 'MyModel' | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModel.js:3:50:3:60 | getSchema() | CalleeFlexibleAccessPath | mongoose.model | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModel.js:3:50:3:60 | getSchema() | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModel.js:3:50:3:60 | getSchema() | InputArgumentIndex | 1 | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModel.js:3:50:3:60 | getSchema() | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModel.js:3:50:3:60 | getSchema() | calleeImports | mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModel.js:3:50:3:60 | getSchema() | contextFunctionInterfaces | | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModel.js:3:50:3:60 | getSchema() | contextSurroundingFunctionParameters | | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModel.js:3:50:3:60 | getSchema() | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModel.js:3:50:3:60 | getSchema() | enclosingFunctionName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModel.js:3:50:3:60 | getSchema() | fileImports | mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModel.js:3:50:3:60 | getSchema() | receiverName | mongoose | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModel.js:3:50:3:60 | getSchema() | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:7:9:7:25 | bodyParser.json() | CalleeFlexibleAccessPath | app.use | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:7:9:7:25 | bodyParser.json() | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:7:9:7:25 | bodyParser.json() | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:7:9:7:25 | bodyParser.json() | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:7:9:7:25 | bodyParser.json() | calleeImports | express | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:7:9:7:25 | bodyParser.json() | contextFunctionInterfaces | | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:7:9:7:25 | bodyParser.json() | contextSurroundingFunctionParameters | | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:7:9:7:25 | bodyParser.json() | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:7:9:7:25 | bodyParser.json() | enclosingFunctionName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:7:9:7:25 | bodyParser.json() | fileImports | ./mongooseModel body-parser express | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:7:9:7:25 | bodyParser.json() | receiverName | app | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:7:9:7:25 | bodyParser.json() | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:9:10:9:16 | '/find' | CalleeFlexibleAccessPath | app.post | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:9:10:9:16 | '/find' | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:9:10:9:16 | '/find' | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:9:10:9:16 | '/find' | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:9:10:9:16 | '/find' | calleeImports | express | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:9:10:9:16 | '/find' | contextFunctionInterfaces | | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:9:10:9:16 | '/find' | contextSurroundingFunctionParameters | | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:9:10:9:16 | '/find' | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:9:10:9:16 | '/find' | enclosingFunctionName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:9:10:9:16 | '/find' | fileImports | ./mongooseModel body-parser express | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:9:10:9:16 | '/find' | receiverName | app | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:9:10:9:16 | '/find' | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:9:19:14:1 | (req, r ... // OK\\n} | CalleeFlexibleAccessPath | app.post | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:9:19:14:1 | (req, r ... // OK\\n} | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:9:19:14:1 | (req, r ... // OK\\n} | InputArgumentIndex | 1 | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:9:19:14:1 | (req, r ... // OK\\n} | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:9:19:14:1 | (req, r ... // OK\\n} | calleeImports | express | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:9:19:14:1 | (req, r ... // OK\\n} | contextFunctionInterfaces | | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:9:19:14:1 | (req, r ... // OK\\n} | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:9:19:14:1 | (req, r ... // OK\\n} | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:9:19:14:1 | (req, r ... // OK\\n} | enclosingFunctionName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:9:19:14:1 | (req, r ... // OK\\n} | fileImports | ./mongooseModel body-parser express | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:9:19:14:1 | (req, r ... // OK\\n} | receiverName | app | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:9:19:14:1 | (req, r ... // OK\\n} | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:11:16:11:24 | { id: v } | CalleeFlexibleAccessPath | MyModel.find | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:11:16:11:24 | { id: v } | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:11:16:11:24 | { id: v } | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:11:16:11:24 | { id: v } | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:11:16:11:24 | { id: v } | calleeImports | ./mongooseModel | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:11:16:11:24 | { id: v } | contextFunctionInterfaces | | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:11:16:11:24 | { id: v } | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:11:16:11:24 | { id: v } | enclosingFunctionBody | req res v JSON parse req body x MyModel find id v MyModel find id req body id MyModel find id req body id | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:11:16:11:24 | { id: v } | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:11:16:11:24 | { id: v } | fileImports | ./mongooseModel body-parser express | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:11:16:11:24 | { id: v } | receiverName | MyModel | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:11:16:11:24 | { id: v } | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:11:22:11:22 | v | CalleeFlexibleAccessPath | MyModel.find | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:11:22:11:22 | v | InputAccessPathFromCallee | 0.id | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:11:22:11:22 | v | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:11:22:11:22 | v | assignedToPropName | id | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:11:22:11:22 | v | calleeImports | ./mongooseModel | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:11:22:11:22 | v | contextFunctionInterfaces | | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:11:22:11:22 | v | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:11:22:11:22 | v | enclosingFunctionBody | req res v JSON parse req body x MyModel find id v MyModel find id req body id MyModel find id req body id | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:11:22:11:22 | v | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:11:22:11:22 | v | fileImports | ./mongooseModel body-parser express | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:11:22:11:22 | v | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:11:22:11:22 | v | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:12:16:12:34 | { id: req.body.id } | CalleeFlexibleAccessPath | MyModel.find | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:12:16:12:34 | { id: req.body.id } | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:12:16:12:34 | { id: req.body.id } | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:12:16:12:34 | { id: req.body.id } | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:12:16:12:34 | { id: req.body.id } | calleeImports | ./mongooseModel | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:12:16:12:34 | { id: req.body.id } | contextFunctionInterfaces | | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:12:16:12:34 | { id: req.body.id } | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:12:16:12:34 | { id: req.body.id } | enclosingFunctionBody | req res v JSON parse req body x MyModel find id v MyModel find id req body id MyModel find id req body id | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:12:16:12:34 | { id: req.body.id } | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:12:16:12:34 | { id: req.body.id } | fileImports | ./mongooseModel body-parser express | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:12:16:12:34 | { id: req.body.id } | receiverName | MyModel | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:12:16:12:34 | { id: req.body.id } | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:12:22:12:32 | req.body.id | CalleeFlexibleAccessPath | MyModel.find | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:12:22:12:32 | req.body.id | InputAccessPathFromCallee | 0.id | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:12:22:12:32 | req.body.id | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:12:22:12:32 | req.body.id | assignedToPropName | id | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:12:22:12:32 | req.body.id | calleeImports | ./mongooseModel | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:12:22:12:32 | req.body.id | contextFunctionInterfaces | | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:12:22:12:32 | req.body.id | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:12:22:12:32 | req.body.id | enclosingFunctionBody | req res v JSON parse req body x MyModel find id v MyModel find id req body id MyModel find id req body id | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:12:22:12:32 | req.body.id | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:12:22:12:32 | req.body.id | fileImports | ./mongooseModel body-parser express | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:12:22:12:32 | req.body.id | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:12:22:12:32 | req.body.id | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:13:16:13:39 | { id: ` ... .id}` } | CalleeFlexibleAccessPath | MyModel.find | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:13:16:13:39 | { id: ` ... .id}` } | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:13:16:13:39 | { id: ` ... .id}` } | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:13:16:13:39 | { id: ` ... .id}` } | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:13:16:13:39 | { id: ` ... .id}` } | calleeImports | ./mongooseModel | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:13:16:13:39 | { id: ` ... .id}` } | contextFunctionInterfaces | | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:13:16:13:39 | { id: ` ... .id}` } | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:13:16:13:39 | { id: ` ... .id}` } | enclosingFunctionBody | req res v JSON parse req body x MyModel find id v MyModel find id req body id MyModel find id req body id | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:13:16:13:39 | { id: ` ... .id}` } | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:13:16:13:39 | { id: ` ... .id}` } | fileImports | ./mongooseModel body-parser express | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:13:16:13:39 | { id: ` ... .id}` } | receiverName | MyModel | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:13:16:13:39 | { id: ` ... .id}` } | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:13:22:13:37 | `${req.body.id}` | CalleeFlexibleAccessPath | MyModel.find | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:13:22:13:37 | `${req.body.id}` | InputAccessPathFromCallee | 0.id | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:13:22:13:37 | `${req.body.id}` | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:13:22:13:37 | `${req.body.id}` | assignedToPropName | id | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:13:22:13:37 | `${req.body.id}` | calleeImports | ./mongooseModel | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:13:22:13:37 | `${req.body.id}` | contextFunctionInterfaces | | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:13:22:13:37 | `${req.body.id}` | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:13:22:13:37 | `${req.body.id}` | enclosingFunctionBody | req res v JSON parse req body x MyModel find id v MyModel find id req body id MyModel find id req body id | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:13:22:13:37 | `${req.body.id}` | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:13:22:13:37 | `${req.body.id}` | fileImports | ./mongooseModel body-parser express | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:13:22:13:37 | `${req.body.id}` | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:13:22:13:37 | `${req.body.id}` | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise-types.ts:8:17:8:21 | taint | CalleeFlexibleAccessPath | this.db.one | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise-types.ts:8:17:8:21 | taint | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise-types.ts:8:17:8:21 | taint | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise-types.ts:8:17:8:21 | taint | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise-types.ts:8:17:8:21 | taint | calleeImports | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise-types.ts:8:17:8:21 | taint | contextFunctionInterfaces | constructor()\nonRequest(req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise-types.ts:8:17:8:21 | taint | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise-types.ts:8:17:8:21 | taint | enclosingFunctionBody | req res taint req params x db one taint res end | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise-types.ts:8:17:8:21 | taint | enclosingFunctionName | onRequest | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise-types.ts:8:17:8:21 | taint | fileImports | express pg-promise | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise-types.ts:8:17:8:21 | taint | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise-types.ts:8:17:8:21 | taint | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise-types.ts:13:9:13:17 | 'express' | CalleeFlexibleAccessPath | require | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise-types.ts:13:9:13:17 | 'express' | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise-types.ts:13:9:13:17 | 'express' | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise-types.ts:13:9:13:17 | 'express' | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise-types.ts:13:9:13:17 | 'express' | calleeImports | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise-types.ts:13:9:13:17 | 'express' | contextFunctionInterfaces | constructor()\nonRequest(req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise-types.ts:13:9:13:17 | 'express' | contextSurroundingFunctionParameters | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise-types.ts:13:9:13:17 | 'express' | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise-types.ts:13:9:13:17 | 'express' | enclosingFunctionName | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise-types.ts:13:9:13:17 | 'express' | fileImports | express pg-promise | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise-types.ts:13:9:13:17 | 'express' | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise-types.ts:13:9:13:17 | 'express' | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise-types.ts:13:26:13:31 | '/foo' | CalleeFlexibleAccessPath | import(!)().get | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise-types.ts:13:26:13:31 | '/foo' | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise-types.ts:13:26:13:31 | '/foo' | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise-types.ts:13:26:13:31 | '/foo' | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise-types.ts:13:26:13:31 | '/foo' | calleeImports | express | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise-types.ts:13:26:13:31 | '/foo' | contextFunctionInterfaces | constructor()\nonRequest(req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise-types.ts:13:26:13:31 | '/foo' | contextSurroundingFunctionParameters | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise-types.ts:13:26:13:31 | '/foo' | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise-types.ts:13:26:13:31 | '/foo' | enclosingFunctionName | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise-types.ts:13:26:13:31 | '/foo' | fileImports | express pg-promise | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise-types.ts:13:26:13:31 | '/foo' | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise-types.ts:13:26:13:31 | '/foo' | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise-types.ts:13:34:13:76 | (req, r ... q, res) | CalleeFlexibleAccessPath | import(!)().get | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise-types.ts:13:34:13:76 | (req, r ... q, res) | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise-types.ts:13:34:13:76 | (req, r ... q, res) | InputArgumentIndex | 1 | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise-types.ts:13:34:13:76 | (req, r ... q, res) | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise-types.ts:13:34:13:76 | (req, r ... q, res) | calleeImports | express | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise-types.ts:13:34:13:76 | (req, r ... q, res) | contextFunctionInterfaces | constructor()\nonRequest(req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise-types.ts:13:34:13:76 | (req, r ... q, res) | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise-types.ts:13:34:13:76 | (req, r ... q, res) | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise-types.ts:13:34:13:76 | (req, r ... q, res) | enclosingFunctionName | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise-types.ts:13:34:13:76 | (req, r ... q, res) | fileImports | express pg-promise | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise-types.ts:13:34:13:76 | (req, r ... q, res) | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise-types.ts:13:34:13:76 | (req, r ... q, res) | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:1:21:1:32 | 'pg-promise' | CalleeFlexibleAccessPath | require | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:1:21:1:32 | 'pg-promise' | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:1:21:1:32 | 'pg-promise' | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:1:21:1:32 | 'pg-promise' | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:1:21:1:32 | 'pg-promise' | calleeImports | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:1:21:1:32 | 'pg-promise' | contextFunctionInterfaces | cnd(t) | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:1:21:1:32 | 'pg-promise' | contextSurroundingFunctionParameters | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:1:21:1:32 | 'pg-promise' | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:1:21:1:32 | 'pg-promise' | enclosingFunctionName | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:1:21:1:32 | 'pg-promise' | fileImports | express pg-promise | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:1:21:1:32 | 'pg-promise' | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:1:21:1:32 | 'pg-promise' | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:3:9:3:17 | 'express' | CalleeFlexibleAccessPath | require | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:3:9:3:17 | 'express' | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:3:9:3:17 | 'express' | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:3:9:3:17 | 'express' | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:3:9:3:17 | 'express' | calleeImports | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:3:9:3:17 | 'express' | contextFunctionInterfaces | cnd(t) | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:3:9:3:17 | 'express' | contextSurroundingFunctionParameters | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:3:9:3:17 | 'express' | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:3:9:3:17 | 'express' | enclosingFunctionName | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:3:9:3:17 | 'express' | fileImports | express pg-promise | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:3:9:3:17 | 'express' | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:3:9:3:17 | 'express' | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:3:26:3:31 | '/foo' | CalleeFlexibleAccessPath | import(!)().get | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:3:26:3:31 | '/foo' | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:3:26:3:31 | '/foo' | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:3:26:3:31 | '/foo' | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:3:26:3:31 | '/foo' | calleeImports | express | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:3:26:3:31 | '/foo' | contextFunctionInterfaces | cnd(t) | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:3:26:3:31 | '/foo' | contextSurroundingFunctionParameters | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:3:26:3:31 | '/foo' | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:3:26:3:31 | '/foo' | enclosingFunctionName | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:3:26:3:31 | '/foo' | fileImports | express pg-promise | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:3:26:3:31 | '/foo' | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:3:26:3:31 | '/foo' | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:3:34:66:1 | (req, r ... \\n );\\n} | CalleeFlexibleAccessPath | import(!)().get | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:3:34:66:1 | (req, r ... \\n );\\n} | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:3:34:66:1 | (req, r ... \\n );\\n} | InputArgumentIndex | 1 | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:3:34:66:1 | (req, r ... \\n );\\n} | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:3:34:66:1 | (req, r ... \\n );\\n} | calleeImports | express | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:3:34:66:1 | (req, r ... \\n );\\n} | contextFunctionInterfaces | cnd(t) | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:3:34:66:1 | (req, r ... \\n );\\n} | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:3:34:66:1 | (req, r ... \\n );\\n} | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:3:34:66:1 | (req, r ... \\n );\\n} | enclosingFunctionName | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:3:34:66:1 | (req, r ... \\n );\\n} | fileImports | express pg-promise | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:3:34:66:1 | (req, r ... \\n );\\n} | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:3:34:66:1 | (req, r ... \\n );\\n} | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:4:18:4:52 | process ... TRING'] | CalleeFlexibleAccessPath | pgp | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:4:18:4:52 | process ... TRING'] | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:4:18:4:52 | process ... TRING'] | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:4:18:4:52 | process ... TRING'] | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:4:18:4:52 | process ... TRING'] | calleeImports | pg-promise | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:4:18:4:52 | process ... TRING'] | contextFunctionInterfaces | cnd(t) | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:4:18:4:52 | process ... TRING'] | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:4:18:4:52 | process ... TRING'] | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db task cnd t t one query t t one query | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:4:18:4:52 | process ... TRING'] | enclosingFunctionName | get#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:4:18:4:52 | process ... TRING'] | fileImports | express pg-promise | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:4:18:4:52 | process ... TRING'] | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:4:18:4:52 | process ... TRING'] | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:6:15:7:34 | "SELECT ... ategory | CalleeFlexibleAccessPath | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:6:15:7:34 | "SELECT ... ategory | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:6:15:7:34 | "SELECT ... ategory | InputArgumentIndex | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:6:15:7:34 | "SELECT ... ategory | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:6:15:7:34 | "SELECT ... ategory | calleeImports | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:6:15:7:34 | "SELECT ... ategory | contextFunctionInterfaces | cnd(t) | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:6:15:7:34 | "SELECT ... ategory | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:6:15:7:34 | "SELECT ... ategory | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db task cnd t t one query t t one query | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:6:15:7:34 | "SELECT ... ategory | enclosingFunctionName | get#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:6:15:7:34 | "SELECT ... ategory | fileImports | express pg-promise | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:6:15:7:34 | "SELECT ... ategory | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:6:15:7:34 | "SELECT ... ategory | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:6:15:7:55 | "SELECT ... PRICE" | CalleeFlexibleAccessPath | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:6:15:7:55 | "SELECT ... PRICE" | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:6:15:7:55 | "SELECT ... PRICE" | InputArgumentIndex | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:6:15:7:55 | "SELECT ... PRICE" | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:6:15:7:55 | "SELECT ... PRICE" | calleeImports | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:6:15:7:55 | "SELECT ... PRICE" | contextFunctionInterfaces | cnd(t) | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:6:15:7:55 | "SELECT ... PRICE" | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:6:15:7:55 | "SELECT ... PRICE" | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db task cnd t t one query t t one query | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:6:15:7:55 | "SELECT ... PRICE" | enclosingFunctionName | get#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:6:15:7:55 | "SELECT ... PRICE" | fileImports | express pg-promise | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:6:15:7:55 | "SELECT ... PRICE" | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:6:15:7:55 | "SELECT ... PRICE" | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:9:10:9:14 | query | CalleeFlexibleAccessPath | db.any | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:9:10:9:14 | query | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:9:10:9:14 | query | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:9:10:9:14 | query | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:9:10:9:14 | query | calleeImports | pg-promise | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:9:10:9:14 | query | contextFunctionInterfaces | cnd(t) | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:9:10:9:14 | query | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:9:10:9:14 | query | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db task cnd t t one query t t one query | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:9:10:9:14 | query | enclosingFunctionName | get#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:9:10:9:14 | query | fileImports | express pg-promise | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:9:10:9:14 | query | receiverName | db | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:9:10:9:14 | query | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:10:11:10:15 | query | CalleeFlexibleAccessPath | db.many | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:10:11:10:15 | query | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:10:11:10:15 | query | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:10:11:10:15 | query | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:10:11:10:15 | query | calleeImports | pg-promise | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:10:11:10:15 | query | contextFunctionInterfaces | cnd(t) | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:10:11:10:15 | query | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:10:11:10:15 | query | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db task cnd t t one query t t one query | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:10:11:10:15 | query | enclosingFunctionName | get#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:10:11:10:15 | query | fileImports | express pg-promise | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:10:11:10:15 | query | receiverName | db | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:10:11:10:15 | query | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:11:17:11:21 | query | CalleeFlexibleAccessPath | db.manyOrNone | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:11:17:11:21 | query | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:11:17:11:21 | query | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:11:17:11:21 | query | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:11:17:11:21 | query | calleeImports | pg-promise | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:11:17:11:21 | query | contextFunctionInterfaces | cnd(t) | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:11:17:11:21 | query | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:11:17:11:21 | query | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db task cnd t t one query t t one query | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:11:17:11:21 | query | enclosingFunctionName | get#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:11:17:11:21 | query | fileImports | express pg-promise | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:11:17:11:21 | query | receiverName | db | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:11:17:11:21 | query | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:12:10:12:14 | query | CalleeFlexibleAccessPath | db.map | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:12:10:12:14 | query | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:12:10:12:14 | query | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:12:10:12:14 | query | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:12:10:12:14 | query | calleeImports | pg-promise | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:12:10:12:14 | query | contextFunctionInterfaces | cnd(t) | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:12:10:12:14 | query | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:12:10:12:14 | query | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db task cnd t t one query t t one query | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:12:10:12:14 | query | enclosingFunctionName | get#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:12:10:12:14 | query | fileImports | express pg-promise | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:12:10:12:14 | query | receiverName | db | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:12:10:12:14 | query | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:13:12:13:16 | query | CalleeFlexibleAccessPath | db.multi | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:13:12:13:16 | query | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:13:12:13:16 | query | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:13:12:13:16 | query | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:13:12:13:16 | query | calleeImports | pg-promise | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:13:12:13:16 | query | contextFunctionInterfaces | cnd(t) | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:13:12:13:16 | query | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:13:12:13:16 | query | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db task cnd t t one query t t one query | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:13:12:13:16 | query | enclosingFunctionName | get#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:13:12:13:16 | query | fileImports | express pg-promise | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:13:12:13:16 | query | receiverName | db | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:13:12:13:16 | query | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:14:18:14:22 | query | CalleeFlexibleAccessPath | db.multiResult | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:14:18:14:22 | query | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:14:18:14:22 | query | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:14:18:14:22 | query | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:14:18:14:22 | query | calleeImports | pg-promise | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:14:18:14:22 | query | contextFunctionInterfaces | cnd(t) | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:14:18:14:22 | query | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:14:18:14:22 | query | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db task cnd t t one query t t one query | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:14:18:14:22 | query | enclosingFunctionName | get#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:14:18:14:22 | query | fileImports | express pg-promise | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:14:18:14:22 | query | receiverName | db | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:14:18:14:22 | query | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:15:11:15:15 | query | CalleeFlexibleAccessPath | db.none | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:15:11:15:15 | query | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:15:11:15:15 | query | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:15:11:15:15 | query | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:15:11:15:15 | query | calleeImports | pg-promise | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:15:11:15:15 | query | contextFunctionInterfaces | cnd(t) | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:15:11:15:15 | query | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:15:11:15:15 | query | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db task cnd t t one query t t one query | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:15:11:15:15 | query | enclosingFunctionName | get#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:15:11:15:15 | query | fileImports | express pg-promise | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:15:11:15:15 | query | receiverName | db | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:15:11:15:15 | query | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:16:10:16:14 | query | CalleeFlexibleAccessPath | db.one | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:16:10:16:14 | query | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:16:10:16:14 | query | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:16:10:16:14 | query | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:16:10:16:14 | query | calleeImports | pg-promise | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:16:10:16:14 | query | contextFunctionInterfaces | cnd(t) | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:16:10:16:14 | query | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:16:10:16:14 | query | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db task cnd t t one query t t one query | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:16:10:16:14 | query | enclosingFunctionName | get#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:16:10:16:14 | query | fileImports | express pg-promise | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:16:10:16:14 | query | receiverName | db | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:16:10:16:14 | query | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:17:16:17:20 | query | CalleeFlexibleAccessPath | db.oneOrNone | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:17:16:17:20 | query | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:17:16:17:20 | query | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:17:16:17:20 | query | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:17:16:17:20 | query | calleeImports | pg-promise | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:17:16:17:20 | query | contextFunctionInterfaces | cnd(t) | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:17:16:17:20 | query | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:17:16:17:20 | query | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db task cnd t t one query t t one query | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:17:16:17:20 | query | enclosingFunctionName | get#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:17:16:17:20 | query | fileImports | express pg-promise | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:17:16:17:20 | query | receiverName | db | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:17:16:17:20 | query | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:18:12:18:16 | query | CalleeFlexibleAccessPath | db.query | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:18:12:18:16 | query | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:18:12:18:16 | query | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:18:12:18:16 | query | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:18:12:18:16 | query | calleeImports | pg-promise | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:18:12:18:16 | query | contextFunctionInterfaces | cnd(t) | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:18:12:18:16 | query | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:18:12:18:16 | query | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db task cnd t t one query t t one query | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:18:12:18:16 | query | enclosingFunctionName | get#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:18:12:18:16 | query | fileImports | express pg-promise | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:18:12:18:16 | query | receiverName | db | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:18:12:18:16 | query | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:19:13:19:17 | query | CalleeFlexibleAccessPath | db.result | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:19:13:19:17 | query | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:19:13:19:17 | query | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:19:13:19:17 | query | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:19:13:19:17 | query | calleeImports | pg-promise | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:19:13:19:17 | query | contextFunctionInterfaces | cnd(t) | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:19:13:19:17 | query | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:19:13:19:17 | query | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db task cnd t t one query t t one query | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:19:13:19:17 | query | enclosingFunctionName | get#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:19:13:19:17 | query | fileImports | express pg-promise | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:19:13:19:17 | query | receiverName | db | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:19:13:19:17 | query | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:21:10:23:3 | {\\n t ... OK\\n } | CalleeFlexibleAccessPath | db.one | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:21:10:23:3 | {\\n t ... OK\\n } | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:21:10:23:3 | {\\n t ... OK\\n } | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:21:10:23:3 | {\\n t ... OK\\n } | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:21:10:23:3 | {\\n t ... OK\\n } | calleeImports | pg-promise | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:21:10:23:3 | {\\n t ... OK\\n } | contextFunctionInterfaces | cnd(t) | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:21:10:23:3 | {\\n t ... OK\\n } | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:21:10:23:3 | {\\n t ... OK\\n } | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db task cnd t t one query t t one query | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:21:10:23:3 | {\\n t ... OK\\n } | enclosingFunctionName | get#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:21:10:23:3 | {\\n t ... OK\\n } | fileImports | express pg-promise | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:21:10:23:3 | {\\n t ... OK\\n } | receiverName | db | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:21:10:23:3 | {\\n t ... OK\\n } | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:22:11:22:15 | query | CalleeFlexibleAccessPath | db.one | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:22:11:22:15 | query | InputAccessPathFromCallee | 0.text | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:22:11:22:15 | query | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:22:11:22:15 | query | assignedToPropName | text | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:22:11:22:15 | query | calleeImports | pg-promise | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:22:11:22:15 | query | contextFunctionInterfaces | cnd(t) | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:22:11:22:15 | query | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:22:11:22:15 | query | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db task cnd t t one query t t one query | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:22:11:22:15 | query | enclosingFunctionName | get#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:22:11:22:15 | query | fileImports | express pg-promise | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:22:11:22:15 | query | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:22:11:22:15 | query | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:24:10:27:3 | {\\n t ... OK\\n } | CalleeFlexibleAccessPath | db.one | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:24:10:27:3 | {\\n t ... OK\\n } | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:24:10:27:3 | {\\n t ... OK\\n } | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:24:10:27:3 | {\\n t ... OK\\n } | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:24:10:27:3 | {\\n t ... OK\\n } | calleeImports | pg-promise | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:24:10:27:3 | {\\n t ... OK\\n } | contextFunctionInterfaces | cnd(t) | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:24:10:27:3 | {\\n t ... OK\\n } | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:24:10:27:3 | {\\n t ... OK\\n } | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db task cnd t t one query t t one query | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:24:10:27:3 | {\\n t ... OK\\n } | enclosingFunctionName | get#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:24:10:27:3 | {\\n t ... OK\\n } | fileImports | express pg-promise | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:24:10:27:3 | {\\n t ... OK\\n } | receiverName | db | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:24:10:27:3 | {\\n t ... OK\\n } | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:25:11:25:44 | 'SELECT ... d = $1' | CalleeFlexibleAccessPath | db.one | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:25:11:25:44 | 'SELECT ... d = $1' | InputAccessPathFromCallee | 0.text | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:25:11:25:44 | 'SELECT ... d = $1' | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:25:11:25:44 | 'SELECT ... d = $1' | assignedToPropName | text | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:25:11:25:44 | 'SELECT ... d = $1' | calleeImports | pg-promise | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:25:11:25:44 | 'SELECT ... d = $1' | contextFunctionInterfaces | cnd(t) | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:25:11:25:44 | 'SELECT ... d = $1' | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:25:11:25:44 | 'SELECT ... d = $1' | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db task cnd t t one query t t one query | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:25:11:25:44 | 'SELECT ... d = $1' | enclosingFunctionName | get#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:25:11:25:44 | 'SELECT ... d = $1' | fileImports | express pg-promise | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:25:11:25:44 | 'SELECT ... d = $1' | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:25:11:25:44 | 'SELECT ... d = $1' | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:26:13:26:25 | req.params.id | CalleeFlexibleAccessPath | db.one | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:26:13:26:25 | req.params.id | InputAccessPathFromCallee | 0.values | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:26:13:26:25 | req.params.id | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:26:13:26:25 | req.params.id | assignedToPropName | values | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:26:13:26:25 | req.params.id | calleeImports | pg-promise | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:26:13:26:25 | req.params.id | contextFunctionInterfaces | cnd(t) | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:26:13:26:25 | req.params.id | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:26:13:26:25 | req.params.id | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db task cnd t t one query t t one query | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:26:13:26:25 | req.params.id | enclosingFunctionName | get#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:26:13:26:25 | req.params.id | fileImports | express pg-promise | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:26:13:26:25 | req.params.id | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:26:13:26:25 | req.params.id | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:28:10:31:3 | {\\n t ... ter\\n } | CalleeFlexibleAccessPath | db.one | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:28:10:31:3 | {\\n t ... ter\\n } | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:28:10:31:3 | {\\n t ... ter\\n } | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:28:10:31:3 | {\\n t ... ter\\n } | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:28:10:31:3 | {\\n t ... ter\\n } | calleeImports | pg-promise | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:28:10:31:3 | {\\n t ... ter\\n } | contextFunctionInterfaces | cnd(t) | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:28:10:31:3 | {\\n t ... ter\\n } | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:28:10:31:3 | {\\n t ... ter\\n } | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db task cnd t t one query t t one query | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:28:10:31:3 | {\\n t ... ter\\n } | enclosingFunctionName | get#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:28:10:31:3 | {\\n t ... ter\\n } | fileImports | express pg-promise | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:28:10:31:3 | {\\n t ... ter\\n } | receiverName | db | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:28:10:31:3 | {\\n t ... ter\\n } | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:29:11:29:48 | 'SELECT ... $1:raw' | CalleeFlexibleAccessPath | db.one | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:29:11:29:48 | 'SELECT ... $1:raw' | InputAccessPathFromCallee | 0.text | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:29:11:29:48 | 'SELECT ... $1:raw' | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:29:11:29:48 | 'SELECT ... $1:raw' | assignedToPropName | text | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:29:11:29:48 | 'SELECT ... $1:raw' | calleeImports | pg-promise | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:29:11:29:48 | 'SELECT ... $1:raw' | contextFunctionInterfaces | cnd(t) | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:29:11:29:48 | 'SELECT ... $1:raw' | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:29:11:29:48 | 'SELECT ... $1:raw' | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db task cnd t t one query t t one query | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:29:11:29:48 | 'SELECT ... $1:raw' | enclosingFunctionName | get#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:29:11:29:48 | 'SELECT ... $1:raw' | fileImports | express pg-promise | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:29:11:29:48 | 'SELECT ... $1:raw' | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:29:11:29:48 | 'SELECT ... $1:raw' | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:30:13:30:25 | req.params.id | CalleeFlexibleAccessPath | db.one | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:30:13:30:25 | req.params.id | InputAccessPathFromCallee | 0.values | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:30:13:30:25 | req.params.id | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:30:13:30:25 | req.params.id | assignedToPropName | values | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:30:13:30:25 | req.params.id | calleeImports | pg-promise | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:30:13:30:25 | req.params.id | contextFunctionInterfaces | cnd(t) | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:30:13:30:25 | req.params.id | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:30:13:30:25 | req.params.id | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db task cnd t t one query t t one query | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:30:13:30:25 | req.params.id | enclosingFunctionName | get#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:30:13:30:25 | req.params.id | fileImports | express pg-promise | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:30:13:30:25 | req.params.id | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:30:13:30:25 | req.params.id | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:32:10:35:3 | {\\n t ... OK\\n } | CalleeFlexibleAccessPath | db.one | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:32:10:35:3 | {\\n t ... OK\\n } | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:32:10:35:3 | {\\n t ... OK\\n } | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:32:10:35:3 | {\\n t ... OK\\n } | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:32:10:35:3 | {\\n t ... OK\\n } | calleeImports | pg-promise | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:32:10:35:3 | {\\n t ... OK\\n } | contextFunctionInterfaces | cnd(t) | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:32:10:35:3 | {\\n t ... OK\\n } | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:32:10:35:3 | {\\n t ... OK\\n } | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db task cnd t t one query t t one query | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:32:10:35:3 | {\\n t ... OK\\n } | enclosingFunctionName | get#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:32:10:35:3 | {\\n t ... OK\\n } | fileImports | express pg-promise | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:32:10:35:3 | {\\n t ... OK\\n } | receiverName | db | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:32:10:35:3 | {\\n t ... OK\\n } | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:33:11:33:45 | 'SELECT ... = $1^' | CalleeFlexibleAccessPath | db.one | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:33:11:33:45 | 'SELECT ... = $1^' | InputAccessPathFromCallee | 0.text | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:33:11:33:45 | 'SELECT ... = $1^' | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:33:11:33:45 | 'SELECT ... = $1^' | assignedToPropName | text | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:33:11:33:45 | 'SELECT ... = $1^' | calleeImports | pg-promise | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:33:11:33:45 | 'SELECT ... = $1^' | contextFunctionInterfaces | cnd(t) | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:33:11:33:45 | 'SELECT ... = $1^' | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:33:11:33:45 | 'SELECT ... = $1^' | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db task cnd t t one query t t one query | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:33:11:33:45 | 'SELECT ... = $1^' | enclosingFunctionName | get#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:33:11:33:45 | 'SELECT ... = $1^' | fileImports | express pg-promise | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:33:11:33:45 | 'SELECT ... = $1^' | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:33:11:33:45 | 'SELECT ... = $1^' | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:34:13:34:25 | req.params.id | CalleeFlexibleAccessPath | db.one | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:34:13:34:25 | req.params.id | InputAccessPathFromCallee | 0.values | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:34:13:34:25 | req.params.id | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:34:13:34:25 | req.params.id | assignedToPropName | values | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:34:13:34:25 | req.params.id | calleeImports | pg-promise | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:34:13:34:25 | req.params.id | contextFunctionInterfaces | cnd(t) | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:34:13:34:25 | req.params.id | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:34:13:34:25 | req.params.id | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db task cnd t t one query t t one query | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:34:13:34:25 | req.params.id | enclosingFunctionName | get#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:34:13:34:25 | req.params.id | fileImports | express pg-promise | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:34:13:34:25 | req.params.id | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:34:13:34:25 | req.params.id | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:36:10:43:3 | {\\n t ... ]\\n } | CalleeFlexibleAccessPath | db.one | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:36:10:43:3 | {\\n t ... ]\\n } | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:36:10:43:3 | {\\n t ... ]\\n } | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:36:10:43:3 | {\\n t ... ]\\n } | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:36:10:43:3 | {\\n t ... ]\\n } | calleeImports | pg-promise | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:36:10:43:3 | {\\n t ... ]\\n } | contextFunctionInterfaces | cnd(t) | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:36:10:43:3 | {\\n t ... ]\\n } | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:36:10:43:3 | {\\n t ... ]\\n } | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db task cnd t t one query t t one query | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:36:10:43:3 | {\\n t ... ]\\n } | enclosingFunctionName | get#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:36:10:43:3 | {\\n t ... ]\\n } | fileImports | express pg-promise | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:36:10:43:3 | {\\n t ... ]\\n } | receiverName | db | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:36:10:43:3 | {\\n t ... ]\\n } | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:37:11:37:79 | 'SELECT ... o = $3' | CalleeFlexibleAccessPath | db.one | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:37:11:37:79 | 'SELECT ... o = $3' | InputAccessPathFromCallee | 0.text | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:37:11:37:79 | 'SELECT ... o = $3' | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:37:11:37:79 | 'SELECT ... o = $3' | assignedToPropName | text | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:37:11:37:79 | 'SELECT ... o = $3' | calleeImports | pg-promise | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:37:11:37:79 | 'SELECT ... o = $3' | contextFunctionInterfaces | cnd(t) | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:37:11:37:79 | 'SELECT ... o = $3' | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:37:11:37:79 | 'SELECT ... o = $3' | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db task cnd t t one query t t one query | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:37:11:37:79 | 'SELECT ... o = $3' | enclosingFunctionName | get#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:37:11:37:79 | 'SELECT ... o = $3' | fileImports | express pg-promise | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:37:11:37:79 | 'SELECT ... o = $3' | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:37:11:37:79 | 'SELECT ... o = $3' | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:38:13:42:5 | [\\n ... n\\n ] | CalleeFlexibleAccessPath | db.one | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:38:13:42:5 | [\\n ... n\\n ] | InputAccessPathFromCallee | 0.values | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:38:13:42:5 | [\\n ... n\\n ] | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:38:13:42:5 | [\\n ... n\\n ] | assignedToPropName | values | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:38:13:42:5 | [\\n ... n\\n ] | calleeImports | pg-promise | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:38:13:42:5 | [\\n ... n\\n ] | contextFunctionInterfaces | cnd(t) | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:38:13:42:5 | [\\n ... n\\n ] | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:38:13:42:5 | [\\n ... n\\n ] | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db task cnd t t one query t t one query | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:38:13:42:5 | [\\n ... n\\n ] | enclosingFunctionName | get#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:38:13:42:5 | [\\n ... n\\n ] | fileImports | express pg-promise | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:38:13:42:5 | [\\n ... n\\n ] | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:38:13:42:5 | [\\n ... n\\n ] | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:39:7:39:19 | req.params.id | CalleeFlexibleAccessPath | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:39:7:39:19 | req.params.id | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:39:7:39:19 | req.params.id | InputArgumentIndex | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:39:7:39:19 | req.params.id | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:39:7:39:19 | req.params.id | calleeImports | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:39:7:39:19 | req.params.id | contextFunctionInterfaces | cnd(t) | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:39:7:39:19 | req.params.id | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:39:7:39:19 | req.params.id | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db task cnd t t one query t t one query | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:39:7:39:19 | req.params.id | enclosingFunctionName | get#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:39:7:39:19 | req.params.id | fileImports | express pg-promise | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:39:7:39:19 | req.params.id | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:39:7:39:19 | req.params.id | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:40:7:40:21 | req.params.name | CalleeFlexibleAccessPath | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:40:7:40:21 | req.params.name | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:40:7:40:21 | req.params.name | InputArgumentIndex | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:40:7:40:21 | req.params.name | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:40:7:40:21 | req.params.name | calleeImports | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:40:7:40:21 | req.params.name | contextFunctionInterfaces | cnd(t) | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:40:7:40:21 | req.params.name | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:40:7:40:21 | req.params.name | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db task cnd t t one query t t one query | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:40:7:40:21 | req.params.name | enclosingFunctionName | get#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:40:7:40:21 | req.params.name | fileImports | express pg-promise | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:40:7:40:21 | req.params.name | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:40:7:40:21 | req.params.name | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:41:7:41:20 | req.params.foo | CalleeFlexibleAccessPath | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:41:7:41:20 | req.params.foo | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:41:7:41:20 | req.params.foo | InputArgumentIndex | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:41:7:41:20 | req.params.foo | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:41:7:41:20 | req.params.foo | calleeImports | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:41:7:41:20 | req.params.foo | contextFunctionInterfaces | cnd(t) | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:41:7:41:20 | req.params.foo | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:41:7:41:20 | req.params.foo | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db task cnd t t one query t t one query | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:41:7:41:20 | req.params.foo | enclosingFunctionName | get#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:41:7:41:20 | req.params.foo | fileImports | express pg-promise | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:41:7:41:20 | req.params.foo | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:41:7:41:20 | req.params.foo | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:44:10:50:3 | {\\n t ... }\\n } | CalleeFlexibleAccessPath | db.one | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:44:10:50:3 | {\\n t ... }\\n } | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:44:10:50:3 | {\\n t ... }\\n } | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:44:10:50:3 | {\\n t ... }\\n } | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:44:10:50:3 | {\\n t ... }\\n } | calleeImports | pg-promise | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:44:10:50:3 | {\\n t ... }\\n } | contextFunctionInterfaces | cnd(t) | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:44:10:50:3 | {\\n t ... }\\n } | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:44:10:50:3 | {\\n t ... }\\n } | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db task cnd t t one query t t one query | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:44:10:50:3 | {\\n t ... }\\n } | enclosingFunctionName | get#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:44:10:50:3 | {\\n t ... }\\n } | fileImports | express pg-promise | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:44:10:50:3 | {\\n t ... }\\n } | receiverName | db | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:44:10:50:3 | {\\n t ... }\\n } | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:45:11:45:70 | 'SELECT ... {name}' | CalleeFlexibleAccessPath | db.one | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:45:11:45:70 | 'SELECT ... {name}' | InputAccessPathFromCallee | 0.text | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:45:11:45:70 | 'SELECT ... {name}' | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:45:11:45:70 | 'SELECT ... {name}' | assignedToPropName | text | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:45:11:45:70 | 'SELECT ... {name}' | calleeImports | pg-promise | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:45:11:45:70 | 'SELECT ... {name}' | contextFunctionInterfaces | cnd(t) | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:45:11:45:70 | 'SELECT ... {name}' | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:45:11:45:70 | 'SELECT ... {name}' | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db task cnd t t one query t t one query | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:45:11:45:70 | 'SELECT ... {name}' | enclosingFunctionName | get#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:45:11:45:70 | 'SELECT ... {name}' | fileImports | express pg-promise | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:45:11:45:70 | 'SELECT ... {name}' | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:45:11:45:70 | 'SELECT ... {name}' | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:46:13:49:5 | {\\n ... n\\n } | CalleeFlexibleAccessPath | db.one | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:46:13:49:5 | {\\n ... n\\n } | InputAccessPathFromCallee | 0.values | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:46:13:49:5 | {\\n ... n\\n } | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:46:13:49:5 | {\\n ... n\\n } | assignedToPropName | values | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:46:13:49:5 | {\\n ... n\\n } | calleeImports | pg-promise | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:46:13:49:5 | {\\n ... n\\n } | contextFunctionInterfaces | cnd(t) | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:46:13:49:5 | {\\n ... n\\n } | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:46:13:49:5 | {\\n ... n\\n } | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db task cnd t t one query t t one query | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:46:13:49:5 | {\\n ... n\\n } | enclosingFunctionName | get#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:46:13:49:5 | {\\n ... n\\n } | fileImports | express pg-promise | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:46:13:49:5 | {\\n ... n\\n } | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:46:13:49:5 | {\\n ... n\\n } | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:47:11:47:23 | req.params.id | CalleeFlexibleAccessPath | db.one | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:47:11:47:23 | req.params.id | InputAccessPathFromCallee | 0.values.id | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:47:11:47:23 | req.params.id | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:47:11:47:23 | req.params.id | assignedToPropName | id | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:47:11:47:23 | req.params.id | calleeImports | pg-promise | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:47:11:47:23 | req.params.id | contextFunctionInterfaces | cnd(t) | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:47:11:47:23 | req.params.id | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:47:11:47:23 | req.params.id | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db task cnd t t one query t t one query | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:47:11:47:23 | req.params.id | enclosingFunctionName | get#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:47:11:47:23 | req.params.id | fileImports | express pg-promise | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:47:11:47:23 | req.params.id | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:47:11:47:23 | req.params.id | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:48:13:48:27 | req.params.name | CalleeFlexibleAccessPath | db.one | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:48:13:48:27 | req.params.name | InputAccessPathFromCallee | 0.values.name | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:48:13:48:27 | req.params.name | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:48:13:48:27 | req.params.name | assignedToPropName | name | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:48:13:48:27 | req.params.name | calleeImports | pg-promise | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:48:13:48:27 | req.params.name | contextFunctionInterfaces | cnd(t) | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:48:13:48:27 | req.params.name | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:48:13:48:27 | req.params.name | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db task cnd t t one query t t one query | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:48:13:48:27 | req.params.name | enclosingFunctionName | get#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:48:13:48:27 | req.params.name | fileImports | express pg-promise | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:48:13:48:27 | req.params.name | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:48:13:48:27 | req.params.name | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:51:10:58:3 | {\\n t ... }\\n } | CalleeFlexibleAccessPath | db.one | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:51:10:58:3 | {\\n t ... }\\n } | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:51:10:58:3 | {\\n t ... }\\n } | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:51:10:58:3 | {\\n t ... }\\n } | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:51:10:58:3 | {\\n t ... }\\n } | calleeImports | pg-promise | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:51:10:58:3 | {\\n t ... }\\n } | contextFunctionInterfaces | cnd(t) | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:51:10:58:3 | {\\n t ... }\\n } | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:51:10:58:3 | {\\n t ... }\\n } | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db task cnd t t one query t t one query | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:51:10:58:3 | {\\n t ... }\\n } | enclosingFunctionName | get#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:51:10:58:3 | {\\n t ... }\\n } | fileImports | express pg-promise | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:51:10:58:3 | {\\n t ... }\\n } | receiverName | db | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:51:10:58:3 | {\\n t ... }\\n } | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:52:11:52:121 | "SELECT ... lue%\\"" | CalleeFlexibleAccessPath | db.one | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:52:11:52:121 | "SELECT ... lue%\\"" | InputAccessPathFromCallee | 0.text | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:52:11:52:121 | "SELECT ... lue%\\"" | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:52:11:52:121 | "SELECT ... lue%\\"" | assignedToPropName | text | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:52:11:52:121 | "SELECT ... lue%\\"" | calleeImports | pg-promise | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:52:11:52:121 | "SELECT ... lue%\\"" | contextFunctionInterfaces | cnd(t) | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:52:11:52:121 | "SELECT ... lue%\\"" | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:52:11:52:121 | "SELECT ... lue%\\"" | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db task cnd t t one query t t one query | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:52:11:52:121 | "SELECT ... lue%\\"" | enclosingFunctionName | get#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:52:11:52:121 | "SELECT ... lue%\\"" | fileImports | express pg-promise | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:52:11:52:121 | "SELECT ... lue%\\"" | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:52:11:52:121 | "SELECT ... lue%\\"" | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:53:13:57:5 | {\\n ... e\\n } | CalleeFlexibleAccessPath | db.one | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:53:13:57:5 | {\\n ... e\\n } | InputAccessPathFromCallee | 0.values | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:53:13:57:5 | {\\n ... e\\n } | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:53:13:57:5 | {\\n ... e\\n } | assignedToPropName | values | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:53:13:57:5 | {\\n ... e\\n } | calleeImports | pg-promise | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:53:13:57:5 | {\\n ... e\\n } | contextFunctionInterfaces | cnd(t) | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:53:13:57:5 | {\\n ... e\\n } | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:53:13:57:5 | {\\n ... e\\n } | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db task cnd t t one query t t one query | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:53:13:57:5 | {\\n ... e\\n } | enclosingFunctionName | get#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:53:13:57:5 | {\\n ... e\\n } | fileImports | express pg-promise | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:53:13:57:5 | {\\n ... e\\n } | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:53:13:57:5 | {\\n ... e\\n } | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:54:11:54:23 | req.params.id | CalleeFlexibleAccessPath | db.one | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:54:11:54:23 | req.params.id | InputAccessPathFromCallee | 0.values.id | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:54:11:54:23 | req.params.id | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:54:11:54:23 | req.params.id | assignedToPropName | id | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:54:11:54:23 | req.params.id | calleeImports | pg-promise | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:54:11:54:23 | req.params.id | contextFunctionInterfaces | cnd(t) | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:54:11:54:23 | req.params.id | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:54:11:54:23 | req.params.id | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db task cnd t t one query t t one query | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:54:11:54:23 | req.params.id | enclosingFunctionName | get#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:54:11:54:23 | req.params.id | fileImports | express pg-promise | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:54:11:54:23 | req.params.id | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:54:11:54:23 | req.params.id | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:55:13:55:27 | req.params.name | CalleeFlexibleAccessPath | db.one | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:55:13:55:27 | req.params.name | InputAccessPathFromCallee | 0.values.name | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:55:13:55:27 | req.params.name | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:55:13:55:27 | req.params.name | assignedToPropName | name | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:55:13:55:27 | req.params.name | calleeImports | pg-promise | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:55:13:55:27 | req.params.name | contextFunctionInterfaces | cnd(t) | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:55:13:55:27 | req.params.name | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:55:13:55:27 | req.params.name | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db task cnd t t one query t t one query | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:55:13:55:27 | req.params.name | enclosingFunctionName | get#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:55:13:55:27 | req.params.name | fileImports | express pg-promise | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:55:13:55:27 | req.params.name | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:55:13:55:27 | req.params.name | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:56:14:56:29 | req.params.title | CalleeFlexibleAccessPath | db.one | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:56:14:56:29 | req.params.title | InputAccessPathFromCallee | 0.values.title | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:56:14:56:29 | req.params.title | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:56:14:56:29 | req.params.title | assignedToPropName | title | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:56:14:56:29 | req.params.title | calleeImports | pg-promise | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:56:14:56:29 | req.params.title | contextFunctionInterfaces | cnd(t) | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:56:14:56:29 | req.params.title | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:56:14:56:29 | req.params.title | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db task cnd t t one query t t one query | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:56:14:56:29 | req.params.title | enclosingFunctionName | get#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:56:14:56:29 | req.params.title | fileImports | express pg-promise | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:56:14:56:29 | req.params.title | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:56:14:56:29 | req.params.title | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:59:11:61:3 | t => {\\n ... OK\\n } | CalleeFlexibleAccessPath | db.task | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:59:11:61:3 | t => {\\n ... OK\\n } | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:59:11:61:3 | t => {\\n ... OK\\n } | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:59:11:61:3 | t => {\\n ... OK\\n } | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:59:11:61:3 | t => {\\n ... OK\\n } | calleeImports | pg-promise | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:59:11:61:3 | t => {\\n ... OK\\n } | contextFunctionInterfaces | cnd(t) | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:59:11:61:3 | t => {\\n ... OK\\n } | contextSurroundingFunctionParameters | (req, res)\n(t) | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:59:11:61:3 | t => {\\n ... OK\\n } | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db task cnd t t one query t t one query | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:59:11:61:3 | t => {\\n ... OK\\n } | enclosingFunctionName | get#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:59:11:61:3 | t => {\\n ... OK\\n } | fileImports | express pg-promise | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:59:11:61:3 | t => {\\n ... OK\\n } | receiverName | db | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:59:11:61:3 | t => {\\n ... OK\\n } | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:60:20:60:24 | query | CalleeFlexibleAccessPath | t.one | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:60:20:60:24 | query | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:60:20:60:24 | query | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:60:20:60:24 | query | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:60:20:60:24 | query | calleeImports | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:60:20:60:24 | query | contextFunctionInterfaces | cnd(t) | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:60:20:60:24 | query | contextSurroundingFunctionParameters | (req, res)\n(t) | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:60:20:60:24 | query | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db task cnd t t one query t t one query | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:60:20:60:24 | query | enclosingFunctionName | get#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:60:20:60:24 | query | fileImports | express pg-promise | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:60:20:60:24 | query | receiverName | t | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:60:20:60:24 | query | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:63:5:63:30 | { cnd: ... uery) } | CalleeFlexibleAccessPath | db.task | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:63:5:63:30 | { cnd: ... uery) } | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:63:5:63:30 | { cnd: ... uery) } | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:63:5:63:30 | { cnd: ... uery) } | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:63:5:63:30 | { cnd: ... uery) } | calleeImports | pg-promise | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:63:5:63:30 | { cnd: ... uery) } | contextFunctionInterfaces | cnd(t) | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:63:5:63:30 | { cnd: ... uery) } | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:63:5:63:30 | { cnd: ... uery) } | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db task cnd t t one query t t one query | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:63:5:63:30 | { cnd: ... uery) } | enclosingFunctionName | get#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:63:5:63:30 | { cnd: ... uery) } | fileImports | express pg-promise | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:63:5:63:30 | { cnd: ... uery) } | receiverName | db | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:63:5:63:30 | { cnd: ... uery) } | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:63:12:63:28 | t => t.one(query) | CalleeFlexibleAccessPath | db.task | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:63:12:63:28 | t => t.one(query) | InputAccessPathFromCallee | 0.cnd | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:63:12:63:28 | t => t.one(query) | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:63:12:63:28 | t => t.one(query) | assignedToPropName | cnd | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:63:12:63:28 | t => t.one(query) | calleeImports | pg-promise | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:63:12:63:28 | t => t.one(query) | contextFunctionInterfaces | cnd(t) | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:63:12:63:28 | t => t.one(query) | contextSurroundingFunctionParameters | (req, res)\n(t) | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:63:12:63:28 | t => t.one(query) | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db task cnd t t one query t t one query | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:63:12:63:28 | t => t.one(query) | enclosingFunctionName | get#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:63:12:63:28 | t => t.one(query) | fileImports | express pg-promise | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:63:12:63:28 | t => t.one(query) | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:63:12:63:28 | t => t.one(query) | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:63:23:63:27 | query | CalleeFlexibleAccessPath | t.one | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:63:23:63:27 | query | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:63:23:63:27 | query | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:63:23:63:27 | query | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:63:23:63:27 | query | calleeImports | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:63:23:63:27 | query | contextFunctionInterfaces | cnd(t) | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:63:23:63:27 | query | contextSurroundingFunctionParameters | (req, res)\n(t) | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:63:23:63:27 | query | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db task cnd t t one query t t one query | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:63:23:63:27 | query | enclosingFunctionName | get#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:63:23:63:27 | query | fileImports | express pg-promise | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:63:23:63:27 | query | receiverName | t | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:63:23:63:27 | query | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:64:5:64:21 | t => t.one(query) | CalleeFlexibleAccessPath | db.task | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:64:5:64:21 | t => t.one(query) | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:64:5:64:21 | t => t.one(query) | InputArgumentIndex | 1 | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:64:5:64:21 | t => t.one(query) | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:64:5:64:21 | t => t.one(query) | calleeImports | pg-promise | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:64:5:64:21 | t => t.one(query) | contextFunctionInterfaces | cnd(t) | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:64:5:64:21 | t => t.one(query) | contextSurroundingFunctionParameters | (req, res)\n(t) | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:64:5:64:21 | t => t.one(query) | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db task cnd t t one query t t one query | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:64:5:64:21 | t => t.one(query) | enclosingFunctionName | get#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:64:5:64:21 | t => t.one(query) | fileImports | express pg-promise | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:64:5:64:21 | t => t.one(query) | receiverName | db | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:64:5:64:21 | t => t.one(query) | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:64:16:64:20 | query | CalleeFlexibleAccessPath | t.one | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:64:16:64:20 | query | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:64:16:64:20 | query | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:64:16:64:20 | query | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:64:16:64:20 | query | calleeImports | | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:64:16:64:20 | query | contextFunctionInterfaces | cnd(t) | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:64:16:64:20 | query | contextSurroundingFunctionParameters | (req, res)\n(t) | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:64:16:64:20 | query | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db task cnd t t one query t t one query | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:64:16:64:20 | query | enclosingFunctionName | get#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:64:16:64:20 | query | fileImports | express pg-promise | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:64:16:64:20 | query | receiverName | t | -| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:64:16:64:20 | query | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:2:23:2:29 | "redis" | CalleeFlexibleAccessPath | require | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:2:23:2:29 | "redis" | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:2:23:2:29 | "redis" | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:2:23:2:29 | "redis" | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:2:23:2:29 | "redis" | calleeImports | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:2:23:2:29 | "redis" | contextFunctionInterfaces | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:2:23:2:29 | "redis" | contextSurroundingFunctionParameters | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:2:23:2:29 | "redis" | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:2:23:2:29 | "redis" | enclosingFunctionName | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:2:23:2:29 | "redis" | fileImports | body-parser express redis util | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:2:23:2:29 | "redis" | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:2:23:2:29 | "redis" | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:5:25:5:33 | 'express' | CalleeFlexibleAccessPath | require | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:5:25:5:33 | 'express' | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:5:25:5:33 | 'express' | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:5:25:5:33 | 'express' | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:5:25:5:33 | 'express' | calleeImports | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:5:25:5:33 | 'express' | contextFunctionInterfaces | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:5:25:5:33 | 'express' | contextSurroundingFunctionParameters | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:5:25:5:33 | 'express' | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:5:25:5:33 | 'express' | enclosingFunctionName | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:5:25:5:33 | 'express' | fileImports | body-parser express redis util | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:5:25:5:33 | 'express' | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:5:25:5:33 | 'express' | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:7:9:7:37 | require ... .json() | CalleeFlexibleAccessPath | app.use | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:7:9:7:37 | require ... .json() | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:7:9:7:37 | require ... .json() | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:7:9:7:37 | require ... .json() | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:7:9:7:37 | require ... .json() | calleeImports | express | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:7:9:7:37 | require ... .json() | contextFunctionInterfaces | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:7:9:7:37 | require ... .json() | contextSurroundingFunctionParameters | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:7:9:7:37 | require ... .json() | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:7:9:7:37 | require ... .json() | enclosingFunctionName | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:7:9:7:37 | require ... .json() | fileImports | body-parser express redis util | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:7:9:7:37 | require ... .json() | receiverName | app | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:7:9:7:37 | require ... .json() | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:7:17:7:29 | 'body-parser' | CalleeFlexibleAccessPath | require | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:7:17:7:29 | 'body-parser' | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:7:17:7:29 | 'body-parser' | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:7:17:7:29 | 'body-parser' | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:7:17:7:29 | 'body-parser' | calleeImports | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:7:17:7:29 | 'body-parser' | contextFunctionInterfaces | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:7:17:7:29 | 'body-parser' | contextSurroundingFunctionParameters | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:7:17:7:29 | 'body-parser' | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:7:17:7:29 | 'body-parser' | enclosingFunctionName | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:7:17:7:29 | 'body-parser' | fileImports | body-parser express redis util | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:7:17:7:29 | 'body-parser' | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:7:17:7:29 | 'body-parser' | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:9:10:9:26 | '/documents/find' | CalleeFlexibleAccessPath | app.post | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:9:10:9:26 | '/documents/find' | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:9:10:9:26 | '/documents/find' | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:9:10:9:26 | '/documents/find' | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:9:10:9:26 | '/documents/find' | calleeImports | express | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:9:10:9:26 | '/documents/find' | contextFunctionInterfaces | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:9:10:9:26 | '/documents/find' | contextSurroundingFunctionParameters | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:9:10:9:26 | '/documents/find' | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:9:10:9:26 | '/documents/find' | enclosingFunctionName | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:9:10:9:26 | '/documents/find' | fileImports | body-parser express redis util | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:9:10:9:26 | '/documents/find' | receiverName | app | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:9:10:9:26 | '/documents/find' | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:9:29:33:1 | (req, r ... OT OK\\n} | CalleeFlexibleAccessPath | app.post | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:9:29:33:1 | (req, r ... OT OK\\n} | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:9:29:33:1 | (req, r ... OT OK\\n} | InputArgumentIndex | 1 | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:9:29:33:1 | (req, r ... OT OK\\n} | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:9:29:33:1 | (req, r ... OT OK\\n} | calleeImports | express | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:9:29:33:1 | (req, r ... OT OK\\n} | contextFunctionInterfaces | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:9:29:33:1 | (req, r ... OT OK\\n} | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:9:29:33:1 | (req, r ... OT OK\\n} | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:9:29:33:1 | (req, r ... OT OK\\n} | enclosingFunctionName | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:9:29:33:1 | (req, r ... OT OK\\n} | fileImports | body-parser express redis util | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:9:29:33:1 | (req, r ... OT OK\\n} | receiverName | app | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:9:29:33:1 | (req, r ... OT OK\\n} | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:10:16:10:27 | req.body.key | CalleeFlexibleAccessPath | client.set | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:10:16:10:27 | req.body.key | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:10:16:10:27 | req.body.key | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:10:16:10:27 | req.body.key | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:10:16:10:27 | req.body.key | calleeImports | redis | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:10:16:10:27 | req.body.key | contextFunctionInterfaces | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:10:16:10:27 | req.body.key | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:10:16:10:27 | req.body.key | enclosingFunctionBody | req res client set req body key value key req body key key string client set key value client set key value client set key value client hmset key field value key value2 client multi set constant value set key value get key exec err replies client duplicate err newClient newClient set key value client duplicate set key value | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:10:16:10:27 | req.body.key | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:10:16:10:27 | req.body.key | fileImports | body-parser express redis util | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:10:16:10:27 | req.body.key | receiverName | client | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:10:16:10:27 | req.body.key | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:10:30:10:36 | "value" | CalleeFlexibleAccessPath | client.set | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:10:30:10:36 | "value" | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:10:30:10:36 | "value" | InputArgumentIndex | 1 | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:10:30:10:36 | "value" | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:10:30:10:36 | "value" | calleeImports | redis | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:10:30:10:36 | "value" | contextFunctionInterfaces | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:10:30:10:36 | "value" | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:10:30:10:36 | "value" | enclosingFunctionBody | req res client set req body key value key req body key key string client set key value client set key value client set key value client hmset key field value key value2 client multi set constant value set key value get key exec err replies client duplicate err newClient newClient set key value client duplicate set key value | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:10:30:10:36 | "value" | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:10:30:10:36 | "value" | fileImports | body-parser express redis util | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:10:30:10:36 | "value" | receiverName | client | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:10:30:10:36 | "value" | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:14:20:14:22 | key | CalleeFlexibleAccessPath | client.set | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:14:20:14:22 | key | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:14:20:14:22 | key | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:14:20:14:22 | key | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:14:20:14:22 | key | calleeImports | redis | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:14:20:14:22 | key | contextFunctionInterfaces | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:14:20:14:22 | key | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:14:20:14:22 | key | enclosingFunctionBody | req res client set req body key value key req body key key string client set key value client set key value client set key value client hmset key field value key value2 client multi set constant value set key value get key exec err replies client duplicate err newClient newClient set key value client duplicate set key value | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:14:20:14:22 | key | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:14:20:14:22 | key | fileImports | body-parser express redis util | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:14:20:14:22 | key | receiverName | client | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:14:20:14:22 | key | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:14:25:14:31 | "value" | CalleeFlexibleAccessPath | client.set | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:14:25:14:31 | "value" | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:14:25:14:31 | "value" | InputArgumentIndex | 1 | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:14:25:14:31 | "value" | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:14:25:14:31 | "value" | calleeImports | redis | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:14:25:14:31 | "value" | contextFunctionInterfaces | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:14:25:14:31 | "value" | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:14:25:14:31 | "value" | enclosingFunctionBody | req res client set req body key value key req body key key string client set key value client set key value client set key value client hmset key field value key value2 client multi set constant value set key value get key exec err replies client duplicate err newClient newClient set key value client duplicate set key value | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:14:25:14:31 | "value" | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:14:25:14:31 | "value" | fileImports | body-parser express redis util | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:14:25:14:31 | "value" | receiverName | client | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:14:25:14:31 | "value" | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:15:20:15:35 | ["key", "value"] | CalleeFlexibleAccessPath | client.set | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:15:20:15:35 | ["key", "value"] | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:15:20:15:35 | ["key", "value"] | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:15:20:15:35 | ["key", "value"] | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:15:20:15:35 | ["key", "value"] | calleeImports | redis | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:15:20:15:35 | ["key", "value"] | contextFunctionInterfaces | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:15:20:15:35 | ["key", "value"] | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:15:20:15:35 | ["key", "value"] | enclosingFunctionBody | req res client set req body key value key req body key key string client set key value client set key value client set key value client hmset key field value key value2 client multi set constant value set key value get key exec err replies client duplicate err newClient newClient set key value client duplicate set key value | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:15:20:15:35 | ["key", "value"] | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:15:20:15:35 | ["key", "value"] | fileImports | body-parser express redis util | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:15:20:15:35 | ["key", "value"] | receiverName | client | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:15:20:15:35 | ["key", "value"] | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:15:21:15:25 | "key" | CalleeFlexibleAccessPath | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:15:21:15:25 | "key" | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:15:21:15:25 | "key" | InputArgumentIndex | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:15:21:15:25 | "key" | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:15:21:15:25 | "key" | calleeImports | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:15:21:15:25 | "key" | contextFunctionInterfaces | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:15:21:15:25 | "key" | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:15:21:15:25 | "key" | enclosingFunctionBody | req res client set req body key value key req body key key string client set key value client set key value client set key value client hmset key field value key value2 client multi set constant value set key value get key exec err replies client duplicate err newClient newClient set key value client duplicate set key value | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:15:21:15:25 | "key" | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:15:21:15:25 | "key" | fileImports | body-parser express redis util | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:15:21:15:25 | "key" | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:15:21:15:25 | "key" | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:15:28:15:34 | "value" | CalleeFlexibleAccessPath | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:15:28:15:34 | "value" | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:15:28:15:34 | "value" | InputArgumentIndex | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:15:28:15:34 | "value" | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:15:28:15:34 | "value" | calleeImports | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:15:28:15:34 | "value" | contextFunctionInterfaces | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:15:28:15:34 | "value" | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:15:28:15:34 | "value" | enclosingFunctionBody | req res client set req body key value key req body key key string client set key value client set key value client set key value client hmset key field value key value2 client multi set constant value set key value get key exec err replies client duplicate err newClient newClient set key value client duplicate set key value | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:15:28:15:34 | "value" | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:15:28:15:34 | "value" | fileImports | body-parser express redis util | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:15:28:15:34 | "value" | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:15:28:15:34 | "value" | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:18:16:18:18 | key | CalleeFlexibleAccessPath | client.set | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:18:16:18:18 | key | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:18:16:18:18 | key | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:18:16:18:18 | key | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:18:16:18:18 | key | calleeImports | redis | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:18:16:18:18 | key | contextFunctionInterfaces | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:18:16:18:18 | key | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:18:16:18:18 | key | enclosingFunctionBody | req res client set req body key value key req body key key string client set key value client set key value client set key value client hmset key field value key value2 client multi set constant value set key value get key exec err replies client duplicate err newClient newClient set key value client duplicate set key value | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:18:16:18:18 | key | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:18:16:18:18 | key | fileImports | body-parser express redis util | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:18:16:18:18 | key | receiverName | client | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:18:16:18:18 | key | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:18:21:18:27 | "value" | CalleeFlexibleAccessPath | client.set | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:18:21:18:27 | "value" | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:18:21:18:27 | "value" | InputArgumentIndex | 1 | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:18:21:18:27 | "value" | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:18:21:18:27 | "value" | calleeImports | redis | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:18:21:18:27 | "value" | contextFunctionInterfaces | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:18:21:18:27 | "value" | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:18:21:18:27 | "value" | enclosingFunctionBody | req res client set req body key value key req body key key string client set key value client set key value client set key value client hmset key field value key value2 client multi set constant value set key value get key exec err replies client duplicate err newClient newClient set key value client duplicate set key value | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:18:21:18:27 | "value" | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:18:21:18:27 | "value" | fileImports | body-parser express redis util | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:18:21:18:27 | "value" | receiverName | client | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:18:21:18:27 | "value" | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:19:18:19:22 | "key" | CalleeFlexibleAccessPath | client.hmset | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:19:18:19:22 | "key" | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:19:18:19:22 | "key" | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:19:18:19:22 | "key" | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:19:18:19:22 | "key" | calleeImports | redis | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:19:18:19:22 | "key" | contextFunctionInterfaces | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:19:18:19:22 | "key" | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:19:18:19:22 | "key" | enclosingFunctionBody | req res client set req body key value key req body key key string client set key value client set key value client set key value client hmset key field value key value2 client multi set constant value set key value get key exec err replies client duplicate err newClient newClient set key value client duplicate set key value | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:19:18:19:22 | "key" | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:19:18:19:22 | "key" | fileImports | body-parser express redis util | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:19:18:19:22 | "key" | receiverName | client | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:19:18:19:22 | "key" | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:19:25:19:31 | "field" | CalleeFlexibleAccessPath | client.hmset | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:19:25:19:31 | "field" | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:19:25:19:31 | "field" | InputArgumentIndex | 1 | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:19:25:19:31 | "field" | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:19:25:19:31 | "field" | calleeImports | redis | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:19:25:19:31 | "field" | contextFunctionInterfaces | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:19:25:19:31 | "field" | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:19:25:19:31 | "field" | enclosingFunctionBody | req res client set req body key value key req body key key string client set key value client set key value client set key value client hmset key field value key value2 client multi set constant value set key value get key exec err replies client duplicate err newClient newClient set key value client duplicate set key value | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:19:25:19:31 | "field" | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:19:25:19:31 | "field" | fileImports | body-parser express redis util | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:19:25:19:31 | "field" | receiverName | client | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:19:25:19:31 | "field" | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:19:34:19:40 | "value" | CalleeFlexibleAccessPath | client.hmset | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:19:34:19:40 | "value" | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:19:34:19:40 | "value" | InputArgumentIndex | 2 | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:19:34:19:40 | "value" | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:19:34:19:40 | "value" | calleeImports | redis | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:19:34:19:40 | "value" | contextFunctionInterfaces | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:19:34:19:40 | "value" | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:19:34:19:40 | "value" | enclosingFunctionBody | req res client set req body key value key req body key key string client set key value client set key value client set key value client hmset key field value key value2 client multi set constant value set key value get key exec err replies client duplicate err newClient newClient set key value client duplicate set key value | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:19:34:19:40 | "value" | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:19:34:19:40 | "value" | fileImports | body-parser express redis util | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:19:34:19:40 | "value" | receiverName | client | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:19:34:19:40 | "value" | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:19:43:19:45 | key | CalleeFlexibleAccessPath | client.hmset | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:19:43:19:45 | key | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:19:43:19:45 | key | InputArgumentIndex | 3 | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:19:43:19:45 | key | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:19:43:19:45 | key | calleeImports | redis | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:19:43:19:45 | key | contextFunctionInterfaces | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:19:43:19:45 | key | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:19:43:19:45 | key | enclosingFunctionBody | req res client set req body key value key req body key key string client set key value client set key value client set key value client hmset key field value key value2 client multi set constant value set key value get key exec err replies client duplicate err newClient newClient set key value client duplicate set key value | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:19:43:19:45 | key | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:19:43:19:45 | key | fileImports | body-parser express redis util | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:19:43:19:45 | key | receiverName | client | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:19:43:19:45 | key | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:19:48:19:55 | "value2" | CalleeFlexibleAccessPath | client.hmset | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:19:48:19:55 | "value2" | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:19:48:19:55 | "value2" | InputArgumentIndex | 4 | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:19:48:19:55 | "value2" | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:19:48:19:55 | "value2" | calleeImports | redis | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:19:48:19:55 | "value2" | contextFunctionInterfaces | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:19:48:19:55 | "value2" | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:19:48:19:55 | "value2" | enclosingFunctionBody | req res client set req body key value key req body key key string client set key value client set key value client set key value client hmset key field value key value2 client multi set constant value set key value get key exec err replies client duplicate err newClient newClient set key value client duplicate set key value | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:19:48:19:55 | "value2" | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:19:48:19:55 | "value2" | fileImports | body-parser express redis util | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:19:48:19:55 | "value2" | receiverName | client | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:19:48:19:55 | "value2" | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:24:14:24:23 | "constant" | CalleeFlexibleAccessPath | client.multi().set | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:24:14:24:23 | "constant" | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:24:14:24:23 | "constant" | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:24:14:24:23 | "constant" | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:24:14:24:23 | "constant" | calleeImports | redis | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:24:14:24:23 | "constant" | contextFunctionInterfaces | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:24:14:24:23 | "constant" | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:24:14:24:23 | "constant" | enclosingFunctionBody | req res client set req body key value key req body key key string client set key value client set key value client set key value client hmset key field value key value2 client multi set constant value set key value get key exec err replies client duplicate err newClient newClient set key value client duplicate set key value | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:24:14:24:23 | "constant" | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:24:14:24:23 | "constant" | fileImports | body-parser express redis util | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:24:14:24:23 | "constant" | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:24:14:24:23 | "constant" | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:24:26:24:32 | "value" | CalleeFlexibleAccessPath | client.multi().set | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:24:26:24:32 | "value" | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:24:26:24:32 | "value" | InputArgumentIndex | 1 | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:24:26:24:32 | "value" | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:24:26:24:32 | "value" | calleeImports | redis | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:24:26:24:32 | "value" | contextFunctionInterfaces | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:24:26:24:32 | "value" | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:24:26:24:32 | "value" | enclosingFunctionBody | req res client set req body key value key req body key key string client set key value client set key value client set key value client hmset key field value key value2 client multi set constant value set key value get key exec err replies client duplicate err newClient newClient set key value client duplicate set key value | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:24:26:24:32 | "value" | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:24:26:24:32 | "value" | fileImports | body-parser express redis util | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:24:26:24:32 | "value" | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:24:26:24:32 | "value" | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:25:14:25:16 | key | CalleeFlexibleAccessPath | client.multi().set().set | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:25:14:25:16 | key | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:25:14:25:16 | key | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:25:14:25:16 | key | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:25:14:25:16 | key | calleeImports | redis | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:25:14:25:16 | key | contextFunctionInterfaces | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:25:14:25:16 | key | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:25:14:25:16 | key | enclosingFunctionBody | req res client set req body key value key req body key key string client set key value client set key value client set key value client hmset key field value key value2 client multi set constant value set key value get key exec err replies client duplicate err newClient newClient set key value client duplicate set key value | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:25:14:25:16 | key | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:25:14:25:16 | key | fileImports | body-parser express redis util | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:25:14:25:16 | key | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:25:14:25:16 | key | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:25:19:25:25 | "value" | CalleeFlexibleAccessPath | client.multi().set().set | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:25:19:25:25 | "value" | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:25:19:25:25 | "value" | InputArgumentIndex | 1 | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:25:19:25:25 | "value" | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:25:19:25:25 | "value" | calleeImports | redis | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:25:19:25:25 | "value" | contextFunctionInterfaces | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:25:19:25:25 | "value" | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:25:19:25:25 | "value" | enclosingFunctionBody | req res client set req body key value key req body key key string client set key value client set key value client set key value client hmset key field value key value2 client multi set constant value set key value get key exec err replies client duplicate err newClient newClient set key value client duplicate set key value | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:25:19:25:25 | "value" | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:25:19:25:25 | "value" | fileImports | body-parser express redis util | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:25:19:25:25 | "value" | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:25:19:25:25 | "value" | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:26:14:26:16 | key | CalleeFlexibleAccessPath | client.multi().set().set().get | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:26:14:26:16 | key | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:26:14:26:16 | key | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:26:14:26:16 | key | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:26:14:26:16 | key | calleeImports | redis | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:26:14:26:16 | key | contextFunctionInterfaces | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:26:14:26:16 | key | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:26:14:26:16 | key | enclosingFunctionBody | req res client set req body key value key req body key key string client set key value client set key value client set key value client hmset key field value key value2 client multi set constant value set key value get key exec err replies client duplicate err newClient newClient set key value client duplicate set key value | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:26:14:26:16 | key | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:26:14:26:16 | key | fileImports | body-parser express redis util | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:26:14:26:16 | key | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:26:14:26:16 | key | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:27:15:27:41 | functio ... es) { } | CalleeFlexibleAccessPath | client.multi().set().set().get().exec | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:27:15:27:41 | functio ... es) { } | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:27:15:27:41 | functio ... es) { } | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:27:15:27:41 | functio ... es) { } | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:27:15:27:41 | functio ... es) { } | calleeImports | redis | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:27:15:27:41 | functio ... es) { } | contextFunctionInterfaces | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:27:15:27:41 | functio ... es) { } | contextSurroundingFunctionParameters | (req, res)\n(err, replies) | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:27:15:27:41 | functio ... es) { } | enclosingFunctionBody | req res client set req body key value key req body key key string client set key value client set key value client set key value client hmset key field value key value2 client multi set constant value set key value get key exec err replies client duplicate err newClient newClient set key value client duplicate set key value | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:27:15:27:41 | functio ... es) { } | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:27:15:27:41 | functio ... es) { } | fileImports | body-parser express redis util | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:27:15:27:41 | functio ... es) { } | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:27:15:27:41 | functio ... es) { } | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:29:22:31:5 | (err, n ... K\\n } | CalleeFlexibleAccessPath | client.duplicate | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:29:22:31:5 | (err, n ... K\\n } | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:29:22:31:5 | (err, n ... K\\n } | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:29:22:31:5 | (err, n ... K\\n } | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:29:22:31:5 | (err, n ... K\\n } | calleeImports | redis | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:29:22:31:5 | (err, n ... K\\n } | contextFunctionInterfaces | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:29:22:31:5 | (err, n ... K\\n } | contextSurroundingFunctionParameters | (req, res)\n(err, newClient) | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:29:22:31:5 | (err, n ... K\\n } | enclosingFunctionBody | req res client set req body key value key req body key key string client set key value client set key value client set key value client hmset key field value key value2 client multi set constant value set key value get key exec err replies client duplicate err newClient newClient set key value client duplicate set key value | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:29:22:31:5 | (err, n ... K\\n } | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:29:22:31:5 | (err, n ... K\\n } | fileImports | body-parser express redis util | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:29:22:31:5 | (err, n ... K\\n } | receiverName | client | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:29:22:31:5 | (err, n ... K\\n } | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:30:23:30:25 | key | CalleeFlexibleAccessPath | newClient.set | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:30:23:30:25 | key | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:30:23:30:25 | key | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:30:23:30:25 | key | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:30:23:30:25 | key | calleeImports | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:30:23:30:25 | key | contextFunctionInterfaces | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:30:23:30:25 | key | contextSurroundingFunctionParameters | (req, res)\n(err, newClient) | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:30:23:30:25 | key | enclosingFunctionBody | req res client set req body key value key req body key key string client set key value client set key value client set key value client hmset key field value key value2 client multi set constant value set key value get key exec err replies client duplicate err newClient newClient set key value client duplicate set key value | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:30:23:30:25 | key | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:30:23:30:25 | key | fileImports | body-parser express redis util | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:30:23:30:25 | key | receiverName | newClient | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:30:23:30:25 | key | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:30:28:30:34 | "value" | CalleeFlexibleAccessPath | newClient.set | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:30:28:30:34 | "value" | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:30:28:30:34 | "value" | InputArgumentIndex | 1 | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:30:28:30:34 | "value" | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:30:28:30:34 | "value" | calleeImports | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:30:28:30:34 | "value" | contextFunctionInterfaces | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:30:28:30:34 | "value" | contextSurroundingFunctionParameters | (req, res)\n(err, newClient) | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:30:28:30:34 | "value" | enclosingFunctionBody | req res client set req body key value key req body key key string client set key value client set key value client set key value client hmset key field value key value2 client multi set constant value set key value get key exec err replies client duplicate err newClient newClient set key value client duplicate set key value | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:30:28:30:34 | "value" | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:30:28:30:34 | "value" | fileImports | body-parser express redis util | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:30:28:30:34 | "value" | receiverName | newClient | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:30:28:30:34 | "value" | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:32:28:32:30 | key | CalleeFlexibleAccessPath | client.duplicate().set | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:32:28:32:30 | key | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:32:28:32:30 | key | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:32:28:32:30 | key | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:32:28:32:30 | key | calleeImports | redis | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:32:28:32:30 | key | contextFunctionInterfaces | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:32:28:32:30 | key | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:32:28:32:30 | key | enclosingFunctionBody | req res client set req body key value key req body key key string client set key value client set key value client set key value client hmset key field value key value2 client multi set constant value set key value get key exec err replies client duplicate err newClient newClient set key value client duplicate set key value | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:32:28:32:30 | key | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:32:28:32:30 | key | fileImports | body-parser express redis util | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:32:28:32:30 | key | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:32:28:32:30 | key | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:32:33:32:39 | "value" | CalleeFlexibleAccessPath | client.duplicate().set | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:32:33:32:39 | "value" | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:32:33:32:39 | "value" | InputArgumentIndex | 1 | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:32:33:32:39 | "value" | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:32:33:32:39 | "value" | calleeImports | redis | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:32:33:32:39 | "value" | contextFunctionInterfaces | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:32:33:32:39 | "value" | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:32:33:32:39 | "value" | enclosingFunctionBody | req res client set req body key value key req body key key string client set key value client set key value client set key value client hmset key field value key value2 client multi set constant value set key value get key exec err replies client duplicate err newClient newClient set key value client duplicate set key value | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:32:33:32:39 | "value" | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:32:33:32:39 | "value" | fileImports | body-parser express redis util | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:32:33:32:39 | "value" | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:32:33:32:39 | "value" | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:37:10:37:26 | '/documents/find' | CalleeFlexibleAccessPath | app.post | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:37:10:37:26 | '/documents/find' | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:37:10:37:26 | '/documents/find' | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:37:10:37:26 | '/documents/find' | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:37:10:37:26 | '/documents/find' | calleeImports | express | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:37:10:37:26 | '/documents/find' | contextFunctionInterfaces | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:37:10:37:26 | '/documents/find' | contextSurroundingFunctionParameters | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:37:10:37:26 | '/documents/find' | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:37:10:37:26 | '/documents/find' | enclosingFunctionName | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:37:10:37:26 | '/documents/find' | fileImports | body-parser express redis util | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:37:10:37:26 | '/documents/find' | receiverName | app | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:37:10:37:26 | '/documents/find' | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:37:29:53:1 | (req, r ... // OK\\n} | CalleeFlexibleAccessPath | app.post | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:37:29:53:1 | (req, r ... // OK\\n} | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:37:29:53:1 | (req, r ... // OK\\n} | InputArgumentIndex | 1 | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:37:29:53:1 | (req, r ... // OK\\n} | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:37:29:53:1 | (req, r ... // OK\\n} | calleeImports | express | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:37:29:53:1 | (req, r ... // OK\\n} | contextFunctionInterfaces | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:37:29:53:1 | (req, r ... // OK\\n} | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:37:29:53:1 | (req, r ... // OK\\n} | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:37:29:53:1 | (req, r ... // OK\\n} | enclosingFunctionName | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:37:29:53:1 | (req, r ... // OK\\n} | fileImports | body-parser express redis util | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:37:29:53:1 | (req, r ... // OK\\n} | receiverName | app | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:37:29:53:1 | (req, r ... // OK\\n} | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:39:16:39:18 | key | CalleeFlexibleAccessPath | client.set | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:39:16:39:18 | key | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:39:16:39:18 | key | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:39:16:39:18 | key | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:39:16:39:18 | key | calleeImports | redis | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:39:16:39:18 | key | contextFunctionInterfaces | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:39:16:39:18 | key | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:39:16:39:18 | key | enclosingFunctionBody | req res key req body key client set key value setAsync promisify client set bind client foo1 setAsync key value client setAsync promisify client set foo2 client setAsync key value client unrelated promisify foo3 client unrelated key value unrelated promisify client foobar bind client foo4 unrelated key value | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:39:16:39:18 | key | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:39:16:39:18 | key | fileImports | body-parser express redis util | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:39:16:39:18 | key | receiverName | client | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:39:16:39:18 | key | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:39:21:39:27 | "value" | CalleeFlexibleAccessPath | client.set | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:39:21:39:27 | "value" | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:39:21:39:27 | "value" | InputArgumentIndex | 1 | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:39:21:39:27 | "value" | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:39:21:39:27 | "value" | calleeImports | redis | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:39:21:39:27 | "value" | contextFunctionInterfaces | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:39:21:39:27 | "value" | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:39:21:39:27 | "value" | enclosingFunctionBody | req res key req body key client set key value setAsync promisify client set bind client foo1 setAsync key value client setAsync promisify client set foo2 client setAsync key value client unrelated promisify foo3 client unrelated key value unrelated promisify client foobar bind client foo4 unrelated key value | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:39:21:39:27 | "value" | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:39:21:39:27 | "value" | fileImports | body-parser express redis util | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:39:21:39:27 | "value" | receiverName | client | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:39:21:39:27 | "value" | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:41:32:41:41 | client.set | CalleeFlexibleAccessPath | promisify | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:41:32:41:41 | client.set | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:41:32:41:41 | client.set | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:41:32:41:41 | client.set | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:41:32:41:41 | client.set | calleeImports | util | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:41:32:41:41 | client.set | contextFunctionInterfaces | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:41:32:41:41 | client.set | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:41:32:41:41 | client.set | enclosingFunctionBody | req res key req body key client set key value setAsync promisify client set bind client foo1 setAsync key value client setAsync promisify client set foo2 client setAsync key value client unrelated promisify foo3 client unrelated key value unrelated promisify client foobar bind client foo4 unrelated key value | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:41:32:41:41 | client.set | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:41:32:41:41 | client.set | fileImports | body-parser express redis util | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:41:32:41:41 | client.set | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:41:32:41:41 | client.set | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:41:49:41:54 | client | CalleeFlexibleAccessPath | promisify().bind | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:41:49:41:54 | client | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:41:49:41:54 | client | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:41:49:41:54 | client | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:41:49:41:54 | client | calleeImports | util | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:41:49:41:54 | client | contextFunctionInterfaces | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:41:49:41:54 | client | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:41:49:41:54 | client | enclosingFunctionBody | req res key req body key client set key value setAsync promisify client set bind client foo1 setAsync key value client setAsync promisify client set foo2 client setAsync key value client unrelated promisify foo3 client unrelated key value unrelated promisify client foobar bind client foo4 unrelated key value | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:41:49:41:54 | client | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:41:49:41:54 | client | fileImports | body-parser express redis util | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:41:49:41:54 | client | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:41:49:41:54 | client | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:43:27:43:29 | key | CalleeFlexibleAccessPath | setAsync | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:43:27:43:29 | key | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:43:27:43:29 | key | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:43:27:43:29 | key | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:43:27:43:29 | key | calleeImports | util | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:43:27:43:29 | key | contextFunctionInterfaces | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:43:27:43:29 | key | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:43:27:43:29 | key | enclosingFunctionBody | req res key req body key client set key value setAsync promisify client set bind client foo1 setAsync key value client setAsync promisify client set foo2 client setAsync key value client unrelated promisify foo3 client unrelated key value unrelated promisify client foobar bind client foo4 unrelated key value | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:43:27:43:29 | key | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:43:27:43:29 | key | fileImports | body-parser express redis util | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:43:27:43:29 | key | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:43:27:43:29 | key | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:45:33:45:42 | client.set | CalleeFlexibleAccessPath | promisify | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:45:33:45:42 | client.set | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:45:33:45:42 | client.set | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:45:33:45:42 | client.set | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:45:33:45:42 | client.set | calleeImports | util | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:45:33:45:42 | client.set | contextFunctionInterfaces | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:45:33:45:42 | client.set | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:45:33:45:42 | client.set | enclosingFunctionBody | req res key req body key client set key value setAsync promisify client set bind client foo1 setAsync key value client setAsync promisify client set foo2 client setAsync key value client unrelated promisify foo3 client unrelated key value unrelated promisify client foobar bind client foo4 unrelated key value | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:45:33:45:42 | client.set | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:45:33:45:42 | client.set | fileImports | body-parser express redis util | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:45:33:45:42 | client.set | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:45:33:45:42 | client.set | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:46:34:46:36 | key | CalleeFlexibleAccessPath | client.setAsync | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:46:34:46:36 | key | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:46:34:46:36 | key | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:46:34:46:36 | key | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:46:34:46:36 | key | calleeImports | redis | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:46:34:46:36 | key | contextFunctionInterfaces | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:46:34:46:36 | key | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:46:34:46:36 | key | enclosingFunctionBody | req res key req body key client set key value setAsync promisify client set bind client foo1 setAsync key value client setAsync promisify client set foo2 client setAsync key value client unrelated promisify foo3 client unrelated key value unrelated promisify client foobar bind client foo4 unrelated key value | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:46:34:46:36 | key | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:46:34:46:36 | key | fileImports | body-parser express redis util | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:46:34:46:36 | key | receiverName | client | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:46:34:46:36 | key | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:46:39:46:45 | "value" | CalleeFlexibleAccessPath | client.setAsync | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:46:39:46:45 | "value" | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:46:39:46:45 | "value" | InputArgumentIndex | 1 | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:46:39:46:45 | "value" | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:46:39:46:45 | "value" | calleeImports | redis | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:46:39:46:45 | "value" | contextFunctionInterfaces | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:46:39:46:45 | "value" | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:46:39:46:45 | "value" | enclosingFunctionBody | req res key req body key client set key value setAsync promisify client set bind client foo1 setAsync key value client setAsync promisify client set foo2 client setAsync key value client unrelated promisify foo3 client unrelated key value unrelated promisify client foobar bind client foo4 unrelated key value | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:46:39:46:45 | "value" | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:46:39:46:45 | "value" | fileImports | body-parser express redis util | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:46:39:46:45 | "value" | receiverName | client | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:46:39:46:45 | "value" | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:48:34:48:41 | () => {} | CalleeFlexibleAccessPath | promisify | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:48:34:48:41 | () => {} | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:48:34:48:41 | () => {} | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:48:34:48:41 | () => {} | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:48:34:48:41 | () => {} | calleeImports | util | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:48:34:48:41 | () => {} | contextFunctionInterfaces | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:48:34:48:41 | () => {} | contextSurroundingFunctionParameters | (req, res)\n() | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:48:34:48:41 | () => {} | enclosingFunctionBody | req res key req body key client set key value setAsync promisify client set bind client foo1 setAsync key value client setAsync promisify client set foo2 client setAsync key value client unrelated promisify foo3 client unrelated key value unrelated promisify client foobar bind client foo4 unrelated key value | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:48:34:48:41 | () => {} | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:48:34:48:41 | () => {} | fileImports | body-parser express redis util | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:48:34:48:41 | () => {} | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:48:34:48:41 | () => {} | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:49:35:49:37 | key | CalleeFlexibleAccessPath | client.unrelated | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:49:35:49:37 | key | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:49:35:49:37 | key | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:49:35:49:37 | key | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:49:35:49:37 | key | calleeImports | redis | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:49:35:49:37 | key | contextFunctionInterfaces | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:49:35:49:37 | key | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:49:35:49:37 | key | enclosingFunctionBody | req res key req body key client set key value setAsync promisify client set bind client foo1 setAsync key value client setAsync promisify client set foo2 client setAsync key value client unrelated promisify foo3 client unrelated key value unrelated promisify client foobar bind client foo4 unrelated key value | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:49:35:49:37 | key | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:49:35:49:37 | key | fileImports | body-parser express redis util | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:49:35:49:37 | key | receiverName | client | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:49:35:49:37 | key | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:49:40:49:46 | "value" | CalleeFlexibleAccessPath | client.unrelated | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:49:40:49:46 | "value" | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:49:40:49:46 | "value" | InputArgumentIndex | 1 | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:49:40:49:46 | "value" | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:49:40:49:46 | "value" | calleeImports | redis | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:49:40:49:46 | "value" | contextFunctionInterfaces | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:49:40:49:46 | "value" | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:49:40:49:46 | "value" | enclosingFunctionBody | req res key req body key client set key value setAsync promisify client set bind client foo1 setAsync key value client setAsync promisify client set foo2 client setAsync key value client unrelated promisify foo3 client unrelated key value unrelated promisify client foobar bind client foo4 unrelated key value | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:49:40:49:46 | "value" | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:49:40:49:46 | "value" | fileImports | body-parser express redis util | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:49:40:49:46 | "value" | receiverName | client | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:49:40:49:46 | "value" | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:51:33:51:45 | client.foobar | CalleeFlexibleAccessPath | promisify | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:51:33:51:45 | client.foobar | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:51:33:51:45 | client.foobar | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:51:33:51:45 | client.foobar | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:51:33:51:45 | client.foobar | calleeImports | util | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:51:33:51:45 | client.foobar | contextFunctionInterfaces | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:51:33:51:45 | client.foobar | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:51:33:51:45 | client.foobar | enclosingFunctionBody | req res key req body key client set key value setAsync promisify client set bind client foo1 setAsync key value client setAsync promisify client set foo2 client setAsync key value client unrelated promisify foo3 client unrelated key value unrelated promisify client foobar bind client foo4 unrelated key value | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:51:33:51:45 | client.foobar | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:51:33:51:45 | client.foobar | fileImports | body-parser express redis util | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:51:33:51:45 | client.foobar | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:51:33:51:45 | client.foobar | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:51:53:51:58 | client | CalleeFlexibleAccessPath | promisify().bind | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:51:53:51:58 | client | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:51:53:51:58 | client | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:51:53:51:58 | client | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:51:53:51:58 | client | calleeImports | util | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:51:53:51:58 | client | contextFunctionInterfaces | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:51:53:51:58 | client | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:51:53:51:58 | client | enclosingFunctionBody | req res key req body key client set key value setAsync promisify client set bind client foo1 setAsync key value client setAsync promisify client set foo2 client setAsync key value client unrelated promisify foo3 client unrelated key value unrelated promisify client foobar bind client foo4 unrelated key value | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:51:53:51:58 | client | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:51:53:51:58 | client | fileImports | body-parser express redis util | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:51:53:51:58 | client | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:51:53:51:58 | client | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:52:28:52:30 | key | CalleeFlexibleAccessPath | unrelated | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:52:28:52:30 | key | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:52:28:52:30 | key | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:52:28:52:30 | key | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:52:28:52:30 | key | calleeImports | util | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:52:28:52:30 | key | contextFunctionInterfaces | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:52:28:52:30 | key | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:52:28:52:30 | key | enclosingFunctionBody | req res key req body key client set key value setAsync promisify client set bind client foo1 setAsync key value client setAsync promisify client set foo2 client setAsync key value client unrelated promisify foo3 client unrelated key value unrelated promisify client foobar bind client foo4 unrelated key value | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:52:28:52:30 | key | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:52:28:52:30 | key | fileImports | body-parser express redis util | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:52:28:52:30 | key | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:52:28:52:30 | key | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:52:33:52:39 | "value" | CalleeFlexibleAccessPath | unrelated | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:52:33:52:39 | "value" | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:52:33:52:39 | "value" | InputArgumentIndex | 1 | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:52:33:52:39 | "value" | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:52:33:52:39 | "value" | calleeImports | util | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:52:33:52:39 | "value" | contextFunctionInterfaces | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:52:33:52:39 | "value" | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:52:33:52:39 | "value" | enclosingFunctionBody | req res key req body key client set key value setAsync promisify client set bind client foo1 setAsync key value client setAsync promisify client set foo2 client setAsync key value client unrelated promisify foo3 client unrelated key value unrelated promisify client foobar bind client foo4 unrelated key value | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:52:33:52:39 | "value" | enclosingFunctionName | app.post#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:52:33:52:39 | "value" | fileImports | body-parser express redis util | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:52:33:52:39 | "value" | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/redis.js:52:33:52:39 | "value" | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:4:23:4:31 | 'express' | CalleeFlexibleAccessPath | require | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:4:23:4:31 | 'express' | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:4:23:4:31 | 'express' | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:4:23:4:31 | 'express' | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:4:23:4:31 | 'express' | calleeImports | | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:4:23:4:31 | 'express' | contextFunctionInterfaces | | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:4:23:4:31 | 'express' | contextSurroundingFunctionParameters | | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:4:23:4:31 | 'express' | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:4:23:4:31 | 'express' | enclosingFunctionName | | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:4:23:4:31 | 'express' | fileImports | express socket.io sqlite3 | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:4:23:4:31 | 'express' | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:4:23:4:31 | 'express' | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:5:23:5:31 | 'sqlite3' | CalleeFlexibleAccessPath | require | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:5:23:5:31 | 'sqlite3' | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:5:23:5:31 | 'sqlite3' | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:5:23:5:31 | 'sqlite3' | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:5:23:5:31 | 'sqlite3' | calleeImports | | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:5:23:5:31 | 'sqlite3' | contextFunctionInterfaces | | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:5:23:5:31 | 'sqlite3' | contextSurroundingFunctionParameters | | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:5:23:5:31 | 'sqlite3' | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:5:23:5:31 | 'sqlite3' | enclosingFunctionName | | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:5:23:5:31 | 'sqlite3' | fileImports | express socket.io sqlite3 | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:5:23:5:31 | 'sqlite3' | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:5:23:5:31 | 'sqlite3' | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:8:18:8:28 | 'socket.io' | CalleeFlexibleAccessPath | require | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:8:18:8:28 | 'socket.io' | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:8:18:8:28 | 'socket.io' | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:8:18:8:28 | 'socket.io' | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:8:18:8:28 | 'socket.io' | calleeImports | | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:8:18:8:28 | 'socket.io' | contextFunctionInterfaces | | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:8:18:8:28 | 'socket.io' | contextSurroundingFunctionParameters | | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:8:18:8:28 | 'socket.io' | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:8:18:8:28 | 'socket.io' | enclosingFunctionName | | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:8:18:8:28 | 'socket.io' | fileImports | express socket.io sqlite3 | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:8:18:8:28 | 'socket.io' | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:8:18:8:28 | 'socket.io' | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:9:7:9:18 | 'connection' | CalleeFlexibleAccessPath | io.on | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:9:7:9:18 | 'connection' | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:9:7:9:18 | 'connection' | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:9:7:9:18 | 'connection' | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:9:7:9:18 | 'connection' | calleeImports | socket.io | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:9:7:9:18 | 'connection' | contextFunctionInterfaces | | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:9:7:9:18 | 'connection' | contextSurroundingFunctionParameters | | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:9:7:9:18 | 'connection' | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:9:7:9:18 | 'connection' | enclosingFunctionName | | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:9:7:9:18 | 'connection' | fileImports | express socket.io sqlite3 | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:9:7:9:18 | 'connection' | receiverName | io | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:9:7:9:18 | 'connection' | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:9:21:13:1 | (socket ... });\\n} | CalleeFlexibleAccessPath | io.on | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:9:21:13:1 | (socket ... });\\n} | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:9:21:13:1 | (socket ... });\\n} | InputArgumentIndex | 1 | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:9:21:13:1 | (socket ... });\\n} | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:9:21:13:1 | (socket ... });\\n} | calleeImports | socket.io | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:9:21:13:1 | (socket ... });\\n} | contextFunctionInterfaces | | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:9:21:13:1 | (socket ... });\\n} | contextSurroundingFunctionParameters | (socket) | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:9:21:13:1 | (socket ... });\\n} | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:9:21:13:1 | (socket ... });\\n} | enclosingFunctionName | | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:9:21:13:1 | (socket ... });\\n} | fileImports | express socket.io sqlite3 | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:9:21:13:1 | (socket ... });\\n} | receiverName | io | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:9:21:13:1 | (socket ... });\\n} | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:10:13:10:21 | 'newuser' | CalleeFlexibleAccessPath | socket.on | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:10:13:10:21 | 'newuser' | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:10:13:10:21 | 'newuser' | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:10:13:10:21 | 'newuser' | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:10:13:10:21 | 'newuser' | calleeImports | | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:10:13:10:21 | 'newuser' | contextFunctionInterfaces | | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:10:13:10:21 | 'newuser' | contextSurroundingFunctionParameters | (socket) | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:10:13:10:21 | 'newuser' | enclosingFunctionBody | socket socket on newuser handle db run INSERT INTO users(name) VALUES handle | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:10:13:10:21 | 'newuser' | enclosingFunctionName | io.on#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:10:13:10:21 | 'newuser' | fileImports | express socket.io sqlite3 | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:10:13:10:21 | 'newuser' | receiverName | socket | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:10:13:10:21 | 'newuser' | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:10:24:12:3 | (handle ... `);\\n } | CalleeFlexibleAccessPath | socket.on | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:10:24:12:3 | (handle ... `);\\n } | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:10:24:12:3 | (handle ... `);\\n } | InputArgumentIndex | 1 | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:10:24:12:3 | (handle ... `);\\n } | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:10:24:12:3 | (handle ... `);\\n } | calleeImports | | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:10:24:12:3 | (handle ... `);\\n } | contextFunctionInterfaces | | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:10:24:12:3 | (handle ... `);\\n } | contextSurroundingFunctionParameters | (socket)\n(handle) | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:10:24:12:3 | (handle ... `);\\n } | enclosingFunctionBody | socket socket on newuser handle db run INSERT INTO users(name) VALUES handle | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:10:24:12:3 | (handle ... `);\\n } | enclosingFunctionName | io.on#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:10:24:12:3 | (handle ... `);\\n } | fileImports | express socket.io sqlite3 | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:10:24:12:3 | (handle ... `);\\n } | receiverName | socket | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:10:24:12:3 | (handle ... `);\\n } | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:11:12:11:53 | `INSERT ... andle}` | CalleeFlexibleAccessPath | db.run | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:11:12:11:53 | `INSERT ... andle}` | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:11:12:11:53 | `INSERT ... andle}` | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:11:12:11:53 | `INSERT ... andle}` | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:11:12:11:53 | `INSERT ... andle}` | calleeImports | sqlite3 | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:11:12:11:53 | `INSERT ... andle}` | contextFunctionInterfaces | | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:11:12:11:53 | `INSERT ... andle}` | contextSurroundingFunctionParameters | (socket)\n(handle) | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:11:12:11:53 | `INSERT ... andle}` | enclosingFunctionBody | socket socket on newuser handle db run INSERT INTO users(name) VALUES handle | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:11:12:11:53 | `INSERT ... andle}` | enclosingFunctionName | io.on#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:11:12:11:53 | `INSERT ... andle}` | fileImports | express socket.io sqlite3 | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:11:12:11:53 | `INSERT ... andle}` | receiverName | db | -| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:11:12:11:53 | `INSERT ... andle}` | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:1:23:1:31 | 'express' | CalleeFlexibleAccessPath | require | -| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:1:23:1:31 | 'express' | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:1:23:1:31 | 'express' | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:1:23:1:31 | 'express' | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:1:23:1:31 | 'express' | calleeImports | | -| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:1:23:1:31 | 'express' | contextFunctionInterfaces | | -| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:1:23:1:31 | 'express' | contextSurroundingFunctionParameters | | -| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:1:23:1:31 | 'express' | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:1:23:1:31 | 'express' | enclosingFunctionName | | -| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:1:23:1:31 | 'express' | fileImports | express mssql | -| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:1:23:1:31 | 'express' | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:1:23:1:31 | 'express' | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:2:13:2:28 | require('mssql') | CalleeFlexibleAccessPath | | -| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:2:13:2:28 | require('mssql') | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:2:13:2:28 | require('mssql') | InputArgumentIndex | | -| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:2:13:2:28 | require('mssql') | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:2:13:2:28 | require('mssql') | calleeImports | | -| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:2:13:2:28 | require('mssql') | contextFunctionInterfaces | | -| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:2:13:2:28 | require('mssql') | contextSurroundingFunctionParameters | | -| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:2:13:2:28 | require('mssql') | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:2:13:2:28 | require('mssql') | enclosingFunctionName | | -| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:2:13:2:28 | require('mssql') | fileImports | express mssql | -| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:2:13:2:28 | require('mssql') | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:2:13:2:28 | require('mssql') | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:2:21:2:27 | 'mssql' | CalleeFlexibleAccessPath | require | -| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:2:21:2:27 | 'mssql' | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:2:21:2:27 | 'mssql' | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:2:21:2:27 | 'mssql' | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:2:21:2:27 | 'mssql' | calleeImports | | -| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:2:21:2:27 | 'mssql' | contextFunctionInterfaces | | -| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:2:21:2:27 | 'mssql' | contextSurroundingFunctionParameters | | -| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:2:21:2:27 | 'mssql' | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:2:21:2:27 | 'mssql' | enclosingFunctionName | | -| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:2:21:2:27 | 'mssql' | fileImports | express mssql | -| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:2:21:2:27 | 'mssql' | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:2:21:2:27 | 'mssql' | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:5:9:5:19 | '/post/:id' | CalleeFlexibleAccessPath | app.get | -| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:5:9:5:19 | '/post/:id' | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:5:9:5:19 | '/post/:id' | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:5:9:5:19 | '/post/:id' | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:5:9:5:19 | '/post/:id' | calleeImports | express | -| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:5:9:5:19 | '/post/:id' | contextFunctionInterfaces | | -| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:5:9:5:19 | '/post/:id' | contextSurroundingFunctionParameters | | -| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:5:9:5:19 | '/post/:id' | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:5:9:5:19 | '/post/:id' | enclosingFunctionName | | -| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:5:9:5:19 | '/post/:id' | fileImports | express mssql | -| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:5:9:5:19 | '/post/:id' | receiverName | app | -| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:5:9:5:19 | '/post/:id' | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:5:22:10:1 | async f ... "'");\\n} | CalleeFlexibleAccessPath | app.get | -| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:5:22:10:1 | async f ... "'");\\n} | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:5:22:10:1 | async f ... "'");\\n} | InputArgumentIndex | 1 | -| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:5:22:10:1 | async f ... "'");\\n} | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:5:22:10:1 | async f ... "'");\\n} | calleeImports | express | -| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:5:22:10:1 | async f ... "'");\\n} | contextFunctionInterfaces | | -| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:5:22:10:1 | async f ... "'");\\n} | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:5:22:10:1 | async f ... "'");\\n} | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:5:22:10:1 | async f ... "'");\\n} | enclosingFunctionName | | -| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:5:22:10:1 | async f ... "'");\\n} | fileImports | express mssql | -| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:5:22:10:1 | async f ... "'");\\n} | receiverName | app | -| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:5:22:10:1 | async f ... "'");\\n} | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:7:13:7:45 | select ... e id = | CalleeFlexibleAccessPath | | -| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:7:13:7:45 | select ... e id = | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:7:13:7:45 | select ... e id = | InputArgumentIndex | | -| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:7:13:7:45 | select ... e id = | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:7:13:7:45 | select ... e id = | calleeImports | | -| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:7:13:7:45 | select ... e id = | contextFunctionInterfaces | | -| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:7:13:7:45 | select ... e id = | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:7:13:7:45 | select ... e id = | enclosingFunctionBody | req res sql query select * from mytable where id = req params id sql Request query select * from mytable where id = ' req params id ' | -| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:7:13:7:45 | select ... e id = | enclosingFunctionName | app.get#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:7:13:7:45 | select ... e id = | fileImports | express mssql | -| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:7:13:7:45 | select ... e id = | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:7:13:7:45 | select ... e id = | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:7:48:7:60 | req.params.id | CalleeFlexibleAccessPath | | -| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:7:48:7:60 | req.params.id | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:7:48:7:60 | req.params.id | InputArgumentIndex | | -| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:7:48:7:60 | req.params.id | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:7:48:7:60 | req.params.id | calleeImports | | -| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:7:48:7:60 | req.params.id | contextFunctionInterfaces | | -| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:7:48:7:60 | req.params.id | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:7:48:7:60 | req.params.id | enclosingFunctionBody | req res sql query select * from mytable where id = req params id sql Request query select * from mytable where id = ' req params id ' | -| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:7:48:7:60 | req.params.id | enclosingFunctionName | app.get#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:7:48:7:60 | req.params.id | fileImports | express mssql | -| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:7:48:7:60 | req.params.id | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:7:48:7:60 | req.params.id | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:9:27:9:84 | "select ... d + "'" | CalleeFlexibleAccessPath | sql.Request().query | -| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:9:27:9:84 | "select ... d + "'" | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:9:27:9:84 | "select ... d + "'" | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:9:27:9:84 | "select ... d + "'" | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:9:27:9:84 | "select ... d + "'" | calleeImports | mssql | -| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:9:27:9:84 | "select ... d + "'" | contextFunctionInterfaces | | -| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:9:27:9:84 | "select ... d + "'" | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:9:27:9:84 | "select ... d + "'" | enclosingFunctionBody | req res sql query select * from mytable where id = req params id sql Request query select * from mytable where id = ' req params id ' | -| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:9:27:9:84 | "select ... d + "'" | enclosingFunctionName | app.get#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:9:27:9:84 | "select ... d + "'" | fileImports | express mssql | -| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:9:27:9:84 | "select ... d + "'" | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:9:27:9:84 | "select ... d + "'" | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:3:20:3:23 | 'pg' | CalleeFlexibleAccessPath | require | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:3:20:3:23 | 'pg' | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:3:20:3:23 | 'pg' | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:3:20:3:23 | 'pg' | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:3:20:3:23 | 'pg' | calleeImports | | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:3:20:3:23 | 'pg' | contextFunctionInterfaces | handler(req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:3:20:3:23 | 'pg' | contextSurroundingFunctionParameters | | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:3:20:3:23 | 'pg' | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:3:20:3:23 | 'pg' | enclosingFunctionName | | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:3:20:3:23 | 'pg' | fileImports | express pg | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:3:20:3:23 | 'pg' | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:3:20:3:23 | 'pg' | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:7:16:8:34 | "SELECT ... ategory | CalleeFlexibleAccessPath | | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:7:16:8:34 | "SELECT ... ategory | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:7:16:8:34 | "SELECT ... ategory | InputArgumentIndex | | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:7:16:8:34 | "SELECT ... ategory | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:7:16:8:34 | "SELECT ... ategory | calleeImports | | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:7:16:8:34 | "SELECT ... ategory | contextFunctionInterfaces | handler(req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:7:16:8:34 | "SELECT ... ategory | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:7:16:8:34 | "SELECT ... ategory | enclosingFunctionBody | req res query1 SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE pool query query1 err results query2 SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=$1 ORDER BY PRICE pool query query2 req params category err results | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:7:16:8:34 | "SELECT ... ategory | enclosingFunctionName | handler | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:7:16:8:34 | "SELECT ... ategory | fileImports | express pg | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:7:16:8:34 | "SELECT ... ategory | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:7:16:8:34 | "SELECT ... ategory | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:7:16:8:55 | "SELECT ... PRICE" | CalleeFlexibleAccessPath | | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:7:16:8:55 | "SELECT ... PRICE" | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:7:16:8:55 | "SELECT ... PRICE" | InputArgumentIndex | | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:7:16:8:55 | "SELECT ... PRICE" | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:7:16:8:55 | "SELECT ... PRICE" | calleeImports | | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:7:16:8:55 | "SELECT ... PRICE" | contextFunctionInterfaces | handler(req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:7:16:8:55 | "SELECT ... PRICE" | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:7:16:8:55 | "SELECT ... PRICE" | enclosingFunctionBody | req res query1 SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE pool query query1 err results query2 SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=$1 ORDER BY PRICE pool query query2 req params category err results | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:7:16:8:55 | "SELECT ... PRICE" | enclosingFunctionName | handler | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:7:16:8:55 | "SELECT ... PRICE" | fileImports | express pg | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:7:16:8:55 | "SELECT ... PRICE" | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:7:16:8:55 | "SELECT ... PRICE" | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:9:14:9:19 | query1 | CalleeFlexibleAccessPath | pool.query | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:9:14:9:19 | query1 | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:9:14:9:19 | query1 | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:9:14:9:19 | query1 | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:9:14:9:19 | query1 | calleeImports | pg | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:9:14:9:19 | query1 | contextFunctionInterfaces | handler(req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:9:14:9:19 | query1 | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:9:14:9:19 | query1 | enclosingFunctionBody | req res query1 SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE pool query query1 err results query2 SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=$1 ORDER BY PRICE pool query query2 req params category err results | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:9:14:9:19 | query1 | enclosingFunctionName | handler | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:9:14:9:19 | query1 | fileImports | express pg | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:9:14:9:19 | query1 | receiverName | pool | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:9:14:9:19 | query1 | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:9:22:9:23 | [] | CalleeFlexibleAccessPath | pool.query | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:9:22:9:23 | [] | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:9:22:9:23 | [] | InputArgumentIndex | 1 | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:9:22:9:23 | [] | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:9:22:9:23 | [] | calleeImports | pg | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:9:22:9:23 | [] | contextFunctionInterfaces | handler(req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:9:22:9:23 | [] | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:9:22:9:23 | [] | enclosingFunctionBody | req res query1 SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE pool query query1 err results query2 SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=$1 ORDER BY PRICE pool query query2 req params category err results | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:9:22:9:23 | [] | enclosingFunctionName | handler | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:9:22:9:23 | [] | fileImports | express pg | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:9:22:9:23 | [] | receiverName | pool | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:9:22:9:23 | [] | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:9:26:11:3 | functio ... lts\\n } | CalleeFlexibleAccessPath | pool.query | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:9:26:11:3 | functio ... lts\\n } | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:9:26:11:3 | functio ... lts\\n } | InputArgumentIndex | 2 | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:9:26:11:3 | functio ... lts\\n } | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:9:26:11:3 | functio ... lts\\n } | calleeImports | pg | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:9:26:11:3 | functio ... lts\\n } | contextFunctionInterfaces | handler(req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:9:26:11:3 | functio ... lts\\n } | contextSurroundingFunctionParameters | (req, res)\n(err, results) | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:9:26:11:3 | functio ... lts\\n } | enclosingFunctionBody | req res query1 SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE pool query query1 err results query2 SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=$1 ORDER BY PRICE pool query query2 req params category err results | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:9:26:11:3 | functio ... lts\\n } | enclosingFunctionName | handler | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:9:26:11:3 | functio ... lts\\n } | fileImports | express pg | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:9:26:11:3 | functio ... lts\\n } | receiverName | pool | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:9:26:11:3 | functio ... lts\\n } | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:14:16:15:32 | "SELECT ... PRICE" | CalleeFlexibleAccessPath | | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:14:16:15:32 | "SELECT ... PRICE" | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:14:16:15:32 | "SELECT ... PRICE" | InputArgumentIndex | | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:14:16:15:32 | "SELECT ... PRICE" | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:14:16:15:32 | "SELECT ... PRICE" | calleeImports | | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:14:16:15:32 | "SELECT ... PRICE" | contextFunctionInterfaces | handler(req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:14:16:15:32 | "SELECT ... PRICE" | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:14:16:15:32 | "SELECT ... PRICE" | enclosingFunctionBody | req res query1 SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE pool query query1 err results query2 SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=$1 ORDER BY PRICE pool query query2 req params category err results | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:14:16:15:32 | "SELECT ... PRICE" | enclosingFunctionName | handler | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:14:16:15:32 | "SELECT ... PRICE" | fileImports | express pg | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:14:16:15:32 | "SELECT ... PRICE" | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:14:16:15:32 | "SELECT ... PRICE" | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:14:16:19 | query2 | CalleeFlexibleAccessPath | pool.query | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:14:16:19 | query2 | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:14:16:19 | query2 | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:14:16:19 | query2 | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:14:16:19 | query2 | calleeImports | pg | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:14:16:19 | query2 | contextFunctionInterfaces | handler(req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:14:16:19 | query2 | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:14:16:19 | query2 | enclosingFunctionBody | req res query1 SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE pool query query1 err results query2 SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=$1 ORDER BY PRICE pool query query2 req params category err results | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:14:16:19 | query2 | enclosingFunctionName | handler | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:14:16:19 | query2 | fileImports | express pg | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:14:16:19 | query2 | receiverName | pool | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:14:16:19 | query2 | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:22:16:42 | [req.pa ... tegory] | CalleeFlexibleAccessPath | pool.query | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:22:16:42 | [req.pa ... tegory] | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:22:16:42 | [req.pa ... tegory] | InputArgumentIndex | 1 | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:22:16:42 | [req.pa ... tegory] | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:22:16:42 | [req.pa ... tegory] | calleeImports | pg | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:22:16:42 | [req.pa ... tegory] | contextFunctionInterfaces | handler(req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:22:16:42 | [req.pa ... tegory] | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:22:16:42 | [req.pa ... tegory] | enclosingFunctionBody | req res query1 SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE pool query query1 err results query2 SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=$1 ORDER BY PRICE pool query query2 req params category err results | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:22:16:42 | [req.pa ... tegory] | enclosingFunctionName | handler | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:22:16:42 | [req.pa ... tegory] | fileImports | express pg | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:22:16:42 | [req.pa ... tegory] | receiverName | pool | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:22:16:42 | [req.pa ... tegory] | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:23:16:41 | req.params.category | CalleeFlexibleAccessPath | | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:23:16:41 | req.params.category | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:23:16:41 | req.params.category | InputArgumentIndex | | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:23:16:41 | req.params.category | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:23:16:41 | req.params.category | calleeImports | | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:23:16:41 | req.params.category | contextFunctionInterfaces | handler(req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:23:16:41 | req.params.category | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:23:16:41 | req.params.category | enclosingFunctionBody | req res query1 SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE pool query query1 err results query2 SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=$1 ORDER BY PRICE pool query query2 req params category err results | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:23:16:41 | req.params.category | enclosingFunctionName | handler | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:23:16:41 | req.params.category | fileImports | express pg | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:23:16:41 | req.params.category | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:23:16:41 | req.params.category | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:45:18:3 | functio ... lts\\n } | CalleeFlexibleAccessPath | pool.query | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:45:18:3 | functio ... lts\\n } | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:45:18:3 | functio ... lts\\n } | InputArgumentIndex | 2 | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:45:18:3 | functio ... lts\\n } | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:45:18:3 | functio ... lts\\n } | calleeImports | pg | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:45:18:3 | functio ... lts\\n } | contextFunctionInterfaces | handler(req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:45:18:3 | functio ... lts\\n } | contextSurroundingFunctionParameters | (req, res)\n(err, results) | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:45:18:3 | functio ... lts\\n } | enclosingFunctionBody | req res query1 SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE pool query query1 err results query2 SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=$1 ORDER BY PRICE pool query query2 req params category err results | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:45:18:3 | functio ... lts\\n } | enclosingFunctionName | handler | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:45:18:3 | functio ... lts\\n } | fileImports | express pg | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:45:18:3 | functio ... lts\\n } | receiverName | pool | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:45:18:3 | functio ... lts\\n } | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:21:9:21:17 | 'express' | CalleeFlexibleAccessPath | require | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:21:9:21:17 | 'express' | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:21:9:21:17 | 'express' | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:21:9:21:17 | 'express' | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:21:9:21:17 | 'express' | calleeImports | | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:21:9:21:17 | 'express' | contextFunctionInterfaces | handler(req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:21:9:21:17 | 'express' | contextSurroundingFunctionParameters | | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:21:9:21:17 | 'express' | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:21:9:21:17 | 'express' | enclosingFunctionName | | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:21:9:21:17 | 'express' | fileImports | express pg | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:21:9:21:17 | 'express' | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:21:9:21:17 | 'express' | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:21:26:21:31 | '/foo' | CalleeFlexibleAccessPath | import(!)().get | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:21:26:21:31 | '/foo' | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:21:26:21:31 | '/foo' | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:21:26:21:31 | '/foo' | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:21:26:21:31 | '/foo' | calleeImports | express | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:21:26:21:31 | '/foo' | contextFunctionInterfaces | handler(req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:21:26:21:31 | '/foo' | contextSurroundingFunctionParameters | | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:21:26:21:31 | '/foo' | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:21:26:21:31 | '/foo' | enclosingFunctionName | | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:21:26:21:31 | '/foo' | fileImports | express pg | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:21:26:21:31 | '/foo' | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:21:26:21:31 | '/foo' | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:21:34:21:40 | handler | CalleeFlexibleAccessPath | import(!)().get | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:21:34:21:40 | handler | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:21:34:21:40 | handler | InputArgumentIndex | 1 | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:21:34:21:40 | handler | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:21:34:21:40 | handler | calleeImports | express | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:21:34:21:40 | handler | contextFunctionInterfaces | handler(req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:21:34:21:40 | handler | contextSurroundingFunctionParameters | | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:21:34:21:40 | handler | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:21:34:21:40 | handler | enclosingFunctionName | | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:21:34:21:40 | handler | fileImports | express pg | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:21:34:21:40 | handler | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:21:34:21:40 | handler | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:3:23:3:31 | 'sqlite3' | CalleeFlexibleAccessPath | require | -| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:3:23:3:31 | 'sqlite3' | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:3:23:3:31 | 'sqlite3' | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:3:23:3:31 | 'sqlite3' | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:3:23:3:31 | 'sqlite3' | calleeImports | | -| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:3:23:3:31 | 'sqlite3' | contextFunctionInterfaces | | -| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:3:23:3:31 | 'sqlite3' | contextSurroundingFunctionParameters | | -| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:3:23:3:31 | 'sqlite3' | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:3:23:3:31 | 'sqlite3' | enclosingFunctionName | | -| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:3:23:3:31 | 'sqlite3' | fileImports | sqlite3 | -| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:3:23:3:31 | 'sqlite3' | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:3:23:3:31 | 'sqlite3' | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:6:16:6:22 | 'myApp' | CalleeFlexibleAccessPath | angular.module | -| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:6:16:6:22 | 'myApp' | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:6:16:6:22 | 'myApp' | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:6:16:6:22 | 'myApp' | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:6:16:6:22 | 'myApp' | calleeImports | | -| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:6:16:6:22 | 'myApp' | contextFunctionInterfaces | | -| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:6:16:6:22 | 'myApp' | contextSurroundingFunctionParameters | | -| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:6:16:6:22 | 'myApp' | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:6:16:6:22 | 'myApp' | enclosingFunctionName | | -| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:6:16:6:22 | 'myApp' | fileImports | sqlite3 | -| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:6:16:6:22 | 'myApp' | receiverName | angular | -| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:6:16:6:22 | 'myApp' | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:6:25:6:35 | ['ngRoute'] | CalleeFlexibleAccessPath | angular.module | -| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:6:25:6:35 | ['ngRoute'] | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:6:25:6:35 | ['ngRoute'] | InputArgumentIndex | 1 | -| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:6:25:6:35 | ['ngRoute'] | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:6:25:6:35 | ['ngRoute'] | calleeImports | | -| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:6:25:6:35 | ['ngRoute'] | contextFunctionInterfaces | | -| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:6:25:6:35 | ['ngRoute'] | contextSurroundingFunctionParameters | | -| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:6:25:6:35 | ['ngRoute'] | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:6:25:6:35 | ['ngRoute'] | enclosingFunctionName | | -| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:6:25:6:35 | ['ngRoute'] | fileImports | sqlite3 | -| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:6:25:6:35 | ['ngRoute'] | receiverName | angular | -| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:6:25:6:35 | ['ngRoute'] | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:6:26:6:34 | 'ngRoute' | CalleeFlexibleAccessPath | | -| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:6:26:6:34 | 'ngRoute' | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:6:26:6:34 | 'ngRoute' | InputArgumentIndex | | -| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:6:26:6:34 | 'ngRoute' | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:6:26:6:34 | 'ngRoute' | calleeImports | | -| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:6:26:6:34 | 'ngRoute' | contextFunctionInterfaces | | -| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:6:26:6:34 | 'ngRoute' | contextSurroundingFunctionParameters | | -| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:6:26:6:34 | 'ngRoute' | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:6:26:6:34 | 'ngRoute' | enclosingFunctionName | | -| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:6:26:6:34 | 'ngRoute' | fileImports | sqlite3 | -| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:6:26:6:34 | 'ngRoute' | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:6:26:6:34 | 'ngRoute' | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:7:13:7:22 | 'FindPost' | CalleeFlexibleAccessPath | angular.module().controller | -| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:7:13:7:22 | 'FindPost' | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:7:13:7:22 | 'FindPost' | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:7:13:7:22 | 'FindPost' | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:7:13:7:22 | 'FindPost' | calleeImports | | -| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:7:13:7:22 | 'FindPost' | contextFunctionInterfaces | | -| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:7:13:7:22 | 'FindPost' | contextSurroundingFunctionParameters | | -| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:7:13:7:22 | 'FindPost' | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:7:13:7:22 | 'FindPost' | enclosingFunctionName | | -| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:7:13:7:22 | 'FindPost' | fileImports | sqlite3 | -| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:7:13:7:22 | 'FindPost' | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:7:13:7:22 | 'FindPost' | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:7:25:9:1 | functio ... '"');\\n} | CalleeFlexibleAccessPath | angular.module().controller | -| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:7:25:9:1 | functio ... '"');\\n} | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:7:25:9:1 | functio ... '"');\\n} | InputArgumentIndex | 1 | -| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:7:25:9:1 | functio ... '"');\\n} | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:7:25:9:1 | functio ... '"');\\n} | calleeImports | | -| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:7:25:9:1 | functio ... '"');\\n} | contextFunctionInterfaces | | -| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:7:25:9:1 | functio ... '"');\\n} | contextSurroundingFunctionParameters | ($routeParams) | -| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:7:25:9:1 | functio ... '"');\\n} | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:7:25:9:1 | functio ... '"');\\n} | enclosingFunctionName | | -| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:7:25:9:1 | functio ... '"');\\n} | fileImports | sqlite3 | -| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:7:25:9:1 | functio ... '"');\\n} | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:7:25:9:1 | functio ... '"');\\n} | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:8:10:8:60 | 'SELECT ... rams.id | CalleeFlexibleAccessPath | | -| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:8:10:8:60 | 'SELECT ... rams.id | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:8:10:8:60 | 'SELECT ... rams.id | InputArgumentIndex | | -| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:8:10:8:60 | 'SELECT ... rams.id | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:8:10:8:60 | 'SELECT ... rams.id | calleeImports | | -| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:8:10:8:60 | 'SELECT ... rams.id | contextFunctionInterfaces | | -| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:8:10:8:60 | 'SELECT ... rams.id | contextSurroundingFunctionParameters | ($routeParams) | -| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:8:10:8:60 | 'SELECT ... rams.id | enclosingFunctionBody | $routeParams db get SELECT * FROM Post WHERE id = " $routeParams id " | -| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:8:10:8:60 | 'SELECT ... rams.id | enclosingFunctionName | controller#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:8:10:8:60 | 'SELECT ... rams.id | fileImports | sqlite3 | -| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:8:10:8:60 | 'SELECT ... rams.id | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:8:10:8:60 | 'SELECT ... rams.id | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:8:10:8:66 | 'SELECT ... d + '"' | CalleeFlexibleAccessPath | db.get | -| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:8:10:8:66 | 'SELECT ... d + '"' | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:8:10:8:66 | 'SELECT ... d + '"' | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:8:10:8:66 | 'SELECT ... d + '"' | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:8:10:8:66 | 'SELECT ... d + '"' | calleeImports | sqlite3 | -| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:8:10:8:66 | 'SELECT ... d + '"' | contextFunctionInterfaces | | -| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:8:10:8:66 | 'SELECT ... d + '"' | contextSurroundingFunctionParameters | ($routeParams) | -| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:8:10:8:66 | 'SELECT ... d + '"' | enclosingFunctionBody | $routeParams db get SELECT * FROM Post WHERE id = " $routeParams id " | -| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:8:10:8:66 | 'SELECT ... d + '"' | enclosingFunctionName | controller#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:8:10:8:66 | 'SELECT ... d + '"' | fileImports | sqlite3 | -| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:8:10:8:66 | 'SELECT ... d + '"' | receiverName | db | -| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:8:10:8:66 | 'SELECT ... d + '"' | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/tst.js:4:23:4:31 | 'express' | CalleeFlexibleAccessPath | require | -| autogenerated/NosqlAndSqlInjection/untyped/tst.js:4:23:4:31 | 'express' | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/tst.js:4:23:4:31 | 'express' | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/tst.js:4:23:4:31 | 'express' | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/tst.js:4:23:4:31 | 'express' | calleeImports | | -| autogenerated/NosqlAndSqlInjection/untyped/tst.js:4:23:4:31 | 'express' | contextFunctionInterfaces | | -| autogenerated/NosqlAndSqlInjection/untyped/tst.js:4:23:4:31 | 'express' | contextSurroundingFunctionParameters | | -| autogenerated/NosqlAndSqlInjection/untyped/tst.js:4:23:4:31 | 'express' | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/tst.js:4:23:4:31 | 'express' | enclosingFunctionName | | -| autogenerated/NosqlAndSqlInjection/untyped/tst.js:4:23:4:31 | 'express' | fileImports | express sqlite3 | -| autogenerated/NosqlAndSqlInjection/untyped/tst.js:4:23:4:31 | 'express' | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/tst.js:4:23:4:31 | 'express' | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/tst.js:5:23:5:31 | 'sqlite3' | CalleeFlexibleAccessPath | require | -| autogenerated/NosqlAndSqlInjection/untyped/tst.js:5:23:5:31 | 'sqlite3' | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/tst.js:5:23:5:31 | 'sqlite3' | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/tst.js:5:23:5:31 | 'sqlite3' | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/tst.js:5:23:5:31 | 'sqlite3' | calleeImports | | -| autogenerated/NosqlAndSqlInjection/untyped/tst.js:5:23:5:31 | 'sqlite3' | contextFunctionInterfaces | | -| autogenerated/NosqlAndSqlInjection/untyped/tst.js:5:23:5:31 | 'sqlite3' | contextSurroundingFunctionParameters | | -| autogenerated/NosqlAndSqlInjection/untyped/tst.js:5:23:5:31 | 'sqlite3' | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/tst.js:5:23:5:31 | 'sqlite3' | enclosingFunctionName | | -| autogenerated/NosqlAndSqlInjection/untyped/tst.js:5:23:5:31 | 'sqlite3' | fileImports | express sqlite3 | -| autogenerated/NosqlAndSqlInjection/untyped/tst.js:5:23:5:31 | 'sqlite3' | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/tst.js:5:23:5:31 | 'sqlite3' | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/tst.js:9:9:9:19 | '/post/:id' | CalleeFlexibleAccessPath | app.get | -| autogenerated/NosqlAndSqlInjection/untyped/tst.js:9:9:9:19 | '/post/:id' | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/tst.js:9:9:9:19 | '/post/:id' | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/tst.js:9:9:9:19 | '/post/:id' | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/tst.js:9:9:9:19 | '/post/:id' | calleeImports | express | -| autogenerated/NosqlAndSqlInjection/untyped/tst.js:9:9:9:19 | '/post/:id' | contextFunctionInterfaces | | -| autogenerated/NosqlAndSqlInjection/untyped/tst.js:9:9:9:19 | '/post/:id' | contextSurroundingFunctionParameters | | -| autogenerated/NosqlAndSqlInjection/untyped/tst.js:9:9:9:19 | '/post/:id' | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/tst.js:9:9:9:19 | '/post/:id' | enclosingFunctionName | | -| autogenerated/NosqlAndSqlInjection/untyped/tst.js:9:9:9:19 | '/post/:id' | fileImports | express sqlite3 | -| autogenerated/NosqlAndSqlInjection/untyped/tst.js:9:9:9:19 | '/post/:id' | receiverName | app | -| autogenerated/NosqlAndSqlInjection/untyped/tst.js:9:9:9:19 | '/post/:id' | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/tst.js:9:22:11:1 | functio ... '"');\\n} | CalleeFlexibleAccessPath | app.get | -| autogenerated/NosqlAndSqlInjection/untyped/tst.js:9:22:11:1 | functio ... '"');\\n} | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/tst.js:9:22:11:1 | functio ... '"');\\n} | InputArgumentIndex | 1 | -| autogenerated/NosqlAndSqlInjection/untyped/tst.js:9:22:11:1 | functio ... '"');\\n} | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/tst.js:9:22:11:1 | functio ... '"');\\n} | calleeImports | express | -| autogenerated/NosqlAndSqlInjection/untyped/tst.js:9:22:11:1 | functio ... '"');\\n} | contextFunctionInterfaces | | -| autogenerated/NosqlAndSqlInjection/untyped/tst.js:9:22:11:1 | functio ... '"');\\n} | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/tst.js:9:22:11:1 | functio ... '"');\\n} | enclosingFunctionBody | | -| autogenerated/NosqlAndSqlInjection/untyped/tst.js:9:22:11:1 | functio ... '"');\\n} | enclosingFunctionName | | -| autogenerated/NosqlAndSqlInjection/untyped/tst.js:9:22:11:1 | functio ... '"');\\n} | fileImports | express sqlite3 | -| autogenerated/NosqlAndSqlInjection/untyped/tst.js:9:22:11:1 | functio ... '"');\\n} | receiverName | app | -| autogenerated/NosqlAndSqlInjection/untyped/tst.js:9:22:11:1 | functio ... '"');\\n} | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/tst.js:10:10:10:58 | 'SELECT ... rams.id | CalleeFlexibleAccessPath | | -| autogenerated/NosqlAndSqlInjection/untyped/tst.js:10:10:10:58 | 'SELECT ... rams.id | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/tst.js:10:10:10:58 | 'SELECT ... rams.id | InputArgumentIndex | | -| autogenerated/NosqlAndSqlInjection/untyped/tst.js:10:10:10:58 | 'SELECT ... rams.id | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/tst.js:10:10:10:58 | 'SELECT ... rams.id | calleeImports | | -| autogenerated/NosqlAndSqlInjection/untyped/tst.js:10:10:10:58 | 'SELECT ... rams.id | contextFunctionInterfaces | | -| autogenerated/NosqlAndSqlInjection/untyped/tst.js:10:10:10:58 | 'SELECT ... rams.id | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/tst.js:10:10:10:58 | 'SELECT ... rams.id | enclosingFunctionBody | req res db get SELECT * FROM Post WHERE id = " req params id " | -| autogenerated/NosqlAndSqlInjection/untyped/tst.js:10:10:10:58 | 'SELECT ... rams.id | enclosingFunctionName | app.get#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/tst.js:10:10:10:58 | 'SELECT ... rams.id | fileImports | express sqlite3 | -| autogenerated/NosqlAndSqlInjection/untyped/tst.js:10:10:10:58 | 'SELECT ... rams.id | receiverName | | -| autogenerated/NosqlAndSqlInjection/untyped/tst.js:10:10:10:58 | 'SELECT ... rams.id | stringConcatenatedWith | | -| autogenerated/NosqlAndSqlInjection/untyped/tst.js:10:10:10:64 | 'SELECT ... d + '"' | CalleeFlexibleAccessPath | db.get | -| autogenerated/NosqlAndSqlInjection/untyped/tst.js:10:10:10:64 | 'SELECT ... d + '"' | InputAccessPathFromCallee | | -| autogenerated/NosqlAndSqlInjection/untyped/tst.js:10:10:10:64 | 'SELECT ... d + '"' | InputArgumentIndex | 0 | -| autogenerated/NosqlAndSqlInjection/untyped/tst.js:10:10:10:64 | 'SELECT ... d + '"' | assignedToPropName | | -| autogenerated/NosqlAndSqlInjection/untyped/tst.js:10:10:10:64 | 'SELECT ... d + '"' | calleeImports | sqlite3 | -| autogenerated/NosqlAndSqlInjection/untyped/tst.js:10:10:10:64 | 'SELECT ... d + '"' | contextFunctionInterfaces | | -| autogenerated/NosqlAndSqlInjection/untyped/tst.js:10:10:10:64 | 'SELECT ... d + '"' | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/NosqlAndSqlInjection/untyped/tst.js:10:10:10:64 | 'SELECT ... d + '"' | enclosingFunctionBody | req res db get SELECT * FROM Post WHERE id = " req params id " | -| autogenerated/NosqlAndSqlInjection/untyped/tst.js:10:10:10:64 | 'SELECT ... d + '"' | enclosingFunctionName | app.get#functionalargument | -| autogenerated/NosqlAndSqlInjection/untyped/tst.js:10:10:10:64 | 'SELECT ... d + '"' | fileImports | express sqlite3 | -| autogenerated/NosqlAndSqlInjection/untyped/tst.js:10:10:10:64 | 'SELECT ... d + '"' | receiverName | db | -| autogenerated/NosqlAndSqlInjection/untyped/tst.js:10:10:10:64 | 'SELECT ... d + '"' | stringConcatenatedWith | | -| autogenerated/TaintedPath/TaintedPath-es6.js:6:27:11:1 | functio ... h)));\\n} | CalleeFlexibleAccessPath | createServer | -| autogenerated/TaintedPath/TaintedPath-es6.js:6:27:11:1 | functio ... h)));\\n} | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/TaintedPath-es6.js:6:27:11:1 | functio ... h)));\\n} | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/TaintedPath-es6.js:6:27:11:1 | functio ... h)));\\n} | assignedToPropName | | -| autogenerated/TaintedPath/TaintedPath-es6.js:6:27:11:1 | functio ... h)));\\n} | calleeImports | http | -| autogenerated/TaintedPath/TaintedPath-es6.js:6:27:11:1 | functio ... h)));\\n} | contextFunctionInterfaces | | -| autogenerated/TaintedPath/TaintedPath-es6.js:6:27:11:1 | functio ... h)));\\n} | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/TaintedPath-es6.js:6:27:11:1 | functio ... h)));\\n} | enclosingFunctionBody | | -| autogenerated/TaintedPath/TaintedPath-es6.js:6:27:11:1 | functio ... h)));\\n} | enclosingFunctionName | | -| autogenerated/TaintedPath/TaintedPath-es6.js:6:27:11:1 | functio ... h)));\\n} | fileImports | fs http path url | -| autogenerated/TaintedPath/TaintedPath-es6.js:6:27:11:1 | functio ... h)));\\n} | receiverName | | -| autogenerated/TaintedPath/TaintedPath-es6.js:6:27:11:1 | functio ... h)));\\n} | stringConcatenatedWith | | -| autogenerated/TaintedPath/TaintedPath-es6.js:10:26:10:45 | join("public", path) | CalleeFlexibleAccessPath | readFileSync | -| autogenerated/TaintedPath/TaintedPath-es6.js:10:26:10:45 | join("public", path) | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/TaintedPath-es6.js:10:26:10:45 | join("public", path) | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/TaintedPath-es6.js:10:26:10:45 | join("public", path) | assignedToPropName | | -| autogenerated/TaintedPath/TaintedPath-es6.js:10:26:10:45 | join("public", path) | calleeImports | fs | -| autogenerated/TaintedPath/TaintedPath-es6.js:10:26:10:45 | join("public", path) | contextFunctionInterfaces | | -| autogenerated/TaintedPath/TaintedPath-es6.js:10:26:10:45 | join("public", path) | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/TaintedPath-es6.js:10:26:10:45 | join("public", path) | enclosingFunctionBody | req res path parse req url true query path res write readFileSync join public path | -| autogenerated/TaintedPath/TaintedPath-es6.js:10:26:10:45 | join("public", path) | enclosingFunctionName | createServer#functionalargument | -| autogenerated/TaintedPath/TaintedPath-es6.js:10:26:10:45 | join("public", path) | fileImports | fs http path url | -| autogenerated/TaintedPath/TaintedPath-es6.js:10:26:10:45 | join("public", path) | receiverName | | -| autogenerated/TaintedPath/TaintedPath-es6.js:10:26:10:45 | join("public", path) | stringConcatenatedWith | | -| autogenerated/TaintedPath/TaintedPath.js:1:18:1:21 | 'fs' | CalleeFlexibleAccessPath | require | -| autogenerated/TaintedPath/TaintedPath.js:1:18:1:21 | 'fs' | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/TaintedPath.js:1:18:1:21 | 'fs' | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/TaintedPath.js:1:18:1:21 | 'fs' | assignedToPropName | | -| autogenerated/TaintedPath/TaintedPath.js:1:18:1:21 | 'fs' | calleeImports | | -| autogenerated/TaintedPath/TaintedPath.js:1:18:1:21 | 'fs' | contextFunctionInterfaces | views_local(req, res) | -| autogenerated/TaintedPath/TaintedPath.js:1:18:1:21 | 'fs' | contextSurroundingFunctionParameters | | -| autogenerated/TaintedPath/TaintedPath.js:1:18:1:21 | 'fs' | enclosingFunctionBody | | -| autogenerated/TaintedPath/TaintedPath.js:1:18:1:21 | 'fs' | enclosingFunctionName | | -| autogenerated/TaintedPath/TaintedPath.js:1:18:1:21 | 'fs' | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url | -| autogenerated/TaintedPath/TaintedPath.js:1:18:1:21 | 'fs' | receiverName | | -| autogenerated/TaintedPath/TaintedPath.js:1:18:1:21 | 'fs' | stringConcatenatedWith | | -| autogenerated/TaintedPath/TaintedPath.js:2:20:2:25 | 'http' | CalleeFlexibleAccessPath | require | -| autogenerated/TaintedPath/TaintedPath.js:2:20:2:25 | 'http' | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/TaintedPath.js:2:20:2:25 | 'http' | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/TaintedPath.js:2:20:2:25 | 'http' | assignedToPropName | | -| autogenerated/TaintedPath/TaintedPath.js:2:20:2:25 | 'http' | calleeImports | | -| autogenerated/TaintedPath/TaintedPath.js:2:20:2:25 | 'http' | contextFunctionInterfaces | views_local(req, res) | -| autogenerated/TaintedPath/TaintedPath.js:2:20:2:25 | 'http' | contextSurroundingFunctionParameters | | -| autogenerated/TaintedPath/TaintedPath.js:2:20:2:25 | 'http' | enclosingFunctionBody | | -| autogenerated/TaintedPath/TaintedPath.js:2:20:2:25 | 'http' | enclosingFunctionName | | -| autogenerated/TaintedPath/TaintedPath.js:2:20:2:25 | 'http' | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url | -| autogenerated/TaintedPath/TaintedPath.js:2:20:2:25 | 'http' | receiverName | | -| autogenerated/TaintedPath/TaintedPath.js:2:20:2:25 | 'http' | stringConcatenatedWith | | -| autogenerated/TaintedPath/TaintedPath.js:3:19:3:23 | 'url' | CalleeFlexibleAccessPath | require | -| autogenerated/TaintedPath/TaintedPath.js:3:19:3:23 | 'url' | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/TaintedPath.js:3:19:3:23 | 'url' | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/TaintedPath.js:3:19:3:23 | 'url' | assignedToPropName | | -| autogenerated/TaintedPath/TaintedPath.js:3:19:3:23 | 'url' | calleeImports | | -| autogenerated/TaintedPath/TaintedPath.js:3:19:3:23 | 'url' | contextFunctionInterfaces | views_local(req, res) | -| autogenerated/TaintedPath/TaintedPath.js:3:19:3:23 | 'url' | contextSurroundingFunctionParameters | | -| autogenerated/TaintedPath/TaintedPath.js:3:19:3:23 | 'url' | enclosingFunctionBody | | -| autogenerated/TaintedPath/TaintedPath.js:3:19:3:23 | 'url' | enclosingFunctionName | | -| autogenerated/TaintedPath/TaintedPath.js:3:19:3:23 | 'url' | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url | -| autogenerated/TaintedPath/TaintedPath.js:3:19:3:23 | 'url' | receiverName | | -| autogenerated/TaintedPath/TaintedPath.js:3:19:3:23 | 'url' | stringConcatenatedWith | | -| autogenerated/TaintedPath/TaintedPath.js:4:24:4:42 | 'sanitize-filename' | CalleeFlexibleAccessPath | require | -| autogenerated/TaintedPath/TaintedPath.js:4:24:4:42 | 'sanitize-filename' | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/TaintedPath.js:4:24:4:42 | 'sanitize-filename' | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/TaintedPath.js:4:24:4:42 | 'sanitize-filename' | assignedToPropName | | -| autogenerated/TaintedPath/TaintedPath.js:4:24:4:42 | 'sanitize-filename' | calleeImports | | -| autogenerated/TaintedPath/TaintedPath.js:4:24:4:42 | 'sanitize-filename' | contextFunctionInterfaces | views_local(req, res) | -| autogenerated/TaintedPath/TaintedPath.js:4:24:4:42 | 'sanitize-filename' | contextSurroundingFunctionParameters | | -| autogenerated/TaintedPath/TaintedPath.js:4:24:4:42 | 'sanitize-filename' | enclosingFunctionBody | | -| autogenerated/TaintedPath/TaintedPath.js:4:24:4:42 | 'sanitize-filename' | enclosingFunctionName | | -| autogenerated/TaintedPath/TaintedPath.js:4:24:4:42 | 'sanitize-filename' | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url | -| autogenerated/TaintedPath/TaintedPath.js:4:24:4:42 | 'sanitize-filename' | receiverName | | -| autogenerated/TaintedPath/TaintedPath.js:4:24:4:42 | 'sanitize-filename' | stringConcatenatedWith | | -| autogenerated/TaintedPath/TaintedPath.js:5:26:5:31 | 'path' | CalleeFlexibleAccessPath | require | -| autogenerated/TaintedPath/TaintedPath.js:5:26:5:31 | 'path' | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/TaintedPath.js:5:26:5:31 | 'path' | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/TaintedPath.js:5:26:5:31 | 'path' | assignedToPropName | | -| autogenerated/TaintedPath/TaintedPath.js:5:26:5:31 | 'path' | calleeImports | | -| autogenerated/TaintedPath/TaintedPath.js:5:26:5:31 | 'path' | contextFunctionInterfaces | views_local(req, res) | -| autogenerated/TaintedPath/TaintedPath.js:5:26:5:31 | 'path' | contextSurroundingFunctionParameters | | -| autogenerated/TaintedPath/TaintedPath.js:5:26:5:31 | 'path' | enclosingFunctionBody | | -| autogenerated/TaintedPath/TaintedPath.js:5:26:5:31 | 'path' | enclosingFunctionName | | -| autogenerated/TaintedPath/TaintedPath.js:5:26:5:31 | 'path' | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url | -| autogenerated/TaintedPath/TaintedPath.js:5:26:5:31 | 'path' | receiverName | | -| autogenerated/TaintedPath/TaintedPath.js:5:26:5:31 | 'path' | stringConcatenatedWith | | -| autogenerated/TaintedPath/TaintedPath.js:8:32:61:1 | functio ... h)));\\n} | CalleeFlexibleAccessPath | http.createServer | -| autogenerated/TaintedPath/TaintedPath.js:8:32:61:1 | functio ... h)));\\n} | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/TaintedPath.js:8:32:61:1 | functio ... h)));\\n} | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/TaintedPath.js:8:32:61:1 | functio ... h)));\\n} | assignedToPropName | | -| autogenerated/TaintedPath/TaintedPath.js:8:32:61:1 | functio ... h)));\\n} | calleeImports | http | -| autogenerated/TaintedPath/TaintedPath.js:8:32:61:1 | functio ... h)));\\n} | contextFunctionInterfaces | views_local(req, res) | -| autogenerated/TaintedPath/TaintedPath.js:8:32:61:1 | functio ... h)));\\n} | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/TaintedPath.js:8:32:61:1 | functio ... h)));\\n} | enclosingFunctionBody | | -| autogenerated/TaintedPath/TaintedPath.js:8:32:61:1 | functio ... h)));\\n} | enclosingFunctionName | | -| autogenerated/TaintedPath/TaintedPath.js:8:32:61:1 | functio ... h)));\\n} | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url | -| autogenerated/TaintedPath/TaintedPath.js:8:32:61:1 | functio ... h)));\\n} | receiverName | http | -| autogenerated/TaintedPath/TaintedPath.js:8:32:61:1 | functio ... h)));\\n} | stringConcatenatedWith | | -| autogenerated/TaintedPath/TaintedPath.js:12:29:12:32 | path | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/TaintedPath.js:12:29:12:32 | path | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/TaintedPath.js:12:29:12:32 | path | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/TaintedPath.js:12:29:12:32 | path | assignedToPropName | | -| autogenerated/TaintedPath/TaintedPath.js:12:29:12:32 | path | calleeImports | fs | -| autogenerated/TaintedPath/TaintedPath.js:12:29:12:32 | path | contextFunctionInterfaces | views_local(req, res) | -| autogenerated/TaintedPath/TaintedPath.js:12:29:12:32 | path | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/TaintedPath.js:12:29:12:32 | path | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path res write fs readFileSync /home/user/ path path startsWith /home/user/ res write fs readFileSync path path indexOf secret 1 res write fs readFileSync path fs existsSync path res write fs readFileSync path path foo.txt res write fs readFileSync path path foo.txt path bar.txt res write fs readFileSync path path foo.txt path bar.txt someOpaqueCondition res write fs readFileSync path path sanitize path res write fs readFileSync path path url parse req url true query path res write fs readFileSync pathModule basename path res write fs readFileSync pathModule dirname path res write fs readFileSync pathModule extname path res write fs readFileSync pathModule join path res write fs readFileSync pathModule join x y path z res write fs readFileSync pathModule normalize path res write fs readFileSync pathModule relative x path res write fs readFileSync pathModule relative path x res write fs readFileSync pathModule resolve path res write fs readFileSync pathModule resolve x y path z res write fs readFileSync pathModule toNamespacedPath path | -| autogenerated/TaintedPath/TaintedPath.js:12:29:12:32 | path | enclosingFunctionName | http.createServer#functionalargument | -| autogenerated/TaintedPath/TaintedPath.js:12:29:12:32 | path | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url | -| autogenerated/TaintedPath/TaintedPath.js:12:29:12:32 | path | receiverName | fs | -| autogenerated/TaintedPath/TaintedPath.js:12:29:12:32 | path | stringConcatenatedWith | | -| autogenerated/TaintedPath/TaintedPath.js:15:29:15:48 | "/home/user/" + path | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/TaintedPath.js:15:29:15:48 | "/home/user/" + path | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/TaintedPath.js:15:29:15:48 | "/home/user/" + path | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/TaintedPath.js:15:29:15:48 | "/home/user/" + path | assignedToPropName | | -| autogenerated/TaintedPath/TaintedPath.js:15:29:15:48 | "/home/user/" + path | calleeImports | fs | -| autogenerated/TaintedPath/TaintedPath.js:15:29:15:48 | "/home/user/" + path | contextFunctionInterfaces | views_local(req, res) | -| autogenerated/TaintedPath/TaintedPath.js:15:29:15:48 | "/home/user/" + path | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/TaintedPath.js:15:29:15:48 | "/home/user/" + path | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path res write fs readFileSync /home/user/ path path startsWith /home/user/ res write fs readFileSync path path indexOf secret 1 res write fs readFileSync path fs existsSync path res write fs readFileSync path path foo.txt res write fs readFileSync path path foo.txt path bar.txt res write fs readFileSync path path foo.txt path bar.txt someOpaqueCondition res write fs readFileSync path path sanitize path res write fs readFileSync path path url parse req url true query path res write fs readFileSync pathModule basename path res write fs readFileSync pathModule dirname path res write fs readFileSync pathModule extname path res write fs readFileSync pathModule join path res write fs readFileSync pathModule join x y path z res write fs readFileSync pathModule normalize path res write fs readFileSync pathModule relative x path res write fs readFileSync pathModule relative path x res write fs readFileSync pathModule resolve path res write fs readFileSync pathModule resolve x y path z res write fs readFileSync pathModule toNamespacedPath path | -| autogenerated/TaintedPath/TaintedPath.js:15:29:15:48 | "/home/user/" + path | enclosingFunctionName | http.createServer#functionalargument | -| autogenerated/TaintedPath/TaintedPath.js:15:29:15:48 | "/home/user/" + path | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url | -| autogenerated/TaintedPath/TaintedPath.js:15:29:15:48 | "/home/user/" + path | receiverName | fs | -| autogenerated/TaintedPath/TaintedPath.js:15:29:15:48 | "/home/user/" + path | stringConcatenatedWith | | -| autogenerated/TaintedPath/TaintedPath.js:17:23:17:35 | "/home/user/" | CalleeFlexibleAccessPath | path.startsWith | -| autogenerated/TaintedPath/TaintedPath.js:17:23:17:35 | "/home/user/" | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/TaintedPath.js:17:23:17:35 | "/home/user/" | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/TaintedPath.js:17:23:17:35 | "/home/user/" | assignedToPropName | | -| autogenerated/TaintedPath/TaintedPath.js:17:23:17:35 | "/home/user/" | calleeImports | url | -| autogenerated/TaintedPath/TaintedPath.js:17:23:17:35 | "/home/user/" | contextFunctionInterfaces | views_local(req, res) | -| autogenerated/TaintedPath/TaintedPath.js:17:23:17:35 | "/home/user/" | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/TaintedPath.js:17:23:17:35 | "/home/user/" | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path res write fs readFileSync /home/user/ path path startsWith /home/user/ res write fs readFileSync path path indexOf secret 1 res write fs readFileSync path fs existsSync path res write fs readFileSync path path foo.txt res write fs readFileSync path path foo.txt path bar.txt res write fs readFileSync path path foo.txt path bar.txt someOpaqueCondition res write fs readFileSync path path sanitize path res write fs readFileSync path path url parse req url true query path res write fs readFileSync pathModule basename path res write fs readFileSync pathModule dirname path res write fs readFileSync pathModule extname path res write fs readFileSync pathModule join path res write fs readFileSync pathModule join x y path z res write fs readFileSync pathModule normalize path res write fs readFileSync pathModule relative x path res write fs readFileSync pathModule relative path x res write fs readFileSync pathModule resolve path res write fs readFileSync pathModule resolve x y path z res write fs readFileSync pathModule toNamespacedPath path | -| autogenerated/TaintedPath/TaintedPath.js:17:23:17:35 | "/home/user/" | enclosingFunctionName | http.createServer#functionalargument | -| autogenerated/TaintedPath/TaintedPath.js:17:23:17:35 | "/home/user/" | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url | -| autogenerated/TaintedPath/TaintedPath.js:17:23:17:35 | "/home/user/" | receiverName | path | -| autogenerated/TaintedPath/TaintedPath.js:17:23:17:35 | "/home/user/" | stringConcatenatedWith | | -| autogenerated/TaintedPath/TaintedPath.js:18:33:18:36 | path | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/TaintedPath.js:18:33:18:36 | path | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/TaintedPath.js:18:33:18:36 | path | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/TaintedPath.js:18:33:18:36 | path | assignedToPropName | | -| autogenerated/TaintedPath/TaintedPath.js:18:33:18:36 | path | calleeImports | fs | -| autogenerated/TaintedPath/TaintedPath.js:18:33:18:36 | path | contextFunctionInterfaces | views_local(req, res) | -| autogenerated/TaintedPath/TaintedPath.js:18:33:18:36 | path | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/TaintedPath.js:18:33:18:36 | path | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path res write fs readFileSync /home/user/ path path startsWith /home/user/ res write fs readFileSync path path indexOf secret 1 res write fs readFileSync path fs existsSync path res write fs readFileSync path path foo.txt res write fs readFileSync path path foo.txt path bar.txt res write fs readFileSync path path foo.txt path bar.txt someOpaqueCondition res write fs readFileSync path path sanitize path res write fs readFileSync path path url parse req url true query path res write fs readFileSync pathModule basename path res write fs readFileSync pathModule dirname path res write fs readFileSync pathModule extname path res write fs readFileSync pathModule join path res write fs readFileSync pathModule join x y path z res write fs readFileSync pathModule normalize path res write fs readFileSync pathModule relative x path res write fs readFileSync pathModule relative path x res write fs readFileSync pathModule resolve path res write fs readFileSync pathModule resolve x y path z res write fs readFileSync pathModule toNamespacedPath path | -| autogenerated/TaintedPath/TaintedPath.js:18:33:18:36 | path | enclosingFunctionName | http.createServer#functionalargument | -| autogenerated/TaintedPath/TaintedPath.js:18:33:18:36 | path | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url | -| autogenerated/TaintedPath/TaintedPath.js:18:33:18:36 | path | receiverName | fs | -| autogenerated/TaintedPath/TaintedPath.js:18:33:18:36 | path | stringConcatenatedWith | | -| autogenerated/TaintedPath/TaintedPath.js:20:20:20:27 | "secret" | CalleeFlexibleAccessPath | path.indexOf | -| autogenerated/TaintedPath/TaintedPath.js:20:20:20:27 | "secret" | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/TaintedPath.js:20:20:20:27 | "secret" | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/TaintedPath.js:20:20:20:27 | "secret" | assignedToPropName | | -| autogenerated/TaintedPath/TaintedPath.js:20:20:20:27 | "secret" | calleeImports | url | -| autogenerated/TaintedPath/TaintedPath.js:20:20:20:27 | "secret" | contextFunctionInterfaces | views_local(req, res) | -| autogenerated/TaintedPath/TaintedPath.js:20:20:20:27 | "secret" | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/TaintedPath.js:20:20:20:27 | "secret" | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path res write fs readFileSync /home/user/ path path startsWith /home/user/ res write fs readFileSync path path indexOf secret 1 res write fs readFileSync path fs existsSync path res write fs readFileSync path path foo.txt res write fs readFileSync path path foo.txt path bar.txt res write fs readFileSync path path foo.txt path bar.txt someOpaqueCondition res write fs readFileSync path path sanitize path res write fs readFileSync path path url parse req url true query path res write fs readFileSync pathModule basename path res write fs readFileSync pathModule dirname path res write fs readFileSync pathModule extname path res write fs readFileSync pathModule join path res write fs readFileSync pathModule join x y path z res write fs readFileSync pathModule normalize path res write fs readFileSync pathModule relative x path res write fs readFileSync pathModule relative path x res write fs readFileSync pathModule resolve path res write fs readFileSync pathModule resolve x y path z res write fs readFileSync pathModule toNamespacedPath path | -| autogenerated/TaintedPath/TaintedPath.js:20:20:20:27 | "secret" | enclosingFunctionName | http.createServer#functionalargument | -| autogenerated/TaintedPath/TaintedPath.js:20:20:20:27 | "secret" | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url | -| autogenerated/TaintedPath/TaintedPath.js:20:20:20:27 | "secret" | receiverName | path | -| autogenerated/TaintedPath/TaintedPath.js:20:20:20:27 | "secret" | stringConcatenatedWith | | -| autogenerated/TaintedPath/TaintedPath.js:21:33:21:36 | path | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/TaintedPath.js:21:33:21:36 | path | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/TaintedPath.js:21:33:21:36 | path | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/TaintedPath.js:21:33:21:36 | path | assignedToPropName | | -| autogenerated/TaintedPath/TaintedPath.js:21:33:21:36 | path | calleeImports | fs | -| autogenerated/TaintedPath/TaintedPath.js:21:33:21:36 | path | contextFunctionInterfaces | views_local(req, res) | -| autogenerated/TaintedPath/TaintedPath.js:21:33:21:36 | path | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/TaintedPath.js:21:33:21:36 | path | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path res write fs readFileSync /home/user/ path path startsWith /home/user/ res write fs readFileSync path path indexOf secret 1 res write fs readFileSync path fs existsSync path res write fs readFileSync path path foo.txt res write fs readFileSync path path foo.txt path bar.txt res write fs readFileSync path path foo.txt path bar.txt someOpaqueCondition res write fs readFileSync path path sanitize path res write fs readFileSync path path url parse req url true query path res write fs readFileSync pathModule basename path res write fs readFileSync pathModule dirname path res write fs readFileSync pathModule extname path res write fs readFileSync pathModule join path res write fs readFileSync pathModule join x y path z res write fs readFileSync pathModule normalize path res write fs readFileSync pathModule relative x path res write fs readFileSync pathModule relative path x res write fs readFileSync pathModule resolve path res write fs readFileSync pathModule resolve x y path z res write fs readFileSync pathModule toNamespacedPath path | -| autogenerated/TaintedPath/TaintedPath.js:21:33:21:36 | path | enclosingFunctionName | http.createServer#functionalargument | -| autogenerated/TaintedPath/TaintedPath.js:21:33:21:36 | path | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url | -| autogenerated/TaintedPath/TaintedPath.js:21:33:21:36 | path | receiverName | fs | -| autogenerated/TaintedPath/TaintedPath.js:21:33:21:36 | path | stringConcatenatedWith | | -| autogenerated/TaintedPath/TaintedPath.js:23:21:23:24 | path | CalleeFlexibleAccessPath | fs.existsSync | -| autogenerated/TaintedPath/TaintedPath.js:23:21:23:24 | path | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/TaintedPath.js:23:21:23:24 | path | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/TaintedPath.js:23:21:23:24 | path | assignedToPropName | | -| autogenerated/TaintedPath/TaintedPath.js:23:21:23:24 | path | calleeImports | fs | -| autogenerated/TaintedPath/TaintedPath.js:23:21:23:24 | path | contextFunctionInterfaces | views_local(req, res) | -| autogenerated/TaintedPath/TaintedPath.js:23:21:23:24 | path | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/TaintedPath.js:23:21:23:24 | path | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path res write fs readFileSync /home/user/ path path startsWith /home/user/ res write fs readFileSync path path indexOf secret 1 res write fs readFileSync path fs existsSync path res write fs readFileSync path path foo.txt res write fs readFileSync path path foo.txt path bar.txt res write fs readFileSync path path foo.txt path bar.txt someOpaqueCondition res write fs readFileSync path path sanitize path res write fs readFileSync path path url parse req url true query path res write fs readFileSync pathModule basename path res write fs readFileSync pathModule dirname path res write fs readFileSync pathModule extname path res write fs readFileSync pathModule join path res write fs readFileSync pathModule join x y path z res write fs readFileSync pathModule normalize path res write fs readFileSync pathModule relative x path res write fs readFileSync pathModule relative path x res write fs readFileSync pathModule resolve path res write fs readFileSync pathModule resolve x y path z res write fs readFileSync pathModule toNamespacedPath path | -| autogenerated/TaintedPath/TaintedPath.js:23:21:23:24 | path | enclosingFunctionName | http.createServer#functionalargument | -| autogenerated/TaintedPath/TaintedPath.js:23:21:23:24 | path | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url | -| autogenerated/TaintedPath/TaintedPath.js:23:21:23:24 | path | receiverName | fs | -| autogenerated/TaintedPath/TaintedPath.js:23:21:23:24 | path | stringConcatenatedWith | | -| autogenerated/TaintedPath/TaintedPath.js:24:33:24:36 | path | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/TaintedPath.js:24:33:24:36 | path | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/TaintedPath.js:24:33:24:36 | path | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/TaintedPath.js:24:33:24:36 | path | assignedToPropName | | -| autogenerated/TaintedPath/TaintedPath.js:24:33:24:36 | path | calleeImports | fs | -| autogenerated/TaintedPath/TaintedPath.js:24:33:24:36 | path | contextFunctionInterfaces | views_local(req, res) | -| autogenerated/TaintedPath/TaintedPath.js:24:33:24:36 | path | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/TaintedPath.js:24:33:24:36 | path | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path res write fs readFileSync /home/user/ path path startsWith /home/user/ res write fs readFileSync path path indexOf secret 1 res write fs readFileSync path fs existsSync path res write fs readFileSync path path foo.txt res write fs readFileSync path path foo.txt path bar.txt res write fs readFileSync path path foo.txt path bar.txt someOpaqueCondition res write fs readFileSync path path sanitize path res write fs readFileSync path path url parse req url true query path res write fs readFileSync pathModule basename path res write fs readFileSync pathModule dirname path res write fs readFileSync pathModule extname path res write fs readFileSync pathModule join path res write fs readFileSync pathModule join x y path z res write fs readFileSync pathModule normalize path res write fs readFileSync pathModule relative x path res write fs readFileSync pathModule relative path x res write fs readFileSync pathModule resolve path res write fs readFileSync pathModule resolve x y path z res write fs readFileSync pathModule toNamespacedPath path | -| autogenerated/TaintedPath/TaintedPath.js:24:33:24:36 | path | enclosingFunctionName | http.createServer#functionalargument | -| autogenerated/TaintedPath/TaintedPath.js:24:33:24:36 | path | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url | -| autogenerated/TaintedPath/TaintedPath.js:24:33:24:36 | path | receiverName | fs | -| autogenerated/TaintedPath/TaintedPath.js:24:33:24:36 | path | stringConcatenatedWith | | -| autogenerated/TaintedPath/TaintedPath.js:27:31:27:34 | path | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/TaintedPath.js:27:31:27:34 | path | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/TaintedPath.js:27:31:27:34 | path | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/TaintedPath.js:27:31:27:34 | path | assignedToPropName | | -| autogenerated/TaintedPath/TaintedPath.js:27:31:27:34 | path | calleeImports | fs | -| autogenerated/TaintedPath/TaintedPath.js:27:31:27:34 | path | contextFunctionInterfaces | views_local(req, res) | -| autogenerated/TaintedPath/TaintedPath.js:27:31:27:34 | path | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/TaintedPath.js:27:31:27:34 | path | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path res write fs readFileSync /home/user/ path path startsWith /home/user/ res write fs readFileSync path path indexOf secret 1 res write fs readFileSync path fs existsSync path res write fs readFileSync path path foo.txt res write fs readFileSync path path foo.txt path bar.txt res write fs readFileSync path path foo.txt path bar.txt someOpaqueCondition res write fs readFileSync path path sanitize path res write fs readFileSync path path url parse req url true query path res write fs readFileSync pathModule basename path res write fs readFileSync pathModule dirname path res write fs readFileSync pathModule extname path res write fs readFileSync pathModule join path res write fs readFileSync pathModule join x y path z res write fs readFileSync pathModule normalize path res write fs readFileSync pathModule relative x path res write fs readFileSync pathModule relative path x res write fs readFileSync pathModule resolve path res write fs readFileSync pathModule resolve x y path z res write fs readFileSync pathModule toNamespacedPath path | -| autogenerated/TaintedPath/TaintedPath.js:27:31:27:34 | path | enclosingFunctionName | http.createServer#functionalargument | -| autogenerated/TaintedPath/TaintedPath.js:27:31:27:34 | path | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url | -| autogenerated/TaintedPath/TaintedPath.js:27:31:27:34 | path | receiverName | fs | -| autogenerated/TaintedPath/TaintedPath.js:27:31:27:34 | path | stringConcatenatedWith | | -| autogenerated/TaintedPath/TaintedPath.js:30:31:30:34 | path | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/TaintedPath.js:30:31:30:34 | path | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/TaintedPath.js:30:31:30:34 | path | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/TaintedPath.js:30:31:30:34 | path | assignedToPropName | | -| autogenerated/TaintedPath/TaintedPath.js:30:31:30:34 | path | calleeImports | fs | -| autogenerated/TaintedPath/TaintedPath.js:30:31:30:34 | path | contextFunctionInterfaces | views_local(req, res) | -| autogenerated/TaintedPath/TaintedPath.js:30:31:30:34 | path | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/TaintedPath.js:30:31:30:34 | path | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path res write fs readFileSync /home/user/ path path startsWith /home/user/ res write fs readFileSync path path indexOf secret 1 res write fs readFileSync path fs existsSync path res write fs readFileSync path path foo.txt res write fs readFileSync path path foo.txt path bar.txt res write fs readFileSync path path foo.txt path bar.txt someOpaqueCondition res write fs readFileSync path path sanitize path res write fs readFileSync path path url parse req url true query path res write fs readFileSync pathModule basename path res write fs readFileSync pathModule dirname path res write fs readFileSync pathModule extname path res write fs readFileSync pathModule join path res write fs readFileSync pathModule join x y path z res write fs readFileSync pathModule normalize path res write fs readFileSync pathModule relative x path res write fs readFileSync pathModule relative path x res write fs readFileSync pathModule resolve path res write fs readFileSync pathModule resolve x y path z res write fs readFileSync pathModule toNamespacedPath path | -| autogenerated/TaintedPath/TaintedPath.js:30:31:30:34 | path | enclosingFunctionName | http.createServer#functionalargument | -| autogenerated/TaintedPath/TaintedPath.js:30:31:30:34 | path | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url | -| autogenerated/TaintedPath/TaintedPath.js:30:31:30:34 | path | receiverName | fs | -| autogenerated/TaintedPath/TaintedPath.js:30:31:30:34 | path | stringConcatenatedWith | | -| autogenerated/TaintedPath/TaintedPath.js:33:31:33:34 | path | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/TaintedPath.js:33:31:33:34 | path | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/TaintedPath.js:33:31:33:34 | path | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/TaintedPath.js:33:31:33:34 | path | assignedToPropName | | -| autogenerated/TaintedPath/TaintedPath.js:33:31:33:34 | path | calleeImports | fs | -| autogenerated/TaintedPath/TaintedPath.js:33:31:33:34 | path | contextFunctionInterfaces | views_local(req, res) | -| autogenerated/TaintedPath/TaintedPath.js:33:31:33:34 | path | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/TaintedPath.js:33:31:33:34 | path | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path res write fs readFileSync /home/user/ path path startsWith /home/user/ res write fs readFileSync path path indexOf secret 1 res write fs readFileSync path fs existsSync path res write fs readFileSync path path foo.txt res write fs readFileSync path path foo.txt path bar.txt res write fs readFileSync path path foo.txt path bar.txt someOpaqueCondition res write fs readFileSync path path sanitize path res write fs readFileSync path path url parse req url true query path res write fs readFileSync pathModule basename path res write fs readFileSync pathModule dirname path res write fs readFileSync pathModule extname path res write fs readFileSync pathModule join path res write fs readFileSync pathModule join x y path z res write fs readFileSync pathModule normalize path res write fs readFileSync pathModule relative x path res write fs readFileSync pathModule relative path x res write fs readFileSync pathModule resolve path res write fs readFileSync pathModule resolve x y path z res write fs readFileSync pathModule toNamespacedPath path | -| autogenerated/TaintedPath/TaintedPath.js:33:31:33:34 | path | enclosingFunctionName | http.createServer#functionalargument | -| autogenerated/TaintedPath/TaintedPath.js:33:31:33:34 | path | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url | -| autogenerated/TaintedPath/TaintedPath.js:33:31:33:34 | path | receiverName | fs | -| autogenerated/TaintedPath/TaintedPath.js:33:31:33:34 | path | stringConcatenatedWith | | -| autogenerated/TaintedPath/TaintedPath.js:35:10:35:23 | sanitize(path) | CalleeFlexibleAccessPath | | -| autogenerated/TaintedPath/TaintedPath.js:35:10:35:23 | sanitize(path) | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/TaintedPath.js:35:10:35:23 | sanitize(path) | InputArgumentIndex | | -| autogenerated/TaintedPath/TaintedPath.js:35:10:35:23 | sanitize(path) | assignedToPropName | | -| autogenerated/TaintedPath/TaintedPath.js:35:10:35:23 | sanitize(path) | calleeImports | | -| autogenerated/TaintedPath/TaintedPath.js:35:10:35:23 | sanitize(path) | contextFunctionInterfaces | views_local(req, res) | -| autogenerated/TaintedPath/TaintedPath.js:35:10:35:23 | sanitize(path) | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/TaintedPath.js:35:10:35:23 | sanitize(path) | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path res write fs readFileSync /home/user/ path path startsWith /home/user/ res write fs readFileSync path path indexOf secret 1 res write fs readFileSync path fs existsSync path res write fs readFileSync path path foo.txt res write fs readFileSync path path foo.txt path bar.txt res write fs readFileSync path path foo.txt path bar.txt someOpaqueCondition res write fs readFileSync path path sanitize path res write fs readFileSync path path url parse req url true query path res write fs readFileSync pathModule basename path res write fs readFileSync pathModule dirname path res write fs readFileSync pathModule extname path res write fs readFileSync pathModule join path res write fs readFileSync pathModule join x y path z res write fs readFileSync pathModule normalize path res write fs readFileSync pathModule relative x path res write fs readFileSync pathModule relative path x res write fs readFileSync pathModule resolve path res write fs readFileSync pathModule resolve x y path z res write fs readFileSync pathModule toNamespacedPath path | -| autogenerated/TaintedPath/TaintedPath.js:35:10:35:23 | sanitize(path) | enclosingFunctionName | http.createServer#functionalargument | -| autogenerated/TaintedPath/TaintedPath.js:35:10:35:23 | sanitize(path) | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url | -| autogenerated/TaintedPath/TaintedPath.js:35:10:35:23 | sanitize(path) | receiverName | | -| autogenerated/TaintedPath/TaintedPath.js:35:10:35:23 | sanitize(path) | stringConcatenatedWith | | -| autogenerated/TaintedPath/TaintedPath.js:36:29:36:32 | path | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/TaintedPath.js:36:29:36:32 | path | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/TaintedPath.js:36:29:36:32 | path | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/TaintedPath.js:36:29:36:32 | path | assignedToPropName | | -| autogenerated/TaintedPath/TaintedPath.js:36:29:36:32 | path | calleeImports | fs | -| autogenerated/TaintedPath/TaintedPath.js:36:29:36:32 | path | contextFunctionInterfaces | views_local(req, res) | -| autogenerated/TaintedPath/TaintedPath.js:36:29:36:32 | path | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/TaintedPath.js:36:29:36:32 | path | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path res write fs readFileSync /home/user/ path path startsWith /home/user/ res write fs readFileSync path path indexOf secret 1 res write fs readFileSync path fs existsSync path res write fs readFileSync path path foo.txt res write fs readFileSync path path foo.txt path bar.txt res write fs readFileSync path path foo.txt path bar.txt someOpaqueCondition res write fs readFileSync path path sanitize path res write fs readFileSync path path url parse req url true query path res write fs readFileSync pathModule basename path res write fs readFileSync pathModule dirname path res write fs readFileSync pathModule extname path res write fs readFileSync pathModule join path res write fs readFileSync pathModule join x y path z res write fs readFileSync pathModule normalize path res write fs readFileSync pathModule relative x path res write fs readFileSync pathModule relative path x res write fs readFileSync pathModule resolve path res write fs readFileSync pathModule resolve x y path z res write fs readFileSync pathModule toNamespacedPath path | -| autogenerated/TaintedPath/TaintedPath.js:36:29:36:32 | path | enclosingFunctionName | http.createServer#functionalargument | -| autogenerated/TaintedPath/TaintedPath.js:36:29:36:32 | path | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url | -| autogenerated/TaintedPath/TaintedPath.js:36:29:36:32 | path | receiverName | fs | -| autogenerated/TaintedPath/TaintedPath.js:36:29:36:32 | path | stringConcatenatedWith | | -| autogenerated/TaintedPath/TaintedPath.js:40:29:40:53 | pathMod ... e(path) | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/TaintedPath.js:40:29:40:53 | pathMod ... e(path) | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/TaintedPath.js:40:29:40:53 | pathMod ... e(path) | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/TaintedPath.js:40:29:40:53 | pathMod ... e(path) | assignedToPropName | | -| autogenerated/TaintedPath/TaintedPath.js:40:29:40:53 | pathMod ... e(path) | calleeImports | fs | -| autogenerated/TaintedPath/TaintedPath.js:40:29:40:53 | pathMod ... e(path) | contextFunctionInterfaces | views_local(req, res) | -| autogenerated/TaintedPath/TaintedPath.js:40:29:40:53 | pathMod ... e(path) | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/TaintedPath.js:40:29:40:53 | pathMod ... e(path) | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path res write fs readFileSync /home/user/ path path startsWith /home/user/ res write fs readFileSync path path indexOf secret 1 res write fs readFileSync path fs existsSync path res write fs readFileSync path path foo.txt res write fs readFileSync path path foo.txt path bar.txt res write fs readFileSync path path foo.txt path bar.txt someOpaqueCondition res write fs readFileSync path path sanitize path res write fs readFileSync path path url parse req url true query path res write fs readFileSync pathModule basename path res write fs readFileSync pathModule dirname path res write fs readFileSync pathModule extname path res write fs readFileSync pathModule join path res write fs readFileSync pathModule join x y path z res write fs readFileSync pathModule normalize path res write fs readFileSync pathModule relative x path res write fs readFileSync pathModule relative path x res write fs readFileSync pathModule resolve path res write fs readFileSync pathModule resolve x y path z res write fs readFileSync pathModule toNamespacedPath path | -| autogenerated/TaintedPath/TaintedPath.js:40:29:40:53 | pathMod ... e(path) | enclosingFunctionName | http.createServer#functionalargument | -| autogenerated/TaintedPath/TaintedPath.js:40:29:40:53 | pathMod ... e(path) | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url | -| autogenerated/TaintedPath/TaintedPath.js:40:29:40:53 | pathMod ... e(path) | receiverName | fs | -| autogenerated/TaintedPath/TaintedPath.js:40:29:40:53 | pathMod ... e(path) | stringConcatenatedWith | | -| autogenerated/TaintedPath/TaintedPath.js:42:29:42:52 | pathMod ... e(path) | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/TaintedPath.js:42:29:42:52 | pathMod ... e(path) | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/TaintedPath.js:42:29:42:52 | pathMod ... e(path) | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/TaintedPath.js:42:29:42:52 | pathMod ... e(path) | assignedToPropName | | -| autogenerated/TaintedPath/TaintedPath.js:42:29:42:52 | pathMod ... e(path) | calleeImports | fs | -| autogenerated/TaintedPath/TaintedPath.js:42:29:42:52 | pathMod ... e(path) | contextFunctionInterfaces | views_local(req, res) | -| autogenerated/TaintedPath/TaintedPath.js:42:29:42:52 | pathMod ... e(path) | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/TaintedPath.js:42:29:42:52 | pathMod ... e(path) | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path res write fs readFileSync /home/user/ path path startsWith /home/user/ res write fs readFileSync path path indexOf secret 1 res write fs readFileSync path fs existsSync path res write fs readFileSync path path foo.txt res write fs readFileSync path path foo.txt path bar.txt res write fs readFileSync path path foo.txt path bar.txt someOpaqueCondition res write fs readFileSync path path sanitize path res write fs readFileSync path path url parse req url true query path res write fs readFileSync pathModule basename path res write fs readFileSync pathModule dirname path res write fs readFileSync pathModule extname path res write fs readFileSync pathModule join path res write fs readFileSync pathModule join x y path z res write fs readFileSync pathModule normalize path res write fs readFileSync pathModule relative x path res write fs readFileSync pathModule relative path x res write fs readFileSync pathModule resolve path res write fs readFileSync pathModule resolve x y path z res write fs readFileSync pathModule toNamespacedPath path | -| autogenerated/TaintedPath/TaintedPath.js:42:29:42:52 | pathMod ... e(path) | enclosingFunctionName | http.createServer#functionalargument | -| autogenerated/TaintedPath/TaintedPath.js:42:29:42:52 | pathMod ... e(path) | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url | -| autogenerated/TaintedPath/TaintedPath.js:42:29:42:52 | pathMod ... e(path) | receiverName | fs | -| autogenerated/TaintedPath/TaintedPath.js:42:29:42:52 | pathMod ... e(path) | stringConcatenatedWith | | -| autogenerated/TaintedPath/TaintedPath.js:44:29:44:52 | pathMod ... e(path) | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/TaintedPath.js:44:29:44:52 | pathMod ... e(path) | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/TaintedPath.js:44:29:44:52 | pathMod ... e(path) | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/TaintedPath.js:44:29:44:52 | pathMod ... e(path) | assignedToPropName | | -| autogenerated/TaintedPath/TaintedPath.js:44:29:44:52 | pathMod ... e(path) | calleeImports | fs | -| autogenerated/TaintedPath/TaintedPath.js:44:29:44:52 | pathMod ... e(path) | contextFunctionInterfaces | views_local(req, res) | -| autogenerated/TaintedPath/TaintedPath.js:44:29:44:52 | pathMod ... e(path) | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/TaintedPath.js:44:29:44:52 | pathMod ... e(path) | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path res write fs readFileSync /home/user/ path path startsWith /home/user/ res write fs readFileSync path path indexOf secret 1 res write fs readFileSync path fs existsSync path res write fs readFileSync path path foo.txt res write fs readFileSync path path foo.txt path bar.txt res write fs readFileSync path path foo.txt path bar.txt someOpaqueCondition res write fs readFileSync path path sanitize path res write fs readFileSync path path url parse req url true query path res write fs readFileSync pathModule basename path res write fs readFileSync pathModule dirname path res write fs readFileSync pathModule extname path res write fs readFileSync pathModule join path res write fs readFileSync pathModule join x y path z res write fs readFileSync pathModule normalize path res write fs readFileSync pathModule relative x path res write fs readFileSync pathModule relative path x res write fs readFileSync pathModule resolve path res write fs readFileSync pathModule resolve x y path z res write fs readFileSync pathModule toNamespacedPath path | -| autogenerated/TaintedPath/TaintedPath.js:44:29:44:52 | pathMod ... e(path) | enclosingFunctionName | http.createServer#functionalargument | -| autogenerated/TaintedPath/TaintedPath.js:44:29:44:52 | pathMod ... e(path) | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url | -| autogenerated/TaintedPath/TaintedPath.js:44:29:44:52 | pathMod ... e(path) | receiverName | fs | -| autogenerated/TaintedPath/TaintedPath.js:44:29:44:52 | pathMod ... e(path) | stringConcatenatedWith | | -| autogenerated/TaintedPath/TaintedPath.js:46:29:46:49 | pathMod ... n(path) | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/TaintedPath.js:46:29:46:49 | pathMod ... n(path) | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/TaintedPath.js:46:29:46:49 | pathMod ... n(path) | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/TaintedPath.js:46:29:46:49 | pathMod ... n(path) | assignedToPropName | | -| autogenerated/TaintedPath/TaintedPath.js:46:29:46:49 | pathMod ... n(path) | calleeImports | fs | -| autogenerated/TaintedPath/TaintedPath.js:46:29:46:49 | pathMod ... n(path) | contextFunctionInterfaces | views_local(req, res) | -| autogenerated/TaintedPath/TaintedPath.js:46:29:46:49 | pathMod ... n(path) | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/TaintedPath.js:46:29:46:49 | pathMod ... n(path) | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path res write fs readFileSync /home/user/ path path startsWith /home/user/ res write fs readFileSync path path indexOf secret 1 res write fs readFileSync path fs existsSync path res write fs readFileSync path path foo.txt res write fs readFileSync path path foo.txt path bar.txt res write fs readFileSync path path foo.txt path bar.txt someOpaqueCondition res write fs readFileSync path path sanitize path res write fs readFileSync path path url parse req url true query path res write fs readFileSync pathModule basename path res write fs readFileSync pathModule dirname path res write fs readFileSync pathModule extname path res write fs readFileSync pathModule join path res write fs readFileSync pathModule join x y path z res write fs readFileSync pathModule normalize path res write fs readFileSync pathModule relative x path res write fs readFileSync pathModule relative path x res write fs readFileSync pathModule resolve path res write fs readFileSync pathModule resolve x y path z res write fs readFileSync pathModule toNamespacedPath path | -| autogenerated/TaintedPath/TaintedPath.js:46:29:46:49 | pathMod ... n(path) | enclosingFunctionName | http.createServer#functionalargument | -| autogenerated/TaintedPath/TaintedPath.js:46:29:46:49 | pathMod ... n(path) | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url | -| autogenerated/TaintedPath/TaintedPath.js:46:29:46:49 | pathMod ... n(path) | receiverName | fs | -| autogenerated/TaintedPath/TaintedPath.js:46:29:46:49 | pathMod ... n(path) | stringConcatenatedWith | | -| autogenerated/TaintedPath/TaintedPath.js:48:29:48:58 | pathMod ... ath, z) | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/TaintedPath.js:48:29:48:58 | pathMod ... ath, z) | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/TaintedPath.js:48:29:48:58 | pathMod ... ath, z) | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/TaintedPath.js:48:29:48:58 | pathMod ... ath, z) | assignedToPropName | | -| autogenerated/TaintedPath/TaintedPath.js:48:29:48:58 | pathMod ... ath, z) | calleeImports | fs | -| autogenerated/TaintedPath/TaintedPath.js:48:29:48:58 | pathMod ... ath, z) | contextFunctionInterfaces | views_local(req, res) | -| autogenerated/TaintedPath/TaintedPath.js:48:29:48:58 | pathMod ... ath, z) | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/TaintedPath.js:48:29:48:58 | pathMod ... ath, z) | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path res write fs readFileSync /home/user/ path path startsWith /home/user/ res write fs readFileSync path path indexOf secret 1 res write fs readFileSync path fs existsSync path res write fs readFileSync path path foo.txt res write fs readFileSync path path foo.txt path bar.txt res write fs readFileSync path path foo.txt path bar.txt someOpaqueCondition res write fs readFileSync path path sanitize path res write fs readFileSync path path url parse req url true query path res write fs readFileSync pathModule basename path res write fs readFileSync pathModule dirname path res write fs readFileSync pathModule extname path res write fs readFileSync pathModule join path res write fs readFileSync pathModule join x y path z res write fs readFileSync pathModule normalize path res write fs readFileSync pathModule relative x path res write fs readFileSync pathModule relative path x res write fs readFileSync pathModule resolve path res write fs readFileSync pathModule resolve x y path z res write fs readFileSync pathModule toNamespacedPath path | -| autogenerated/TaintedPath/TaintedPath.js:48:29:48:58 | pathMod ... ath, z) | enclosingFunctionName | http.createServer#functionalargument | -| autogenerated/TaintedPath/TaintedPath.js:48:29:48:58 | pathMod ... ath, z) | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url | -| autogenerated/TaintedPath/TaintedPath.js:48:29:48:58 | pathMod ... ath, z) | receiverName | fs | -| autogenerated/TaintedPath/TaintedPath.js:48:29:48:58 | pathMod ... ath, z) | stringConcatenatedWith | | -| autogenerated/TaintedPath/TaintedPath.js:50:29:50:54 | pathMod ... e(path) | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/TaintedPath.js:50:29:50:54 | pathMod ... e(path) | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/TaintedPath.js:50:29:50:54 | pathMod ... e(path) | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/TaintedPath.js:50:29:50:54 | pathMod ... e(path) | assignedToPropName | | -| autogenerated/TaintedPath/TaintedPath.js:50:29:50:54 | pathMod ... e(path) | calleeImports | fs | -| autogenerated/TaintedPath/TaintedPath.js:50:29:50:54 | pathMod ... e(path) | contextFunctionInterfaces | views_local(req, res) | -| autogenerated/TaintedPath/TaintedPath.js:50:29:50:54 | pathMod ... e(path) | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/TaintedPath.js:50:29:50:54 | pathMod ... e(path) | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path res write fs readFileSync /home/user/ path path startsWith /home/user/ res write fs readFileSync path path indexOf secret 1 res write fs readFileSync path fs existsSync path res write fs readFileSync path path foo.txt res write fs readFileSync path path foo.txt path bar.txt res write fs readFileSync path path foo.txt path bar.txt someOpaqueCondition res write fs readFileSync path path sanitize path res write fs readFileSync path path url parse req url true query path res write fs readFileSync pathModule basename path res write fs readFileSync pathModule dirname path res write fs readFileSync pathModule extname path res write fs readFileSync pathModule join path res write fs readFileSync pathModule join x y path z res write fs readFileSync pathModule normalize path res write fs readFileSync pathModule relative x path res write fs readFileSync pathModule relative path x res write fs readFileSync pathModule resolve path res write fs readFileSync pathModule resolve x y path z res write fs readFileSync pathModule toNamespacedPath path | -| autogenerated/TaintedPath/TaintedPath.js:50:29:50:54 | pathMod ... e(path) | enclosingFunctionName | http.createServer#functionalargument | -| autogenerated/TaintedPath/TaintedPath.js:50:29:50:54 | pathMod ... e(path) | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url | -| autogenerated/TaintedPath/TaintedPath.js:50:29:50:54 | pathMod ... e(path) | receiverName | fs | -| autogenerated/TaintedPath/TaintedPath.js:50:29:50:54 | pathMod ... e(path) | stringConcatenatedWith | | -| autogenerated/TaintedPath/TaintedPath.js:52:29:52:56 | pathMod ... , path) | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/TaintedPath.js:52:29:52:56 | pathMod ... , path) | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/TaintedPath.js:52:29:52:56 | pathMod ... , path) | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/TaintedPath.js:52:29:52:56 | pathMod ... , path) | assignedToPropName | | -| autogenerated/TaintedPath/TaintedPath.js:52:29:52:56 | pathMod ... , path) | calleeImports | fs | -| autogenerated/TaintedPath/TaintedPath.js:52:29:52:56 | pathMod ... , path) | contextFunctionInterfaces | views_local(req, res) | -| autogenerated/TaintedPath/TaintedPath.js:52:29:52:56 | pathMod ... , path) | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/TaintedPath.js:52:29:52:56 | pathMod ... , path) | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path res write fs readFileSync /home/user/ path path startsWith /home/user/ res write fs readFileSync path path indexOf secret 1 res write fs readFileSync path fs existsSync path res write fs readFileSync path path foo.txt res write fs readFileSync path path foo.txt path bar.txt res write fs readFileSync path path foo.txt path bar.txt someOpaqueCondition res write fs readFileSync path path sanitize path res write fs readFileSync path path url parse req url true query path res write fs readFileSync pathModule basename path res write fs readFileSync pathModule dirname path res write fs readFileSync pathModule extname path res write fs readFileSync pathModule join path res write fs readFileSync pathModule join x y path z res write fs readFileSync pathModule normalize path res write fs readFileSync pathModule relative x path res write fs readFileSync pathModule relative path x res write fs readFileSync pathModule resolve path res write fs readFileSync pathModule resolve x y path z res write fs readFileSync pathModule toNamespacedPath path | -| autogenerated/TaintedPath/TaintedPath.js:52:29:52:56 | pathMod ... , path) | enclosingFunctionName | http.createServer#functionalargument | -| autogenerated/TaintedPath/TaintedPath.js:52:29:52:56 | pathMod ... , path) | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url | -| autogenerated/TaintedPath/TaintedPath.js:52:29:52:56 | pathMod ... , path) | receiverName | fs | -| autogenerated/TaintedPath/TaintedPath.js:52:29:52:56 | pathMod ... , path) | stringConcatenatedWith | | -| autogenerated/TaintedPath/TaintedPath.js:54:29:54:56 | pathMod ... ath, x) | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/TaintedPath.js:54:29:54:56 | pathMod ... ath, x) | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/TaintedPath.js:54:29:54:56 | pathMod ... ath, x) | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/TaintedPath.js:54:29:54:56 | pathMod ... ath, x) | assignedToPropName | | -| autogenerated/TaintedPath/TaintedPath.js:54:29:54:56 | pathMod ... ath, x) | calleeImports | fs | -| autogenerated/TaintedPath/TaintedPath.js:54:29:54:56 | pathMod ... ath, x) | contextFunctionInterfaces | views_local(req, res) | -| autogenerated/TaintedPath/TaintedPath.js:54:29:54:56 | pathMod ... ath, x) | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/TaintedPath.js:54:29:54:56 | pathMod ... ath, x) | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path res write fs readFileSync /home/user/ path path startsWith /home/user/ res write fs readFileSync path path indexOf secret 1 res write fs readFileSync path fs existsSync path res write fs readFileSync path path foo.txt res write fs readFileSync path path foo.txt path bar.txt res write fs readFileSync path path foo.txt path bar.txt someOpaqueCondition res write fs readFileSync path path sanitize path res write fs readFileSync path path url parse req url true query path res write fs readFileSync pathModule basename path res write fs readFileSync pathModule dirname path res write fs readFileSync pathModule extname path res write fs readFileSync pathModule join path res write fs readFileSync pathModule join x y path z res write fs readFileSync pathModule normalize path res write fs readFileSync pathModule relative x path res write fs readFileSync pathModule relative path x res write fs readFileSync pathModule resolve path res write fs readFileSync pathModule resolve x y path z res write fs readFileSync pathModule toNamespacedPath path | -| autogenerated/TaintedPath/TaintedPath.js:54:29:54:56 | pathMod ... ath, x) | enclosingFunctionName | http.createServer#functionalargument | -| autogenerated/TaintedPath/TaintedPath.js:54:29:54:56 | pathMod ... ath, x) | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url | -| autogenerated/TaintedPath/TaintedPath.js:54:29:54:56 | pathMod ... ath, x) | receiverName | fs | -| autogenerated/TaintedPath/TaintedPath.js:54:29:54:56 | pathMod ... ath, x) | stringConcatenatedWith | | -| autogenerated/TaintedPath/TaintedPath.js:56:29:56:52 | pathMod ... e(path) | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/TaintedPath.js:56:29:56:52 | pathMod ... e(path) | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/TaintedPath.js:56:29:56:52 | pathMod ... e(path) | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/TaintedPath.js:56:29:56:52 | pathMod ... e(path) | assignedToPropName | | -| autogenerated/TaintedPath/TaintedPath.js:56:29:56:52 | pathMod ... e(path) | calleeImports | fs | -| autogenerated/TaintedPath/TaintedPath.js:56:29:56:52 | pathMod ... e(path) | contextFunctionInterfaces | views_local(req, res) | -| autogenerated/TaintedPath/TaintedPath.js:56:29:56:52 | pathMod ... e(path) | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/TaintedPath.js:56:29:56:52 | pathMod ... e(path) | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path res write fs readFileSync /home/user/ path path startsWith /home/user/ res write fs readFileSync path path indexOf secret 1 res write fs readFileSync path fs existsSync path res write fs readFileSync path path foo.txt res write fs readFileSync path path foo.txt path bar.txt res write fs readFileSync path path foo.txt path bar.txt someOpaqueCondition res write fs readFileSync path path sanitize path res write fs readFileSync path path url parse req url true query path res write fs readFileSync pathModule basename path res write fs readFileSync pathModule dirname path res write fs readFileSync pathModule extname path res write fs readFileSync pathModule join path res write fs readFileSync pathModule join x y path z res write fs readFileSync pathModule normalize path res write fs readFileSync pathModule relative x path res write fs readFileSync pathModule relative path x res write fs readFileSync pathModule resolve path res write fs readFileSync pathModule resolve x y path z res write fs readFileSync pathModule toNamespacedPath path | -| autogenerated/TaintedPath/TaintedPath.js:56:29:56:52 | pathMod ... e(path) | enclosingFunctionName | http.createServer#functionalargument | -| autogenerated/TaintedPath/TaintedPath.js:56:29:56:52 | pathMod ... e(path) | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url | -| autogenerated/TaintedPath/TaintedPath.js:56:29:56:52 | pathMod ... e(path) | receiverName | fs | -| autogenerated/TaintedPath/TaintedPath.js:56:29:56:52 | pathMod ... e(path) | stringConcatenatedWith | | -| autogenerated/TaintedPath/TaintedPath.js:58:29:58:61 | pathMod ... ath, z) | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/TaintedPath.js:58:29:58:61 | pathMod ... ath, z) | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/TaintedPath.js:58:29:58:61 | pathMod ... ath, z) | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/TaintedPath.js:58:29:58:61 | pathMod ... ath, z) | assignedToPropName | | -| autogenerated/TaintedPath/TaintedPath.js:58:29:58:61 | pathMod ... ath, z) | calleeImports | fs | -| autogenerated/TaintedPath/TaintedPath.js:58:29:58:61 | pathMod ... ath, z) | contextFunctionInterfaces | views_local(req, res) | -| autogenerated/TaintedPath/TaintedPath.js:58:29:58:61 | pathMod ... ath, z) | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/TaintedPath.js:58:29:58:61 | pathMod ... ath, z) | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path res write fs readFileSync /home/user/ path path startsWith /home/user/ res write fs readFileSync path path indexOf secret 1 res write fs readFileSync path fs existsSync path res write fs readFileSync path path foo.txt res write fs readFileSync path path foo.txt path bar.txt res write fs readFileSync path path foo.txt path bar.txt someOpaqueCondition res write fs readFileSync path path sanitize path res write fs readFileSync path path url parse req url true query path res write fs readFileSync pathModule basename path res write fs readFileSync pathModule dirname path res write fs readFileSync pathModule extname path res write fs readFileSync pathModule join path res write fs readFileSync pathModule join x y path z res write fs readFileSync pathModule normalize path res write fs readFileSync pathModule relative x path res write fs readFileSync pathModule relative path x res write fs readFileSync pathModule resolve path res write fs readFileSync pathModule resolve x y path z res write fs readFileSync pathModule toNamespacedPath path | -| autogenerated/TaintedPath/TaintedPath.js:58:29:58:61 | pathMod ... ath, z) | enclosingFunctionName | http.createServer#functionalargument | -| autogenerated/TaintedPath/TaintedPath.js:58:29:58:61 | pathMod ... ath, z) | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url | -| autogenerated/TaintedPath/TaintedPath.js:58:29:58:61 | pathMod ... ath, z) | receiverName | fs | -| autogenerated/TaintedPath/TaintedPath.js:58:29:58:61 | pathMod ... ath, z) | stringConcatenatedWith | | -| autogenerated/TaintedPath/TaintedPath.js:60:29:60:61 | pathMod ... h(path) | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/TaintedPath.js:60:29:60:61 | pathMod ... h(path) | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/TaintedPath.js:60:29:60:61 | pathMod ... h(path) | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/TaintedPath.js:60:29:60:61 | pathMod ... h(path) | assignedToPropName | | -| autogenerated/TaintedPath/TaintedPath.js:60:29:60:61 | pathMod ... h(path) | calleeImports | fs | -| autogenerated/TaintedPath/TaintedPath.js:60:29:60:61 | pathMod ... h(path) | contextFunctionInterfaces | views_local(req, res) | -| autogenerated/TaintedPath/TaintedPath.js:60:29:60:61 | pathMod ... h(path) | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/TaintedPath.js:60:29:60:61 | pathMod ... h(path) | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path res write fs readFileSync /home/user/ path path startsWith /home/user/ res write fs readFileSync path path indexOf secret 1 res write fs readFileSync path fs existsSync path res write fs readFileSync path path foo.txt res write fs readFileSync path path foo.txt path bar.txt res write fs readFileSync path path foo.txt path bar.txt someOpaqueCondition res write fs readFileSync path path sanitize path res write fs readFileSync path path url parse req url true query path res write fs readFileSync pathModule basename path res write fs readFileSync pathModule dirname path res write fs readFileSync pathModule extname path res write fs readFileSync pathModule join path res write fs readFileSync pathModule join x y path z res write fs readFileSync pathModule normalize path res write fs readFileSync pathModule relative x path res write fs readFileSync pathModule relative path x res write fs readFileSync pathModule resolve path res write fs readFileSync pathModule resolve x y path z res write fs readFileSync pathModule toNamespacedPath path | -| autogenerated/TaintedPath/TaintedPath.js:60:29:60:61 | pathMod ... h(path) | enclosingFunctionName | http.createServer#functionalargument | -| autogenerated/TaintedPath/TaintedPath.js:60:29:60:61 | pathMod ... h(path) | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url | -| autogenerated/TaintedPath/TaintedPath.js:60:29:60:61 | pathMod ... h(path) | receiverName | fs | -| autogenerated/TaintedPath/TaintedPath.js:60:29:60:61 | pathMod ... h(path) | stringConcatenatedWith | | -| autogenerated/TaintedPath/TaintedPath.js:63:16:63:22 | 'myApp' | CalleeFlexibleAccessPath | angular.module | -| autogenerated/TaintedPath/TaintedPath.js:63:16:63:22 | 'myApp' | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/TaintedPath.js:63:16:63:22 | 'myApp' | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/TaintedPath.js:63:16:63:22 | 'myApp' | assignedToPropName | | -| autogenerated/TaintedPath/TaintedPath.js:63:16:63:22 | 'myApp' | calleeImports | | -| autogenerated/TaintedPath/TaintedPath.js:63:16:63:22 | 'myApp' | contextFunctionInterfaces | views_local(req, res) | -| autogenerated/TaintedPath/TaintedPath.js:63:16:63:22 | 'myApp' | contextSurroundingFunctionParameters | | -| autogenerated/TaintedPath/TaintedPath.js:63:16:63:22 | 'myApp' | enclosingFunctionBody | | -| autogenerated/TaintedPath/TaintedPath.js:63:16:63:22 | 'myApp' | enclosingFunctionName | | -| autogenerated/TaintedPath/TaintedPath.js:63:16:63:22 | 'myApp' | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url | -| autogenerated/TaintedPath/TaintedPath.js:63:16:63:22 | 'myApp' | receiverName | angular | -| autogenerated/TaintedPath/TaintedPath.js:63:16:63:22 | 'myApp' | stringConcatenatedWith | | -| autogenerated/TaintedPath/TaintedPath.js:63:25:63:26 | [] | CalleeFlexibleAccessPath | angular.module | -| autogenerated/TaintedPath/TaintedPath.js:63:25:63:26 | [] | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/TaintedPath.js:63:25:63:26 | [] | InputArgumentIndex | 1 | -| autogenerated/TaintedPath/TaintedPath.js:63:25:63:26 | [] | assignedToPropName | | -| autogenerated/TaintedPath/TaintedPath.js:63:25:63:26 | [] | calleeImports | | -| autogenerated/TaintedPath/TaintedPath.js:63:25:63:26 | [] | contextFunctionInterfaces | views_local(req, res) | -| autogenerated/TaintedPath/TaintedPath.js:63:25:63:26 | [] | contextSurroundingFunctionParameters | | -| autogenerated/TaintedPath/TaintedPath.js:63:25:63:26 | [] | enclosingFunctionBody | | -| autogenerated/TaintedPath/TaintedPath.js:63:25:63:26 | [] | enclosingFunctionName | | -| autogenerated/TaintedPath/TaintedPath.js:63:25:63:26 | [] | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url | -| autogenerated/TaintedPath/TaintedPath.js:63:25:63:26 | [] | receiverName | angular | -| autogenerated/TaintedPath/TaintedPath.js:63:25:63:26 | [] | stringConcatenatedWith | | -| autogenerated/TaintedPath/TaintedPath.js:64:16:64:27 | 'myCustomer' | CalleeFlexibleAccessPath | angular.module().directive | -| autogenerated/TaintedPath/TaintedPath.js:64:16:64:27 | 'myCustomer' | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/TaintedPath.js:64:16:64:27 | 'myCustomer' | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/TaintedPath.js:64:16:64:27 | 'myCustomer' | assignedToPropName | | -| autogenerated/TaintedPath/TaintedPath.js:64:16:64:27 | 'myCustomer' | calleeImports | | -| autogenerated/TaintedPath/TaintedPath.js:64:16:64:27 | 'myCustomer' | contextFunctionInterfaces | views_local(req, res) | -| autogenerated/TaintedPath/TaintedPath.js:64:16:64:27 | 'myCustomer' | contextSurroundingFunctionParameters | | -| autogenerated/TaintedPath/TaintedPath.js:64:16:64:27 | 'myCustomer' | enclosingFunctionBody | | -| autogenerated/TaintedPath/TaintedPath.js:64:16:64:27 | 'myCustomer' | enclosingFunctionName | | -| autogenerated/TaintedPath/TaintedPath.js:64:16:64:27 | 'myCustomer' | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url | -| autogenerated/TaintedPath/TaintedPath.js:64:16:64:27 | 'myCustomer' | receiverName | | -| autogenerated/TaintedPath/TaintedPath.js:64:16:64:27 | 'myCustomer' | stringConcatenatedWith | | -| autogenerated/TaintedPath/TaintedPath.js:64:30:68:5 | functio ... }\\n } | CalleeFlexibleAccessPath | angular.module().directive | -| autogenerated/TaintedPath/TaintedPath.js:64:30:68:5 | functio ... }\\n } | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/TaintedPath.js:64:30:68:5 | functio ... }\\n } | InputArgumentIndex | 1 | -| autogenerated/TaintedPath/TaintedPath.js:64:30:68:5 | functio ... }\\n } | assignedToPropName | | -| autogenerated/TaintedPath/TaintedPath.js:64:30:68:5 | functio ... }\\n } | calleeImports | | -| autogenerated/TaintedPath/TaintedPath.js:64:30:68:5 | functio ... }\\n } | contextFunctionInterfaces | views_local(req, res) | -| autogenerated/TaintedPath/TaintedPath.js:64:30:68:5 | functio ... }\\n } | contextSurroundingFunctionParameters | () | -| autogenerated/TaintedPath/TaintedPath.js:64:30:68:5 | functio ... }\\n } | enclosingFunctionBody | | -| autogenerated/TaintedPath/TaintedPath.js:64:30:68:5 | functio ... }\\n } | enclosingFunctionName | | -| autogenerated/TaintedPath/TaintedPath.js:64:30:68:5 | functio ... }\\n } | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url | -| autogenerated/TaintedPath/TaintedPath.js:64:30:68:5 | functio ... }\\n } | receiverName | | -| autogenerated/TaintedPath/TaintedPath.js:64:30:68:5 | functio ... }\\n } | stringConcatenatedWith | | -| autogenerated/TaintedPath/TaintedPath.js:66:26:66:31 | "SAFE" | CalleeFlexibleAccessPath | | -| autogenerated/TaintedPath/TaintedPath.js:66:26:66:31 | "SAFE" | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/TaintedPath.js:66:26:66:31 | "SAFE" | InputArgumentIndex | | -| autogenerated/TaintedPath/TaintedPath.js:66:26:66:31 | "SAFE" | assignedToPropName | templateUrl | -| autogenerated/TaintedPath/TaintedPath.js:66:26:66:31 | "SAFE" | calleeImports | | -| autogenerated/TaintedPath/TaintedPath.js:66:26:66:31 | "SAFE" | contextFunctionInterfaces | views_local(req, res) | -| autogenerated/TaintedPath/TaintedPath.js:66:26:66:31 | "SAFE" | contextSurroundingFunctionParameters | () | -| autogenerated/TaintedPath/TaintedPath.js:66:26:66:31 | "SAFE" | enclosingFunctionBody | templateUrl SAFE | -| autogenerated/TaintedPath/TaintedPath.js:66:26:66:31 | "SAFE" | enclosingFunctionName | directive#functionalargument | -| autogenerated/TaintedPath/TaintedPath.js:66:26:66:31 | "SAFE" | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url | -| autogenerated/TaintedPath/TaintedPath.js:66:26:66:31 | "SAFE" | receiverName | | -| autogenerated/TaintedPath/TaintedPath.js:66:26:66:31 | "SAFE" | stringConcatenatedWith | | -| autogenerated/TaintedPath/TaintedPath.js:69:16:69:27 | 'myCustomer' | CalleeFlexibleAccessPath | angular.module().directive().directive | -| autogenerated/TaintedPath/TaintedPath.js:69:16:69:27 | 'myCustomer' | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/TaintedPath.js:69:16:69:27 | 'myCustomer' | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/TaintedPath.js:69:16:69:27 | 'myCustomer' | assignedToPropName | | -| autogenerated/TaintedPath/TaintedPath.js:69:16:69:27 | 'myCustomer' | calleeImports | | -| autogenerated/TaintedPath/TaintedPath.js:69:16:69:27 | 'myCustomer' | contextFunctionInterfaces | views_local(req, res) | -| autogenerated/TaintedPath/TaintedPath.js:69:16:69:27 | 'myCustomer' | contextSurroundingFunctionParameters | | -| autogenerated/TaintedPath/TaintedPath.js:69:16:69:27 | 'myCustomer' | enclosingFunctionBody | | -| autogenerated/TaintedPath/TaintedPath.js:69:16:69:27 | 'myCustomer' | enclosingFunctionName | | -| autogenerated/TaintedPath/TaintedPath.js:69:16:69:27 | 'myCustomer' | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url | -| autogenerated/TaintedPath/TaintedPath.js:69:16:69:27 | 'myCustomer' | receiverName | | -| autogenerated/TaintedPath/TaintedPath.js:69:16:69:27 | 'myCustomer' | stringConcatenatedWith | | -| autogenerated/TaintedPath/TaintedPath.js:69:30:73:5 | functio ... }\\n } | CalleeFlexibleAccessPath | angular.module().directive().directive | -| autogenerated/TaintedPath/TaintedPath.js:69:30:73:5 | functio ... }\\n } | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/TaintedPath.js:69:30:73:5 | functio ... }\\n } | InputArgumentIndex | 1 | -| autogenerated/TaintedPath/TaintedPath.js:69:30:73:5 | functio ... }\\n } | assignedToPropName | | -| autogenerated/TaintedPath/TaintedPath.js:69:30:73:5 | functio ... }\\n } | calleeImports | | -| autogenerated/TaintedPath/TaintedPath.js:69:30:73:5 | functio ... }\\n } | contextFunctionInterfaces | views_local(req, res) | -| autogenerated/TaintedPath/TaintedPath.js:69:30:73:5 | functio ... }\\n } | contextSurroundingFunctionParameters | () | -| autogenerated/TaintedPath/TaintedPath.js:69:30:73:5 | functio ... }\\n } | enclosingFunctionBody | | -| autogenerated/TaintedPath/TaintedPath.js:69:30:73:5 | functio ... }\\n } | enclosingFunctionName | | -| autogenerated/TaintedPath/TaintedPath.js:69:30:73:5 | functio ... }\\n } | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url | -| autogenerated/TaintedPath/TaintedPath.js:69:30:73:5 | functio ... }\\n } | receiverName | | -| autogenerated/TaintedPath/TaintedPath.js:69:30:73:5 | functio ... }\\n } | stringConcatenatedWith | | -| autogenerated/TaintedPath/TaintedPath.js:71:26:71:45 | Cookie.get("unsafe") | CalleeFlexibleAccessPath | | -| autogenerated/TaintedPath/TaintedPath.js:71:26:71:45 | Cookie.get("unsafe") | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/TaintedPath.js:71:26:71:45 | Cookie.get("unsafe") | InputArgumentIndex | | -| autogenerated/TaintedPath/TaintedPath.js:71:26:71:45 | Cookie.get("unsafe") | assignedToPropName | templateUrl | -| autogenerated/TaintedPath/TaintedPath.js:71:26:71:45 | Cookie.get("unsafe") | calleeImports | | -| autogenerated/TaintedPath/TaintedPath.js:71:26:71:45 | Cookie.get("unsafe") | contextFunctionInterfaces | views_local(req, res) | -| autogenerated/TaintedPath/TaintedPath.js:71:26:71:45 | Cookie.get("unsafe") | contextSurroundingFunctionParameters | () | -| autogenerated/TaintedPath/TaintedPath.js:71:26:71:45 | Cookie.get("unsafe") | enclosingFunctionBody | templateUrl Cookie get unsafe | -| autogenerated/TaintedPath/TaintedPath.js:71:26:71:45 | Cookie.get("unsafe") | enclosingFunctionName | directive#functionalargument | -| autogenerated/TaintedPath/TaintedPath.js:71:26:71:45 | Cookie.get("unsafe") | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url | -| autogenerated/TaintedPath/TaintedPath.js:71:26:71:45 | Cookie.get("unsafe") | receiverName | | -| autogenerated/TaintedPath/TaintedPath.js:71:26:71:45 | Cookie.get("unsafe") | stringConcatenatedWith | | -| autogenerated/TaintedPath/TaintedPath.js:71:37:71:44 | "unsafe" | CalleeFlexibleAccessPath | Cookie.get | -| autogenerated/TaintedPath/TaintedPath.js:71:37:71:44 | "unsafe" | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/TaintedPath.js:71:37:71:44 | "unsafe" | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/TaintedPath.js:71:37:71:44 | "unsafe" | assignedToPropName | | -| autogenerated/TaintedPath/TaintedPath.js:71:37:71:44 | "unsafe" | calleeImports | | -| autogenerated/TaintedPath/TaintedPath.js:71:37:71:44 | "unsafe" | contextFunctionInterfaces | views_local(req, res) | -| autogenerated/TaintedPath/TaintedPath.js:71:37:71:44 | "unsafe" | contextSurroundingFunctionParameters | () | -| autogenerated/TaintedPath/TaintedPath.js:71:37:71:44 | "unsafe" | enclosingFunctionBody | templateUrl Cookie get unsafe | -| autogenerated/TaintedPath/TaintedPath.js:71:37:71:44 | "unsafe" | enclosingFunctionName | directive#functionalargument | -| autogenerated/TaintedPath/TaintedPath.js:71:37:71:44 | "unsafe" | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url | -| autogenerated/TaintedPath/TaintedPath.js:71:37:71:44 | "unsafe" | receiverName | Cookie | -| autogenerated/TaintedPath/TaintedPath.js:71:37:71:44 | "unsafe" | stringConcatenatedWith | | -| autogenerated/TaintedPath/TaintedPath.js:75:32:80:1 | functio ... OT OK\\n} | CalleeFlexibleAccessPath | http.createServer | -| autogenerated/TaintedPath/TaintedPath.js:75:32:80:1 | functio ... OT OK\\n} | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/TaintedPath.js:75:32:80:1 | functio ... OT OK\\n} | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/TaintedPath.js:75:32:80:1 | functio ... OT OK\\n} | assignedToPropName | | -| autogenerated/TaintedPath/TaintedPath.js:75:32:80:1 | functio ... OT OK\\n} | calleeImports | http | -| autogenerated/TaintedPath/TaintedPath.js:75:32:80:1 | functio ... OT OK\\n} | contextFunctionInterfaces | views_local(req, res) | -| autogenerated/TaintedPath/TaintedPath.js:75:32:80:1 | functio ... OT OK\\n} | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/TaintedPath.js:75:32:80:1 | functio ... OT OK\\n} | enclosingFunctionBody | | -| autogenerated/TaintedPath/TaintedPath.js:75:32:80:1 | functio ... OT OK\\n} | enclosingFunctionName | | -| autogenerated/TaintedPath/TaintedPath.js:75:32:80:1 | functio ... OT OK\\n} | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url | -| autogenerated/TaintedPath/TaintedPath.js:75:32:80:1 | functio ... OT OK\\n} | receiverName | http | -| autogenerated/TaintedPath/TaintedPath.js:75:32:80:1 | functio ... OT OK\\n} | stringConcatenatedWith | | -| autogenerated/TaintedPath/TaintedPath.js:77:31:77:76 | require ... ).query | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/TaintedPath.js:77:31:77:76 | require ... ).query | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/TaintedPath.js:77:31:77:76 | require ... ).query | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/TaintedPath.js:77:31:77:76 | require ... ).query | assignedToPropName | | -| autogenerated/TaintedPath/TaintedPath.js:77:31:77:76 | require ... ).query | calleeImports | fs | -| autogenerated/TaintedPath/TaintedPath.js:77:31:77:76 | require ... ).query | contextFunctionInterfaces | views_local(req, res) | -| autogenerated/TaintedPath/TaintedPath.js:77:31:77:76 | require ... ).query | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/TaintedPath.js:77:31:77:76 | require ... ).query | enclosingFunctionBody | req res res write fs readFileSync require querystringify parse req url query res write fs readFileSync require query-string parse req url query res write fs readFileSync require querystring parse req url query | -| autogenerated/TaintedPath/TaintedPath.js:77:31:77:76 | require ... ).query | enclosingFunctionName | http.createServer#functionalargument | -| autogenerated/TaintedPath/TaintedPath.js:77:31:77:76 | require ... ).query | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url | -| autogenerated/TaintedPath/TaintedPath.js:77:31:77:76 | require ... ).query | receiverName | fs | -| autogenerated/TaintedPath/TaintedPath.js:77:31:77:76 | require ... ).query | stringConcatenatedWith | | -| autogenerated/TaintedPath/TaintedPath.js:77:39:77:54 | "querystringify" | CalleeFlexibleAccessPath | require | -| autogenerated/TaintedPath/TaintedPath.js:77:39:77:54 | "querystringify" | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/TaintedPath.js:77:39:77:54 | "querystringify" | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/TaintedPath.js:77:39:77:54 | "querystringify" | assignedToPropName | | -| autogenerated/TaintedPath/TaintedPath.js:77:39:77:54 | "querystringify" | calleeImports | | -| autogenerated/TaintedPath/TaintedPath.js:77:39:77:54 | "querystringify" | contextFunctionInterfaces | views_local(req, res) | -| autogenerated/TaintedPath/TaintedPath.js:77:39:77:54 | "querystringify" | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/TaintedPath.js:77:39:77:54 | "querystringify" | enclosingFunctionBody | req res res write fs readFileSync require querystringify parse req url query res write fs readFileSync require query-string parse req url query res write fs readFileSync require querystring parse req url query | -| autogenerated/TaintedPath/TaintedPath.js:77:39:77:54 | "querystringify" | enclosingFunctionName | http.createServer#functionalargument | -| autogenerated/TaintedPath/TaintedPath.js:77:39:77:54 | "querystringify" | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url | -| autogenerated/TaintedPath/TaintedPath.js:77:39:77:54 | "querystringify" | receiverName | | -| autogenerated/TaintedPath/TaintedPath.js:77:39:77:54 | "querystringify" | stringConcatenatedWith | | -| autogenerated/TaintedPath/TaintedPath.js:78:31:78:74 | require ... ).query | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/TaintedPath.js:78:31:78:74 | require ... ).query | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/TaintedPath.js:78:31:78:74 | require ... ).query | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/TaintedPath.js:78:31:78:74 | require ... ).query | assignedToPropName | | -| autogenerated/TaintedPath/TaintedPath.js:78:31:78:74 | require ... ).query | calleeImports | fs | -| autogenerated/TaintedPath/TaintedPath.js:78:31:78:74 | require ... ).query | contextFunctionInterfaces | views_local(req, res) | -| autogenerated/TaintedPath/TaintedPath.js:78:31:78:74 | require ... ).query | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/TaintedPath.js:78:31:78:74 | require ... ).query | enclosingFunctionBody | req res res write fs readFileSync require querystringify parse req url query res write fs readFileSync require query-string parse req url query res write fs readFileSync require querystring parse req url query | -| autogenerated/TaintedPath/TaintedPath.js:78:31:78:74 | require ... ).query | enclosingFunctionName | http.createServer#functionalargument | -| autogenerated/TaintedPath/TaintedPath.js:78:31:78:74 | require ... ).query | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url | -| autogenerated/TaintedPath/TaintedPath.js:78:31:78:74 | require ... ).query | receiverName | fs | -| autogenerated/TaintedPath/TaintedPath.js:78:31:78:74 | require ... ).query | stringConcatenatedWith | | -| autogenerated/TaintedPath/TaintedPath.js:78:39:78:52 | "query-string" | CalleeFlexibleAccessPath | require | -| autogenerated/TaintedPath/TaintedPath.js:78:39:78:52 | "query-string" | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/TaintedPath.js:78:39:78:52 | "query-string" | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/TaintedPath.js:78:39:78:52 | "query-string" | assignedToPropName | | -| autogenerated/TaintedPath/TaintedPath.js:78:39:78:52 | "query-string" | calleeImports | | -| autogenerated/TaintedPath/TaintedPath.js:78:39:78:52 | "query-string" | contextFunctionInterfaces | views_local(req, res) | -| autogenerated/TaintedPath/TaintedPath.js:78:39:78:52 | "query-string" | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/TaintedPath.js:78:39:78:52 | "query-string" | enclosingFunctionBody | req res res write fs readFileSync require querystringify parse req url query res write fs readFileSync require query-string parse req url query res write fs readFileSync require querystring parse req url query | -| autogenerated/TaintedPath/TaintedPath.js:78:39:78:52 | "query-string" | enclosingFunctionName | http.createServer#functionalargument | -| autogenerated/TaintedPath/TaintedPath.js:78:39:78:52 | "query-string" | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url | -| autogenerated/TaintedPath/TaintedPath.js:78:39:78:52 | "query-string" | receiverName | | -| autogenerated/TaintedPath/TaintedPath.js:78:39:78:52 | "query-string" | stringConcatenatedWith | | -| autogenerated/TaintedPath/TaintedPath.js:79:31:79:73 | require ... ).query | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/TaintedPath.js:79:31:79:73 | require ... ).query | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/TaintedPath.js:79:31:79:73 | require ... ).query | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/TaintedPath.js:79:31:79:73 | require ... ).query | assignedToPropName | | -| autogenerated/TaintedPath/TaintedPath.js:79:31:79:73 | require ... ).query | calleeImports | fs | -| autogenerated/TaintedPath/TaintedPath.js:79:31:79:73 | require ... ).query | contextFunctionInterfaces | views_local(req, res) | -| autogenerated/TaintedPath/TaintedPath.js:79:31:79:73 | require ... ).query | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/TaintedPath.js:79:31:79:73 | require ... ).query | enclosingFunctionBody | req res res write fs readFileSync require querystringify parse req url query res write fs readFileSync require query-string parse req url query res write fs readFileSync require querystring parse req url query | -| autogenerated/TaintedPath/TaintedPath.js:79:31:79:73 | require ... ).query | enclosingFunctionName | http.createServer#functionalargument | -| autogenerated/TaintedPath/TaintedPath.js:79:31:79:73 | require ... ).query | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url | -| autogenerated/TaintedPath/TaintedPath.js:79:31:79:73 | require ... ).query | receiverName | fs | -| autogenerated/TaintedPath/TaintedPath.js:79:31:79:73 | require ... ).query | stringConcatenatedWith | | -| autogenerated/TaintedPath/TaintedPath.js:79:39:79:51 | "querystring" | CalleeFlexibleAccessPath | require | -| autogenerated/TaintedPath/TaintedPath.js:79:39:79:51 | "querystring" | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/TaintedPath.js:79:39:79:51 | "querystring" | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/TaintedPath.js:79:39:79:51 | "querystring" | assignedToPropName | | -| autogenerated/TaintedPath/TaintedPath.js:79:39:79:51 | "querystring" | calleeImports | | -| autogenerated/TaintedPath/TaintedPath.js:79:39:79:51 | "querystring" | contextFunctionInterfaces | views_local(req, res) | -| autogenerated/TaintedPath/TaintedPath.js:79:39:79:51 | "querystring" | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/TaintedPath.js:79:39:79:51 | "querystring" | enclosingFunctionBody | req res res write fs readFileSync require querystringify parse req url query res write fs readFileSync require query-string parse req url query res write fs readFileSync require querystring parse req url query | -| autogenerated/TaintedPath/TaintedPath.js:79:39:79:51 | "querystring" | enclosingFunctionName | http.createServer#functionalargument | -| autogenerated/TaintedPath/TaintedPath.js:79:39:79:51 | "querystring" | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url | -| autogenerated/TaintedPath/TaintedPath.js:79:39:79:51 | "querystring" | receiverName | | -| autogenerated/TaintedPath/TaintedPath.js:79:39:79:51 | "querystring" | stringConcatenatedWith | | -| autogenerated/TaintedPath/TaintedPath.js:84:27:84:35 | 'express' | CalleeFlexibleAccessPath | require | -| autogenerated/TaintedPath/TaintedPath.js:84:27:84:35 | 'express' | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/TaintedPath.js:84:27:84:35 | 'express' | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/TaintedPath.js:84:27:84:35 | 'express' | assignedToPropName | | -| autogenerated/TaintedPath/TaintedPath.js:84:27:84:35 | 'express' | calleeImports | | -| autogenerated/TaintedPath/TaintedPath.js:84:27:84:35 | 'express' | contextFunctionInterfaces | views_local(req, res) | -| autogenerated/TaintedPath/TaintedPath.js:84:27:84:35 | 'express' | contextSurroundingFunctionParameters | () | -| autogenerated/TaintedPath/TaintedPath.js:84:27:84:35 | 'express' | enclosingFunctionBody | express require express application express views_local req res res render req 0 params 0 application get /views/* views_local views_imported require ./views application get /views/* views_imported | -| autogenerated/TaintedPath/TaintedPath.js:84:27:84:35 | 'express' | enclosingFunctionName | | -| autogenerated/TaintedPath/TaintedPath.js:84:27:84:35 | 'express' | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url | -| autogenerated/TaintedPath/TaintedPath.js:84:27:84:35 | 'express' | receiverName | | -| autogenerated/TaintedPath/TaintedPath.js:84:27:84:35 | 'express' | stringConcatenatedWith | | -| autogenerated/TaintedPath/TaintedPath.js:87:48:87:60 | req.params[0] | CalleeFlexibleAccessPath | res.render | -| autogenerated/TaintedPath/TaintedPath.js:87:48:87:60 | req.params[0] | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/TaintedPath.js:87:48:87:60 | req.params[0] | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/TaintedPath.js:87:48:87:60 | req.params[0] | assignedToPropName | | -| autogenerated/TaintedPath/TaintedPath.js:87:48:87:60 | req.params[0] | calleeImports | | -| autogenerated/TaintedPath/TaintedPath.js:87:48:87:60 | req.params[0] | contextFunctionInterfaces | views_local(req, res) | -| autogenerated/TaintedPath/TaintedPath.js:87:48:87:60 | req.params[0] | contextSurroundingFunctionParameters | ()\n(req, res) | -| autogenerated/TaintedPath/TaintedPath.js:87:48:87:60 | req.params[0] | enclosingFunctionBody | express require express application express views_local req res res render req 0 params 0 application get /views/* views_local views_imported require ./views application get /views/* views_imported | -| autogenerated/TaintedPath/TaintedPath.js:87:48:87:60 | req.params[0] | enclosingFunctionName | | -| autogenerated/TaintedPath/TaintedPath.js:87:48:87:60 | req.params[0] | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url | -| autogenerated/TaintedPath/TaintedPath.js:87:48:87:60 | req.params[0] | receiverName | res | -| autogenerated/TaintedPath/TaintedPath.js:87:48:87:60 | req.params[0] | stringConcatenatedWith | | -| autogenerated/TaintedPath/TaintedPath.js:88:21:88:30 | '/views/*' | CalleeFlexibleAccessPath | application.get | -| autogenerated/TaintedPath/TaintedPath.js:88:21:88:30 | '/views/*' | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/TaintedPath.js:88:21:88:30 | '/views/*' | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/TaintedPath.js:88:21:88:30 | '/views/*' | assignedToPropName | | -| autogenerated/TaintedPath/TaintedPath.js:88:21:88:30 | '/views/*' | calleeImports | express | -| autogenerated/TaintedPath/TaintedPath.js:88:21:88:30 | '/views/*' | contextFunctionInterfaces | views_local(req, res) | -| autogenerated/TaintedPath/TaintedPath.js:88:21:88:30 | '/views/*' | contextSurroundingFunctionParameters | () | -| autogenerated/TaintedPath/TaintedPath.js:88:21:88:30 | '/views/*' | enclosingFunctionBody | express require express application express views_local req res res render req 0 params 0 application get /views/* views_local views_imported require ./views application get /views/* views_imported | -| autogenerated/TaintedPath/TaintedPath.js:88:21:88:30 | '/views/*' | enclosingFunctionName | | -| autogenerated/TaintedPath/TaintedPath.js:88:21:88:30 | '/views/*' | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url | -| autogenerated/TaintedPath/TaintedPath.js:88:21:88:30 | '/views/*' | receiverName | application | -| autogenerated/TaintedPath/TaintedPath.js:88:21:88:30 | '/views/*' | stringConcatenatedWith | | -| autogenerated/TaintedPath/TaintedPath.js:88:33:88:43 | views_local | CalleeFlexibleAccessPath | application.get | -| autogenerated/TaintedPath/TaintedPath.js:88:33:88:43 | views_local | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/TaintedPath.js:88:33:88:43 | views_local | InputArgumentIndex | 1 | -| autogenerated/TaintedPath/TaintedPath.js:88:33:88:43 | views_local | assignedToPropName | | -| autogenerated/TaintedPath/TaintedPath.js:88:33:88:43 | views_local | calleeImports | express | -| autogenerated/TaintedPath/TaintedPath.js:88:33:88:43 | views_local | contextFunctionInterfaces | views_local(req, res) | -| autogenerated/TaintedPath/TaintedPath.js:88:33:88:43 | views_local | contextSurroundingFunctionParameters | () | -| autogenerated/TaintedPath/TaintedPath.js:88:33:88:43 | views_local | enclosingFunctionBody | express require express application express views_local req res res render req 0 params 0 application get /views/* views_local views_imported require ./views application get /views/* views_imported | -| autogenerated/TaintedPath/TaintedPath.js:88:33:88:43 | views_local | enclosingFunctionName | | -| autogenerated/TaintedPath/TaintedPath.js:88:33:88:43 | views_local | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url | -| autogenerated/TaintedPath/TaintedPath.js:88:33:88:43 | views_local | receiverName | application | -| autogenerated/TaintedPath/TaintedPath.js:88:33:88:43 | views_local | stringConcatenatedWith | | -| autogenerated/TaintedPath/TaintedPath.js:90:34:90:42 | "./views" | CalleeFlexibleAccessPath | require | -| autogenerated/TaintedPath/TaintedPath.js:90:34:90:42 | "./views" | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/TaintedPath.js:90:34:90:42 | "./views" | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/TaintedPath.js:90:34:90:42 | "./views" | assignedToPropName | | -| autogenerated/TaintedPath/TaintedPath.js:90:34:90:42 | "./views" | calleeImports | | -| autogenerated/TaintedPath/TaintedPath.js:90:34:90:42 | "./views" | contextFunctionInterfaces | views_local(req, res) | -| autogenerated/TaintedPath/TaintedPath.js:90:34:90:42 | "./views" | contextSurroundingFunctionParameters | () | -| autogenerated/TaintedPath/TaintedPath.js:90:34:90:42 | "./views" | enclosingFunctionBody | express require express application express views_local req res res render req 0 params 0 application get /views/* views_local views_imported require ./views application get /views/* views_imported | -| autogenerated/TaintedPath/TaintedPath.js:90:34:90:42 | "./views" | enclosingFunctionName | | -| autogenerated/TaintedPath/TaintedPath.js:90:34:90:42 | "./views" | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url | -| autogenerated/TaintedPath/TaintedPath.js:90:34:90:42 | "./views" | receiverName | | -| autogenerated/TaintedPath/TaintedPath.js:90:34:90:42 | "./views" | stringConcatenatedWith | | -| autogenerated/TaintedPath/TaintedPath.js:91:21:91:30 | '/views/*' | CalleeFlexibleAccessPath | application.get | -| autogenerated/TaintedPath/TaintedPath.js:91:21:91:30 | '/views/*' | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/TaintedPath.js:91:21:91:30 | '/views/*' | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/TaintedPath.js:91:21:91:30 | '/views/*' | assignedToPropName | | -| autogenerated/TaintedPath/TaintedPath.js:91:21:91:30 | '/views/*' | calleeImports | express | -| autogenerated/TaintedPath/TaintedPath.js:91:21:91:30 | '/views/*' | contextFunctionInterfaces | views_local(req, res) | -| autogenerated/TaintedPath/TaintedPath.js:91:21:91:30 | '/views/*' | contextSurroundingFunctionParameters | () | -| autogenerated/TaintedPath/TaintedPath.js:91:21:91:30 | '/views/*' | enclosingFunctionBody | express require express application express views_local req res res render req 0 params 0 application get /views/* views_local views_imported require ./views application get /views/* views_imported | -| autogenerated/TaintedPath/TaintedPath.js:91:21:91:30 | '/views/*' | enclosingFunctionName | | -| autogenerated/TaintedPath/TaintedPath.js:91:21:91:30 | '/views/*' | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url | -| autogenerated/TaintedPath/TaintedPath.js:91:21:91:30 | '/views/*' | receiverName | application | -| autogenerated/TaintedPath/TaintedPath.js:91:21:91:30 | '/views/*' | stringConcatenatedWith | | -| autogenerated/TaintedPath/TaintedPath.js:91:33:91:46 | views_imported | CalleeFlexibleAccessPath | application.get | -| autogenerated/TaintedPath/TaintedPath.js:91:33:91:46 | views_imported | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/TaintedPath.js:91:33:91:46 | views_imported | InputArgumentIndex | 1 | -| autogenerated/TaintedPath/TaintedPath.js:91:33:91:46 | views_imported | assignedToPropName | | -| autogenerated/TaintedPath/TaintedPath.js:91:33:91:46 | views_imported | calleeImports | express | -| autogenerated/TaintedPath/TaintedPath.js:91:33:91:46 | views_imported | contextFunctionInterfaces | views_local(req, res) | -| autogenerated/TaintedPath/TaintedPath.js:91:33:91:46 | views_imported | contextSurroundingFunctionParameters | () | -| autogenerated/TaintedPath/TaintedPath.js:91:33:91:46 | views_imported | enclosingFunctionBody | express require express application express views_local req res res render req 0 params 0 application get /views/* views_local views_imported require ./views application get /views/* views_imported | -| autogenerated/TaintedPath/TaintedPath.js:91:33:91:46 | views_imported | enclosingFunctionName | | -| autogenerated/TaintedPath/TaintedPath.js:91:33:91:46 | views_imported | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url | -| autogenerated/TaintedPath/TaintedPath.js:91:33:91:46 | views_imported | receiverName | application | -| autogenerated/TaintedPath/TaintedPath.js:91:33:91:46 | views_imported | stringConcatenatedWith | | -| autogenerated/TaintedPath/TaintedPath.js:95:18:95:26 | 'message' | CalleeFlexibleAccessPath | addEventListener | -| autogenerated/TaintedPath/TaintedPath.js:95:18:95:26 | 'message' | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/TaintedPath.js:95:18:95:26 | 'message' | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/TaintedPath.js:95:18:95:26 | 'message' | assignedToPropName | | -| autogenerated/TaintedPath/TaintedPath.js:95:18:95:26 | 'message' | calleeImports | | -| autogenerated/TaintedPath/TaintedPath.js:95:18:95:26 | 'message' | contextFunctionInterfaces | views_local(req, res) | -| autogenerated/TaintedPath/TaintedPath.js:95:18:95:26 | 'message' | contextSurroundingFunctionParameters | | -| autogenerated/TaintedPath/TaintedPath.js:95:18:95:26 | 'message' | enclosingFunctionBody | | -| autogenerated/TaintedPath/TaintedPath.js:95:18:95:26 | 'message' | enclosingFunctionName | | -| autogenerated/TaintedPath/TaintedPath.js:95:18:95:26 | 'message' | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url | -| autogenerated/TaintedPath/TaintedPath.js:95:18:95:26 | 'message' | receiverName | | -| autogenerated/TaintedPath/TaintedPath.js:95:18:95:26 | 'message' | stringConcatenatedWith | | -| autogenerated/TaintedPath/TaintedPath.js:95:29:97:1 | (ev) => ... ata);\\n} | CalleeFlexibleAccessPath | addEventListener | -| autogenerated/TaintedPath/TaintedPath.js:95:29:97:1 | (ev) => ... ata);\\n} | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/TaintedPath.js:95:29:97:1 | (ev) => ... ata);\\n} | InputArgumentIndex | 1 | -| autogenerated/TaintedPath/TaintedPath.js:95:29:97:1 | (ev) => ... ata);\\n} | assignedToPropName | | -| autogenerated/TaintedPath/TaintedPath.js:95:29:97:1 | (ev) => ... ata);\\n} | calleeImports | | -| autogenerated/TaintedPath/TaintedPath.js:95:29:97:1 | (ev) => ... ata);\\n} | contextFunctionInterfaces | views_local(req, res) | -| autogenerated/TaintedPath/TaintedPath.js:95:29:97:1 | (ev) => ... ata);\\n} | contextSurroundingFunctionParameters | (ev) | -| autogenerated/TaintedPath/TaintedPath.js:95:29:97:1 | (ev) => ... ata);\\n} | enclosingFunctionBody | | -| autogenerated/TaintedPath/TaintedPath.js:95:29:97:1 | (ev) => ... ata);\\n} | enclosingFunctionName | | -| autogenerated/TaintedPath/TaintedPath.js:95:29:97:1 | (ev) => ... ata);\\n} | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url | -| autogenerated/TaintedPath/TaintedPath.js:95:29:97:1 | (ev) => ... ata);\\n} | receiverName | | -| autogenerated/TaintedPath/TaintedPath.js:95:29:97:1 | (ev) => ... ata);\\n} | stringConcatenatedWith | | -| autogenerated/TaintedPath/TaintedPath.js:99:32:109:1 | functio ... );\\n\\n} | CalleeFlexibleAccessPath | http.createServer | -| autogenerated/TaintedPath/TaintedPath.js:99:32:109:1 | functio ... );\\n\\n} | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/TaintedPath.js:99:32:109:1 | functio ... );\\n\\n} | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/TaintedPath.js:99:32:109:1 | functio ... );\\n\\n} | assignedToPropName | | -| autogenerated/TaintedPath/TaintedPath.js:99:32:109:1 | functio ... );\\n\\n} | calleeImports | http | -| autogenerated/TaintedPath/TaintedPath.js:99:32:109:1 | functio ... );\\n\\n} | contextFunctionInterfaces | views_local(req, res) | -| autogenerated/TaintedPath/TaintedPath.js:99:32:109:1 | functio ... );\\n\\n} | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/TaintedPath.js:99:32:109:1 | functio ... );\\n\\n} | enclosingFunctionBody | | -| autogenerated/TaintedPath/TaintedPath.js:99:32:109:1 | functio ... );\\n\\n} | enclosingFunctionName | | -| autogenerated/TaintedPath/TaintedPath.js:99:32:109:1 | functio ... );\\n\\n} | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url | -| autogenerated/TaintedPath/TaintedPath.js:99:32:109:1 | functio ... );\\n\\n} | receiverName | http | -| autogenerated/TaintedPath/TaintedPath.js:99:32:109:1 | functio ... );\\n\\n} | stringConcatenatedWith | | -| autogenerated/TaintedPath/TaintedPath.js:102:28:102:48 | fs.real ... c(path) | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/TaintedPath.js:102:28:102:48 | fs.real ... c(path) | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/TaintedPath.js:102:28:102:48 | fs.real ... c(path) | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/TaintedPath.js:102:28:102:48 | fs.real ... c(path) | assignedToPropName | | -| autogenerated/TaintedPath/TaintedPath.js:102:28:102:48 | fs.real ... c(path) | calleeImports | fs | -| autogenerated/TaintedPath/TaintedPath.js:102:28:102:48 | fs.real ... c(path) | contextFunctionInterfaces | views_local(req, res) | -| autogenerated/TaintedPath/TaintedPath.js:102:28:102:48 | fs.real ... c(path) | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/TaintedPath.js:102:28:102:48 | fs.real ... c(path) | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync fs realpathSync path fs realpath path err realpath res write fs readFileSync realpath | -| autogenerated/TaintedPath/TaintedPath.js:102:28:102:48 | fs.real ... c(path) | enclosingFunctionName | http.createServer#functionalargument | -| autogenerated/TaintedPath/TaintedPath.js:102:28:102:48 | fs.real ... c(path) | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url | -| autogenerated/TaintedPath/TaintedPath.js:102:28:102:48 | fs.real ... c(path) | receiverName | fs | -| autogenerated/TaintedPath/TaintedPath.js:102:28:102:48 | fs.real ... c(path) | stringConcatenatedWith | | -| autogenerated/TaintedPath/TaintedPath.js:102:44:102:47 | path | CalleeFlexibleAccessPath | fs.realpathSync | -| autogenerated/TaintedPath/TaintedPath.js:102:44:102:47 | path | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/TaintedPath.js:102:44:102:47 | path | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/TaintedPath.js:102:44:102:47 | path | assignedToPropName | | -| autogenerated/TaintedPath/TaintedPath.js:102:44:102:47 | path | calleeImports | fs | -| autogenerated/TaintedPath/TaintedPath.js:102:44:102:47 | path | contextFunctionInterfaces | views_local(req, res) | -| autogenerated/TaintedPath/TaintedPath.js:102:44:102:47 | path | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/TaintedPath.js:102:44:102:47 | path | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync fs realpathSync path fs realpath path err realpath res write fs readFileSync realpath | -| autogenerated/TaintedPath/TaintedPath.js:102:44:102:47 | path | enclosingFunctionName | http.createServer#functionalargument | -| autogenerated/TaintedPath/TaintedPath.js:102:44:102:47 | path | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url | -| autogenerated/TaintedPath/TaintedPath.js:102:44:102:47 | path | receiverName | fs | -| autogenerated/TaintedPath/TaintedPath.js:102:44:102:47 | path | stringConcatenatedWith | | -| autogenerated/TaintedPath/TaintedPath.js:103:14:103:17 | path | CalleeFlexibleAccessPath | fs.realpath | -| autogenerated/TaintedPath/TaintedPath.js:103:14:103:17 | path | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/TaintedPath.js:103:14:103:17 | path | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/TaintedPath.js:103:14:103:17 | path | assignedToPropName | | -| autogenerated/TaintedPath/TaintedPath.js:103:14:103:17 | path | calleeImports | fs | -| autogenerated/TaintedPath/TaintedPath.js:103:14:103:17 | path | contextFunctionInterfaces | views_local(req, res) | -| autogenerated/TaintedPath/TaintedPath.js:103:14:103:17 | path | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/TaintedPath.js:103:14:103:17 | path | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync fs realpathSync path fs realpath path err realpath res write fs readFileSync realpath | -| autogenerated/TaintedPath/TaintedPath.js:103:14:103:17 | path | enclosingFunctionName | http.createServer#functionalargument | -| autogenerated/TaintedPath/TaintedPath.js:103:14:103:17 | path | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url | -| autogenerated/TaintedPath/TaintedPath.js:103:14:103:17 | path | receiverName | fs | -| autogenerated/TaintedPath/TaintedPath.js:103:14:103:17 | path | stringConcatenatedWith | | -| autogenerated/TaintedPath/TaintedPath.js:104:18:106:18 | functio ... } | CalleeFlexibleAccessPath | fs.realpath | -| autogenerated/TaintedPath/TaintedPath.js:104:18:106:18 | functio ... } | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/TaintedPath.js:104:18:106:18 | functio ... } | InputArgumentIndex | 1 | -| autogenerated/TaintedPath/TaintedPath.js:104:18:106:18 | functio ... } | assignedToPropName | | -| autogenerated/TaintedPath/TaintedPath.js:104:18:106:18 | functio ... } | calleeImports | fs | -| autogenerated/TaintedPath/TaintedPath.js:104:18:106:18 | functio ... } | contextFunctionInterfaces | views_local(req, res) | -| autogenerated/TaintedPath/TaintedPath.js:104:18:106:18 | functio ... } | contextSurroundingFunctionParameters | (req, res)\n(err, realpath) | -| autogenerated/TaintedPath/TaintedPath.js:104:18:106:18 | functio ... } | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync fs realpathSync path fs realpath path err realpath res write fs readFileSync realpath | -| autogenerated/TaintedPath/TaintedPath.js:104:18:106:18 | functio ... } | enclosingFunctionName | http.createServer#functionalargument | -| autogenerated/TaintedPath/TaintedPath.js:104:18:106:18 | functio ... } | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url | -| autogenerated/TaintedPath/TaintedPath.js:104:18:106:18 | functio ... } | receiverName | fs | -| autogenerated/TaintedPath/TaintedPath.js:104:18:106:18 | functio ... } | stringConcatenatedWith | | -| autogenerated/TaintedPath/TaintedPath.js:105:45:105:52 | realpath | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/TaintedPath.js:105:45:105:52 | realpath | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/TaintedPath.js:105:45:105:52 | realpath | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/TaintedPath.js:105:45:105:52 | realpath | assignedToPropName | | -| autogenerated/TaintedPath/TaintedPath.js:105:45:105:52 | realpath | calleeImports | fs | -| autogenerated/TaintedPath/TaintedPath.js:105:45:105:52 | realpath | contextFunctionInterfaces | views_local(req, res) | -| autogenerated/TaintedPath/TaintedPath.js:105:45:105:52 | realpath | contextSurroundingFunctionParameters | (req, res)\n(err, realpath) | -| autogenerated/TaintedPath/TaintedPath.js:105:45:105:52 | realpath | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync fs realpathSync path fs realpath path err realpath res write fs readFileSync realpath | -| autogenerated/TaintedPath/TaintedPath.js:105:45:105:52 | realpath | enclosingFunctionName | http.createServer#functionalargument | -| autogenerated/TaintedPath/TaintedPath.js:105:45:105:52 | realpath | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url | -| autogenerated/TaintedPath/TaintedPath.js:105:45:105:52 | realpath | receiverName | fs | -| autogenerated/TaintedPath/TaintedPath.js:105:45:105:52 | realpath | stringConcatenatedWith | | -| autogenerated/TaintedPath/TaintedPath.js:111:32:120:1 | functio ... bove.\\n} | CalleeFlexibleAccessPath | http.createServer | -| autogenerated/TaintedPath/TaintedPath.js:111:32:120:1 | functio ... bove.\\n} | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/TaintedPath.js:111:32:120:1 | functio ... bove.\\n} | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/TaintedPath.js:111:32:120:1 | functio ... bove.\\n} | assignedToPropName | | -| autogenerated/TaintedPath/TaintedPath.js:111:32:120:1 | functio ... bove.\\n} | calleeImports | http | -| autogenerated/TaintedPath/TaintedPath.js:111:32:120:1 | functio ... bove.\\n} | contextFunctionInterfaces | views_local(req, res) | -| autogenerated/TaintedPath/TaintedPath.js:111:32:120:1 | functio ... bove.\\n} | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/TaintedPath.js:111:32:120:1 | functio ... bove.\\n} | enclosingFunctionBody | | -| autogenerated/TaintedPath/TaintedPath.js:111:32:120:1 | functio ... bove.\\n} | enclosingFunctionName | | -| autogenerated/TaintedPath/TaintedPath.js:111:32:120:1 | functio ... bove.\\n} | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url | -| autogenerated/TaintedPath/TaintedPath.js:111:32:120:1 | functio ... bove.\\n} | receiverName | http | -| autogenerated/TaintedPath/TaintedPath.js:111:32:120:1 | functio ... bove.\\n} | stringConcatenatedWith | | -| autogenerated/TaintedPath/TaintedPath.js:115:12:115:51 | path.re ... /g, '') | CalleeFlexibleAccessPath | | -| autogenerated/TaintedPath/TaintedPath.js:115:12:115:51 | path.re ... /g, '') | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/TaintedPath.js:115:12:115:51 | path.re ... /g, '') | InputArgumentIndex | | -| autogenerated/TaintedPath/TaintedPath.js:115:12:115:51 | path.re ... /g, '') | assignedToPropName | | -| autogenerated/TaintedPath/TaintedPath.js:115:12:115:51 | path.re ... /g, '') | calleeImports | | -| autogenerated/TaintedPath/TaintedPath.js:115:12:115:51 | path.re ... /g, '') | contextFunctionInterfaces | views_local(req, res) | -| autogenerated/TaintedPath/TaintedPath.js:115:12:115:51 | path.re ... /g, '') | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/TaintedPath.js:115:12:115:51 | path.re ... /g, '') | enclosingFunctionBody | req res path url parse req url true query path path path path replace /[\\]\\[*,;'"`<>\\\\?\\/]/g path path replace /\\.\\./g res write fs readFileSync path | -| autogenerated/TaintedPath/TaintedPath.js:115:12:115:51 | path.re ... /g, '') | enclosingFunctionName | http.createServer#functionalargument | -| autogenerated/TaintedPath/TaintedPath.js:115:12:115:51 | path.re ... /g, '') | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url | -| autogenerated/TaintedPath/TaintedPath.js:115:12:115:51 | path.re ... /g, '') | receiverName | | -| autogenerated/TaintedPath/TaintedPath.js:115:12:115:51 | path.re ... /g, '') | stringConcatenatedWith | | -| autogenerated/TaintedPath/TaintedPath.js:116:12:116:36 | path.re ... /g, '') | CalleeFlexibleAccessPath | | -| autogenerated/TaintedPath/TaintedPath.js:116:12:116:36 | path.re ... /g, '') | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/TaintedPath.js:116:12:116:36 | path.re ... /g, '') | InputArgumentIndex | | -| autogenerated/TaintedPath/TaintedPath.js:116:12:116:36 | path.re ... /g, '') | assignedToPropName | | -| autogenerated/TaintedPath/TaintedPath.js:116:12:116:36 | path.re ... /g, '') | calleeImports | | -| autogenerated/TaintedPath/TaintedPath.js:116:12:116:36 | path.re ... /g, '') | contextFunctionInterfaces | views_local(req, res) | -| autogenerated/TaintedPath/TaintedPath.js:116:12:116:36 | path.re ... /g, '') | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/TaintedPath.js:116:12:116:36 | path.re ... /g, '') | enclosingFunctionBody | req res path url parse req url true query path path path path replace /[\\]\\[*,;'"`<>\\\\?\\/]/g path path replace /\\.\\./g res write fs readFileSync path | -| autogenerated/TaintedPath/TaintedPath.js:116:12:116:36 | path.re ... /g, '') | enclosingFunctionName | http.createServer#functionalargument | -| autogenerated/TaintedPath/TaintedPath.js:116:12:116:36 | path.re ... /g, '') | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url | -| autogenerated/TaintedPath/TaintedPath.js:116:12:116:36 | path.re ... /g, '') | receiverName | | -| autogenerated/TaintedPath/TaintedPath.js:116:12:116:36 | path.re ... /g, '') | stringConcatenatedWith | | -| autogenerated/TaintedPath/TaintedPath.js:119:29:119:32 | path | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/TaintedPath.js:119:29:119:32 | path | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/TaintedPath.js:119:29:119:32 | path | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/TaintedPath.js:119:29:119:32 | path | assignedToPropName | | -| autogenerated/TaintedPath/TaintedPath.js:119:29:119:32 | path | calleeImports | fs | -| autogenerated/TaintedPath/TaintedPath.js:119:29:119:32 | path | contextFunctionInterfaces | views_local(req, res) | -| autogenerated/TaintedPath/TaintedPath.js:119:29:119:32 | path | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/TaintedPath.js:119:29:119:32 | path | enclosingFunctionBody | req res path url parse req url true query path path path path replace /[\\]\\[*,;'"`<>\\\\?\\/]/g path path replace /\\.\\./g res write fs readFileSync path | -| autogenerated/TaintedPath/TaintedPath.js:119:29:119:32 | path | enclosingFunctionName | http.createServer#functionalargument | -| autogenerated/TaintedPath/TaintedPath.js:119:29:119:32 | path | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url | -| autogenerated/TaintedPath/TaintedPath.js:119:29:119:32 | path | receiverName | fs | -| autogenerated/TaintedPath/TaintedPath.js:119:29:119:32 | path | stringConcatenatedWith | | -| autogenerated/TaintedPath/TaintedPath.js:122:32:133:1 | functio ... bove.\\n} | CalleeFlexibleAccessPath | http.createServer | -| autogenerated/TaintedPath/TaintedPath.js:122:32:133:1 | functio ... bove.\\n} | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/TaintedPath.js:122:32:133:1 | functio ... bove.\\n} | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/TaintedPath.js:122:32:133:1 | functio ... bove.\\n} | assignedToPropName | | -| autogenerated/TaintedPath/TaintedPath.js:122:32:133:1 | functio ... bove.\\n} | calleeImports | http | -| autogenerated/TaintedPath/TaintedPath.js:122:32:133:1 | functio ... bove.\\n} | contextFunctionInterfaces | views_local(req, res) | -| autogenerated/TaintedPath/TaintedPath.js:122:32:133:1 | functio ... bove.\\n} | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/TaintedPath.js:122:32:133:1 | functio ... bove.\\n} | enclosingFunctionBody | | -| autogenerated/TaintedPath/TaintedPath.js:122:32:133:1 | functio ... bove.\\n} | enclosingFunctionName | | -| autogenerated/TaintedPath/TaintedPath.js:122:32:133:1 | functio ... bove.\\n} | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url | -| autogenerated/TaintedPath/TaintedPath.js:122:32:133:1 | functio ... bove.\\n} | receiverName | http | -| autogenerated/TaintedPath/TaintedPath.js:122:32:133:1 | functio ... bove.\\n} | stringConcatenatedWith | | -| autogenerated/TaintedPath/TaintedPath.js:128:11:128:50 | path.re ... /g, '') | CalleeFlexibleAccessPath | | -| autogenerated/TaintedPath/TaintedPath.js:128:11:128:50 | path.re ... /g, '') | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/TaintedPath.js:128:11:128:50 | path.re ... /g, '') | InputArgumentIndex | | -| autogenerated/TaintedPath/TaintedPath.js:128:11:128:50 | path.re ... /g, '') | assignedToPropName | | -| autogenerated/TaintedPath/TaintedPath.js:128:11:128:50 | path.re ... /g, '') | calleeImports | | -| autogenerated/TaintedPath/TaintedPath.js:128:11:128:50 | path.re ... /g, '') | contextFunctionInterfaces | views_local(req, res) | -| autogenerated/TaintedPath/TaintedPath.js:128:11:128:50 | path.re ... /g, '') | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/TaintedPath.js:128:11:128:50 | path.re ... /g, '') | enclosingFunctionBody | req res path url parse req url true query path path path path replace /[\\]\\[*,;'"`<>\\\\?\\/]/g path path replace /\\.\\./g res write fs readFileSync path | -| autogenerated/TaintedPath/TaintedPath.js:128:11:128:50 | path.re ... /g, '') | enclosingFunctionName | http.createServer#functionalargument | -| autogenerated/TaintedPath/TaintedPath.js:128:11:128:50 | path.re ... /g, '') | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url | -| autogenerated/TaintedPath/TaintedPath.js:128:11:128:50 | path.re ... /g, '') | receiverName | | -| autogenerated/TaintedPath/TaintedPath.js:128:11:128:50 | path.re ... /g, '') | stringConcatenatedWith | | -| autogenerated/TaintedPath/TaintedPath.js:129:12:129:36 | path.re ... /g, '') | CalleeFlexibleAccessPath | | -| autogenerated/TaintedPath/TaintedPath.js:129:12:129:36 | path.re ... /g, '') | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/TaintedPath.js:129:12:129:36 | path.re ... /g, '') | InputArgumentIndex | | -| autogenerated/TaintedPath/TaintedPath.js:129:12:129:36 | path.re ... /g, '') | assignedToPropName | | -| autogenerated/TaintedPath/TaintedPath.js:129:12:129:36 | path.re ... /g, '') | calleeImports | | -| autogenerated/TaintedPath/TaintedPath.js:129:12:129:36 | path.re ... /g, '') | contextFunctionInterfaces | views_local(req, res) | -| autogenerated/TaintedPath/TaintedPath.js:129:12:129:36 | path.re ... /g, '') | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/TaintedPath.js:129:12:129:36 | path.re ... /g, '') | enclosingFunctionBody | req res path url parse req url true query path path path path replace /[\\]\\[*,;'"`<>\\\\?\\/]/g path path replace /\\.\\./g res write fs readFileSync path | -| autogenerated/TaintedPath/TaintedPath.js:129:12:129:36 | path.re ... /g, '') | enclosingFunctionName | http.createServer#functionalargument | -| autogenerated/TaintedPath/TaintedPath.js:129:12:129:36 | path.re ... /g, '') | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url | -| autogenerated/TaintedPath/TaintedPath.js:129:12:129:36 | path.re ... /g, '') | receiverName | | -| autogenerated/TaintedPath/TaintedPath.js:129:12:129:36 | path.re ... /g, '') | stringConcatenatedWith | | -| autogenerated/TaintedPath/TaintedPath.js:132:29:132:32 | path | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/TaintedPath.js:132:29:132:32 | path | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/TaintedPath.js:132:29:132:32 | path | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/TaintedPath.js:132:29:132:32 | path | assignedToPropName | | -| autogenerated/TaintedPath/TaintedPath.js:132:29:132:32 | path | calleeImports | fs | -| autogenerated/TaintedPath/TaintedPath.js:132:29:132:32 | path | contextFunctionInterfaces | views_local(req, res) | -| autogenerated/TaintedPath/TaintedPath.js:132:29:132:32 | path | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/TaintedPath.js:132:29:132:32 | path | enclosingFunctionBody | req res path url parse req url true query path path path path replace /[\\]\\[*,;'"`<>\\\\?\\/]/g path path replace /\\.\\./g res write fs readFileSync path | -| autogenerated/TaintedPath/TaintedPath.js:132:29:132:32 | path | enclosingFunctionName | http.createServer#functionalargument | -| autogenerated/TaintedPath/TaintedPath.js:132:29:132:32 | path | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url | -| autogenerated/TaintedPath/TaintedPath.js:132:29:132:32 | path | receiverName | fs | -| autogenerated/TaintedPath/TaintedPath.js:132:29:132:32 | path | stringConcatenatedWith | | -| autogenerated/TaintedPath/TaintedPath.js:135:32:139:1 | functio ... OT OK\\n} | CalleeFlexibleAccessPath | http.createServer | -| autogenerated/TaintedPath/TaintedPath.js:135:32:139:1 | functio ... OT OK\\n} | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/TaintedPath.js:135:32:139:1 | functio ... OT OK\\n} | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/TaintedPath.js:135:32:139:1 | functio ... OT OK\\n} | assignedToPropName | | -| autogenerated/TaintedPath/TaintedPath.js:135:32:139:1 | functio ... OT OK\\n} | calleeImports | http | -| autogenerated/TaintedPath/TaintedPath.js:135:32:139:1 | functio ... OT OK\\n} | contextFunctionInterfaces | views_local(req, res) | -| autogenerated/TaintedPath/TaintedPath.js:135:32:139:1 | functio ... OT OK\\n} | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/TaintedPath.js:135:32:139:1 | functio ... OT OK\\n} | enclosingFunctionBody | | -| autogenerated/TaintedPath/TaintedPath.js:135:32:139:1 | functio ... OT OK\\n} | enclosingFunctionName | | -| autogenerated/TaintedPath/TaintedPath.js:135:32:139:1 | functio ... OT OK\\n} | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url | -| autogenerated/TaintedPath/TaintedPath.js:135:32:139:1 | functio ... OT OK\\n} | receiverName | http | -| autogenerated/TaintedPath/TaintedPath.js:135:32:139:1 | functio ... OT OK\\n} | stringConcatenatedWith | | -| autogenerated/TaintedPath/TaintedPath.js:138:10:138:15 | 'send' | CalleeFlexibleAccessPath | require | -| autogenerated/TaintedPath/TaintedPath.js:138:10:138:15 | 'send' | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/TaintedPath.js:138:10:138:15 | 'send' | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/TaintedPath.js:138:10:138:15 | 'send' | assignedToPropName | | -| autogenerated/TaintedPath/TaintedPath.js:138:10:138:15 | 'send' | calleeImports | | -| autogenerated/TaintedPath/TaintedPath.js:138:10:138:15 | 'send' | contextFunctionInterfaces | views_local(req, res) | -| autogenerated/TaintedPath/TaintedPath.js:138:10:138:15 | 'send' | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/TaintedPath.js:138:10:138:15 | 'send' | enclosingFunctionBody | req res path url parse req url true query path require send req path | -| autogenerated/TaintedPath/TaintedPath.js:138:10:138:15 | 'send' | enclosingFunctionName | http.createServer#functionalargument | -| autogenerated/TaintedPath/TaintedPath.js:138:10:138:15 | 'send' | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url | -| autogenerated/TaintedPath/TaintedPath.js:138:10:138:15 | 'send' | receiverName | | -| autogenerated/TaintedPath/TaintedPath.js:138:10:138:15 | 'send' | stringConcatenatedWith | | -| autogenerated/TaintedPath/TaintedPath.js:138:23:138:26 | path | CalleeFlexibleAccessPath | import(!) | -| autogenerated/TaintedPath/TaintedPath.js:138:23:138:26 | path | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/TaintedPath.js:138:23:138:26 | path | InputArgumentIndex | 1 | -| autogenerated/TaintedPath/TaintedPath.js:138:23:138:26 | path | assignedToPropName | | -| autogenerated/TaintedPath/TaintedPath.js:138:23:138:26 | path | calleeImports | send | -| autogenerated/TaintedPath/TaintedPath.js:138:23:138:26 | path | contextFunctionInterfaces | views_local(req, res) | -| autogenerated/TaintedPath/TaintedPath.js:138:23:138:26 | path | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/TaintedPath.js:138:23:138:26 | path | enclosingFunctionBody | req res path url parse req url true query path require send req path | -| autogenerated/TaintedPath/TaintedPath.js:138:23:138:26 | path | enclosingFunctionName | http.createServer#functionalargument | -| autogenerated/TaintedPath/TaintedPath.js:138:23:138:26 | path | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url | -| autogenerated/TaintedPath/TaintedPath.js:138:23:138:26 | path | receiverName | | -| autogenerated/TaintedPath/TaintedPath.js:138:23:138:26 | path | stringConcatenatedWith | | -| autogenerated/TaintedPath/TaintedPath.js:141:32:163:1 | functio ... OK \\n\\n} | CalleeFlexibleAccessPath | http.createServer | -| autogenerated/TaintedPath/TaintedPath.js:141:32:163:1 | functio ... OK \\n\\n} | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/TaintedPath.js:141:32:163:1 | functio ... OK \\n\\n} | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/TaintedPath.js:141:32:163:1 | functio ... OK \\n\\n} | assignedToPropName | | -| autogenerated/TaintedPath/TaintedPath.js:141:32:163:1 | functio ... OK \\n\\n} | calleeImports | http | -| autogenerated/TaintedPath/TaintedPath.js:141:32:163:1 | functio ... OK \\n\\n} | contextFunctionInterfaces | views_local(req, res) | -| autogenerated/TaintedPath/TaintedPath.js:141:32:163:1 | functio ... OK \\n\\n} | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/TaintedPath.js:141:32:163:1 | functio ... OK \\n\\n} | enclosingFunctionBody | | -| autogenerated/TaintedPath/TaintedPath.js:141:32:163:1 | functio ... OK \\n\\n} | enclosingFunctionName | | -| autogenerated/TaintedPath/TaintedPath.js:141:32:163:1 | functio ... OK \\n\\n} | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url | -| autogenerated/TaintedPath/TaintedPath.js:141:32:163:1 | functio ... OK \\n\\n} | receiverName | http | -| autogenerated/TaintedPath/TaintedPath.js:141:32:163:1 | functio ... OK \\n\\n} | stringConcatenatedWith | | -| autogenerated/TaintedPath/TaintedPath.js:144:19:144:22 | path | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/TaintedPath.js:144:19:144:22 | path | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/TaintedPath.js:144:19:144:22 | path | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/TaintedPath.js:144:19:144:22 | path | assignedToPropName | | -| autogenerated/TaintedPath/TaintedPath.js:144:19:144:22 | path | calleeImports | fs | -| autogenerated/TaintedPath/TaintedPath.js:144:19:144:22 | path | contextFunctionInterfaces | views_local(req, res) | -| autogenerated/TaintedPath/TaintedPath.js:144:19:144:22 | path | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/TaintedPath.js:144:19:144:22 | path | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path split path split / fs readFileSync split join / fs readFileSync prefix split split length 1 fs readFileSync split x fs readFileSync prefix split x concatted prefix concat split fs readFileSync concatted join / concatted2 split concat prefix fs readFileSync concatted2 join / fs readFileSync split pop | -| autogenerated/TaintedPath/TaintedPath.js:144:19:144:22 | path | enclosingFunctionName | http.createServer#functionalargument | -| autogenerated/TaintedPath/TaintedPath.js:144:19:144:22 | path | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url | -| autogenerated/TaintedPath/TaintedPath.js:144:19:144:22 | path | receiverName | fs | -| autogenerated/TaintedPath/TaintedPath.js:144:19:144:22 | path | stringConcatenatedWith | | -| autogenerated/TaintedPath/TaintedPath.js:146:26:146:28 | "/" | CalleeFlexibleAccessPath | path.split | -| autogenerated/TaintedPath/TaintedPath.js:146:26:146:28 | "/" | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/TaintedPath.js:146:26:146:28 | "/" | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/TaintedPath.js:146:26:146:28 | "/" | assignedToPropName | | -| autogenerated/TaintedPath/TaintedPath.js:146:26:146:28 | "/" | calleeImports | url | -| autogenerated/TaintedPath/TaintedPath.js:146:26:146:28 | "/" | contextFunctionInterfaces | views_local(req, res) | -| autogenerated/TaintedPath/TaintedPath.js:146:26:146:28 | "/" | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/TaintedPath.js:146:26:146:28 | "/" | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path split path split / fs readFileSync split join / fs readFileSync prefix split split length 1 fs readFileSync split x fs readFileSync prefix split x concatted prefix concat split fs readFileSync concatted join / concatted2 split concat prefix fs readFileSync concatted2 join / fs readFileSync split pop | -| autogenerated/TaintedPath/TaintedPath.js:146:26:146:28 | "/" | enclosingFunctionName | http.createServer#functionalargument | -| autogenerated/TaintedPath/TaintedPath.js:146:26:146:28 | "/" | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url | -| autogenerated/TaintedPath/TaintedPath.js:146:26:146:28 | "/" | receiverName | path | -| autogenerated/TaintedPath/TaintedPath.js:146:26:146:28 | "/" | stringConcatenatedWith | | -| autogenerated/TaintedPath/TaintedPath.js:148:19:148:33 | split.join("/") | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/TaintedPath.js:148:19:148:33 | split.join("/") | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/TaintedPath.js:148:19:148:33 | split.join("/") | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/TaintedPath.js:148:19:148:33 | split.join("/") | assignedToPropName | | -| autogenerated/TaintedPath/TaintedPath.js:148:19:148:33 | split.join("/") | calleeImports | fs | -| autogenerated/TaintedPath/TaintedPath.js:148:19:148:33 | split.join("/") | contextFunctionInterfaces | views_local(req, res) | -| autogenerated/TaintedPath/TaintedPath.js:148:19:148:33 | split.join("/") | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/TaintedPath.js:148:19:148:33 | split.join("/") | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path split path split / fs readFileSync split join / fs readFileSync prefix split split length 1 fs readFileSync split x fs readFileSync prefix split x concatted prefix concat split fs readFileSync concatted join / concatted2 split concat prefix fs readFileSync concatted2 join / fs readFileSync split pop | -| autogenerated/TaintedPath/TaintedPath.js:148:19:148:33 | split.join("/") | enclosingFunctionName | http.createServer#functionalargument | -| autogenerated/TaintedPath/TaintedPath.js:148:19:148:33 | split.join("/") | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url | -| autogenerated/TaintedPath/TaintedPath.js:148:19:148:33 | split.join("/") | receiverName | fs | -| autogenerated/TaintedPath/TaintedPath.js:148:19:148:33 | split.join("/") | stringConcatenatedWith | | -| autogenerated/TaintedPath/TaintedPath.js:148:30:148:32 | "/" | CalleeFlexibleAccessPath | split.join | -| autogenerated/TaintedPath/TaintedPath.js:148:30:148:32 | "/" | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/TaintedPath.js:148:30:148:32 | "/" | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/TaintedPath.js:148:30:148:32 | "/" | assignedToPropName | | -| autogenerated/TaintedPath/TaintedPath.js:148:30:148:32 | "/" | calleeImports | url | -| autogenerated/TaintedPath/TaintedPath.js:148:30:148:32 | "/" | contextFunctionInterfaces | views_local(req, res) | -| autogenerated/TaintedPath/TaintedPath.js:148:30:148:32 | "/" | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/TaintedPath.js:148:30:148:32 | "/" | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path split path split / fs readFileSync split join / fs readFileSync prefix split split length 1 fs readFileSync split x fs readFileSync prefix split x concatted prefix concat split fs readFileSync concatted join / concatted2 split concat prefix fs readFileSync concatted2 join / fs readFileSync split pop | -| autogenerated/TaintedPath/TaintedPath.js:148:30:148:32 | "/" | enclosingFunctionName | http.createServer#functionalargument | -| autogenerated/TaintedPath/TaintedPath.js:148:30:148:32 | "/" | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url | -| autogenerated/TaintedPath/TaintedPath.js:148:30:148:32 | "/" | receiverName | split | -| autogenerated/TaintedPath/TaintedPath.js:148:30:148:32 | "/" | stringConcatenatedWith | | -| autogenerated/TaintedPath/TaintedPath.js:150:19:150:50 | prefix ... th - 1] | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/TaintedPath.js:150:19:150:50 | prefix ... th - 1] | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/TaintedPath.js:150:19:150:50 | prefix ... th - 1] | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/TaintedPath.js:150:19:150:50 | prefix ... th - 1] | assignedToPropName | | -| autogenerated/TaintedPath/TaintedPath.js:150:19:150:50 | prefix ... th - 1] | calleeImports | fs | -| autogenerated/TaintedPath/TaintedPath.js:150:19:150:50 | prefix ... th - 1] | contextFunctionInterfaces | views_local(req, res) | -| autogenerated/TaintedPath/TaintedPath.js:150:19:150:50 | prefix ... th - 1] | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/TaintedPath.js:150:19:150:50 | prefix ... th - 1] | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path split path split / fs readFileSync split join / fs readFileSync prefix split split length 1 fs readFileSync split x fs readFileSync prefix split x concatted prefix concat split fs readFileSync concatted join / concatted2 split concat prefix fs readFileSync concatted2 join / fs readFileSync split pop | -| autogenerated/TaintedPath/TaintedPath.js:150:19:150:50 | prefix ... th - 1] | enclosingFunctionName | http.createServer#functionalargument | -| autogenerated/TaintedPath/TaintedPath.js:150:19:150:50 | prefix ... th - 1] | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url | -| autogenerated/TaintedPath/TaintedPath.js:150:19:150:50 | prefix ... th - 1] | receiverName | fs | -| autogenerated/TaintedPath/TaintedPath.js:150:19:150:50 | prefix ... th - 1] | stringConcatenatedWith | | -| autogenerated/TaintedPath/TaintedPath.js:152:19:152:26 | split[x] | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/TaintedPath.js:152:19:152:26 | split[x] | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/TaintedPath.js:152:19:152:26 | split[x] | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/TaintedPath.js:152:19:152:26 | split[x] | assignedToPropName | | -| autogenerated/TaintedPath/TaintedPath.js:152:19:152:26 | split[x] | calleeImports | fs | -| autogenerated/TaintedPath/TaintedPath.js:152:19:152:26 | split[x] | contextFunctionInterfaces | views_local(req, res) | -| autogenerated/TaintedPath/TaintedPath.js:152:19:152:26 | split[x] | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/TaintedPath.js:152:19:152:26 | split[x] | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path split path split / fs readFileSync split join / fs readFileSync prefix split split length 1 fs readFileSync split x fs readFileSync prefix split x concatted prefix concat split fs readFileSync concatted join / concatted2 split concat prefix fs readFileSync concatted2 join / fs readFileSync split pop | -| autogenerated/TaintedPath/TaintedPath.js:152:19:152:26 | split[x] | enclosingFunctionName | http.createServer#functionalargument | -| autogenerated/TaintedPath/TaintedPath.js:152:19:152:26 | split[x] | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url | -| autogenerated/TaintedPath/TaintedPath.js:152:19:152:26 | split[x] | receiverName | fs | -| autogenerated/TaintedPath/TaintedPath.js:152:19:152:26 | split[x] | stringConcatenatedWith | | -| autogenerated/TaintedPath/TaintedPath.js:153:19:153:35 | prefix + split[x] | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/TaintedPath.js:153:19:153:35 | prefix + split[x] | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/TaintedPath.js:153:19:153:35 | prefix + split[x] | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/TaintedPath.js:153:19:153:35 | prefix + split[x] | assignedToPropName | | -| autogenerated/TaintedPath/TaintedPath.js:153:19:153:35 | prefix + split[x] | calleeImports | fs | -| autogenerated/TaintedPath/TaintedPath.js:153:19:153:35 | prefix + split[x] | contextFunctionInterfaces | views_local(req, res) | -| autogenerated/TaintedPath/TaintedPath.js:153:19:153:35 | prefix + split[x] | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/TaintedPath.js:153:19:153:35 | prefix + split[x] | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path split path split / fs readFileSync split join / fs readFileSync prefix split split length 1 fs readFileSync split x fs readFileSync prefix split x concatted prefix concat split fs readFileSync concatted join / concatted2 split concat prefix fs readFileSync concatted2 join / fs readFileSync split pop | -| autogenerated/TaintedPath/TaintedPath.js:153:19:153:35 | prefix + split[x] | enclosingFunctionName | http.createServer#functionalargument | -| autogenerated/TaintedPath/TaintedPath.js:153:19:153:35 | prefix + split[x] | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url | -| autogenerated/TaintedPath/TaintedPath.js:153:19:153:35 | prefix + split[x] | receiverName | fs | -| autogenerated/TaintedPath/TaintedPath.js:153:19:153:35 | prefix + split[x] | stringConcatenatedWith | | -| autogenerated/TaintedPath/TaintedPath.js:156:19:156:37 | concatted.join("/") | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/TaintedPath.js:156:19:156:37 | concatted.join("/") | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/TaintedPath.js:156:19:156:37 | concatted.join("/") | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/TaintedPath.js:156:19:156:37 | concatted.join("/") | assignedToPropName | | -| autogenerated/TaintedPath/TaintedPath.js:156:19:156:37 | concatted.join("/") | calleeImports | fs | -| autogenerated/TaintedPath/TaintedPath.js:156:19:156:37 | concatted.join("/") | contextFunctionInterfaces | views_local(req, res) | -| autogenerated/TaintedPath/TaintedPath.js:156:19:156:37 | concatted.join("/") | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/TaintedPath.js:156:19:156:37 | concatted.join("/") | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path split path split / fs readFileSync split join / fs readFileSync prefix split split length 1 fs readFileSync split x fs readFileSync prefix split x concatted prefix concat split fs readFileSync concatted join / concatted2 split concat prefix fs readFileSync concatted2 join / fs readFileSync split pop | -| autogenerated/TaintedPath/TaintedPath.js:156:19:156:37 | concatted.join("/") | enclosingFunctionName | http.createServer#functionalargument | -| autogenerated/TaintedPath/TaintedPath.js:156:19:156:37 | concatted.join("/") | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url | -| autogenerated/TaintedPath/TaintedPath.js:156:19:156:37 | concatted.join("/") | receiverName | fs | -| autogenerated/TaintedPath/TaintedPath.js:156:19:156:37 | concatted.join("/") | stringConcatenatedWith | | -| autogenerated/TaintedPath/TaintedPath.js:156:34:156:36 | "/" | CalleeFlexibleAccessPath | concatted.join | -| autogenerated/TaintedPath/TaintedPath.js:156:34:156:36 | "/" | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/TaintedPath.js:156:34:156:36 | "/" | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/TaintedPath.js:156:34:156:36 | "/" | assignedToPropName | | -| autogenerated/TaintedPath/TaintedPath.js:156:34:156:36 | "/" | calleeImports | | -| autogenerated/TaintedPath/TaintedPath.js:156:34:156:36 | "/" | contextFunctionInterfaces | views_local(req, res) | -| autogenerated/TaintedPath/TaintedPath.js:156:34:156:36 | "/" | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/TaintedPath.js:156:34:156:36 | "/" | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path split path split / fs readFileSync split join / fs readFileSync prefix split split length 1 fs readFileSync split x fs readFileSync prefix split x concatted prefix concat split fs readFileSync concatted join / concatted2 split concat prefix fs readFileSync concatted2 join / fs readFileSync split pop | -| autogenerated/TaintedPath/TaintedPath.js:156:34:156:36 | "/" | enclosingFunctionName | http.createServer#functionalargument | -| autogenerated/TaintedPath/TaintedPath.js:156:34:156:36 | "/" | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url | -| autogenerated/TaintedPath/TaintedPath.js:156:34:156:36 | "/" | receiverName | concatted | -| autogenerated/TaintedPath/TaintedPath.js:156:34:156:36 | "/" | stringConcatenatedWith | | -| autogenerated/TaintedPath/TaintedPath.js:159:19:159:38 | concatted2.join("/") | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/TaintedPath.js:159:19:159:38 | concatted2.join("/") | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/TaintedPath.js:159:19:159:38 | concatted2.join("/") | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/TaintedPath.js:159:19:159:38 | concatted2.join("/") | assignedToPropName | | -| autogenerated/TaintedPath/TaintedPath.js:159:19:159:38 | concatted2.join("/") | calleeImports | fs | -| autogenerated/TaintedPath/TaintedPath.js:159:19:159:38 | concatted2.join("/") | contextFunctionInterfaces | views_local(req, res) | -| autogenerated/TaintedPath/TaintedPath.js:159:19:159:38 | concatted2.join("/") | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/TaintedPath.js:159:19:159:38 | concatted2.join("/") | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path split path split / fs readFileSync split join / fs readFileSync prefix split split length 1 fs readFileSync split x fs readFileSync prefix split x concatted prefix concat split fs readFileSync concatted join / concatted2 split concat prefix fs readFileSync concatted2 join / fs readFileSync split pop | -| autogenerated/TaintedPath/TaintedPath.js:159:19:159:38 | concatted2.join("/") | enclosingFunctionName | http.createServer#functionalargument | -| autogenerated/TaintedPath/TaintedPath.js:159:19:159:38 | concatted2.join("/") | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url | -| autogenerated/TaintedPath/TaintedPath.js:159:19:159:38 | concatted2.join("/") | receiverName | fs | -| autogenerated/TaintedPath/TaintedPath.js:159:19:159:38 | concatted2.join("/") | stringConcatenatedWith | | -| autogenerated/TaintedPath/TaintedPath.js:159:35:159:37 | "/" | CalleeFlexibleAccessPath | concatted2.join | -| autogenerated/TaintedPath/TaintedPath.js:159:35:159:37 | "/" | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/TaintedPath.js:159:35:159:37 | "/" | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/TaintedPath.js:159:35:159:37 | "/" | assignedToPropName | | -| autogenerated/TaintedPath/TaintedPath.js:159:35:159:37 | "/" | calleeImports | url | -| autogenerated/TaintedPath/TaintedPath.js:159:35:159:37 | "/" | contextFunctionInterfaces | views_local(req, res) | -| autogenerated/TaintedPath/TaintedPath.js:159:35:159:37 | "/" | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/TaintedPath.js:159:35:159:37 | "/" | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path split path split / fs readFileSync split join / fs readFileSync prefix split split length 1 fs readFileSync split x fs readFileSync prefix split x concatted prefix concat split fs readFileSync concatted join / concatted2 split concat prefix fs readFileSync concatted2 join / fs readFileSync split pop | -| autogenerated/TaintedPath/TaintedPath.js:159:35:159:37 | "/" | enclosingFunctionName | http.createServer#functionalargument | -| autogenerated/TaintedPath/TaintedPath.js:159:35:159:37 | "/" | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url | -| autogenerated/TaintedPath/TaintedPath.js:159:35:159:37 | "/" | receiverName | concatted2 | -| autogenerated/TaintedPath/TaintedPath.js:159:35:159:37 | "/" | stringConcatenatedWith | | -| autogenerated/TaintedPath/TaintedPath.js:161:19:161:29 | split.pop() | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/TaintedPath.js:161:19:161:29 | split.pop() | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/TaintedPath.js:161:19:161:29 | split.pop() | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/TaintedPath.js:161:19:161:29 | split.pop() | assignedToPropName | | -| autogenerated/TaintedPath/TaintedPath.js:161:19:161:29 | split.pop() | calleeImports | fs | -| autogenerated/TaintedPath/TaintedPath.js:161:19:161:29 | split.pop() | contextFunctionInterfaces | views_local(req, res) | -| autogenerated/TaintedPath/TaintedPath.js:161:19:161:29 | split.pop() | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/TaintedPath.js:161:19:161:29 | split.pop() | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path split path split / fs readFileSync split join / fs readFileSync prefix split split length 1 fs readFileSync split x fs readFileSync prefix split x concatted prefix concat split fs readFileSync concatted join / concatted2 split concat prefix fs readFileSync concatted2 join / fs readFileSync split pop | -| autogenerated/TaintedPath/TaintedPath.js:161:19:161:29 | split.pop() | enclosingFunctionName | http.createServer#functionalargument | -| autogenerated/TaintedPath/TaintedPath.js:161:19:161:29 | split.pop() | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url | -| autogenerated/TaintedPath/TaintedPath.js:161:19:161:29 | split.pop() | receiverName | fs | -| autogenerated/TaintedPath/TaintedPath.js:161:19:161:29 | split.pop() | stringConcatenatedWith | | -| autogenerated/TaintedPath/TaintedPath.js:165:32:196:1 | functio ... lute)\\n} | CalleeFlexibleAccessPath | http.createServer | -| autogenerated/TaintedPath/TaintedPath.js:165:32:196:1 | functio ... lute)\\n} | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/TaintedPath.js:165:32:196:1 | functio ... lute)\\n} | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/TaintedPath.js:165:32:196:1 | functio ... lute)\\n} | assignedToPropName | | -| autogenerated/TaintedPath/TaintedPath.js:165:32:196:1 | functio ... lute)\\n} | calleeImports | http | -| autogenerated/TaintedPath/TaintedPath.js:165:32:196:1 | functio ... lute)\\n} | contextFunctionInterfaces | views_local(req, res) | -| autogenerated/TaintedPath/TaintedPath.js:165:32:196:1 | functio ... lute)\\n} | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/TaintedPath.js:165:32:196:1 | functio ... lute)\\n} | enclosingFunctionBody | | -| autogenerated/TaintedPath/TaintedPath.js:165:32:196:1 | functio ... lute)\\n} | enclosingFunctionName | | -| autogenerated/TaintedPath/TaintedPath.js:165:32:196:1 | functio ... lute)\\n} | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url | -| autogenerated/TaintedPath/TaintedPath.js:165:32:196:1 | functio ... lute)\\n} | receiverName | http | -| autogenerated/TaintedPath/TaintedPath.js:165:32:196:1 | functio ... lute)\\n} | stringConcatenatedWith | | -| autogenerated/TaintedPath/TaintedPath.js:169:29:169:68 | path.re ... /g, '') | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/TaintedPath.js:169:29:169:68 | path.re ... /g, '') | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/TaintedPath.js:169:29:169:68 | path.re ... /g, '') | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/TaintedPath.js:169:29:169:68 | path.re ... /g, '') | assignedToPropName | | -| autogenerated/TaintedPath/TaintedPath.js:169:29:169:68 | path.re ... /g, '') | calleeImports | fs | -| autogenerated/TaintedPath/TaintedPath.js:169:29:169:68 | path.re ... /g, '') | contextFunctionInterfaces | views_local(req, res) | -| autogenerated/TaintedPath/TaintedPath.js:169:29:169:68 | path.re ... /g, '') | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/TaintedPath.js:169:29:169:68 | path.re ... /g, '') | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path replace /[\\]\\[*,;'"`<>\\\\?\\/]/g res write fs readFileSync path replace /[abcd]/g res write fs readFileSync path replace /[./]/g res write fs readFileSync path replace /[foobar/foobar]/g res write fs readFileSync path replace /\\//g res write fs readFileSync path replace /\\.\|\\//g res write fs readFileSync path replace /[.]/g res write fs readFileSync path replace /[..]/g res write fs readFileSync path replace /\\./g res write fs readFileSync path replace /\\.\\.\|BLA/g pathModule isAbsolute path res write fs readFileSync path replace /[.]/g res write fs readFileSync path replace /[..]/g res write fs readFileSync path replace /\\./g res write fs readFileSync path replace /\\.\\.\|BLA/g res write fs readFileSync prefix pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/ res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.[\\/\\\\])+/ res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)+/ res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)*/ res write fs readFileSync prefix path replace /^(\\.\\.[\\/\\\\])+/ res write fs readFileSync pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/ | -| autogenerated/TaintedPath/TaintedPath.js:169:29:169:68 | path.re ... /g, '') | enclosingFunctionName | http.createServer#functionalargument | -| autogenerated/TaintedPath/TaintedPath.js:169:29:169:68 | path.re ... /g, '') | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url | -| autogenerated/TaintedPath/TaintedPath.js:169:29:169:68 | path.re ... /g, '') | receiverName | fs | -| autogenerated/TaintedPath/TaintedPath.js:169:29:169:68 | path.re ... /g, '') | stringConcatenatedWith | | -| autogenerated/TaintedPath/TaintedPath.js:170:29:170:55 | path.re ... /g, '') | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/TaintedPath.js:170:29:170:55 | path.re ... /g, '') | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/TaintedPath.js:170:29:170:55 | path.re ... /g, '') | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/TaintedPath.js:170:29:170:55 | path.re ... /g, '') | assignedToPropName | | -| autogenerated/TaintedPath/TaintedPath.js:170:29:170:55 | path.re ... /g, '') | calleeImports | fs | -| autogenerated/TaintedPath/TaintedPath.js:170:29:170:55 | path.re ... /g, '') | contextFunctionInterfaces | views_local(req, res) | -| autogenerated/TaintedPath/TaintedPath.js:170:29:170:55 | path.re ... /g, '') | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/TaintedPath.js:170:29:170:55 | path.re ... /g, '') | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path replace /[\\]\\[*,;'"`<>\\\\?\\/]/g res write fs readFileSync path replace /[abcd]/g res write fs readFileSync path replace /[./]/g res write fs readFileSync path replace /[foobar/foobar]/g res write fs readFileSync path replace /\\//g res write fs readFileSync path replace /\\.\|\\//g res write fs readFileSync path replace /[.]/g res write fs readFileSync path replace /[..]/g res write fs readFileSync path replace /\\./g res write fs readFileSync path replace /\\.\\.\|BLA/g pathModule isAbsolute path res write fs readFileSync path replace /[.]/g res write fs readFileSync path replace /[..]/g res write fs readFileSync path replace /\\./g res write fs readFileSync path replace /\\.\\.\|BLA/g res write fs readFileSync prefix pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/ res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.[\\/\\\\])+/ res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)+/ res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)*/ res write fs readFileSync prefix path replace /^(\\.\\.[\\/\\\\])+/ res write fs readFileSync pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/ | -| autogenerated/TaintedPath/TaintedPath.js:170:29:170:55 | path.re ... /g, '') | enclosingFunctionName | http.createServer#functionalargument | -| autogenerated/TaintedPath/TaintedPath.js:170:29:170:55 | path.re ... /g, '') | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url | -| autogenerated/TaintedPath/TaintedPath.js:170:29:170:55 | path.re ... /g, '') | receiverName | fs | -| autogenerated/TaintedPath/TaintedPath.js:170:29:170:55 | path.re ... /g, '') | stringConcatenatedWith | | -| autogenerated/TaintedPath/TaintedPath.js:171:29:171:53 | path.re ... /g, '') | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/TaintedPath.js:171:29:171:53 | path.re ... /g, '') | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/TaintedPath.js:171:29:171:53 | path.re ... /g, '') | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/TaintedPath.js:171:29:171:53 | path.re ... /g, '') | assignedToPropName | | -| autogenerated/TaintedPath/TaintedPath.js:171:29:171:53 | path.re ... /g, '') | calleeImports | fs | -| autogenerated/TaintedPath/TaintedPath.js:171:29:171:53 | path.re ... /g, '') | contextFunctionInterfaces | views_local(req, res) | -| autogenerated/TaintedPath/TaintedPath.js:171:29:171:53 | path.re ... /g, '') | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/TaintedPath.js:171:29:171:53 | path.re ... /g, '') | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path replace /[\\]\\[*,;'"`<>\\\\?\\/]/g res write fs readFileSync path replace /[abcd]/g res write fs readFileSync path replace /[./]/g res write fs readFileSync path replace /[foobar/foobar]/g res write fs readFileSync path replace /\\//g res write fs readFileSync path replace /\\.\|\\//g res write fs readFileSync path replace /[.]/g res write fs readFileSync path replace /[..]/g res write fs readFileSync path replace /\\./g res write fs readFileSync path replace /\\.\\.\|BLA/g pathModule isAbsolute path res write fs readFileSync path replace /[.]/g res write fs readFileSync path replace /[..]/g res write fs readFileSync path replace /\\./g res write fs readFileSync path replace /\\.\\.\|BLA/g res write fs readFileSync prefix pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/ res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.[\\/\\\\])+/ res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)+/ res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)*/ res write fs readFileSync prefix path replace /^(\\.\\.[\\/\\\\])+/ res write fs readFileSync pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/ | -| autogenerated/TaintedPath/TaintedPath.js:171:29:171:53 | path.re ... /g, '') | enclosingFunctionName | http.createServer#functionalargument | -| autogenerated/TaintedPath/TaintedPath.js:171:29:171:53 | path.re ... /g, '') | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url | -| autogenerated/TaintedPath/TaintedPath.js:171:29:171:53 | path.re ... /g, '') | receiverName | fs | -| autogenerated/TaintedPath/TaintedPath.js:171:29:171:53 | path.re ... /g, '') | stringConcatenatedWith | | -| autogenerated/TaintedPath/TaintedPath.js:172:29:172:64 | path.re ... /g, '') | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/TaintedPath.js:172:29:172:64 | path.re ... /g, '') | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/TaintedPath.js:172:29:172:64 | path.re ... /g, '') | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/TaintedPath.js:172:29:172:64 | path.re ... /g, '') | assignedToPropName | | -| autogenerated/TaintedPath/TaintedPath.js:172:29:172:64 | path.re ... /g, '') | calleeImports | fs | -| autogenerated/TaintedPath/TaintedPath.js:172:29:172:64 | path.re ... /g, '') | contextFunctionInterfaces | views_local(req, res) | -| autogenerated/TaintedPath/TaintedPath.js:172:29:172:64 | path.re ... /g, '') | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/TaintedPath.js:172:29:172:64 | path.re ... /g, '') | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path replace /[\\]\\[*,;'"`<>\\\\?\\/]/g res write fs readFileSync path replace /[abcd]/g res write fs readFileSync path replace /[./]/g res write fs readFileSync path replace /[foobar/foobar]/g res write fs readFileSync path replace /\\//g res write fs readFileSync path replace /\\.\|\\//g res write fs readFileSync path replace /[.]/g res write fs readFileSync path replace /[..]/g res write fs readFileSync path replace /\\./g res write fs readFileSync path replace /\\.\\.\|BLA/g pathModule isAbsolute path res write fs readFileSync path replace /[.]/g res write fs readFileSync path replace /[..]/g res write fs readFileSync path replace /\\./g res write fs readFileSync path replace /\\.\\.\|BLA/g res write fs readFileSync prefix pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/ res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.[\\/\\\\])+/ res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)+/ res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)*/ res write fs readFileSync prefix path replace /^(\\.\\.[\\/\\\\])+/ res write fs readFileSync pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/ | -| autogenerated/TaintedPath/TaintedPath.js:172:29:172:64 | path.re ... /g, '') | enclosingFunctionName | http.createServer#functionalargument | -| autogenerated/TaintedPath/TaintedPath.js:172:29:172:64 | path.re ... /g, '') | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url | -| autogenerated/TaintedPath/TaintedPath.js:172:29:172:64 | path.re ... /g, '') | receiverName | fs | -| autogenerated/TaintedPath/TaintedPath.js:172:29:172:64 | path.re ... /g, '') | stringConcatenatedWith | | -| autogenerated/TaintedPath/TaintedPath.js:173:29:173:51 | path.re ... /g, '') | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/TaintedPath.js:173:29:173:51 | path.re ... /g, '') | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/TaintedPath.js:173:29:173:51 | path.re ... /g, '') | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/TaintedPath.js:173:29:173:51 | path.re ... /g, '') | assignedToPropName | | -| autogenerated/TaintedPath/TaintedPath.js:173:29:173:51 | path.re ... /g, '') | calleeImports | fs | -| autogenerated/TaintedPath/TaintedPath.js:173:29:173:51 | path.re ... /g, '') | contextFunctionInterfaces | views_local(req, res) | -| autogenerated/TaintedPath/TaintedPath.js:173:29:173:51 | path.re ... /g, '') | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/TaintedPath.js:173:29:173:51 | path.re ... /g, '') | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path replace /[\\]\\[*,;'"`<>\\\\?\\/]/g res write fs readFileSync path replace /[abcd]/g res write fs readFileSync path replace /[./]/g res write fs readFileSync path replace /[foobar/foobar]/g res write fs readFileSync path replace /\\//g res write fs readFileSync path replace /\\.\|\\//g res write fs readFileSync path replace /[.]/g res write fs readFileSync path replace /[..]/g res write fs readFileSync path replace /\\./g res write fs readFileSync path replace /\\.\\.\|BLA/g pathModule isAbsolute path res write fs readFileSync path replace /[.]/g res write fs readFileSync path replace /[..]/g res write fs readFileSync path replace /\\./g res write fs readFileSync path replace /\\.\\.\|BLA/g res write fs readFileSync prefix pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/ res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.[\\/\\\\])+/ res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)+/ res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)*/ res write fs readFileSync prefix path replace /^(\\.\\.[\\/\\\\])+/ res write fs readFileSync pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/ | -| autogenerated/TaintedPath/TaintedPath.js:173:29:173:51 | path.re ... /g, '') | enclosingFunctionName | http.createServer#functionalargument | -| autogenerated/TaintedPath/TaintedPath.js:173:29:173:51 | path.re ... /g, '') | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url | -| autogenerated/TaintedPath/TaintedPath.js:173:29:173:51 | path.re ... /g, '') | receiverName | fs | -| autogenerated/TaintedPath/TaintedPath.js:173:29:173:51 | path.re ... /g, '') | stringConcatenatedWith | | -| autogenerated/TaintedPath/TaintedPath.js:174:29:174:54 | path.re ... /g, '') | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/TaintedPath.js:174:29:174:54 | path.re ... /g, '') | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/TaintedPath.js:174:29:174:54 | path.re ... /g, '') | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/TaintedPath.js:174:29:174:54 | path.re ... /g, '') | assignedToPropName | | -| autogenerated/TaintedPath/TaintedPath.js:174:29:174:54 | path.re ... /g, '') | calleeImports | fs | -| autogenerated/TaintedPath/TaintedPath.js:174:29:174:54 | path.re ... /g, '') | contextFunctionInterfaces | views_local(req, res) | -| autogenerated/TaintedPath/TaintedPath.js:174:29:174:54 | path.re ... /g, '') | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/TaintedPath.js:174:29:174:54 | path.re ... /g, '') | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path replace /[\\]\\[*,;'"`<>\\\\?\\/]/g res write fs readFileSync path replace /[abcd]/g res write fs readFileSync path replace /[./]/g res write fs readFileSync path replace /[foobar/foobar]/g res write fs readFileSync path replace /\\//g res write fs readFileSync path replace /\\.\|\\//g res write fs readFileSync path replace /[.]/g res write fs readFileSync path replace /[..]/g res write fs readFileSync path replace /\\./g res write fs readFileSync path replace /\\.\\.\|BLA/g pathModule isAbsolute path res write fs readFileSync path replace /[.]/g res write fs readFileSync path replace /[..]/g res write fs readFileSync path replace /\\./g res write fs readFileSync path replace /\\.\\.\|BLA/g res write fs readFileSync prefix pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/ res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.[\\/\\\\])+/ res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)+/ res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)*/ res write fs readFileSync prefix path replace /^(\\.\\.[\\/\\\\])+/ res write fs readFileSync pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/ | -| autogenerated/TaintedPath/TaintedPath.js:174:29:174:54 | path.re ... /g, '') | enclosingFunctionName | http.createServer#functionalargument | -| autogenerated/TaintedPath/TaintedPath.js:174:29:174:54 | path.re ... /g, '') | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url | -| autogenerated/TaintedPath/TaintedPath.js:174:29:174:54 | path.re ... /g, '') | receiverName | fs | -| autogenerated/TaintedPath/TaintedPath.js:174:29:174:54 | path.re ... /g, '') | stringConcatenatedWith | | -| autogenerated/TaintedPath/TaintedPath.js:176:29:176:52 | path.re ... /g, '') | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/TaintedPath.js:176:29:176:52 | path.re ... /g, '') | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/TaintedPath.js:176:29:176:52 | path.re ... /g, '') | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/TaintedPath.js:176:29:176:52 | path.re ... /g, '') | assignedToPropName | | -| autogenerated/TaintedPath/TaintedPath.js:176:29:176:52 | path.re ... /g, '') | calleeImports | fs | -| autogenerated/TaintedPath/TaintedPath.js:176:29:176:52 | path.re ... /g, '') | contextFunctionInterfaces | views_local(req, res) | -| autogenerated/TaintedPath/TaintedPath.js:176:29:176:52 | path.re ... /g, '') | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/TaintedPath.js:176:29:176:52 | path.re ... /g, '') | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path replace /[\\]\\[*,;'"`<>\\\\?\\/]/g res write fs readFileSync path replace /[abcd]/g res write fs readFileSync path replace /[./]/g res write fs readFileSync path replace /[foobar/foobar]/g res write fs readFileSync path replace /\\//g res write fs readFileSync path replace /\\.\|\\//g res write fs readFileSync path replace /[.]/g res write fs readFileSync path replace /[..]/g res write fs readFileSync path replace /\\./g res write fs readFileSync path replace /\\.\\.\|BLA/g pathModule isAbsolute path res write fs readFileSync path replace /[.]/g res write fs readFileSync path replace /[..]/g res write fs readFileSync path replace /\\./g res write fs readFileSync path replace /\\.\\.\|BLA/g res write fs readFileSync prefix pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/ res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.[\\/\\\\])+/ res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)+/ res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)*/ res write fs readFileSync prefix path replace /^(\\.\\.[\\/\\\\])+/ res write fs readFileSync pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/ | -| autogenerated/TaintedPath/TaintedPath.js:176:29:176:52 | path.re ... /g, '') | enclosingFunctionName | http.createServer#functionalargument | -| autogenerated/TaintedPath/TaintedPath.js:176:29:176:52 | path.re ... /g, '') | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url | -| autogenerated/TaintedPath/TaintedPath.js:176:29:176:52 | path.re ... /g, '') | receiverName | fs | -| autogenerated/TaintedPath/TaintedPath.js:176:29:176:52 | path.re ... /g, '') | stringConcatenatedWith | | -| autogenerated/TaintedPath/TaintedPath.js:177:29:177:53 | path.re ... /g, '') | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/TaintedPath.js:177:29:177:53 | path.re ... /g, '') | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/TaintedPath.js:177:29:177:53 | path.re ... /g, '') | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/TaintedPath.js:177:29:177:53 | path.re ... /g, '') | assignedToPropName | | -| autogenerated/TaintedPath/TaintedPath.js:177:29:177:53 | path.re ... /g, '') | calleeImports | fs | -| autogenerated/TaintedPath/TaintedPath.js:177:29:177:53 | path.re ... /g, '') | contextFunctionInterfaces | views_local(req, res) | -| autogenerated/TaintedPath/TaintedPath.js:177:29:177:53 | path.re ... /g, '') | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/TaintedPath.js:177:29:177:53 | path.re ... /g, '') | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path replace /[\\]\\[*,;'"`<>\\\\?\\/]/g res write fs readFileSync path replace /[abcd]/g res write fs readFileSync path replace /[./]/g res write fs readFileSync path replace /[foobar/foobar]/g res write fs readFileSync path replace /\\//g res write fs readFileSync path replace /\\.\|\\//g res write fs readFileSync path replace /[.]/g res write fs readFileSync path replace /[..]/g res write fs readFileSync path replace /\\./g res write fs readFileSync path replace /\\.\\.\|BLA/g pathModule isAbsolute path res write fs readFileSync path replace /[.]/g res write fs readFileSync path replace /[..]/g res write fs readFileSync path replace /\\./g res write fs readFileSync path replace /\\.\\.\|BLA/g res write fs readFileSync prefix pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/ res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.[\\/\\\\])+/ res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)+/ res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)*/ res write fs readFileSync prefix path replace /^(\\.\\.[\\/\\\\])+/ res write fs readFileSync pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/ | -| autogenerated/TaintedPath/TaintedPath.js:177:29:177:53 | path.re ... /g, '') | enclosingFunctionName | http.createServer#functionalargument | -| autogenerated/TaintedPath/TaintedPath.js:177:29:177:53 | path.re ... /g, '') | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url | -| autogenerated/TaintedPath/TaintedPath.js:177:29:177:53 | path.re ... /g, '') | receiverName | fs | -| autogenerated/TaintedPath/TaintedPath.js:177:29:177:53 | path.re ... /g, '') | stringConcatenatedWith | | -| autogenerated/TaintedPath/TaintedPath.js:178:29:178:51 | path.re ... /g, '') | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/TaintedPath.js:178:29:178:51 | path.re ... /g, '') | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/TaintedPath.js:178:29:178:51 | path.re ... /g, '') | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/TaintedPath.js:178:29:178:51 | path.re ... /g, '') | assignedToPropName | | -| autogenerated/TaintedPath/TaintedPath.js:178:29:178:51 | path.re ... /g, '') | calleeImports | fs | -| autogenerated/TaintedPath/TaintedPath.js:178:29:178:51 | path.re ... /g, '') | contextFunctionInterfaces | views_local(req, res) | -| autogenerated/TaintedPath/TaintedPath.js:178:29:178:51 | path.re ... /g, '') | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/TaintedPath.js:178:29:178:51 | path.re ... /g, '') | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path replace /[\\]\\[*,;'"`<>\\\\?\\/]/g res write fs readFileSync path replace /[abcd]/g res write fs readFileSync path replace /[./]/g res write fs readFileSync path replace /[foobar/foobar]/g res write fs readFileSync path replace /\\//g res write fs readFileSync path replace /\\.\|\\//g res write fs readFileSync path replace /[.]/g res write fs readFileSync path replace /[..]/g res write fs readFileSync path replace /\\./g res write fs readFileSync path replace /\\.\\.\|BLA/g pathModule isAbsolute path res write fs readFileSync path replace /[.]/g res write fs readFileSync path replace /[..]/g res write fs readFileSync path replace /\\./g res write fs readFileSync path replace /\\.\\.\|BLA/g res write fs readFileSync prefix pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/ res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.[\\/\\\\])+/ res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)+/ res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)*/ res write fs readFileSync prefix path replace /^(\\.\\.[\\/\\\\])+/ res write fs readFileSync pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/ | -| autogenerated/TaintedPath/TaintedPath.js:178:29:178:51 | path.re ... /g, '') | enclosingFunctionName | http.createServer#functionalargument | -| autogenerated/TaintedPath/TaintedPath.js:178:29:178:51 | path.re ... /g, '') | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url | -| autogenerated/TaintedPath/TaintedPath.js:178:29:178:51 | path.re ... /g, '') | receiverName | fs | -| autogenerated/TaintedPath/TaintedPath.js:178:29:178:51 | path.re ... /g, '') | stringConcatenatedWith | | -| autogenerated/TaintedPath/TaintedPath.js:179:29:179:57 | path.re ... /g, '') | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/TaintedPath.js:179:29:179:57 | path.re ... /g, '') | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/TaintedPath.js:179:29:179:57 | path.re ... /g, '') | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/TaintedPath.js:179:29:179:57 | path.re ... /g, '') | assignedToPropName | | -| autogenerated/TaintedPath/TaintedPath.js:179:29:179:57 | path.re ... /g, '') | calleeImports | fs | -| autogenerated/TaintedPath/TaintedPath.js:179:29:179:57 | path.re ... /g, '') | contextFunctionInterfaces | views_local(req, res) | -| autogenerated/TaintedPath/TaintedPath.js:179:29:179:57 | path.re ... /g, '') | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/TaintedPath.js:179:29:179:57 | path.re ... /g, '') | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path replace /[\\]\\[*,;'"`<>\\\\?\\/]/g res write fs readFileSync path replace /[abcd]/g res write fs readFileSync path replace /[./]/g res write fs readFileSync path replace /[foobar/foobar]/g res write fs readFileSync path replace /\\//g res write fs readFileSync path replace /\\.\|\\//g res write fs readFileSync path replace /[.]/g res write fs readFileSync path replace /[..]/g res write fs readFileSync path replace /\\./g res write fs readFileSync path replace /\\.\\.\|BLA/g pathModule isAbsolute path res write fs readFileSync path replace /[.]/g res write fs readFileSync path replace /[..]/g res write fs readFileSync path replace /\\./g res write fs readFileSync path replace /\\.\\.\|BLA/g res write fs readFileSync prefix pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/ res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.[\\/\\\\])+/ res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)+/ res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)*/ res write fs readFileSync prefix path replace /^(\\.\\.[\\/\\\\])+/ res write fs readFileSync pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/ | -| autogenerated/TaintedPath/TaintedPath.js:179:29:179:57 | path.re ... /g, '') | enclosingFunctionName | http.createServer#functionalargument | -| autogenerated/TaintedPath/TaintedPath.js:179:29:179:57 | path.re ... /g, '') | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url | -| autogenerated/TaintedPath/TaintedPath.js:179:29:179:57 | path.re ... /g, '') | receiverName | fs | -| autogenerated/TaintedPath/TaintedPath.js:179:29:179:57 | path.re ... /g, '') | stringConcatenatedWith | | -| autogenerated/TaintedPath/TaintedPath.js:182:31:182:54 | path.re ... /g, '') | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/TaintedPath.js:182:31:182:54 | path.re ... /g, '') | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/TaintedPath.js:182:31:182:54 | path.re ... /g, '') | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/TaintedPath.js:182:31:182:54 | path.re ... /g, '') | assignedToPropName | | -| autogenerated/TaintedPath/TaintedPath.js:182:31:182:54 | path.re ... /g, '') | calleeImports | fs | -| autogenerated/TaintedPath/TaintedPath.js:182:31:182:54 | path.re ... /g, '') | contextFunctionInterfaces | views_local(req, res) | -| autogenerated/TaintedPath/TaintedPath.js:182:31:182:54 | path.re ... /g, '') | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/TaintedPath.js:182:31:182:54 | path.re ... /g, '') | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path replace /[\\]\\[*,;'"`<>\\\\?\\/]/g res write fs readFileSync path replace /[abcd]/g res write fs readFileSync path replace /[./]/g res write fs readFileSync path replace /[foobar/foobar]/g res write fs readFileSync path replace /\\//g res write fs readFileSync path replace /\\.\|\\//g res write fs readFileSync path replace /[.]/g res write fs readFileSync path replace /[..]/g res write fs readFileSync path replace /\\./g res write fs readFileSync path replace /\\.\\.\|BLA/g pathModule isAbsolute path res write fs readFileSync path replace /[.]/g res write fs readFileSync path replace /[..]/g res write fs readFileSync path replace /\\./g res write fs readFileSync path replace /\\.\\.\|BLA/g res write fs readFileSync prefix pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/ res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.[\\/\\\\])+/ res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)+/ res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)*/ res write fs readFileSync prefix path replace /^(\\.\\.[\\/\\\\])+/ res write fs readFileSync pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/ | -| autogenerated/TaintedPath/TaintedPath.js:182:31:182:54 | path.re ... /g, '') | enclosingFunctionName | http.createServer#functionalargument | -| autogenerated/TaintedPath/TaintedPath.js:182:31:182:54 | path.re ... /g, '') | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url | -| autogenerated/TaintedPath/TaintedPath.js:182:31:182:54 | path.re ... /g, '') | receiverName | fs | -| autogenerated/TaintedPath/TaintedPath.js:182:31:182:54 | path.re ... /g, '') | stringConcatenatedWith | | -| autogenerated/TaintedPath/TaintedPath.js:183:30:183:54 | path.re ... /g, '') | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/TaintedPath.js:183:30:183:54 | path.re ... /g, '') | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/TaintedPath.js:183:30:183:54 | path.re ... /g, '') | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/TaintedPath.js:183:30:183:54 | path.re ... /g, '') | assignedToPropName | | -| autogenerated/TaintedPath/TaintedPath.js:183:30:183:54 | path.re ... /g, '') | calleeImports | fs | -| autogenerated/TaintedPath/TaintedPath.js:183:30:183:54 | path.re ... /g, '') | contextFunctionInterfaces | views_local(req, res) | -| autogenerated/TaintedPath/TaintedPath.js:183:30:183:54 | path.re ... /g, '') | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/TaintedPath.js:183:30:183:54 | path.re ... /g, '') | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path replace /[\\]\\[*,;'"`<>\\\\?\\/]/g res write fs readFileSync path replace /[abcd]/g res write fs readFileSync path replace /[./]/g res write fs readFileSync path replace /[foobar/foobar]/g res write fs readFileSync path replace /\\//g res write fs readFileSync path replace /\\.\|\\//g res write fs readFileSync path replace /[.]/g res write fs readFileSync path replace /[..]/g res write fs readFileSync path replace /\\./g res write fs readFileSync path replace /\\.\\.\|BLA/g pathModule isAbsolute path res write fs readFileSync path replace /[.]/g res write fs readFileSync path replace /[..]/g res write fs readFileSync path replace /\\./g res write fs readFileSync path replace /\\.\\.\|BLA/g res write fs readFileSync prefix pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/ res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.[\\/\\\\])+/ res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)+/ res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)*/ res write fs readFileSync prefix path replace /^(\\.\\.[\\/\\\\])+/ res write fs readFileSync pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/ | -| autogenerated/TaintedPath/TaintedPath.js:183:30:183:54 | path.re ... /g, '') | enclosingFunctionName | http.createServer#functionalargument | -| autogenerated/TaintedPath/TaintedPath.js:183:30:183:54 | path.re ... /g, '') | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url | -| autogenerated/TaintedPath/TaintedPath.js:183:30:183:54 | path.re ... /g, '') | receiverName | fs | -| autogenerated/TaintedPath/TaintedPath.js:183:30:183:54 | path.re ... /g, '') | stringConcatenatedWith | | -| autogenerated/TaintedPath/TaintedPath.js:184:31:184:53 | path.re ... /g, '') | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/TaintedPath.js:184:31:184:53 | path.re ... /g, '') | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/TaintedPath.js:184:31:184:53 | path.re ... /g, '') | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/TaintedPath.js:184:31:184:53 | path.re ... /g, '') | assignedToPropName | | -| autogenerated/TaintedPath/TaintedPath.js:184:31:184:53 | path.re ... /g, '') | calleeImports | fs | -| autogenerated/TaintedPath/TaintedPath.js:184:31:184:53 | path.re ... /g, '') | contextFunctionInterfaces | views_local(req, res) | -| autogenerated/TaintedPath/TaintedPath.js:184:31:184:53 | path.re ... /g, '') | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/TaintedPath.js:184:31:184:53 | path.re ... /g, '') | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path replace /[\\]\\[*,;'"`<>\\\\?\\/]/g res write fs readFileSync path replace /[abcd]/g res write fs readFileSync path replace /[./]/g res write fs readFileSync path replace /[foobar/foobar]/g res write fs readFileSync path replace /\\//g res write fs readFileSync path replace /\\.\|\\//g res write fs readFileSync path replace /[.]/g res write fs readFileSync path replace /[..]/g res write fs readFileSync path replace /\\./g res write fs readFileSync path replace /\\.\\.\|BLA/g pathModule isAbsolute path res write fs readFileSync path replace /[.]/g res write fs readFileSync path replace /[..]/g res write fs readFileSync path replace /\\./g res write fs readFileSync path replace /\\.\\.\|BLA/g res write fs readFileSync prefix pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/ res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.[\\/\\\\])+/ res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)+/ res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)*/ res write fs readFileSync prefix path replace /^(\\.\\.[\\/\\\\])+/ res write fs readFileSync pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/ | -| autogenerated/TaintedPath/TaintedPath.js:184:31:184:53 | path.re ... /g, '') | enclosingFunctionName | http.createServer#functionalargument | -| autogenerated/TaintedPath/TaintedPath.js:184:31:184:53 | path.re ... /g, '') | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url | -| autogenerated/TaintedPath/TaintedPath.js:184:31:184:53 | path.re ... /g, '') | receiverName | fs | -| autogenerated/TaintedPath/TaintedPath.js:184:31:184:53 | path.re ... /g, '') | stringConcatenatedWith | | -| autogenerated/TaintedPath/TaintedPath.js:185:30:185:58 | path.re ... /g, '') | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/TaintedPath.js:185:30:185:58 | path.re ... /g, '') | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/TaintedPath.js:185:30:185:58 | path.re ... /g, '') | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/TaintedPath.js:185:30:185:58 | path.re ... /g, '') | assignedToPropName | | -| autogenerated/TaintedPath/TaintedPath.js:185:30:185:58 | path.re ... /g, '') | calleeImports | fs | -| autogenerated/TaintedPath/TaintedPath.js:185:30:185:58 | path.re ... /g, '') | contextFunctionInterfaces | views_local(req, res) | -| autogenerated/TaintedPath/TaintedPath.js:185:30:185:58 | path.re ... /g, '') | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/TaintedPath.js:185:30:185:58 | path.re ... /g, '') | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path replace /[\\]\\[*,;'"`<>\\\\?\\/]/g res write fs readFileSync path replace /[abcd]/g res write fs readFileSync path replace /[./]/g res write fs readFileSync path replace /[foobar/foobar]/g res write fs readFileSync path replace /\\//g res write fs readFileSync path replace /\\.\|\\//g res write fs readFileSync path replace /[.]/g res write fs readFileSync path replace /[..]/g res write fs readFileSync path replace /\\./g res write fs readFileSync path replace /\\.\\.\|BLA/g pathModule isAbsolute path res write fs readFileSync path replace /[.]/g res write fs readFileSync path replace /[..]/g res write fs readFileSync path replace /\\./g res write fs readFileSync path replace /\\.\\.\|BLA/g res write fs readFileSync prefix pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/ res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.[\\/\\\\])+/ res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)+/ res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)*/ res write fs readFileSync prefix path replace /^(\\.\\.[\\/\\\\])+/ res write fs readFileSync pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/ | -| autogenerated/TaintedPath/TaintedPath.js:185:30:185:58 | path.re ... /g, '') | enclosingFunctionName | http.createServer#functionalargument | -| autogenerated/TaintedPath/TaintedPath.js:185:30:185:58 | path.re ... /g, '') | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url | -| autogenerated/TaintedPath/TaintedPath.js:185:30:185:58 | path.re ... /g, '') | receiverName | fs | -| autogenerated/TaintedPath/TaintedPath.js:185:30:185:58 | path.re ... /g, '') | stringConcatenatedWith | | -| autogenerated/TaintedPath/TaintedPath.js:189:29:189:95 | "prefix ... +/, '') | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/TaintedPath.js:189:29:189:95 | "prefix ... +/, '') | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/TaintedPath.js:189:29:189:95 | "prefix ... +/, '') | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/TaintedPath.js:189:29:189:95 | "prefix ... +/, '') | assignedToPropName | | -| autogenerated/TaintedPath/TaintedPath.js:189:29:189:95 | "prefix ... +/, '') | calleeImports | fs | -| autogenerated/TaintedPath/TaintedPath.js:189:29:189:95 | "prefix ... +/, '') | contextFunctionInterfaces | views_local(req, res) | -| autogenerated/TaintedPath/TaintedPath.js:189:29:189:95 | "prefix ... +/, '') | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/TaintedPath.js:189:29:189:95 | "prefix ... +/, '') | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path replace /[\\]\\[*,;'"`<>\\\\?\\/]/g res write fs readFileSync path replace /[abcd]/g res write fs readFileSync path replace /[./]/g res write fs readFileSync path replace /[foobar/foobar]/g res write fs readFileSync path replace /\\//g res write fs readFileSync path replace /\\.\|\\//g res write fs readFileSync path replace /[.]/g res write fs readFileSync path replace /[..]/g res write fs readFileSync path replace /\\./g res write fs readFileSync path replace /\\.\\.\|BLA/g pathModule isAbsolute path res write fs readFileSync path replace /[.]/g res write fs readFileSync path replace /[..]/g res write fs readFileSync path replace /\\./g res write fs readFileSync path replace /\\.\\.\|BLA/g res write fs readFileSync prefix pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/ res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.[\\/\\\\])+/ res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)+/ res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)*/ res write fs readFileSync prefix path replace /^(\\.\\.[\\/\\\\])+/ res write fs readFileSync pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/ | -| autogenerated/TaintedPath/TaintedPath.js:189:29:189:95 | "prefix ... +/, '') | enclosingFunctionName | http.createServer#functionalargument | -| autogenerated/TaintedPath/TaintedPath.js:189:29:189:95 | "prefix ... +/, '') | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url | -| autogenerated/TaintedPath/TaintedPath.js:189:29:189:95 | "prefix ... +/, '') | receiverName | fs | -| autogenerated/TaintedPath/TaintedPath.js:189:29:189:95 | "prefix ... +/, '') | stringConcatenatedWith | | -| autogenerated/TaintedPath/TaintedPath.js:190:29:190:94 | "prefix ... +/, '') | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/TaintedPath.js:190:29:190:94 | "prefix ... +/, '') | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/TaintedPath.js:190:29:190:94 | "prefix ... +/, '') | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/TaintedPath.js:190:29:190:94 | "prefix ... +/, '') | assignedToPropName | | -| autogenerated/TaintedPath/TaintedPath.js:190:29:190:94 | "prefix ... +/, '') | calleeImports | fs | -| autogenerated/TaintedPath/TaintedPath.js:190:29:190:94 | "prefix ... +/, '') | contextFunctionInterfaces | views_local(req, res) | -| autogenerated/TaintedPath/TaintedPath.js:190:29:190:94 | "prefix ... +/, '') | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/TaintedPath.js:190:29:190:94 | "prefix ... +/, '') | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path replace /[\\]\\[*,;'"`<>\\\\?\\/]/g res write fs readFileSync path replace /[abcd]/g res write fs readFileSync path replace /[./]/g res write fs readFileSync path replace /[foobar/foobar]/g res write fs readFileSync path replace /\\//g res write fs readFileSync path replace /\\.\|\\//g res write fs readFileSync path replace /[.]/g res write fs readFileSync path replace /[..]/g res write fs readFileSync path replace /\\./g res write fs readFileSync path replace /\\.\\.\|BLA/g pathModule isAbsolute path res write fs readFileSync path replace /[.]/g res write fs readFileSync path replace /[..]/g res write fs readFileSync path replace /\\./g res write fs readFileSync path replace /\\.\\.\|BLA/g res write fs readFileSync prefix pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/ res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.[\\/\\\\])+/ res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)+/ res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)*/ res write fs readFileSync prefix path replace /^(\\.\\.[\\/\\\\])+/ res write fs readFileSync pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/ | -| autogenerated/TaintedPath/TaintedPath.js:190:29:190:94 | "prefix ... +/, '') | enclosingFunctionName | http.createServer#functionalargument | -| autogenerated/TaintedPath/TaintedPath.js:190:29:190:94 | "prefix ... +/, '') | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url | -| autogenerated/TaintedPath/TaintedPath.js:190:29:190:94 | "prefix ... +/, '') | receiverName | fs | -| autogenerated/TaintedPath/TaintedPath.js:190:29:190:94 | "prefix ... +/, '') | stringConcatenatedWith | | -| autogenerated/TaintedPath/TaintedPath.js:191:29:191:90 | "prefix ... +/, '') | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/TaintedPath.js:191:29:191:90 | "prefix ... +/, '') | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/TaintedPath.js:191:29:191:90 | "prefix ... +/, '') | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/TaintedPath.js:191:29:191:90 | "prefix ... +/, '') | assignedToPropName | | -| autogenerated/TaintedPath/TaintedPath.js:191:29:191:90 | "prefix ... +/, '') | calleeImports | fs | -| autogenerated/TaintedPath/TaintedPath.js:191:29:191:90 | "prefix ... +/, '') | contextFunctionInterfaces | views_local(req, res) | -| autogenerated/TaintedPath/TaintedPath.js:191:29:191:90 | "prefix ... +/, '') | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/TaintedPath.js:191:29:191:90 | "prefix ... +/, '') | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path replace /[\\]\\[*,;'"`<>\\\\?\\/]/g res write fs readFileSync path replace /[abcd]/g res write fs readFileSync path replace /[./]/g res write fs readFileSync path replace /[foobar/foobar]/g res write fs readFileSync path replace /\\//g res write fs readFileSync path replace /\\.\|\\//g res write fs readFileSync path replace /[.]/g res write fs readFileSync path replace /[..]/g res write fs readFileSync path replace /\\./g res write fs readFileSync path replace /\\.\\.\|BLA/g pathModule isAbsolute path res write fs readFileSync path replace /[.]/g res write fs readFileSync path replace /[..]/g res write fs readFileSync path replace /\\./g res write fs readFileSync path replace /\\.\\.\|BLA/g res write fs readFileSync prefix pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/ res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.[\\/\\\\])+/ res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)+/ res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)*/ res write fs readFileSync prefix path replace /^(\\.\\.[\\/\\\\])+/ res write fs readFileSync pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/ | -| autogenerated/TaintedPath/TaintedPath.js:191:29:191:90 | "prefix ... +/, '') | enclosingFunctionName | http.createServer#functionalargument | -| autogenerated/TaintedPath/TaintedPath.js:191:29:191:90 | "prefix ... +/, '') | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url | -| autogenerated/TaintedPath/TaintedPath.js:191:29:191:90 | "prefix ... +/, '') | receiverName | fs | -| autogenerated/TaintedPath/TaintedPath.js:191:29:191:90 | "prefix ... +/, '') | stringConcatenatedWith | | -| autogenerated/TaintedPath/TaintedPath.js:192:29:192:90 | "prefix ... */, '') | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/TaintedPath.js:192:29:192:90 | "prefix ... */, '') | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/TaintedPath.js:192:29:192:90 | "prefix ... */, '') | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/TaintedPath.js:192:29:192:90 | "prefix ... */, '') | assignedToPropName | | -| autogenerated/TaintedPath/TaintedPath.js:192:29:192:90 | "prefix ... */, '') | calleeImports | fs | -| autogenerated/TaintedPath/TaintedPath.js:192:29:192:90 | "prefix ... */, '') | contextFunctionInterfaces | views_local(req, res) | -| autogenerated/TaintedPath/TaintedPath.js:192:29:192:90 | "prefix ... */, '') | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/TaintedPath.js:192:29:192:90 | "prefix ... */, '') | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path replace /[\\]\\[*,;'"`<>\\\\?\\/]/g res write fs readFileSync path replace /[abcd]/g res write fs readFileSync path replace /[./]/g res write fs readFileSync path replace /[foobar/foobar]/g res write fs readFileSync path replace /\\//g res write fs readFileSync path replace /\\.\|\\//g res write fs readFileSync path replace /[.]/g res write fs readFileSync path replace /[..]/g res write fs readFileSync path replace /\\./g res write fs readFileSync path replace /\\.\\.\|BLA/g pathModule isAbsolute path res write fs readFileSync path replace /[.]/g res write fs readFileSync path replace /[..]/g res write fs readFileSync path replace /\\./g res write fs readFileSync path replace /\\.\\.\|BLA/g res write fs readFileSync prefix pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/ res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.[\\/\\\\])+/ res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)+/ res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)*/ res write fs readFileSync prefix path replace /^(\\.\\.[\\/\\\\])+/ res write fs readFileSync pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/ | -| autogenerated/TaintedPath/TaintedPath.js:192:29:192:90 | "prefix ... */, '') | enclosingFunctionName | http.createServer#functionalargument | -| autogenerated/TaintedPath/TaintedPath.js:192:29:192:90 | "prefix ... */, '') | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url | -| autogenerated/TaintedPath/TaintedPath.js:192:29:192:90 | "prefix ... */, '') | receiverName | fs | -| autogenerated/TaintedPath/TaintedPath.js:192:29:192:90 | "prefix ... */, '') | stringConcatenatedWith | | -| autogenerated/TaintedPath/TaintedPath.js:194:29:194:73 | "prefix ... +/, '') | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/TaintedPath.js:194:29:194:73 | "prefix ... +/, '') | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/TaintedPath.js:194:29:194:73 | "prefix ... +/, '') | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/TaintedPath.js:194:29:194:73 | "prefix ... +/, '') | assignedToPropName | | -| autogenerated/TaintedPath/TaintedPath.js:194:29:194:73 | "prefix ... +/, '') | calleeImports | fs | -| autogenerated/TaintedPath/TaintedPath.js:194:29:194:73 | "prefix ... +/, '') | contextFunctionInterfaces | views_local(req, res) | -| autogenerated/TaintedPath/TaintedPath.js:194:29:194:73 | "prefix ... +/, '') | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/TaintedPath.js:194:29:194:73 | "prefix ... +/, '') | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path replace /[\\]\\[*,;'"`<>\\\\?\\/]/g res write fs readFileSync path replace /[abcd]/g res write fs readFileSync path replace /[./]/g res write fs readFileSync path replace /[foobar/foobar]/g res write fs readFileSync path replace /\\//g res write fs readFileSync path replace /\\.\|\\//g res write fs readFileSync path replace /[.]/g res write fs readFileSync path replace /[..]/g res write fs readFileSync path replace /\\./g res write fs readFileSync path replace /\\.\\.\|BLA/g pathModule isAbsolute path res write fs readFileSync path replace /[.]/g res write fs readFileSync path replace /[..]/g res write fs readFileSync path replace /\\./g res write fs readFileSync path replace /\\.\\.\|BLA/g res write fs readFileSync prefix pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/ res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.[\\/\\\\])+/ res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)+/ res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)*/ res write fs readFileSync prefix path replace /^(\\.\\.[\\/\\\\])+/ res write fs readFileSync pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/ | -| autogenerated/TaintedPath/TaintedPath.js:194:29:194:73 | "prefix ... +/, '') | enclosingFunctionName | http.createServer#functionalargument | -| autogenerated/TaintedPath/TaintedPath.js:194:29:194:73 | "prefix ... +/, '') | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url | -| autogenerated/TaintedPath/TaintedPath.js:194:29:194:73 | "prefix ... +/, '') | receiverName | fs | -| autogenerated/TaintedPath/TaintedPath.js:194:29:194:73 | "prefix ... +/, '') | stringConcatenatedWith | | -| autogenerated/TaintedPath/TaintedPath.js:195:29:195:84 | pathMod ... +/, '') | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/TaintedPath.js:195:29:195:84 | pathMod ... +/, '') | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/TaintedPath.js:195:29:195:84 | pathMod ... +/, '') | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/TaintedPath.js:195:29:195:84 | pathMod ... +/, '') | assignedToPropName | | -| autogenerated/TaintedPath/TaintedPath.js:195:29:195:84 | pathMod ... +/, '') | calleeImports | fs | -| autogenerated/TaintedPath/TaintedPath.js:195:29:195:84 | pathMod ... +/, '') | contextFunctionInterfaces | views_local(req, res) | -| autogenerated/TaintedPath/TaintedPath.js:195:29:195:84 | pathMod ... +/, '') | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/TaintedPath.js:195:29:195:84 | pathMod ... +/, '') | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path replace /[\\]\\[*,;'"`<>\\\\?\\/]/g res write fs readFileSync path replace /[abcd]/g res write fs readFileSync path replace /[./]/g res write fs readFileSync path replace /[foobar/foobar]/g res write fs readFileSync path replace /\\//g res write fs readFileSync path replace /\\.\|\\//g res write fs readFileSync path replace /[.]/g res write fs readFileSync path replace /[..]/g res write fs readFileSync path replace /\\./g res write fs readFileSync path replace /\\.\\.\|BLA/g pathModule isAbsolute path res write fs readFileSync path replace /[.]/g res write fs readFileSync path replace /[..]/g res write fs readFileSync path replace /\\./g res write fs readFileSync path replace /\\.\\.\|BLA/g res write fs readFileSync prefix pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/ res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.[\\/\\\\])+/ res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)+/ res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)*/ res write fs readFileSync prefix path replace /^(\\.\\.[\\/\\\\])+/ res write fs readFileSync pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/ | -| autogenerated/TaintedPath/TaintedPath.js:195:29:195:84 | pathMod ... +/, '') | enclosingFunctionName | http.createServer#functionalargument | -| autogenerated/TaintedPath/TaintedPath.js:195:29:195:84 | pathMod ... +/, '') | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url | -| autogenerated/TaintedPath/TaintedPath.js:195:29:195:84 | pathMod ... +/, '') | receiverName | fs | -| autogenerated/TaintedPath/TaintedPath.js:195:29:195:84 | pathMod ... +/, '') | stringConcatenatedWith | | -| autogenerated/TaintedPath/my-async-fs-module.js:1:20:1:23 | 'fs' | CalleeFlexibleAccessPath | require | -| autogenerated/TaintedPath/my-async-fs-module.js:1:20:1:23 | 'fs' | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/my-async-fs-module.js:1:20:1:23 | 'fs' | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/my-async-fs-module.js:1:20:1:23 | 'fs' | assignedToPropName | | -| autogenerated/TaintedPath/my-async-fs-module.js:1:20:1:23 | 'fs' | calleeImports | | -| autogenerated/TaintedPath/my-async-fs-module.js:1:20:1:23 | 'fs' | contextFunctionInterfaces | | -| autogenerated/TaintedPath/my-async-fs-module.js:1:20:1:23 | 'fs' | contextSurroundingFunctionParameters | | -| autogenerated/TaintedPath/my-async-fs-module.js:1:20:1:23 | 'fs' | enclosingFunctionBody | | -| autogenerated/TaintedPath/my-async-fs-module.js:1:20:1:23 | 'fs' | enclosingFunctionName | | -| autogenerated/TaintedPath/my-async-fs-module.js:1:20:1:23 | 'fs' | fileImports | bluebird fs | -| autogenerated/TaintedPath/my-async-fs-module.js:1:20:1:23 | 'fs' | receiverName | | -| autogenerated/TaintedPath/my-async-fs-module.js:1:20:1:23 | 'fs' | stringConcatenatedWith | | -| autogenerated/TaintedPath/my-async-fs-module.js:2:29:2:38 | 'bluebird' | CalleeFlexibleAccessPath | require | -| autogenerated/TaintedPath/my-async-fs-module.js:2:29:2:38 | 'bluebird' | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/my-async-fs-module.js:2:29:2:38 | 'bluebird' | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/my-async-fs-module.js:2:29:2:38 | 'bluebird' | assignedToPropName | | -| autogenerated/TaintedPath/my-async-fs-module.js:2:29:2:38 | 'bluebird' | calleeImports | | -| autogenerated/TaintedPath/my-async-fs-module.js:2:29:2:38 | 'bluebird' | contextFunctionInterfaces | | -| autogenerated/TaintedPath/my-async-fs-module.js:2:29:2:38 | 'bluebird' | contextSurroundingFunctionParameters | | -| autogenerated/TaintedPath/my-async-fs-module.js:2:29:2:38 | 'bluebird' | enclosingFunctionBody | | -| autogenerated/TaintedPath/my-async-fs-module.js:2:29:2:38 | 'bluebird' | enclosingFunctionName | | -| autogenerated/TaintedPath/my-async-fs-module.js:2:29:2:38 | 'bluebird' | fileImports | bluebird fs | -| autogenerated/TaintedPath/my-async-fs-module.js:2:29:2:38 | 'bluebird' | receiverName | | -| autogenerated/TaintedPath/my-async-fs-module.js:2:29:2:38 | 'bluebird' | stringConcatenatedWith | | -| autogenerated/TaintedPath/my-async-fs-module.js:12:27:12:36 | fs[method] | CalleeFlexibleAccessPath | promisify | -| autogenerated/TaintedPath/my-async-fs-module.js:12:27:12:36 | fs[method] | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/my-async-fs-module.js:12:27:12:36 | fs[method] | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/my-async-fs-module.js:12:27:12:36 | fs[method] | assignedToPropName | | -| autogenerated/TaintedPath/my-async-fs-module.js:12:27:12:36 | fs[method] | calleeImports | bluebird | -| autogenerated/TaintedPath/my-async-fs-module.js:12:27:12:36 | fs[method] | contextFunctionInterfaces | | -| autogenerated/TaintedPath/my-async-fs-module.js:12:27:12:36 | fs[method] | contextSurroundingFunctionParameters | (obj, method) | -| autogenerated/TaintedPath/my-async-fs-module.js:12:27:12:36 | fs[method] | enclosingFunctionBody | obj method obj method promisify fs method obj | -| autogenerated/TaintedPath/my-async-fs-module.js:12:27:12:36 | fs[method] | enclosingFunctionName | methods.reduce#functionalargument | -| autogenerated/TaintedPath/my-async-fs-module.js:12:27:12:36 | fs[method] | fileImports | bluebird fs | -| autogenerated/TaintedPath/my-async-fs-module.js:12:27:12:36 | fs[method] | receiverName | | -| autogenerated/TaintedPath/my-async-fs-module.js:12:27:12:36 | fs[method] | stringConcatenatedWith | | -| autogenerated/TaintedPath/my-fs-module.js:3:18:3:21 | "fs" | CalleeFlexibleAccessPath | require | -| autogenerated/TaintedPath/my-fs-module.js:3:18:3:21 | "fs" | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/my-fs-module.js:3:18:3:21 | "fs" | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/my-fs-module.js:3:18:3:21 | "fs" | assignedToPropName | | -| autogenerated/TaintedPath/my-fs-module.js:3:18:3:21 | "fs" | calleeImports | | -| autogenerated/TaintedPath/my-fs-module.js:3:18:3:21 | "fs" | contextFunctionInterfaces | require(special) | -| autogenerated/TaintedPath/my-fs-module.js:3:18:3:21 | "fs" | contextSurroundingFunctionParameters | (special) | -| autogenerated/TaintedPath/my-fs-module.js:3:18:3:21 | "fs" | enclosingFunctionBody | special special require fs require original-fs | -| autogenerated/TaintedPath/my-fs-module.js:3:18:3:21 | "fs" | enclosingFunctionName | require | -| autogenerated/TaintedPath/my-fs-module.js:3:18:3:21 | "fs" | fileImports | fs original-fs | -| autogenerated/TaintedPath/my-fs-module.js:3:18:3:21 | "fs" | receiverName | | -| autogenerated/TaintedPath/my-fs-module.js:3:18:3:21 | "fs" | stringConcatenatedWith | | -| autogenerated/TaintedPath/my-fs-module.js:5:18:5:30 | "original-fs" | CalleeFlexibleAccessPath | require | -| autogenerated/TaintedPath/my-fs-module.js:5:18:5:30 | "original-fs" | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/my-fs-module.js:5:18:5:30 | "original-fs" | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/my-fs-module.js:5:18:5:30 | "original-fs" | assignedToPropName | | -| autogenerated/TaintedPath/my-fs-module.js:5:18:5:30 | "original-fs" | calleeImports | | -| autogenerated/TaintedPath/my-fs-module.js:5:18:5:30 | "original-fs" | contextFunctionInterfaces | require(special) | -| autogenerated/TaintedPath/my-fs-module.js:5:18:5:30 | "original-fs" | contextSurroundingFunctionParameters | (special) | -| autogenerated/TaintedPath/my-fs-module.js:5:18:5:30 | "original-fs" | enclosingFunctionBody | special special require fs require original-fs | -| autogenerated/TaintedPath/my-fs-module.js:5:18:5:30 | "original-fs" | enclosingFunctionName | require | -| autogenerated/TaintedPath/my-fs-module.js:5:18:5:30 | "original-fs" | fileImports | fs original-fs | -| autogenerated/TaintedPath/my-fs-module.js:5:18:5:30 | "original-fs" | receiverName | | -| autogenerated/TaintedPath/my-fs-module.js:5:18:5:30 | "original-fs" | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:1:18:1:21 | 'fs' | CalleeFlexibleAccessPath | require | -| autogenerated/TaintedPath/normalizedPaths.js:1:18:1:21 | 'fs' | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:1:18:1:21 | 'fs' | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/normalizedPaths.js:1:18:1:21 | 'fs' | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:1:18:1:21 | 'fs' | calleeImports | | -| autogenerated/TaintedPath/normalizedPaths.js:1:18:1:21 | 'fs' | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:1:18:1:21 | 'fs' | contextSurroundingFunctionParameters | | -| autogenerated/TaintedPath/normalizedPaths.js:1:18:1:21 | 'fs' | enclosingFunctionBody | | -| autogenerated/TaintedPath/normalizedPaths.js:1:18:1:21 | 'fs' | enclosingFunctionName | | -| autogenerated/TaintedPath/normalizedPaths.js:1:18:1:21 | 'fs' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:1:18:1:21 | 'fs' | receiverName | | -| autogenerated/TaintedPath/normalizedPaths.js:1:18:1:21 | 'fs' | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:2:23:2:31 | 'express' | CalleeFlexibleAccessPath | require | -| autogenerated/TaintedPath/normalizedPaths.js:2:23:2:31 | 'express' | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:2:23:2:31 | 'express' | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/normalizedPaths.js:2:23:2:31 | 'express' | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:2:23:2:31 | 'express' | calleeImports | | -| autogenerated/TaintedPath/normalizedPaths.js:2:23:2:31 | 'express' | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:2:23:2:31 | 'express' | contextSurroundingFunctionParameters | | -| autogenerated/TaintedPath/normalizedPaths.js:2:23:2:31 | 'express' | enclosingFunctionBody | | -| autogenerated/TaintedPath/normalizedPaths.js:2:23:2:31 | 'express' | enclosingFunctionName | | -| autogenerated/TaintedPath/normalizedPaths.js:2:23:2:31 | 'express' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:2:23:2:31 | 'express' | receiverName | | -| autogenerated/TaintedPath/normalizedPaths.js:2:23:2:31 | 'express' | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:3:19:3:23 | 'url' | CalleeFlexibleAccessPath | require | -| autogenerated/TaintedPath/normalizedPaths.js:3:19:3:23 | 'url' | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:3:19:3:23 | 'url' | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/normalizedPaths.js:3:19:3:23 | 'url' | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:3:19:3:23 | 'url' | calleeImports | | -| autogenerated/TaintedPath/normalizedPaths.js:3:19:3:23 | 'url' | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:3:19:3:23 | 'url' | contextSurroundingFunctionParameters | | -| autogenerated/TaintedPath/normalizedPaths.js:3:19:3:23 | 'url' | enclosingFunctionBody | | -| autogenerated/TaintedPath/normalizedPaths.js:3:19:3:23 | 'url' | enclosingFunctionName | | -| autogenerated/TaintedPath/normalizedPaths.js:3:19:3:23 | 'url' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:3:19:3:23 | 'url' | receiverName | | -| autogenerated/TaintedPath/normalizedPaths.js:3:19:3:23 | 'url' | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:4:24:4:42 | 'sanitize-filename' | CalleeFlexibleAccessPath | require | -| autogenerated/TaintedPath/normalizedPaths.js:4:24:4:42 | 'sanitize-filename' | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:4:24:4:42 | 'sanitize-filename' | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/normalizedPaths.js:4:24:4:42 | 'sanitize-filename' | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:4:24:4:42 | 'sanitize-filename' | calleeImports | | -| autogenerated/TaintedPath/normalizedPaths.js:4:24:4:42 | 'sanitize-filename' | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:4:24:4:42 | 'sanitize-filename' | contextSurroundingFunctionParameters | | -| autogenerated/TaintedPath/normalizedPaths.js:4:24:4:42 | 'sanitize-filename' | enclosingFunctionBody | | -| autogenerated/TaintedPath/normalizedPaths.js:4:24:4:42 | 'sanitize-filename' | enclosingFunctionName | | -| autogenerated/TaintedPath/normalizedPaths.js:4:24:4:42 | 'sanitize-filename' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:4:24:4:42 | 'sanitize-filename' | receiverName | | -| autogenerated/TaintedPath/normalizedPaths.js:4:24:4:42 | 'sanitize-filename' | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:5:26:5:31 | 'path' | CalleeFlexibleAccessPath | require | -| autogenerated/TaintedPath/normalizedPaths.js:5:26:5:31 | 'path' | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:5:26:5:31 | 'path' | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/normalizedPaths.js:5:26:5:31 | 'path' | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:5:26:5:31 | 'path' | calleeImports | | -| autogenerated/TaintedPath/normalizedPaths.js:5:26:5:31 | 'path' | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:5:26:5:31 | 'path' | contextSurroundingFunctionParameters | | -| autogenerated/TaintedPath/normalizedPaths.js:5:26:5:31 | 'path' | enclosingFunctionBody | | -| autogenerated/TaintedPath/normalizedPaths.js:5:26:5:31 | 'path' | enclosingFunctionName | | -| autogenerated/TaintedPath/normalizedPaths.js:5:26:5:31 | 'path' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:5:26:5:31 | 'path' | receiverName | | -| autogenerated/TaintedPath/normalizedPaths.js:5:26:5:31 | 'path' | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:10:9:10:16 | '/basic' | CalleeFlexibleAccessPath | app.get | -| autogenerated/TaintedPath/normalizedPaths.js:10:9:10:16 | '/basic' | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:10:9:10:16 | '/basic' | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/normalizedPaths.js:10:9:10:16 | '/basic' | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:10:9:10:16 | '/basic' | calleeImports | express | -| autogenerated/TaintedPath/normalizedPaths.js:10:9:10:16 | '/basic' | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:10:9:10:16 | '/basic' | contextSurroundingFunctionParameters | | -| autogenerated/TaintedPath/normalizedPaths.js:10:9:10:16 | '/basic' | enclosingFunctionBody | | -| autogenerated/TaintedPath/normalizedPaths.js:10:9:10:16 | '/basic' | enclosingFunctionName | | -| autogenerated/TaintedPath/normalizedPaths.js:10:9:10:16 | '/basic' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:10:9:10:16 | '/basic' | receiverName | app | -| autogenerated/TaintedPath/normalizedPaths.js:10:9:10:16 | '/basic' | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:10:19:18:1 | (req, r ... OT OK\\n} | CalleeFlexibleAccessPath | app.get | -| autogenerated/TaintedPath/normalizedPaths.js:10:19:18:1 | (req, r ... OT OK\\n} | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:10:19:18:1 | (req, r ... OT OK\\n} | InputArgumentIndex | 1 | -| autogenerated/TaintedPath/normalizedPaths.js:10:19:18:1 | (req, r ... OT OK\\n} | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:10:19:18:1 | (req, r ... OT OK\\n} | calleeImports | express | -| autogenerated/TaintedPath/normalizedPaths.js:10:19:18:1 | (req, r ... OT OK\\n} | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:10:19:18:1 | (req, r ... OT OK\\n} | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/normalizedPaths.js:10:19:18:1 | (req, r ... OT OK\\n} | enclosingFunctionBody | | -| autogenerated/TaintedPath/normalizedPaths.js:10:19:18:1 | (req, r ... OT OK\\n} | enclosingFunctionName | | -| autogenerated/TaintedPath/normalizedPaths.js:10:19:18:1 | (req, r ... OT OK\\n} | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:10:19:18:1 | (req, r ... OT OK\\n} | receiverName | app | -| autogenerated/TaintedPath/normalizedPaths.js:10:19:18:1 | (req, r ... OT OK\\n} | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:13:19:13:22 | path | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/normalizedPaths.js:13:19:13:22 | path | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:13:19:13:22 | path | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/normalizedPaths.js:13:19:13:22 | path | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:13:19:13:22 | path | calleeImports | fs | -| autogenerated/TaintedPath/normalizedPaths.js:13:19:13:22 | path | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:13:19:13:22 | path | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/normalizedPaths.js:13:19:13:22 | path | enclosingFunctionBody | req res path req query path fs readFileSync path fs readFileSync ./ path fs readFileSync path /index.html fs readFileSync pathModule join path index.html fs readFileSync pathModule join /home/user/www path | -| autogenerated/TaintedPath/normalizedPaths.js:13:19:13:22 | path | enclosingFunctionName | app.get#functionalargument | -| autogenerated/TaintedPath/normalizedPaths.js:13:19:13:22 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:13:19:13:22 | path | receiverName | fs | -| autogenerated/TaintedPath/normalizedPaths.js:13:19:13:22 | path | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:14:19:14:29 | './' + path | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/normalizedPaths.js:14:19:14:29 | './' + path | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:14:19:14:29 | './' + path | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/normalizedPaths.js:14:19:14:29 | './' + path | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:14:19:14:29 | './' + path | calleeImports | fs | -| autogenerated/TaintedPath/normalizedPaths.js:14:19:14:29 | './' + path | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:14:19:14:29 | './' + path | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/normalizedPaths.js:14:19:14:29 | './' + path | enclosingFunctionBody | req res path req query path fs readFileSync path fs readFileSync ./ path fs readFileSync path /index.html fs readFileSync pathModule join path index.html fs readFileSync pathModule join /home/user/www path | -| autogenerated/TaintedPath/normalizedPaths.js:14:19:14:29 | './' + path | enclosingFunctionName | app.get#functionalargument | -| autogenerated/TaintedPath/normalizedPaths.js:14:19:14:29 | './' + path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:14:19:14:29 | './' + path | receiverName | fs | -| autogenerated/TaintedPath/normalizedPaths.js:14:19:14:29 | './' + path | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:15:19:15:38 | path + '/index.html' | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/normalizedPaths.js:15:19:15:38 | path + '/index.html' | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:15:19:15:38 | path + '/index.html' | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/normalizedPaths.js:15:19:15:38 | path + '/index.html' | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:15:19:15:38 | path + '/index.html' | calleeImports | fs | -| autogenerated/TaintedPath/normalizedPaths.js:15:19:15:38 | path + '/index.html' | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:15:19:15:38 | path + '/index.html' | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/normalizedPaths.js:15:19:15:38 | path + '/index.html' | enclosingFunctionBody | req res path req query path fs readFileSync path fs readFileSync ./ path fs readFileSync path /index.html fs readFileSync pathModule join path index.html fs readFileSync pathModule join /home/user/www path | -| autogenerated/TaintedPath/normalizedPaths.js:15:19:15:38 | path + '/index.html' | enclosingFunctionName | app.get#functionalargument | -| autogenerated/TaintedPath/normalizedPaths.js:15:19:15:38 | path + '/index.html' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:15:19:15:38 | path + '/index.html' | receiverName | fs | -| autogenerated/TaintedPath/normalizedPaths.js:15:19:15:38 | path + '/index.html' | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:16:19:16:53 | pathMod ... .html') | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/normalizedPaths.js:16:19:16:53 | pathMod ... .html') | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:16:19:16:53 | pathMod ... .html') | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/normalizedPaths.js:16:19:16:53 | pathMod ... .html') | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:16:19:16:53 | pathMod ... .html') | calleeImports | fs | -| autogenerated/TaintedPath/normalizedPaths.js:16:19:16:53 | pathMod ... .html') | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:16:19:16:53 | pathMod ... .html') | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/normalizedPaths.js:16:19:16:53 | pathMod ... .html') | enclosingFunctionBody | req res path req query path fs readFileSync path fs readFileSync ./ path fs readFileSync path /index.html fs readFileSync pathModule join path index.html fs readFileSync pathModule join /home/user/www path | -| autogenerated/TaintedPath/normalizedPaths.js:16:19:16:53 | pathMod ... .html') | enclosingFunctionName | app.get#functionalargument | -| autogenerated/TaintedPath/normalizedPaths.js:16:19:16:53 | pathMod ... .html') | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:16:19:16:53 | pathMod ... .html') | receiverName | fs | -| autogenerated/TaintedPath/normalizedPaths.js:16:19:16:53 | pathMod ... .html') | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:17:19:17:57 | pathMod ... , path) | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/normalizedPaths.js:17:19:17:57 | pathMod ... , path) | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:17:19:17:57 | pathMod ... , path) | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/normalizedPaths.js:17:19:17:57 | pathMod ... , path) | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:17:19:17:57 | pathMod ... , path) | calleeImports | fs | -| autogenerated/TaintedPath/normalizedPaths.js:17:19:17:57 | pathMod ... , path) | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:17:19:17:57 | pathMod ... , path) | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/normalizedPaths.js:17:19:17:57 | pathMod ... , path) | enclosingFunctionBody | req res path req query path fs readFileSync path fs readFileSync ./ path fs readFileSync path /index.html fs readFileSync pathModule join path index.html fs readFileSync pathModule join /home/user/www path | -| autogenerated/TaintedPath/normalizedPaths.js:17:19:17:57 | pathMod ... , path) | enclosingFunctionName | app.get#functionalargument | -| autogenerated/TaintedPath/normalizedPaths.js:17:19:17:57 | pathMod ... , path) | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:17:19:17:57 | pathMod ... , path) | receiverName | fs | -| autogenerated/TaintedPath/normalizedPaths.js:17:19:17:57 | pathMod ... , path) | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:20:9:20:20 | '/normalize' | CalleeFlexibleAccessPath | app.get | -| autogenerated/TaintedPath/normalizedPaths.js:20:9:20:20 | '/normalize' | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:20:9:20:20 | '/normalize' | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/normalizedPaths.js:20:9:20:20 | '/normalize' | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:20:9:20:20 | '/normalize' | calleeImports | express | -| autogenerated/TaintedPath/normalizedPaths.js:20:9:20:20 | '/normalize' | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:20:9:20:20 | '/normalize' | contextSurroundingFunctionParameters | | -| autogenerated/TaintedPath/normalizedPaths.js:20:9:20:20 | '/normalize' | enclosingFunctionBody | | -| autogenerated/TaintedPath/normalizedPaths.js:20:9:20:20 | '/normalize' | enclosingFunctionName | | -| autogenerated/TaintedPath/normalizedPaths.js:20:9:20:20 | '/normalize' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:20:9:20:20 | '/normalize' | receiverName | app | -| autogenerated/TaintedPath/normalizedPaths.js:20:9:20:20 | '/normalize' | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:20:23:28:1 | (req, r ... OT OK\\n} | CalleeFlexibleAccessPath | app.get | -| autogenerated/TaintedPath/normalizedPaths.js:20:23:28:1 | (req, r ... OT OK\\n} | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:20:23:28:1 | (req, r ... OT OK\\n} | InputArgumentIndex | 1 | -| autogenerated/TaintedPath/normalizedPaths.js:20:23:28:1 | (req, r ... OT OK\\n} | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:20:23:28:1 | (req, r ... OT OK\\n} | calleeImports | express | -| autogenerated/TaintedPath/normalizedPaths.js:20:23:28:1 | (req, r ... OT OK\\n} | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:20:23:28:1 | (req, r ... OT OK\\n} | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/normalizedPaths.js:20:23:28:1 | (req, r ... OT OK\\n} | enclosingFunctionBody | | -| autogenerated/TaintedPath/normalizedPaths.js:20:23:28:1 | (req, r ... OT OK\\n} | enclosingFunctionName | | -| autogenerated/TaintedPath/normalizedPaths.js:20:23:28:1 | (req, r ... OT OK\\n} | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:20:23:28:1 | (req, r ... OT OK\\n} | receiverName | app | -| autogenerated/TaintedPath/normalizedPaths.js:20:23:28:1 | (req, r ... OT OK\\n} | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:21:14:21:49 | pathMod ... y.path) | CalleeFlexibleAccessPath | | -| autogenerated/TaintedPath/normalizedPaths.js:21:14:21:49 | pathMod ... y.path) | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:21:14:21:49 | pathMod ... y.path) | InputArgumentIndex | | -| autogenerated/TaintedPath/normalizedPaths.js:21:14:21:49 | pathMod ... y.path) | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:21:14:21:49 | pathMod ... y.path) | calleeImports | | -| autogenerated/TaintedPath/normalizedPaths.js:21:14:21:49 | pathMod ... y.path) | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:21:14:21:49 | pathMod ... y.path) | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/normalizedPaths.js:21:14:21:49 | pathMod ... y.path) | enclosingFunctionBody | req res path pathModule normalize req query path fs readFileSync path fs readFileSync ./ path fs readFileSync path /index.html fs readFileSync pathModule join path index.html fs readFileSync pathModule join /home/user/www path | -| autogenerated/TaintedPath/normalizedPaths.js:21:14:21:49 | pathMod ... y.path) | enclosingFunctionName | app.get#functionalargument | -| autogenerated/TaintedPath/normalizedPaths.js:21:14:21:49 | pathMod ... y.path) | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:21:14:21:49 | pathMod ... y.path) | receiverName | | -| autogenerated/TaintedPath/normalizedPaths.js:21:14:21:49 | pathMod ... y.path) | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:23:19:23:22 | path | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/normalizedPaths.js:23:19:23:22 | path | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:23:19:23:22 | path | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/normalizedPaths.js:23:19:23:22 | path | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:23:19:23:22 | path | calleeImports | fs | -| autogenerated/TaintedPath/normalizedPaths.js:23:19:23:22 | path | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:23:19:23:22 | path | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/normalizedPaths.js:23:19:23:22 | path | enclosingFunctionBody | req res path pathModule normalize req query path fs readFileSync path fs readFileSync ./ path fs readFileSync path /index.html fs readFileSync pathModule join path index.html fs readFileSync pathModule join /home/user/www path | -| autogenerated/TaintedPath/normalizedPaths.js:23:19:23:22 | path | enclosingFunctionName | app.get#functionalargument | -| autogenerated/TaintedPath/normalizedPaths.js:23:19:23:22 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:23:19:23:22 | path | receiverName | fs | -| autogenerated/TaintedPath/normalizedPaths.js:23:19:23:22 | path | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:24:19:24:29 | './' + path | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/normalizedPaths.js:24:19:24:29 | './' + path | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:24:19:24:29 | './' + path | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/normalizedPaths.js:24:19:24:29 | './' + path | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:24:19:24:29 | './' + path | calleeImports | fs | -| autogenerated/TaintedPath/normalizedPaths.js:24:19:24:29 | './' + path | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:24:19:24:29 | './' + path | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/normalizedPaths.js:24:19:24:29 | './' + path | enclosingFunctionBody | req res path pathModule normalize req query path fs readFileSync path fs readFileSync ./ path fs readFileSync path /index.html fs readFileSync pathModule join path index.html fs readFileSync pathModule join /home/user/www path | -| autogenerated/TaintedPath/normalizedPaths.js:24:19:24:29 | './' + path | enclosingFunctionName | app.get#functionalargument | -| autogenerated/TaintedPath/normalizedPaths.js:24:19:24:29 | './' + path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:24:19:24:29 | './' + path | receiverName | fs | -| autogenerated/TaintedPath/normalizedPaths.js:24:19:24:29 | './' + path | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:25:19:25:38 | path + '/index.html' | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/normalizedPaths.js:25:19:25:38 | path + '/index.html' | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:25:19:25:38 | path + '/index.html' | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/normalizedPaths.js:25:19:25:38 | path + '/index.html' | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:25:19:25:38 | path + '/index.html' | calleeImports | fs | -| autogenerated/TaintedPath/normalizedPaths.js:25:19:25:38 | path + '/index.html' | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:25:19:25:38 | path + '/index.html' | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/normalizedPaths.js:25:19:25:38 | path + '/index.html' | enclosingFunctionBody | req res path pathModule normalize req query path fs readFileSync path fs readFileSync ./ path fs readFileSync path /index.html fs readFileSync pathModule join path index.html fs readFileSync pathModule join /home/user/www path | -| autogenerated/TaintedPath/normalizedPaths.js:25:19:25:38 | path + '/index.html' | enclosingFunctionName | app.get#functionalargument | -| autogenerated/TaintedPath/normalizedPaths.js:25:19:25:38 | path + '/index.html' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:25:19:25:38 | path + '/index.html' | receiverName | fs | -| autogenerated/TaintedPath/normalizedPaths.js:25:19:25:38 | path + '/index.html' | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:26:19:26:53 | pathMod ... .html') | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/normalizedPaths.js:26:19:26:53 | pathMod ... .html') | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:26:19:26:53 | pathMod ... .html') | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/normalizedPaths.js:26:19:26:53 | pathMod ... .html') | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:26:19:26:53 | pathMod ... .html') | calleeImports | fs | -| autogenerated/TaintedPath/normalizedPaths.js:26:19:26:53 | pathMod ... .html') | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:26:19:26:53 | pathMod ... .html') | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/normalizedPaths.js:26:19:26:53 | pathMod ... .html') | enclosingFunctionBody | req res path pathModule normalize req query path fs readFileSync path fs readFileSync ./ path fs readFileSync path /index.html fs readFileSync pathModule join path index.html fs readFileSync pathModule join /home/user/www path | -| autogenerated/TaintedPath/normalizedPaths.js:26:19:26:53 | pathMod ... .html') | enclosingFunctionName | app.get#functionalargument | -| autogenerated/TaintedPath/normalizedPaths.js:26:19:26:53 | pathMod ... .html') | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:26:19:26:53 | pathMod ... .html') | receiverName | fs | -| autogenerated/TaintedPath/normalizedPaths.js:26:19:26:53 | pathMod ... .html') | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:27:19:27:57 | pathMod ... , path) | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/normalizedPaths.js:27:19:27:57 | pathMod ... , path) | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:27:19:27:57 | pathMod ... , path) | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/normalizedPaths.js:27:19:27:57 | pathMod ... , path) | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:27:19:27:57 | pathMod ... , path) | calleeImports | fs | -| autogenerated/TaintedPath/normalizedPaths.js:27:19:27:57 | pathMod ... , path) | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:27:19:27:57 | pathMod ... , path) | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/normalizedPaths.js:27:19:27:57 | pathMod ... , path) | enclosingFunctionBody | req res path pathModule normalize req query path fs readFileSync path fs readFileSync ./ path fs readFileSync path /index.html fs readFileSync pathModule join path index.html fs readFileSync pathModule join /home/user/www path | -| autogenerated/TaintedPath/normalizedPaths.js:27:19:27:57 | pathMod ... , path) | enclosingFunctionName | app.get#functionalargument | -| autogenerated/TaintedPath/normalizedPaths.js:27:19:27:57 | pathMod ... , path) | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:27:19:27:57 | pathMod ... , path) | receiverName | fs | -| autogenerated/TaintedPath/normalizedPaths.js:27:19:27:57 | pathMod ... , path) | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:30:9:30:32 | '/norma ... solute' | CalleeFlexibleAccessPath | app.get | -| autogenerated/TaintedPath/normalizedPaths.js:30:9:30:32 | '/norma ... solute' | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:30:9:30:32 | '/norma ... solute' | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/normalizedPaths.js:30:9:30:32 | '/norma ... solute' | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:30:9:30:32 | '/norma ... solute' | calleeImports | express | -| autogenerated/TaintedPath/normalizedPaths.js:30:9:30:32 | '/norma ... solute' | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:30:9:30:32 | '/norma ... solute' | contextSurroundingFunctionParameters | | -| autogenerated/TaintedPath/normalizedPaths.js:30:9:30:32 | '/norma ... solute' | enclosingFunctionBody | | -| autogenerated/TaintedPath/normalizedPaths.js:30:9:30:32 | '/norma ... solute' | enclosingFunctionName | | -| autogenerated/TaintedPath/normalizedPaths.js:30:9:30:32 | '/norma ... solute' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:30:9:30:32 | '/norma ... solute' | receiverName | app | -| autogenerated/TaintedPath/normalizedPaths.js:30:9:30:32 | '/norma ... solute' | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:30:35:51:1 | (req, r ... // OK\\n} | CalleeFlexibleAccessPath | app.get | -| autogenerated/TaintedPath/normalizedPaths.js:30:35:51:1 | (req, r ... // OK\\n} | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:30:35:51:1 | (req, r ... // OK\\n} | InputArgumentIndex | 1 | -| autogenerated/TaintedPath/normalizedPaths.js:30:35:51:1 | (req, r ... // OK\\n} | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:30:35:51:1 | (req, r ... // OK\\n} | calleeImports | express | -| autogenerated/TaintedPath/normalizedPaths.js:30:35:51:1 | (req, r ... // OK\\n} | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:30:35:51:1 | (req, r ... // OK\\n} | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/normalizedPaths.js:30:35:51:1 | (req, r ... // OK\\n} | enclosingFunctionBody | | -| autogenerated/TaintedPath/normalizedPaths.js:30:35:51:1 | (req, r ... // OK\\n} | enclosingFunctionName | | -| autogenerated/TaintedPath/normalizedPaths.js:30:35:51:1 | (req, r ... // OK\\n} | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:30:35:51:1 | (req, r ... // OK\\n} | receiverName | app | -| autogenerated/TaintedPath/normalizedPaths.js:30:35:51:1 | (req, r ... // OK\\n} | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:31:14:31:49 | pathMod ... y.path) | CalleeFlexibleAccessPath | | -| autogenerated/TaintedPath/normalizedPaths.js:31:14:31:49 | pathMod ... y.path) | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:31:14:31:49 | pathMod ... y.path) | InputArgumentIndex | | -| autogenerated/TaintedPath/normalizedPaths.js:31:14:31:49 | pathMod ... y.path) | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:31:14:31:49 | pathMod ... y.path) | calleeImports | | -| autogenerated/TaintedPath/normalizedPaths.js:31:14:31:49 | pathMod ... y.path) | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:31:14:31:49 | pathMod ... y.path) | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/normalizedPaths.js:31:14:31:49 | pathMod ... y.path) | enclosingFunctionBody | req res path pathModule normalize req query path pathModule isAbsolute path fs readFileSync path path startsWith . fs readFileSync path fs readFileSync path path startsWith .. fs readFileSync path path startsWith ../ fs readFileSync path path startsWith .. pathModule sep fs readFileSync path | -| autogenerated/TaintedPath/normalizedPaths.js:31:14:31:49 | pathMod ... y.path) | enclosingFunctionName | app.get#functionalargument | -| autogenerated/TaintedPath/normalizedPaths.js:31:14:31:49 | pathMod ... y.path) | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:31:14:31:49 | pathMod ... y.path) | receiverName | | -| autogenerated/TaintedPath/normalizedPaths.js:31:14:31:49 | pathMod ... y.path) | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:36:19:36:22 | path | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/normalizedPaths.js:36:19:36:22 | path | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:36:19:36:22 | path | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/normalizedPaths.js:36:19:36:22 | path | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:36:19:36:22 | path | calleeImports | fs | -| autogenerated/TaintedPath/normalizedPaths.js:36:19:36:22 | path | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:36:19:36:22 | path | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/normalizedPaths.js:36:19:36:22 | path | enclosingFunctionBody | req res path pathModule normalize req query path pathModule isAbsolute path fs readFileSync path path startsWith . fs readFileSync path fs readFileSync path path startsWith .. fs readFileSync path path startsWith ../ fs readFileSync path path startsWith .. pathModule sep fs readFileSync path | -| autogenerated/TaintedPath/normalizedPaths.js:36:19:36:22 | path | enclosingFunctionName | app.get#functionalargument | -| autogenerated/TaintedPath/normalizedPaths.js:36:19:36:22 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:36:19:36:22 | path | receiverName | fs | -| autogenerated/TaintedPath/normalizedPaths.js:36:19:36:22 | path | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:38:24:38:26 | "." | CalleeFlexibleAccessPath | path.startsWith | -| autogenerated/TaintedPath/normalizedPaths.js:38:24:38:26 | "." | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:38:24:38:26 | "." | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/normalizedPaths.js:38:24:38:26 | "." | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:38:24:38:26 | "." | calleeImports | path | -| autogenerated/TaintedPath/normalizedPaths.js:38:24:38:26 | "." | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:38:24:38:26 | "." | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/normalizedPaths.js:38:24:38:26 | "." | enclosingFunctionBody | req res path pathModule normalize req query path pathModule isAbsolute path fs readFileSync path path startsWith . fs readFileSync path fs readFileSync path path startsWith .. fs readFileSync path path startsWith ../ fs readFileSync path path startsWith .. pathModule sep fs readFileSync path | -| autogenerated/TaintedPath/normalizedPaths.js:38:24:38:26 | "." | enclosingFunctionName | app.get#functionalargument | -| autogenerated/TaintedPath/normalizedPaths.js:38:24:38:26 | "." | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:38:24:38:26 | "." | receiverName | path | -| autogenerated/TaintedPath/normalizedPaths.js:38:24:38:26 | "." | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:39:21:39:24 | path | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/normalizedPaths.js:39:21:39:24 | path | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:39:21:39:24 | path | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/normalizedPaths.js:39:21:39:24 | path | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:39:21:39:24 | path | calleeImports | fs | -| autogenerated/TaintedPath/normalizedPaths.js:39:21:39:24 | path | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:39:21:39:24 | path | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/normalizedPaths.js:39:21:39:24 | path | enclosingFunctionBody | req res path pathModule normalize req query path pathModule isAbsolute path fs readFileSync path path startsWith . fs readFileSync path fs readFileSync path path startsWith .. fs readFileSync path path startsWith ../ fs readFileSync path path startsWith .. pathModule sep fs readFileSync path | -| autogenerated/TaintedPath/normalizedPaths.js:39:21:39:24 | path | enclosingFunctionName | app.get#functionalargument | -| autogenerated/TaintedPath/normalizedPaths.js:39:21:39:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:39:21:39:24 | path | receiverName | fs | -| autogenerated/TaintedPath/normalizedPaths.js:39:21:39:24 | path | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:41:21:41:24 | path | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/normalizedPaths.js:41:21:41:24 | path | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:41:21:41:24 | path | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/normalizedPaths.js:41:21:41:24 | path | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:41:21:41:24 | path | calleeImports | fs | -| autogenerated/TaintedPath/normalizedPaths.js:41:21:41:24 | path | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:41:21:41:24 | path | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/normalizedPaths.js:41:21:41:24 | path | enclosingFunctionBody | req res path pathModule normalize req query path pathModule isAbsolute path fs readFileSync path path startsWith . fs readFileSync path fs readFileSync path path startsWith .. fs readFileSync path path startsWith ../ fs readFileSync path path startsWith .. pathModule sep fs readFileSync path | -| autogenerated/TaintedPath/normalizedPaths.js:41:21:41:24 | path | enclosingFunctionName | app.get#functionalargument | -| autogenerated/TaintedPath/normalizedPaths.js:41:21:41:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:41:21:41:24 | path | receiverName | fs | -| autogenerated/TaintedPath/normalizedPaths.js:41:21:41:24 | path | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:43:24:43:27 | ".." | CalleeFlexibleAccessPath | path.startsWith | -| autogenerated/TaintedPath/normalizedPaths.js:43:24:43:27 | ".." | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:43:24:43:27 | ".." | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/normalizedPaths.js:43:24:43:27 | ".." | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:43:24:43:27 | ".." | calleeImports | path | -| autogenerated/TaintedPath/normalizedPaths.js:43:24:43:27 | ".." | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:43:24:43:27 | ".." | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/normalizedPaths.js:43:24:43:27 | ".." | enclosingFunctionBody | req res path pathModule normalize req query path pathModule isAbsolute path fs readFileSync path path startsWith . fs readFileSync path fs readFileSync path path startsWith .. fs readFileSync path path startsWith ../ fs readFileSync path path startsWith .. pathModule sep fs readFileSync path | -| autogenerated/TaintedPath/normalizedPaths.js:43:24:43:27 | ".." | enclosingFunctionName | app.get#functionalargument | -| autogenerated/TaintedPath/normalizedPaths.js:43:24:43:27 | ".." | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:43:24:43:27 | ".." | receiverName | path | -| autogenerated/TaintedPath/normalizedPaths.js:43:24:43:27 | ".." | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:44:21:44:24 | path | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/normalizedPaths.js:44:21:44:24 | path | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:44:21:44:24 | path | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/normalizedPaths.js:44:21:44:24 | path | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:44:21:44:24 | path | calleeImports | fs | -| autogenerated/TaintedPath/normalizedPaths.js:44:21:44:24 | path | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:44:21:44:24 | path | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/normalizedPaths.js:44:21:44:24 | path | enclosingFunctionBody | req res path pathModule normalize req query path pathModule isAbsolute path fs readFileSync path path startsWith . fs readFileSync path fs readFileSync path path startsWith .. fs readFileSync path path startsWith ../ fs readFileSync path path startsWith .. pathModule sep fs readFileSync path | -| autogenerated/TaintedPath/normalizedPaths.js:44:21:44:24 | path | enclosingFunctionName | app.get#functionalargument | -| autogenerated/TaintedPath/normalizedPaths.js:44:21:44:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:44:21:44:24 | path | receiverName | fs | -| autogenerated/TaintedPath/normalizedPaths.js:44:21:44:24 | path | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:46:24:46:28 | "../" | CalleeFlexibleAccessPath | path.startsWith | -| autogenerated/TaintedPath/normalizedPaths.js:46:24:46:28 | "../" | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:46:24:46:28 | "../" | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/normalizedPaths.js:46:24:46:28 | "../" | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:46:24:46:28 | "../" | calleeImports | path | -| autogenerated/TaintedPath/normalizedPaths.js:46:24:46:28 | "../" | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:46:24:46:28 | "../" | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/normalizedPaths.js:46:24:46:28 | "../" | enclosingFunctionBody | req res path pathModule normalize req query path pathModule isAbsolute path fs readFileSync path path startsWith . fs readFileSync path fs readFileSync path path startsWith .. fs readFileSync path path startsWith ../ fs readFileSync path path startsWith .. pathModule sep fs readFileSync path | -| autogenerated/TaintedPath/normalizedPaths.js:46:24:46:28 | "../" | enclosingFunctionName | app.get#functionalargument | -| autogenerated/TaintedPath/normalizedPaths.js:46:24:46:28 | "../" | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:46:24:46:28 | "../" | receiverName | path | -| autogenerated/TaintedPath/normalizedPaths.js:46:24:46:28 | "../" | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:47:21:47:24 | path | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/normalizedPaths.js:47:21:47:24 | path | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:47:21:47:24 | path | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/normalizedPaths.js:47:21:47:24 | path | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:47:21:47:24 | path | calleeImports | fs | -| autogenerated/TaintedPath/normalizedPaths.js:47:21:47:24 | path | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:47:21:47:24 | path | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/normalizedPaths.js:47:21:47:24 | path | enclosingFunctionBody | req res path pathModule normalize req query path pathModule isAbsolute path fs readFileSync path path startsWith . fs readFileSync path fs readFileSync path path startsWith .. fs readFileSync path path startsWith ../ fs readFileSync path path startsWith .. pathModule sep fs readFileSync path | -| autogenerated/TaintedPath/normalizedPaths.js:47:21:47:24 | path | enclosingFunctionName | app.get#functionalargument | -| autogenerated/TaintedPath/normalizedPaths.js:47:21:47:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:47:21:47:24 | path | receiverName | fs | -| autogenerated/TaintedPath/normalizedPaths.js:47:21:47:24 | path | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:49:24:49:44 | ".." + ... ule.sep | CalleeFlexibleAccessPath | path.startsWith | -| autogenerated/TaintedPath/normalizedPaths.js:49:24:49:44 | ".." + ... ule.sep | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:49:24:49:44 | ".." + ... ule.sep | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/normalizedPaths.js:49:24:49:44 | ".." + ... ule.sep | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:49:24:49:44 | ".." + ... ule.sep | calleeImports | path | -| autogenerated/TaintedPath/normalizedPaths.js:49:24:49:44 | ".." + ... ule.sep | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:49:24:49:44 | ".." + ... ule.sep | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/normalizedPaths.js:49:24:49:44 | ".." + ... ule.sep | enclosingFunctionBody | req res path pathModule normalize req query path pathModule isAbsolute path fs readFileSync path path startsWith . fs readFileSync path fs readFileSync path path startsWith .. fs readFileSync path path startsWith ../ fs readFileSync path path startsWith .. pathModule sep fs readFileSync path | -| autogenerated/TaintedPath/normalizedPaths.js:49:24:49:44 | ".." + ... ule.sep | enclosingFunctionName | app.get#functionalargument | -| autogenerated/TaintedPath/normalizedPaths.js:49:24:49:44 | ".." + ... ule.sep | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:49:24:49:44 | ".." + ... ule.sep | receiverName | path | -| autogenerated/TaintedPath/normalizedPaths.js:49:24:49:44 | ".." + ... ule.sep | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:50:21:50:24 | path | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/normalizedPaths.js:50:21:50:24 | path | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:50:21:50:24 | path | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/normalizedPaths.js:50:21:50:24 | path | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:50:21:50:24 | path | calleeImports | fs | -| autogenerated/TaintedPath/normalizedPaths.js:50:21:50:24 | path | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:50:21:50:24 | path | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/normalizedPaths.js:50:21:50:24 | path | enclosingFunctionBody | req res path pathModule normalize req query path pathModule isAbsolute path fs readFileSync path path startsWith . fs readFileSync path fs readFileSync path path startsWith .. fs readFileSync path path startsWith ../ fs readFileSync path path startsWith .. pathModule sep fs readFileSync path | -| autogenerated/TaintedPath/normalizedPaths.js:50:21:50:24 | path | enclosingFunctionName | app.get#functionalargument | -| autogenerated/TaintedPath/normalizedPaths.js:50:21:50:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:50:21:50:24 | path | receiverName | fs | -| autogenerated/TaintedPath/normalizedPaths.js:50:21:50:24 | path | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:53:9:53:36 | '/norma ... DotDot' | CalleeFlexibleAccessPath | app.get | -| autogenerated/TaintedPath/normalizedPaths.js:53:9:53:36 | '/norma ... DotDot' | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:53:9:53:36 | '/norma ... DotDot' | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/normalizedPaths.js:53:9:53:36 | '/norma ... DotDot' | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:53:9:53:36 | '/norma ... DotDot' | calleeImports | express | -| autogenerated/TaintedPath/normalizedPaths.js:53:9:53:36 | '/norma ... DotDot' | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:53:9:53:36 | '/norma ... DotDot' | contextSurroundingFunctionParameters | | -| autogenerated/TaintedPath/normalizedPaths.js:53:9:53:36 | '/norma ... DotDot' | enclosingFunctionBody | | -| autogenerated/TaintedPath/normalizedPaths.js:53:9:53:36 | '/norma ... DotDot' | enclosingFunctionName | | -| autogenerated/TaintedPath/normalizedPaths.js:53:9:53:36 | '/norma ... DotDot' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:53:9:53:36 | '/norma ... DotDot' | receiverName | app | -| autogenerated/TaintedPath/normalizedPaths.js:53:9:53:36 | '/norma ... DotDot' | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:53:39:69:1 | (req, r ... OT OK\\n} | CalleeFlexibleAccessPath | app.get | -| autogenerated/TaintedPath/normalizedPaths.js:53:39:69:1 | (req, r ... OT OK\\n} | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:53:39:69:1 | (req, r ... OT OK\\n} | InputArgumentIndex | 1 | -| autogenerated/TaintedPath/normalizedPaths.js:53:39:69:1 | (req, r ... OT OK\\n} | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:53:39:69:1 | (req, r ... OT OK\\n} | calleeImports | express | -| autogenerated/TaintedPath/normalizedPaths.js:53:39:69:1 | (req, r ... OT OK\\n} | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:53:39:69:1 | (req, r ... OT OK\\n} | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/normalizedPaths.js:53:39:69:1 | (req, r ... OT OK\\n} | enclosingFunctionBody | | -| autogenerated/TaintedPath/normalizedPaths.js:53:39:69:1 | (req, r ... OT OK\\n} | enclosingFunctionName | | -| autogenerated/TaintedPath/normalizedPaths.js:53:39:69:1 | (req, r ... OT OK\\n} | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:53:39:69:1 | (req, r ... OT OK\\n} | receiverName | app | -| autogenerated/TaintedPath/normalizedPaths.js:53:39:69:1 | (req, r ... OT OK\\n} | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:54:14:54:49 | pathMod ... y.path) | CalleeFlexibleAccessPath | | -| autogenerated/TaintedPath/normalizedPaths.js:54:14:54:49 | pathMod ... y.path) | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:54:14:54:49 | pathMod ... y.path) | InputArgumentIndex | | -| autogenerated/TaintedPath/normalizedPaths.js:54:14:54:49 | pathMod ... y.path) | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:54:14:54:49 | pathMod ... y.path) | calleeImports | | -| autogenerated/TaintedPath/normalizedPaths.js:54:14:54:49 | pathMod ... y.path) | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:54:14:54:49 | pathMod ... y.path) | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/normalizedPaths.js:54:14:54:49 | pathMod ... y.path) | enclosingFunctionBody | req res path pathModule normalize req query path path startsWith .. fs readFileSync path fs readFileSync ./ path fs readFileSync path /index.html pathModule isAbsolute path fs readFileSync path fs readFileSync path | -| autogenerated/TaintedPath/normalizedPaths.js:54:14:54:49 | pathMod ... y.path) | enclosingFunctionName | app.get#functionalargument | -| autogenerated/TaintedPath/normalizedPaths.js:54:14:54:49 | pathMod ... y.path) | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:54:14:54:49 | pathMod ... y.path) | receiverName | | -| autogenerated/TaintedPath/normalizedPaths.js:54:14:54:49 | pathMod ... y.path) | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:56:23:56:26 | ".." | CalleeFlexibleAccessPath | path.startsWith | -| autogenerated/TaintedPath/normalizedPaths.js:56:23:56:26 | ".." | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:56:23:56:26 | ".." | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/normalizedPaths.js:56:23:56:26 | ".." | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:56:23:56:26 | ".." | calleeImports | path | -| autogenerated/TaintedPath/normalizedPaths.js:56:23:56:26 | ".." | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:56:23:56:26 | ".." | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/normalizedPaths.js:56:23:56:26 | ".." | enclosingFunctionBody | req res path pathModule normalize req query path path startsWith .. fs readFileSync path fs readFileSync ./ path fs readFileSync path /index.html pathModule isAbsolute path fs readFileSync path fs readFileSync path | -| autogenerated/TaintedPath/normalizedPaths.js:56:23:56:26 | ".." | enclosingFunctionName | app.get#functionalargument | -| autogenerated/TaintedPath/normalizedPaths.js:56:23:56:26 | ".." | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:56:23:56:26 | ".." | receiverName | path | -| autogenerated/TaintedPath/normalizedPaths.js:56:23:56:26 | ".." | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:59:19:59:22 | path | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/normalizedPaths.js:59:19:59:22 | path | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:59:19:59:22 | path | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/normalizedPaths.js:59:19:59:22 | path | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:59:19:59:22 | path | calleeImports | fs | -| autogenerated/TaintedPath/normalizedPaths.js:59:19:59:22 | path | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:59:19:59:22 | path | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/normalizedPaths.js:59:19:59:22 | path | enclosingFunctionBody | req res path pathModule normalize req query path path startsWith .. fs readFileSync path fs readFileSync ./ path fs readFileSync path /index.html pathModule isAbsolute path fs readFileSync path fs readFileSync path | -| autogenerated/TaintedPath/normalizedPaths.js:59:19:59:22 | path | enclosingFunctionName | app.get#functionalargument | -| autogenerated/TaintedPath/normalizedPaths.js:59:19:59:22 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:59:19:59:22 | path | receiverName | fs | -| autogenerated/TaintedPath/normalizedPaths.js:59:19:59:22 | path | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:61:19:61:29 | "./" + path | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/normalizedPaths.js:61:19:61:29 | "./" + path | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:61:19:61:29 | "./" + path | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/normalizedPaths.js:61:19:61:29 | "./" + path | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:61:19:61:29 | "./" + path | calleeImports | fs | -| autogenerated/TaintedPath/normalizedPaths.js:61:19:61:29 | "./" + path | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:61:19:61:29 | "./" + path | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/normalizedPaths.js:61:19:61:29 | "./" + path | enclosingFunctionBody | req res path pathModule normalize req query path path startsWith .. fs readFileSync path fs readFileSync ./ path fs readFileSync path /index.html pathModule isAbsolute path fs readFileSync path fs readFileSync path | -| autogenerated/TaintedPath/normalizedPaths.js:61:19:61:29 | "./" + path | enclosingFunctionName | app.get#functionalargument | -| autogenerated/TaintedPath/normalizedPaths.js:61:19:61:29 | "./" + path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:61:19:61:29 | "./" + path | receiverName | fs | -| autogenerated/TaintedPath/normalizedPaths.js:61:19:61:29 | "./" + path | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:63:19:63:38 | path + "/index.html" | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/normalizedPaths.js:63:19:63:38 | path + "/index.html" | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:63:19:63:38 | path + "/index.html" | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/normalizedPaths.js:63:19:63:38 | path + "/index.html" | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:63:19:63:38 | path + "/index.html" | calleeImports | fs | -| autogenerated/TaintedPath/normalizedPaths.js:63:19:63:38 | path + "/index.html" | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:63:19:63:38 | path + "/index.html" | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/normalizedPaths.js:63:19:63:38 | path + "/index.html" | enclosingFunctionBody | req res path pathModule normalize req query path path startsWith .. fs readFileSync path fs readFileSync ./ path fs readFileSync path /index.html pathModule isAbsolute path fs readFileSync path fs readFileSync path | -| autogenerated/TaintedPath/normalizedPaths.js:63:19:63:38 | path + "/index.html" | enclosingFunctionName | app.get#functionalargument | -| autogenerated/TaintedPath/normalizedPaths.js:63:19:63:38 | path + "/index.html" | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:63:19:63:38 | path + "/index.html" | receiverName | fs | -| autogenerated/TaintedPath/normalizedPaths.js:63:19:63:38 | path + "/index.html" | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:66:21:66:24 | path | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/normalizedPaths.js:66:21:66:24 | path | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:66:21:66:24 | path | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/normalizedPaths.js:66:21:66:24 | path | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:66:21:66:24 | path | calleeImports | fs | -| autogenerated/TaintedPath/normalizedPaths.js:66:21:66:24 | path | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:66:21:66:24 | path | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/normalizedPaths.js:66:21:66:24 | path | enclosingFunctionBody | req res path pathModule normalize req query path path startsWith .. fs readFileSync path fs readFileSync ./ path fs readFileSync path /index.html pathModule isAbsolute path fs readFileSync path fs readFileSync path | -| autogenerated/TaintedPath/normalizedPaths.js:66:21:66:24 | path | enclosingFunctionName | app.get#functionalargument | -| autogenerated/TaintedPath/normalizedPaths.js:66:21:66:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:66:21:66:24 | path | receiverName | fs | -| autogenerated/TaintedPath/normalizedPaths.js:66:21:66:24 | path | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:68:21:68:24 | path | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/normalizedPaths.js:68:21:68:24 | path | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:68:21:68:24 | path | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/normalizedPaths.js:68:21:68:24 | path | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:68:21:68:24 | path | calleeImports | fs | -| autogenerated/TaintedPath/normalizedPaths.js:68:21:68:24 | path | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:68:21:68:24 | path | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/normalizedPaths.js:68:21:68:24 | path | enclosingFunctionBody | req res path pathModule normalize req query path path startsWith .. fs readFileSync path fs readFileSync ./ path fs readFileSync path /index.html pathModule isAbsolute path fs readFileSync path fs readFileSync path | -| autogenerated/TaintedPath/normalizedPaths.js:68:21:68:24 | path | enclosingFunctionName | app.get#functionalargument | -| autogenerated/TaintedPath/normalizedPaths.js:68:21:68:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:68:21:68:24 | path | receiverName | fs | -| autogenerated/TaintedPath/normalizedPaths.js:68:21:68:24 | path | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:71:9:71:28 | '/prepend-normalize' | CalleeFlexibleAccessPath | app.get | -| autogenerated/TaintedPath/normalizedPaths.js:71:9:71:28 | '/prepend-normalize' | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:71:9:71:28 | '/prepend-normalize' | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/normalizedPaths.js:71:9:71:28 | '/prepend-normalize' | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:71:9:71:28 | '/prepend-normalize' | calleeImports | express | -| autogenerated/TaintedPath/normalizedPaths.js:71:9:71:28 | '/prepend-normalize' | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:71:9:71:28 | '/prepend-normalize' | contextSurroundingFunctionParameters | | -| autogenerated/TaintedPath/normalizedPaths.js:71:9:71:28 | '/prepend-normalize' | enclosingFunctionBody | | -| autogenerated/TaintedPath/normalizedPaths.js:71:9:71:28 | '/prepend-normalize' | enclosingFunctionName | | -| autogenerated/TaintedPath/normalizedPaths.js:71:9:71:28 | '/prepend-normalize' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:71:9:71:28 | '/prepend-normalize' | receiverName | app | -| autogenerated/TaintedPath/normalizedPaths.js:71:9:71:28 | '/prepend-normalize' | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:71:31:79:1 | (req, r ... OT OK\\n} | CalleeFlexibleAccessPath | app.get | -| autogenerated/TaintedPath/normalizedPaths.js:71:31:79:1 | (req, r ... OT OK\\n} | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:71:31:79:1 | (req, r ... OT OK\\n} | InputArgumentIndex | 1 | -| autogenerated/TaintedPath/normalizedPaths.js:71:31:79:1 | (req, r ... OT OK\\n} | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:71:31:79:1 | (req, r ... OT OK\\n} | calleeImports | express | -| autogenerated/TaintedPath/normalizedPaths.js:71:31:79:1 | (req, r ... OT OK\\n} | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:71:31:79:1 | (req, r ... OT OK\\n} | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/normalizedPaths.js:71:31:79:1 | (req, r ... OT OK\\n} | enclosingFunctionBody | | -| autogenerated/TaintedPath/normalizedPaths.js:71:31:79:1 | (req, r ... OT OK\\n} | enclosingFunctionName | | -| autogenerated/TaintedPath/normalizedPaths.js:71:31:79:1 | (req, r ... OT OK\\n} | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:71:31:79:1 | (req, r ... OT OK\\n} | receiverName | app | -| autogenerated/TaintedPath/normalizedPaths.js:71:31:79:1 | (req, r ... OT OK\\n} | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:73:14:73:56 | pathMod ... y.path) | CalleeFlexibleAccessPath | | -| autogenerated/TaintedPath/normalizedPaths.js:73:14:73:56 | pathMod ... y.path) | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:73:14:73:56 | pathMod ... y.path) | InputArgumentIndex | | -| autogenerated/TaintedPath/normalizedPaths.js:73:14:73:56 | pathMod ... y.path) | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:73:14:73:56 | pathMod ... y.path) | calleeImports | | -| autogenerated/TaintedPath/normalizedPaths.js:73:14:73:56 | pathMod ... y.path) | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:73:14:73:56 | pathMod ... y.path) | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/normalizedPaths.js:73:14:73:56 | pathMod ... y.path) | enclosingFunctionBody | req res path pathModule normalize ./ req query path path startsWith .. fs readFileSync path fs readFileSync path | -| autogenerated/TaintedPath/normalizedPaths.js:73:14:73:56 | pathMod ... y.path) | enclosingFunctionName | app.get#functionalargument | -| autogenerated/TaintedPath/normalizedPaths.js:73:14:73:56 | pathMod ... y.path) | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:73:14:73:56 | pathMod ... y.path) | receiverName | | -| autogenerated/TaintedPath/normalizedPaths.js:73:14:73:56 | pathMod ... y.path) | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:75:24:75:27 | ".." | CalleeFlexibleAccessPath | path.startsWith | -| autogenerated/TaintedPath/normalizedPaths.js:75:24:75:27 | ".." | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:75:24:75:27 | ".." | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/normalizedPaths.js:75:24:75:27 | ".." | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:75:24:75:27 | ".." | calleeImports | path | -| autogenerated/TaintedPath/normalizedPaths.js:75:24:75:27 | ".." | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:75:24:75:27 | ".." | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/normalizedPaths.js:75:24:75:27 | ".." | enclosingFunctionBody | req res path pathModule normalize ./ req query path path startsWith .. fs readFileSync path fs readFileSync path | -| autogenerated/TaintedPath/normalizedPaths.js:75:24:75:27 | ".." | enclosingFunctionName | app.get#functionalargument | -| autogenerated/TaintedPath/normalizedPaths.js:75:24:75:27 | ".." | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:75:24:75:27 | ".." | receiverName | path | -| autogenerated/TaintedPath/normalizedPaths.js:75:24:75:27 | ".." | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:76:21:76:24 | path | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/normalizedPaths.js:76:21:76:24 | path | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:76:21:76:24 | path | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/normalizedPaths.js:76:21:76:24 | path | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:76:21:76:24 | path | calleeImports | fs | -| autogenerated/TaintedPath/normalizedPaths.js:76:21:76:24 | path | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:76:21:76:24 | path | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/normalizedPaths.js:76:21:76:24 | path | enclosingFunctionBody | req res path pathModule normalize ./ req query path path startsWith .. fs readFileSync path fs readFileSync path | -| autogenerated/TaintedPath/normalizedPaths.js:76:21:76:24 | path | enclosingFunctionName | app.get#functionalargument | -| autogenerated/TaintedPath/normalizedPaths.js:76:21:76:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:76:21:76:24 | path | receiverName | fs | -| autogenerated/TaintedPath/normalizedPaths.js:76:21:76:24 | path | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:78:22:78:25 | path | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/normalizedPaths.js:78:22:78:25 | path | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:78:22:78:25 | path | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/normalizedPaths.js:78:22:78:25 | path | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:78:22:78:25 | path | calleeImports | fs | -| autogenerated/TaintedPath/normalizedPaths.js:78:22:78:25 | path | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:78:22:78:25 | path | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/normalizedPaths.js:78:22:78:25 | path | enclosingFunctionBody | req res path pathModule normalize ./ req query path path startsWith .. fs readFileSync path fs readFileSync path | -| autogenerated/TaintedPath/normalizedPaths.js:78:22:78:25 | path | enclosingFunctionName | app.get#functionalargument | -| autogenerated/TaintedPath/normalizedPaths.js:78:22:78:25 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:78:22:78:25 | path | receiverName | fs | -| autogenerated/TaintedPath/normalizedPaths.js:78:22:78:25 | path | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:81:9:81:19 | '/absolute' | CalleeFlexibleAccessPath | app.get | -| autogenerated/TaintedPath/normalizedPaths.js:81:9:81:19 | '/absolute' | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:81:9:81:19 | '/absolute' | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/normalizedPaths.js:81:9:81:19 | '/absolute' | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:81:9:81:19 | '/absolute' | calleeImports | express | -| autogenerated/TaintedPath/normalizedPaths.js:81:9:81:19 | '/absolute' | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:81:9:81:19 | '/absolute' | contextSurroundingFunctionParameters | | -| autogenerated/TaintedPath/normalizedPaths.js:81:9:81:19 | '/absolute' | enclosingFunctionBody | | -| autogenerated/TaintedPath/normalizedPaths.js:81:9:81:19 | '/absolute' | enclosingFunctionName | | -| autogenerated/TaintedPath/normalizedPaths.js:81:9:81:19 | '/absolute' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:81:9:81:19 | '/absolute' | receiverName | app | -| autogenerated/TaintedPath/normalizedPaths.js:81:9:81:19 | '/absolute' | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:81:22:91:1 | (req, r ... '../'\\n} | CalleeFlexibleAccessPath | app.get | -| autogenerated/TaintedPath/normalizedPaths.js:81:22:91:1 | (req, r ... '../'\\n} | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:81:22:91:1 | (req, r ... '../'\\n} | InputArgumentIndex | 1 | -| autogenerated/TaintedPath/normalizedPaths.js:81:22:91:1 | (req, r ... '../'\\n} | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:81:22:91:1 | (req, r ... '../'\\n} | calleeImports | express | -| autogenerated/TaintedPath/normalizedPaths.js:81:22:91:1 | (req, r ... '../'\\n} | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:81:22:91:1 | (req, r ... '../'\\n} | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/normalizedPaths.js:81:22:91:1 | (req, r ... '../'\\n} | enclosingFunctionBody | | -| autogenerated/TaintedPath/normalizedPaths.js:81:22:91:1 | (req, r ... '../'\\n} | enclosingFunctionName | | -| autogenerated/TaintedPath/normalizedPaths.js:81:22:91:1 | (req, r ... '../'\\n} | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:81:22:91:1 | (req, r ... '../'\\n} | receiverName | app | -| autogenerated/TaintedPath/normalizedPaths.js:81:22:91:1 | (req, r ... '../'\\n} | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:87:29:87:32 | path | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/normalizedPaths.js:87:29:87:32 | path | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:87:29:87:32 | path | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/normalizedPaths.js:87:29:87:32 | path | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:87:29:87:32 | path | calleeImports | fs | -| autogenerated/TaintedPath/normalizedPaths.js:87:29:87:32 | path | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:87:29:87:32 | path | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/normalizedPaths.js:87:29:87:32 | path | enclosingFunctionBody | req res path req query path pathModule isAbsolute path res write fs readFileSync path path startsWith /home/user/www res write fs readFileSync path | -| autogenerated/TaintedPath/normalizedPaths.js:87:29:87:32 | path | enclosingFunctionName | app.get#functionalargument | -| autogenerated/TaintedPath/normalizedPaths.js:87:29:87:32 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:87:29:87:32 | path | receiverName | fs | -| autogenerated/TaintedPath/normalizedPaths.js:87:29:87:32 | path | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:89:23:89:38 | '/home/user/www' | CalleeFlexibleAccessPath | path.startsWith | -| autogenerated/TaintedPath/normalizedPaths.js:89:23:89:38 | '/home/user/www' | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:89:23:89:38 | '/home/user/www' | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/normalizedPaths.js:89:23:89:38 | '/home/user/www' | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:89:23:89:38 | '/home/user/www' | calleeImports | | -| autogenerated/TaintedPath/normalizedPaths.js:89:23:89:38 | '/home/user/www' | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:89:23:89:38 | '/home/user/www' | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/normalizedPaths.js:89:23:89:38 | '/home/user/www' | enclosingFunctionBody | req res path req query path pathModule isAbsolute path res write fs readFileSync path path startsWith /home/user/www res write fs readFileSync path | -| autogenerated/TaintedPath/normalizedPaths.js:89:23:89:38 | '/home/user/www' | enclosingFunctionName | app.get#functionalargument | -| autogenerated/TaintedPath/normalizedPaths.js:89:23:89:38 | '/home/user/www' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:89:23:89:38 | '/home/user/www' | receiverName | path | -| autogenerated/TaintedPath/normalizedPaths.js:89:23:89:38 | '/home/user/www' | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:90:31:90:34 | path | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/normalizedPaths.js:90:31:90:34 | path | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:90:31:90:34 | path | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/normalizedPaths.js:90:31:90:34 | path | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:90:31:90:34 | path | calleeImports | fs | -| autogenerated/TaintedPath/normalizedPaths.js:90:31:90:34 | path | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:90:31:90:34 | path | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/normalizedPaths.js:90:31:90:34 | path | enclosingFunctionBody | req res path req query path pathModule isAbsolute path res write fs readFileSync path path startsWith /home/user/www res write fs readFileSync path | -| autogenerated/TaintedPath/normalizedPaths.js:90:31:90:34 | path | enclosingFunctionName | app.get#functionalargument | -| autogenerated/TaintedPath/normalizedPaths.js:90:31:90:34 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:90:31:90:34 | path | receiverName | fs | -| autogenerated/TaintedPath/normalizedPaths.js:90:31:90:34 | path | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:93:9:93:30 | '/norma ... solute' | CalleeFlexibleAccessPath | app.get | -| autogenerated/TaintedPath/normalizedPaths.js:93:9:93:30 | '/norma ... solute' | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:93:9:93:30 | '/norma ... solute' | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/normalizedPaths.js:93:9:93:30 | '/norma ... solute' | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:93:9:93:30 | '/norma ... solute' | calleeImports | express | -| autogenerated/TaintedPath/normalizedPaths.js:93:9:93:30 | '/norma ... solute' | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:93:9:93:30 | '/norma ... solute' | contextSurroundingFunctionParameters | | -| autogenerated/TaintedPath/normalizedPaths.js:93:9:93:30 | '/norma ... solute' | enclosingFunctionBody | | -| autogenerated/TaintedPath/normalizedPaths.js:93:9:93:30 | '/norma ... solute' | enclosingFunctionName | | -| autogenerated/TaintedPath/normalizedPaths.js:93:9:93:30 | '/norma ... solute' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:93:9:93:30 | '/norma ... solute' | receiverName | app | -| autogenerated/TaintedPath/normalizedPaths.js:93:9:93:30 | '/norma ... solute' | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:93:33:103:1 | (req, r ... // OK\\n} | CalleeFlexibleAccessPath | app.get | -| autogenerated/TaintedPath/normalizedPaths.js:93:33:103:1 | (req, r ... // OK\\n} | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:93:33:103:1 | (req, r ... // OK\\n} | InputArgumentIndex | 1 | -| autogenerated/TaintedPath/normalizedPaths.js:93:33:103:1 | (req, r ... // OK\\n} | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:93:33:103:1 | (req, r ... // OK\\n} | calleeImports | express | -| autogenerated/TaintedPath/normalizedPaths.js:93:33:103:1 | (req, r ... // OK\\n} | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:93:33:103:1 | (req, r ... // OK\\n} | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/normalizedPaths.js:93:33:103:1 | (req, r ... // OK\\n} | enclosingFunctionBody | | -| autogenerated/TaintedPath/normalizedPaths.js:93:33:103:1 | (req, r ... // OK\\n} | enclosingFunctionName | | -| autogenerated/TaintedPath/normalizedPaths.js:93:33:103:1 | (req, r ... // OK\\n} | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:93:33:103:1 | (req, r ... // OK\\n} | receiverName | app | -| autogenerated/TaintedPath/normalizedPaths.js:93:33:103:1 | (req, r ... // OK\\n} | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:94:14:94:49 | pathMod ... y.path) | CalleeFlexibleAccessPath | | -| autogenerated/TaintedPath/normalizedPaths.js:94:14:94:49 | pathMod ... y.path) | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:94:14:94:49 | pathMod ... y.path) | InputArgumentIndex | | -| autogenerated/TaintedPath/normalizedPaths.js:94:14:94:49 | pathMod ... y.path) | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:94:14:94:49 | pathMod ... y.path) | calleeImports | | -| autogenerated/TaintedPath/normalizedPaths.js:94:14:94:49 | pathMod ... y.path) | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:94:14:94:49 | pathMod ... y.path) | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/normalizedPaths.js:94:14:94:49 | pathMod ... y.path) | enclosingFunctionBody | req res path pathModule normalize req query path pathModule isAbsolute path res write fs readFileSync path path startsWith /home/user/www res write fs readFileSync path | -| autogenerated/TaintedPath/normalizedPaths.js:94:14:94:49 | pathMod ... y.path) | enclosingFunctionName | app.get#functionalargument | -| autogenerated/TaintedPath/normalizedPaths.js:94:14:94:49 | pathMod ... y.path) | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:94:14:94:49 | pathMod ... y.path) | receiverName | | -| autogenerated/TaintedPath/normalizedPaths.js:94:14:94:49 | pathMod ... y.path) | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:99:29:99:32 | path | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/normalizedPaths.js:99:29:99:32 | path | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:99:29:99:32 | path | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/normalizedPaths.js:99:29:99:32 | path | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:99:29:99:32 | path | calleeImports | fs | -| autogenerated/TaintedPath/normalizedPaths.js:99:29:99:32 | path | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:99:29:99:32 | path | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/normalizedPaths.js:99:29:99:32 | path | enclosingFunctionBody | req res path pathModule normalize req query path pathModule isAbsolute path res write fs readFileSync path path startsWith /home/user/www res write fs readFileSync path | -| autogenerated/TaintedPath/normalizedPaths.js:99:29:99:32 | path | enclosingFunctionName | app.get#functionalargument | -| autogenerated/TaintedPath/normalizedPaths.js:99:29:99:32 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:99:29:99:32 | path | receiverName | fs | -| autogenerated/TaintedPath/normalizedPaths.js:99:29:99:32 | path | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:101:23:101:38 | '/home/user/www' | CalleeFlexibleAccessPath | path.startsWith | -| autogenerated/TaintedPath/normalizedPaths.js:101:23:101:38 | '/home/user/www' | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:101:23:101:38 | '/home/user/www' | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/normalizedPaths.js:101:23:101:38 | '/home/user/www' | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:101:23:101:38 | '/home/user/www' | calleeImports | path | -| autogenerated/TaintedPath/normalizedPaths.js:101:23:101:38 | '/home/user/www' | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:101:23:101:38 | '/home/user/www' | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/normalizedPaths.js:101:23:101:38 | '/home/user/www' | enclosingFunctionBody | req res path pathModule normalize req query path pathModule isAbsolute path res write fs readFileSync path path startsWith /home/user/www res write fs readFileSync path | -| autogenerated/TaintedPath/normalizedPaths.js:101:23:101:38 | '/home/user/www' | enclosingFunctionName | app.get#functionalargument | -| autogenerated/TaintedPath/normalizedPaths.js:101:23:101:38 | '/home/user/www' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:101:23:101:38 | '/home/user/www' | receiverName | path | -| autogenerated/TaintedPath/normalizedPaths.js:101:23:101:38 | '/home/user/www' | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:102:31:102:34 | path | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/normalizedPaths.js:102:31:102:34 | path | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:102:31:102:34 | path | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/normalizedPaths.js:102:31:102:34 | path | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:102:31:102:34 | path | calleeImports | fs | -| autogenerated/TaintedPath/normalizedPaths.js:102:31:102:34 | path | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:102:31:102:34 | path | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/normalizedPaths.js:102:31:102:34 | path | enclosingFunctionBody | req res path pathModule normalize req query path pathModule isAbsolute path res write fs readFileSync path path startsWith /home/user/www res write fs readFileSync path | -| autogenerated/TaintedPath/normalizedPaths.js:102:31:102:34 | path | enclosingFunctionName | app.get#functionalargument | -| autogenerated/TaintedPath/normalizedPaths.js:102:31:102:34 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:102:31:102:34 | path | receiverName | fs | -| autogenerated/TaintedPath/normalizedPaths.js:102:31:102:34 | path | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:105:9:105:25 | '/combined-check' | CalleeFlexibleAccessPath | app.get | -| autogenerated/TaintedPath/normalizedPaths.js:105:9:105:25 | '/combined-check' | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:105:9:105:25 | '/combined-check' | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/normalizedPaths.js:105:9:105:25 | '/combined-check' | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:105:9:105:25 | '/combined-check' | calleeImports | express | -| autogenerated/TaintedPath/normalizedPaths.js:105:9:105:25 | '/combined-check' | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:105:9:105:25 | '/combined-check' | contextSurroundingFunctionParameters | | -| autogenerated/TaintedPath/normalizedPaths.js:105:9:105:25 | '/combined-check' | enclosingFunctionBody | | -| autogenerated/TaintedPath/normalizedPaths.js:105:9:105:25 | '/combined-check' | enclosingFunctionName | | -| autogenerated/TaintedPath/normalizedPaths.js:105:9:105:25 | '/combined-check' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:105:9:105:25 | '/combined-check' | receiverName | app | -| autogenerated/TaintedPath/normalizedPaths.js:105:9:105:25 | '/combined-check' | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:105:28:114:1 | (req, r ... // OK\\n} | CalleeFlexibleAccessPath | app.get | -| autogenerated/TaintedPath/normalizedPaths.js:105:28:114:1 | (req, r ... // OK\\n} | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:105:28:114:1 | (req, r ... // OK\\n} | InputArgumentIndex | 1 | -| autogenerated/TaintedPath/normalizedPaths.js:105:28:114:1 | (req, r ... // OK\\n} | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:105:28:114:1 | (req, r ... // OK\\n} | calleeImports | express | -| autogenerated/TaintedPath/normalizedPaths.js:105:28:114:1 | (req, r ... // OK\\n} | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:105:28:114:1 | (req, r ... // OK\\n} | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/normalizedPaths.js:105:28:114:1 | (req, r ... // OK\\n} | enclosingFunctionBody | | -| autogenerated/TaintedPath/normalizedPaths.js:105:28:114:1 | (req, r ... // OK\\n} | enclosingFunctionName | | -| autogenerated/TaintedPath/normalizedPaths.js:105:28:114:1 | (req, r ... // OK\\n} | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:105:28:114:1 | (req, r ... // OK\\n} | receiverName | app | -| autogenerated/TaintedPath/normalizedPaths.js:105:28:114:1 | (req, r ... // OK\\n} | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:106:14:106:49 | pathMod ... y.path) | CalleeFlexibleAccessPath | | -| autogenerated/TaintedPath/normalizedPaths.js:106:14:106:49 | pathMod ... y.path) | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:106:14:106:49 | pathMod ... y.path) | InputArgumentIndex | | -| autogenerated/TaintedPath/normalizedPaths.js:106:14:106:49 | pathMod ... y.path) | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:106:14:106:49 | pathMod ... y.path) | calleeImports | | -| autogenerated/TaintedPath/normalizedPaths.js:106:14:106:49 | pathMod ... y.path) | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:106:14:106:49 | pathMod ... y.path) | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/normalizedPaths.js:106:14:106:49 | pathMod ... y.path) | enclosingFunctionBody | req res path pathModule normalize req query path path startsWith /home/user/www fs readFileSync path path 0 0 / path 0 0 . fs readFileSync path | -| autogenerated/TaintedPath/normalizedPaths.js:106:14:106:49 | pathMod ... y.path) | enclosingFunctionName | app.get#functionalargument | -| autogenerated/TaintedPath/normalizedPaths.js:106:14:106:49 | pathMod ... y.path) | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:106:14:106:49 | pathMod ... y.path) | receiverName | | -| autogenerated/TaintedPath/normalizedPaths.js:106:14:106:49 | pathMod ... y.path) | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:109:23:109:38 | "/home/user/www" | CalleeFlexibleAccessPath | path.startsWith | -| autogenerated/TaintedPath/normalizedPaths.js:109:23:109:38 | "/home/user/www" | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:109:23:109:38 | "/home/user/www" | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/normalizedPaths.js:109:23:109:38 | "/home/user/www" | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:109:23:109:38 | "/home/user/www" | calleeImports | path | -| autogenerated/TaintedPath/normalizedPaths.js:109:23:109:38 | "/home/user/www" | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:109:23:109:38 | "/home/user/www" | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/normalizedPaths.js:109:23:109:38 | "/home/user/www" | enclosingFunctionBody | req res path pathModule normalize req query path path startsWith /home/user/www fs readFileSync path path 0 0 / path 0 0 . fs readFileSync path | -| autogenerated/TaintedPath/normalizedPaths.js:109:23:109:38 | "/home/user/www" | enclosingFunctionName | app.get#functionalargument | -| autogenerated/TaintedPath/normalizedPaths.js:109:23:109:38 | "/home/user/www" | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:109:23:109:38 | "/home/user/www" | receiverName | path | -| autogenerated/TaintedPath/normalizedPaths.js:109:23:109:38 | "/home/user/www" | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:110:21:110:24 | path | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/normalizedPaths.js:110:21:110:24 | path | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:110:21:110:24 | path | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/normalizedPaths.js:110:21:110:24 | path | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:110:21:110:24 | path | calleeImports | fs | -| autogenerated/TaintedPath/normalizedPaths.js:110:21:110:24 | path | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:110:21:110:24 | path | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/normalizedPaths.js:110:21:110:24 | path | enclosingFunctionBody | req res path pathModule normalize req query path path startsWith /home/user/www fs readFileSync path path 0 0 / path 0 0 . fs readFileSync path | -| autogenerated/TaintedPath/normalizedPaths.js:110:21:110:24 | path | enclosingFunctionName | app.get#functionalargument | -| autogenerated/TaintedPath/normalizedPaths.js:110:21:110:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:110:21:110:24 | path | receiverName | fs | -| autogenerated/TaintedPath/normalizedPaths.js:110:21:110:24 | path | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:113:21:113:24 | path | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/normalizedPaths.js:113:21:113:24 | path | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:113:21:113:24 | path | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/normalizedPaths.js:113:21:113:24 | path | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:113:21:113:24 | path | calleeImports | fs | -| autogenerated/TaintedPath/normalizedPaths.js:113:21:113:24 | path | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:113:21:113:24 | path | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/normalizedPaths.js:113:21:113:24 | path | enclosingFunctionBody | req res path pathModule normalize req query path path startsWith /home/user/www fs readFileSync path path 0 0 / path 0 0 . fs readFileSync path | -| autogenerated/TaintedPath/normalizedPaths.js:113:21:113:24 | path | enclosingFunctionName | app.get#functionalargument | -| autogenerated/TaintedPath/normalizedPaths.js:113:21:113:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:113:21:113:24 | path | receiverName | fs | -| autogenerated/TaintedPath/normalizedPaths.js:113:21:113:24 | path | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:116:9:116:19 | '/realpath' | CalleeFlexibleAccessPath | app.get | -| autogenerated/TaintedPath/normalizedPaths.js:116:9:116:19 | '/realpath' | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:116:9:116:19 | '/realpath' | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/normalizedPaths.js:116:9:116:19 | '/realpath' | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:116:9:116:19 | '/realpath' | calleeImports | express | -| autogenerated/TaintedPath/normalizedPaths.js:116:9:116:19 | '/realpath' | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:116:9:116:19 | '/realpath' | contextSurroundingFunctionParameters | | -| autogenerated/TaintedPath/normalizedPaths.js:116:9:116:19 | '/realpath' | enclosingFunctionBody | | -| autogenerated/TaintedPath/normalizedPaths.js:116:9:116:19 | '/realpath' | enclosingFunctionName | | -| autogenerated/TaintedPath/normalizedPaths.js:116:9:116:19 | '/realpath' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:116:9:116:19 | '/realpath' | receiverName | app | -| autogenerated/TaintedPath/normalizedPaths.js:116:9:116:19 | '/realpath' | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:116:22:127:1 | (req, r ... // OK\\n} | CalleeFlexibleAccessPath | app.get | -| autogenerated/TaintedPath/normalizedPaths.js:116:22:127:1 | (req, r ... // OK\\n} | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:116:22:127:1 | (req, r ... // OK\\n} | InputArgumentIndex | 1 | -| autogenerated/TaintedPath/normalizedPaths.js:116:22:127:1 | (req, r ... // OK\\n} | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:116:22:127:1 | (req, r ... // OK\\n} | calleeImports | express | -| autogenerated/TaintedPath/normalizedPaths.js:116:22:127:1 | (req, r ... // OK\\n} | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:116:22:127:1 | (req, r ... // OK\\n} | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/normalizedPaths.js:116:22:127:1 | (req, r ... // OK\\n} | enclosingFunctionBody | | -| autogenerated/TaintedPath/normalizedPaths.js:116:22:127:1 | (req, r ... // OK\\n} | enclosingFunctionName | | -| autogenerated/TaintedPath/normalizedPaths.js:116:22:127:1 | (req, r ... // OK\\n} | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:116:22:127:1 | (req, r ... // OK\\n} | receiverName | app | -| autogenerated/TaintedPath/normalizedPaths.js:116:22:127:1 | (req, r ... // OK\\n} | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:117:14:117:44 | fs.real ... y.path) | CalleeFlexibleAccessPath | | -| autogenerated/TaintedPath/normalizedPaths.js:117:14:117:44 | fs.real ... y.path) | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:117:14:117:44 | fs.real ... y.path) | InputArgumentIndex | | -| autogenerated/TaintedPath/normalizedPaths.js:117:14:117:44 | fs.real ... y.path) | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:117:14:117:44 | fs.real ... y.path) | calleeImports | | -| autogenerated/TaintedPath/normalizedPaths.js:117:14:117:44 | fs.real ... y.path) | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:117:14:117:44 | fs.real ... y.path) | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/normalizedPaths.js:117:14:117:44 | fs.real ... y.path) | enclosingFunctionBody | req res path fs realpathSync req query path fs readFileSync path fs readFileSync pathModule join path index.html path startsWith /home/user/www fs readFileSync path fs readFileSync pathModule join . path fs readFileSync pathModule join /home/user/www path | -| autogenerated/TaintedPath/normalizedPaths.js:117:14:117:44 | fs.real ... y.path) | enclosingFunctionName | app.get#functionalargument | -| autogenerated/TaintedPath/normalizedPaths.js:117:14:117:44 | fs.real ... y.path) | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:117:14:117:44 | fs.real ... y.path) | receiverName | | -| autogenerated/TaintedPath/normalizedPaths.js:117:14:117:44 | fs.real ... y.path) | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:117:30:117:43 | req.query.path | CalleeFlexibleAccessPath | fs.realpathSync | -| autogenerated/TaintedPath/normalizedPaths.js:117:30:117:43 | req.query.path | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:117:30:117:43 | req.query.path | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/normalizedPaths.js:117:30:117:43 | req.query.path | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:117:30:117:43 | req.query.path | calleeImports | fs | -| autogenerated/TaintedPath/normalizedPaths.js:117:30:117:43 | req.query.path | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:117:30:117:43 | req.query.path | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/normalizedPaths.js:117:30:117:43 | req.query.path | enclosingFunctionBody | req res path fs realpathSync req query path fs readFileSync path fs readFileSync pathModule join path index.html path startsWith /home/user/www fs readFileSync path fs readFileSync pathModule join . path fs readFileSync pathModule join /home/user/www path | -| autogenerated/TaintedPath/normalizedPaths.js:117:30:117:43 | req.query.path | enclosingFunctionName | app.get#functionalargument | -| autogenerated/TaintedPath/normalizedPaths.js:117:30:117:43 | req.query.path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:117:30:117:43 | req.query.path | receiverName | fs | -| autogenerated/TaintedPath/normalizedPaths.js:117:30:117:43 | req.query.path | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:119:19:119:22 | path | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/normalizedPaths.js:119:19:119:22 | path | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:119:19:119:22 | path | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/normalizedPaths.js:119:19:119:22 | path | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:119:19:119:22 | path | calleeImports | fs | -| autogenerated/TaintedPath/normalizedPaths.js:119:19:119:22 | path | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:119:19:119:22 | path | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/normalizedPaths.js:119:19:119:22 | path | enclosingFunctionBody | req res path fs realpathSync req query path fs readFileSync path fs readFileSync pathModule join path index.html path startsWith /home/user/www fs readFileSync path fs readFileSync pathModule join . path fs readFileSync pathModule join /home/user/www path | -| autogenerated/TaintedPath/normalizedPaths.js:119:19:119:22 | path | enclosingFunctionName | app.get#functionalargument | -| autogenerated/TaintedPath/normalizedPaths.js:119:19:119:22 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:119:19:119:22 | path | receiverName | fs | -| autogenerated/TaintedPath/normalizedPaths.js:119:19:119:22 | path | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:120:19:120:53 | pathMod ... .html') | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/normalizedPaths.js:120:19:120:53 | pathMod ... .html') | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:120:19:120:53 | pathMod ... .html') | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/normalizedPaths.js:120:19:120:53 | pathMod ... .html') | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:120:19:120:53 | pathMod ... .html') | calleeImports | fs | -| autogenerated/TaintedPath/normalizedPaths.js:120:19:120:53 | pathMod ... .html') | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:120:19:120:53 | pathMod ... .html') | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/normalizedPaths.js:120:19:120:53 | pathMod ... .html') | enclosingFunctionBody | req res path fs realpathSync req query path fs readFileSync path fs readFileSync pathModule join path index.html path startsWith /home/user/www fs readFileSync path fs readFileSync pathModule join . path fs readFileSync pathModule join /home/user/www path | -| autogenerated/TaintedPath/normalizedPaths.js:120:19:120:53 | pathMod ... .html') | enclosingFunctionName | app.get#functionalargument | -| autogenerated/TaintedPath/normalizedPaths.js:120:19:120:53 | pathMod ... .html') | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:120:19:120:53 | pathMod ... .html') | receiverName | fs | -| autogenerated/TaintedPath/normalizedPaths.js:120:19:120:53 | pathMod ... .html') | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:122:23:122:38 | "/home/user/www" | CalleeFlexibleAccessPath | path.startsWith | -| autogenerated/TaintedPath/normalizedPaths.js:122:23:122:38 | "/home/user/www" | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:122:23:122:38 | "/home/user/www" | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/normalizedPaths.js:122:23:122:38 | "/home/user/www" | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:122:23:122:38 | "/home/user/www" | calleeImports | fs | -| autogenerated/TaintedPath/normalizedPaths.js:122:23:122:38 | "/home/user/www" | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:122:23:122:38 | "/home/user/www" | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/normalizedPaths.js:122:23:122:38 | "/home/user/www" | enclosingFunctionBody | req res path fs realpathSync req query path fs readFileSync path fs readFileSync pathModule join path index.html path startsWith /home/user/www fs readFileSync path fs readFileSync pathModule join . path fs readFileSync pathModule join /home/user/www path | -| autogenerated/TaintedPath/normalizedPaths.js:122:23:122:38 | "/home/user/www" | enclosingFunctionName | app.get#functionalargument | -| autogenerated/TaintedPath/normalizedPaths.js:122:23:122:38 | "/home/user/www" | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:122:23:122:38 | "/home/user/www" | receiverName | path | -| autogenerated/TaintedPath/normalizedPaths.js:122:23:122:38 | "/home/user/www" | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:123:21:123:24 | path | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/normalizedPaths.js:123:21:123:24 | path | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:123:21:123:24 | path | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/normalizedPaths.js:123:21:123:24 | path | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:123:21:123:24 | path | calleeImports | fs | -| autogenerated/TaintedPath/normalizedPaths.js:123:21:123:24 | path | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:123:21:123:24 | path | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/normalizedPaths.js:123:21:123:24 | path | enclosingFunctionBody | req res path fs realpathSync req query path fs readFileSync path fs readFileSync pathModule join path index.html path startsWith /home/user/www fs readFileSync path fs readFileSync pathModule join . path fs readFileSync pathModule join /home/user/www path | -| autogenerated/TaintedPath/normalizedPaths.js:123:21:123:24 | path | enclosingFunctionName | app.get#functionalargument | -| autogenerated/TaintedPath/normalizedPaths.js:123:21:123:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:123:21:123:24 | path | receiverName | fs | -| autogenerated/TaintedPath/normalizedPaths.js:123:21:123:24 | path | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:125:19:125:44 | pathMod ... , path) | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/normalizedPaths.js:125:19:125:44 | pathMod ... , path) | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:125:19:125:44 | pathMod ... , path) | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/normalizedPaths.js:125:19:125:44 | pathMod ... , path) | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:125:19:125:44 | pathMod ... , path) | calleeImports | fs | -| autogenerated/TaintedPath/normalizedPaths.js:125:19:125:44 | pathMod ... , path) | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:125:19:125:44 | pathMod ... , path) | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/normalizedPaths.js:125:19:125:44 | pathMod ... , path) | enclosingFunctionBody | req res path fs realpathSync req query path fs readFileSync path fs readFileSync pathModule join path index.html path startsWith /home/user/www fs readFileSync path fs readFileSync pathModule join . path fs readFileSync pathModule join /home/user/www path | -| autogenerated/TaintedPath/normalizedPaths.js:125:19:125:44 | pathMod ... , path) | enclosingFunctionName | app.get#functionalargument | -| autogenerated/TaintedPath/normalizedPaths.js:125:19:125:44 | pathMod ... , path) | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:125:19:125:44 | pathMod ... , path) | receiverName | fs | -| autogenerated/TaintedPath/normalizedPaths.js:125:19:125:44 | pathMod ... , path) | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:126:19:126:57 | pathMod ... , path) | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/normalizedPaths.js:126:19:126:57 | pathMod ... , path) | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:126:19:126:57 | pathMod ... , path) | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/normalizedPaths.js:126:19:126:57 | pathMod ... , path) | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:126:19:126:57 | pathMod ... , path) | calleeImports | fs | -| autogenerated/TaintedPath/normalizedPaths.js:126:19:126:57 | pathMod ... , path) | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:126:19:126:57 | pathMod ... , path) | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/normalizedPaths.js:126:19:126:57 | pathMod ... , path) | enclosingFunctionBody | req res path fs realpathSync req query path fs readFileSync path fs readFileSync pathModule join path index.html path startsWith /home/user/www fs readFileSync path fs readFileSync pathModule join . path fs readFileSync pathModule join /home/user/www path | -| autogenerated/TaintedPath/normalizedPaths.js:126:19:126:57 | pathMod ... , path) | enclosingFunctionName | app.get#functionalargument | -| autogenerated/TaintedPath/normalizedPaths.js:126:19:126:57 | pathMod ... , path) | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:126:19:126:57 | pathMod ... , path) | receiverName | fs | -| autogenerated/TaintedPath/normalizedPaths.js:126:19:126:57 | pathMod ... , path) | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:129:9:129:26 | '/coerce-relative' | CalleeFlexibleAccessPath | app.get | -| autogenerated/TaintedPath/normalizedPaths.js:129:9:129:26 | '/coerce-relative' | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:129:9:129:26 | '/coerce-relative' | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/normalizedPaths.js:129:9:129:26 | '/coerce-relative' | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:129:9:129:26 | '/coerce-relative' | calleeImports | express | -| autogenerated/TaintedPath/normalizedPaths.js:129:9:129:26 | '/coerce-relative' | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:129:9:129:26 | '/coerce-relative' | contextSurroundingFunctionParameters | | -| autogenerated/TaintedPath/normalizedPaths.js:129:9:129:26 | '/coerce-relative' | enclosingFunctionBody | | -| autogenerated/TaintedPath/normalizedPaths.js:129:9:129:26 | '/coerce-relative' | enclosingFunctionName | | -| autogenerated/TaintedPath/normalizedPaths.js:129:9:129:26 | '/coerce-relative' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:129:9:129:26 | '/coerce-relative' | receiverName | app | -| autogenerated/TaintedPath/normalizedPaths.js:129:9:129:26 | '/coerce-relative' | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:129:29:136:1 | (req, r ... OT OK\\n} | CalleeFlexibleAccessPath | app.get | -| autogenerated/TaintedPath/normalizedPaths.js:129:29:136:1 | (req, r ... OT OK\\n} | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:129:29:136:1 | (req, r ... OT OK\\n} | InputArgumentIndex | 1 | -| autogenerated/TaintedPath/normalizedPaths.js:129:29:136:1 | (req, r ... OT OK\\n} | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:129:29:136:1 | (req, r ... OT OK\\n} | calleeImports | express | -| autogenerated/TaintedPath/normalizedPaths.js:129:29:136:1 | (req, r ... OT OK\\n} | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:129:29:136:1 | (req, r ... OT OK\\n} | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/normalizedPaths.js:129:29:136:1 | (req, r ... OT OK\\n} | enclosingFunctionBody | | -| autogenerated/TaintedPath/normalizedPaths.js:129:29:136:1 | (req, r ... OT OK\\n} | enclosingFunctionName | | -| autogenerated/TaintedPath/normalizedPaths.js:129:29:136:1 | (req, r ... OT OK\\n} | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:129:29:136:1 | (req, r ... OT OK\\n} | receiverName | app | -| autogenerated/TaintedPath/normalizedPaths.js:129:29:136:1 | (req, r ... OT OK\\n} | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:130:14:130:49 | pathMod ... y.path) | CalleeFlexibleAccessPath | | -| autogenerated/TaintedPath/normalizedPaths.js:130:14:130:49 | pathMod ... y.path) | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:130:14:130:49 | pathMod ... y.path) | InputArgumentIndex | | -| autogenerated/TaintedPath/normalizedPaths.js:130:14:130:49 | pathMod ... y.path) | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:130:14:130:49 | pathMod ... y.path) | calleeImports | | -| autogenerated/TaintedPath/normalizedPaths.js:130:14:130:49 | pathMod ... y.path) | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:130:14:130:49 | pathMod ... y.path) | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/normalizedPaths.js:130:14:130:49 | pathMod ... y.path) | enclosingFunctionBody | req res path pathModule join . req query path path startsWith .. fs readFileSync path fs readFileSync path | -| autogenerated/TaintedPath/normalizedPaths.js:130:14:130:49 | pathMod ... y.path) | enclosingFunctionName | app.get#functionalargument | -| autogenerated/TaintedPath/normalizedPaths.js:130:14:130:49 | pathMod ... y.path) | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:130:14:130:49 | pathMod ... y.path) | receiverName | | -| autogenerated/TaintedPath/normalizedPaths.js:130:14:130:49 | pathMod ... y.path) | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:132:24:132:27 | '..' | CalleeFlexibleAccessPath | path.startsWith | -| autogenerated/TaintedPath/normalizedPaths.js:132:24:132:27 | '..' | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:132:24:132:27 | '..' | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/normalizedPaths.js:132:24:132:27 | '..' | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:132:24:132:27 | '..' | calleeImports | path | -| autogenerated/TaintedPath/normalizedPaths.js:132:24:132:27 | '..' | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:132:24:132:27 | '..' | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/normalizedPaths.js:132:24:132:27 | '..' | enclosingFunctionBody | req res path pathModule join . req query path path startsWith .. fs readFileSync path fs readFileSync path | -| autogenerated/TaintedPath/normalizedPaths.js:132:24:132:27 | '..' | enclosingFunctionName | app.get#functionalargument | -| autogenerated/TaintedPath/normalizedPaths.js:132:24:132:27 | '..' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:132:24:132:27 | '..' | receiverName | path | -| autogenerated/TaintedPath/normalizedPaths.js:132:24:132:27 | '..' | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:133:21:133:24 | path | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/normalizedPaths.js:133:21:133:24 | path | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:133:21:133:24 | path | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/normalizedPaths.js:133:21:133:24 | path | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:133:21:133:24 | path | calleeImports | fs | -| autogenerated/TaintedPath/normalizedPaths.js:133:21:133:24 | path | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:133:21:133:24 | path | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/normalizedPaths.js:133:21:133:24 | path | enclosingFunctionBody | req res path pathModule join . req query path path startsWith .. fs readFileSync path fs readFileSync path | -| autogenerated/TaintedPath/normalizedPaths.js:133:21:133:24 | path | enclosingFunctionName | app.get#functionalargument | -| autogenerated/TaintedPath/normalizedPaths.js:133:21:133:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:133:21:133:24 | path | receiverName | fs | -| autogenerated/TaintedPath/normalizedPaths.js:133:21:133:24 | path | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:135:21:135:24 | path | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/normalizedPaths.js:135:21:135:24 | path | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:135:21:135:24 | path | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/normalizedPaths.js:135:21:135:24 | path | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:135:21:135:24 | path | calleeImports | fs | -| autogenerated/TaintedPath/normalizedPaths.js:135:21:135:24 | path | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:135:21:135:24 | path | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/normalizedPaths.js:135:21:135:24 | path | enclosingFunctionBody | req res path pathModule join . req query path path startsWith .. fs readFileSync path fs readFileSync path | -| autogenerated/TaintedPath/normalizedPaths.js:135:21:135:24 | path | enclosingFunctionName | app.get#functionalargument | -| autogenerated/TaintedPath/normalizedPaths.js:135:21:135:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:135:21:135:24 | path | receiverName | fs | -| autogenerated/TaintedPath/normalizedPaths.js:135:21:135:24 | path | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:138:9:138:26 | '/coerce-absolute' | CalleeFlexibleAccessPath | app.get | -| autogenerated/TaintedPath/normalizedPaths.js:138:9:138:26 | '/coerce-absolute' | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:138:9:138:26 | '/coerce-absolute' | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/normalizedPaths.js:138:9:138:26 | '/coerce-absolute' | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:138:9:138:26 | '/coerce-absolute' | calleeImports | express | -| autogenerated/TaintedPath/normalizedPaths.js:138:9:138:26 | '/coerce-absolute' | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:138:9:138:26 | '/coerce-absolute' | contextSurroundingFunctionParameters | | -| autogenerated/TaintedPath/normalizedPaths.js:138:9:138:26 | '/coerce-absolute' | enclosingFunctionBody | | -| autogenerated/TaintedPath/normalizedPaths.js:138:9:138:26 | '/coerce-absolute' | enclosingFunctionName | | -| autogenerated/TaintedPath/normalizedPaths.js:138:9:138:26 | '/coerce-absolute' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:138:9:138:26 | '/coerce-absolute' | receiverName | app | -| autogenerated/TaintedPath/normalizedPaths.js:138:9:138:26 | '/coerce-absolute' | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:138:29:145:1 | (req, r ... OT OK\\n} | CalleeFlexibleAccessPath | app.get | -| autogenerated/TaintedPath/normalizedPaths.js:138:29:145:1 | (req, r ... OT OK\\n} | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:138:29:145:1 | (req, r ... OT OK\\n} | InputArgumentIndex | 1 | -| autogenerated/TaintedPath/normalizedPaths.js:138:29:145:1 | (req, r ... OT OK\\n} | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:138:29:145:1 | (req, r ... OT OK\\n} | calleeImports | express | -| autogenerated/TaintedPath/normalizedPaths.js:138:29:145:1 | (req, r ... OT OK\\n} | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:138:29:145:1 | (req, r ... OT OK\\n} | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/normalizedPaths.js:138:29:145:1 | (req, r ... OT OK\\n} | enclosingFunctionBody | | -| autogenerated/TaintedPath/normalizedPaths.js:138:29:145:1 | (req, r ... OT OK\\n} | enclosingFunctionName | | -| autogenerated/TaintedPath/normalizedPaths.js:138:29:145:1 | (req, r ... OT OK\\n} | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:138:29:145:1 | (req, r ... OT OK\\n} | receiverName | app | -| autogenerated/TaintedPath/normalizedPaths.js:138:29:145:1 | (req, r ... OT OK\\n} | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:139:14:139:62 | pathMod ... y.path) | CalleeFlexibleAccessPath | | -| autogenerated/TaintedPath/normalizedPaths.js:139:14:139:62 | pathMod ... y.path) | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:139:14:139:62 | pathMod ... y.path) | InputArgumentIndex | | -| autogenerated/TaintedPath/normalizedPaths.js:139:14:139:62 | pathMod ... y.path) | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:139:14:139:62 | pathMod ... y.path) | calleeImports | | -| autogenerated/TaintedPath/normalizedPaths.js:139:14:139:62 | pathMod ... y.path) | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:139:14:139:62 | pathMod ... y.path) | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/normalizedPaths.js:139:14:139:62 | pathMod ... y.path) | enclosingFunctionBody | req res path pathModule join /home/user/www req query path path startsWith /home/user/www fs readFileSync path fs readFileSync path | -| autogenerated/TaintedPath/normalizedPaths.js:139:14:139:62 | pathMod ... y.path) | enclosingFunctionName | app.get#functionalargument | -| autogenerated/TaintedPath/normalizedPaths.js:139:14:139:62 | pathMod ... y.path) | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:139:14:139:62 | pathMod ... y.path) | receiverName | | -| autogenerated/TaintedPath/normalizedPaths.js:139:14:139:62 | pathMod ... y.path) | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:141:23:141:38 | '/home/user/www' | CalleeFlexibleAccessPath | path.startsWith | -| autogenerated/TaintedPath/normalizedPaths.js:141:23:141:38 | '/home/user/www' | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:141:23:141:38 | '/home/user/www' | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/normalizedPaths.js:141:23:141:38 | '/home/user/www' | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:141:23:141:38 | '/home/user/www' | calleeImports | path | -| autogenerated/TaintedPath/normalizedPaths.js:141:23:141:38 | '/home/user/www' | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:141:23:141:38 | '/home/user/www' | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/normalizedPaths.js:141:23:141:38 | '/home/user/www' | enclosingFunctionBody | req res path pathModule join /home/user/www req query path path startsWith /home/user/www fs readFileSync path fs readFileSync path | -| autogenerated/TaintedPath/normalizedPaths.js:141:23:141:38 | '/home/user/www' | enclosingFunctionName | app.get#functionalargument | -| autogenerated/TaintedPath/normalizedPaths.js:141:23:141:38 | '/home/user/www' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:141:23:141:38 | '/home/user/www' | receiverName | path | -| autogenerated/TaintedPath/normalizedPaths.js:141:23:141:38 | '/home/user/www' | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:142:21:142:24 | path | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/normalizedPaths.js:142:21:142:24 | path | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:142:21:142:24 | path | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/normalizedPaths.js:142:21:142:24 | path | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:142:21:142:24 | path | calleeImports | fs | -| autogenerated/TaintedPath/normalizedPaths.js:142:21:142:24 | path | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:142:21:142:24 | path | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/normalizedPaths.js:142:21:142:24 | path | enclosingFunctionBody | req res path pathModule join /home/user/www req query path path startsWith /home/user/www fs readFileSync path fs readFileSync path | -| autogenerated/TaintedPath/normalizedPaths.js:142:21:142:24 | path | enclosingFunctionName | app.get#functionalargument | -| autogenerated/TaintedPath/normalizedPaths.js:142:21:142:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:142:21:142:24 | path | receiverName | fs | -| autogenerated/TaintedPath/normalizedPaths.js:142:21:142:24 | path | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:144:21:144:24 | path | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/normalizedPaths.js:144:21:144:24 | path | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:144:21:144:24 | path | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/normalizedPaths.js:144:21:144:24 | path | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:144:21:144:24 | path | calleeImports | fs | -| autogenerated/TaintedPath/normalizedPaths.js:144:21:144:24 | path | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:144:21:144:24 | path | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/normalizedPaths.js:144:21:144:24 | path | enclosingFunctionBody | req res path pathModule join /home/user/www req query path path startsWith /home/user/www fs readFileSync path fs readFileSync path | -| autogenerated/TaintedPath/normalizedPaths.js:144:21:144:24 | path | enclosingFunctionName | app.get#functionalargument | -| autogenerated/TaintedPath/normalizedPaths.js:144:21:144:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:144:21:144:24 | path | receiverName | fs | -| autogenerated/TaintedPath/normalizedPaths.js:144:21:144:24 | path | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:147:9:147:37 | '/conca ... zation' | CalleeFlexibleAccessPath | app.get | -| autogenerated/TaintedPath/normalizedPaths.js:147:9:147:37 | '/conca ... zation' | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:147:9:147:37 | '/conca ... zation' | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/normalizedPaths.js:147:9:147:37 | '/conca ... zation' | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:147:9:147:37 | '/conca ... zation' | calleeImports | express | -| autogenerated/TaintedPath/normalizedPaths.js:147:9:147:37 | '/conca ... zation' | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:147:9:147:37 | '/conca ... zation' | contextSurroundingFunctionParameters | | -| autogenerated/TaintedPath/normalizedPaths.js:147:9:147:37 | '/conca ... zation' | enclosingFunctionBody | | -| autogenerated/TaintedPath/normalizedPaths.js:147:9:147:37 | '/conca ... zation' | enclosingFunctionName | | -| autogenerated/TaintedPath/normalizedPaths.js:147:9:147:37 | '/conca ... zation' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:147:9:147:37 | '/conca ... zation' | receiverName | app | -| autogenerated/TaintedPath/normalizedPaths.js:147:9:147:37 | '/conca ... zation' | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:147:40:157:1 | (req, r ... // OK\\n} | CalleeFlexibleAccessPath | app.get | -| autogenerated/TaintedPath/normalizedPaths.js:147:40:157:1 | (req, r ... // OK\\n} | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:147:40:157:1 | (req, r ... // OK\\n} | InputArgumentIndex | 1 | -| autogenerated/TaintedPath/normalizedPaths.js:147:40:157:1 | (req, r ... // OK\\n} | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:147:40:157:1 | (req, r ... // OK\\n} | calleeImports | express | -| autogenerated/TaintedPath/normalizedPaths.js:147:40:157:1 | (req, r ... // OK\\n} | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:147:40:157:1 | (req, r ... // OK\\n} | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/normalizedPaths.js:147:40:157:1 | (req, r ... // OK\\n} | enclosingFunctionBody | | -| autogenerated/TaintedPath/normalizedPaths.js:147:40:157:1 | (req, r ... // OK\\n} | enclosingFunctionName | | -| autogenerated/TaintedPath/normalizedPaths.js:147:40:157:1 | (req, r ... // OK\\n} | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:147:40:157:1 | (req, r ... // OK\\n} | receiverName | app | -| autogenerated/TaintedPath/normalizedPaths.js:147:40:157:1 | (req, r ... // OK\\n} | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:148:14:148:58 | 'foo/' ... y.path) | CalleeFlexibleAccessPath | | -| autogenerated/TaintedPath/normalizedPaths.js:148:14:148:58 | 'foo/' ... y.path) | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:148:14:148:58 | 'foo/' ... y.path) | InputArgumentIndex | | -| autogenerated/TaintedPath/normalizedPaths.js:148:14:148:58 | 'foo/' ... y.path) | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:148:14:148:58 | 'foo/' ... y.path) | calleeImports | | -| autogenerated/TaintedPath/normalizedPaths.js:148:14:148:58 | 'foo/' ... y.path) | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:148:14:148:58 | 'foo/' ... y.path) | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/normalizedPaths.js:148:14:148:58 | 'foo/' ... y.path) | enclosingFunctionBody | req res path foo/ pathModule normalize req query path path startsWith .. fs readFileSync path fs readFileSync path path includes .. fs readFileSync path | -| autogenerated/TaintedPath/normalizedPaths.js:148:14:148:58 | 'foo/' ... y.path) | enclosingFunctionName | app.get#functionalargument | -| autogenerated/TaintedPath/normalizedPaths.js:148:14:148:58 | 'foo/' ... y.path) | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:148:14:148:58 | 'foo/' ... y.path) | receiverName | | -| autogenerated/TaintedPath/normalizedPaths.js:148:14:148:58 | 'foo/' ... y.path) | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:150:24:150:27 | '..' | CalleeFlexibleAccessPath | path.startsWith | -| autogenerated/TaintedPath/normalizedPaths.js:150:24:150:27 | '..' | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:150:24:150:27 | '..' | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/normalizedPaths.js:150:24:150:27 | '..' | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:150:24:150:27 | '..' | calleeImports | | -| autogenerated/TaintedPath/normalizedPaths.js:150:24:150:27 | '..' | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:150:24:150:27 | '..' | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/normalizedPaths.js:150:24:150:27 | '..' | enclosingFunctionBody | req res path foo/ pathModule normalize req query path path startsWith .. fs readFileSync path fs readFileSync path path includes .. fs readFileSync path | -| autogenerated/TaintedPath/normalizedPaths.js:150:24:150:27 | '..' | enclosingFunctionName | app.get#functionalargument | -| autogenerated/TaintedPath/normalizedPaths.js:150:24:150:27 | '..' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:150:24:150:27 | '..' | receiverName | path | -| autogenerated/TaintedPath/normalizedPaths.js:150:24:150:27 | '..' | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:151:21:151:24 | path | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/normalizedPaths.js:151:21:151:24 | path | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:151:21:151:24 | path | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/normalizedPaths.js:151:21:151:24 | path | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:151:21:151:24 | path | calleeImports | fs | -| autogenerated/TaintedPath/normalizedPaths.js:151:21:151:24 | path | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:151:21:151:24 | path | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/normalizedPaths.js:151:21:151:24 | path | enclosingFunctionBody | req res path foo/ pathModule normalize req query path path startsWith .. fs readFileSync path fs readFileSync path path includes .. fs readFileSync path | -| autogenerated/TaintedPath/normalizedPaths.js:151:21:151:24 | path | enclosingFunctionName | app.get#functionalargument | -| autogenerated/TaintedPath/normalizedPaths.js:151:21:151:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:151:21:151:24 | path | receiverName | fs | -| autogenerated/TaintedPath/normalizedPaths.js:151:21:151:24 | path | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:153:21:153:24 | path | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/normalizedPaths.js:153:21:153:24 | path | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:153:21:153:24 | path | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/normalizedPaths.js:153:21:153:24 | path | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:153:21:153:24 | path | calleeImports | fs | -| autogenerated/TaintedPath/normalizedPaths.js:153:21:153:24 | path | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:153:21:153:24 | path | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/normalizedPaths.js:153:21:153:24 | path | enclosingFunctionBody | req res path foo/ pathModule normalize req query path path startsWith .. fs readFileSync path fs readFileSync path path includes .. fs readFileSync path | -| autogenerated/TaintedPath/normalizedPaths.js:153:21:153:24 | path | enclosingFunctionName | app.get#functionalargument | -| autogenerated/TaintedPath/normalizedPaths.js:153:21:153:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:153:21:153:24 | path | receiverName | fs | -| autogenerated/TaintedPath/normalizedPaths.js:153:21:153:24 | path | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:155:22:155:25 | '..' | CalleeFlexibleAccessPath | path.includes | -| autogenerated/TaintedPath/normalizedPaths.js:155:22:155:25 | '..' | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:155:22:155:25 | '..' | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/normalizedPaths.js:155:22:155:25 | '..' | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:155:22:155:25 | '..' | calleeImports | | -| autogenerated/TaintedPath/normalizedPaths.js:155:22:155:25 | '..' | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:155:22:155:25 | '..' | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/normalizedPaths.js:155:22:155:25 | '..' | enclosingFunctionBody | req res path foo/ pathModule normalize req query path path startsWith .. fs readFileSync path fs readFileSync path path includes .. fs readFileSync path | -| autogenerated/TaintedPath/normalizedPaths.js:155:22:155:25 | '..' | enclosingFunctionName | app.get#functionalargument | -| autogenerated/TaintedPath/normalizedPaths.js:155:22:155:25 | '..' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:155:22:155:25 | '..' | receiverName | path | -| autogenerated/TaintedPath/normalizedPaths.js:155:22:155:25 | '..' | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:156:21:156:24 | path | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/normalizedPaths.js:156:21:156:24 | path | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:156:21:156:24 | path | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/normalizedPaths.js:156:21:156:24 | path | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:156:21:156:24 | path | calleeImports | fs | -| autogenerated/TaintedPath/normalizedPaths.js:156:21:156:24 | path | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:156:21:156:24 | path | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/normalizedPaths.js:156:21:156:24 | path | enclosingFunctionBody | req res path foo/ pathModule normalize req query path path startsWith .. fs readFileSync path fs readFileSync path path includes .. fs readFileSync path | -| autogenerated/TaintedPath/normalizedPaths.js:156:21:156:24 | path | enclosingFunctionName | app.get#functionalargument | -| autogenerated/TaintedPath/normalizedPaths.js:156:21:156:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:156:21:156:24 | path | receiverName | fs | -| autogenerated/TaintedPath/normalizedPaths.js:156:21:156:24 | path | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:159:9:159:19 | '/noDotDot' | CalleeFlexibleAccessPath | app.get | -| autogenerated/TaintedPath/normalizedPaths.js:159:9:159:19 | '/noDotDot' | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:159:9:159:19 | '/noDotDot' | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/normalizedPaths.js:159:9:159:19 | '/noDotDot' | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:159:9:159:19 | '/noDotDot' | calleeImports | express | -| autogenerated/TaintedPath/normalizedPaths.js:159:9:159:19 | '/noDotDot' | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:159:9:159:19 | '/noDotDot' | contextSurroundingFunctionParameters | | -| autogenerated/TaintedPath/normalizedPaths.js:159:9:159:19 | '/noDotDot' | enclosingFunctionBody | | -| autogenerated/TaintedPath/normalizedPaths.js:159:9:159:19 | '/noDotDot' | enclosingFunctionName | | -| autogenerated/TaintedPath/normalizedPaths.js:159:9:159:19 | '/noDotDot' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:159:9:159:19 | '/noDotDot' | receiverName | app | -| autogenerated/TaintedPath/normalizedPaths.js:159:9:159:19 | '/noDotDot' | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:159:22:171:1 | (req, r ... OT OK\\n} | CalleeFlexibleAccessPath | app.get | -| autogenerated/TaintedPath/normalizedPaths.js:159:22:171:1 | (req, r ... OT OK\\n} | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:159:22:171:1 | (req, r ... OT OK\\n} | InputArgumentIndex | 1 | -| autogenerated/TaintedPath/normalizedPaths.js:159:22:171:1 | (req, r ... OT OK\\n} | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:159:22:171:1 | (req, r ... OT OK\\n} | calleeImports | express | -| autogenerated/TaintedPath/normalizedPaths.js:159:22:171:1 | (req, r ... OT OK\\n} | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:159:22:171:1 | (req, r ... OT OK\\n} | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/normalizedPaths.js:159:22:171:1 | (req, r ... OT OK\\n} | enclosingFunctionBody | | -| autogenerated/TaintedPath/normalizedPaths.js:159:22:171:1 | (req, r ... OT OK\\n} | enclosingFunctionName | | -| autogenerated/TaintedPath/normalizedPaths.js:159:22:171:1 | (req, r ... OT OK\\n} | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:159:22:171:1 | (req, r ... OT OK\\n} | receiverName | app | -| autogenerated/TaintedPath/normalizedPaths.js:159:22:171:1 | (req, r ... OT OK\\n} | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:160:14:160:49 | pathMod ... y.path) | CalleeFlexibleAccessPath | | -| autogenerated/TaintedPath/normalizedPaths.js:160:14:160:49 | pathMod ... y.path) | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:160:14:160:49 | pathMod ... y.path) | InputArgumentIndex | | -| autogenerated/TaintedPath/normalizedPaths.js:160:14:160:49 | pathMod ... y.path) | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:160:14:160:49 | pathMod ... y.path) | calleeImports | | -| autogenerated/TaintedPath/normalizedPaths.js:160:14:160:49 | pathMod ... y.path) | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:160:14:160:49 | pathMod ... y.path) | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/normalizedPaths.js:160:14:160:49 | pathMod ... y.path) | enclosingFunctionBody | req res path pathModule normalize req query path path includes .. fs readFileSync path pathModule isAbsolute path fs readFileSync path fs readFileSync path | -| autogenerated/TaintedPath/normalizedPaths.js:160:14:160:49 | pathMod ... y.path) | enclosingFunctionName | app.get#functionalargument | -| autogenerated/TaintedPath/normalizedPaths.js:160:14:160:49 | pathMod ... y.path) | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:160:14:160:49 | pathMod ... y.path) | receiverName | | -| autogenerated/TaintedPath/normalizedPaths.js:160:14:160:49 | pathMod ... y.path) | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:162:21:162:24 | '..' | CalleeFlexibleAccessPath | path.includes | -| autogenerated/TaintedPath/normalizedPaths.js:162:21:162:24 | '..' | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:162:21:162:24 | '..' | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/normalizedPaths.js:162:21:162:24 | '..' | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:162:21:162:24 | '..' | calleeImports | path | -| autogenerated/TaintedPath/normalizedPaths.js:162:21:162:24 | '..' | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:162:21:162:24 | '..' | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/normalizedPaths.js:162:21:162:24 | '..' | enclosingFunctionBody | req res path pathModule normalize req query path path includes .. fs readFileSync path pathModule isAbsolute path fs readFileSync path fs readFileSync path | -| autogenerated/TaintedPath/normalizedPaths.js:162:21:162:24 | '..' | enclosingFunctionName | app.get#functionalargument | -| autogenerated/TaintedPath/normalizedPaths.js:162:21:162:24 | '..' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:162:21:162:24 | '..' | receiverName | path | -| autogenerated/TaintedPath/normalizedPaths.js:162:21:162:24 | '..' | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:165:19:165:22 | path | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/normalizedPaths.js:165:19:165:22 | path | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:165:19:165:22 | path | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/normalizedPaths.js:165:19:165:22 | path | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:165:19:165:22 | path | calleeImports | fs | -| autogenerated/TaintedPath/normalizedPaths.js:165:19:165:22 | path | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:165:19:165:22 | path | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/normalizedPaths.js:165:19:165:22 | path | enclosingFunctionBody | req res path pathModule normalize req query path path includes .. fs readFileSync path pathModule isAbsolute path fs readFileSync path fs readFileSync path | -| autogenerated/TaintedPath/normalizedPaths.js:165:19:165:22 | path | enclosingFunctionName | app.get#functionalargument | -| autogenerated/TaintedPath/normalizedPaths.js:165:19:165:22 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:165:19:165:22 | path | receiverName | fs | -| autogenerated/TaintedPath/normalizedPaths.js:165:19:165:22 | path | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:168:21:168:24 | path | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/normalizedPaths.js:168:21:168:24 | path | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:168:21:168:24 | path | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/normalizedPaths.js:168:21:168:24 | path | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:168:21:168:24 | path | calleeImports | fs | -| autogenerated/TaintedPath/normalizedPaths.js:168:21:168:24 | path | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:168:21:168:24 | path | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/normalizedPaths.js:168:21:168:24 | path | enclosingFunctionBody | req res path pathModule normalize req query path path includes .. fs readFileSync path pathModule isAbsolute path fs readFileSync path fs readFileSync path | -| autogenerated/TaintedPath/normalizedPaths.js:168:21:168:24 | path | enclosingFunctionName | app.get#functionalargument | -| autogenerated/TaintedPath/normalizedPaths.js:168:21:168:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:168:21:168:24 | path | receiverName | fs | -| autogenerated/TaintedPath/normalizedPaths.js:168:21:168:24 | path | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:170:21:170:24 | path | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/normalizedPaths.js:170:21:170:24 | path | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:170:21:170:24 | path | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/normalizedPaths.js:170:21:170:24 | path | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:170:21:170:24 | path | calleeImports | fs | -| autogenerated/TaintedPath/normalizedPaths.js:170:21:170:24 | path | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:170:21:170:24 | path | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/normalizedPaths.js:170:21:170:24 | path | enclosingFunctionBody | req res path pathModule normalize req query path path includes .. fs readFileSync path pathModule isAbsolute path fs readFileSync path fs readFileSync path | -| autogenerated/TaintedPath/normalizedPaths.js:170:21:170:24 | path | enclosingFunctionName | app.get#functionalargument | -| autogenerated/TaintedPath/normalizedPaths.js:170:21:170:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:170:21:170:24 | path | receiverName | fs | -| autogenerated/TaintedPath/normalizedPaths.js:170:21:170:24 | path | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:173:9:173:26 | '/join-regression' | CalleeFlexibleAccessPath | app.get | -| autogenerated/TaintedPath/normalizedPaths.js:173:9:173:26 | '/join-regression' | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:173:9:173:26 | '/join-regression' | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/normalizedPaths.js:173:9:173:26 | '/join-regression' | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:173:9:173:26 | '/join-regression' | calleeImports | express | -| autogenerated/TaintedPath/normalizedPaths.js:173:9:173:26 | '/join-regression' | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:173:9:173:26 | '/join-regression' | contextSurroundingFunctionParameters | | -| autogenerated/TaintedPath/normalizedPaths.js:173:9:173:26 | '/join-regression' | enclosingFunctionBody | | -| autogenerated/TaintedPath/normalizedPaths.js:173:9:173:26 | '/join-regression' | enclosingFunctionName | | -| autogenerated/TaintedPath/normalizedPaths.js:173:9:173:26 | '/join-regression' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:173:9:173:26 | '/join-regression' | receiverName | app | -| autogenerated/TaintedPath/normalizedPaths.js:173:9:173:26 | '/join-regression' | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:173:29:211:1 | (req, r ... OT OK\\n} | CalleeFlexibleAccessPath | app.get | -| autogenerated/TaintedPath/normalizedPaths.js:173:29:211:1 | (req, r ... OT OK\\n} | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:173:29:211:1 | (req, r ... OT OK\\n} | InputArgumentIndex | 1 | -| autogenerated/TaintedPath/normalizedPaths.js:173:29:211:1 | (req, r ... OT OK\\n} | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:173:29:211:1 | (req, r ... OT OK\\n} | calleeImports | express | -| autogenerated/TaintedPath/normalizedPaths.js:173:29:211:1 | (req, r ... OT OK\\n} | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:173:29:211:1 | (req, r ... OT OK\\n} | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/normalizedPaths.js:173:29:211:1 | (req, r ... OT OK\\n} | enclosingFunctionBody | | -| autogenerated/TaintedPath/normalizedPaths.js:173:29:211:1 | (req, r ... OT OK\\n} | enclosingFunctionName | | -| autogenerated/TaintedPath/normalizedPaths.js:173:29:211:1 | (req, r ... OT OK\\n} | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:173:29:211:1 | (req, r ... OT OK\\n} | receiverName | app | -| autogenerated/TaintedPath/normalizedPaths.js:173:29:211:1 | (req, r ... OT OK\\n} | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:180:23:180:25 | '/' | CalleeFlexibleAccessPath | path.startsWith | -| autogenerated/TaintedPath/normalizedPaths.js:180:23:180:25 | '/' | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:180:23:180:25 | '/' | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/normalizedPaths.js:180:23:180:25 | '/' | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:180:23:180:25 | '/' | calleeImports | | -| autogenerated/TaintedPath/normalizedPaths.js:180:23:180:25 | '/' | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:180:23:180:25 | '/' | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/normalizedPaths.js:180:23:180:25 | '/' | enclosingFunctionBody | req res path req query path pathModule isAbsolute path path path path startsWith / path path path startsWith /x path path path startsWith . path path fs readFileSync path pathModule isAbsolute path fs readFileSync path fs readFileSync path path includes .. fs readFileSync path fs readFileSync path path includes .. pathModule isAbsolute path fs readFileSync path fs readFileSync path normalizedPath pathModule normalize path normalizedPath startsWith /home/user/www fs readFileSync normalizedPath fs readFileSync normalizedPath normalizedPath startsWith /home/user/www normalizedPath startsWith /home/user/public fs readFileSync normalizedPath fs readFileSync normalizedPath | -| autogenerated/TaintedPath/normalizedPaths.js:180:23:180:25 | '/' | enclosingFunctionName | app.get#functionalargument | -| autogenerated/TaintedPath/normalizedPaths.js:180:23:180:25 | '/' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:180:23:180:25 | '/' | receiverName | path | -| autogenerated/TaintedPath/normalizedPaths.js:180:23:180:25 | '/' | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:181:23:181:26 | '/x' | CalleeFlexibleAccessPath | path.startsWith | -| autogenerated/TaintedPath/normalizedPaths.js:181:23:181:26 | '/x' | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:181:23:181:26 | '/x' | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/normalizedPaths.js:181:23:181:26 | '/x' | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:181:23:181:26 | '/x' | calleeImports | | -| autogenerated/TaintedPath/normalizedPaths.js:181:23:181:26 | '/x' | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:181:23:181:26 | '/x' | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/normalizedPaths.js:181:23:181:26 | '/x' | enclosingFunctionBody | req res path req query path pathModule isAbsolute path path path path startsWith / path path path startsWith /x path path path startsWith . path path fs readFileSync path pathModule isAbsolute path fs readFileSync path fs readFileSync path path includes .. fs readFileSync path fs readFileSync path path includes .. pathModule isAbsolute path fs readFileSync path fs readFileSync path normalizedPath pathModule normalize path normalizedPath startsWith /home/user/www fs readFileSync normalizedPath fs readFileSync normalizedPath normalizedPath startsWith /home/user/www normalizedPath startsWith /home/user/public fs readFileSync normalizedPath fs readFileSync normalizedPath | -| autogenerated/TaintedPath/normalizedPaths.js:181:23:181:26 | '/x' | enclosingFunctionName | app.get#functionalargument | -| autogenerated/TaintedPath/normalizedPaths.js:181:23:181:26 | '/x' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:181:23:181:26 | '/x' | receiverName | path | -| autogenerated/TaintedPath/normalizedPaths.js:181:23:181:26 | '/x' | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:182:23:182:25 | '.' | CalleeFlexibleAccessPath | path.startsWith | -| autogenerated/TaintedPath/normalizedPaths.js:182:23:182:25 | '.' | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:182:23:182:25 | '.' | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/normalizedPaths.js:182:23:182:25 | '.' | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:182:23:182:25 | '.' | calleeImports | | -| autogenerated/TaintedPath/normalizedPaths.js:182:23:182:25 | '.' | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:182:23:182:25 | '.' | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/normalizedPaths.js:182:23:182:25 | '.' | enclosingFunctionBody | req res path req query path pathModule isAbsolute path path path path startsWith / path path path startsWith /x path path path startsWith . path path fs readFileSync path pathModule isAbsolute path fs readFileSync path fs readFileSync path path includes .. fs readFileSync path fs readFileSync path path includes .. pathModule isAbsolute path fs readFileSync path fs readFileSync path normalizedPath pathModule normalize path normalizedPath startsWith /home/user/www fs readFileSync normalizedPath fs readFileSync normalizedPath normalizedPath startsWith /home/user/www normalizedPath startsWith /home/user/public fs readFileSync normalizedPath fs readFileSync normalizedPath | -| autogenerated/TaintedPath/normalizedPaths.js:182:23:182:25 | '.' | enclosingFunctionName | app.get#functionalargument | -| autogenerated/TaintedPath/normalizedPaths.js:182:23:182:25 | '.' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:182:23:182:25 | '.' | receiverName | path | -| autogenerated/TaintedPath/normalizedPaths.js:182:23:182:25 | '.' | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:184:19:184:22 | path | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/normalizedPaths.js:184:19:184:22 | path | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:184:19:184:22 | path | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/normalizedPaths.js:184:19:184:22 | path | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:184:19:184:22 | path | calleeImports | fs | -| autogenerated/TaintedPath/normalizedPaths.js:184:19:184:22 | path | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:184:19:184:22 | path | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/normalizedPaths.js:184:19:184:22 | path | enclosingFunctionBody | req res path req query path pathModule isAbsolute path path path path startsWith / path path path startsWith /x path path path startsWith . path path fs readFileSync path pathModule isAbsolute path fs readFileSync path fs readFileSync path path includes .. fs readFileSync path fs readFileSync path path includes .. pathModule isAbsolute path fs readFileSync path fs readFileSync path normalizedPath pathModule normalize path normalizedPath startsWith /home/user/www fs readFileSync normalizedPath fs readFileSync normalizedPath normalizedPath startsWith /home/user/www normalizedPath startsWith /home/user/public fs readFileSync normalizedPath fs readFileSync normalizedPath | -| autogenerated/TaintedPath/normalizedPaths.js:184:19:184:22 | path | enclosingFunctionName | app.get#functionalargument | -| autogenerated/TaintedPath/normalizedPaths.js:184:19:184:22 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:184:19:184:22 | path | receiverName | fs | -| autogenerated/TaintedPath/normalizedPaths.js:184:19:184:22 | path | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:187:21:187:24 | path | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/normalizedPaths.js:187:21:187:24 | path | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:187:21:187:24 | path | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/normalizedPaths.js:187:21:187:24 | path | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:187:21:187:24 | path | calleeImports | fs | -| autogenerated/TaintedPath/normalizedPaths.js:187:21:187:24 | path | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:187:21:187:24 | path | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/normalizedPaths.js:187:21:187:24 | path | enclosingFunctionBody | req res path req query path pathModule isAbsolute path path path path startsWith / path path path startsWith /x path path path startsWith . path path fs readFileSync path pathModule isAbsolute path fs readFileSync path fs readFileSync path path includes .. fs readFileSync path fs readFileSync path path includes .. pathModule isAbsolute path fs readFileSync path fs readFileSync path normalizedPath pathModule normalize path normalizedPath startsWith /home/user/www fs readFileSync normalizedPath fs readFileSync normalizedPath normalizedPath startsWith /home/user/www normalizedPath startsWith /home/user/public fs readFileSync normalizedPath fs readFileSync normalizedPath | -| autogenerated/TaintedPath/normalizedPaths.js:187:21:187:24 | path | enclosingFunctionName | app.get#functionalargument | -| autogenerated/TaintedPath/normalizedPaths.js:187:21:187:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:187:21:187:24 | path | receiverName | fs | -| autogenerated/TaintedPath/normalizedPaths.js:187:21:187:24 | path | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:189:21:189:24 | path | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/normalizedPaths.js:189:21:189:24 | path | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:189:21:189:24 | path | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/normalizedPaths.js:189:21:189:24 | path | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:189:21:189:24 | path | calleeImports | fs | -| autogenerated/TaintedPath/normalizedPaths.js:189:21:189:24 | path | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:189:21:189:24 | path | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/normalizedPaths.js:189:21:189:24 | path | enclosingFunctionBody | req res path req query path pathModule isAbsolute path path path path startsWith / path path path startsWith /x path path path startsWith . path path fs readFileSync path pathModule isAbsolute path fs readFileSync path fs readFileSync path path includes .. fs readFileSync path fs readFileSync path path includes .. pathModule isAbsolute path fs readFileSync path fs readFileSync path normalizedPath pathModule normalize path normalizedPath startsWith /home/user/www fs readFileSync normalizedPath fs readFileSync normalizedPath normalizedPath startsWith /home/user/www normalizedPath startsWith /home/user/public fs readFileSync normalizedPath fs readFileSync normalizedPath | -| autogenerated/TaintedPath/normalizedPaths.js:189:21:189:24 | path | enclosingFunctionName | app.get#functionalargument | -| autogenerated/TaintedPath/normalizedPaths.js:189:21:189:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:189:21:189:24 | path | receiverName | fs | -| autogenerated/TaintedPath/normalizedPaths.js:189:21:189:24 | path | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:191:21:191:24 | '..' | CalleeFlexibleAccessPath | path.includes | -| autogenerated/TaintedPath/normalizedPaths.js:191:21:191:24 | '..' | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:191:21:191:24 | '..' | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/normalizedPaths.js:191:21:191:24 | '..' | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:191:21:191:24 | '..' | calleeImports | | -| autogenerated/TaintedPath/normalizedPaths.js:191:21:191:24 | '..' | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:191:21:191:24 | '..' | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/normalizedPaths.js:191:21:191:24 | '..' | enclosingFunctionBody | req res path req query path pathModule isAbsolute path path path path startsWith / path path path startsWith /x path path path startsWith . path path fs readFileSync path pathModule isAbsolute path fs readFileSync path fs readFileSync path path includes .. fs readFileSync path fs readFileSync path path includes .. pathModule isAbsolute path fs readFileSync path fs readFileSync path normalizedPath pathModule normalize path normalizedPath startsWith /home/user/www fs readFileSync normalizedPath fs readFileSync normalizedPath normalizedPath startsWith /home/user/www normalizedPath startsWith /home/user/public fs readFileSync normalizedPath fs readFileSync normalizedPath | -| autogenerated/TaintedPath/normalizedPaths.js:191:21:191:24 | '..' | enclosingFunctionName | app.get#functionalargument | -| autogenerated/TaintedPath/normalizedPaths.js:191:21:191:24 | '..' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:191:21:191:24 | '..' | receiverName | path | -| autogenerated/TaintedPath/normalizedPaths.js:191:21:191:24 | '..' | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:192:21:192:24 | path | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/normalizedPaths.js:192:21:192:24 | path | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:192:21:192:24 | path | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/normalizedPaths.js:192:21:192:24 | path | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:192:21:192:24 | path | calleeImports | fs | -| autogenerated/TaintedPath/normalizedPaths.js:192:21:192:24 | path | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:192:21:192:24 | path | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/normalizedPaths.js:192:21:192:24 | path | enclosingFunctionBody | req res path req query path pathModule isAbsolute path path path path startsWith / path path path startsWith /x path path path startsWith . path path fs readFileSync path pathModule isAbsolute path fs readFileSync path fs readFileSync path path includes .. fs readFileSync path fs readFileSync path path includes .. pathModule isAbsolute path fs readFileSync path fs readFileSync path normalizedPath pathModule normalize path normalizedPath startsWith /home/user/www fs readFileSync normalizedPath fs readFileSync normalizedPath normalizedPath startsWith /home/user/www normalizedPath startsWith /home/user/public fs readFileSync normalizedPath fs readFileSync normalizedPath | -| autogenerated/TaintedPath/normalizedPaths.js:192:21:192:24 | path | enclosingFunctionName | app.get#functionalargument | -| autogenerated/TaintedPath/normalizedPaths.js:192:21:192:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:192:21:192:24 | path | receiverName | fs | -| autogenerated/TaintedPath/normalizedPaths.js:192:21:192:24 | path | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:194:21:194:24 | path | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/normalizedPaths.js:194:21:194:24 | path | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:194:21:194:24 | path | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/normalizedPaths.js:194:21:194:24 | path | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:194:21:194:24 | path | calleeImports | fs | -| autogenerated/TaintedPath/normalizedPaths.js:194:21:194:24 | path | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:194:21:194:24 | path | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/normalizedPaths.js:194:21:194:24 | path | enclosingFunctionBody | req res path req query path pathModule isAbsolute path path path path startsWith / path path path startsWith /x path path path startsWith . path path fs readFileSync path pathModule isAbsolute path fs readFileSync path fs readFileSync path path includes .. fs readFileSync path fs readFileSync path path includes .. pathModule isAbsolute path fs readFileSync path fs readFileSync path normalizedPath pathModule normalize path normalizedPath startsWith /home/user/www fs readFileSync normalizedPath fs readFileSync normalizedPath normalizedPath startsWith /home/user/www normalizedPath startsWith /home/user/public fs readFileSync normalizedPath fs readFileSync normalizedPath | -| autogenerated/TaintedPath/normalizedPaths.js:194:21:194:24 | path | enclosingFunctionName | app.get#functionalargument | -| autogenerated/TaintedPath/normalizedPaths.js:194:21:194:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:194:21:194:24 | path | receiverName | fs | -| autogenerated/TaintedPath/normalizedPaths.js:194:21:194:24 | path | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:196:22:196:25 | '..' | CalleeFlexibleAccessPath | path.includes | -| autogenerated/TaintedPath/normalizedPaths.js:196:22:196:25 | '..' | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:196:22:196:25 | '..' | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/normalizedPaths.js:196:22:196:25 | '..' | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:196:22:196:25 | '..' | calleeImports | | -| autogenerated/TaintedPath/normalizedPaths.js:196:22:196:25 | '..' | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:196:22:196:25 | '..' | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/normalizedPaths.js:196:22:196:25 | '..' | enclosingFunctionBody | req res path req query path pathModule isAbsolute path path path path startsWith / path path path startsWith /x path path path startsWith . path path fs readFileSync path pathModule isAbsolute path fs readFileSync path fs readFileSync path path includes .. fs readFileSync path fs readFileSync path path includes .. pathModule isAbsolute path fs readFileSync path fs readFileSync path normalizedPath pathModule normalize path normalizedPath startsWith /home/user/www fs readFileSync normalizedPath fs readFileSync normalizedPath normalizedPath startsWith /home/user/www normalizedPath startsWith /home/user/public fs readFileSync normalizedPath fs readFileSync normalizedPath | -| autogenerated/TaintedPath/normalizedPaths.js:196:22:196:25 | '..' | enclosingFunctionName | app.get#functionalargument | -| autogenerated/TaintedPath/normalizedPaths.js:196:22:196:25 | '..' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:196:22:196:25 | '..' | receiverName | path | -| autogenerated/TaintedPath/normalizedPaths.js:196:22:196:25 | '..' | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:197:21:197:24 | path | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/normalizedPaths.js:197:21:197:24 | path | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:197:21:197:24 | path | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/normalizedPaths.js:197:21:197:24 | path | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:197:21:197:24 | path | calleeImports | fs | -| autogenerated/TaintedPath/normalizedPaths.js:197:21:197:24 | path | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:197:21:197:24 | path | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/normalizedPaths.js:197:21:197:24 | path | enclosingFunctionBody | req res path req query path pathModule isAbsolute path path path path startsWith / path path path startsWith /x path path path startsWith . path path fs readFileSync path pathModule isAbsolute path fs readFileSync path fs readFileSync path path includes .. fs readFileSync path fs readFileSync path path includes .. pathModule isAbsolute path fs readFileSync path fs readFileSync path normalizedPath pathModule normalize path normalizedPath startsWith /home/user/www fs readFileSync normalizedPath fs readFileSync normalizedPath normalizedPath startsWith /home/user/www normalizedPath startsWith /home/user/public fs readFileSync normalizedPath fs readFileSync normalizedPath | -| autogenerated/TaintedPath/normalizedPaths.js:197:21:197:24 | path | enclosingFunctionName | app.get#functionalargument | -| autogenerated/TaintedPath/normalizedPaths.js:197:21:197:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:197:21:197:24 | path | receiverName | fs | -| autogenerated/TaintedPath/normalizedPaths.js:197:21:197:24 | path | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:199:21:199:24 | path | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/normalizedPaths.js:199:21:199:24 | path | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:199:21:199:24 | path | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/normalizedPaths.js:199:21:199:24 | path | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:199:21:199:24 | path | calleeImports | fs | -| autogenerated/TaintedPath/normalizedPaths.js:199:21:199:24 | path | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:199:21:199:24 | path | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/normalizedPaths.js:199:21:199:24 | path | enclosingFunctionBody | req res path req query path pathModule isAbsolute path path path path startsWith / path path path startsWith /x path path path startsWith . path path fs readFileSync path pathModule isAbsolute path fs readFileSync path fs readFileSync path path includes .. fs readFileSync path fs readFileSync path path includes .. pathModule isAbsolute path fs readFileSync path fs readFileSync path normalizedPath pathModule normalize path normalizedPath startsWith /home/user/www fs readFileSync normalizedPath fs readFileSync normalizedPath normalizedPath startsWith /home/user/www normalizedPath startsWith /home/user/public fs readFileSync normalizedPath fs readFileSync normalizedPath | -| autogenerated/TaintedPath/normalizedPaths.js:199:21:199:24 | path | enclosingFunctionName | app.get#functionalargument | -| autogenerated/TaintedPath/normalizedPaths.js:199:21:199:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:199:21:199:24 | path | receiverName | fs | -| autogenerated/TaintedPath/normalizedPaths.js:199:21:199:24 | path | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:202:33:202:48 | '/home/user/www' | CalleeFlexibleAccessPath | normalizedPath.startsWith | -| autogenerated/TaintedPath/normalizedPaths.js:202:33:202:48 | '/home/user/www' | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:202:33:202:48 | '/home/user/www' | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/normalizedPaths.js:202:33:202:48 | '/home/user/www' | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:202:33:202:48 | '/home/user/www' | calleeImports | path | -| autogenerated/TaintedPath/normalizedPaths.js:202:33:202:48 | '/home/user/www' | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:202:33:202:48 | '/home/user/www' | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/normalizedPaths.js:202:33:202:48 | '/home/user/www' | enclosingFunctionBody | req res path req query path pathModule isAbsolute path path path path startsWith / path path path startsWith /x path path path startsWith . path path fs readFileSync path pathModule isAbsolute path fs readFileSync path fs readFileSync path path includes .. fs readFileSync path fs readFileSync path path includes .. pathModule isAbsolute path fs readFileSync path fs readFileSync path normalizedPath pathModule normalize path normalizedPath startsWith /home/user/www fs readFileSync normalizedPath fs readFileSync normalizedPath normalizedPath startsWith /home/user/www normalizedPath startsWith /home/user/public fs readFileSync normalizedPath fs readFileSync normalizedPath | -| autogenerated/TaintedPath/normalizedPaths.js:202:33:202:48 | '/home/user/www' | enclosingFunctionName | app.get#functionalargument | -| autogenerated/TaintedPath/normalizedPaths.js:202:33:202:48 | '/home/user/www' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:202:33:202:48 | '/home/user/www' | receiverName | normalizedPath | -| autogenerated/TaintedPath/normalizedPaths.js:202:33:202:48 | '/home/user/www' | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:203:21:203:34 | normalizedPath | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/normalizedPaths.js:203:21:203:34 | normalizedPath | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:203:21:203:34 | normalizedPath | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/normalizedPaths.js:203:21:203:34 | normalizedPath | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:203:21:203:34 | normalizedPath | calleeImports | fs | -| autogenerated/TaintedPath/normalizedPaths.js:203:21:203:34 | normalizedPath | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:203:21:203:34 | normalizedPath | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/normalizedPaths.js:203:21:203:34 | normalizedPath | enclosingFunctionBody | req res path req query path pathModule isAbsolute path path path path startsWith / path path path startsWith /x path path path startsWith . path path fs readFileSync path pathModule isAbsolute path fs readFileSync path fs readFileSync path path includes .. fs readFileSync path fs readFileSync path path includes .. pathModule isAbsolute path fs readFileSync path fs readFileSync path normalizedPath pathModule normalize path normalizedPath startsWith /home/user/www fs readFileSync normalizedPath fs readFileSync normalizedPath normalizedPath startsWith /home/user/www normalizedPath startsWith /home/user/public fs readFileSync normalizedPath fs readFileSync normalizedPath | -| autogenerated/TaintedPath/normalizedPaths.js:203:21:203:34 | normalizedPath | enclosingFunctionName | app.get#functionalargument | -| autogenerated/TaintedPath/normalizedPaths.js:203:21:203:34 | normalizedPath | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:203:21:203:34 | normalizedPath | receiverName | fs | -| autogenerated/TaintedPath/normalizedPaths.js:203:21:203:34 | normalizedPath | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:205:21:205:34 | normalizedPath | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/normalizedPaths.js:205:21:205:34 | normalizedPath | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:205:21:205:34 | normalizedPath | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/normalizedPaths.js:205:21:205:34 | normalizedPath | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:205:21:205:34 | normalizedPath | calleeImports | fs | -| autogenerated/TaintedPath/normalizedPaths.js:205:21:205:34 | normalizedPath | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:205:21:205:34 | normalizedPath | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/normalizedPaths.js:205:21:205:34 | normalizedPath | enclosingFunctionBody | req res path req query path pathModule isAbsolute path path path path startsWith / path path path startsWith /x path path path startsWith . path path fs readFileSync path pathModule isAbsolute path fs readFileSync path fs readFileSync path path includes .. fs readFileSync path fs readFileSync path path includes .. pathModule isAbsolute path fs readFileSync path fs readFileSync path normalizedPath pathModule normalize path normalizedPath startsWith /home/user/www fs readFileSync normalizedPath fs readFileSync normalizedPath normalizedPath startsWith /home/user/www normalizedPath startsWith /home/user/public fs readFileSync normalizedPath fs readFileSync normalizedPath | -| autogenerated/TaintedPath/normalizedPaths.js:205:21:205:34 | normalizedPath | enclosingFunctionName | app.get#functionalargument | -| autogenerated/TaintedPath/normalizedPaths.js:205:21:205:34 | normalizedPath | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:205:21:205:34 | normalizedPath | receiverName | fs | -| autogenerated/TaintedPath/normalizedPaths.js:205:21:205:34 | normalizedPath | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:207:33:207:48 | '/home/user/www' | CalleeFlexibleAccessPath | normalizedPath.startsWith | -| autogenerated/TaintedPath/normalizedPaths.js:207:33:207:48 | '/home/user/www' | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:207:33:207:48 | '/home/user/www' | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/normalizedPaths.js:207:33:207:48 | '/home/user/www' | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:207:33:207:48 | '/home/user/www' | calleeImports | path | -| autogenerated/TaintedPath/normalizedPaths.js:207:33:207:48 | '/home/user/www' | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:207:33:207:48 | '/home/user/www' | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/normalizedPaths.js:207:33:207:48 | '/home/user/www' | enclosingFunctionBody | req res path req query path pathModule isAbsolute path path path path startsWith / path path path startsWith /x path path path startsWith . path path fs readFileSync path pathModule isAbsolute path fs readFileSync path fs readFileSync path path includes .. fs readFileSync path fs readFileSync path path includes .. pathModule isAbsolute path fs readFileSync path fs readFileSync path normalizedPath pathModule normalize path normalizedPath startsWith /home/user/www fs readFileSync normalizedPath fs readFileSync normalizedPath normalizedPath startsWith /home/user/www normalizedPath startsWith /home/user/public fs readFileSync normalizedPath fs readFileSync normalizedPath | -| autogenerated/TaintedPath/normalizedPaths.js:207:33:207:48 | '/home/user/www' | enclosingFunctionName | app.get#functionalargument | -| autogenerated/TaintedPath/normalizedPaths.js:207:33:207:48 | '/home/user/www' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:207:33:207:48 | '/home/user/www' | receiverName | normalizedPath | -| autogenerated/TaintedPath/normalizedPaths.js:207:33:207:48 | '/home/user/www' | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:207:80:207:98 | '/home/user/public' | CalleeFlexibleAccessPath | normalizedPath.startsWith | -| autogenerated/TaintedPath/normalizedPaths.js:207:80:207:98 | '/home/user/public' | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:207:80:207:98 | '/home/user/public' | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/normalizedPaths.js:207:80:207:98 | '/home/user/public' | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:207:80:207:98 | '/home/user/public' | calleeImports | path | -| autogenerated/TaintedPath/normalizedPaths.js:207:80:207:98 | '/home/user/public' | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:207:80:207:98 | '/home/user/public' | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/normalizedPaths.js:207:80:207:98 | '/home/user/public' | enclosingFunctionBody | req res path req query path pathModule isAbsolute path path path path startsWith / path path path startsWith /x path path path startsWith . path path fs readFileSync path pathModule isAbsolute path fs readFileSync path fs readFileSync path path includes .. fs readFileSync path fs readFileSync path path includes .. pathModule isAbsolute path fs readFileSync path fs readFileSync path normalizedPath pathModule normalize path normalizedPath startsWith /home/user/www fs readFileSync normalizedPath fs readFileSync normalizedPath normalizedPath startsWith /home/user/www normalizedPath startsWith /home/user/public fs readFileSync normalizedPath fs readFileSync normalizedPath | -| autogenerated/TaintedPath/normalizedPaths.js:207:80:207:98 | '/home/user/public' | enclosingFunctionName | app.get#functionalargument | -| autogenerated/TaintedPath/normalizedPaths.js:207:80:207:98 | '/home/user/public' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:207:80:207:98 | '/home/user/public' | receiverName | normalizedPath | -| autogenerated/TaintedPath/normalizedPaths.js:207:80:207:98 | '/home/user/public' | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:208:21:208:34 | normalizedPath | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/normalizedPaths.js:208:21:208:34 | normalizedPath | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:208:21:208:34 | normalizedPath | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/normalizedPaths.js:208:21:208:34 | normalizedPath | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:208:21:208:34 | normalizedPath | calleeImports | fs | -| autogenerated/TaintedPath/normalizedPaths.js:208:21:208:34 | normalizedPath | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:208:21:208:34 | normalizedPath | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/normalizedPaths.js:208:21:208:34 | normalizedPath | enclosingFunctionBody | req res path req query path pathModule isAbsolute path path path path startsWith / path path path startsWith /x path path path startsWith . path path fs readFileSync path pathModule isAbsolute path fs readFileSync path fs readFileSync path path includes .. fs readFileSync path fs readFileSync path path includes .. pathModule isAbsolute path fs readFileSync path fs readFileSync path normalizedPath pathModule normalize path normalizedPath startsWith /home/user/www fs readFileSync normalizedPath fs readFileSync normalizedPath normalizedPath startsWith /home/user/www normalizedPath startsWith /home/user/public fs readFileSync normalizedPath fs readFileSync normalizedPath | -| autogenerated/TaintedPath/normalizedPaths.js:208:21:208:34 | normalizedPath | enclosingFunctionName | app.get#functionalargument | -| autogenerated/TaintedPath/normalizedPaths.js:208:21:208:34 | normalizedPath | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:208:21:208:34 | normalizedPath | receiverName | fs | -| autogenerated/TaintedPath/normalizedPaths.js:208:21:208:34 | normalizedPath | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:210:21:210:34 | normalizedPath | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/normalizedPaths.js:210:21:210:34 | normalizedPath | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:210:21:210:34 | normalizedPath | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/normalizedPaths.js:210:21:210:34 | normalizedPath | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:210:21:210:34 | normalizedPath | calleeImports | fs | -| autogenerated/TaintedPath/normalizedPaths.js:210:21:210:34 | normalizedPath | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:210:21:210:34 | normalizedPath | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/normalizedPaths.js:210:21:210:34 | normalizedPath | enclosingFunctionBody | req res path req query path pathModule isAbsolute path path path path startsWith / path path path startsWith /x path path path startsWith . path path fs readFileSync path pathModule isAbsolute path fs readFileSync path fs readFileSync path path includes .. fs readFileSync path fs readFileSync path path includes .. pathModule isAbsolute path fs readFileSync path fs readFileSync path normalizedPath pathModule normalize path normalizedPath startsWith /home/user/www fs readFileSync normalizedPath fs readFileSync normalizedPath normalizedPath startsWith /home/user/www normalizedPath startsWith /home/user/public fs readFileSync normalizedPath fs readFileSync normalizedPath | -| autogenerated/TaintedPath/normalizedPaths.js:210:21:210:34 | normalizedPath | enclosingFunctionName | app.get#functionalargument | -| autogenerated/TaintedPath/normalizedPaths.js:210:21:210:34 | normalizedPath | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:210:21:210:34 | normalizedPath | receiverName | fs | -| autogenerated/TaintedPath/normalizedPaths.js:210:21:210:34 | normalizedPath | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:213:9:213:37 | '/decod ... zation' | CalleeFlexibleAccessPath | app.get | -| autogenerated/TaintedPath/normalizedPaths.js:213:9:213:37 | '/decod ... zation' | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:213:9:213:37 | '/decod ... zation' | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/normalizedPaths.js:213:9:213:37 | '/decod ... zation' | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:213:9:213:37 | '/decod ... zation' | calleeImports | express | -| autogenerated/TaintedPath/normalizedPaths.js:213:9:213:37 | '/decod ... zation' | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:213:9:213:37 | '/decod ... zation' | contextSurroundingFunctionParameters | | -| autogenerated/TaintedPath/normalizedPaths.js:213:9:213:37 | '/decod ... zation' | enclosingFunctionBody | | -| autogenerated/TaintedPath/normalizedPaths.js:213:9:213:37 | '/decod ... zation' | enclosingFunctionName | | -| autogenerated/TaintedPath/normalizedPaths.js:213:9:213:37 | '/decod ... zation' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:213:9:213:37 | '/decod ... zation' | receiverName | app | -| autogenerated/TaintedPath/normalizedPaths.js:213:9:213:37 | '/decod ... zation' | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:213:40:223:1 | (req, r ... lized\\n} | CalleeFlexibleAccessPath | app.get | -| autogenerated/TaintedPath/normalizedPaths.js:213:40:223:1 | (req, r ... lized\\n} | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:213:40:223:1 | (req, r ... lized\\n} | InputArgumentIndex | 1 | -| autogenerated/TaintedPath/normalizedPaths.js:213:40:223:1 | (req, r ... lized\\n} | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:213:40:223:1 | (req, r ... lized\\n} | calleeImports | express | -| autogenerated/TaintedPath/normalizedPaths.js:213:40:223:1 | (req, r ... lized\\n} | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:213:40:223:1 | (req, r ... lized\\n} | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/normalizedPaths.js:213:40:223:1 | (req, r ... lized\\n} | enclosingFunctionBody | | -| autogenerated/TaintedPath/normalizedPaths.js:213:40:223:1 | (req, r ... lized\\n} | enclosingFunctionName | | -| autogenerated/TaintedPath/normalizedPaths.js:213:40:223:1 | (req, r ... lized\\n} | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:213:40:223:1 | (req, r ... lized\\n} | receiverName | app | -| autogenerated/TaintedPath/normalizedPaths.js:213:40:223:1 | (req, r ... lized\\n} | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:214:14:214:49 | pathMod ... y.path) | CalleeFlexibleAccessPath | | -| autogenerated/TaintedPath/normalizedPaths.js:214:14:214:49 | pathMod ... y.path) | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:214:14:214:49 | pathMod ... y.path) | InputArgumentIndex | | -| autogenerated/TaintedPath/normalizedPaths.js:214:14:214:49 | pathMod ... y.path) | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:214:14:214:49 | pathMod ... y.path) | calleeImports | | -| autogenerated/TaintedPath/normalizedPaths.js:214:14:214:49 | pathMod ... y.path) | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:214:14:214:49 | pathMod ... y.path) | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/normalizedPaths.js:214:14:214:49 | pathMod ... y.path) | enclosingFunctionBody | req res path pathModule normalize req query path pathModule isAbsolute path path startsWith .. fs readFileSync path path decodeURIComponent path pathModule isAbsolute path path startsWith .. fs readFileSync path | -| autogenerated/TaintedPath/normalizedPaths.js:214:14:214:49 | pathMod ... y.path) | enclosingFunctionName | app.get#functionalargument | -| autogenerated/TaintedPath/normalizedPaths.js:214:14:214:49 | pathMod ... y.path) | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:214:14:214:49 | pathMod ... y.path) | receiverName | | -| autogenerated/TaintedPath/normalizedPaths.js:214:14:214:49 | pathMod ... y.path) | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:216:56:216:59 | '..' | CalleeFlexibleAccessPath | path.startsWith | -| autogenerated/TaintedPath/normalizedPaths.js:216:56:216:59 | '..' | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:216:56:216:59 | '..' | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/normalizedPaths.js:216:56:216:59 | '..' | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:216:56:216:59 | '..' | calleeImports | path | -| autogenerated/TaintedPath/normalizedPaths.js:216:56:216:59 | '..' | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:216:56:216:59 | '..' | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/normalizedPaths.js:216:56:216:59 | '..' | enclosingFunctionBody | req res path pathModule normalize req query path pathModule isAbsolute path path startsWith .. fs readFileSync path path decodeURIComponent path pathModule isAbsolute path path startsWith .. fs readFileSync path | -| autogenerated/TaintedPath/normalizedPaths.js:216:56:216:59 | '..' | enclosingFunctionName | app.get#functionalargument | -| autogenerated/TaintedPath/normalizedPaths.js:216:56:216:59 | '..' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:216:56:216:59 | '..' | receiverName | path | -| autogenerated/TaintedPath/normalizedPaths.js:216:56:216:59 | '..' | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:217:21:217:24 | path | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/normalizedPaths.js:217:21:217:24 | path | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:217:21:217:24 | path | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/normalizedPaths.js:217:21:217:24 | path | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:217:21:217:24 | path | calleeImports | fs | -| autogenerated/TaintedPath/normalizedPaths.js:217:21:217:24 | path | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:217:21:217:24 | path | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/normalizedPaths.js:217:21:217:24 | path | enclosingFunctionBody | req res path pathModule normalize req query path pathModule isAbsolute path path startsWith .. fs readFileSync path path decodeURIComponent path pathModule isAbsolute path path startsWith .. fs readFileSync path | -| autogenerated/TaintedPath/normalizedPaths.js:217:21:217:24 | path | enclosingFunctionName | app.get#functionalargument | -| autogenerated/TaintedPath/normalizedPaths.js:217:21:217:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:217:21:217:24 | path | receiverName | fs | -| autogenerated/TaintedPath/normalizedPaths.js:217:21:217:24 | path | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:219:10:219:33 | decodeU ... t(path) | CalleeFlexibleAccessPath | | -| autogenerated/TaintedPath/normalizedPaths.js:219:10:219:33 | decodeU ... t(path) | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:219:10:219:33 | decodeU ... t(path) | InputArgumentIndex | | -| autogenerated/TaintedPath/normalizedPaths.js:219:10:219:33 | decodeU ... t(path) | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:219:10:219:33 | decodeU ... t(path) | calleeImports | | -| autogenerated/TaintedPath/normalizedPaths.js:219:10:219:33 | decodeU ... t(path) | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:219:10:219:33 | decodeU ... t(path) | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/normalizedPaths.js:219:10:219:33 | decodeU ... t(path) | enclosingFunctionBody | req res path pathModule normalize req query path pathModule isAbsolute path path startsWith .. fs readFileSync path path decodeURIComponent path pathModule isAbsolute path path startsWith .. fs readFileSync path | -| autogenerated/TaintedPath/normalizedPaths.js:219:10:219:33 | decodeU ... t(path) | enclosingFunctionName | app.get#functionalargument | -| autogenerated/TaintedPath/normalizedPaths.js:219:10:219:33 | decodeU ... t(path) | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:219:10:219:33 | decodeU ... t(path) | receiverName | | -| autogenerated/TaintedPath/normalizedPaths.js:219:10:219:33 | decodeU ... t(path) | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:221:56:221:59 | '..' | CalleeFlexibleAccessPath | path.startsWith | -| autogenerated/TaintedPath/normalizedPaths.js:221:56:221:59 | '..' | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:221:56:221:59 | '..' | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/normalizedPaths.js:221:56:221:59 | '..' | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:221:56:221:59 | '..' | calleeImports | | -| autogenerated/TaintedPath/normalizedPaths.js:221:56:221:59 | '..' | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:221:56:221:59 | '..' | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/normalizedPaths.js:221:56:221:59 | '..' | enclosingFunctionBody | req res path pathModule normalize req query path pathModule isAbsolute path path startsWith .. fs readFileSync path path decodeURIComponent path pathModule isAbsolute path path startsWith .. fs readFileSync path | -| autogenerated/TaintedPath/normalizedPaths.js:221:56:221:59 | '..' | enclosingFunctionName | app.get#functionalargument | -| autogenerated/TaintedPath/normalizedPaths.js:221:56:221:59 | '..' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:221:56:221:59 | '..' | receiverName | path | -| autogenerated/TaintedPath/normalizedPaths.js:221:56:221:59 | '..' | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:222:21:222:24 | path | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/normalizedPaths.js:222:21:222:24 | path | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:222:21:222:24 | path | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/normalizedPaths.js:222:21:222:24 | path | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:222:21:222:24 | path | calleeImports | fs | -| autogenerated/TaintedPath/normalizedPaths.js:222:21:222:24 | path | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:222:21:222:24 | path | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/normalizedPaths.js:222:21:222:24 | path | enclosingFunctionBody | req res path pathModule normalize req query path pathModule isAbsolute path path startsWith .. fs readFileSync path path decodeURIComponent path pathModule isAbsolute path path startsWith .. fs readFileSync path | -| autogenerated/TaintedPath/normalizedPaths.js:222:21:222:24 | path | enclosingFunctionName | app.get#functionalargument | -| autogenerated/TaintedPath/normalizedPaths.js:222:21:222:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:222:21:222:24 | path | receiverName | fs | -| autogenerated/TaintedPath/normalizedPaths.js:222:21:222:24 | path | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:225:9:225:18 | '/replace' | CalleeFlexibleAccessPath | app.get | -| autogenerated/TaintedPath/normalizedPaths.js:225:9:225:18 | '/replace' | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:225:9:225:18 | '/replace' | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/normalizedPaths.js:225:9:225:18 | '/replace' | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:225:9:225:18 | '/replace' | calleeImports | express | -| autogenerated/TaintedPath/normalizedPaths.js:225:9:225:18 | '/replace' | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:225:9:225:18 | '/replace' | contextSurroundingFunctionParameters | | -| autogenerated/TaintedPath/normalizedPaths.js:225:9:225:18 | '/replace' | enclosingFunctionBody | | -| autogenerated/TaintedPath/normalizedPaths.js:225:9:225:18 | '/replace' | enclosingFunctionName | | -| autogenerated/TaintedPath/normalizedPaths.js:225:9:225:18 | '/replace' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:225:9:225:18 | '/replace' | receiverName | app | -| autogenerated/TaintedPath/normalizedPaths.js:225:9:225:18 | '/replace' | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:225:21:233:1 | (req, r ... K\\n }\\n} | CalleeFlexibleAccessPath | app.get | -| autogenerated/TaintedPath/normalizedPaths.js:225:21:233:1 | (req, r ... K\\n }\\n} | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:225:21:233:1 | (req, r ... K\\n }\\n} | InputArgumentIndex | 1 | -| autogenerated/TaintedPath/normalizedPaths.js:225:21:233:1 | (req, r ... K\\n }\\n} | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:225:21:233:1 | (req, r ... K\\n }\\n} | calleeImports | express | -| autogenerated/TaintedPath/normalizedPaths.js:225:21:233:1 | (req, r ... K\\n }\\n} | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:225:21:233:1 | (req, r ... K\\n }\\n} | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/normalizedPaths.js:225:21:233:1 | (req, r ... K\\n }\\n} | enclosingFunctionBody | | -| autogenerated/TaintedPath/normalizedPaths.js:225:21:233:1 | (req, r ... K\\n }\\n} | enclosingFunctionName | | -| autogenerated/TaintedPath/normalizedPaths.js:225:21:233:1 | (req, r ... K\\n }\\n} | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:225:21:233:1 | (req, r ... K\\n }\\n} | receiverName | app | -| autogenerated/TaintedPath/normalizedPaths.js:225:21:233:1 | (req, r ... K\\n }\\n} | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:226:14:226:70 | pathMod ... g, ' ') | CalleeFlexibleAccessPath | | -| autogenerated/TaintedPath/normalizedPaths.js:226:14:226:70 | pathMod ... g, ' ') | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:226:14:226:70 | pathMod ... g, ' ') | InputArgumentIndex | | -| autogenerated/TaintedPath/normalizedPaths.js:226:14:226:70 | pathMod ... g, ' ') | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:226:14:226:70 | pathMod ... g, ' ') | calleeImports | | -| autogenerated/TaintedPath/normalizedPaths.js:226:14:226:70 | pathMod ... g, ' ') | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:226:14:226:70 | pathMod ... g, ' ') | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/normalizedPaths.js:226:14:226:70 | pathMod ... g, ' ') | enclosingFunctionBody | req res path pathModule normalize req query path replace /%20/g pathModule isAbsolute path fs readFileSync path path path replace /\\.\\./g fs readFileSync path | -| autogenerated/TaintedPath/normalizedPaths.js:226:14:226:70 | pathMod ... g, ' ') | enclosingFunctionName | app.get#functionalargument | -| autogenerated/TaintedPath/normalizedPaths.js:226:14:226:70 | pathMod ... g, ' ') | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:226:14:226:70 | pathMod ... g, ' ') | receiverName | | -| autogenerated/TaintedPath/normalizedPaths.js:226:14:226:70 | pathMod ... g, ' ') | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:228:21:228:24 | path | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/normalizedPaths.js:228:21:228:24 | path | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:228:21:228:24 | path | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/normalizedPaths.js:228:21:228:24 | path | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:228:21:228:24 | path | calleeImports | fs | -| autogenerated/TaintedPath/normalizedPaths.js:228:21:228:24 | path | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:228:21:228:24 | path | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/normalizedPaths.js:228:21:228:24 | path | enclosingFunctionBody | req res path pathModule normalize req query path replace /%20/g pathModule isAbsolute path fs readFileSync path path path replace /\\.\\./g fs readFileSync path | -| autogenerated/TaintedPath/normalizedPaths.js:228:21:228:24 | path | enclosingFunctionName | app.get#functionalargument | -| autogenerated/TaintedPath/normalizedPaths.js:228:21:228:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:228:21:228:24 | path | receiverName | fs | -| autogenerated/TaintedPath/normalizedPaths.js:228:21:228:24 | path | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:230:12:230:36 | path.re ... /g, '') | CalleeFlexibleAccessPath | | -| autogenerated/TaintedPath/normalizedPaths.js:230:12:230:36 | path.re ... /g, '') | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:230:12:230:36 | path.re ... /g, '') | InputArgumentIndex | | -| autogenerated/TaintedPath/normalizedPaths.js:230:12:230:36 | path.re ... /g, '') | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:230:12:230:36 | path.re ... /g, '') | calleeImports | | -| autogenerated/TaintedPath/normalizedPaths.js:230:12:230:36 | path.re ... /g, '') | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:230:12:230:36 | path.re ... /g, '') | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/normalizedPaths.js:230:12:230:36 | path.re ... /g, '') | enclosingFunctionBody | req res path pathModule normalize req query path replace /%20/g pathModule isAbsolute path fs readFileSync path path path replace /\\.\\./g fs readFileSync path | -| autogenerated/TaintedPath/normalizedPaths.js:230:12:230:36 | path.re ... /g, '') | enclosingFunctionName | app.get#functionalargument | -| autogenerated/TaintedPath/normalizedPaths.js:230:12:230:36 | path.re ... /g, '') | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:230:12:230:36 | path.re ... /g, '') | receiverName | | -| autogenerated/TaintedPath/normalizedPaths.js:230:12:230:36 | path.re ... /g, '') | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:231:21:231:24 | path | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/normalizedPaths.js:231:21:231:24 | path | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:231:21:231:24 | path | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/normalizedPaths.js:231:21:231:24 | path | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:231:21:231:24 | path | calleeImports | fs | -| autogenerated/TaintedPath/normalizedPaths.js:231:21:231:24 | path | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:231:21:231:24 | path | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/normalizedPaths.js:231:21:231:24 | path | enclosingFunctionBody | req res path pathModule normalize req query path replace /%20/g pathModule isAbsolute path fs readFileSync path path path replace /\\.\\./g fs readFileSync path | -| autogenerated/TaintedPath/normalizedPaths.js:231:21:231:24 | path | enclosingFunctionName | app.get#functionalargument | -| autogenerated/TaintedPath/normalizedPaths.js:231:21:231:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:231:21:231:24 | path | receiverName | fs | -| autogenerated/TaintedPath/normalizedPaths.js:231:21:231:24 | path | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:235:9:235:23 | '/resolve-path' | CalleeFlexibleAccessPath | app.get | -| autogenerated/TaintedPath/normalizedPaths.js:235:9:235:23 | '/resolve-path' | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:235:9:235:23 | '/resolve-path' | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/normalizedPaths.js:235:9:235:23 | '/resolve-path' | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:235:9:235:23 | '/resolve-path' | calleeImports | express | -| autogenerated/TaintedPath/normalizedPaths.js:235:9:235:23 | '/resolve-path' | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:235:9:235:23 | '/resolve-path' | contextSurroundingFunctionParameters | | -| autogenerated/TaintedPath/normalizedPaths.js:235:9:235:23 | '/resolve-path' | enclosingFunctionBody | | -| autogenerated/TaintedPath/normalizedPaths.js:235:9:235:23 | '/resolve-path' | enclosingFunctionName | | -| autogenerated/TaintedPath/normalizedPaths.js:235:9:235:23 | '/resolve-path' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:235:9:235:23 | '/resolve-path' | receiverName | app | -| autogenerated/TaintedPath/normalizedPaths.js:235:9:235:23 | '/resolve-path' | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:235:26:251:1 | (req, r ... arity\\n} | CalleeFlexibleAccessPath | app.get | -| autogenerated/TaintedPath/normalizedPaths.js:235:26:251:1 | (req, r ... arity\\n} | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:235:26:251:1 | (req, r ... arity\\n} | InputArgumentIndex | 1 | -| autogenerated/TaintedPath/normalizedPaths.js:235:26:251:1 | (req, r ... arity\\n} | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:235:26:251:1 | (req, r ... arity\\n} | calleeImports | express | -| autogenerated/TaintedPath/normalizedPaths.js:235:26:251:1 | (req, r ... arity\\n} | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:235:26:251:1 | (req, r ... arity\\n} | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/normalizedPaths.js:235:26:251:1 | (req, r ... arity\\n} | enclosingFunctionBody | | -| autogenerated/TaintedPath/normalizedPaths.js:235:26:251:1 | (req, r ... arity\\n} | enclosingFunctionName | | -| autogenerated/TaintedPath/normalizedPaths.js:235:26:251:1 | (req, r ... arity\\n} | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:235:26:251:1 | (req, r ... arity\\n} | receiverName | app | -| autogenerated/TaintedPath/normalizedPaths.js:235:26:251:1 | (req, r ... arity\\n} | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:236:14:236:47 | pathMod ... y.path) | CalleeFlexibleAccessPath | | -| autogenerated/TaintedPath/normalizedPaths.js:236:14:236:47 | pathMod ... y.path) | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:236:14:236:47 | pathMod ... y.path) | InputArgumentIndex | | -| autogenerated/TaintedPath/normalizedPaths.js:236:14:236:47 | pathMod ... y.path) | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:236:14:236:47 | pathMod ... y.path) | calleeImports | | -| autogenerated/TaintedPath/normalizedPaths.js:236:14:236:47 | pathMod ... y.path) | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:236:14:236:47 | pathMod ... y.path) | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/normalizedPaths.js:236:14:236:47 | pathMod ... y.path) | enclosingFunctionBody | req res path pathModule resolve req query path fs readFileSync path self something path substring 0 self dir length self dir fs readFileSync path fs readFileSync path path slice 0 self dir length self dir fs readFileSync path fs readFileSync path | -| autogenerated/TaintedPath/normalizedPaths.js:236:14:236:47 | pathMod ... y.path) | enclosingFunctionName | app.get#functionalargument | -| autogenerated/TaintedPath/normalizedPaths.js:236:14:236:47 | pathMod ... y.path) | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:236:14:236:47 | pathMod ... y.path) | receiverName | | -| autogenerated/TaintedPath/normalizedPaths.js:236:14:236:47 | pathMod ... y.path) | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:238:19:238:22 | path | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/normalizedPaths.js:238:19:238:22 | path | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:238:19:238:22 | path | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/normalizedPaths.js:238:19:238:22 | path | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:238:19:238:22 | path | calleeImports | fs | -| autogenerated/TaintedPath/normalizedPaths.js:238:19:238:22 | path | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:238:19:238:22 | path | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/normalizedPaths.js:238:19:238:22 | path | enclosingFunctionBody | req res path pathModule resolve req query path fs readFileSync path self something path substring 0 self dir length self dir fs readFileSync path fs readFileSync path path slice 0 self dir length self dir fs readFileSync path fs readFileSync path | -| autogenerated/TaintedPath/normalizedPaths.js:238:19:238:22 | path | enclosingFunctionName | app.get#functionalargument | -| autogenerated/TaintedPath/normalizedPaths.js:238:19:238:22 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:238:19:238:22 | path | receiverName | fs | -| autogenerated/TaintedPath/normalizedPaths.js:238:19:238:22 | path | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:242:22:242:22 | 0 | CalleeFlexibleAccessPath | path.substring | -| autogenerated/TaintedPath/normalizedPaths.js:242:22:242:22 | 0 | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:242:22:242:22 | 0 | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/normalizedPaths.js:242:22:242:22 | 0 | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:242:22:242:22 | 0 | calleeImports | path | -| autogenerated/TaintedPath/normalizedPaths.js:242:22:242:22 | 0 | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:242:22:242:22 | 0 | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/normalizedPaths.js:242:22:242:22 | 0 | enclosingFunctionBody | req res path pathModule resolve req query path fs readFileSync path self something path substring 0 self dir length self dir fs readFileSync path fs readFileSync path path slice 0 self dir length self dir fs readFileSync path fs readFileSync path | -| autogenerated/TaintedPath/normalizedPaths.js:242:22:242:22 | 0 | enclosingFunctionName | app.get#functionalargument | -| autogenerated/TaintedPath/normalizedPaths.js:242:22:242:22 | 0 | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:242:22:242:22 | 0 | receiverName | path | -| autogenerated/TaintedPath/normalizedPaths.js:242:22:242:22 | 0 | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:242:25:242:39 | self.dir.length | CalleeFlexibleAccessPath | path.substring | -| autogenerated/TaintedPath/normalizedPaths.js:242:25:242:39 | self.dir.length | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:242:25:242:39 | self.dir.length | InputArgumentIndex | 1 | -| autogenerated/TaintedPath/normalizedPaths.js:242:25:242:39 | self.dir.length | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:242:25:242:39 | self.dir.length | calleeImports | path | -| autogenerated/TaintedPath/normalizedPaths.js:242:25:242:39 | self.dir.length | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:242:25:242:39 | self.dir.length | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/normalizedPaths.js:242:25:242:39 | self.dir.length | enclosingFunctionBody | req res path pathModule resolve req query path fs readFileSync path self something path substring 0 self dir length self dir fs readFileSync path fs readFileSync path path slice 0 self dir length self dir fs readFileSync path fs readFileSync path | -| autogenerated/TaintedPath/normalizedPaths.js:242:25:242:39 | self.dir.length | enclosingFunctionName | app.get#functionalargument | -| autogenerated/TaintedPath/normalizedPaths.js:242:25:242:39 | self.dir.length | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:242:25:242:39 | self.dir.length | receiverName | path | -| autogenerated/TaintedPath/normalizedPaths.js:242:25:242:39 | self.dir.length | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:243:21:243:24 | path | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/normalizedPaths.js:243:21:243:24 | path | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:243:21:243:24 | path | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/normalizedPaths.js:243:21:243:24 | path | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:243:21:243:24 | path | calleeImports | fs | -| autogenerated/TaintedPath/normalizedPaths.js:243:21:243:24 | path | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:243:21:243:24 | path | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/normalizedPaths.js:243:21:243:24 | path | enclosingFunctionBody | req res path pathModule resolve req query path fs readFileSync path self something path substring 0 self dir length self dir fs readFileSync path fs readFileSync path path slice 0 self dir length self dir fs readFileSync path fs readFileSync path | -| autogenerated/TaintedPath/normalizedPaths.js:243:21:243:24 | path | enclosingFunctionName | app.get#functionalargument | -| autogenerated/TaintedPath/normalizedPaths.js:243:21:243:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:243:21:243:24 | path | receiverName | fs | -| autogenerated/TaintedPath/normalizedPaths.js:243:21:243:24 | path | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:245:21:245:24 | path | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/normalizedPaths.js:245:21:245:24 | path | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:245:21:245:24 | path | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/normalizedPaths.js:245:21:245:24 | path | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:245:21:245:24 | path | calleeImports | fs | -| autogenerated/TaintedPath/normalizedPaths.js:245:21:245:24 | path | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:245:21:245:24 | path | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/normalizedPaths.js:245:21:245:24 | path | enclosingFunctionBody | req res path pathModule resolve req query path fs readFileSync path self something path substring 0 self dir length self dir fs readFileSync path fs readFileSync path path slice 0 self dir length self dir fs readFileSync path fs readFileSync path | -| autogenerated/TaintedPath/normalizedPaths.js:245:21:245:24 | path | enclosingFunctionName | app.get#functionalargument | -| autogenerated/TaintedPath/normalizedPaths.js:245:21:245:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:245:21:245:24 | path | receiverName | fs | -| autogenerated/TaintedPath/normalizedPaths.js:245:21:245:24 | path | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:247:18:247:18 | 0 | CalleeFlexibleAccessPath | path.slice | -| autogenerated/TaintedPath/normalizedPaths.js:247:18:247:18 | 0 | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:247:18:247:18 | 0 | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/normalizedPaths.js:247:18:247:18 | 0 | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:247:18:247:18 | 0 | calleeImports | path | -| autogenerated/TaintedPath/normalizedPaths.js:247:18:247:18 | 0 | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:247:18:247:18 | 0 | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/normalizedPaths.js:247:18:247:18 | 0 | enclosingFunctionBody | req res path pathModule resolve req query path fs readFileSync path self something path substring 0 self dir length self dir fs readFileSync path fs readFileSync path path slice 0 self dir length self dir fs readFileSync path fs readFileSync path | -| autogenerated/TaintedPath/normalizedPaths.js:247:18:247:18 | 0 | enclosingFunctionName | app.get#functionalargument | -| autogenerated/TaintedPath/normalizedPaths.js:247:18:247:18 | 0 | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:247:18:247:18 | 0 | receiverName | path | -| autogenerated/TaintedPath/normalizedPaths.js:247:18:247:18 | 0 | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:247:21:247:35 | self.dir.length | CalleeFlexibleAccessPath | path.slice | -| autogenerated/TaintedPath/normalizedPaths.js:247:21:247:35 | self.dir.length | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:247:21:247:35 | self.dir.length | InputArgumentIndex | 1 | -| autogenerated/TaintedPath/normalizedPaths.js:247:21:247:35 | self.dir.length | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:247:21:247:35 | self.dir.length | calleeImports | path | -| autogenerated/TaintedPath/normalizedPaths.js:247:21:247:35 | self.dir.length | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:247:21:247:35 | self.dir.length | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/normalizedPaths.js:247:21:247:35 | self.dir.length | enclosingFunctionBody | req res path pathModule resolve req query path fs readFileSync path self something path substring 0 self dir length self dir fs readFileSync path fs readFileSync path path slice 0 self dir length self dir fs readFileSync path fs readFileSync path | -| autogenerated/TaintedPath/normalizedPaths.js:247:21:247:35 | self.dir.length | enclosingFunctionName | app.get#functionalargument | -| autogenerated/TaintedPath/normalizedPaths.js:247:21:247:35 | self.dir.length | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:247:21:247:35 | self.dir.length | receiverName | path | -| autogenerated/TaintedPath/normalizedPaths.js:247:21:247:35 | self.dir.length | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:248:21:248:24 | path | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/normalizedPaths.js:248:21:248:24 | path | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:248:21:248:24 | path | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/normalizedPaths.js:248:21:248:24 | path | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:248:21:248:24 | path | calleeImports | fs | -| autogenerated/TaintedPath/normalizedPaths.js:248:21:248:24 | path | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:248:21:248:24 | path | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/normalizedPaths.js:248:21:248:24 | path | enclosingFunctionBody | req res path pathModule resolve req query path fs readFileSync path self something path substring 0 self dir length self dir fs readFileSync path fs readFileSync path path slice 0 self dir length self dir fs readFileSync path fs readFileSync path | -| autogenerated/TaintedPath/normalizedPaths.js:248:21:248:24 | path | enclosingFunctionName | app.get#functionalargument | -| autogenerated/TaintedPath/normalizedPaths.js:248:21:248:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:248:21:248:24 | path | receiverName | fs | -| autogenerated/TaintedPath/normalizedPaths.js:248:21:248:24 | path | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:250:21:250:24 | path | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/normalizedPaths.js:250:21:250:24 | path | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:250:21:250:24 | path | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/normalizedPaths.js:250:21:250:24 | path | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:250:21:250:24 | path | calleeImports | fs | -| autogenerated/TaintedPath/normalizedPaths.js:250:21:250:24 | path | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:250:21:250:24 | path | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/normalizedPaths.js:250:21:250:24 | path | enclosingFunctionBody | req res path pathModule resolve req query path fs readFileSync path self something path substring 0 self dir length self dir fs readFileSync path fs readFileSync path path slice 0 self dir length self dir fs readFileSync path fs readFileSync path | -| autogenerated/TaintedPath/normalizedPaths.js:250:21:250:24 | path | enclosingFunctionName | app.get#functionalargument | -| autogenerated/TaintedPath/normalizedPaths.js:250:21:250:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:250:21:250:24 | path | receiverName | fs | -| autogenerated/TaintedPath/normalizedPaths.js:250:21:250:24 | path | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:253:9:253:30 | '/relat ... tswith' | CalleeFlexibleAccessPath | app.get | -| autogenerated/TaintedPath/normalizedPaths.js:253:9:253:30 | '/relat ... tswith' | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:253:9:253:30 | '/relat ... tswith' | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/normalizedPaths.js:253:9:253:30 | '/relat ... tswith' | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:253:9:253:30 | '/relat ... tswith' | calleeImports | express | -| autogenerated/TaintedPath/normalizedPaths.js:253:9:253:30 | '/relat ... tswith' | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:253:9:253:30 | '/relat ... tswith' | contextSurroundingFunctionParameters | | -| autogenerated/TaintedPath/normalizedPaths.js:253:9:253:30 | '/relat ... tswith' | enclosingFunctionBody | | -| autogenerated/TaintedPath/normalizedPaths.js:253:9:253:30 | '/relat ... tswith' | enclosingFunctionName | | -| autogenerated/TaintedPath/normalizedPaths.js:253:9:253:30 | '/relat ... tswith' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:253:9:253:30 | '/relat ... tswith' | receiverName | app | -| autogenerated/TaintedPath/normalizedPaths.js:253:9:253:30 | '/relat ... tswith' | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:253:33:298:1 | (req, r ... \\n }\\n} | CalleeFlexibleAccessPath | app.get | -| autogenerated/TaintedPath/normalizedPaths.js:253:33:298:1 | (req, r ... \\n }\\n} | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:253:33:298:1 | (req, r ... \\n }\\n} | InputArgumentIndex | 1 | -| autogenerated/TaintedPath/normalizedPaths.js:253:33:298:1 | (req, r ... \\n }\\n} | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:253:33:298:1 | (req, r ... \\n }\\n} | calleeImports | express | -| autogenerated/TaintedPath/normalizedPaths.js:253:33:298:1 | (req, r ... \\n }\\n} | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:253:33:298:1 | (req, r ... \\n }\\n} | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/normalizedPaths.js:253:33:298:1 | (req, r ... \\n }\\n} | enclosingFunctionBody | | -| autogenerated/TaintedPath/normalizedPaths.js:253:33:298:1 | (req, r ... \\n }\\n} | enclosingFunctionName | | -| autogenerated/TaintedPath/normalizedPaths.js:253:33:298:1 | (req, r ... \\n }\\n} | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:253:33:298:1 | (req, r ... \\n }\\n} | receiverName | app | -| autogenerated/TaintedPath/normalizedPaths.js:253:33:298:1 | (req, r ... \\n }\\n} | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:254:14:254:47 | pathMod ... y.path) | CalleeFlexibleAccessPath | | -| autogenerated/TaintedPath/normalizedPaths.js:254:14:254:47 | pathMod ... y.path) | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:254:14:254:47 | pathMod ... y.path) | InputArgumentIndex | | -| autogenerated/TaintedPath/normalizedPaths.js:254:14:254:47 | pathMod ... y.path) | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:254:14:254:47 | pathMod ... y.path) | calleeImports | | -| autogenerated/TaintedPath/normalizedPaths.js:254:14:254:47 | pathMod ... y.path) | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:254:14:254:47 | pathMod ... y.path) | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/normalizedPaths.js:254:14:254:47 | pathMod ... y.path) | enclosingFunctionBody | req res path pathModule resolve req query path fs readFileSync path self something relative pathModule relative self webroot path relative startsWith .. pathModule sep relative .. fs readFileSync path fs readFileSync path newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath relativePath indexOf .. pathModule sep 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath relativePath indexOf ../ 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath pathModule normalize relativePath indexOf ../ 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath pathModule normalize relativePath indexOf ../ fs readFileSync newpath fs readFileSync newpath | -| autogenerated/TaintedPath/normalizedPaths.js:254:14:254:47 | pathMod ... y.path) | enclosingFunctionName | app.get#functionalargument | -| autogenerated/TaintedPath/normalizedPaths.js:254:14:254:47 | pathMod ... y.path) | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:254:14:254:47 | pathMod ... y.path) | receiverName | | -| autogenerated/TaintedPath/normalizedPaths.js:254:14:254:47 | pathMod ... y.path) | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:256:19:256:22 | path | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/normalizedPaths.js:256:19:256:22 | path | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:256:19:256:22 | path | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/normalizedPaths.js:256:19:256:22 | path | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:256:19:256:22 | path | calleeImports | fs | -| autogenerated/TaintedPath/normalizedPaths.js:256:19:256:22 | path | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:256:19:256:22 | path | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/normalizedPaths.js:256:19:256:22 | path | enclosingFunctionBody | req res path pathModule resolve req query path fs readFileSync path self something relative pathModule relative self webroot path relative startsWith .. pathModule sep relative .. fs readFileSync path fs readFileSync path newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath relativePath indexOf .. pathModule sep 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath relativePath indexOf ../ 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath pathModule normalize relativePath indexOf ../ 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath pathModule normalize relativePath indexOf ../ fs readFileSync newpath fs readFileSync newpath | -| autogenerated/TaintedPath/normalizedPaths.js:256:19:256:22 | path | enclosingFunctionName | app.get#functionalargument | -| autogenerated/TaintedPath/normalizedPaths.js:256:19:256:22 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:256:19:256:22 | path | receiverName | fs | -| autogenerated/TaintedPath/normalizedPaths.js:256:19:256:22 | path | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:261:26:261:46 | ".." + ... ule.sep | CalleeFlexibleAccessPath | relative.startsWith | -| autogenerated/TaintedPath/normalizedPaths.js:261:26:261:46 | ".." + ... ule.sep | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:261:26:261:46 | ".." + ... ule.sep | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/normalizedPaths.js:261:26:261:46 | ".." + ... ule.sep | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:261:26:261:46 | ".." + ... ule.sep | calleeImports | path | -| autogenerated/TaintedPath/normalizedPaths.js:261:26:261:46 | ".." + ... ule.sep | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:261:26:261:46 | ".." + ... ule.sep | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/normalizedPaths.js:261:26:261:46 | ".." + ... ule.sep | enclosingFunctionBody | req res path pathModule resolve req query path fs readFileSync path self something relative pathModule relative self webroot path relative startsWith .. pathModule sep relative .. fs readFileSync path fs readFileSync path newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath relativePath indexOf .. pathModule sep 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath relativePath indexOf ../ 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath pathModule normalize relativePath indexOf ../ 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath pathModule normalize relativePath indexOf ../ fs readFileSync newpath fs readFileSync newpath | -| autogenerated/TaintedPath/normalizedPaths.js:261:26:261:46 | ".." + ... ule.sep | enclosingFunctionName | app.get#functionalargument | -| autogenerated/TaintedPath/normalizedPaths.js:261:26:261:46 | ".." + ... ule.sep | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:261:26:261:46 | ".." + ... ule.sep | receiverName | relative | -| autogenerated/TaintedPath/normalizedPaths.js:261:26:261:46 | ".." + ... ule.sep | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:262:21:262:24 | path | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/normalizedPaths.js:262:21:262:24 | path | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:262:21:262:24 | path | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/normalizedPaths.js:262:21:262:24 | path | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:262:21:262:24 | path | calleeImports | fs | -| autogenerated/TaintedPath/normalizedPaths.js:262:21:262:24 | path | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:262:21:262:24 | path | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/normalizedPaths.js:262:21:262:24 | path | enclosingFunctionBody | req res path pathModule resolve req query path fs readFileSync path self something relative pathModule relative self webroot path relative startsWith .. pathModule sep relative .. fs readFileSync path fs readFileSync path newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath relativePath indexOf .. pathModule sep 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath relativePath indexOf ../ 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath pathModule normalize relativePath indexOf ../ 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath pathModule normalize relativePath indexOf ../ fs readFileSync newpath fs readFileSync newpath | -| autogenerated/TaintedPath/normalizedPaths.js:262:21:262:24 | path | enclosingFunctionName | app.get#functionalargument | -| autogenerated/TaintedPath/normalizedPaths.js:262:21:262:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:262:21:262:24 | path | receiverName | fs | -| autogenerated/TaintedPath/normalizedPaths.js:262:21:262:24 | path | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:264:21:264:24 | path | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/normalizedPaths.js:264:21:264:24 | path | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:264:21:264:24 | path | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/normalizedPaths.js:264:21:264:24 | path | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:264:21:264:24 | path | calleeImports | fs | -| autogenerated/TaintedPath/normalizedPaths.js:264:21:264:24 | path | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:264:21:264:24 | path | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/normalizedPaths.js:264:21:264:24 | path | enclosingFunctionBody | req res path pathModule resolve req query path fs readFileSync path self something relative pathModule relative self webroot path relative startsWith .. pathModule sep relative .. fs readFileSync path fs readFileSync path newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath relativePath indexOf .. pathModule sep 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath relativePath indexOf ../ 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath pathModule normalize relativePath indexOf ../ 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath pathModule normalize relativePath indexOf ../ fs readFileSync newpath fs readFileSync newpath | -| autogenerated/TaintedPath/normalizedPaths.js:264:21:264:24 | path | enclosingFunctionName | app.get#functionalargument | -| autogenerated/TaintedPath/normalizedPaths.js:264:21:264:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:264:21:264:24 | path | receiverName | fs | -| autogenerated/TaintedPath/normalizedPaths.js:264:21:264:24 | path | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:269:28:269:48 | '..' + ... ule.sep | CalleeFlexibleAccessPath | relativePath.indexOf | -| autogenerated/TaintedPath/normalizedPaths.js:269:28:269:48 | '..' + ... ule.sep | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:269:28:269:48 | '..' + ... ule.sep | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/normalizedPaths.js:269:28:269:48 | '..' + ... ule.sep | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:269:28:269:48 | '..' + ... ule.sep | calleeImports | path | -| autogenerated/TaintedPath/normalizedPaths.js:269:28:269:48 | '..' + ... ule.sep | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:269:28:269:48 | '..' + ... ule.sep | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/normalizedPaths.js:269:28:269:48 | '..' + ... ule.sep | enclosingFunctionBody | req res path pathModule resolve req query path fs readFileSync path self something relative pathModule relative self webroot path relative startsWith .. pathModule sep relative .. fs readFileSync path fs readFileSync path newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath relativePath indexOf .. pathModule sep 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath relativePath indexOf ../ 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath pathModule normalize relativePath indexOf ../ 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath pathModule normalize relativePath indexOf ../ fs readFileSync newpath fs readFileSync newpath | -| autogenerated/TaintedPath/normalizedPaths.js:269:28:269:48 | '..' + ... ule.sep | enclosingFunctionName | app.get#functionalargument | -| autogenerated/TaintedPath/normalizedPaths.js:269:28:269:48 | '..' + ... ule.sep | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:269:28:269:48 | '..' + ... ule.sep | receiverName | relativePath | -| autogenerated/TaintedPath/normalizedPaths.js:269:28:269:48 | '..' + ... ule.sep | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:270:21:270:27 | newpath | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/normalizedPaths.js:270:21:270:27 | newpath | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:270:21:270:27 | newpath | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/normalizedPaths.js:270:21:270:27 | newpath | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:270:21:270:27 | newpath | calleeImports | fs | -| autogenerated/TaintedPath/normalizedPaths.js:270:21:270:27 | newpath | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:270:21:270:27 | newpath | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/normalizedPaths.js:270:21:270:27 | newpath | enclosingFunctionBody | req res path pathModule resolve req query path fs readFileSync path self something relative pathModule relative self webroot path relative startsWith .. pathModule sep relative .. fs readFileSync path fs readFileSync path newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath relativePath indexOf .. pathModule sep 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath relativePath indexOf ../ 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath pathModule normalize relativePath indexOf ../ 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath pathModule normalize relativePath indexOf ../ fs readFileSync newpath fs readFileSync newpath | -| autogenerated/TaintedPath/normalizedPaths.js:270:21:270:27 | newpath | enclosingFunctionName | app.get#functionalargument | -| autogenerated/TaintedPath/normalizedPaths.js:270:21:270:27 | newpath | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:270:21:270:27 | newpath | receiverName | fs | -| autogenerated/TaintedPath/normalizedPaths.js:270:21:270:27 | newpath | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:272:21:272:27 | newpath | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/normalizedPaths.js:272:21:272:27 | newpath | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:272:21:272:27 | newpath | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/normalizedPaths.js:272:21:272:27 | newpath | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:272:21:272:27 | newpath | calleeImports | fs | -| autogenerated/TaintedPath/normalizedPaths.js:272:21:272:27 | newpath | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:272:21:272:27 | newpath | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/normalizedPaths.js:272:21:272:27 | newpath | enclosingFunctionBody | req res path pathModule resolve req query path fs readFileSync path self something relative pathModule relative self webroot path relative startsWith .. pathModule sep relative .. fs readFileSync path fs readFileSync path newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath relativePath indexOf .. pathModule sep 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath relativePath indexOf ../ 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath pathModule normalize relativePath indexOf ../ 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath pathModule normalize relativePath indexOf ../ fs readFileSync newpath fs readFileSync newpath | -| autogenerated/TaintedPath/normalizedPaths.js:272:21:272:27 | newpath | enclosingFunctionName | app.get#functionalargument | -| autogenerated/TaintedPath/normalizedPaths.js:272:21:272:27 | newpath | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:272:21:272:27 | newpath | receiverName | fs | -| autogenerated/TaintedPath/normalizedPaths.js:272:21:272:27 | newpath | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:277:28:277:32 | '../' | CalleeFlexibleAccessPath | relativePath.indexOf | -| autogenerated/TaintedPath/normalizedPaths.js:277:28:277:32 | '../' | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:277:28:277:32 | '../' | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/normalizedPaths.js:277:28:277:32 | '../' | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:277:28:277:32 | '../' | calleeImports | path | -| autogenerated/TaintedPath/normalizedPaths.js:277:28:277:32 | '../' | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:277:28:277:32 | '../' | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/normalizedPaths.js:277:28:277:32 | '../' | enclosingFunctionBody | req res path pathModule resolve req query path fs readFileSync path self something relative pathModule relative self webroot path relative startsWith .. pathModule sep relative .. fs readFileSync path fs readFileSync path newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath relativePath indexOf .. pathModule sep 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath relativePath indexOf ../ 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath pathModule normalize relativePath indexOf ../ 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath pathModule normalize relativePath indexOf ../ fs readFileSync newpath fs readFileSync newpath | -| autogenerated/TaintedPath/normalizedPaths.js:277:28:277:32 | '../' | enclosingFunctionName | app.get#functionalargument | -| autogenerated/TaintedPath/normalizedPaths.js:277:28:277:32 | '../' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:277:28:277:32 | '../' | receiverName | relativePath | -| autogenerated/TaintedPath/normalizedPaths.js:277:28:277:32 | '../' | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:278:21:278:27 | newpath | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/normalizedPaths.js:278:21:278:27 | newpath | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:278:21:278:27 | newpath | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/normalizedPaths.js:278:21:278:27 | newpath | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:278:21:278:27 | newpath | calleeImports | fs | -| autogenerated/TaintedPath/normalizedPaths.js:278:21:278:27 | newpath | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:278:21:278:27 | newpath | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/normalizedPaths.js:278:21:278:27 | newpath | enclosingFunctionBody | req res path pathModule resolve req query path fs readFileSync path self something relative pathModule relative self webroot path relative startsWith .. pathModule sep relative .. fs readFileSync path fs readFileSync path newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath relativePath indexOf .. pathModule sep 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath relativePath indexOf ../ 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath pathModule normalize relativePath indexOf ../ 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath pathModule normalize relativePath indexOf ../ fs readFileSync newpath fs readFileSync newpath | -| autogenerated/TaintedPath/normalizedPaths.js:278:21:278:27 | newpath | enclosingFunctionName | app.get#functionalargument | -| autogenerated/TaintedPath/normalizedPaths.js:278:21:278:27 | newpath | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:278:21:278:27 | newpath | receiverName | fs | -| autogenerated/TaintedPath/normalizedPaths.js:278:21:278:27 | newpath | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:280:21:280:27 | newpath | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/normalizedPaths.js:280:21:280:27 | newpath | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:280:21:280:27 | newpath | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/normalizedPaths.js:280:21:280:27 | newpath | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:280:21:280:27 | newpath | calleeImports | fs | -| autogenerated/TaintedPath/normalizedPaths.js:280:21:280:27 | newpath | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:280:21:280:27 | newpath | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/normalizedPaths.js:280:21:280:27 | newpath | enclosingFunctionBody | req res path pathModule resolve req query path fs readFileSync path self something relative pathModule relative self webroot path relative startsWith .. pathModule sep relative .. fs readFileSync path fs readFileSync path newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath relativePath indexOf .. pathModule sep 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath relativePath indexOf ../ 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath pathModule normalize relativePath indexOf ../ 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath pathModule normalize relativePath indexOf ../ fs readFileSync newpath fs readFileSync newpath | -| autogenerated/TaintedPath/normalizedPaths.js:280:21:280:27 | newpath | enclosingFunctionName | app.get#functionalargument | -| autogenerated/TaintedPath/normalizedPaths.js:280:21:280:27 | newpath | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:280:21:280:27 | newpath | receiverName | fs | -| autogenerated/TaintedPath/normalizedPaths.js:280:21:280:27 | newpath | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:285:50:285:54 | '../' | CalleeFlexibleAccessPath | pathModule.normalize().indexOf | -| autogenerated/TaintedPath/normalizedPaths.js:285:50:285:54 | '../' | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:285:50:285:54 | '../' | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/normalizedPaths.js:285:50:285:54 | '../' | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:285:50:285:54 | '../' | calleeImports | path | -| autogenerated/TaintedPath/normalizedPaths.js:285:50:285:54 | '../' | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:285:50:285:54 | '../' | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/normalizedPaths.js:285:50:285:54 | '../' | enclosingFunctionBody | req res path pathModule resolve req query path fs readFileSync path self something relative pathModule relative self webroot path relative startsWith .. pathModule sep relative .. fs readFileSync path fs readFileSync path newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath relativePath indexOf .. pathModule sep 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath relativePath indexOf ../ 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath pathModule normalize relativePath indexOf ../ 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath pathModule normalize relativePath indexOf ../ fs readFileSync newpath fs readFileSync newpath | -| autogenerated/TaintedPath/normalizedPaths.js:285:50:285:54 | '../' | enclosingFunctionName | app.get#functionalargument | -| autogenerated/TaintedPath/normalizedPaths.js:285:50:285:54 | '../' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:285:50:285:54 | '../' | receiverName | | -| autogenerated/TaintedPath/normalizedPaths.js:285:50:285:54 | '../' | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:286:21:286:27 | newpath | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/normalizedPaths.js:286:21:286:27 | newpath | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:286:21:286:27 | newpath | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/normalizedPaths.js:286:21:286:27 | newpath | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:286:21:286:27 | newpath | calleeImports | fs | -| autogenerated/TaintedPath/normalizedPaths.js:286:21:286:27 | newpath | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:286:21:286:27 | newpath | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/normalizedPaths.js:286:21:286:27 | newpath | enclosingFunctionBody | req res path pathModule resolve req query path fs readFileSync path self something relative pathModule relative self webroot path relative startsWith .. pathModule sep relative .. fs readFileSync path fs readFileSync path newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath relativePath indexOf .. pathModule sep 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath relativePath indexOf ../ 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath pathModule normalize relativePath indexOf ../ 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath pathModule normalize relativePath indexOf ../ fs readFileSync newpath fs readFileSync newpath | -| autogenerated/TaintedPath/normalizedPaths.js:286:21:286:27 | newpath | enclosingFunctionName | app.get#functionalargument | -| autogenerated/TaintedPath/normalizedPaths.js:286:21:286:27 | newpath | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:286:21:286:27 | newpath | receiverName | fs | -| autogenerated/TaintedPath/normalizedPaths.js:286:21:286:27 | newpath | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:288:21:288:27 | newpath | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/normalizedPaths.js:288:21:288:27 | newpath | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:288:21:288:27 | newpath | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/normalizedPaths.js:288:21:288:27 | newpath | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:288:21:288:27 | newpath | calleeImports | fs | -| autogenerated/TaintedPath/normalizedPaths.js:288:21:288:27 | newpath | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:288:21:288:27 | newpath | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/normalizedPaths.js:288:21:288:27 | newpath | enclosingFunctionBody | req res path pathModule resolve req query path fs readFileSync path self something relative pathModule relative self webroot path relative startsWith .. pathModule sep relative .. fs readFileSync path fs readFileSync path newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath relativePath indexOf .. pathModule sep 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath relativePath indexOf ../ 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath pathModule normalize relativePath indexOf ../ 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath pathModule normalize relativePath indexOf ../ fs readFileSync newpath fs readFileSync newpath | -| autogenerated/TaintedPath/normalizedPaths.js:288:21:288:27 | newpath | enclosingFunctionName | app.get#functionalargument | -| autogenerated/TaintedPath/normalizedPaths.js:288:21:288:27 | newpath | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:288:21:288:27 | newpath | receiverName | fs | -| autogenerated/TaintedPath/normalizedPaths.js:288:21:288:27 | newpath | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:293:50:293:54 | '../' | CalleeFlexibleAccessPath | pathModule.normalize().indexOf | -| autogenerated/TaintedPath/normalizedPaths.js:293:50:293:54 | '../' | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:293:50:293:54 | '../' | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/normalizedPaths.js:293:50:293:54 | '../' | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:293:50:293:54 | '../' | calleeImports | path | -| autogenerated/TaintedPath/normalizedPaths.js:293:50:293:54 | '../' | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:293:50:293:54 | '../' | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/normalizedPaths.js:293:50:293:54 | '../' | enclosingFunctionBody | req res path pathModule resolve req query path fs readFileSync path self something relative pathModule relative self webroot path relative startsWith .. pathModule sep relative .. fs readFileSync path fs readFileSync path newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath relativePath indexOf .. pathModule sep 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath relativePath indexOf ../ 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath pathModule normalize relativePath indexOf ../ 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath pathModule normalize relativePath indexOf ../ fs readFileSync newpath fs readFileSync newpath | -| autogenerated/TaintedPath/normalizedPaths.js:293:50:293:54 | '../' | enclosingFunctionName | app.get#functionalargument | -| autogenerated/TaintedPath/normalizedPaths.js:293:50:293:54 | '../' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:293:50:293:54 | '../' | receiverName | | -| autogenerated/TaintedPath/normalizedPaths.js:293:50:293:54 | '../' | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:294:21:294:27 | newpath | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/normalizedPaths.js:294:21:294:27 | newpath | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:294:21:294:27 | newpath | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/normalizedPaths.js:294:21:294:27 | newpath | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:294:21:294:27 | newpath | calleeImports | fs | -| autogenerated/TaintedPath/normalizedPaths.js:294:21:294:27 | newpath | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:294:21:294:27 | newpath | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/normalizedPaths.js:294:21:294:27 | newpath | enclosingFunctionBody | req res path pathModule resolve req query path fs readFileSync path self something relative pathModule relative self webroot path relative startsWith .. pathModule sep relative .. fs readFileSync path fs readFileSync path newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath relativePath indexOf .. pathModule sep 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath relativePath indexOf ../ 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath pathModule normalize relativePath indexOf ../ 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath pathModule normalize relativePath indexOf ../ fs readFileSync newpath fs readFileSync newpath | -| autogenerated/TaintedPath/normalizedPaths.js:294:21:294:27 | newpath | enclosingFunctionName | app.get#functionalargument | -| autogenerated/TaintedPath/normalizedPaths.js:294:21:294:27 | newpath | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:294:21:294:27 | newpath | receiverName | fs | -| autogenerated/TaintedPath/normalizedPaths.js:294:21:294:27 | newpath | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:296:21:296:27 | newpath | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/normalizedPaths.js:296:21:296:27 | newpath | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:296:21:296:27 | newpath | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/normalizedPaths.js:296:21:296:27 | newpath | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:296:21:296:27 | newpath | calleeImports | fs | -| autogenerated/TaintedPath/normalizedPaths.js:296:21:296:27 | newpath | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:296:21:296:27 | newpath | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/normalizedPaths.js:296:21:296:27 | newpath | enclosingFunctionBody | req res path pathModule resolve req query path fs readFileSync path self something relative pathModule relative self webroot path relative startsWith .. pathModule sep relative .. fs readFileSync path fs readFileSync path newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath relativePath indexOf .. pathModule sep 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath relativePath indexOf ../ 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath pathModule normalize relativePath indexOf ../ 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath pathModule normalize relativePath indexOf ../ fs readFileSync newpath fs readFileSync newpath | -| autogenerated/TaintedPath/normalizedPaths.js:296:21:296:27 | newpath | enclosingFunctionName | app.get#functionalargument | -| autogenerated/TaintedPath/normalizedPaths.js:296:21:296:27 | newpath | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:296:21:296:27 | newpath | receiverName | fs | -| autogenerated/TaintedPath/normalizedPaths.js:296:21:296:27 | newpath | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:300:28:300:43 | "is-path-inside" | CalleeFlexibleAccessPath | require | -| autogenerated/TaintedPath/normalizedPaths.js:300:28:300:43 | "is-path-inside" | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:300:28:300:43 | "is-path-inside" | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/normalizedPaths.js:300:28:300:43 | "is-path-inside" | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:300:28:300:43 | "is-path-inside" | calleeImports | | -| autogenerated/TaintedPath/normalizedPaths.js:300:28:300:43 | "is-path-inside" | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:300:28:300:43 | "is-path-inside" | contextSurroundingFunctionParameters | | -| autogenerated/TaintedPath/normalizedPaths.js:300:28:300:43 | "is-path-inside" | enclosingFunctionBody | | -| autogenerated/TaintedPath/normalizedPaths.js:300:28:300:43 | "is-path-inside" | enclosingFunctionName | | -| autogenerated/TaintedPath/normalizedPaths.js:300:28:300:43 | "is-path-inside" | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:300:28:300:43 | "is-path-inside" | receiverName | | -| autogenerated/TaintedPath/normalizedPaths.js:300:28:300:43 | "is-path-inside" | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:301:28:301:43 | "path-is-inside" | CalleeFlexibleAccessPath | require | -| autogenerated/TaintedPath/normalizedPaths.js:301:28:301:43 | "path-is-inside" | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:301:28:301:43 | "path-is-inside" | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/normalizedPaths.js:301:28:301:43 | "path-is-inside" | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:301:28:301:43 | "path-is-inside" | calleeImports | | -| autogenerated/TaintedPath/normalizedPaths.js:301:28:301:43 | "path-is-inside" | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:301:28:301:43 | "path-is-inside" | contextSurroundingFunctionParameters | | -| autogenerated/TaintedPath/normalizedPaths.js:301:28:301:43 | "path-is-inside" | enclosingFunctionBody | | -| autogenerated/TaintedPath/normalizedPaths.js:301:28:301:43 | "path-is-inside" | enclosingFunctionName | | -| autogenerated/TaintedPath/normalizedPaths.js:301:28:301:43 | "path-is-inside" | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:301:28:301:43 | "path-is-inside" | receiverName | | -| autogenerated/TaintedPath/normalizedPaths.js:301:28:301:43 | "path-is-inside" | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:302:9:302:32 | '/pseud ... ations' | CalleeFlexibleAccessPath | app.get | -| autogenerated/TaintedPath/normalizedPaths.js:302:9:302:32 | '/pseud ... ations' | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:302:9:302:32 | '/pseud ... ations' | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/normalizedPaths.js:302:9:302:32 | '/pseud ... ations' | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:302:9:302:32 | '/pseud ... ations' | calleeImports | express | -| autogenerated/TaintedPath/normalizedPaths.js:302:9:302:32 | '/pseud ... ations' | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:302:9:302:32 | '/pseud ... ations' | contextSurroundingFunctionParameters | | -| autogenerated/TaintedPath/normalizedPaths.js:302:9:302:32 | '/pseud ... ations' | enclosingFunctionBody | | -| autogenerated/TaintedPath/normalizedPaths.js:302:9:302:32 | '/pseud ... ations' | enclosingFunctionName | | -| autogenerated/TaintedPath/normalizedPaths.js:302:9:302:32 | '/pseud ... ations' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:302:9:302:32 | '/pseud ... ations' | receiverName | app | -| autogenerated/TaintedPath/normalizedPaths.js:302:9:302:32 | '/pseud ... ations' | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:302:35:336:1 | (req, r ... \\n\\n\\t}\\n\\n} | CalleeFlexibleAccessPath | app.get | -| autogenerated/TaintedPath/normalizedPaths.js:302:35:336:1 | (req, r ... \\n\\n\\t}\\n\\n} | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:302:35:336:1 | (req, r ... \\n\\n\\t}\\n\\n} | InputArgumentIndex | 1 | -| autogenerated/TaintedPath/normalizedPaths.js:302:35:336:1 | (req, r ... \\n\\n\\t}\\n\\n} | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:302:35:336:1 | (req, r ... \\n\\n\\t}\\n\\n} | calleeImports | express | -| autogenerated/TaintedPath/normalizedPaths.js:302:35:336:1 | (req, r ... \\n\\n\\t}\\n\\n} | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:302:35:336:1 | (req, r ... \\n\\n\\t}\\n\\n} | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/normalizedPaths.js:302:35:336:1 | (req, r ... \\n\\n\\t}\\n\\n} | enclosingFunctionBody | | -| autogenerated/TaintedPath/normalizedPaths.js:302:35:336:1 | (req, r ... \\n\\n\\t}\\n\\n} | enclosingFunctionName | | -| autogenerated/TaintedPath/normalizedPaths.js:302:35:336:1 | (req, r ... \\n\\n\\t}\\n\\n} | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:302:35:336:1 | (req, r ... \\n\\n\\t}\\n\\n} | receiverName | app | -| autogenerated/TaintedPath/normalizedPaths.js:302:35:336:1 | (req, r ... \\n\\n\\t}\\n\\n} | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:304:18:304:21 | path | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/normalizedPaths.js:304:18:304:21 | path | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:304:18:304:21 | path | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/normalizedPaths.js:304:18:304:21 | path | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:304:18:304:21 | path | calleeImports | fs | -| autogenerated/TaintedPath/normalizedPaths.js:304:18:304:21 | path | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:304:18:304:21 | path | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/normalizedPaths.js:304:18:304:21 | path | enclosingFunctionBody | req res path req query path fs readFileSync path isPathInside path SAFE fs readFileSync path fs readFileSync path pathIsInside path SAFE fs readFileSync path fs readFileSync path normalizedPath pathModule join SAFE path pathIsInside normalizedPath SAFE fs readFileSync normalizedPath fs readFileSync normalizedPath pathIsInside normalizedPath SAFE fs readFileSync normalizedPath fs readFileSync normalizedPath | -| autogenerated/TaintedPath/normalizedPaths.js:304:18:304:21 | path | enclosingFunctionName | app.get#functionalargument | -| autogenerated/TaintedPath/normalizedPaths.js:304:18:304:21 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:304:18:304:21 | path | receiverName | fs | -| autogenerated/TaintedPath/normalizedPaths.js:304:18:304:21 | path | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:306:19:306:22 | path | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/normalizedPaths.js:306:19:306:22 | path | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:306:19:306:22 | path | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/normalizedPaths.js:306:19:306:22 | path | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:306:19:306:22 | path | calleeImports | fs | -| autogenerated/TaintedPath/normalizedPaths.js:306:19:306:22 | path | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:306:19:306:22 | path | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/normalizedPaths.js:306:19:306:22 | path | enclosingFunctionBody | req res path req query path fs readFileSync path isPathInside path SAFE fs readFileSync path fs readFileSync path pathIsInside path SAFE fs readFileSync path fs readFileSync path normalizedPath pathModule join SAFE path pathIsInside normalizedPath SAFE fs readFileSync normalizedPath fs readFileSync normalizedPath pathIsInside normalizedPath SAFE fs readFileSync normalizedPath fs readFileSync normalizedPath | -| autogenerated/TaintedPath/normalizedPaths.js:306:19:306:22 | path | enclosingFunctionName | app.get#functionalargument | -| autogenerated/TaintedPath/normalizedPaths.js:306:19:306:22 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:306:19:306:22 | path | receiverName | fs | -| autogenerated/TaintedPath/normalizedPaths.js:306:19:306:22 | path | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:309:19:309:22 | path | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/normalizedPaths.js:309:19:309:22 | path | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:309:19:309:22 | path | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/normalizedPaths.js:309:19:309:22 | path | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:309:19:309:22 | path | calleeImports | fs | -| autogenerated/TaintedPath/normalizedPaths.js:309:19:309:22 | path | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:309:19:309:22 | path | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/normalizedPaths.js:309:19:309:22 | path | enclosingFunctionBody | req res path req query path fs readFileSync path isPathInside path SAFE fs readFileSync path fs readFileSync path pathIsInside path SAFE fs readFileSync path fs readFileSync path normalizedPath pathModule join SAFE path pathIsInside normalizedPath SAFE fs readFileSync normalizedPath fs readFileSync normalizedPath pathIsInside normalizedPath SAFE fs readFileSync normalizedPath fs readFileSync normalizedPath | -| autogenerated/TaintedPath/normalizedPaths.js:309:19:309:22 | path | enclosingFunctionName | app.get#functionalargument | -| autogenerated/TaintedPath/normalizedPaths.js:309:19:309:22 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:309:19:309:22 | path | receiverName | fs | -| autogenerated/TaintedPath/normalizedPaths.js:309:19:309:22 | path | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:312:19:312:22 | path | CalleeFlexibleAccessPath | pathIsInside | -| autogenerated/TaintedPath/normalizedPaths.js:312:19:312:22 | path | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:312:19:312:22 | path | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/normalizedPaths.js:312:19:312:22 | path | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:312:19:312:22 | path | calleeImports | path-is-inside | -| autogenerated/TaintedPath/normalizedPaths.js:312:19:312:22 | path | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:312:19:312:22 | path | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/normalizedPaths.js:312:19:312:22 | path | enclosingFunctionBody | req res path req query path fs readFileSync path isPathInside path SAFE fs readFileSync path fs readFileSync path pathIsInside path SAFE fs readFileSync path fs readFileSync path normalizedPath pathModule join SAFE path pathIsInside normalizedPath SAFE fs readFileSync normalizedPath fs readFileSync normalizedPath pathIsInside normalizedPath SAFE fs readFileSync normalizedPath fs readFileSync normalizedPath | -| autogenerated/TaintedPath/normalizedPaths.js:312:19:312:22 | path | enclosingFunctionName | app.get#functionalargument | -| autogenerated/TaintedPath/normalizedPaths.js:312:19:312:22 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:312:19:312:22 | path | receiverName | | -| autogenerated/TaintedPath/normalizedPaths.js:312:19:312:22 | path | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:312:25:312:28 | SAFE | CalleeFlexibleAccessPath | pathIsInside | -| autogenerated/TaintedPath/normalizedPaths.js:312:25:312:28 | SAFE | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:312:25:312:28 | SAFE | InputArgumentIndex | 1 | -| autogenerated/TaintedPath/normalizedPaths.js:312:25:312:28 | SAFE | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:312:25:312:28 | SAFE | calleeImports | path-is-inside | -| autogenerated/TaintedPath/normalizedPaths.js:312:25:312:28 | SAFE | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:312:25:312:28 | SAFE | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/normalizedPaths.js:312:25:312:28 | SAFE | enclosingFunctionBody | req res path req query path fs readFileSync path isPathInside path SAFE fs readFileSync path fs readFileSync path pathIsInside path SAFE fs readFileSync path fs readFileSync path normalizedPath pathModule join SAFE path pathIsInside normalizedPath SAFE fs readFileSync normalizedPath fs readFileSync normalizedPath pathIsInside normalizedPath SAFE fs readFileSync normalizedPath fs readFileSync normalizedPath | -| autogenerated/TaintedPath/normalizedPaths.js:312:25:312:28 | SAFE | enclosingFunctionName | app.get#functionalargument | -| autogenerated/TaintedPath/normalizedPaths.js:312:25:312:28 | SAFE | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:312:25:312:28 | SAFE | receiverName | | -| autogenerated/TaintedPath/normalizedPaths.js:312:25:312:28 | SAFE | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:313:19:313:22 | path | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/normalizedPaths.js:313:19:313:22 | path | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:313:19:313:22 | path | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/normalizedPaths.js:313:19:313:22 | path | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:313:19:313:22 | path | calleeImports | fs | -| autogenerated/TaintedPath/normalizedPaths.js:313:19:313:22 | path | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:313:19:313:22 | path | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/normalizedPaths.js:313:19:313:22 | path | enclosingFunctionBody | req res path req query path fs readFileSync path isPathInside path SAFE fs readFileSync path fs readFileSync path pathIsInside path SAFE fs readFileSync path fs readFileSync path normalizedPath pathModule join SAFE path pathIsInside normalizedPath SAFE fs readFileSync normalizedPath fs readFileSync normalizedPath pathIsInside normalizedPath SAFE fs readFileSync normalizedPath fs readFileSync normalizedPath | -| autogenerated/TaintedPath/normalizedPaths.js:313:19:313:22 | path | enclosingFunctionName | app.get#functionalargument | -| autogenerated/TaintedPath/normalizedPaths.js:313:19:313:22 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:313:19:313:22 | path | receiverName | fs | -| autogenerated/TaintedPath/normalizedPaths.js:313:19:313:22 | path | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:316:19:316:22 | path | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/normalizedPaths.js:316:19:316:22 | path | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:316:19:316:22 | path | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/normalizedPaths.js:316:19:316:22 | path | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:316:19:316:22 | path | calleeImports | fs | -| autogenerated/TaintedPath/normalizedPaths.js:316:19:316:22 | path | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:316:19:316:22 | path | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/normalizedPaths.js:316:19:316:22 | path | enclosingFunctionBody | req res path req query path fs readFileSync path isPathInside path SAFE fs readFileSync path fs readFileSync path pathIsInside path SAFE fs readFileSync path fs readFileSync path normalizedPath pathModule join SAFE path pathIsInside normalizedPath SAFE fs readFileSync normalizedPath fs readFileSync normalizedPath pathIsInside normalizedPath SAFE fs readFileSync normalizedPath fs readFileSync normalizedPath | -| autogenerated/TaintedPath/normalizedPaths.js:316:19:316:22 | path | enclosingFunctionName | app.get#functionalargument | -| autogenerated/TaintedPath/normalizedPaths.js:316:19:316:22 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:316:19:316:22 | path | receiverName | fs | -| autogenerated/TaintedPath/normalizedPaths.js:316:19:316:22 | path | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:321:19:321:32 | normalizedPath | CalleeFlexibleAccessPath | pathIsInside | -| autogenerated/TaintedPath/normalizedPaths.js:321:19:321:32 | normalizedPath | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:321:19:321:32 | normalizedPath | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/normalizedPaths.js:321:19:321:32 | normalizedPath | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:321:19:321:32 | normalizedPath | calleeImports | path-is-inside | -| autogenerated/TaintedPath/normalizedPaths.js:321:19:321:32 | normalizedPath | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:321:19:321:32 | normalizedPath | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/normalizedPaths.js:321:19:321:32 | normalizedPath | enclosingFunctionBody | req res path req query path fs readFileSync path isPathInside path SAFE fs readFileSync path fs readFileSync path pathIsInside path SAFE fs readFileSync path fs readFileSync path normalizedPath pathModule join SAFE path pathIsInside normalizedPath SAFE fs readFileSync normalizedPath fs readFileSync normalizedPath pathIsInside normalizedPath SAFE fs readFileSync normalizedPath fs readFileSync normalizedPath | -| autogenerated/TaintedPath/normalizedPaths.js:321:19:321:32 | normalizedPath | enclosingFunctionName | app.get#functionalargument | -| autogenerated/TaintedPath/normalizedPaths.js:321:19:321:32 | normalizedPath | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:321:19:321:32 | normalizedPath | receiverName | | -| autogenerated/TaintedPath/normalizedPaths.js:321:19:321:32 | normalizedPath | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:321:35:321:38 | SAFE | CalleeFlexibleAccessPath | pathIsInside | -| autogenerated/TaintedPath/normalizedPaths.js:321:35:321:38 | SAFE | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:321:35:321:38 | SAFE | InputArgumentIndex | 1 | -| autogenerated/TaintedPath/normalizedPaths.js:321:35:321:38 | SAFE | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:321:35:321:38 | SAFE | calleeImports | path-is-inside | -| autogenerated/TaintedPath/normalizedPaths.js:321:35:321:38 | SAFE | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:321:35:321:38 | SAFE | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/normalizedPaths.js:321:35:321:38 | SAFE | enclosingFunctionBody | req res path req query path fs readFileSync path isPathInside path SAFE fs readFileSync path fs readFileSync path pathIsInside path SAFE fs readFileSync path fs readFileSync path normalizedPath pathModule join SAFE path pathIsInside normalizedPath SAFE fs readFileSync normalizedPath fs readFileSync normalizedPath pathIsInside normalizedPath SAFE fs readFileSync normalizedPath fs readFileSync normalizedPath | -| autogenerated/TaintedPath/normalizedPaths.js:321:35:321:38 | SAFE | enclosingFunctionName | app.get#functionalargument | -| autogenerated/TaintedPath/normalizedPaths.js:321:35:321:38 | SAFE | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:321:35:321:38 | SAFE | receiverName | | -| autogenerated/TaintedPath/normalizedPaths.js:321:35:321:38 | SAFE | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:322:19:322:32 | normalizedPath | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/normalizedPaths.js:322:19:322:32 | normalizedPath | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:322:19:322:32 | normalizedPath | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/normalizedPaths.js:322:19:322:32 | normalizedPath | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:322:19:322:32 | normalizedPath | calleeImports | fs | -| autogenerated/TaintedPath/normalizedPaths.js:322:19:322:32 | normalizedPath | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:322:19:322:32 | normalizedPath | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/normalizedPaths.js:322:19:322:32 | normalizedPath | enclosingFunctionBody | req res path req query path fs readFileSync path isPathInside path SAFE fs readFileSync path fs readFileSync path pathIsInside path SAFE fs readFileSync path fs readFileSync path normalizedPath pathModule join SAFE path pathIsInside normalizedPath SAFE fs readFileSync normalizedPath fs readFileSync normalizedPath pathIsInside normalizedPath SAFE fs readFileSync normalizedPath fs readFileSync normalizedPath | -| autogenerated/TaintedPath/normalizedPaths.js:322:19:322:32 | normalizedPath | enclosingFunctionName | app.get#functionalargument | -| autogenerated/TaintedPath/normalizedPaths.js:322:19:322:32 | normalizedPath | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:322:19:322:32 | normalizedPath | receiverName | fs | -| autogenerated/TaintedPath/normalizedPaths.js:322:19:322:32 | normalizedPath | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:325:19:325:32 | normalizedPath | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/normalizedPaths.js:325:19:325:32 | normalizedPath | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:325:19:325:32 | normalizedPath | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/normalizedPaths.js:325:19:325:32 | normalizedPath | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:325:19:325:32 | normalizedPath | calleeImports | fs | -| autogenerated/TaintedPath/normalizedPaths.js:325:19:325:32 | normalizedPath | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:325:19:325:32 | normalizedPath | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/normalizedPaths.js:325:19:325:32 | normalizedPath | enclosingFunctionBody | req res path req query path fs readFileSync path isPathInside path SAFE fs readFileSync path fs readFileSync path pathIsInside path SAFE fs readFileSync path fs readFileSync path normalizedPath pathModule join SAFE path pathIsInside normalizedPath SAFE fs readFileSync normalizedPath fs readFileSync normalizedPath pathIsInside normalizedPath SAFE fs readFileSync normalizedPath fs readFileSync normalizedPath | -| autogenerated/TaintedPath/normalizedPaths.js:325:19:325:32 | normalizedPath | enclosingFunctionName | app.get#functionalargument | -| autogenerated/TaintedPath/normalizedPaths.js:325:19:325:32 | normalizedPath | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:325:19:325:32 | normalizedPath | receiverName | fs | -| autogenerated/TaintedPath/normalizedPaths.js:325:19:325:32 | normalizedPath | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:328:19:328:32 | normalizedPath | CalleeFlexibleAccessPath | pathIsInside | -| autogenerated/TaintedPath/normalizedPaths.js:328:19:328:32 | normalizedPath | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:328:19:328:32 | normalizedPath | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/normalizedPaths.js:328:19:328:32 | normalizedPath | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:328:19:328:32 | normalizedPath | calleeImports | path-is-inside | -| autogenerated/TaintedPath/normalizedPaths.js:328:19:328:32 | normalizedPath | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:328:19:328:32 | normalizedPath | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/normalizedPaths.js:328:19:328:32 | normalizedPath | enclosingFunctionBody | req res path req query path fs readFileSync path isPathInside path SAFE fs readFileSync path fs readFileSync path pathIsInside path SAFE fs readFileSync path fs readFileSync path normalizedPath pathModule join SAFE path pathIsInside normalizedPath SAFE fs readFileSync normalizedPath fs readFileSync normalizedPath pathIsInside normalizedPath SAFE fs readFileSync normalizedPath fs readFileSync normalizedPath | -| autogenerated/TaintedPath/normalizedPaths.js:328:19:328:32 | normalizedPath | enclosingFunctionName | app.get#functionalargument | -| autogenerated/TaintedPath/normalizedPaths.js:328:19:328:32 | normalizedPath | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:328:19:328:32 | normalizedPath | receiverName | | -| autogenerated/TaintedPath/normalizedPaths.js:328:19:328:32 | normalizedPath | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:328:35:328:38 | SAFE | CalleeFlexibleAccessPath | pathIsInside | -| autogenerated/TaintedPath/normalizedPaths.js:328:35:328:38 | SAFE | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:328:35:328:38 | SAFE | InputArgumentIndex | 1 | -| autogenerated/TaintedPath/normalizedPaths.js:328:35:328:38 | SAFE | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:328:35:328:38 | SAFE | calleeImports | path-is-inside | -| autogenerated/TaintedPath/normalizedPaths.js:328:35:328:38 | SAFE | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:328:35:328:38 | SAFE | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/normalizedPaths.js:328:35:328:38 | SAFE | enclosingFunctionBody | req res path req query path fs readFileSync path isPathInside path SAFE fs readFileSync path fs readFileSync path pathIsInside path SAFE fs readFileSync path fs readFileSync path normalizedPath pathModule join SAFE path pathIsInside normalizedPath SAFE fs readFileSync normalizedPath fs readFileSync normalizedPath pathIsInside normalizedPath SAFE fs readFileSync normalizedPath fs readFileSync normalizedPath | -| autogenerated/TaintedPath/normalizedPaths.js:328:35:328:38 | SAFE | enclosingFunctionName | app.get#functionalargument | -| autogenerated/TaintedPath/normalizedPaths.js:328:35:328:38 | SAFE | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:328:35:328:38 | SAFE | receiverName | | -| autogenerated/TaintedPath/normalizedPaths.js:328:35:328:38 | SAFE | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:329:19:329:32 | normalizedPath | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/normalizedPaths.js:329:19:329:32 | normalizedPath | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:329:19:329:32 | normalizedPath | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/normalizedPaths.js:329:19:329:32 | normalizedPath | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:329:19:329:32 | normalizedPath | calleeImports | fs | -| autogenerated/TaintedPath/normalizedPaths.js:329:19:329:32 | normalizedPath | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:329:19:329:32 | normalizedPath | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/normalizedPaths.js:329:19:329:32 | normalizedPath | enclosingFunctionBody | req res path req query path fs readFileSync path isPathInside path SAFE fs readFileSync path fs readFileSync path pathIsInside path SAFE fs readFileSync path fs readFileSync path normalizedPath pathModule join SAFE path pathIsInside normalizedPath SAFE fs readFileSync normalizedPath fs readFileSync normalizedPath pathIsInside normalizedPath SAFE fs readFileSync normalizedPath fs readFileSync normalizedPath | -| autogenerated/TaintedPath/normalizedPaths.js:329:19:329:32 | normalizedPath | enclosingFunctionName | app.get#functionalargument | -| autogenerated/TaintedPath/normalizedPaths.js:329:19:329:32 | normalizedPath | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:329:19:329:32 | normalizedPath | receiverName | fs | -| autogenerated/TaintedPath/normalizedPaths.js:329:19:329:32 | normalizedPath | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:332:19:332:32 | normalizedPath | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/normalizedPaths.js:332:19:332:32 | normalizedPath | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:332:19:332:32 | normalizedPath | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/normalizedPaths.js:332:19:332:32 | normalizedPath | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:332:19:332:32 | normalizedPath | calleeImports | fs | -| autogenerated/TaintedPath/normalizedPaths.js:332:19:332:32 | normalizedPath | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:332:19:332:32 | normalizedPath | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/normalizedPaths.js:332:19:332:32 | normalizedPath | enclosingFunctionBody | req res path req query path fs readFileSync path isPathInside path SAFE fs readFileSync path fs readFileSync path pathIsInside path SAFE fs readFileSync path fs readFileSync path normalizedPath pathModule join SAFE path pathIsInside normalizedPath SAFE fs readFileSync normalizedPath fs readFileSync normalizedPath pathIsInside normalizedPath SAFE fs readFileSync normalizedPath fs readFileSync normalizedPath | -| autogenerated/TaintedPath/normalizedPaths.js:332:19:332:32 | normalizedPath | enclosingFunctionName | app.get#functionalargument | -| autogenerated/TaintedPath/normalizedPaths.js:332:19:332:32 | normalizedPath | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:332:19:332:32 | normalizedPath | receiverName | fs | -| autogenerated/TaintedPath/normalizedPaths.js:332:19:332:32 | normalizedPath | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:338:9:338:29 | '/yet-a ... prefix' | CalleeFlexibleAccessPath | app.get | -| autogenerated/TaintedPath/normalizedPaths.js:338:9:338:29 | '/yet-a ... prefix' | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:338:9:338:29 | '/yet-a ... prefix' | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/normalizedPaths.js:338:9:338:29 | '/yet-a ... prefix' | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:338:9:338:29 | '/yet-a ... prefix' | calleeImports | express | -| autogenerated/TaintedPath/normalizedPaths.js:338:9:338:29 | '/yet-a ... prefix' | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:338:9:338:29 | '/yet-a ... prefix' | contextSurroundingFunctionParameters | | -| autogenerated/TaintedPath/normalizedPaths.js:338:9:338:29 | '/yet-a ... prefix' | enclosingFunctionBody | | -| autogenerated/TaintedPath/normalizedPaths.js:338:9:338:29 | '/yet-a ... prefix' | enclosingFunctionName | | -| autogenerated/TaintedPath/normalizedPaths.js:338:9:338:29 | '/yet-a ... prefix' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:338:9:338:29 | '/yet-a ... prefix' | receiverName | app | -| autogenerated/TaintedPath/normalizedPaths.js:338:9:338:29 | '/yet-a ... prefix' | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:338:32:350:1 | (req, r ... // OK\\n} | CalleeFlexibleAccessPath | app.get | -| autogenerated/TaintedPath/normalizedPaths.js:338:32:350:1 | (req, r ... // OK\\n} | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:338:32:350:1 | (req, r ... // OK\\n} | InputArgumentIndex | 1 | -| autogenerated/TaintedPath/normalizedPaths.js:338:32:350:1 | (req, r ... // OK\\n} | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:338:32:350:1 | (req, r ... // OK\\n} | calleeImports | express | -| autogenerated/TaintedPath/normalizedPaths.js:338:32:350:1 | (req, r ... // OK\\n} | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:338:32:350:1 | (req, r ... // OK\\n} | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/normalizedPaths.js:338:32:350:1 | (req, r ... // OK\\n} | enclosingFunctionBody | | -| autogenerated/TaintedPath/normalizedPaths.js:338:32:350:1 | (req, r ... // OK\\n} | enclosingFunctionName | | -| autogenerated/TaintedPath/normalizedPaths.js:338:32:350:1 | (req, r ... // OK\\n} | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:338:32:350:1 | (req, r ... // OK\\n} | receiverName | app | -| autogenerated/TaintedPath/normalizedPaths.js:338:32:350:1 | (req, r ... // OK\\n} | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:339:13:339:46 | pathMod ... y.path) | CalleeFlexibleAccessPath | | -| autogenerated/TaintedPath/normalizedPaths.js:339:13:339:46 | pathMod ... y.path) | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:339:13:339:46 | pathMod ... y.path) | InputArgumentIndex | | -| autogenerated/TaintedPath/normalizedPaths.js:339:13:339:46 | pathMod ... y.path) | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:339:13:339:46 | pathMod ... y.path) | calleeImports | | -| autogenerated/TaintedPath/normalizedPaths.js:339:13:339:46 | pathMod ... y.path) | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:339:13:339:46 | pathMod ... y.path) | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/normalizedPaths.js:339:13:339:46 | pathMod ... y.path) | enclosingFunctionBody | req res path pathModule resolve req query path fs readFileSync path abs pathModule resolve path abs indexOf root 0 fs readFileSync path fs readFileSync path | -| autogenerated/TaintedPath/normalizedPaths.js:339:13:339:46 | pathMod ... y.path) | enclosingFunctionName | app.get#functionalargument | -| autogenerated/TaintedPath/normalizedPaths.js:339:13:339:46 | pathMod ... y.path) | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:339:13:339:46 | pathMod ... y.path) | receiverName | | -| autogenerated/TaintedPath/normalizedPaths.js:339:13:339:46 | pathMod ... y.path) | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:341:18:341:21 | path | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/normalizedPaths.js:341:18:341:21 | path | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:341:18:341:21 | path | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/normalizedPaths.js:341:18:341:21 | path | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:341:18:341:21 | path | calleeImports | fs | -| autogenerated/TaintedPath/normalizedPaths.js:341:18:341:21 | path | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:341:18:341:21 | path | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/normalizedPaths.js:341:18:341:21 | path | enclosingFunctionBody | req res path pathModule resolve req query path fs readFileSync path abs pathModule resolve path abs indexOf root 0 fs readFileSync path fs readFileSync path | -| autogenerated/TaintedPath/normalizedPaths.js:341:18:341:21 | path | enclosingFunctionName | app.get#functionalargument | -| autogenerated/TaintedPath/normalizedPaths.js:341:18:341:21 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:341:18:341:21 | path | receiverName | fs | -| autogenerated/TaintedPath/normalizedPaths.js:341:18:341:21 | path | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:345:18:345:21 | root | CalleeFlexibleAccessPath | abs.indexOf | -| autogenerated/TaintedPath/normalizedPaths.js:345:18:345:21 | root | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:345:18:345:21 | root | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/normalizedPaths.js:345:18:345:21 | root | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:345:18:345:21 | root | calleeImports | path | -| autogenerated/TaintedPath/normalizedPaths.js:345:18:345:21 | root | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:345:18:345:21 | root | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/normalizedPaths.js:345:18:345:21 | root | enclosingFunctionBody | req res path pathModule resolve req query path fs readFileSync path abs pathModule resolve path abs indexOf root 0 fs readFileSync path fs readFileSync path | -| autogenerated/TaintedPath/normalizedPaths.js:345:18:345:21 | root | enclosingFunctionName | app.get#functionalargument | -| autogenerated/TaintedPath/normalizedPaths.js:345:18:345:21 | root | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:345:18:345:21 | root | receiverName | abs | -| autogenerated/TaintedPath/normalizedPaths.js:345:18:345:21 | root | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:346:19:346:22 | path | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/normalizedPaths.js:346:19:346:22 | path | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:346:19:346:22 | path | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/normalizedPaths.js:346:19:346:22 | path | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:346:19:346:22 | path | calleeImports | fs | -| autogenerated/TaintedPath/normalizedPaths.js:346:19:346:22 | path | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:346:19:346:22 | path | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/normalizedPaths.js:346:19:346:22 | path | enclosingFunctionBody | req res path pathModule resolve req query path fs readFileSync path abs pathModule resolve path abs indexOf root 0 fs readFileSync path fs readFileSync path | -| autogenerated/TaintedPath/normalizedPaths.js:346:19:346:22 | path | enclosingFunctionName | app.get#functionalargument | -| autogenerated/TaintedPath/normalizedPaths.js:346:19:346:22 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:346:19:346:22 | path | receiverName | fs | -| autogenerated/TaintedPath/normalizedPaths.js:346:19:346:22 | path | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:349:18:349:21 | path | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/normalizedPaths.js:349:18:349:21 | path | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:349:18:349:21 | path | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/normalizedPaths.js:349:18:349:21 | path | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:349:18:349:21 | path | calleeImports | fs | -| autogenerated/TaintedPath/normalizedPaths.js:349:18:349:21 | path | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:349:18:349:21 | path | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/normalizedPaths.js:349:18:349:21 | path | enclosingFunctionBody | req res path pathModule resolve req query path fs readFileSync path abs pathModule resolve path abs indexOf root 0 fs readFileSync path fs readFileSync path | -| autogenerated/TaintedPath/normalizedPaths.js:349:18:349:21 | path | enclosingFunctionName | app.get#functionalargument | -| autogenerated/TaintedPath/normalizedPaths.js:349:18:349:21 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:349:18:349:21 | path | receiverName | fs | -| autogenerated/TaintedPath/normalizedPaths.js:349:18:349:21 | path | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:353:9:353:30 | '/yet-a ... refix2' | CalleeFlexibleAccessPath | app.get | -| autogenerated/TaintedPath/normalizedPaths.js:353:9:353:30 | '/yet-a ... refix2' | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:353:9:353:30 | '/yet-a ... refix2' | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/normalizedPaths.js:353:9:353:30 | '/yet-a ... refix2' | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:353:9:353:30 | '/yet-a ... refix2' | calleeImports | express | -| autogenerated/TaintedPath/normalizedPaths.js:353:9:353:30 | '/yet-a ... refix2' | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:353:9:353:30 | '/yet-a ... refix2' | contextSurroundingFunctionParameters | | -| autogenerated/TaintedPath/normalizedPaths.js:353:9:353:30 | '/yet-a ... refix2' | enclosingFunctionBody | | -| autogenerated/TaintedPath/normalizedPaths.js:353:9:353:30 | '/yet-a ... refix2' | enclosingFunctionName | | -| autogenerated/TaintedPath/normalizedPaths.js:353:9:353:30 | '/yet-a ... refix2' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:353:9:353:30 | '/yet-a ... refix2' | receiverName | app | -| autogenerated/TaintedPath/normalizedPaths.js:353:9:353:30 | '/yet-a ... refix2' | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:353:33:373:1 | (req, r ... ;\\n }\\n} | CalleeFlexibleAccessPath | app.get | -| autogenerated/TaintedPath/normalizedPaths.js:353:33:373:1 | (req, r ... ;\\n }\\n} | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:353:33:373:1 | (req, r ... ;\\n }\\n} | InputArgumentIndex | 1 | -| autogenerated/TaintedPath/normalizedPaths.js:353:33:373:1 | (req, r ... ;\\n }\\n} | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:353:33:373:1 | (req, r ... ;\\n }\\n} | calleeImports | express | -| autogenerated/TaintedPath/normalizedPaths.js:353:33:373:1 | (req, r ... ;\\n }\\n} | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:353:33:373:1 | (req, r ... ;\\n }\\n} | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/normalizedPaths.js:353:33:373:1 | (req, r ... ;\\n }\\n} | enclosingFunctionBody | | -| autogenerated/TaintedPath/normalizedPaths.js:353:33:373:1 | (req, r ... ;\\n }\\n} | enclosingFunctionName | | -| autogenerated/TaintedPath/normalizedPaths.js:353:33:373:1 | (req, r ... ;\\n }\\n} | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:353:33:373:1 | (req, r ... ;\\n }\\n} | receiverName | app | -| autogenerated/TaintedPath/normalizedPaths.js:353:33:373:1 | (req, r ... ;\\n }\\n} | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:356:19:356:22 | path | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/normalizedPaths.js:356:19:356:22 | path | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:356:19:356:22 | path | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/normalizedPaths.js:356:19:356:22 | path | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:356:19:356:22 | path | calleeImports | fs | -| autogenerated/TaintedPath/normalizedPaths.js:356:19:356:22 | path | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:356:19:356:22 | path | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/normalizedPaths.js:356:19:356:22 | path | enclosingFunctionBody | req res path req query path fs readFileSync path requestPath pathModule join rootPath path targetPath allowPath requestPath rootPath targetPath rootPath fs readFileSync requestPath targetPath requestPath fs readFileSync requestPath fs readFileSync targetPath allowPath requestPath rootPath requestPath indexOf rootPath 0 | -| autogenerated/TaintedPath/normalizedPaths.js:356:19:356:22 | path | enclosingFunctionName | app.get#functionalargument | -| autogenerated/TaintedPath/normalizedPaths.js:356:19:356:22 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:356:19:356:22 | path | receiverName | fs | -| autogenerated/TaintedPath/normalizedPaths.js:356:19:356:22 | path | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:361:18:361:28 | requestPath | CalleeFlexibleAccessPath | allowPath | -| autogenerated/TaintedPath/normalizedPaths.js:361:18:361:28 | requestPath | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:361:18:361:28 | requestPath | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/normalizedPaths.js:361:18:361:28 | requestPath | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:361:18:361:28 | requestPath | calleeImports | | -| autogenerated/TaintedPath/normalizedPaths.js:361:18:361:28 | requestPath | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:361:18:361:28 | requestPath | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/normalizedPaths.js:361:18:361:28 | requestPath | enclosingFunctionBody | req res path req query path fs readFileSync path requestPath pathModule join rootPath path targetPath allowPath requestPath rootPath targetPath rootPath fs readFileSync requestPath targetPath requestPath fs readFileSync requestPath fs readFileSync targetPath allowPath requestPath rootPath requestPath indexOf rootPath 0 | -| autogenerated/TaintedPath/normalizedPaths.js:361:18:361:28 | requestPath | enclosingFunctionName | app.get#functionalargument | -| autogenerated/TaintedPath/normalizedPaths.js:361:18:361:28 | requestPath | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:361:18:361:28 | requestPath | receiverName | | -| autogenerated/TaintedPath/normalizedPaths.js:361:18:361:28 | requestPath | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:361:31:361:38 | rootPath | CalleeFlexibleAccessPath | allowPath | -| autogenerated/TaintedPath/normalizedPaths.js:361:31:361:38 | rootPath | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:361:31:361:38 | rootPath | InputArgumentIndex | 1 | -| autogenerated/TaintedPath/normalizedPaths.js:361:31:361:38 | rootPath | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:361:31:361:38 | rootPath | calleeImports | | -| autogenerated/TaintedPath/normalizedPaths.js:361:31:361:38 | rootPath | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:361:31:361:38 | rootPath | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/normalizedPaths.js:361:31:361:38 | rootPath | enclosingFunctionBody | req res path req query path fs readFileSync path requestPath pathModule join rootPath path targetPath allowPath requestPath rootPath targetPath rootPath fs readFileSync requestPath targetPath requestPath fs readFileSync requestPath fs readFileSync targetPath allowPath requestPath rootPath requestPath indexOf rootPath 0 | -| autogenerated/TaintedPath/normalizedPaths.js:361:31:361:38 | rootPath | enclosingFunctionName | app.get#functionalargument | -| autogenerated/TaintedPath/normalizedPaths.js:361:31:361:38 | rootPath | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:361:31:361:38 | rootPath | receiverName | | -| autogenerated/TaintedPath/normalizedPaths.js:361:31:361:38 | rootPath | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:363:21:363:31 | requestPath | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/normalizedPaths.js:363:21:363:31 | requestPath | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:363:21:363:31 | requestPath | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/normalizedPaths.js:363:21:363:31 | requestPath | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:363:21:363:31 | requestPath | calleeImports | fs | -| autogenerated/TaintedPath/normalizedPaths.js:363:21:363:31 | requestPath | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:363:21:363:31 | requestPath | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/normalizedPaths.js:363:21:363:31 | requestPath | enclosingFunctionBody | req res path req query path fs readFileSync path requestPath pathModule join rootPath path targetPath allowPath requestPath rootPath targetPath rootPath fs readFileSync requestPath targetPath requestPath fs readFileSync requestPath fs readFileSync targetPath allowPath requestPath rootPath requestPath indexOf rootPath 0 | -| autogenerated/TaintedPath/normalizedPaths.js:363:21:363:31 | requestPath | enclosingFunctionName | app.get#functionalargument | -| autogenerated/TaintedPath/normalizedPaths.js:363:21:363:31 | requestPath | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:363:21:363:31 | requestPath | receiverName | fs | -| autogenerated/TaintedPath/normalizedPaths.js:363:21:363:31 | requestPath | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:366:21:366:31 | requestPath | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/normalizedPaths.js:366:21:366:31 | requestPath | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:366:21:366:31 | requestPath | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/normalizedPaths.js:366:21:366:31 | requestPath | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:366:21:366:31 | requestPath | calleeImports | fs | -| autogenerated/TaintedPath/normalizedPaths.js:366:21:366:31 | requestPath | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:366:21:366:31 | requestPath | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/normalizedPaths.js:366:21:366:31 | requestPath | enclosingFunctionBody | req res path req query path fs readFileSync path requestPath pathModule join rootPath path targetPath allowPath requestPath rootPath targetPath rootPath fs readFileSync requestPath targetPath requestPath fs readFileSync requestPath fs readFileSync targetPath allowPath requestPath rootPath requestPath indexOf rootPath 0 | -| autogenerated/TaintedPath/normalizedPaths.js:366:21:366:31 | requestPath | enclosingFunctionName | app.get#functionalargument | -| autogenerated/TaintedPath/normalizedPaths.js:366:21:366:31 | requestPath | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:366:21:366:31 | requestPath | receiverName | fs | -| autogenerated/TaintedPath/normalizedPaths.js:366:21:366:31 | requestPath | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:368:19:368:28 | targetPath | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/normalizedPaths.js:368:19:368:28 | targetPath | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:368:19:368:28 | targetPath | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/normalizedPaths.js:368:19:368:28 | targetPath | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:368:19:368:28 | targetPath | calleeImports | fs | -| autogenerated/TaintedPath/normalizedPaths.js:368:19:368:28 | targetPath | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:368:19:368:28 | targetPath | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/normalizedPaths.js:368:19:368:28 | targetPath | enclosingFunctionBody | req res path req query path fs readFileSync path requestPath pathModule join rootPath path targetPath allowPath requestPath rootPath targetPath rootPath fs readFileSync requestPath targetPath requestPath fs readFileSync requestPath fs readFileSync targetPath allowPath requestPath rootPath requestPath indexOf rootPath 0 | -| autogenerated/TaintedPath/normalizedPaths.js:368:19:368:28 | targetPath | enclosingFunctionName | app.get#functionalargument | -| autogenerated/TaintedPath/normalizedPaths.js:368:19:368:28 | targetPath | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:368:19:368:28 | targetPath | receiverName | fs | -| autogenerated/TaintedPath/normalizedPaths.js:368:19:368:28 | targetPath | stringConcatenatedWith | | -| autogenerated/TaintedPath/normalizedPaths.js:371:32:371:39 | rootPath | CalleeFlexibleAccessPath | requestPath.indexOf | -| autogenerated/TaintedPath/normalizedPaths.js:371:32:371:39 | rootPath | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/normalizedPaths.js:371:32:371:39 | rootPath | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/normalizedPaths.js:371:32:371:39 | rootPath | assignedToPropName | | -| autogenerated/TaintedPath/normalizedPaths.js:371:32:371:39 | rootPath | calleeImports | | -| autogenerated/TaintedPath/normalizedPaths.js:371:32:371:39 | rootPath | contextFunctionInterfaces | allowPath(requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:371:32:371:39 | rootPath | contextSurroundingFunctionParameters | (requestPath, rootPath) | -| autogenerated/TaintedPath/normalizedPaths.js:371:32:371:39 | rootPath | enclosingFunctionBody | req res path req query path fs readFileSync path requestPath pathModule join rootPath path targetPath allowPath requestPath rootPath targetPath rootPath fs readFileSync requestPath targetPath requestPath fs readFileSync requestPath fs readFileSync targetPath allowPath requestPath rootPath requestPath indexOf rootPath 0 | -| autogenerated/TaintedPath/normalizedPaths.js:371:32:371:39 | rootPath | enclosingFunctionName | app.get#functionalargument | -| autogenerated/TaintedPath/normalizedPaths.js:371:32:371:39 | rootPath | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url | -| autogenerated/TaintedPath/normalizedPaths.js:371:32:371:39 | rootPath | receiverName | requestPath | -| autogenerated/TaintedPath/normalizedPaths.js:371:32:371:39 | rootPath | stringConcatenatedWith | | -| autogenerated/TaintedPath/other-fs-libraries.js:1:20:1:25 | "http" | CalleeFlexibleAccessPath | require | -| autogenerated/TaintedPath/other-fs-libraries.js:1:20:1:25 | "http" | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/other-fs-libraries.js:1:20:1:25 | "http" | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/other-fs-libraries.js:1:20:1:25 | "http" | assignedToPropName | | -| autogenerated/TaintedPath/other-fs-libraries.js:1:20:1:25 | "http" | calleeImports | | -| autogenerated/TaintedPath/other-fs-libraries.js:1:20:1:25 | "http" | contextFunctionInterfaces | getFsModule(special) | -| autogenerated/TaintedPath/other-fs-libraries.js:1:20:1:25 | "http" | contextSurroundingFunctionParameters | | -| autogenerated/TaintedPath/other-fs-libraries.js:1:20:1:25 | "http" | enclosingFunctionBody | | -| autogenerated/TaintedPath/other-fs-libraries.js:1:20:1:25 | "http" | enclosingFunctionName | | -| autogenerated/TaintedPath/other-fs-libraries.js:1:20:1:25 | "http" | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http original-fs url util | -| autogenerated/TaintedPath/other-fs-libraries.js:1:20:1:25 | "http" | receiverName | | -| autogenerated/TaintedPath/other-fs-libraries.js:1:20:1:25 | "http" | stringConcatenatedWith | | -| autogenerated/TaintedPath/other-fs-libraries.js:2:17:2:21 | "url" | CalleeFlexibleAccessPath | require | -| autogenerated/TaintedPath/other-fs-libraries.js:2:17:2:21 | "url" | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/other-fs-libraries.js:2:17:2:21 | "url" | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/other-fs-libraries.js:2:17:2:21 | "url" | assignedToPropName | | -| autogenerated/TaintedPath/other-fs-libraries.js:2:17:2:21 | "url" | calleeImports | | -| autogenerated/TaintedPath/other-fs-libraries.js:2:17:2:21 | "url" | contextFunctionInterfaces | getFsModule(special) | -| autogenerated/TaintedPath/other-fs-libraries.js:2:17:2:21 | "url" | contextSurroundingFunctionParameters | | -| autogenerated/TaintedPath/other-fs-libraries.js:2:17:2:21 | "url" | enclosingFunctionBody | | -| autogenerated/TaintedPath/other-fs-libraries.js:2:17:2:21 | "url" | enclosingFunctionName | | -| autogenerated/TaintedPath/other-fs-libraries.js:2:17:2:21 | "url" | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http original-fs url util | -| autogenerated/TaintedPath/other-fs-libraries.js:2:17:2:21 | "url" | receiverName | | -| autogenerated/TaintedPath/other-fs-libraries.js:2:17:2:21 | "url" | stringConcatenatedWith | | -| autogenerated/TaintedPath/other-fs-libraries.js:3:16:3:19 | "fs" | CalleeFlexibleAccessPath | require | -| autogenerated/TaintedPath/other-fs-libraries.js:3:16:3:19 | "fs" | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/other-fs-libraries.js:3:16:3:19 | "fs" | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/other-fs-libraries.js:3:16:3:19 | "fs" | assignedToPropName | | -| autogenerated/TaintedPath/other-fs-libraries.js:3:16:3:19 | "fs" | calleeImports | | -| autogenerated/TaintedPath/other-fs-libraries.js:3:16:3:19 | "fs" | contextFunctionInterfaces | getFsModule(special) | -| autogenerated/TaintedPath/other-fs-libraries.js:3:16:3:19 | "fs" | contextSurroundingFunctionParameters | | -| autogenerated/TaintedPath/other-fs-libraries.js:3:16:3:19 | "fs" | enclosingFunctionBody | | -| autogenerated/TaintedPath/other-fs-libraries.js:3:16:3:19 | "fs" | enclosingFunctionName | | -| autogenerated/TaintedPath/other-fs-libraries.js:3:16:3:19 | "fs" | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http original-fs url util | -| autogenerated/TaintedPath/other-fs-libraries.js:3:16:3:19 | "fs" | receiverName | | -| autogenerated/TaintedPath/other-fs-libraries.js:3:16:3:19 | "fs" | stringConcatenatedWith | | -| autogenerated/TaintedPath/other-fs-libraries.js:4:24:4:36 | "graceful-fs" | CalleeFlexibleAccessPath | require | -| autogenerated/TaintedPath/other-fs-libraries.js:4:24:4:36 | "graceful-fs" | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/other-fs-libraries.js:4:24:4:36 | "graceful-fs" | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/other-fs-libraries.js:4:24:4:36 | "graceful-fs" | assignedToPropName | | -| autogenerated/TaintedPath/other-fs-libraries.js:4:24:4:36 | "graceful-fs" | calleeImports | | -| autogenerated/TaintedPath/other-fs-libraries.js:4:24:4:36 | "graceful-fs" | contextFunctionInterfaces | getFsModule(special) | -| autogenerated/TaintedPath/other-fs-libraries.js:4:24:4:36 | "graceful-fs" | contextSurroundingFunctionParameters | | -| autogenerated/TaintedPath/other-fs-libraries.js:4:24:4:36 | "graceful-fs" | enclosingFunctionBody | | -| autogenerated/TaintedPath/other-fs-libraries.js:4:24:4:36 | "graceful-fs" | enclosingFunctionName | | -| autogenerated/TaintedPath/other-fs-libraries.js:4:24:4:36 | "graceful-fs" | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http original-fs url util | -| autogenerated/TaintedPath/other-fs-libraries.js:4:24:4:36 | "graceful-fs" | receiverName | | -| autogenerated/TaintedPath/other-fs-libraries.js:4:24:4:36 | "graceful-fs" | stringConcatenatedWith | | -| autogenerated/TaintedPath/other-fs-libraries.js:5:21:5:30 | "fs-extra" | CalleeFlexibleAccessPath | require | -| autogenerated/TaintedPath/other-fs-libraries.js:5:21:5:30 | "fs-extra" | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/other-fs-libraries.js:5:21:5:30 | "fs-extra" | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/other-fs-libraries.js:5:21:5:30 | "fs-extra" | assignedToPropName | | -| autogenerated/TaintedPath/other-fs-libraries.js:5:21:5:30 | "fs-extra" | calleeImports | | -| autogenerated/TaintedPath/other-fs-libraries.js:5:21:5:30 | "fs-extra" | contextFunctionInterfaces | getFsModule(special) | -| autogenerated/TaintedPath/other-fs-libraries.js:5:21:5:30 | "fs-extra" | contextSurroundingFunctionParameters | | -| autogenerated/TaintedPath/other-fs-libraries.js:5:21:5:30 | "fs-extra" | enclosingFunctionBody | | -| autogenerated/TaintedPath/other-fs-libraries.js:5:21:5:30 | "fs-extra" | enclosingFunctionName | | -| autogenerated/TaintedPath/other-fs-libraries.js:5:21:5:30 | "fs-extra" | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http original-fs url util | -| autogenerated/TaintedPath/other-fs-libraries.js:5:21:5:30 | "fs-extra" | receiverName | | -| autogenerated/TaintedPath/other-fs-libraries.js:5:21:5:30 | "fs-extra" | stringConcatenatedWith | | -| autogenerated/TaintedPath/other-fs-libraries.js:6:24:6:36 | "original-fs" | CalleeFlexibleAccessPath | require | -| autogenerated/TaintedPath/other-fs-libraries.js:6:24:6:36 | "original-fs" | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/other-fs-libraries.js:6:24:6:36 | "original-fs" | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/other-fs-libraries.js:6:24:6:36 | "original-fs" | assignedToPropName | | -| autogenerated/TaintedPath/other-fs-libraries.js:6:24:6:36 | "original-fs" | calleeImports | | -| autogenerated/TaintedPath/other-fs-libraries.js:6:24:6:36 | "original-fs" | contextFunctionInterfaces | getFsModule(special) | -| autogenerated/TaintedPath/other-fs-libraries.js:6:24:6:36 | "original-fs" | contextSurroundingFunctionParameters | | -| autogenerated/TaintedPath/other-fs-libraries.js:6:24:6:36 | "original-fs" | enclosingFunctionBody | | -| autogenerated/TaintedPath/other-fs-libraries.js:6:24:6:36 | "original-fs" | enclosingFunctionName | | -| autogenerated/TaintedPath/other-fs-libraries.js:6:24:6:36 | "original-fs" | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http original-fs url util | -| autogenerated/TaintedPath/other-fs-libraries.js:6:24:6:36 | "original-fs" | receiverName | | -| autogenerated/TaintedPath/other-fs-libraries.js:6:24:6:36 | "original-fs" | stringConcatenatedWith | | -| autogenerated/TaintedPath/other-fs-libraries.js:8:32:25:1 | functio ... OT OK\\n} | CalleeFlexibleAccessPath | http.createServer | -| autogenerated/TaintedPath/other-fs-libraries.js:8:32:25:1 | functio ... OT OK\\n} | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/other-fs-libraries.js:8:32:25:1 | functio ... OT OK\\n} | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/other-fs-libraries.js:8:32:25:1 | functio ... OT OK\\n} | assignedToPropName | | -| autogenerated/TaintedPath/other-fs-libraries.js:8:32:25:1 | functio ... OT OK\\n} | calleeImports | http | -| autogenerated/TaintedPath/other-fs-libraries.js:8:32:25:1 | functio ... OT OK\\n} | contextFunctionInterfaces | getFsModule(special) | -| autogenerated/TaintedPath/other-fs-libraries.js:8:32:25:1 | functio ... OT OK\\n} | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/other-fs-libraries.js:8:32:25:1 | functio ... OT OK\\n} | enclosingFunctionBody | | -| autogenerated/TaintedPath/other-fs-libraries.js:8:32:25:1 | functio ... OT OK\\n} | enclosingFunctionName | | -| autogenerated/TaintedPath/other-fs-libraries.js:8:32:25:1 | functio ... OT OK\\n} | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http original-fs url util | -| autogenerated/TaintedPath/other-fs-libraries.js:8:32:25:1 | functio ... OT OK\\n} | receiverName | http | -| autogenerated/TaintedPath/other-fs-libraries.js:8:32:25:1 | functio ... OT OK\\n} | stringConcatenatedWith | | -| autogenerated/TaintedPath/other-fs-libraries.js:11:19:11:22 | path | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/other-fs-libraries.js:11:19:11:22 | path | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/other-fs-libraries.js:11:19:11:22 | path | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/other-fs-libraries.js:11:19:11:22 | path | assignedToPropName | | -| autogenerated/TaintedPath/other-fs-libraries.js:11:19:11:22 | path | calleeImports | fs | -| autogenerated/TaintedPath/other-fs-libraries.js:11:19:11:22 | path | contextFunctionInterfaces | getFsModule(special) | -| autogenerated/TaintedPath/other-fs-libraries.js:11:19:11:22 | path | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/other-fs-libraries.js:11:19:11:22 | path | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path gracefulFs readFileSync path fsExtra readFileSync path originalFs readFileSync path getFsModule true readFileSync path getFsModule false readFileSync path require ./my-fs-module require true readFileSync path flexibleModuleName require process electron versions electron original-fs fs flexibleModuleName readFileSync path | -| autogenerated/TaintedPath/other-fs-libraries.js:11:19:11:22 | path | enclosingFunctionName | http.createServer#functionalargument | -| autogenerated/TaintedPath/other-fs-libraries.js:11:19:11:22 | path | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http original-fs url util | -| autogenerated/TaintedPath/other-fs-libraries.js:11:19:11:22 | path | receiverName | fs | -| autogenerated/TaintedPath/other-fs-libraries.js:11:19:11:22 | path | stringConcatenatedWith | | -| autogenerated/TaintedPath/other-fs-libraries.js:12:27:12:30 | path | CalleeFlexibleAccessPath | gracefulFs.readFileSync | -| autogenerated/TaintedPath/other-fs-libraries.js:12:27:12:30 | path | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/other-fs-libraries.js:12:27:12:30 | path | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/other-fs-libraries.js:12:27:12:30 | path | assignedToPropName | | -| autogenerated/TaintedPath/other-fs-libraries.js:12:27:12:30 | path | calleeImports | graceful-fs | -| autogenerated/TaintedPath/other-fs-libraries.js:12:27:12:30 | path | contextFunctionInterfaces | getFsModule(special) | -| autogenerated/TaintedPath/other-fs-libraries.js:12:27:12:30 | path | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/other-fs-libraries.js:12:27:12:30 | path | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path gracefulFs readFileSync path fsExtra readFileSync path originalFs readFileSync path getFsModule true readFileSync path getFsModule false readFileSync path require ./my-fs-module require true readFileSync path flexibleModuleName require process electron versions electron original-fs fs flexibleModuleName readFileSync path | -| autogenerated/TaintedPath/other-fs-libraries.js:12:27:12:30 | path | enclosingFunctionName | http.createServer#functionalargument | -| autogenerated/TaintedPath/other-fs-libraries.js:12:27:12:30 | path | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http original-fs url util | -| autogenerated/TaintedPath/other-fs-libraries.js:12:27:12:30 | path | receiverName | gracefulFs | -| autogenerated/TaintedPath/other-fs-libraries.js:12:27:12:30 | path | stringConcatenatedWith | | -| autogenerated/TaintedPath/other-fs-libraries.js:13:24:13:27 | path | CalleeFlexibleAccessPath | fsExtra.readFileSync | -| autogenerated/TaintedPath/other-fs-libraries.js:13:24:13:27 | path | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/other-fs-libraries.js:13:24:13:27 | path | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/other-fs-libraries.js:13:24:13:27 | path | assignedToPropName | | -| autogenerated/TaintedPath/other-fs-libraries.js:13:24:13:27 | path | calleeImports | fs-extra | -| autogenerated/TaintedPath/other-fs-libraries.js:13:24:13:27 | path | contextFunctionInterfaces | getFsModule(special) | -| autogenerated/TaintedPath/other-fs-libraries.js:13:24:13:27 | path | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/other-fs-libraries.js:13:24:13:27 | path | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path gracefulFs readFileSync path fsExtra readFileSync path originalFs readFileSync path getFsModule true readFileSync path getFsModule false readFileSync path require ./my-fs-module require true readFileSync path flexibleModuleName require process electron versions electron original-fs fs flexibleModuleName readFileSync path | -| autogenerated/TaintedPath/other-fs-libraries.js:13:24:13:27 | path | enclosingFunctionName | http.createServer#functionalargument | -| autogenerated/TaintedPath/other-fs-libraries.js:13:24:13:27 | path | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http original-fs url util | -| autogenerated/TaintedPath/other-fs-libraries.js:13:24:13:27 | path | receiverName | fsExtra | -| autogenerated/TaintedPath/other-fs-libraries.js:13:24:13:27 | path | stringConcatenatedWith | | -| autogenerated/TaintedPath/other-fs-libraries.js:14:27:14:30 | path | CalleeFlexibleAccessPath | originalFs.readFileSync | -| autogenerated/TaintedPath/other-fs-libraries.js:14:27:14:30 | path | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/other-fs-libraries.js:14:27:14:30 | path | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/other-fs-libraries.js:14:27:14:30 | path | assignedToPropName | | -| autogenerated/TaintedPath/other-fs-libraries.js:14:27:14:30 | path | calleeImports | original-fs | -| autogenerated/TaintedPath/other-fs-libraries.js:14:27:14:30 | path | contextFunctionInterfaces | getFsModule(special) | -| autogenerated/TaintedPath/other-fs-libraries.js:14:27:14:30 | path | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/other-fs-libraries.js:14:27:14:30 | path | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path gracefulFs readFileSync path fsExtra readFileSync path originalFs readFileSync path getFsModule true readFileSync path getFsModule false readFileSync path require ./my-fs-module require true readFileSync path flexibleModuleName require process electron versions electron original-fs fs flexibleModuleName readFileSync path | -| autogenerated/TaintedPath/other-fs-libraries.js:14:27:14:30 | path | enclosingFunctionName | http.createServer#functionalargument | -| autogenerated/TaintedPath/other-fs-libraries.js:14:27:14:30 | path | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http original-fs url util | -| autogenerated/TaintedPath/other-fs-libraries.js:14:27:14:30 | path | receiverName | originalFs | -| autogenerated/TaintedPath/other-fs-libraries.js:14:27:14:30 | path | stringConcatenatedWith | | -| autogenerated/TaintedPath/other-fs-libraries.js:16:34:16:37 | path | CalleeFlexibleAccessPath | getFsModule().readFileSync | -| autogenerated/TaintedPath/other-fs-libraries.js:16:34:16:37 | path | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/other-fs-libraries.js:16:34:16:37 | path | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/other-fs-libraries.js:16:34:16:37 | path | assignedToPropName | | -| autogenerated/TaintedPath/other-fs-libraries.js:16:34:16:37 | path | calleeImports | | -| autogenerated/TaintedPath/other-fs-libraries.js:16:34:16:37 | path | contextFunctionInterfaces | getFsModule(special) | -| autogenerated/TaintedPath/other-fs-libraries.js:16:34:16:37 | path | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/other-fs-libraries.js:16:34:16:37 | path | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path gracefulFs readFileSync path fsExtra readFileSync path originalFs readFileSync path getFsModule true readFileSync path getFsModule false readFileSync path require ./my-fs-module require true readFileSync path flexibleModuleName require process electron versions electron original-fs fs flexibleModuleName readFileSync path | -| autogenerated/TaintedPath/other-fs-libraries.js:16:34:16:37 | path | enclosingFunctionName | http.createServer#functionalargument | -| autogenerated/TaintedPath/other-fs-libraries.js:16:34:16:37 | path | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http original-fs url util | -| autogenerated/TaintedPath/other-fs-libraries.js:16:34:16:37 | path | receiverName | | -| autogenerated/TaintedPath/other-fs-libraries.js:16:34:16:37 | path | stringConcatenatedWith | | -| autogenerated/TaintedPath/other-fs-libraries.js:17:35:17:38 | path | CalleeFlexibleAccessPath | getFsModule().readFileSync | -| autogenerated/TaintedPath/other-fs-libraries.js:17:35:17:38 | path | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/other-fs-libraries.js:17:35:17:38 | path | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/other-fs-libraries.js:17:35:17:38 | path | assignedToPropName | | -| autogenerated/TaintedPath/other-fs-libraries.js:17:35:17:38 | path | calleeImports | | -| autogenerated/TaintedPath/other-fs-libraries.js:17:35:17:38 | path | contextFunctionInterfaces | getFsModule(special) | -| autogenerated/TaintedPath/other-fs-libraries.js:17:35:17:38 | path | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/other-fs-libraries.js:17:35:17:38 | path | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path gracefulFs readFileSync path fsExtra readFileSync path originalFs readFileSync path getFsModule true readFileSync path getFsModule false readFileSync path require ./my-fs-module require true readFileSync path flexibleModuleName require process electron versions electron original-fs fs flexibleModuleName readFileSync path | -| autogenerated/TaintedPath/other-fs-libraries.js:17:35:17:38 | path | enclosingFunctionName | http.createServer#functionalargument | -| autogenerated/TaintedPath/other-fs-libraries.js:17:35:17:38 | path | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http original-fs url util | -| autogenerated/TaintedPath/other-fs-libraries.js:17:35:17:38 | path | receiverName | | -| autogenerated/TaintedPath/other-fs-libraries.js:17:35:17:38 | path | stringConcatenatedWith | | -| autogenerated/TaintedPath/other-fs-libraries.js:19:11:19:26 | "./my-fs-module" | CalleeFlexibleAccessPath | require | -| autogenerated/TaintedPath/other-fs-libraries.js:19:11:19:26 | "./my-fs-module" | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/other-fs-libraries.js:19:11:19:26 | "./my-fs-module" | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/other-fs-libraries.js:19:11:19:26 | "./my-fs-module" | assignedToPropName | | -| autogenerated/TaintedPath/other-fs-libraries.js:19:11:19:26 | "./my-fs-module" | calleeImports | | -| autogenerated/TaintedPath/other-fs-libraries.js:19:11:19:26 | "./my-fs-module" | contextFunctionInterfaces | getFsModule(special) | -| autogenerated/TaintedPath/other-fs-libraries.js:19:11:19:26 | "./my-fs-module" | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/other-fs-libraries.js:19:11:19:26 | "./my-fs-module" | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path gracefulFs readFileSync path fsExtra readFileSync path originalFs readFileSync path getFsModule true readFileSync path getFsModule false readFileSync path require ./my-fs-module require true readFileSync path flexibleModuleName require process electron versions electron original-fs fs flexibleModuleName readFileSync path | -| autogenerated/TaintedPath/other-fs-libraries.js:19:11:19:26 | "./my-fs-module" | enclosingFunctionName | http.createServer#functionalargument | -| autogenerated/TaintedPath/other-fs-libraries.js:19:11:19:26 | "./my-fs-module" | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http original-fs url util | -| autogenerated/TaintedPath/other-fs-libraries.js:19:11:19:26 | "./my-fs-module" | receiverName | | -| autogenerated/TaintedPath/other-fs-libraries.js:19:11:19:26 | "./my-fs-module" | stringConcatenatedWith | | -| autogenerated/TaintedPath/other-fs-libraries.js:19:56:19:59 | path | CalleeFlexibleAccessPath | import("p").require().readFileSync | -| autogenerated/TaintedPath/other-fs-libraries.js:19:56:19:59 | path | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/other-fs-libraries.js:19:56:19:59 | path | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/other-fs-libraries.js:19:56:19:59 | path | assignedToPropName | | -| autogenerated/TaintedPath/other-fs-libraries.js:19:56:19:59 | path | calleeImports | ./my-fs-module | -| autogenerated/TaintedPath/other-fs-libraries.js:19:56:19:59 | path | contextFunctionInterfaces | getFsModule(special) | -| autogenerated/TaintedPath/other-fs-libraries.js:19:56:19:59 | path | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/other-fs-libraries.js:19:56:19:59 | path | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path gracefulFs readFileSync path fsExtra readFileSync path originalFs readFileSync path getFsModule true readFileSync path getFsModule false readFileSync path require ./my-fs-module require true readFileSync path flexibleModuleName require process electron versions electron original-fs fs flexibleModuleName readFileSync path | -| autogenerated/TaintedPath/other-fs-libraries.js:19:56:19:59 | path | enclosingFunctionName | http.createServer#functionalargument | -| autogenerated/TaintedPath/other-fs-libraries.js:19:56:19:59 | path | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http original-fs url util | -| autogenerated/TaintedPath/other-fs-libraries.js:19:56:19:59 | path | receiverName | | -| autogenerated/TaintedPath/other-fs-libraries.js:19:56:19:59 | path | stringConcatenatedWith | | -| autogenerated/TaintedPath/other-fs-libraries.js:21:36:23:10 | process ... : "fs" | CalleeFlexibleAccessPath | require | -| autogenerated/TaintedPath/other-fs-libraries.js:21:36:23:10 | process ... : "fs" | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/other-fs-libraries.js:21:36:23:10 | process ... : "fs" | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/other-fs-libraries.js:21:36:23:10 | process ... : "fs" | assignedToPropName | | -| autogenerated/TaintedPath/other-fs-libraries.js:21:36:23:10 | process ... : "fs" | calleeImports | | -| autogenerated/TaintedPath/other-fs-libraries.js:21:36:23:10 | process ... : "fs" | contextFunctionInterfaces | getFsModule(special) | -| autogenerated/TaintedPath/other-fs-libraries.js:21:36:23:10 | process ... : "fs" | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/other-fs-libraries.js:21:36:23:10 | process ... : "fs" | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path gracefulFs readFileSync path fsExtra readFileSync path originalFs readFileSync path getFsModule true readFileSync path getFsModule false readFileSync path require ./my-fs-module require true readFileSync path flexibleModuleName require process electron versions electron original-fs fs flexibleModuleName readFileSync path | -| autogenerated/TaintedPath/other-fs-libraries.js:21:36:23:10 | process ... : "fs" | enclosingFunctionName | http.createServer#functionalargument | -| autogenerated/TaintedPath/other-fs-libraries.js:21:36:23:10 | process ... : "fs" | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http original-fs url util | -| autogenerated/TaintedPath/other-fs-libraries.js:21:36:23:10 | process ... : "fs" | receiverName | | -| autogenerated/TaintedPath/other-fs-libraries.js:21:36:23:10 | process ... : "fs" | stringConcatenatedWith | | -| autogenerated/TaintedPath/other-fs-libraries.js:24:35:24:38 | path | CalleeFlexibleAccessPath | flexibleModuleName.readFileSync | -| autogenerated/TaintedPath/other-fs-libraries.js:24:35:24:38 | path | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/other-fs-libraries.js:24:35:24:38 | path | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/other-fs-libraries.js:24:35:24:38 | path | assignedToPropName | | -| autogenerated/TaintedPath/other-fs-libraries.js:24:35:24:38 | path | calleeImports | | -| autogenerated/TaintedPath/other-fs-libraries.js:24:35:24:38 | path | contextFunctionInterfaces | getFsModule(special) | -| autogenerated/TaintedPath/other-fs-libraries.js:24:35:24:38 | path | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/other-fs-libraries.js:24:35:24:38 | path | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path gracefulFs readFileSync path fsExtra readFileSync path originalFs readFileSync path getFsModule true readFileSync path getFsModule false readFileSync path require ./my-fs-module require true readFileSync path flexibleModuleName require process electron versions electron original-fs fs flexibleModuleName readFileSync path | -| autogenerated/TaintedPath/other-fs-libraries.js:24:35:24:38 | path | enclosingFunctionName | http.createServer#functionalargument | -| autogenerated/TaintedPath/other-fs-libraries.js:24:35:24:38 | path | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http original-fs url util | -| autogenerated/TaintedPath/other-fs-libraries.js:24:35:24:38 | path | receiverName | flexibleModuleName | -| autogenerated/TaintedPath/other-fs-libraries.js:24:35:24:38 | path | stringConcatenatedWith | | -| autogenerated/TaintedPath/other-fs-libraries.js:29:20:29:23 | "fs" | CalleeFlexibleAccessPath | require | -| autogenerated/TaintedPath/other-fs-libraries.js:29:20:29:23 | "fs" | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/other-fs-libraries.js:29:20:29:23 | "fs" | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/other-fs-libraries.js:29:20:29:23 | "fs" | assignedToPropName | | -| autogenerated/TaintedPath/other-fs-libraries.js:29:20:29:23 | "fs" | calleeImports | | -| autogenerated/TaintedPath/other-fs-libraries.js:29:20:29:23 | "fs" | contextFunctionInterfaces | getFsModule(special) | -| autogenerated/TaintedPath/other-fs-libraries.js:29:20:29:23 | "fs" | contextSurroundingFunctionParameters | (special) | -| autogenerated/TaintedPath/other-fs-libraries.js:29:20:29:23 | "fs" | enclosingFunctionBody | special special require fs require original-fs | -| autogenerated/TaintedPath/other-fs-libraries.js:29:20:29:23 | "fs" | enclosingFunctionName | getFsModule | -| autogenerated/TaintedPath/other-fs-libraries.js:29:20:29:23 | "fs" | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http original-fs url util | -| autogenerated/TaintedPath/other-fs-libraries.js:29:20:29:23 | "fs" | receiverName | | -| autogenerated/TaintedPath/other-fs-libraries.js:29:20:29:23 | "fs" | stringConcatenatedWith | | -| autogenerated/TaintedPath/other-fs-libraries.js:31:20:31:32 | "original-fs" | CalleeFlexibleAccessPath | require | -| autogenerated/TaintedPath/other-fs-libraries.js:31:20:31:32 | "original-fs" | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/other-fs-libraries.js:31:20:31:32 | "original-fs" | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/other-fs-libraries.js:31:20:31:32 | "original-fs" | assignedToPropName | | -| autogenerated/TaintedPath/other-fs-libraries.js:31:20:31:32 | "original-fs" | calleeImports | | -| autogenerated/TaintedPath/other-fs-libraries.js:31:20:31:32 | "original-fs" | contextFunctionInterfaces | getFsModule(special) | -| autogenerated/TaintedPath/other-fs-libraries.js:31:20:31:32 | "original-fs" | contextSurroundingFunctionParameters | (special) | -| autogenerated/TaintedPath/other-fs-libraries.js:31:20:31:32 | "original-fs" | enclosingFunctionBody | special special require fs require original-fs | -| autogenerated/TaintedPath/other-fs-libraries.js:31:20:31:32 | "original-fs" | enclosingFunctionName | getFsModule | -| autogenerated/TaintedPath/other-fs-libraries.js:31:20:31:32 | "original-fs" | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http original-fs url util | -| autogenerated/TaintedPath/other-fs-libraries.js:31:20:31:32 | "original-fs" | receiverName | | -| autogenerated/TaintedPath/other-fs-libraries.js:31:20:31:32 | "original-fs" | stringConcatenatedWith | | -| autogenerated/TaintedPath/other-fs-libraries.js:35:20:35:25 | "util" | CalleeFlexibleAccessPath | require | -| autogenerated/TaintedPath/other-fs-libraries.js:35:20:35:25 | "util" | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/other-fs-libraries.js:35:20:35:25 | "util" | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/other-fs-libraries.js:35:20:35:25 | "util" | assignedToPropName | | -| autogenerated/TaintedPath/other-fs-libraries.js:35:20:35:25 | "util" | calleeImports | | -| autogenerated/TaintedPath/other-fs-libraries.js:35:20:35:25 | "util" | contextFunctionInterfaces | getFsModule(special) | -| autogenerated/TaintedPath/other-fs-libraries.js:35:20:35:25 | "util" | contextSurroundingFunctionParameters | | -| autogenerated/TaintedPath/other-fs-libraries.js:35:20:35:25 | "util" | enclosingFunctionBody | | -| autogenerated/TaintedPath/other-fs-libraries.js:35:20:35:25 | "util" | enclosingFunctionName | | -| autogenerated/TaintedPath/other-fs-libraries.js:35:20:35:25 | "util" | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http original-fs url util | -| autogenerated/TaintedPath/other-fs-libraries.js:35:20:35:25 | "util" | receiverName | | -| autogenerated/TaintedPath/other-fs-libraries.js:35:20:35:25 | "util" | stringConcatenatedWith | | -| autogenerated/TaintedPath/other-fs-libraries.js:37:19:43:1 | functio ... OT OK\\n} | CalleeFlexibleAccessPath | http.createServer | -| autogenerated/TaintedPath/other-fs-libraries.js:37:19:43:1 | functio ... OT OK\\n} | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/other-fs-libraries.js:37:19:43:1 | functio ... OT OK\\n} | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/other-fs-libraries.js:37:19:43:1 | functio ... OT OK\\n} | assignedToPropName | | -| autogenerated/TaintedPath/other-fs-libraries.js:37:19:43:1 | functio ... OT OK\\n} | calleeImports | http | -| autogenerated/TaintedPath/other-fs-libraries.js:37:19:43:1 | functio ... OT OK\\n} | contextFunctionInterfaces | getFsModule(special) | -| autogenerated/TaintedPath/other-fs-libraries.js:37:19:43:1 | functio ... OT OK\\n} | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/other-fs-libraries.js:37:19:43:1 | functio ... OT OK\\n} | enclosingFunctionBody | | -| autogenerated/TaintedPath/other-fs-libraries.js:37:19:43:1 | functio ... OT OK\\n} | enclosingFunctionName | | -| autogenerated/TaintedPath/other-fs-libraries.js:37:19:43:1 | functio ... OT OK\\n} | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http original-fs url util | -| autogenerated/TaintedPath/other-fs-libraries.js:37:19:43:1 | functio ... OT OK\\n} | receiverName | http | -| autogenerated/TaintedPath/other-fs-libraries.js:37:19:43:1 | functio ... OT OK\\n} | stringConcatenatedWith | | -| autogenerated/TaintedPath/other-fs-libraries.js:40:18:40:32 | fs.readFileSync | CalleeFlexibleAccessPath | util.promisify | -| autogenerated/TaintedPath/other-fs-libraries.js:40:18:40:32 | fs.readFileSync | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/other-fs-libraries.js:40:18:40:32 | fs.readFileSync | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/other-fs-libraries.js:40:18:40:32 | fs.readFileSync | assignedToPropName | | -| autogenerated/TaintedPath/other-fs-libraries.js:40:18:40:32 | fs.readFileSync | calleeImports | util | -| autogenerated/TaintedPath/other-fs-libraries.js:40:18:40:32 | fs.readFileSync | contextFunctionInterfaces | getFsModule(special) | -| autogenerated/TaintedPath/other-fs-libraries.js:40:18:40:32 | fs.readFileSync | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/other-fs-libraries.js:40:18:40:32 | fs.readFileSync | enclosingFunctionBody | req res path url parse req url true query path util promisify fs readFileSync path require bluebird promisify fs readFileSync path require bluebird promisifyAll fs readFileSync path | -| autogenerated/TaintedPath/other-fs-libraries.js:40:18:40:32 | fs.readFileSync | enclosingFunctionName | http.createServer#functionalargument | -| autogenerated/TaintedPath/other-fs-libraries.js:40:18:40:32 | fs.readFileSync | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http original-fs url util | -| autogenerated/TaintedPath/other-fs-libraries.js:40:18:40:32 | fs.readFileSync | receiverName | util | -| autogenerated/TaintedPath/other-fs-libraries.js:40:18:40:32 | fs.readFileSync | stringConcatenatedWith | | -| autogenerated/TaintedPath/other-fs-libraries.js:40:35:40:38 | path | CalleeFlexibleAccessPath | util.promisify() | -| autogenerated/TaintedPath/other-fs-libraries.js:40:35:40:38 | path | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/other-fs-libraries.js:40:35:40:38 | path | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/other-fs-libraries.js:40:35:40:38 | path | assignedToPropName | | -| autogenerated/TaintedPath/other-fs-libraries.js:40:35:40:38 | path | calleeImports | util | -| autogenerated/TaintedPath/other-fs-libraries.js:40:35:40:38 | path | contextFunctionInterfaces | getFsModule(special) | -| autogenerated/TaintedPath/other-fs-libraries.js:40:35:40:38 | path | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/other-fs-libraries.js:40:35:40:38 | path | enclosingFunctionBody | req res path url parse req url true query path util promisify fs readFileSync path require bluebird promisify fs readFileSync path require bluebird promisifyAll fs readFileSync path | -| autogenerated/TaintedPath/other-fs-libraries.js:40:35:40:38 | path | enclosingFunctionName | http.createServer#functionalargument | -| autogenerated/TaintedPath/other-fs-libraries.js:40:35:40:38 | path | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http original-fs url util | -| autogenerated/TaintedPath/other-fs-libraries.js:40:35:40:38 | path | receiverName | | -| autogenerated/TaintedPath/other-fs-libraries.js:40:35:40:38 | path | stringConcatenatedWith | | -| autogenerated/TaintedPath/other-fs-libraries.js:41:11:41:20 | "bluebird" | CalleeFlexibleAccessPath | require | -| autogenerated/TaintedPath/other-fs-libraries.js:41:11:41:20 | "bluebird" | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/other-fs-libraries.js:41:11:41:20 | "bluebird" | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/other-fs-libraries.js:41:11:41:20 | "bluebird" | assignedToPropName | | -| autogenerated/TaintedPath/other-fs-libraries.js:41:11:41:20 | "bluebird" | calleeImports | | -| autogenerated/TaintedPath/other-fs-libraries.js:41:11:41:20 | "bluebird" | contextFunctionInterfaces | getFsModule(special) | -| autogenerated/TaintedPath/other-fs-libraries.js:41:11:41:20 | "bluebird" | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/other-fs-libraries.js:41:11:41:20 | "bluebird" | enclosingFunctionBody | req res path url parse req url true query path util promisify fs readFileSync path require bluebird promisify fs readFileSync path require bluebird promisifyAll fs readFileSync path | -| autogenerated/TaintedPath/other-fs-libraries.js:41:11:41:20 | "bluebird" | enclosingFunctionName | http.createServer#functionalargument | -| autogenerated/TaintedPath/other-fs-libraries.js:41:11:41:20 | "bluebird" | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http original-fs url util | -| autogenerated/TaintedPath/other-fs-libraries.js:41:11:41:20 | "bluebird" | receiverName | | -| autogenerated/TaintedPath/other-fs-libraries.js:41:11:41:20 | "bluebird" | stringConcatenatedWith | | -| autogenerated/TaintedPath/other-fs-libraries.js:41:33:41:47 | fs.readFileSync | CalleeFlexibleAccessPath | import(!).promisify | -| autogenerated/TaintedPath/other-fs-libraries.js:41:33:41:47 | fs.readFileSync | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/other-fs-libraries.js:41:33:41:47 | fs.readFileSync | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/other-fs-libraries.js:41:33:41:47 | fs.readFileSync | assignedToPropName | | -| autogenerated/TaintedPath/other-fs-libraries.js:41:33:41:47 | fs.readFileSync | calleeImports | bluebird | -| autogenerated/TaintedPath/other-fs-libraries.js:41:33:41:47 | fs.readFileSync | contextFunctionInterfaces | getFsModule(special) | -| autogenerated/TaintedPath/other-fs-libraries.js:41:33:41:47 | fs.readFileSync | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/other-fs-libraries.js:41:33:41:47 | fs.readFileSync | enclosingFunctionBody | req res path url parse req url true query path util promisify fs readFileSync path require bluebird promisify fs readFileSync path require bluebird promisifyAll fs readFileSync path | -| autogenerated/TaintedPath/other-fs-libraries.js:41:33:41:47 | fs.readFileSync | enclosingFunctionName | http.createServer#functionalargument | -| autogenerated/TaintedPath/other-fs-libraries.js:41:33:41:47 | fs.readFileSync | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http original-fs url util | -| autogenerated/TaintedPath/other-fs-libraries.js:41:33:41:47 | fs.readFileSync | receiverName | | -| autogenerated/TaintedPath/other-fs-libraries.js:41:33:41:47 | fs.readFileSync | stringConcatenatedWith | | -| autogenerated/TaintedPath/other-fs-libraries.js:41:50:41:53 | path | CalleeFlexibleAccessPath | import(!).promisify() | -| autogenerated/TaintedPath/other-fs-libraries.js:41:50:41:53 | path | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/other-fs-libraries.js:41:50:41:53 | path | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/other-fs-libraries.js:41:50:41:53 | path | assignedToPropName | | -| autogenerated/TaintedPath/other-fs-libraries.js:41:50:41:53 | path | calleeImports | bluebird | -| autogenerated/TaintedPath/other-fs-libraries.js:41:50:41:53 | path | contextFunctionInterfaces | getFsModule(special) | -| autogenerated/TaintedPath/other-fs-libraries.js:41:50:41:53 | path | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/other-fs-libraries.js:41:50:41:53 | path | enclosingFunctionBody | req res path url parse req url true query path util promisify fs readFileSync path require bluebird promisify fs readFileSync path require bluebird promisifyAll fs readFileSync path | -| autogenerated/TaintedPath/other-fs-libraries.js:41:50:41:53 | path | enclosingFunctionName | http.createServer#functionalargument | -| autogenerated/TaintedPath/other-fs-libraries.js:41:50:41:53 | path | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http original-fs url util | -| autogenerated/TaintedPath/other-fs-libraries.js:41:50:41:53 | path | receiverName | | -| autogenerated/TaintedPath/other-fs-libraries.js:41:50:41:53 | path | stringConcatenatedWith | | -| autogenerated/TaintedPath/other-fs-libraries.js:42:11:42:20 | "bluebird" | CalleeFlexibleAccessPath | require | -| autogenerated/TaintedPath/other-fs-libraries.js:42:11:42:20 | "bluebird" | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/other-fs-libraries.js:42:11:42:20 | "bluebird" | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/other-fs-libraries.js:42:11:42:20 | "bluebird" | assignedToPropName | | -| autogenerated/TaintedPath/other-fs-libraries.js:42:11:42:20 | "bluebird" | calleeImports | | -| autogenerated/TaintedPath/other-fs-libraries.js:42:11:42:20 | "bluebird" | contextFunctionInterfaces | getFsModule(special) | -| autogenerated/TaintedPath/other-fs-libraries.js:42:11:42:20 | "bluebird" | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/other-fs-libraries.js:42:11:42:20 | "bluebird" | enclosingFunctionBody | req res path url parse req url true query path util promisify fs readFileSync path require bluebird promisify fs readFileSync path require bluebird promisifyAll fs readFileSync path | -| autogenerated/TaintedPath/other-fs-libraries.js:42:11:42:20 | "bluebird" | enclosingFunctionName | http.createServer#functionalargument | -| autogenerated/TaintedPath/other-fs-libraries.js:42:11:42:20 | "bluebird" | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http original-fs url util | -| autogenerated/TaintedPath/other-fs-libraries.js:42:11:42:20 | "bluebird" | receiverName | | -| autogenerated/TaintedPath/other-fs-libraries.js:42:11:42:20 | "bluebird" | stringConcatenatedWith | | -| autogenerated/TaintedPath/other-fs-libraries.js:42:36:42:37 | fs | CalleeFlexibleAccessPath | import(!).promisifyAll | -| autogenerated/TaintedPath/other-fs-libraries.js:42:36:42:37 | fs | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/other-fs-libraries.js:42:36:42:37 | fs | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/other-fs-libraries.js:42:36:42:37 | fs | assignedToPropName | | -| autogenerated/TaintedPath/other-fs-libraries.js:42:36:42:37 | fs | calleeImports | bluebird | -| autogenerated/TaintedPath/other-fs-libraries.js:42:36:42:37 | fs | contextFunctionInterfaces | getFsModule(special) | -| autogenerated/TaintedPath/other-fs-libraries.js:42:36:42:37 | fs | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/other-fs-libraries.js:42:36:42:37 | fs | enclosingFunctionBody | req res path url parse req url true query path util promisify fs readFileSync path require bluebird promisify fs readFileSync path require bluebird promisifyAll fs readFileSync path | -| autogenerated/TaintedPath/other-fs-libraries.js:42:36:42:37 | fs | enclosingFunctionName | http.createServer#functionalargument | -| autogenerated/TaintedPath/other-fs-libraries.js:42:36:42:37 | fs | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http original-fs url util | -| autogenerated/TaintedPath/other-fs-libraries.js:42:36:42:37 | fs | receiverName | | -| autogenerated/TaintedPath/other-fs-libraries.js:42:36:42:37 | fs | stringConcatenatedWith | | -| autogenerated/TaintedPath/other-fs-libraries.js:42:53:42:56 | path | CalleeFlexibleAccessPath | import(!).promisifyAll().readFileSync | -| autogenerated/TaintedPath/other-fs-libraries.js:42:53:42:56 | path | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/other-fs-libraries.js:42:53:42:56 | path | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/other-fs-libraries.js:42:53:42:56 | path | assignedToPropName | | -| autogenerated/TaintedPath/other-fs-libraries.js:42:53:42:56 | path | calleeImports | bluebird | -| autogenerated/TaintedPath/other-fs-libraries.js:42:53:42:56 | path | contextFunctionInterfaces | getFsModule(special) | -| autogenerated/TaintedPath/other-fs-libraries.js:42:53:42:56 | path | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/other-fs-libraries.js:42:53:42:56 | path | enclosingFunctionBody | req res path url parse req url true query path util promisify fs readFileSync path require bluebird promisify fs readFileSync path require bluebird promisifyAll fs readFileSync path | -| autogenerated/TaintedPath/other-fs-libraries.js:42:53:42:56 | path | enclosingFunctionName | http.createServer#functionalargument | -| autogenerated/TaintedPath/other-fs-libraries.js:42:53:42:56 | path | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http original-fs url util | -| autogenerated/TaintedPath/other-fs-libraries.js:42:53:42:56 | path | receiverName | | -| autogenerated/TaintedPath/other-fs-libraries.js:42:53:42:56 | path | stringConcatenatedWith | | -| autogenerated/TaintedPath/other-fs-libraries.js:46:25:46:46 | "./my-a ... module" | CalleeFlexibleAccessPath | require | -| autogenerated/TaintedPath/other-fs-libraries.js:46:25:46:46 | "./my-a ... module" | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/other-fs-libraries.js:46:25:46:46 | "./my-a ... module" | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/other-fs-libraries.js:46:25:46:46 | "./my-a ... module" | assignedToPropName | | -| autogenerated/TaintedPath/other-fs-libraries.js:46:25:46:46 | "./my-a ... module" | calleeImports | | -| autogenerated/TaintedPath/other-fs-libraries.js:46:25:46:46 | "./my-a ... module" | contextFunctionInterfaces | getFsModule(special) | -| autogenerated/TaintedPath/other-fs-libraries.js:46:25:46:46 | "./my-a ... module" | contextSurroundingFunctionParameters | | -| autogenerated/TaintedPath/other-fs-libraries.js:46:25:46:46 | "./my-a ... module" | enclosingFunctionBody | | -| autogenerated/TaintedPath/other-fs-libraries.js:46:25:46:46 | "./my-a ... module" | enclosingFunctionName | | -| autogenerated/TaintedPath/other-fs-libraries.js:46:25:46:46 | "./my-a ... module" | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http original-fs url util | -| autogenerated/TaintedPath/other-fs-libraries.js:46:25:46:46 | "./my-a ... module" | receiverName | | -| autogenerated/TaintedPath/other-fs-libraries.js:46:25:46:46 | "./my-a ... module" | stringConcatenatedWith | | -| autogenerated/TaintedPath/other-fs-libraries.js:48:19:53:1 | functio ... OT OK\\n} | CalleeFlexibleAccessPath | http.createServer | -| autogenerated/TaintedPath/other-fs-libraries.js:48:19:53:1 | functio ... OT OK\\n} | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/other-fs-libraries.js:48:19:53:1 | functio ... OT OK\\n} | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/other-fs-libraries.js:48:19:53:1 | functio ... OT OK\\n} | assignedToPropName | | -| autogenerated/TaintedPath/other-fs-libraries.js:48:19:53:1 | functio ... OT OK\\n} | calleeImports | http | -| autogenerated/TaintedPath/other-fs-libraries.js:48:19:53:1 | functio ... OT OK\\n} | contextFunctionInterfaces | getFsModule(special) | -| autogenerated/TaintedPath/other-fs-libraries.js:48:19:53:1 | functio ... OT OK\\n} | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/other-fs-libraries.js:48:19:53:1 | functio ... OT OK\\n} | enclosingFunctionBody | | -| autogenerated/TaintedPath/other-fs-libraries.js:48:19:53:1 | functio ... OT OK\\n} | enclosingFunctionName | | -| autogenerated/TaintedPath/other-fs-libraries.js:48:19:53:1 | functio ... OT OK\\n} | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http original-fs url util | -| autogenerated/TaintedPath/other-fs-libraries.js:48:19:53:1 | functio ... OT OK\\n} | receiverName | http | -| autogenerated/TaintedPath/other-fs-libraries.js:48:19:53:1 | functio ... OT OK\\n} | stringConcatenatedWith | | -| autogenerated/TaintedPath/other-fs-libraries.js:51:19:51:22 | path | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/other-fs-libraries.js:51:19:51:22 | path | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/other-fs-libraries.js:51:19:51:22 | path | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/other-fs-libraries.js:51:19:51:22 | path | assignedToPropName | | -| autogenerated/TaintedPath/other-fs-libraries.js:51:19:51:22 | path | calleeImports | fs | -| autogenerated/TaintedPath/other-fs-libraries.js:51:19:51:22 | path | contextFunctionInterfaces | getFsModule(special) | -| autogenerated/TaintedPath/other-fs-libraries.js:51:19:51:22 | path | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/other-fs-libraries.js:51:19:51:22 | path | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path asyncFS readFileSync path | -| autogenerated/TaintedPath/other-fs-libraries.js:51:19:51:22 | path | enclosingFunctionName | http.createServer#functionalargument | -| autogenerated/TaintedPath/other-fs-libraries.js:51:19:51:22 | path | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http original-fs url util | -| autogenerated/TaintedPath/other-fs-libraries.js:51:19:51:22 | path | receiverName | fs | -| autogenerated/TaintedPath/other-fs-libraries.js:51:19:51:22 | path | stringConcatenatedWith | | -| autogenerated/TaintedPath/other-fs-libraries.js:52:24:52:27 | path | CalleeFlexibleAccessPath | asyncFS.readFileSync | -| autogenerated/TaintedPath/other-fs-libraries.js:52:24:52:27 | path | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/other-fs-libraries.js:52:24:52:27 | path | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/other-fs-libraries.js:52:24:52:27 | path | assignedToPropName | | -| autogenerated/TaintedPath/other-fs-libraries.js:52:24:52:27 | path | calleeImports | ./my-async-fs-module | -| autogenerated/TaintedPath/other-fs-libraries.js:52:24:52:27 | path | contextFunctionInterfaces | getFsModule(special) | -| autogenerated/TaintedPath/other-fs-libraries.js:52:24:52:27 | path | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/other-fs-libraries.js:52:24:52:27 | path | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path asyncFS readFileSync path | -| autogenerated/TaintedPath/other-fs-libraries.js:52:24:52:27 | path | enclosingFunctionName | http.createServer#functionalargument | -| autogenerated/TaintedPath/other-fs-libraries.js:52:24:52:27 | path | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http original-fs url util | -| autogenerated/TaintedPath/other-fs-libraries.js:52:24:52:27 | path | receiverName | asyncFS | -| autogenerated/TaintedPath/other-fs-libraries.js:52:24:52:27 | path | stringConcatenatedWith | | -| autogenerated/TaintedPath/pupeteer.js:1:27:1:37 | 'puppeteer' | CalleeFlexibleAccessPath | require | -| autogenerated/TaintedPath/pupeteer.js:1:27:1:37 | 'puppeteer' | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/pupeteer.js:1:27:1:37 | 'puppeteer' | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/pupeteer.js:1:27:1:37 | 'puppeteer' | assignedToPropName | | -| autogenerated/TaintedPath/pupeteer.js:1:27:1:37 | 'puppeteer' | calleeImports | | -| autogenerated/TaintedPath/pupeteer.js:1:27:1:37 | 'puppeteer' | contextFunctionInterfaces | | -| autogenerated/TaintedPath/pupeteer.js:1:27:1:37 | 'puppeteer' | contextSurroundingFunctionParameters | | -| autogenerated/TaintedPath/pupeteer.js:1:27:1:37 | 'puppeteer' | enclosingFunctionBody | | -| autogenerated/TaintedPath/pupeteer.js:1:27:1:37 | 'puppeteer' | enclosingFunctionName | | -| autogenerated/TaintedPath/pupeteer.js:1:27:1:37 | 'puppeteer' | fileImports | parse-torrent puppeteer | -| autogenerated/TaintedPath/pupeteer.js:1:27:1:37 | 'puppeteer' | receiverName | | -| autogenerated/TaintedPath/pupeteer.js:1:27:1:37 | 'puppeteer' | stringConcatenatedWith | | -| autogenerated/TaintedPath/pupeteer.js:2:30:2:44 | 'parse-torrent' | CalleeFlexibleAccessPath | require | -| autogenerated/TaintedPath/pupeteer.js:2:30:2:44 | 'parse-torrent' | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/pupeteer.js:2:30:2:44 | 'parse-torrent' | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/pupeteer.js:2:30:2:44 | 'parse-torrent' | assignedToPropName | | -| autogenerated/TaintedPath/pupeteer.js:2:30:2:44 | 'parse-torrent' | calleeImports | | -| autogenerated/TaintedPath/pupeteer.js:2:30:2:44 | 'parse-torrent' | contextFunctionInterfaces | | -| autogenerated/TaintedPath/pupeteer.js:2:30:2:44 | 'parse-torrent' | contextSurroundingFunctionParameters | | -| autogenerated/TaintedPath/pupeteer.js:2:30:2:44 | 'parse-torrent' | enclosingFunctionBody | | -| autogenerated/TaintedPath/pupeteer.js:2:30:2:44 | 'parse-torrent' | enclosingFunctionName | | -| autogenerated/TaintedPath/pupeteer.js:2:30:2:44 | 'parse-torrent' | fileImports | parse-torrent puppeteer | -| autogenerated/TaintedPath/pupeteer.js:2:30:2:44 | 'parse-torrent' | receiverName | | -| autogenerated/TaintedPath/pupeteer.js:2:30:2:44 | 'parse-torrent' | stringConcatenatedWith | | -| autogenerated/TaintedPath/pupeteer.js:5:41:5:47 | torrent | CalleeFlexibleAccessPath | parseTorrent | -| autogenerated/TaintedPath/pupeteer.js:5:41:5:47 | torrent | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/pupeteer.js:5:41:5:47 | torrent | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/pupeteer.js:5:41:5:47 | torrent | assignedToPropName | | -| autogenerated/TaintedPath/pupeteer.js:5:41:5:47 | torrent | calleeImports | parse-torrent | -| autogenerated/TaintedPath/pupeteer.js:5:41:5:47 | torrent | contextFunctionInterfaces | | -| autogenerated/TaintedPath/pupeteer.js:5:41:5:47 | torrent | contextSurroundingFunctionParameters | () | -| autogenerated/TaintedPath/pupeteer.js:5:41:5:47 | torrent | enclosingFunctionBody | tainted dir/ parseTorrent torrent name .torrent.data browser puppeteer launch page browser newPage page pdf path tainted format a4 pages browser pages i 0 i something i pages i screenshot path tainted browser close | -| autogenerated/TaintedPath/pupeteer.js:5:41:5:47 | torrent | enclosingFunctionName | | -| autogenerated/TaintedPath/pupeteer.js:5:41:5:47 | torrent | fileImports | parse-torrent puppeteer | -| autogenerated/TaintedPath/pupeteer.js:5:41:5:47 | torrent | receiverName | | -| autogenerated/TaintedPath/pupeteer.js:5:41:5:47 | torrent | stringConcatenatedWith | | -| autogenerated/TaintedPath/pupeteer.js:9:20:9:50 | { path: ... 'a4' } | CalleeFlexibleAccessPath | page.pdf | -| autogenerated/TaintedPath/pupeteer.js:9:20:9:50 | { path: ... 'a4' } | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/pupeteer.js:9:20:9:50 | { path: ... 'a4' } | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/pupeteer.js:9:20:9:50 | { path: ... 'a4' } | assignedToPropName | | -| autogenerated/TaintedPath/pupeteer.js:9:20:9:50 | { path: ... 'a4' } | calleeImports | puppeteer | -| autogenerated/TaintedPath/pupeteer.js:9:20:9:50 | { path: ... 'a4' } | contextFunctionInterfaces | | -| autogenerated/TaintedPath/pupeteer.js:9:20:9:50 | { path: ... 'a4' } | contextSurroundingFunctionParameters | () | -| autogenerated/TaintedPath/pupeteer.js:9:20:9:50 | { path: ... 'a4' } | enclosingFunctionBody | tainted dir/ parseTorrent torrent name .torrent.data browser puppeteer launch page browser newPage page pdf path tainted format a4 pages browser pages i 0 i something i pages i screenshot path tainted browser close | -| autogenerated/TaintedPath/pupeteer.js:9:20:9:50 | { path: ... 'a4' } | enclosingFunctionName | | -| autogenerated/TaintedPath/pupeteer.js:9:20:9:50 | { path: ... 'a4' } | fileImports | parse-torrent puppeteer | -| autogenerated/TaintedPath/pupeteer.js:9:20:9:50 | { path: ... 'a4' } | receiverName | page | -| autogenerated/TaintedPath/pupeteer.js:9:20:9:50 | { path: ... 'a4' } | stringConcatenatedWith | | -| autogenerated/TaintedPath/pupeteer.js:9:28:9:34 | tainted | CalleeFlexibleAccessPath | page.pdf | -| autogenerated/TaintedPath/pupeteer.js:9:28:9:34 | tainted | InputAccessPathFromCallee | 0.path | -| autogenerated/TaintedPath/pupeteer.js:9:28:9:34 | tainted | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/pupeteer.js:9:28:9:34 | tainted | assignedToPropName | path | -| autogenerated/TaintedPath/pupeteer.js:9:28:9:34 | tainted | calleeImports | puppeteer | -| autogenerated/TaintedPath/pupeteer.js:9:28:9:34 | tainted | contextFunctionInterfaces | | -| autogenerated/TaintedPath/pupeteer.js:9:28:9:34 | tainted | contextSurroundingFunctionParameters | () | -| autogenerated/TaintedPath/pupeteer.js:9:28:9:34 | tainted | enclosingFunctionBody | tainted dir/ parseTorrent torrent name .torrent.data browser puppeteer launch page browser newPage page pdf path tainted format a4 pages browser pages i 0 i something i pages i screenshot path tainted browser close | -| autogenerated/TaintedPath/pupeteer.js:9:28:9:34 | tainted | enclosingFunctionName | | -| autogenerated/TaintedPath/pupeteer.js:9:28:9:34 | tainted | fileImports | parse-torrent puppeteer | -| autogenerated/TaintedPath/pupeteer.js:9:28:9:34 | tainted | receiverName | | -| autogenerated/TaintedPath/pupeteer.js:9:28:9:34 | tainted | stringConcatenatedWith | | -| autogenerated/TaintedPath/pupeteer.js:9:45:9:48 | 'a4' | CalleeFlexibleAccessPath | page.pdf | -| autogenerated/TaintedPath/pupeteer.js:9:45:9:48 | 'a4' | InputAccessPathFromCallee | 0.format | -| autogenerated/TaintedPath/pupeteer.js:9:45:9:48 | 'a4' | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/pupeteer.js:9:45:9:48 | 'a4' | assignedToPropName | format | -| autogenerated/TaintedPath/pupeteer.js:9:45:9:48 | 'a4' | calleeImports | puppeteer | -| autogenerated/TaintedPath/pupeteer.js:9:45:9:48 | 'a4' | contextFunctionInterfaces | | -| autogenerated/TaintedPath/pupeteer.js:9:45:9:48 | 'a4' | contextSurroundingFunctionParameters | () | -| autogenerated/TaintedPath/pupeteer.js:9:45:9:48 | 'a4' | enclosingFunctionBody | tainted dir/ parseTorrent torrent name .torrent.data browser puppeteer launch page browser newPage page pdf path tainted format a4 pages browser pages i 0 i something i pages i screenshot path tainted browser close | -| autogenerated/TaintedPath/pupeteer.js:9:45:9:48 | 'a4' | enclosingFunctionName | | -| autogenerated/TaintedPath/pupeteer.js:9:45:9:48 | 'a4' | fileImports | parse-torrent puppeteer | -| autogenerated/TaintedPath/pupeteer.js:9:45:9:48 | 'a4' | receiverName | | -| autogenerated/TaintedPath/pupeteer.js:9:45:9:48 | 'a4' | stringConcatenatedWith | | -| autogenerated/TaintedPath/pupeteer.js:13:29:13:45 | { path: tainted } | CalleeFlexibleAccessPath | pages.?.screenshot | -| autogenerated/TaintedPath/pupeteer.js:13:29:13:45 | { path: tainted } | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/pupeteer.js:13:29:13:45 | { path: tainted } | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/pupeteer.js:13:29:13:45 | { path: tainted } | assignedToPropName | | -| autogenerated/TaintedPath/pupeteer.js:13:29:13:45 | { path: tainted } | calleeImports | puppeteer | -| autogenerated/TaintedPath/pupeteer.js:13:29:13:45 | { path: tainted } | contextFunctionInterfaces | | -| autogenerated/TaintedPath/pupeteer.js:13:29:13:45 | { path: tainted } | contextSurroundingFunctionParameters | () | -| autogenerated/TaintedPath/pupeteer.js:13:29:13:45 | { path: tainted } | enclosingFunctionBody | tainted dir/ parseTorrent torrent name .torrent.data browser puppeteer launch page browser newPage page pdf path tainted format a4 pages browser pages i 0 i something i pages i screenshot path tainted browser close | -| autogenerated/TaintedPath/pupeteer.js:13:29:13:45 | { path: tainted } | enclosingFunctionName | | -| autogenerated/TaintedPath/pupeteer.js:13:29:13:45 | { path: tainted } | fileImports | parse-torrent puppeteer | -| autogenerated/TaintedPath/pupeteer.js:13:29:13:45 | { path: tainted } | receiverName | | -| autogenerated/TaintedPath/pupeteer.js:13:29:13:45 | { path: tainted } | stringConcatenatedWith | | -| autogenerated/TaintedPath/pupeteer.js:13:37:13:43 | tainted | CalleeFlexibleAccessPath | pages.?.screenshot | -| autogenerated/TaintedPath/pupeteer.js:13:37:13:43 | tainted | InputAccessPathFromCallee | 0.path | -| autogenerated/TaintedPath/pupeteer.js:13:37:13:43 | tainted | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/pupeteer.js:13:37:13:43 | tainted | assignedToPropName | path | -| autogenerated/TaintedPath/pupeteer.js:13:37:13:43 | tainted | calleeImports | puppeteer | -| autogenerated/TaintedPath/pupeteer.js:13:37:13:43 | tainted | contextFunctionInterfaces | | -| autogenerated/TaintedPath/pupeteer.js:13:37:13:43 | tainted | contextSurroundingFunctionParameters | () | -| autogenerated/TaintedPath/pupeteer.js:13:37:13:43 | tainted | enclosingFunctionBody | tainted dir/ parseTorrent torrent name .torrent.data browser puppeteer launch page browser newPage page pdf path tainted format a4 pages browser pages i 0 i something i pages i screenshot path tainted browser close | -| autogenerated/TaintedPath/pupeteer.js:13:37:13:43 | tainted | enclosingFunctionName | | -| autogenerated/TaintedPath/pupeteer.js:13:37:13:43 | tainted | fileImports | parse-torrent puppeteer | -| autogenerated/TaintedPath/pupeteer.js:13:37:13:43 | tainted | receiverName | | -| autogenerated/TaintedPath/pupeteer.js:13:37:13:43 | tainted | stringConcatenatedWith | | -| autogenerated/TaintedPath/tainted-access-paths.js:1:18:1:21 | 'fs' | CalleeFlexibleAccessPath | require | -| autogenerated/TaintedPath/tainted-access-paths.js:1:18:1:21 | 'fs' | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/tainted-access-paths.js:1:18:1:21 | 'fs' | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/tainted-access-paths.js:1:18:1:21 | 'fs' | assignedToPropName | | -| autogenerated/TaintedPath/tainted-access-paths.js:1:18:1:21 | 'fs' | calleeImports | | -| autogenerated/TaintedPath/tainted-access-paths.js:1:18:1:21 | 'fs' | contextFunctionInterfaces | | -| autogenerated/TaintedPath/tainted-access-paths.js:1:18:1:21 | 'fs' | contextSurroundingFunctionParameters | | -| autogenerated/TaintedPath/tainted-access-paths.js:1:18:1:21 | 'fs' | enclosingFunctionBody | | -| autogenerated/TaintedPath/tainted-access-paths.js:1:18:1:21 | 'fs' | enclosingFunctionName | | -| autogenerated/TaintedPath/tainted-access-paths.js:1:18:1:21 | 'fs' | fileImports | fs http url | -| autogenerated/TaintedPath/tainted-access-paths.js:1:18:1:21 | 'fs' | receiverName | | -| autogenerated/TaintedPath/tainted-access-paths.js:1:18:1:21 | 'fs' | stringConcatenatedWith | | -| autogenerated/TaintedPath/tainted-access-paths.js:2:20:2:25 | 'http' | CalleeFlexibleAccessPath | require | -| autogenerated/TaintedPath/tainted-access-paths.js:2:20:2:25 | 'http' | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/tainted-access-paths.js:2:20:2:25 | 'http' | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/tainted-access-paths.js:2:20:2:25 | 'http' | assignedToPropName | | -| autogenerated/TaintedPath/tainted-access-paths.js:2:20:2:25 | 'http' | calleeImports | | -| autogenerated/TaintedPath/tainted-access-paths.js:2:20:2:25 | 'http' | contextFunctionInterfaces | | -| autogenerated/TaintedPath/tainted-access-paths.js:2:20:2:25 | 'http' | contextSurroundingFunctionParameters | | -| autogenerated/TaintedPath/tainted-access-paths.js:2:20:2:25 | 'http' | enclosingFunctionBody | | -| autogenerated/TaintedPath/tainted-access-paths.js:2:20:2:25 | 'http' | enclosingFunctionName | | -| autogenerated/TaintedPath/tainted-access-paths.js:2:20:2:25 | 'http' | fileImports | fs http url | -| autogenerated/TaintedPath/tainted-access-paths.js:2:20:2:25 | 'http' | receiverName | | -| autogenerated/TaintedPath/tainted-access-paths.js:2:20:2:25 | 'http' | stringConcatenatedWith | | -| autogenerated/TaintedPath/tainted-access-paths.js:3:19:3:23 | 'url' | CalleeFlexibleAccessPath | require | -| autogenerated/TaintedPath/tainted-access-paths.js:3:19:3:23 | 'url' | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/tainted-access-paths.js:3:19:3:23 | 'url' | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/tainted-access-paths.js:3:19:3:23 | 'url' | assignedToPropName | | -| autogenerated/TaintedPath/tainted-access-paths.js:3:19:3:23 | 'url' | calleeImports | | -| autogenerated/TaintedPath/tainted-access-paths.js:3:19:3:23 | 'url' | contextFunctionInterfaces | | -| autogenerated/TaintedPath/tainted-access-paths.js:3:19:3:23 | 'url' | contextSurroundingFunctionParameters | | -| autogenerated/TaintedPath/tainted-access-paths.js:3:19:3:23 | 'url' | enclosingFunctionBody | | -| autogenerated/TaintedPath/tainted-access-paths.js:3:19:3:23 | 'url' | enclosingFunctionName | | -| autogenerated/TaintedPath/tainted-access-paths.js:3:19:3:23 | 'url' | fileImports | fs http url | -| autogenerated/TaintedPath/tainted-access-paths.js:3:19:3:23 | 'url' | receiverName | | -| autogenerated/TaintedPath/tainted-access-paths.js:3:19:3:23 | 'url' | stringConcatenatedWith | | -| autogenerated/TaintedPath/tainted-access-paths.js:5:32:32:1 | functio ... OT OK\\n} | CalleeFlexibleAccessPath | http.createServer | -| autogenerated/TaintedPath/tainted-access-paths.js:5:32:32:1 | functio ... OT OK\\n} | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/tainted-access-paths.js:5:32:32:1 | functio ... OT OK\\n} | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/tainted-access-paths.js:5:32:32:1 | functio ... OT OK\\n} | assignedToPropName | | -| autogenerated/TaintedPath/tainted-access-paths.js:5:32:32:1 | functio ... OT OK\\n} | calleeImports | http | -| autogenerated/TaintedPath/tainted-access-paths.js:5:32:32:1 | functio ... OT OK\\n} | contextFunctionInterfaces | | -| autogenerated/TaintedPath/tainted-access-paths.js:5:32:32:1 | functio ... OT OK\\n} | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/tainted-access-paths.js:5:32:32:1 | functio ... OT OK\\n} | enclosingFunctionBody | | -| autogenerated/TaintedPath/tainted-access-paths.js:5:32:32:1 | functio ... OT OK\\n} | enclosingFunctionName | | -| autogenerated/TaintedPath/tainted-access-paths.js:5:32:32:1 | functio ... OT OK\\n} | fileImports | fs http url | -| autogenerated/TaintedPath/tainted-access-paths.js:5:32:32:1 | functio ... OT OK\\n} | receiverName | http | -| autogenerated/TaintedPath/tainted-access-paths.js:5:32:32:1 | functio ... OT OK\\n} | stringConcatenatedWith | | -| autogenerated/TaintedPath/tainted-access-paths.js:8:19:8:22 | path | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/tainted-access-paths.js:8:19:8:22 | path | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/tainted-access-paths.js:8:19:8:22 | path | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/tainted-access-paths.js:8:19:8:22 | path | assignedToPropName | | -| autogenerated/TaintedPath/tainted-access-paths.js:8:19:8:22 | path | calleeImports | fs | -| autogenerated/TaintedPath/tainted-access-paths.js:8:19:8:22 | path | contextFunctionInterfaces | | -| autogenerated/TaintedPath/tainted-access-paths.js:8:19:8:22 | path | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/tainted-access-paths.js:8:19:8:22 | path | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path obj bla something path fs readFileSync obj sub obj sub safe fs readFileSync obj sub obj sub2 safe random fs readFileSync obj sub2 random obj sub3 safe fs readFileSync obj sub3 obj sub4 fs readFileSync obj sub4 fs readFileSync obj sub4 fs readFileSync obj sub4 | -| autogenerated/TaintedPath/tainted-access-paths.js:8:19:8:22 | path | enclosingFunctionName | http.createServer#functionalargument | -| autogenerated/TaintedPath/tainted-access-paths.js:8:19:8:22 | path | fileImports | fs http url | -| autogenerated/TaintedPath/tainted-access-paths.js:8:19:8:22 | path | receiverName | fs | -| autogenerated/TaintedPath/tainted-access-paths.js:8:19:8:22 | path | stringConcatenatedWith | | -| autogenerated/TaintedPath/tainted-access-paths.js:12:19:12:25 | obj.sub | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/tainted-access-paths.js:12:19:12:25 | obj.sub | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/tainted-access-paths.js:12:19:12:25 | obj.sub | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/tainted-access-paths.js:12:19:12:25 | obj.sub | assignedToPropName | | -| autogenerated/TaintedPath/tainted-access-paths.js:12:19:12:25 | obj.sub | calleeImports | fs | -| autogenerated/TaintedPath/tainted-access-paths.js:12:19:12:25 | obj.sub | contextFunctionInterfaces | | -| autogenerated/TaintedPath/tainted-access-paths.js:12:19:12:25 | obj.sub | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/tainted-access-paths.js:12:19:12:25 | obj.sub | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path obj bla something path fs readFileSync obj sub obj sub safe fs readFileSync obj sub obj sub2 safe random fs readFileSync obj sub2 random obj sub3 safe fs readFileSync obj sub3 obj sub4 fs readFileSync obj sub4 fs readFileSync obj sub4 fs readFileSync obj sub4 | -| autogenerated/TaintedPath/tainted-access-paths.js:12:19:12:25 | obj.sub | enclosingFunctionName | http.createServer#functionalargument | -| autogenerated/TaintedPath/tainted-access-paths.js:12:19:12:25 | obj.sub | fileImports | fs http url | -| autogenerated/TaintedPath/tainted-access-paths.js:12:19:12:25 | obj.sub | receiverName | fs | -| autogenerated/TaintedPath/tainted-access-paths.js:12:19:12:25 | obj.sub | stringConcatenatedWith | | -| autogenerated/TaintedPath/tainted-access-paths.js:16:19:16:25 | obj.sub | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/tainted-access-paths.js:16:19:16:25 | obj.sub | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/tainted-access-paths.js:16:19:16:25 | obj.sub | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/tainted-access-paths.js:16:19:16:25 | obj.sub | assignedToPropName | | -| autogenerated/TaintedPath/tainted-access-paths.js:16:19:16:25 | obj.sub | calleeImports | fs | -| autogenerated/TaintedPath/tainted-access-paths.js:16:19:16:25 | obj.sub | contextFunctionInterfaces | | -| autogenerated/TaintedPath/tainted-access-paths.js:16:19:16:25 | obj.sub | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/tainted-access-paths.js:16:19:16:25 | obj.sub | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path obj bla something path fs readFileSync obj sub obj sub safe fs readFileSync obj sub obj sub2 safe random fs readFileSync obj sub2 random obj sub3 safe fs readFileSync obj sub3 obj sub4 fs readFileSync obj sub4 fs readFileSync obj sub4 fs readFileSync obj sub4 | -| autogenerated/TaintedPath/tainted-access-paths.js:16:19:16:25 | obj.sub | enclosingFunctionName | http.createServer#functionalargument | -| autogenerated/TaintedPath/tainted-access-paths.js:16:19:16:25 | obj.sub | fileImports | fs http url | -| autogenerated/TaintedPath/tainted-access-paths.js:16:19:16:25 | obj.sub | receiverName | fs | -| autogenerated/TaintedPath/tainted-access-paths.js:16:19:16:25 | obj.sub | stringConcatenatedWith | | -| autogenerated/TaintedPath/tainted-access-paths.js:20:21:20:28 | obj.sub2 | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/tainted-access-paths.js:20:21:20:28 | obj.sub2 | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/tainted-access-paths.js:20:21:20:28 | obj.sub2 | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/tainted-access-paths.js:20:21:20:28 | obj.sub2 | assignedToPropName | | -| autogenerated/TaintedPath/tainted-access-paths.js:20:21:20:28 | obj.sub2 | calleeImports | fs | -| autogenerated/TaintedPath/tainted-access-paths.js:20:21:20:28 | obj.sub2 | contextFunctionInterfaces | | -| autogenerated/TaintedPath/tainted-access-paths.js:20:21:20:28 | obj.sub2 | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/tainted-access-paths.js:20:21:20:28 | obj.sub2 | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path obj bla something path fs readFileSync obj sub obj sub safe fs readFileSync obj sub obj sub2 safe random fs readFileSync obj sub2 random obj sub3 safe fs readFileSync obj sub3 obj sub4 fs readFileSync obj sub4 fs readFileSync obj sub4 fs readFileSync obj sub4 | -| autogenerated/TaintedPath/tainted-access-paths.js:20:21:20:28 | obj.sub2 | enclosingFunctionName | http.createServer#functionalargument | -| autogenerated/TaintedPath/tainted-access-paths.js:20:21:20:28 | obj.sub2 | fileImports | fs http url | -| autogenerated/TaintedPath/tainted-access-paths.js:20:21:20:28 | obj.sub2 | receiverName | fs | -| autogenerated/TaintedPath/tainted-access-paths.js:20:21:20:28 | obj.sub2 | stringConcatenatedWith | | -| autogenerated/TaintedPath/tainted-access-paths.js:26:19:26:26 | obj.sub3 | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/tainted-access-paths.js:26:19:26:26 | obj.sub3 | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/tainted-access-paths.js:26:19:26:26 | obj.sub3 | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/tainted-access-paths.js:26:19:26:26 | obj.sub3 | assignedToPropName | | -| autogenerated/TaintedPath/tainted-access-paths.js:26:19:26:26 | obj.sub3 | calleeImports | fs | -| autogenerated/TaintedPath/tainted-access-paths.js:26:19:26:26 | obj.sub3 | contextFunctionInterfaces | | -| autogenerated/TaintedPath/tainted-access-paths.js:26:19:26:26 | obj.sub3 | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/tainted-access-paths.js:26:19:26:26 | obj.sub3 | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path obj bla something path fs readFileSync obj sub obj sub safe fs readFileSync obj sub obj sub2 safe random fs readFileSync obj sub2 random obj sub3 safe fs readFileSync obj sub3 obj sub4 fs readFileSync obj sub4 fs readFileSync obj sub4 fs readFileSync obj sub4 | -| autogenerated/TaintedPath/tainted-access-paths.js:26:19:26:26 | obj.sub3 | enclosingFunctionName | http.createServer#functionalargument | -| autogenerated/TaintedPath/tainted-access-paths.js:26:19:26:26 | obj.sub3 | fileImports | fs http url | -| autogenerated/TaintedPath/tainted-access-paths.js:26:19:26:26 | obj.sub3 | receiverName | fs | -| autogenerated/TaintedPath/tainted-access-paths.js:26:19:26:26 | obj.sub3 | stringConcatenatedWith | | -| autogenerated/TaintedPath/tainted-access-paths.js:29:21:29:28 | obj.sub4 | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/tainted-access-paths.js:29:21:29:28 | obj.sub4 | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/tainted-access-paths.js:29:21:29:28 | obj.sub4 | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/tainted-access-paths.js:29:21:29:28 | obj.sub4 | assignedToPropName | | -| autogenerated/TaintedPath/tainted-access-paths.js:29:21:29:28 | obj.sub4 | calleeImports | fs | -| autogenerated/TaintedPath/tainted-access-paths.js:29:21:29:28 | obj.sub4 | contextFunctionInterfaces | | -| autogenerated/TaintedPath/tainted-access-paths.js:29:21:29:28 | obj.sub4 | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/tainted-access-paths.js:29:21:29:28 | obj.sub4 | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path obj bla something path fs readFileSync obj sub obj sub safe fs readFileSync obj sub obj sub2 safe random fs readFileSync obj sub2 random obj sub3 safe fs readFileSync obj sub3 obj sub4 fs readFileSync obj sub4 fs readFileSync obj sub4 fs readFileSync obj sub4 | -| autogenerated/TaintedPath/tainted-access-paths.js:29:21:29:28 | obj.sub4 | enclosingFunctionName | http.createServer#functionalargument | -| autogenerated/TaintedPath/tainted-access-paths.js:29:21:29:28 | obj.sub4 | fileImports | fs http url | -| autogenerated/TaintedPath/tainted-access-paths.js:29:21:29:28 | obj.sub4 | receiverName | fs | -| autogenerated/TaintedPath/tainted-access-paths.js:29:21:29:28 | obj.sub4 | stringConcatenatedWith | | -| autogenerated/TaintedPath/tainted-access-paths.js:30:23:30:30 | obj.sub4 | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/tainted-access-paths.js:30:23:30:30 | obj.sub4 | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/tainted-access-paths.js:30:23:30:30 | obj.sub4 | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/tainted-access-paths.js:30:23:30:30 | obj.sub4 | assignedToPropName | | -| autogenerated/TaintedPath/tainted-access-paths.js:30:23:30:30 | obj.sub4 | calleeImports | fs | -| autogenerated/TaintedPath/tainted-access-paths.js:30:23:30:30 | obj.sub4 | contextFunctionInterfaces | | -| autogenerated/TaintedPath/tainted-access-paths.js:30:23:30:30 | obj.sub4 | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/tainted-access-paths.js:30:23:30:30 | obj.sub4 | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path obj bla something path fs readFileSync obj sub obj sub safe fs readFileSync obj sub obj sub2 safe random fs readFileSync obj sub2 random obj sub3 safe fs readFileSync obj sub3 obj sub4 fs readFileSync obj sub4 fs readFileSync obj sub4 fs readFileSync obj sub4 | -| autogenerated/TaintedPath/tainted-access-paths.js:30:23:30:30 | obj.sub4 | enclosingFunctionName | http.createServer#functionalargument | -| autogenerated/TaintedPath/tainted-access-paths.js:30:23:30:30 | obj.sub4 | fileImports | fs http url | -| autogenerated/TaintedPath/tainted-access-paths.js:30:23:30:30 | obj.sub4 | receiverName | fs | -| autogenerated/TaintedPath/tainted-access-paths.js:30:23:30:30 | obj.sub4 | stringConcatenatedWith | | -| autogenerated/TaintedPath/tainted-access-paths.js:31:23:31:30 | obj.sub4 | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/tainted-access-paths.js:31:23:31:30 | obj.sub4 | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/tainted-access-paths.js:31:23:31:30 | obj.sub4 | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/tainted-access-paths.js:31:23:31:30 | obj.sub4 | assignedToPropName | | -| autogenerated/TaintedPath/tainted-access-paths.js:31:23:31:30 | obj.sub4 | calleeImports | fs | -| autogenerated/TaintedPath/tainted-access-paths.js:31:23:31:30 | obj.sub4 | contextFunctionInterfaces | | -| autogenerated/TaintedPath/tainted-access-paths.js:31:23:31:30 | obj.sub4 | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/tainted-access-paths.js:31:23:31:30 | obj.sub4 | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path obj bla something path fs readFileSync obj sub obj sub safe fs readFileSync obj sub obj sub2 safe random fs readFileSync obj sub2 random obj sub3 safe fs readFileSync obj sub3 obj sub4 fs readFileSync obj sub4 fs readFileSync obj sub4 fs readFileSync obj sub4 | -| autogenerated/TaintedPath/tainted-access-paths.js:31:23:31:30 | obj.sub4 | enclosingFunctionName | http.createServer#functionalargument | -| autogenerated/TaintedPath/tainted-access-paths.js:31:23:31:30 | obj.sub4 | fileImports | fs http url | -| autogenerated/TaintedPath/tainted-access-paths.js:31:23:31:30 | obj.sub4 | receiverName | fs | -| autogenerated/TaintedPath/tainted-access-paths.js:31:23:31:30 | obj.sub4 | stringConcatenatedWith | | -| autogenerated/TaintedPath/tainted-array-steps.js:1:18:1:21 | 'fs' | CalleeFlexibleAccessPath | require | -| autogenerated/TaintedPath/tainted-array-steps.js:1:18:1:21 | 'fs' | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/tainted-array-steps.js:1:18:1:21 | 'fs' | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/tainted-array-steps.js:1:18:1:21 | 'fs' | assignedToPropName | | -| autogenerated/TaintedPath/tainted-array-steps.js:1:18:1:21 | 'fs' | calleeImports | | -| autogenerated/TaintedPath/tainted-array-steps.js:1:18:1:21 | 'fs' | contextFunctionInterfaces | | -| autogenerated/TaintedPath/tainted-array-steps.js:1:18:1:21 | 'fs' | contextSurroundingFunctionParameters | | -| autogenerated/TaintedPath/tainted-array-steps.js:1:18:1:21 | 'fs' | enclosingFunctionBody | | -| autogenerated/TaintedPath/tainted-array-steps.js:1:18:1:21 | 'fs' | enclosingFunctionName | | -| autogenerated/TaintedPath/tainted-array-steps.js:1:18:1:21 | 'fs' | fileImports | fs http path sanitize-filename url | -| autogenerated/TaintedPath/tainted-array-steps.js:1:18:1:21 | 'fs' | receiverName | | -| autogenerated/TaintedPath/tainted-array-steps.js:1:18:1:21 | 'fs' | stringConcatenatedWith | | -| autogenerated/TaintedPath/tainted-array-steps.js:2:20:2:25 | 'http' | CalleeFlexibleAccessPath | require | -| autogenerated/TaintedPath/tainted-array-steps.js:2:20:2:25 | 'http' | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/tainted-array-steps.js:2:20:2:25 | 'http' | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/tainted-array-steps.js:2:20:2:25 | 'http' | assignedToPropName | | -| autogenerated/TaintedPath/tainted-array-steps.js:2:20:2:25 | 'http' | calleeImports | | -| autogenerated/TaintedPath/tainted-array-steps.js:2:20:2:25 | 'http' | contextFunctionInterfaces | | -| autogenerated/TaintedPath/tainted-array-steps.js:2:20:2:25 | 'http' | contextSurroundingFunctionParameters | | -| autogenerated/TaintedPath/tainted-array-steps.js:2:20:2:25 | 'http' | enclosingFunctionBody | | -| autogenerated/TaintedPath/tainted-array-steps.js:2:20:2:25 | 'http' | enclosingFunctionName | | -| autogenerated/TaintedPath/tainted-array-steps.js:2:20:2:25 | 'http' | fileImports | fs http path sanitize-filename url | -| autogenerated/TaintedPath/tainted-array-steps.js:2:20:2:25 | 'http' | receiverName | | -| autogenerated/TaintedPath/tainted-array-steps.js:2:20:2:25 | 'http' | stringConcatenatedWith | | -| autogenerated/TaintedPath/tainted-array-steps.js:3:19:3:23 | 'url' | CalleeFlexibleAccessPath | require | -| autogenerated/TaintedPath/tainted-array-steps.js:3:19:3:23 | 'url' | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/tainted-array-steps.js:3:19:3:23 | 'url' | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/tainted-array-steps.js:3:19:3:23 | 'url' | assignedToPropName | | -| autogenerated/TaintedPath/tainted-array-steps.js:3:19:3:23 | 'url' | calleeImports | | -| autogenerated/TaintedPath/tainted-array-steps.js:3:19:3:23 | 'url' | contextFunctionInterfaces | | -| autogenerated/TaintedPath/tainted-array-steps.js:3:19:3:23 | 'url' | contextSurroundingFunctionParameters | | -| autogenerated/TaintedPath/tainted-array-steps.js:3:19:3:23 | 'url' | enclosingFunctionBody | | -| autogenerated/TaintedPath/tainted-array-steps.js:3:19:3:23 | 'url' | enclosingFunctionName | | -| autogenerated/TaintedPath/tainted-array-steps.js:3:19:3:23 | 'url' | fileImports | fs http path sanitize-filename url | -| autogenerated/TaintedPath/tainted-array-steps.js:3:19:3:23 | 'url' | receiverName | | -| autogenerated/TaintedPath/tainted-array-steps.js:3:19:3:23 | 'url' | stringConcatenatedWith | | -| autogenerated/TaintedPath/tainted-array-steps.js:4:24:4:42 | 'sanitize-filename' | CalleeFlexibleAccessPath | require | -| autogenerated/TaintedPath/tainted-array-steps.js:4:24:4:42 | 'sanitize-filename' | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/tainted-array-steps.js:4:24:4:42 | 'sanitize-filename' | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/tainted-array-steps.js:4:24:4:42 | 'sanitize-filename' | assignedToPropName | | -| autogenerated/TaintedPath/tainted-array-steps.js:4:24:4:42 | 'sanitize-filename' | calleeImports | | -| autogenerated/TaintedPath/tainted-array-steps.js:4:24:4:42 | 'sanitize-filename' | contextFunctionInterfaces | | -| autogenerated/TaintedPath/tainted-array-steps.js:4:24:4:42 | 'sanitize-filename' | contextSurroundingFunctionParameters | | -| autogenerated/TaintedPath/tainted-array-steps.js:4:24:4:42 | 'sanitize-filename' | enclosingFunctionBody | | -| autogenerated/TaintedPath/tainted-array-steps.js:4:24:4:42 | 'sanitize-filename' | enclosingFunctionName | | -| autogenerated/TaintedPath/tainted-array-steps.js:4:24:4:42 | 'sanitize-filename' | fileImports | fs http path sanitize-filename url | -| autogenerated/TaintedPath/tainted-array-steps.js:4:24:4:42 | 'sanitize-filename' | receiverName | | -| autogenerated/TaintedPath/tainted-array-steps.js:4:24:4:42 | 'sanitize-filename' | stringConcatenatedWith | | -| autogenerated/TaintedPath/tainted-array-steps.js:5:26:5:31 | 'path' | CalleeFlexibleAccessPath | require | -| autogenerated/TaintedPath/tainted-array-steps.js:5:26:5:31 | 'path' | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/tainted-array-steps.js:5:26:5:31 | 'path' | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/tainted-array-steps.js:5:26:5:31 | 'path' | assignedToPropName | | -| autogenerated/TaintedPath/tainted-array-steps.js:5:26:5:31 | 'path' | calleeImports | | -| autogenerated/TaintedPath/tainted-array-steps.js:5:26:5:31 | 'path' | contextFunctionInterfaces | | -| autogenerated/TaintedPath/tainted-array-steps.js:5:26:5:31 | 'path' | contextSurroundingFunctionParameters | | -| autogenerated/TaintedPath/tainted-array-steps.js:5:26:5:31 | 'path' | enclosingFunctionBody | | -| autogenerated/TaintedPath/tainted-array-steps.js:5:26:5:31 | 'path' | enclosingFunctionName | | -| autogenerated/TaintedPath/tainted-array-steps.js:5:26:5:31 | 'path' | fileImports | fs http path sanitize-filename url | -| autogenerated/TaintedPath/tainted-array-steps.js:5:26:5:31 | 'path' | receiverName | | -| autogenerated/TaintedPath/tainted-array-steps.js:5:26:5:31 | 'path' | stringConcatenatedWith | | -| autogenerated/TaintedPath/tainted-array-steps.js:8:32:15:1 | functio ... ENCY]\\n} | CalleeFlexibleAccessPath | http.createServer | -| autogenerated/TaintedPath/tainted-array-steps.js:8:32:15:1 | functio ... ENCY]\\n} | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/tainted-array-steps.js:8:32:15:1 | functio ... ENCY]\\n} | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/tainted-array-steps.js:8:32:15:1 | functio ... ENCY]\\n} | assignedToPropName | | -| autogenerated/TaintedPath/tainted-array-steps.js:8:32:15:1 | functio ... ENCY]\\n} | calleeImports | http | -| autogenerated/TaintedPath/tainted-array-steps.js:8:32:15:1 | functio ... ENCY]\\n} | contextFunctionInterfaces | | -| autogenerated/TaintedPath/tainted-array-steps.js:8:32:15:1 | functio ... ENCY]\\n} | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/tainted-array-steps.js:8:32:15:1 | functio ... ENCY]\\n} | enclosingFunctionBody | | -| autogenerated/TaintedPath/tainted-array-steps.js:8:32:15:1 | functio ... ENCY]\\n} | enclosingFunctionName | | -| autogenerated/TaintedPath/tainted-array-steps.js:8:32:15:1 | functio ... ENCY]\\n} | fileImports | fs http path sanitize-filename url | -| autogenerated/TaintedPath/tainted-array-steps.js:8:32:15:1 | functio ... ENCY]\\n} | receiverName | http | -| autogenerated/TaintedPath/tainted-array-steps.js:8:32:15:1 | functio ... ENCY]\\n} | stringConcatenatedWith | | -| autogenerated/TaintedPath/tainted-array-steps.js:10:29:10:54 | ['publi ... in('/') | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/tainted-array-steps.js:10:29:10:54 | ['publi ... in('/') | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/tainted-array-steps.js:10:29:10:54 | ['publi ... in('/') | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/tainted-array-steps.js:10:29:10:54 | ['publi ... in('/') | assignedToPropName | | -| autogenerated/TaintedPath/tainted-array-steps.js:10:29:10:54 | ['publi ... in('/') | calleeImports | fs | -| autogenerated/TaintedPath/tainted-array-steps.js:10:29:10:54 | ['publi ... in('/') | contextFunctionInterfaces | | -| autogenerated/TaintedPath/tainted-array-steps.js:10:29:10:54 | ['publi ... in('/') | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/tainted-array-steps.js:10:29:10:54 | ['publi ... in('/') | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync public path join / parts public path parts parts map x x toLowerCase res write fs readFileSync parts join / | -| autogenerated/TaintedPath/tainted-array-steps.js:10:29:10:54 | ['publi ... in('/') | enclosingFunctionName | http.createServer#functionalargument | -| autogenerated/TaintedPath/tainted-array-steps.js:10:29:10:54 | ['publi ... in('/') | fileImports | fs http path sanitize-filename url | -| autogenerated/TaintedPath/tainted-array-steps.js:10:29:10:54 | ['publi ... in('/') | receiverName | fs | -| autogenerated/TaintedPath/tainted-array-steps.js:10:29:10:54 | ['publi ... in('/') | stringConcatenatedWith | | -| autogenerated/TaintedPath/tainted-array-steps.js:14:29:14:43 | parts.join('/') | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/tainted-array-steps.js:14:29:14:43 | parts.join('/') | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/tainted-array-steps.js:14:29:14:43 | parts.join('/') | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/tainted-array-steps.js:14:29:14:43 | parts.join('/') | assignedToPropName | | -| autogenerated/TaintedPath/tainted-array-steps.js:14:29:14:43 | parts.join('/') | calleeImports | fs | -| autogenerated/TaintedPath/tainted-array-steps.js:14:29:14:43 | parts.join('/') | contextFunctionInterfaces | | -| autogenerated/TaintedPath/tainted-array-steps.js:14:29:14:43 | parts.join('/') | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/tainted-array-steps.js:14:29:14:43 | parts.join('/') | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync public path join / parts public path parts parts map x x toLowerCase res write fs readFileSync parts join / | -| autogenerated/TaintedPath/tainted-array-steps.js:14:29:14:43 | parts.join('/') | enclosingFunctionName | http.createServer#functionalargument | -| autogenerated/TaintedPath/tainted-array-steps.js:14:29:14:43 | parts.join('/') | fileImports | fs http path sanitize-filename url | -| autogenerated/TaintedPath/tainted-array-steps.js:14:29:14:43 | parts.join('/') | receiverName | fs | -| autogenerated/TaintedPath/tainted-array-steps.js:14:29:14:43 | parts.join('/') | stringConcatenatedWith | | -| autogenerated/TaintedPath/tainted-array-steps.js:14:40:14:42 | '/' | CalleeFlexibleAccessPath | parts.join | -| autogenerated/TaintedPath/tainted-array-steps.js:14:40:14:42 | '/' | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/tainted-array-steps.js:14:40:14:42 | '/' | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/tainted-array-steps.js:14:40:14:42 | '/' | assignedToPropName | | -| autogenerated/TaintedPath/tainted-array-steps.js:14:40:14:42 | '/' | calleeImports | | -| autogenerated/TaintedPath/tainted-array-steps.js:14:40:14:42 | '/' | contextFunctionInterfaces | | -| autogenerated/TaintedPath/tainted-array-steps.js:14:40:14:42 | '/' | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/tainted-array-steps.js:14:40:14:42 | '/' | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync public path join / parts public path parts parts map x x toLowerCase res write fs readFileSync parts join / | -| autogenerated/TaintedPath/tainted-array-steps.js:14:40:14:42 | '/' | enclosingFunctionName | http.createServer#functionalargument | -| autogenerated/TaintedPath/tainted-array-steps.js:14:40:14:42 | '/' | fileImports | fs http path sanitize-filename url | -| autogenerated/TaintedPath/tainted-array-steps.js:14:40:14:42 | '/' | receiverName | parts | -| autogenerated/TaintedPath/tainted-array-steps.js:14:40:14:42 | '/' | stringConcatenatedWith | | -| autogenerated/TaintedPath/tainted-require.js:1:23:1:31 | 'express' | CalleeFlexibleAccessPath | require | -| autogenerated/TaintedPath/tainted-require.js:1:23:1:31 | 'express' | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/tainted-require.js:1:23:1:31 | 'express' | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/tainted-require.js:1:23:1:31 | 'express' | assignedToPropName | | -| autogenerated/TaintedPath/tainted-require.js:1:23:1:31 | 'express' | calleeImports | | -| autogenerated/TaintedPath/tainted-require.js:1:23:1:31 | 'express' | contextFunctionInterfaces | | -| autogenerated/TaintedPath/tainted-require.js:1:23:1:31 | 'express' | contextSurroundingFunctionParameters | | -| autogenerated/TaintedPath/tainted-require.js:1:23:1:31 | 'express' | enclosingFunctionBody | | -| autogenerated/TaintedPath/tainted-require.js:1:23:1:31 | 'express' | enclosingFunctionName | | -| autogenerated/TaintedPath/tainted-require.js:1:23:1:31 | 'express' | fileImports | express | -| autogenerated/TaintedPath/tainted-require.js:1:23:1:31 | 'express' | receiverName | | -| autogenerated/TaintedPath/tainted-require.js:1:23:1:31 | 'express' | stringConcatenatedWith | | -| autogenerated/TaintedPath/tainted-require.js:5:9:5:20 | '/some/path' | CalleeFlexibleAccessPath | app.get | -| autogenerated/TaintedPath/tainted-require.js:5:9:5:20 | '/some/path' | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/tainted-require.js:5:9:5:20 | '/some/path' | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/tainted-require.js:5:9:5:20 | '/some/path' | assignedToPropName | | -| autogenerated/TaintedPath/tainted-require.js:5:9:5:20 | '/some/path' | calleeImports | express | -| autogenerated/TaintedPath/tainted-require.js:5:9:5:20 | '/some/path' | contextFunctionInterfaces | | -| autogenerated/TaintedPath/tainted-require.js:5:9:5:20 | '/some/path' | contextSurroundingFunctionParameters | | -| autogenerated/TaintedPath/tainted-require.js:5:9:5:20 | '/some/path' | enclosingFunctionBody | | -| autogenerated/TaintedPath/tainted-require.js:5:9:5:20 | '/some/path' | enclosingFunctionName | | -| autogenerated/TaintedPath/tainted-require.js:5:9:5:20 | '/some/path' | fileImports | express | -| autogenerated/TaintedPath/tainted-require.js:5:9:5:20 | '/some/path' | receiverName | app | -| autogenerated/TaintedPath/tainted-require.js:5:9:5:20 | '/some/path' | stringConcatenatedWith | | -| autogenerated/TaintedPath/tainted-require.js:5:23:8:1 | functio ... e"));\\n} | CalleeFlexibleAccessPath | app.get | -| autogenerated/TaintedPath/tainted-require.js:5:23:8:1 | functio ... e"));\\n} | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/tainted-require.js:5:23:8:1 | functio ... e"));\\n} | InputArgumentIndex | 1 | -| autogenerated/TaintedPath/tainted-require.js:5:23:8:1 | functio ... e"));\\n} | assignedToPropName | | -| autogenerated/TaintedPath/tainted-require.js:5:23:8:1 | functio ... e"));\\n} | calleeImports | express | -| autogenerated/TaintedPath/tainted-require.js:5:23:8:1 | functio ... e"));\\n} | contextFunctionInterfaces | | -| autogenerated/TaintedPath/tainted-require.js:5:23:8:1 | functio ... e"));\\n} | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/tainted-require.js:5:23:8:1 | functio ... e"));\\n} | enclosingFunctionBody | | -| autogenerated/TaintedPath/tainted-require.js:5:23:8:1 | functio ... e"));\\n} | enclosingFunctionName | | -| autogenerated/TaintedPath/tainted-require.js:5:23:8:1 | functio ... e"));\\n} | fileImports | express | -| autogenerated/TaintedPath/tainted-require.js:5:23:8:1 | functio ... e"));\\n} | receiverName | app | -| autogenerated/TaintedPath/tainted-require.js:5:23:8:1 | functio ... e"));\\n} | stringConcatenatedWith | | -| autogenerated/TaintedPath/tainted-require.js:7:19:7:37 | req.param("module") | CalleeFlexibleAccessPath | require | -| autogenerated/TaintedPath/tainted-require.js:7:19:7:37 | req.param("module") | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/tainted-require.js:7:19:7:37 | req.param("module") | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/tainted-require.js:7:19:7:37 | req.param("module") | assignedToPropName | | -| autogenerated/TaintedPath/tainted-require.js:7:19:7:37 | req.param("module") | calleeImports | | -| autogenerated/TaintedPath/tainted-require.js:7:19:7:37 | req.param("module") | contextFunctionInterfaces | | -| autogenerated/TaintedPath/tainted-require.js:7:19:7:37 | req.param("module") | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/tainted-require.js:7:19:7:37 | req.param("module") | enclosingFunctionBody | req res m require req param module | -| autogenerated/TaintedPath/tainted-require.js:7:19:7:37 | req.param("module") | enclosingFunctionName | app.get#functionalargument | -| autogenerated/TaintedPath/tainted-require.js:7:19:7:37 | req.param("module") | fileImports | express | -| autogenerated/TaintedPath/tainted-require.js:7:19:7:37 | req.param("module") | receiverName | | -| autogenerated/TaintedPath/tainted-require.js:7:19:7:37 | req.param("module") | stringConcatenatedWith | | -| autogenerated/TaintedPath/tainted-require.js:7:29:7:36 | "module" | CalleeFlexibleAccessPath | req.param | -| autogenerated/TaintedPath/tainted-require.js:7:29:7:36 | "module" | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/tainted-require.js:7:29:7:36 | "module" | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/tainted-require.js:7:29:7:36 | "module" | assignedToPropName | | -| autogenerated/TaintedPath/tainted-require.js:7:29:7:36 | "module" | calleeImports | | -| autogenerated/TaintedPath/tainted-require.js:7:29:7:36 | "module" | contextFunctionInterfaces | | -| autogenerated/TaintedPath/tainted-require.js:7:29:7:36 | "module" | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/tainted-require.js:7:29:7:36 | "module" | enclosingFunctionBody | req res m require req param module | -| autogenerated/TaintedPath/tainted-require.js:7:29:7:36 | "module" | enclosingFunctionName | app.get#functionalargument | -| autogenerated/TaintedPath/tainted-require.js:7:29:7:36 | "module" | fileImports | express | -| autogenerated/TaintedPath/tainted-require.js:7:29:7:36 | "module" | receiverName | req | -| autogenerated/TaintedPath/tainted-require.js:7:29:7:36 | "module" | stringConcatenatedWith | | -| autogenerated/TaintedPath/tainted-sendFile.js:1:23:1:31 | 'express' | CalleeFlexibleAccessPath | require | -| autogenerated/TaintedPath/tainted-sendFile.js:1:23:1:31 | 'express' | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/tainted-sendFile.js:1:23:1:31 | 'express' | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/tainted-sendFile.js:1:23:1:31 | 'express' | assignedToPropName | | -| autogenerated/TaintedPath/tainted-sendFile.js:1:23:1:31 | 'express' | calleeImports | | -| autogenerated/TaintedPath/tainted-sendFile.js:1:23:1:31 | 'express' | contextFunctionInterfaces | | -| autogenerated/TaintedPath/tainted-sendFile.js:1:23:1:31 | 'express' | contextSurroundingFunctionParameters | | -| autogenerated/TaintedPath/tainted-sendFile.js:1:23:1:31 | 'express' | enclosingFunctionBody | | -| autogenerated/TaintedPath/tainted-sendFile.js:1:23:1:31 | 'express' | enclosingFunctionName | | -| autogenerated/TaintedPath/tainted-sendFile.js:1:23:1:31 | 'express' | fileImports | express path | -| autogenerated/TaintedPath/tainted-sendFile.js:1:23:1:31 | 'express' | receiverName | | -| autogenerated/TaintedPath/tainted-sendFile.js:1:23:1:31 | 'express' | stringConcatenatedWith | | -| autogenerated/TaintedPath/tainted-sendFile.js:2:12:2:26 | require('path') | CalleeFlexibleAccessPath | | -| autogenerated/TaintedPath/tainted-sendFile.js:2:12:2:26 | require('path') | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/tainted-sendFile.js:2:12:2:26 | require('path') | InputArgumentIndex | | -| autogenerated/TaintedPath/tainted-sendFile.js:2:12:2:26 | require('path') | assignedToPropName | | -| autogenerated/TaintedPath/tainted-sendFile.js:2:12:2:26 | require('path') | calleeImports | | -| autogenerated/TaintedPath/tainted-sendFile.js:2:12:2:26 | require('path') | contextFunctionInterfaces | | -| autogenerated/TaintedPath/tainted-sendFile.js:2:12:2:26 | require('path') | contextSurroundingFunctionParameters | | -| autogenerated/TaintedPath/tainted-sendFile.js:2:12:2:26 | require('path') | enclosingFunctionBody | | -| autogenerated/TaintedPath/tainted-sendFile.js:2:12:2:26 | require('path') | enclosingFunctionName | | -| autogenerated/TaintedPath/tainted-sendFile.js:2:12:2:26 | require('path') | fileImports | express path | -| autogenerated/TaintedPath/tainted-sendFile.js:2:12:2:26 | require('path') | receiverName | | -| autogenerated/TaintedPath/tainted-sendFile.js:2:12:2:26 | require('path') | stringConcatenatedWith | | -| autogenerated/TaintedPath/tainted-sendFile.js:2:20:2:25 | 'path' | CalleeFlexibleAccessPath | require | -| autogenerated/TaintedPath/tainted-sendFile.js:2:20:2:25 | 'path' | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/tainted-sendFile.js:2:20:2:25 | 'path' | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/tainted-sendFile.js:2:20:2:25 | 'path' | assignedToPropName | | -| autogenerated/TaintedPath/tainted-sendFile.js:2:20:2:25 | 'path' | calleeImports | | -| autogenerated/TaintedPath/tainted-sendFile.js:2:20:2:25 | 'path' | contextFunctionInterfaces | | -| autogenerated/TaintedPath/tainted-sendFile.js:2:20:2:25 | 'path' | contextSurroundingFunctionParameters | | -| autogenerated/TaintedPath/tainted-sendFile.js:2:20:2:25 | 'path' | enclosingFunctionBody | | -| autogenerated/TaintedPath/tainted-sendFile.js:2:20:2:25 | 'path' | enclosingFunctionName | | -| autogenerated/TaintedPath/tainted-sendFile.js:2:20:2:25 | 'path' | fileImports | express path | -| autogenerated/TaintedPath/tainted-sendFile.js:2:20:2:25 | 'path' | receiverName | | -| autogenerated/TaintedPath/tainted-sendFile.js:2:20:2:25 | 'path' | stringConcatenatedWith | | -| autogenerated/TaintedPath/tainted-sendFile.js:6:9:6:23 | '/some/path/:x' | CalleeFlexibleAccessPath | app.get | -| autogenerated/TaintedPath/tainted-sendFile.js:6:9:6:23 | '/some/path/:x' | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/tainted-sendFile.js:6:9:6:23 | '/some/path/:x' | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/tainted-sendFile.js:6:9:6:23 | '/some/path/:x' | assignedToPropName | | -| autogenerated/TaintedPath/tainted-sendFile.js:6:9:6:23 | '/some/path/:x' | calleeImports | express | -| autogenerated/TaintedPath/tainted-sendFile.js:6:9:6:23 | '/some/path/:x' | contextFunctionInterfaces | | -| autogenerated/TaintedPath/tainted-sendFile.js:6:9:6:23 | '/some/path/:x' | contextSurroundingFunctionParameters | | -| autogenerated/TaintedPath/tainted-sendFile.js:6:9:6:23 | '/some/path/:x' | enclosingFunctionBody | | -| autogenerated/TaintedPath/tainted-sendFile.js:6:9:6:23 | '/some/path/:x' | enclosingFunctionName | | -| autogenerated/TaintedPath/tainted-sendFile.js:6:9:6:23 | '/some/path/:x' | fileImports | express path | -| autogenerated/TaintedPath/tainted-sendFile.js:6:9:6:23 | '/some/path/:x' | receiverName | app | -| autogenerated/TaintedPath/tainted-sendFile.js:6:9:6:23 | '/some/path/:x' | stringConcatenatedWith | | -| autogenerated/TaintedPath/tainted-sendFile.js:6:26:28:1 | functio ... ata/'\\n} | CalleeFlexibleAccessPath | app.get | -| autogenerated/TaintedPath/tainted-sendFile.js:6:26:28:1 | functio ... ata/'\\n} | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/tainted-sendFile.js:6:26:28:1 | functio ... ata/'\\n} | InputArgumentIndex | 1 | -| autogenerated/TaintedPath/tainted-sendFile.js:6:26:28:1 | functio ... ata/'\\n} | assignedToPropName | | -| autogenerated/TaintedPath/tainted-sendFile.js:6:26:28:1 | functio ... ata/'\\n} | calleeImports | express | -| autogenerated/TaintedPath/tainted-sendFile.js:6:26:28:1 | functio ... ata/'\\n} | contextFunctionInterfaces | | -| autogenerated/TaintedPath/tainted-sendFile.js:6:26:28:1 | functio ... ata/'\\n} | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/tainted-sendFile.js:6:26:28:1 | functio ... ata/'\\n} | enclosingFunctionBody | | -| autogenerated/TaintedPath/tainted-sendFile.js:6:26:28:1 | functio ... ata/'\\n} | enclosingFunctionName | | -| autogenerated/TaintedPath/tainted-sendFile.js:6:26:28:1 | functio ... ata/'\\n} | fileImports | express path | -| autogenerated/TaintedPath/tainted-sendFile.js:6:26:28:1 | functio ... ata/'\\n} | receiverName | app | -| autogenerated/TaintedPath/tainted-sendFile.js:6:26:28:1 | functio ... ata/'\\n} | stringConcatenatedWith | | -| autogenerated/TaintedPath/tainted-sendFile.js:8:16:8:33 | req.param("gimme") | CalleeFlexibleAccessPath | res.sendFile | -| autogenerated/TaintedPath/tainted-sendFile.js:8:16:8:33 | req.param("gimme") | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/tainted-sendFile.js:8:16:8:33 | req.param("gimme") | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/tainted-sendFile.js:8:16:8:33 | req.param("gimme") | assignedToPropName | | -| autogenerated/TaintedPath/tainted-sendFile.js:8:16:8:33 | req.param("gimme") | calleeImports | | -| autogenerated/TaintedPath/tainted-sendFile.js:8:16:8:33 | req.param("gimme") | contextFunctionInterfaces | | -| autogenerated/TaintedPath/tainted-sendFile.js:8:16:8:33 | req.param("gimme") | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/tainted-sendFile.js:8:16:8:33 | req.param("gimme") | enclosingFunctionBody | req res res sendFile req param gimme res sendfile req param gimme res sendFile req param gimme root process cwd res sendfile req param gimme root process cwd res sendFile req param file root req param dir homeDir path resolve . res sendFile homeDir /data/ req params x res sendfile data/ req params x res sendFile path resolve data req params x res sendfile path join data req params x res sendFile homeDir path join data req params x | -| autogenerated/TaintedPath/tainted-sendFile.js:8:16:8:33 | req.param("gimme") | enclosingFunctionName | app.get#functionalargument | -| autogenerated/TaintedPath/tainted-sendFile.js:8:16:8:33 | req.param("gimme") | fileImports | express path | -| autogenerated/TaintedPath/tainted-sendFile.js:8:16:8:33 | req.param("gimme") | receiverName | res | -| autogenerated/TaintedPath/tainted-sendFile.js:8:16:8:33 | req.param("gimme") | stringConcatenatedWith | | -| autogenerated/TaintedPath/tainted-sendFile.js:8:26:8:32 | "gimme" | CalleeFlexibleAccessPath | req.param | -| autogenerated/TaintedPath/tainted-sendFile.js:8:26:8:32 | "gimme" | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/tainted-sendFile.js:8:26:8:32 | "gimme" | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/tainted-sendFile.js:8:26:8:32 | "gimme" | assignedToPropName | | -| autogenerated/TaintedPath/tainted-sendFile.js:8:26:8:32 | "gimme" | calleeImports | | -| autogenerated/TaintedPath/tainted-sendFile.js:8:26:8:32 | "gimme" | contextFunctionInterfaces | | -| autogenerated/TaintedPath/tainted-sendFile.js:8:26:8:32 | "gimme" | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/tainted-sendFile.js:8:26:8:32 | "gimme" | enclosingFunctionBody | req res res sendFile req param gimme res sendfile req param gimme res sendFile req param gimme root process cwd res sendfile req param gimme root process cwd res sendFile req param file root req param dir homeDir path resolve . res sendFile homeDir /data/ req params x res sendfile data/ req params x res sendFile path resolve data req params x res sendfile path join data req params x res sendFile homeDir path join data req params x | -| autogenerated/TaintedPath/tainted-sendFile.js:8:26:8:32 | "gimme" | enclosingFunctionName | app.get#functionalargument | -| autogenerated/TaintedPath/tainted-sendFile.js:8:26:8:32 | "gimme" | fileImports | express path | -| autogenerated/TaintedPath/tainted-sendFile.js:8:26:8:32 | "gimme" | receiverName | req | -| autogenerated/TaintedPath/tainted-sendFile.js:8:26:8:32 | "gimme" | stringConcatenatedWith | | -| autogenerated/TaintedPath/tainted-sendFile.js:10:16:10:33 | req.param("gimme") | CalleeFlexibleAccessPath | res.sendfile | -| autogenerated/TaintedPath/tainted-sendFile.js:10:16:10:33 | req.param("gimme") | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/tainted-sendFile.js:10:16:10:33 | req.param("gimme") | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/tainted-sendFile.js:10:16:10:33 | req.param("gimme") | assignedToPropName | | -| autogenerated/TaintedPath/tainted-sendFile.js:10:16:10:33 | req.param("gimme") | calleeImports | | -| autogenerated/TaintedPath/tainted-sendFile.js:10:16:10:33 | req.param("gimme") | contextFunctionInterfaces | | -| autogenerated/TaintedPath/tainted-sendFile.js:10:16:10:33 | req.param("gimme") | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/tainted-sendFile.js:10:16:10:33 | req.param("gimme") | enclosingFunctionBody | req res res sendFile req param gimme res sendfile req param gimme res sendFile req param gimme root process cwd res sendfile req param gimme root process cwd res sendFile req param file root req param dir homeDir path resolve . res sendFile homeDir /data/ req params x res sendfile data/ req params x res sendFile path resolve data req params x res sendfile path join data req params x res sendFile homeDir path join data req params x | -| autogenerated/TaintedPath/tainted-sendFile.js:10:16:10:33 | req.param("gimme") | enclosingFunctionName | app.get#functionalargument | -| autogenerated/TaintedPath/tainted-sendFile.js:10:16:10:33 | req.param("gimme") | fileImports | express path | -| autogenerated/TaintedPath/tainted-sendFile.js:10:16:10:33 | req.param("gimme") | receiverName | res | -| autogenerated/TaintedPath/tainted-sendFile.js:10:16:10:33 | req.param("gimme") | stringConcatenatedWith | | -| autogenerated/TaintedPath/tainted-sendFile.js:10:26:10:32 | "gimme" | CalleeFlexibleAccessPath | req.param | -| autogenerated/TaintedPath/tainted-sendFile.js:10:26:10:32 | "gimme" | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/tainted-sendFile.js:10:26:10:32 | "gimme" | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/tainted-sendFile.js:10:26:10:32 | "gimme" | assignedToPropName | | -| autogenerated/TaintedPath/tainted-sendFile.js:10:26:10:32 | "gimme" | calleeImports | | -| autogenerated/TaintedPath/tainted-sendFile.js:10:26:10:32 | "gimme" | contextFunctionInterfaces | | -| autogenerated/TaintedPath/tainted-sendFile.js:10:26:10:32 | "gimme" | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/tainted-sendFile.js:10:26:10:32 | "gimme" | enclosingFunctionBody | req res res sendFile req param gimme res sendfile req param gimme res sendFile req param gimme root process cwd res sendfile req param gimme root process cwd res sendFile req param file root req param dir homeDir path resolve . res sendFile homeDir /data/ req params x res sendfile data/ req params x res sendFile path resolve data req params x res sendfile path join data req params x res sendFile homeDir path join data req params x | -| autogenerated/TaintedPath/tainted-sendFile.js:10:26:10:32 | "gimme" | enclosingFunctionName | app.get#functionalargument | -| autogenerated/TaintedPath/tainted-sendFile.js:10:26:10:32 | "gimme" | fileImports | express path | -| autogenerated/TaintedPath/tainted-sendFile.js:10:26:10:32 | "gimme" | receiverName | req | -| autogenerated/TaintedPath/tainted-sendFile.js:10:26:10:32 | "gimme" | stringConcatenatedWith | | -| autogenerated/TaintedPath/tainted-sendFile.js:13:16:13:33 | req.param("gimme") | CalleeFlexibleAccessPath | res.sendFile | -| autogenerated/TaintedPath/tainted-sendFile.js:13:16:13:33 | req.param("gimme") | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/tainted-sendFile.js:13:16:13:33 | req.param("gimme") | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/tainted-sendFile.js:13:16:13:33 | req.param("gimme") | assignedToPropName | | -| autogenerated/TaintedPath/tainted-sendFile.js:13:16:13:33 | req.param("gimme") | calleeImports | | -| autogenerated/TaintedPath/tainted-sendFile.js:13:16:13:33 | req.param("gimme") | contextFunctionInterfaces | | -| autogenerated/TaintedPath/tainted-sendFile.js:13:16:13:33 | req.param("gimme") | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/tainted-sendFile.js:13:16:13:33 | req.param("gimme") | enclosingFunctionBody | req res res sendFile req param gimme res sendfile req param gimme res sendFile req param gimme root process cwd res sendfile req param gimme root process cwd res sendFile req param file root req param dir homeDir path resolve . res sendFile homeDir /data/ req params x res sendfile data/ req params x res sendFile path resolve data req params x res sendfile path join data req params x res sendFile homeDir path join data req params x | -| autogenerated/TaintedPath/tainted-sendFile.js:13:16:13:33 | req.param("gimme") | enclosingFunctionName | app.get#functionalargument | -| autogenerated/TaintedPath/tainted-sendFile.js:13:16:13:33 | req.param("gimme") | fileImports | express path | -| autogenerated/TaintedPath/tainted-sendFile.js:13:16:13:33 | req.param("gimme") | receiverName | res | -| autogenerated/TaintedPath/tainted-sendFile.js:13:16:13:33 | req.param("gimme") | stringConcatenatedWith | | -| autogenerated/TaintedPath/tainted-sendFile.js:13:26:13:32 | "gimme" | CalleeFlexibleAccessPath | req.param | -| autogenerated/TaintedPath/tainted-sendFile.js:13:26:13:32 | "gimme" | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/tainted-sendFile.js:13:26:13:32 | "gimme" | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/tainted-sendFile.js:13:26:13:32 | "gimme" | assignedToPropName | | -| autogenerated/TaintedPath/tainted-sendFile.js:13:26:13:32 | "gimme" | calleeImports | | -| autogenerated/TaintedPath/tainted-sendFile.js:13:26:13:32 | "gimme" | contextFunctionInterfaces | | -| autogenerated/TaintedPath/tainted-sendFile.js:13:26:13:32 | "gimme" | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/tainted-sendFile.js:13:26:13:32 | "gimme" | enclosingFunctionBody | req res res sendFile req param gimme res sendfile req param gimme res sendFile req param gimme root process cwd res sendfile req param gimme root process cwd res sendFile req param file root req param dir homeDir path resolve . res sendFile homeDir /data/ req params x res sendfile data/ req params x res sendFile path resolve data req params x res sendfile path join data req params x res sendFile homeDir path join data req params x | -| autogenerated/TaintedPath/tainted-sendFile.js:13:26:13:32 | "gimme" | enclosingFunctionName | app.get#functionalargument | -| autogenerated/TaintedPath/tainted-sendFile.js:13:26:13:32 | "gimme" | fileImports | express path | -| autogenerated/TaintedPath/tainted-sendFile.js:13:26:13:32 | "gimme" | receiverName | req | -| autogenerated/TaintedPath/tainted-sendFile.js:13:26:13:32 | "gimme" | stringConcatenatedWith | | -| autogenerated/TaintedPath/tainted-sendFile.js:13:36:13:58 | { root: ... cwd() } | CalleeFlexibleAccessPath | res.sendFile | -| autogenerated/TaintedPath/tainted-sendFile.js:13:36:13:58 | { root: ... cwd() } | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/tainted-sendFile.js:13:36:13:58 | { root: ... cwd() } | InputArgumentIndex | 1 | -| autogenerated/TaintedPath/tainted-sendFile.js:13:36:13:58 | { root: ... cwd() } | assignedToPropName | | -| autogenerated/TaintedPath/tainted-sendFile.js:13:36:13:58 | { root: ... cwd() } | calleeImports | | -| autogenerated/TaintedPath/tainted-sendFile.js:13:36:13:58 | { root: ... cwd() } | contextFunctionInterfaces | | -| autogenerated/TaintedPath/tainted-sendFile.js:13:36:13:58 | { root: ... cwd() } | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/tainted-sendFile.js:13:36:13:58 | { root: ... cwd() } | enclosingFunctionBody | req res res sendFile req param gimme res sendfile req param gimme res sendFile req param gimme root process cwd res sendfile req param gimme root process cwd res sendFile req param file root req param dir homeDir path resolve . res sendFile homeDir /data/ req params x res sendfile data/ req params x res sendFile path resolve data req params x res sendfile path join data req params x res sendFile homeDir path join data req params x | -| autogenerated/TaintedPath/tainted-sendFile.js:13:36:13:58 | { root: ... cwd() } | enclosingFunctionName | app.get#functionalargument | -| autogenerated/TaintedPath/tainted-sendFile.js:13:36:13:58 | { root: ... cwd() } | fileImports | express path | -| autogenerated/TaintedPath/tainted-sendFile.js:13:36:13:58 | { root: ... cwd() } | receiverName | res | -| autogenerated/TaintedPath/tainted-sendFile.js:13:36:13:58 | { root: ... cwd() } | stringConcatenatedWith | | -| autogenerated/TaintedPath/tainted-sendFile.js:13:44:13:56 | process.cwd() | CalleeFlexibleAccessPath | res.sendFile | -| autogenerated/TaintedPath/tainted-sendFile.js:13:44:13:56 | process.cwd() | InputAccessPathFromCallee | 1.root | -| autogenerated/TaintedPath/tainted-sendFile.js:13:44:13:56 | process.cwd() | InputArgumentIndex | 1 | -| autogenerated/TaintedPath/tainted-sendFile.js:13:44:13:56 | process.cwd() | assignedToPropName | root | -| autogenerated/TaintedPath/tainted-sendFile.js:13:44:13:56 | process.cwd() | calleeImports | | -| autogenerated/TaintedPath/tainted-sendFile.js:13:44:13:56 | process.cwd() | contextFunctionInterfaces | | -| autogenerated/TaintedPath/tainted-sendFile.js:13:44:13:56 | process.cwd() | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/tainted-sendFile.js:13:44:13:56 | process.cwd() | enclosingFunctionBody | req res res sendFile req param gimme res sendfile req param gimme res sendFile req param gimme root process cwd res sendfile req param gimme root process cwd res sendFile req param file root req param dir homeDir path resolve . res sendFile homeDir /data/ req params x res sendfile data/ req params x res sendFile path resolve data req params x res sendfile path join data req params x res sendFile homeDir path join data req params x | -| autogenerated/TaintedPath/tainted-sendFile.js:13:44:13:56 | process.cwd() | enclosingFunctionName | app.get#functionalargument | -| autogenerated/TaintedPath/tainted-sendFile.js:13:44:13:56 | process.cwd() | fileImports | express path | -| autogenerated/TaintedPath/tainted-sendFile.js:13:44:13:56 | process.cwd() | receiverName | | -| autogenerated/TaintedPath/tainted-sendFile.js:13:44:13:56 | process.cwd() | stringConcatenatedWith | | -| autogenerated/TaintedPath/tainted-sendFile.js:15:16:15:33 | req.param("gimme") | CalleeFlexibleAccessPath | res.sendfile | -| autogenerated/TaintedPath/tainted-sendFile.js:15:16:15:33 | req.param("gimme") | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/tainted-sendFile.js:15:16:15:33 | req.param("gimme") | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/tainted-sendFile.js:15:16:15:33 | req.param("gimme") | assignedToPropName | | -| autogenerated/TaintedPath/tainted-sendFile.js:15:16:15:33 | req.param("gimme") | calleeImports | | -| autogenerated/TaintedPath/tainted-sendFile.js:15:16:15:33 | req.param("gimme") | contextFunctionInterfaces | | -| autogenerated/TaintedPath/tainted-sendFile.js:15:16:15:33 | req.param("gimme") | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/tainted-sendFile.js:15:16:15:33 | req.param("gimme") | enclosingFunctionBody | req res res sendFile req param gimme res sendfile req param gimme res sendFile req param gimme root process cwd res sendfile req param gimme root process cwd res sendFile req param file root req param dir homeDir path resolve . res sendFile homeDir /data/ req params x res sendfile data/ req params x res sendFile path resolve data req params x res sendfile path join data req params x res sendFile homeDir path join data req params x | -| autogenerated/TaintedPath/tainted-sendFile.js:15:16:15:33 | req.param("gimme") | enclosingFunctionName | app.get#functionalargument | -| autogenerated/TaintedPath/tainted-sendFile.js:15:16:15:33 | req.param("gimme") | fileImports | express path | -| autogenerated/TaintedPath/tainted-sendFile.js:15:16:15:33 | req.param("gimme") | receiverName | res | -| autogenerated/TaintedPath/tainted-sendFile.js:15:16:15:33 | req.param("gimme") | stringConcatenatedWith | | -| autogenerated/TaintedPath/tainted-sendFile.js:15:26:15:32 | "gimme" | CalleeFlexibleAccessPath | req.param | -| autogenerated/TaintedPath/tainted-sendFile.js:15:26:15:32 | "gimme" | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/tainted-sendFile.js:15:26:15:32 | "gimme" | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/tainted-sendFile.js:15:26:15:32 | "gimme" | assignedToPropName | | -| autogenerated/TaintedPath/tainted-sendFile.js:15:26:15:32 | "gimme" | calleeImports | | -| autogenerated/TaintedPath/tainted-sendFile.js:15:26:15:32 | "gimme" | contextFunctionInterfaces | | -| autogenerated/TaintedPath/tainted-sendFile.js:15:26:15:32 | "gimme" | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/tainted-sendFile.js:15:26:15:32 | "gimme" | enclosingFunctionBody | req res res sendFile req param gimme res sendfile req param gimme res sendFile req param gimme root process cwd res sendfile req param gimme root process cwd res sendFile req param file root req param dir homeDir path resolve . res sendFile homeDir /data/ req params x res sendfile data/ req params x res sendFile path resolve data req params x res sendfile path join data req params x res sendFile homeDir path join data req params x | -| autogenerated/TaintedPath/tainted-sendFile.js:15:26:15:32 | "gimme" | enclosingFunctionName | app.get#functionalargument | -| autogenerated/TaintedPath/tainted-sendFile.js:15:26:15:32 | "gimme" | fileImports | express path | -| autogenerated/TaintedPath/tainted-sendFile.js:15:26:15:32 | "gimme" | receiverName | req | -| autogenerated/TaintedPath/tainted-sendFile.js:15:26:15:32 | "gimme" | stringConcatenatedWith | | -| autogenerated/TaintedPath/tainted-sendFile.js:15:36:15:58 | { root: ... cwd() } | CalleeFlexibleAccessPath | res.sendfile | -| autogenerated/TaintedPath/tainted-sendFile.js:15:36:15:58 | { root: ... cwd() } | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/tainted-sendFile.js:15:36:15:58 | { root: ... cwd() } | InputArgumentIndex | 1 | -| autogenerated/TaintedPath/tainted-sendFile.js:15:36:15:58 | { root: ... cwd() } | assignedToPropName | | -| autogenerated/TaintedPath/tainted-sendFile.js:15:36:15:58 | { root: ... cwd() } | calleeImports | | -| autogenerated/TaintedPath/tainted-sendFile.js:15:36:15:58 | { root: ... cwd() } | contextFunctionInterfaces | | -| autogenerated/TaintedPath/tainted-sendFile.js:15:36:15:58 | { root: ... cwd() } | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/tainted-sendFile.js:15:36:15:58 | { root: ... cwd() } | enclosingFunctionBody | req res res sendFile req param gimme res sendfile req param gimme res sendFile req param gimme root process cwd res sendfile req param gimme root process cwd res sendFile req param file root req param dir homeDir path resolve . res sendFile homeDir /data/ req params x res sendfile data/ req params x res sendFile path resolve data req params x res sendfile path join data req params x res sendFile homeDir path join data req params x | -| autogenerated/TaintedPath/tainted-sendFile.js:15:36:15:58 | { root: ... cwd() } | enclosingFunctionName | app.get#functionalargument | -| autogenerated/TaintedPath/tainted-sendFile.js:15:36:15:58 | { root: ... cwd() } | fileImports | express path | -| autogenerated/TaintedPath/tainted-sendFile.js:15:36:15:58 | { root: ... cwd() } | receiverName | res | -| autogenerated/TaintedPath/tainted-sendFile.js:15:36:15:58 | { root: ... cwd() } | stringConcatenatedWith | | -| autogenerated/TaintedPath/tainted-sendFile.js:15:44:15:56 | process.cwd() | CalleeFlexibleAccessPath | res.sendfile | -| autogenerated/TaintedPath/tainted-sendFile.js:15:44:15:56 | process.cwd() | InputAccessPathFromCallee | 1.root | -| autogenerated/TaintedPath/tainted-sendFile.js:15:44:15:56 | process.cwd() | InputArgumentIndex | 1 | -| autogenerated/TaintedPath/tainted-sendFile.js:15:44:15:56 | process.cwd() | assignedToPropName | root | -| autogenerated/TaintedPath/tainted-sendFile.js:15:44:15:56 | process.cwd() | calleeImports | | -| autogenerated/TaintedPath/tainted-sendFile.js:15:44:15:56 | process.cwd() | contextFunctionInterfaces | | -| autogenerated/TaintedPath/tainted-sendFile.js:15:44:15:56 | process.cwd() | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/tainted-sendFile.js:15:44:15:56 | process.cwd() | enclosingFunctionBody | req res res sendFile req param gimme res sendfile req param gimme res sendFile req param gimme root process cwd res sendfile req param gimme root process cwd res sendFile req param file root req param dir homeDir path resolve . res sendFile homeDir /data/ req params x res sendfile data/ req params x res sendFile path resolve data req params x res sendfile path join data req params x res sendFile homeDir path join data req params x | -| autogenerated/TaintedPath/tainted-sendFile.js:15:44:15:56 | process.cwd() | enclosingFunctionName | app.get#functionalargument | -| autogenerated/TaintedPath/tainted-sendFile.js:15:44:15:56 | process.cwd() | fileImports | express path | -| autogenerated/TaintedPath/tainted-sendFile.js:15:44:15:56 | process.cwd() | receiverName | | -| autogenerated/TaintedPath/tainted-sendFile.js:15:44:15:56 | process.cwd() | stringConcatenatedWith | | -| autogenerated/TaintedPath/tainted-sendFile.js:18:16:18:32 | req.param("file") | CalleeFlexibleAccessPath | res.sendFile | -| autogenerated/TaintedPath/tainted-sendFile.js:18:16:18:32 | req.param("file") | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/tainted-sendFile.js:18:16:18:32 | req.param("file") | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/tainted-sendFile.js:18:16:18:32 | req.param("file") | assignedToPropName | | -| autogenerated/TaintedPath/tainted-sendFile.js:18:16:18:32 | req.param("file") | calleeImports | | -| autogenerated/TaintedPath/tainted-sendFile.js:18:16:18:32 | req.param("file") | contextFunctionInterfaces | | -| autogenerated/TaintedPath/tainted-sendFile.js:18:16:18:32 | req.param("file") | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/tainted-sendFile.js:18:16:18:32 | req.param("file") | enclosingFunctionBody | req res res sendFile req param gimme res sendfile req param gimme res sendFile req param gimme root process cwd res sendfile req param gimme root process cwd res sendFile req param file root req param dir homeDir path resolve . res sendFile homeDir /data/ req params x res sendfile data/ req params x res sendFile path resolve data req params x res sendfile path join data req params x res sendFile homeDir path join data req params x | -| autogenerated/TaintedPath/tainted-sendFile.js:18:16:18:32 | req.param("file") | enclosingFunctionName | app.get#functionalargument | -| autogenerated/TaintedPath/tainted-sendFile.js:18:16:18:32 | req.param("file") | fileImports | express path | -| autogenerated/TaintedPath/tainted-sendFile.js:18:16:18:32 | req.param("file") | receiverName | res | -| autogenerated/TaintedPath/tainted-sendFile.js:18:16:18:32 | req.param("file") | stringConcatenatedWith | | -| autogenerated/TaintedPath/tainted-sendFile.js:18:26:18:31 | "file" | CalleeFlexibleAccessPath | req.param | -| autogenerated/TaintedPath/tainted-sendFile.js:18:26:18:31 | "file" | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/tainted-sendFile.js:18:26:18:31 | "file" | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/tainted-sendFile.js:18:26:18:31 | "file" | assignedToPropName | | -| autogenerated/TaintedPath/tainted-sendFile.js:18:26:18:31 | "file" | calleeImports | | -| autogenerated/TaintedPath/tainted-sendFile.js:18:26:18:31 | "file" | contextFunctionInterfaces | | -| autogenerated/TaintedPath/tainted-sendFile.js:18:26:18:31 | "file" | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/tainted-sendFile.js:18:26:18:31 | "file" | enclosingFunctionBody | req res res sendFile req param gimme res sendfile req param gimme res sendFile req param gimme root process cwd res sendfile req param gimme root process cwd res sendFile req param file root req param dir homeDir path resolve . res sendFile homeDir /data/ req params x res sendfile data/ req params x res sendFile path resolve data req params x res sendfile path join data req params x res sendFile homeDir path join data req params x | -| autogenerated/TaintedPath/tainted-sendFile.js:18:26:18:31 | "file" | enclosingFunctionName | app.get#functionalargument | -| autogenerated/TaintedPath/tainted-sendFile.js:18:26:18:31 | "file" | fileImports | express path | -| autogenerated/TaintedPath/tainted-sendFile.js:18:26:18:31 | "file" | receiverName | req | -| autogenerated/TaintedPath/tainted-sendFile.js:18:26:18:31 | "file" | stringConcatenatedWith | | -| autogenerated/TaintedPath/tainted-sendFile.js:18:35:18:60 | { root: ... dir") } | CalleeFlexibleAccessPath | res.sendFile | -| autogenerated/TaintedPath/tainted-sendFile.js:18:35:18:60 | { root: ... dir") } | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/tainted-sendFile.js:18:35:18:60 | { root: ... dir") } | InputArgumentIndex | 1 | -| autogenerated/TaintedPath/tainted-sendFile.js:18:35:18:60 | { root: ... dir") } | assignedToPropName | | -| autogenerated/TaintedPath/tainted-sendFile.js:18:35:18:60 | { root: ... dir") } | calleeImports | | -| autogenerated/TaintedPath/tainted-sendFile.js:18:35:18:60 | { root: ... dir") } | contextFunctionInterfaces | | -| autogenerated/TaintedPath/tainted-sendFile.js:18:35:18:60 | { root: ... dir") } | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/tainted-sendFile.js:18:35:18:60 | { root: ... dir") } | enclosingFunctionBody | req res res sendFile req param gimme res sendfile req param gimme res sendFile req param gimme root process cwd res sendfile req param gimme root process cwd res sendFile req param file root req param dir homeDir path resolve . res sendFile homeDir /data/ req params x res sendfile data/ req params x res sendFile path resolve data req params x res sendfile path join data req params x res sendFile homeDir path join data req params x | -| autogenerated/TaintedPath/tainted-sendFile.js:18:35:18:60 | { root: ... dir") } | enclosingFunctionName | app.get#functionalargument | -| autogenerated/TaintedPath/tainted-sendFile.js:18:35:18:60 | { root: ... dir") } | fileImports | express path | -| autogenerated/TaintedPath/tainted-sendFile.js:18:35:18:60 | { root: ... dir") } | receiverName | res | -| autogenerated/TaintedPath/tainted-sendFile.js:18:35:18:60 | { root: ... dir") } | stringConcatenatedWith | | -| autogenerated/TaintedPath/tainted-sendFile.js:18:43:18:58 | req.param("dir") | CalleeFlexibleAccessPath | res.sendFile | -| autogenerated/TaintedPath/tainted-sendFile.js:18:43:18:58 | req.param("dir") | InputAccessPathFromCallee | 1.root | -| autogenerated/TaintedPath/tainted-sendFile.js:18:43:18:58 | req.param("dir") | InputArgumentIndex | 1 | -| autogenerated/TaintedPath/tainted-sendFile.js:18:43:18:58 | req.param("dir") | assignedToPropName | root | -| autogenerated/TaintedPath/tainted-sendFile.js:18:43:18:58 | req.param("dir") | calleeImports | | -| autogenerated/TaintedPath/tainted-sendFile.js:18:43:18:58 | req.param("dir") | contextFunctionInterfaces | | -| autogenerated/TaintedPath/tainted-sendFile.js:18:43:18:58 | req.param("dir") | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/tainted-sendFile.js:18:43:18:58 | req.param("dir") | enclosingFunctionBody | req res res sendFile req param gimme res sendfile req param gimme res sendFile req param gimme root process cwd res sendfile req param gimme root process cwd res sendFile req param file root req param dir homeDir path resolve . res sendFile homeDir /data/ req params x res sendfile data/ req params x res sendFile path resolve data req params x res sendfile path join data req params x res sendFile homeDir path join data req params x | -| autogenerated/TaintedPath/tainted-sendFile.js:18:43:18:58 | req.param("dir") | enclosingFunctionName | app.get#functionalargument | -| autogenerated/TaintedPath/tainted-sendFile.js:18:43:18:58 | req.param("dir") | fileImports | express path | -| autogenerated/TaintedPath/tainted-sendFile.js:18:43:18:58 | req.param("dir") | receiverName | | -| autogenerated/TaintedPath/tainted-sendFile.js:18:43:18:58 | req.param("dir") | stringConcatenatedWith | | -| autogenerated/TaintedPath/tainted-sendFile.js:18:53:18:57 | "dir" | CalleeFlexibleAccessPath | req.param | -| autogenerated/TaintedPath/tainted-sendFile.js:18:53:18:57 | "dir" | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/tainted-sendFile.js:18:53:18:57 | "dir" | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/tainted-sendFile.js:18:53:18:57 | "dir" | assignedToPropName | | -| autogenerated/TaintedPath/tainted-sendFile.js:18:53:18:57 | "dir" | calleeImports | | -| autogenerated/TaintedPath/tainted-sendFile.js:18:53:18:57 | "dir" | contextFunctionInterfaces | | -| autogenerated/TaintedPath/tainted-sendFile.js:18:53:18:57 | "dir" | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/tainted-sendFile.js:18:53:18:57 | "dir" | enclosingFunctionBody | req res res sendFile req param gimme res sendfile req param gimme res sendFile req param gimme root process cwd res sendfile req param gimme root process cwd res sendFile req param file root req param dir homeDir path resolve . res sendFile homeDir /data/ req params x res sendfile data/ req params x res sendFile path resolve data req params x res sendfile path join data req params x res sendFile homeDir path join data req params x | -| autogenerated/TaintedPath/tainted-sendFile.js:18:53:18:57 | "dir" | enclosingFunctionName | app.get#functionalargument | -| autogenerated/TaintedPath/tainted-sendFile.js:18:53:18:57 | "dir" | fileImports | express path | -| autogenerated/TaintedPath/tainted-sendFile.js:18:53:18:57 | "dir" | receiverName | req | -| autogenerated/TaintedPath/tainted-sendFile.js:18:53:18:57 | "dir" | stringConcatenatedWith | | -| autogenerated/TaintedPath/tainted-sendFile.js:21:16:21:48 | homeDir ... arams.x | CalleeFlexibleAccessPath | res.sendFile | -| autogenerated/TaintedPath/tainted-sendFile.js:21:16:21:48 | homeDir ... arams.x | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/tainted-sendFile.js:21:16:21:48 | homeDir ... arams.x | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/tainted-sendFile.js:21:16:21:48 | homeDir ... arams.x | assignedToPropName | | -| autogenerated/TaintedPath/tainted-sendFile.js:21:16:21:48 | homeDir ... arams.x | calleeImports | | -| autogenerated/TaintedPath/tainted-sendFile.js:21:16:21:48 | homeDir ... arams.x | contextFunctionInterfaces | | -| autogenerated/TaintedPath/tainted-sendFile.js:21:16:21:48 | homeDir ... arams.x | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/tainted-sendFile.js:21:16:21:48 | homeDir ... arams.x | enclosingFunctionBody | req res res sendFile req param gimme res sendfile req param gimme res sendFile req param gimme root process cwd res sendfile req param gimme root process cwd res sendFile req param file root req param dir homeDir path resolve . res sendFile homeDir /data/ req params x res sendfile data/ req params x res sendFile path resolve data req params x res sendfile path join data req params x res sendFile homeDir path join data req params x | -| autogenerated/TaintedPath/tainted-sendFile.js:21:16:21:48 | homeDir ... arams.x | enclosingFunctionName | app.get#functionalargument | -| autogenerated/TaintedPath/tainted-sendFile.js:21:16:21:48 | homeDir ... arams.x | fileImports | express path | -| autogenerated/TaintedPath/tainted-sendFile.js:21:16:21:48 | homeDir ... arams.x | receiverName | res | -| autogenerated/TaintedPath/tainted-sendFile.js:21:16:21:48 | homeDir ... arams.x | stringConcatenatedWith | | -| autogenerated/TaintedPath/tainted-sendFile.js:22:16:22:37 | 'data/' ... arams.x | CalleeFlexibleAccessPath | res.sendfile | -| autogenerated/TaintedPath/tainted-sendFile.js:22:16:22:37 | 'data/' ... arams.x | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/tainted-sendFile.js:22:16:22:37 | 'data/' ... arams.x | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/tainted-sendFile.js:22:16:22:37 | 'data/' ... arams.x | assignedToPropName | | -| autogenerated/TaintedPath/tainted-sendFile.js:22:16:22:37 | 'data/' ... arams.x | calleeImports | | -| autogenerated/TaintedPath/tainted-sendFile.js:22:16:22:37 | 'data/' ... arams.x | contextFunctionInterfaces | | -| autogenerated/TaintedPath/tainted-sendFile.js:22:16:22:37 | 'data/' ... arams.x | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/tainted-sendFile.js:22:16:22:37 | 'data/' ... arams.x | enclosingFunctionBody | req res res sendFile req param gimme res sendfile req param gimme res sendFile req param gimme root process cwd res sendfile req param gimme root process cwd res sendFile req param file root req param dir homeDir path resolve . res sendFile homeDir /data/ req params x res sendfile data/ req params x res sendFile path resolve data req params x res sendfile path join data req params x res sendFile homeDir path join data req params x | -| autogenerated/TaintedPath/tainted-sendFile.js:22:16:22:37 | 'data/' ... arams.x | enclosingFunctionName | app.get#functionalargument | -| autogenerated/TaintedPath/tainted-sendFile.js:22:16:22:37 | 'data/' ... arams.x | fileImports | express path | -| autogenerated/TaintedPath/tainted-sendFile.js:22:16:22:37 | 'data/' ... arams.x | receiverName | res | -| autogenerated/TaintedPath/tainted-sendFile.js:22:16:22:37 | 'data/' ... arams.x | stringConcatenatedWith | | -| autogenerated/TaintedPath/tainted-sendFile.js:24:16:24:49 | path.re ... rams.x) | CalleeFlexibleAccessPath | res.sendFile | -| autogenerated/TaintedPath/tainted-sendFile.js:24:16:24:49 | path.re ... rams.x) | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/tainted-sendFile.js:24:16:24:49 | path.re ... rams.x) | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/tainted-sendFile.js:24:16:24:49 | path.re ... rams.x) | assignedToPropName | | -| autogenerated/TaintedPath/tainted-sendFile.js:24:16:24:49 | path.re ... rams.x) | calleeImports | | -| autogenerated/TaintedPath/tainted-sendFile.js:24:16:24:49 | path.re ... rams.x) | contextFunctionInterfaces | | -| autogenerated/TaintedPath/tainted-sendFile.js:24:16:24:49 | path.re ... rams.x) | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/tainted-sendFile.js:24:16:24:49 | path.re ... rams.x) | enclosingFunctionBody | req res res sendFile req param gimme res sendfile req param gimme res sendFile req param gimme root process cwd res sendfile req param gimme root process cwd res sendFile req param file root req param dir homeDir path resolve . res sendFile homeDir /data/ req params x res sendfile data/ req params x res sendFile path resolve data req params x res sendfile path join data req params x res sendFile homeDir path join data req params x | -| autogenerated/TaintedPath/tainted-sendFile.js:24:16:24:49 | path.re ... rams.x) | enclosingFunctionName | app.get#functionalargument | -| autogenerated/TaintedPath/tainted-sendFile.js:24:16:24:49 | path.re ... rams.x) | fileImports | express path | -| autogenerated/TaintedPath/tainted-sendFile.js:24:16:24:49 | path.re ... rams.x) | receiverName | res | -| autogenerated/TaintedPath/tainted-sendFile.js:24:16:24:49 | path.re ... rams.x) | stringConcatenatedWith | | -| autogenerated/TaintedPath/tainted-sendFile.js:25:16:25:46 | path.jo ... rams.x) | CalleeFlexibleAccessPath | res.sendfile | -| autogenerated/TaintedPath/tainted-sendFile.js:25:16:25:46 | path.jo ... rams.x) | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/tainted-sendFile.js:25:16:25:46 | path.jo ... rams.x) | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/tainted-sendFile.js:25:16:25:46 | path.jo ... rams.x) | assignedToPropName | | -| autogenerated/TaintedPath/tainted-sendFile.js:25:16:25:46 | path.jo ... rams.x) | calleeImports | | -| autogenerated/TaintedPath/tainted-sendFile.js:25:16:25:46 | path.jo ... rams.x) | contextFunctionInterfaces | | -| autogenerated/TaintedPath/tainted-sendFile.js:25:16:25:46 | path.jo ... rams.x) | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/tainted-sendFile.js:25:16:25:46 | path.jo ... rams.x) | enclosingFunctionBody | req res res sendFile req param gimme res sendfile req param gimme res sendFile req param gimme root process cwd res sendfile req param gimme root process cwd res sendFile req param file root req param dir homeDir path resolve . res sendFile homeDir /data/ req params x res sendfile data/ req params x res sendFile path resolve data req params x res sendfile path join data req params x res sendFile homeDir path join data req params x | -| autogenerated/TaintedPath/tainted-sendFile.js:25:16:25:46 | path.jo ... rams.x) | enclosingFunctionName | app.get#functionalargument | -| autogenerated/TaintedPath/tainted-sendFile.js:25:16:25:46 | path.jo ... rams.x) | fileImports | express path | -| autogenerated/TaintedPath/tainted-sendFile.js:25:16:25:46 | path.jo ... rams.x) | receiverName | res | -| autogenerated/TaintedPath/tainted-sendFile.js:25:16:25:46 | path.jo ... rams.x) | stringConcatenatedWith | | -| autogenerated/TaintedPath/tainted-sendFile.js:27:16:27:56 | homeDir ... rams.x) | CalleeFlexibleAccessPath | res.sendFile | -| autogenerated/TaintedPath/tainted-sendFile.js:27:16:27:56 | homeDir ... rams.x) | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/tainted-sendFile.js:27:16:27:56 | homeDir ... rams.x) | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/tainted-sendFile.js:27:16:27:56 | homeDir ... rams.x) | assignedToPropName | | -| autogenerated/TaintedPath/tainted-sendFile.js:27:16:27:56 | homeDir ... rams.x) | calleeImports | | -| autogenerated/TaintedPath/tainted-sendFile.js:27:16:27:56 | homeDir ... rams.x) | contextFunctionInterfaces | | -| autogenerated/TaintedPath/tainted-sendFile.js:27:16:27:56 | homeDir ... rams.x) | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/tainted-sendFile.js:27:16:27:56 | homeDir ... rams.x) | enclosingFunctionBody | req res res sendFile req param gimme res sendfile req param gimme res sendFile req param gimme root process cwd res sendfile req param gimme root process cwd res sendFile req param file root req param dir homeDir path resolve . res sendFile homeDir /data/ req params x res sendfile data/ req params x res sendFile path resolve data req params x res sendfile path join data req params x res sendFile homeDir path join data req params x | -| autogenerated/TaintedPath/tainted-sendFile.js:27:16:27:56 | homeDir ... rams.x) | enclosingFunctionName | app.get#functionalargument | -| autogenerated/TaintedPath/tainted-sendFile.js:27:16:27:56 | homeDir ... rams.x) | fileImports | express path | -| autogenerated/TaintedPath/tainted-sendFile.js:27:16:27:56 | homeDir ... rams.x) | receiverName | res | -| autogenerated/TaintedPath/tainted-sendFile.js:27:16:27:56 | homeDir ... rams.x) | stringConcatenatedWith | | -| autogenerated/TaintedPath/tainted-string-steps.js:1:18:1:21 | 'fs' | CalleeFlexibleAccessPath | require | -| autogenerated/TaintedPath/tainted-string-steps.js:1:18:1:21 | 'fs' | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/tainted-string-steps.js:1:18:1:21 | 'fs' | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/tainted-string-steps.js:1:18:1:21 | 'fs' | assignedToPropName | | -| autogenerated/TaintedPath/tainted-string-steps.js:1:18:1:21 | 'fs' | calleeImports | | -| autogenerated/TaintedPath/tainted-string-steps.js:1:18:1:21 | 'fs' | contextFunctionInterfaces | | -| autogenerated/TaintedPath/tainted-string-steps.js:1:18:1:21 | 'fs' | contextSurroundingFunctionParameters | | -| autogenerated/TaintedPath/tainted-string-steps.js:1:18:1:21 | 'fs' | enclosingFunctionBody | | -| autogenerated/TaintedPath/tainted-string-steps.js:1:18:1:21 | 'fs' | enclosingFunctionName | | -| autogenerated/TaintedPath/tainted-string-steps.js:1:18:1:21 | 'fs' | fileImports | fs http url | -| autogenerated/TaintedPath/tainted-string-steps.js:1:18:1:21 | 'fs' | receiverName | | -| autogenerated/TaintedPath/tainted-string-steps.js:1:18:1:21 | 'fs' | stringConcatenatedWith | | -| autogenerated/TaintedPath/tainted-string-steps.js:2:20:2:25 | 'http' | CalleeFlexibleAccessPath | require | -| autogenerated/TaintedPath/tainted-string-steps.js:2:20:2:25 | 'http' | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/tainted-string-steps.js:2:20:2:25 | 'http' | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/tainted-string-steps.js:2:20:2:25 | 'http' | assignedToPropName | | -| autogenerated/TaintedPath/tainted-string-steps.js:2:20:2:25 | 'http' | calleeImports | | -| autogenerated/TaintedPath/tainted-string-steps.js:2:20:2:25 | 'http' | contextFunctionInterfaces | | -| autogenerated/TaintedPath/tainted-string-steps.js:2:20:2:25 | 'http' | contextSurroundingFunctionParameters | | -| autogenerated/TaintedPath/tainted-string-steps.js:2:20:2:25 | 'http' | enclosingFunctionBody | | -| autogenerated/TaintedPath/tainted-string-steps.js:2:20:2:25 | 'http' | enclosingFunctionName | | -| autogenerated/TaintedPath/tainted-string-steps.js:2:20:2:25 | 'http' | fileImports | fs http url | -| autogenerated/TaintedPath/tainted-string-steps.js:2:20:2:25 | 'http' | receiverName | | -| autogenerated/TaintedPath/tainted-string-steps.js:2:20:2:25 | 'http' | stringConcatenatedWith | | -| autogenerated/TaintedPath/tainted-string-steps.js:3:19:3:23 | 'url' | CalleeFlexibleAccessPath | require | -| autogenerated/TaintedPath/tainted-string-steps.js:3:19:3:23 | 'url' | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/tainted-string-steps.js:3:19:3:23 | 'url' | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/tainted-string-steps.js:3:19:3:23 | 'url' | assignedToPropName | | -| autogenerated/TaintedPath/tainted-string-steps.js:3:19:3:23 | 'url' | calleeImports | | -| autogenerated/TaintedPath/tainted-string-steps.js:3:19:3:23 | 'url' | contextFunctionInterfaces | | -| autogenerated/TaintedPath/tainted-string-steps.js:3:19:3:23 | 'url' | contextSurroundingFunctionParameters | | -| autogenerated/TaintedPath/tainted-string-steps.js:3:19:3:23 | 'url' | enclosingFunctionBody | | -| autogenerated/TaintedPath/tainted-string-steps.js:3:19:3:23 | 'url' | enclosingFunctionName | | -| autogenerated/TaintedPath/tainted-string-steps.js:3:19:3:23 | 'url' | fileImports | fs http url | -| autogenerated/TaintedPath/tainted-string-steps.js:3:19:3:23 | 'url' | receiverName | | -| autogenerated/TaintedPath/tainted-string-steps.js:3:19:3:23 | 'url' | stringConcatenatedWith | | -| autogenerated/TaintedPath/tainted-string-steps.js:5:32:29:1 | functio ... ENCY]\\n} | CalleeFlexibleAccessPath | http.createServer | -| autogenerated/TaintedPath/tainted-string-steps.js:5:32:29:1 | functio ... ENCY]\\n} | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/tainted-string-steps.js:5:32:29:1 | functio ... ENCY]\\n} | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/tainted-string-steps.js:5:32:29:1 | functio ... ENCY]\\n} | assignedToPropName | | -| autogenerated/TaintedPath/tainted-string-steps.js:5:32:29:1 | functio ... ENCY]\\n} | calleeImports | http | -| autogenerated/TaintedPath/tainted-string-steps.js:5:32:29:1 | functio ... ENCY]\\n} | contextFunctionInterfaces | | -| autogenerated/TaintedPath/tainted-string-steps.js:5:32:29:1 | functio ... ENCY]\\n} | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/tainted-string-steps.js:5:32:29:1 | functio ... ENCY]\\n} | enclosingFunctionBody | | -| autogenerated/TaintedPath/tainted-string-steps.js:5:32:29:1 | functio ... ENCY]\\n} | enclosingFunctionName | | -| autogenerated/TaintedPath/tainted-string-steps.js:5:32:29:1 | functio ... ENCY]\\n} | fileImports | fs http url | -| autogenerated/TaintedPath/tainted-string-steps.js:5:32:29:1 | functio ... ENCY]\\n} | receiverName | http | -| autogenerated/TaintedPath/tainted-string-steps.js:5:32:29:1 | functio ... ENCY]\\n} | stringConcatenatedWith | | -| autogenerated/TaintedPath/tainted-string-steps.js:7:18:7:37 | path.substring(i, j) | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/tainted-string-steps.js:7:18:7:37 | path.substring(i, j) | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/tainted-string-steps.js:7:18:7:37 | path.substring(i, j) | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/tainted-string-steps.js:7:18:7:37 | path.substring(i, j) | assignedToPropName | | -| autogenerated/TaintedPath/tainted-string-steps.js:7:18:7:37 | path.substring(i, j) | calleeImports | fs | -| autogenerated/TaintedPath/tainted-string-steps.js:7:18:7:37 | path.substring(i, j) | contextFunctionInterfaces | | -| autogenerated/TaintedPath/tainted-string-steps.js:7:18:7:37 | path.substring(i, j) | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/tainted-string-steps.js:7:18:7:37 | path.substring(i, j) | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path substring i j fs readFileSync path substring 4 fs readFileSync path substring 0 i fs readFileSync path substr 4 fs readFileSync path slice 4 fs readFileSync path concat unknown fs readFileSync unknown concat path fs readFileSync unknown concat unknown path fs readFileSync path trim fs readFileSync path toLowerCase fs readFileSync path split / fs readFileSync path 0 split / 0 fs readFileSync path split / i fs readFileSync path split /\\// i fs readFileSync path 0 split ? 0 fs readFileSync path split unknown i fs readFileSync path split unknown whatever fs readFileSync path split unknown fs readFileSync path split ? i | -| autogenerated/TaintedPath/tainted-string-steps.js:7:18:7:37 | path.substring(i, j) | enclosingFunctionName | http.createServer#functionalargument | -| autogenerated/TaintedPath/tainted-string-steps.js:7:18:7:37 | path.substring(i, j) | fileImports | fs http url | -| autogenerated/TaintedPath/tainted-string-steps.js:7:18:7:37 | path.substring(i, j) | receiverName | fs | -| autogenerated/TaintedPath/tainted-string-steps.js:7:18:7:37 | path.substring(i, j) | stringConcatenatedWith | | -| autogenerated/TaintedPath/tainted-string-steps.js:7:33:7:33 | i | CalleeFlexibleAccessPath | path.substring | -| autogenerated/TaintedPath/tainted-string-steps.js:7:33:7:33 | i | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/tainted-string-steps.js:7:33:7:33 | i | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/tainted-string-steps.js:7:33:7:33 | i | assignedToPropName | | -| autogenerated/TaintedPath/tainted-string-steps.js:7:33:7:33 | i | calleeImports | url | -| autogenerated/TaintedPath/tainted-string-steps.js:7:33:7:33 | i | contextFunctionInterfaces | | -| autogenerated/TaintedPath/tainted-string-steps.js:7:33:7:33 | i | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/tainted-string-steps.js:7:33:7:33 | i | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path substring i j fs readFileSync path substring 4 fs readFileSync path substring 0 i fs readFileSync path substr 4 fs readFileSync path slice 4 fs readFileSync path concat unknown fs readFileSync unknown concat path fs readFileSync unknown concat unknown path fs readFileSync path trim fs readFileSync path toLowerCase fs readFileSync path split / fs readFileSync path 0 split / 0 fs readFileSync path split / i fs readFileSync path split /\\// i fs readFileSync path 0 split ? 0 fs readFileSync path split unknown i fs readFileSync path split unknown whatever fs readFileSync path split unknown fs readFileSync path split ? i | -| autogenerated/TaintedPath/tainted-string-steps.js:7:33:7:33 | i | enclosingFunctionName | http.createServer#functionalargument | -| autogenerated/TaintedPath/tainted-string-steps.js:7:33:7:33 | i | fileImports | fs http url | -| autogenerated/TaintedPath/tainted-string-steps.js:7:33:7:33 | i | receiverName | path | -| autogenerated/TaintedPath/tainted-string-steps.js:7:33:7:33 | i | stringConcatenatedWith | | -| autogenerated/TaintedPath/tainted-string-steps.js:7:36:7:36 | j | CalleeFlexibleAccessPath | path.substring | -| autogenerated/TaintedPath/tainted-string-steps.js:7:36:7:36 | j | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/tainted-string-steps.js:7:36:7:36 | j | InputArgumentIndex | 1 | -| autogenerated/TaintedPath/tainted-string-steps.js:7:36:7:36 | j | assignedToPropName | | -| autogenerated/TaintedPath/tainted-string-steps.js:7:36:7:36 | j | calleeImports | url | -| autogenerated/TaintedPath/tainted-string-steps.js:7:36:7:36 | j | contextFunctionInterfaces | | -| autogenerated/TaintedPath/tainted-string-steps.js:7:36:7:36 | j | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/tainted-string-steps.js:7:36:7:36 | j | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path substring i j fs readFileSync path substring 4 fs readFileSync path substring 0 i fs readFileSync path substr 4 fs readFileSync path slice 4 fs readFileSync path concat unknown fs readFileSync unknown concat path fs readFileSync unknown concat unknown path fs readFileSync path trim fs readFileSync path toLowerCase fs readFileSync path split / fs readFileSync path 0 split / 0 fs readFileSync path split / i fs readFileSync path split /\\// i fs readFileSync path 0 split ? 0 fs readFileSync path split unknown i fs readFileSync path split unknown whatever fs readFileSync path split unknown fs readFileSync path split ? i | -| autogenerated/TaintedPath/tainted-string-steps.js:7:36:7:36 | j | enclosingFunctionName | http.createServer#functionalargument | -| autogenerated/TaintedPath/tainted-string-steps.js:7:36:7:36 | j | fileImports | fs http url | -| autogenerated/TaintedPath/tainted-string-steps.js:7:36:7:36 | j | receiverName | path | -| autogenerated/TaintedPath/tainted-string-steps.js:7:36:7:36 | j | stringConcatenatedWith | | -| autogenerated/TaintedPath/tainted-string-steps.js:8:18:8:34 | path.substring(4) | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/tainted-string-steps.js:8:18:8:34 | path.substring(4) | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/tainted-string-steps.js:8:18:8:34 | path.substring(4) | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/tainted-string-steps.js:8:18:8:34 | path.substring(4) | assignedToPropName | | -| autogenerated/TaintedPath/tainted-string-steps.js:8:18:8:34 | path.substring(4) | calleeImports | fs | -| autogenerated/TaintedPath/tainted-string-steps.js:8:18:8:34 | path.substring(4) | contextFunctionInterfaces | | -| autogenerated/TaintedPath/tainted-string-steps.js:8:18:8:34 | path.substring(4) | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/tainted-string-steps.js:8:18:8:34 | path.substring(4) | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path substring i j fs readFileSync path substring 4 fs readFileSync path substring 0 i fs readFileSync path substr 4 fs readFileSync path slice 4 fs readFileSync path concat unknown fs readFileSync unknown concat path fs readFileSync unknown concat unknown path fs readFileSync path trim fs readFileSync path toLowerCase fs readFileSync path split / fs readFileSync path 0 split / 0 fs readFileSync path split / i fs readFileSync path split /\\// i fs readFileSync path 0 split ? 0 fs readFileSync path split unknown i fs readFileSync path split unknown whatever fs readFileSync path split unknown fs readFileSync path split ? i | -| autogenerated/TaintedPath/tainted-string-steps.js:8:18:8:34 | path.substring(4) | enclosingFunctionName | http.createServer#functionalargument | -| autogenerated/TaintedPath/tainted-string-steps.js:8:18:8:34 | path.substring(4) | fileImports | fs http url | -| autogenerated/TaintedPath/tainted-string-steps.js:8:18:8:34 | path.substring(4) | receiverName | fs | -| autogenerated/TaintedPath/tainted-string-steps.js:8:18:8:34 | path.substring(4) | stringConcatenatedWith | | -| autogenerated/TaintedPath/tainted-string-steps.js:8:33:8:33 | 4 | CalleeFlexibleAccessPath | path.substring | -| autogenerated/TaintedPath/tainted-string-steps.js:8:33:8:33 | 4 | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/tainted-string-steps.js:8:33:8:33 | 4 | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/tainted-string-steps.js:8:33:8:33 | 4 | assignedToPropName | | -| autogenerated/TaintedPath/tainted-string-steps.js:8:33:8:33 | 4 | calleeImports | url | -| autogenerated/TaintedPath/tainted-string-steps.js:8:33:8:33 | 4 | contextFunctionInterfaces | | -| autogenerated/TaintedPath/tainted-string-steps.js:8:33:8:33 | 4 | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/tainted-string-steps.js:8:33:8:33 | 4 | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path substring i j fs readFileSync path substring 4 fs readFileSync path substring 0 i fs readFileSync path substr 4 fs readFileSync path slice 4 fs readFileSync path concat unknown fs readFileSync unknown concat path fs readFileSync unknown concat unknown path fs readFileSync path trim fs readFileSync path toLowerCase fs readFileSync path split / fs readFileSync path 0 split / 0 fs readFileSync path split / i fs readFileSync path split /\\// i fs readFileSync path 0 split ? 0 fs readFileSync path split unknown i fs readFileSync path split unknown whatever fs readFileSync path split unknown fs readFileSync path split ? i | -| autogenerated/TaintedPath/tainted-string-steps.js:8:33:8:33 | 4 | enclosingFunctionName | http.createServer#functionalargument | -| autogenerated/TaintedPath/tainted-string-steps.js:8:33:8:33 | 4 | fileImports | fs http url | -| autogenerated/TaintedPath/tainted-string-steps.js:8:33:8:33 | 4 | receiverName | path | -| autogenerated/TaintedPath/tainted-string-steps.js:8:33:8:33 | 4 | stringConcatenatedWith | | -| autogenerated/TaintedPath/tainted-string-steps.js:9:18:9:37 | path.substring(0, i) | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/tainted-string-steps.js:9:18:9:37 | path.substring(0, i) | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/tainted-string-steps.js:9:18:9:37 | path.substring(0, i) | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/tainted-string-steps.js:9:18:9:37 | path.substring(0, i) | assignedToPropName | | -| autogenerated/TaintedPath/tainted-string-steps.js:9:18:9:37 | path.substring(0, i) | calleeImports | fs | -| autogenerated/TaintedPath/tainted-string-steps.js:9:18:9:37 | path.substring(0, i) | contextFunctionInterfaces | | -| autogenerated/TaintedPath/tainted-string-steps.js:9:18:9:37 | path.substring(0, i) | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/tainted-string-steps.js:9:18:9:37 | path.substring(0, i) | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path substring i j fs readFileSync path substring 4 fs readFileSync path substring 0 i fs readFileSync path substr 4 fs readFileSync path slice 4 fs readFileSync path concat unknown fs readFileSync unknown concat path fs readFileSync unknown concat unknown path fs readFileSync path trim fs readFileSync path toLowerCase fs readFileSync path split / fs readFileSync path 0 split / 0 fs readFileSync path split / i fs readFileSync path split /\\// i fs readFileSync path 0 split ? 0 fs readFileSync path split unknown i fs readFileSync path split unknown whatever fs readFileSync path split unknown fs readFileSync path split ? i | -| autogenerated/TaintedPath/tainted-string-steps.js:9:18:9:37 | path.substring(0, i) | enclosingFunctionName | http.createServer#functionalargument | -| autogenerated/TaintedPath/tainted-string-steps.js:9:18:9:37 | path.substring(0, i) | fileImports | fs http url | -| autogenerated/TaintedPath/tainted-string-steps.js:9:18:9:37 | path.substring(0, i) | receiverName | fs | -| autogenerated/TaintedPath/tainted-string-steps.js:9:18:9:37 | path.substring(0, i) | stringConcatenatedWith | | -| autogenerated/TaintedPath/tainted-string-steps.js:9:33:9:33 | 0 | CalleeFlexibleAccessPath | path.substring | -| autogenerated/TaintedPath/tainted-string-steps.js:9:33:9:33 | 0 | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/tainted-string-steps.js:9:33:9:33 | 0 | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/tainted-string-steps.js:9:33:9:33 | 0 | assignedToPropName | | -| autogenerated/TaintedPath/tainted-string-steps.js:9:33:9:33 | 0 | calleeImports | url | -| autogenerated/TaintedPath/tainted-string-steps.js:9:33:9:33 | 0 | contextFunctionInterfaces | | -| autogenerated/TaintedPath/tainted-string-steps.js:9:33:9:33 | 0 | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/tainted-string-steps.js:9:33:9:33 | 0 | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path substring i j fs readFileSync path substring 4 fs readFileSync path substring 0 i fs readFileSync path substr 4 fs readFileSync path slice 4 fs readFileSync path concat unknown fs readFileSync unknown concat path fs readFileSync unknown concat unknown path fs readFileSync path trim fs readFileSync path toLowerCase fs readFileSync path split / fs readFileSync path 0 split / 0 fs readFileSync path split / i fs readFileSync path split /\\// i fs readFileSync path 0 split ? 0 fs readFileSync path split unknown i fs readFileSync path split unknown whatever fs readFileSync path split unknown fs readFileSync path split ? i | -| autogenerated/TaintedPath/tainted-string-steps.js:9:33:9:33 | 0 | enclosingFunctionName | http.createServer#functionalargument | -| autogenerated/TaintedPath/tainted-string-steps.js:9:33:9:33 | 0 | fileImports | fs http url | -| autogenerated/TaintedPath/tainted-string-steps.js:9:33:9:33 | 0 | receiverName | path | -| autogenerated/TaintedPath/tainted-string-steps.js:9:33:9:33 | 0 | stringConcatenatedWith | | -| autogenerated/TaintedPath/tainted-string-steps.js:9:36:9:36 | i | CalleeFlexibleAccessPath | path.substring | -| autogenerated/TaintedPath/tainted-string-steps.js:9:36:9:36 | i | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/tainted-string-steps.js:9:36:9:36 | i | InputArgumentIndex | 1 | -| autogenerated/TaintedPath/tainted-string-steps.js:9:36:9:36 | i | assignedToPropName | | -| autogenerated/TaintedPath/tainted-string-steps.js:9:36:9:36 | i | calleeImports | url | -| autogenerated/TaintedPath/tainted-string-steps.js:9:36:9:36 | i | contextFunctionInterfaces | | -| autogenerated/TaintedPath/tainted-string-steps.js:9:36:9:36 | i | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/tainted-string-steps.js:9:36:9:36 | i | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path substring i j fs readFileSync path substring 4 fs readFileSync path substring 0 i fs readFileSync path substr 4 fs readFileSync path slice 4 fs readFileSync path concat unknown fs readFileSync unknown concat path fs readFileSync unknown concat unknown path fs readFileSync path trim fs readFileSync path toLowerCase fs readFileSync path split / fs readFileSync path 0 split / 0 fs readFileSync path split / i fs readFileSync path split /\\// i fs readFileSync path 0 split ? 0 fs readFileSync path split unknown i fs readFileSync path split unknown whatever fs readFileSync path split unknown fs readFileSync path split ? i | -| autogenerated/TaintedPath/tainted-string-steps.js:9:36:9:36 | i | enclosingFunctionName | http.createServer#functionalargument | -| autogenerated/TaintedPath/tainted-string-steps.js:9:36:9:36 | i | fileImports | fs http url | -| autogenerated/TaintedPath/tainted-string-steps.js:9:36:9:36 | i | receiverName | path | -| autogenerated/TaintedPath/tainted-string-steps.js:9:36:9:36 | i | stringConcatenatedWith | | -| autogenerated/TaintedPath/tainted-string-steps.js:10:18:10:31 | path.substr(4) | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/tainted-string-steps.js:10:18:10:31 | path.substr(4) | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/tainted-string-steps.js:10:18:10:31 | path.substr(4) | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/tainted-string-steps.js:10:18:10:31 | path.substr(4) | assignedToPropName | | -| autogenerated/TaintedPath/tainted-string-steps.js:10:18:10:31 | path.substr(4) | calleeImports | fs | -| autogenerated/TaintedPath/tainted-string-steps.js:10:18:10:31 | path.substr(4) | contextFunctionInterfaces | | -| autogenerated/TaintedPath/tainted-string-steps.js:10:18:10:31 | path.substr(4) | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/tainted-string-steps.js:10:18:10:31 | path.substr(4) | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path substring i j fs readFileSync path substring 4 fs readFileSync path substring 0 i fs readFileSync path substr 4 fs readFileSync path slice 4 fs readFileSync path concat unknown fs readFileSync unknown concat path fs readFileSync unknown concat unknown path fs readFileSync path trim fs readFileSync path toLowerCase fs readFileSync path split / fs readFileSync path 0 split / 0 fs readFileSync path split / i fs readFileSync path split /\\// i fs readFileSync path 0 split ? 0 fs readFileSync path split unknown i fs readFileSync path split unknown whatever fs readFileSync path split unknown fs readFileSync path split ? i | -| autogenerated/TaintedPath/tainted-string-steps.js:10:18:10:31 | path.substr(4) | enclosingFunctionName | http.createServer#functionalargument | -| autogenerated/TaintedPath/tainted-string-steps.js:10:18:10:31 | path.substr(4) | fileImports | fs http url | -| autogenerated/TaintedPath/tainted-string-steps.js:10:18:10:31 | path.substr(4) | receiverName | fs | -| autogenerated/TaintedPath/tainted-string-steps.js:10:18:10:31 | path.substr(4) | stringConcatenatedWith | | -| autogenerated/TaintedPath/tainted-string-steps.js:10:30:10:30 | 4 | CalleeFlexibleAccessPath | path.substr | -| autogenerated/TaintedPath/tainted-string-steps.js:10:30:10:30 | 4 | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/tainted-string-steps.js:10:30:10:30 | 4 | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/tainted-string-steps.js:10:30:10:30 | 4 | assignedToPropName | | -| autogenerated/TaintedPath/tainted-string-steps.js:10:30:10:30 | 4 | calleeImports | url | -| autogenerated/TaintedPath/tainted-string-steps.js:10:30:10:30 | 4 | contextFunctionInterfaces | | -| autogenerated/TaintedPath/tainted-string-steps.js:10:30:10:30 | 4 | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/tainted-string-steps.js:10:30:10:30 | 4 | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path substring i j fs readFileSync path substring 4 fs readFileSync path substring 0 i fs readFileSync path substr 4 fs readFileSync path slice 4 fs readFileSync path concat unknown fs readFileSync unknown concat path fs readFileSync unknown concat unknown path fs readFileSync path trim fs readFileSync path toLowerCase fs readFileSync path split / fs readFileSync path 0 split / 0 fs readFileSync path split / i fs readFileSync path split /\\// i fs readFileSync path 0 split ? 0 fs readFileSync path split unknown i fs readFileSync path split unknown whatever fs readFileSync path split unknown fs readFileSync path split ? i | -| autogenerated/TaintedPath/tainted-string-steps.js:10:30:10:30 | 4 | enclosingFunctionName | http.createServer#functionalargument | -| autogenerated/TaintedPath/tainted-string-steps.js:10:30:10:30 | 4 | fileImports | fs http url | -| autogenerated/TaintedPath/tainted-string-steps.js:10:30:10:30 | 4 | receiverName | path | -| autogenerated/TaintedPath/tainted-string-steps.js:10:30:10:30 | 4 | stringConcatenatedWith | | -| autogenerated/TaintedPath/tainted-string-steps.js:11:18:11:30 | path.slice(4) | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/tainted-string-steps.js:11:18:11:30 | path.slice(4) | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/tainted-string-steps.js:11:18:11:30 | path.slice(4) | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/tainted-string-steps.js:11:18:11:30 | path.slice(4) | assignedToPropName | | -| autogenerated/TaintedPath/tainted-string-steps.js:11:18:11:30 | path.slice(4) | calleeImports | fs | -| autogenerated/TaintedPath/tainted-string-steps.js:11:18:11:30 | path.slice(4) | contextFunctionInterfaces | | -| autogenerated/TaintedPath/tainted-string-steps.js:11:18:11:30 | path.slice(4) | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/tainted-string-steps.js:11:18:11:30 | path.slice(4) | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path substring i j fs readFileSync path substring 4 fs readFileSync path substring 0 i fs readFileSync path substr 4 fs readFileSync path slice 4 fs readFileSync path concat unknown fs readFileSync unknown concat path fs readFileSync unknown concat unknown path fs readFileSync path trim fs readFileSync path toLowerCase fs readFileSync path split / fs readFileSync path 0 split / 0 fs readFileSync path split / i fs readFileSync path split /\\// i fs readFileSync path 0 split ? 0 fs readFileSync path split unknown i fs readFileSync path split unknown whatever fs readFileSync path split unknown fs readFileSync path split ? i | -| autogenerated/TaintedPath/tainted-string-steps.js:11:18:11:30 | path.slice(4) | enclosingFunctionName | http.createServer#functionalargument | -| autogenerated/TaintedPath/tainted-string-steps.js:11:18:11:30 | path.slice(4) | fileImports | fs http url | -| autogenerated/TaintedPath/tainted-string-steps.js:11:18:11:30 | path.slice(4) | receiverName | fs | -| autogenerated/TaintedPath/tainted-string-steps.js:11:18:11:30 | path.slice(4) | stringConcatenatedWith | | -| autogenerated/TaintedPath/tainted-string-steps.js:11:29:11:29 | 4 | CalleeFlexibleAccessPath | path.slice | -| autogenerated/TaintedPath/tainted-string-steps.js:11:29:11:29 | 4 | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/tainted-string-steps.js:11:29:11:29 | 4 | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/tainted-string-steps.js:11:29:11:29 | 4 | assignedToPropName | | -| autogenerated/TaintedPath/tainted-string-steps.js:11:29:11:29 | 4 | calleeImports | url | -| autogenerated/TaintedPath/tainted-string-steps.js:11:29:11:29 | 4 | contextFunctionInterfaces | | -| autogenerated/TaintedPath/tainted-string-steps.js:11:29:11:29 | 4 | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/tainted-string-steps.js:11:29:11:29 | 4 | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path substring i j fs readFileSync path substring 4 fs readFileSync path substring 0 i fs readFileSync path substr 4 fs readFileSync path slice 4 fs readFileSync path concat unknown fs readFileSync unknown concat path fs readFileSync unknown concat unknown path fs readFileSync path trim fs readFileSync path toLowerCase fs readFileSync path split / fs readFileSync path 0 split / 0 fs readFileSync path split / i fs readFileSync path split /\\// i fs readFileSync path 0 split ? 0 fs readFileSync path split unknown i fs readFileSync path split unknown whatever fs readFileSync path split unknown fs readFileSync path split ? i | -| autogenerated/TaintedPath/tainted-string-steps.js:11:29:11:29 | 4 | enclosingFunctionName | http.createServer#functionalargument | -| autogenerated/TaintedPath/tainted-string-steps.js:11:29:11:29 | 4 | fileImports | fs http url | -| autogenerated/TaintedPath/tainted-string-steps.js:11:29:11:29 | 4 | receiverName | path | -| autogenerated/TaintedPath/tainted-string-steps.js:11:29:11:29 | 4 | stringConcatenatedWith | | -| autogenerated/TaintedPath/tainted-string-steps.js:13:18:13:37 | path.concat(unknown) | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/tainted-string-steps.js:13:18:13:37 | path.concat(unknown) | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/tainted-string-steps.js:13:18:13:37 | path.concat(unknown) | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/tainted-string-steps.js:13:18:13:37 | path.concat(unknown) | assignedToPropName | | -| autogenerated/TaintedPath/tainted-string-steps.js:13:18:13:37 | path.concat(unknown) | calleeImports | fs | -| autogenerated/TaintedPath/tainted-string-steps.js:13:18:13:37 | path.concat(unknown) | contextFunctionInterfaces | | -| autogenerated/TaintedPath/tainted-string-steps.js:13:18:13:37 | path.concat(unknown) | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/tainted-string-steps.js:13:18:13:37 | path.concat(unknown) | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path substring i j fs readFileSync path substring 4 fs readFileSync path substring 0 i fs readFileSync path substr 4 fs readFileSync path slice 4 fs readFileSync path concat unknown fs readFileSync unknown concat path fs readFileSync unknown concat unknown path fs readFileSync path trim fs readFileSync path toLowerCase fs readFileSync path split / fs readFileSync path 0 split / 0 fs readFileSync path split / i fs readFileSync path split /\\// i fs readFileSync path 0 split ? 0 fs readFileSync path split unknown i fs readFileSync path split unknown whatever fs readFileSync path split unknown fs readFileSync path split ? i | -| autogenerated/TaintedPath/tainted-string-steps.js:13:18:13:37 | path.concat(unknown) | enclosingFunctionName | http.createServer#functionalargument | -| autogenerated/TaintedPath/tainted-string-steps.js:13:18:13:37 | path.concat(unknown) | fileImports | fs http url | -| autogenerated/TaintedPath/tainted-string-steps.js:13:18:13:37 | path.concat(unknown) | receiverName | fs | -| autogenerated/TaintedPath/tainted-string-steps.js:13:18:13:37 | path.concat(unknown) | stringConcatenatedWith | | -| autogenerated/TaintedPath/tainted-string-steps.js:14:18:14:37 | unknown.concat(path) | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/tainted-string-steps.js:14:18:14:37 | unknown.concat(path) | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/tainted-string-steps.js:14:18:14:37 | unknown.concat(path) | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/tainted-string-steps.js:14:18:14:37 | unknown.concat(path) | assignedToPropName | | -| autogenerated/TaintedPath/tainted-string-steps.js:14:18:14:37 | unknown.concat(path) | calleeImports | fs | -| autogenerated/TaintedPath/tainted-string-steps.js:14:18:14:37 | unknown.concat(path) | contextFunctionInterfaces | | -| autogenerated/TaintedPath/tainted-string-steps.js:14:18:14:37 | unknown.concat(path) | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/tainted-string-steps.js:14:18:14:37 | unknown.concat(path) | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path substring i j fs readFileSync path substring 4 fs readFileSync path substring 0 i fs readFileSync path substr 4 fs readFileSync path slice 4 fs readFileSync path concat unknown fs readFileSync unknown concat path fs readFileSync unknown concat unknown path fs readFileSync path trim fs readFileSync path toLowerCase fs readFileSync path split / fs readFileSync path 0 split / 0 fs readFileSync path split / i fs readFileSync path split /\\// i fs readFileSync path 0 split ? 0 fs readFileSync path split unknown i fs readFileSync path split unknown whatever fs readFileSync path split unknown fs readFileSync path split ? i | -| autogenerated/TaintedPath/tainted-string-steps.js:14:18:14:37 | unknown.concat(path) | enclosingFunctionName | http.createServer#functionalargument | -| autogenerated/TaintedPath/tainted-string-steps.js:14:18:14:37 | unknown.concat(path) | fileImports | fs http url | -| autogenerated/TaintedPath/tainted-string-steps.js:14:18:14:37 | unknown.concat(path) | receiverName | fs | -| autogenerated/TaintedPath/tainted-string-steps.js:14:18:14:37 | unknown.concat(path) | stringConcatenatedWith | | -| autogenerated/TaintedPath/tainted-string-steps.js:15:18:15:46 | unknown ... , path) | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/tainted-string-steps.js:15:18:15:46 | unknown ... , path) | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/tainted-string-steps.js:15:18:15:46 | unknown ... , path) | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/tainted-string-steps.js:15:18:15:46 | unknown ... , path) | assignedToPropName | | -| autogenerated/TaintedPath/tainted-string-steps.js:15:18:15:46 | unknown ... , path) | calleeImports | fs | -| autogenerated/TaintedPath/tainted-string-steps.js:15:18:15:46 | unknown ... , path) | contextFunctionInterfaces | | -| autogenerated/TaintedPath/tainted-string-steps.js:15:18:15:46 | unknown ... , path) | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/tainted-string-steps.js:15:18:15:46 | unknown ... , path) | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path substring i j fs readFileSync path substring 4 fs readFileSync path substring 0 i fs readFileSync path substr 4 fs readFileSync path slice 4 fs readFileSync path concat unknown fs readFileSync unknown concat path fs readFileSync unknown concat unknown path fs readFileSync path trim fs readFileSync path toLowerCase fs readFileSync path split / fs readFileSync path 0 split / 0 fs readFileSync path split / i fs readFileSync path split /\\// i fs readFileSync path 0 split ? 0 fs readFileSync path split unknown i fs readFileSync path split unknown whatever fs readFileSync path split unknown fs readFileSync path split ? i | -| autogenerated/TaintedPath/tainted-string-steps.js:15:18:15:46 | unknown ... , path) | enclosingFunctionName | http.createServer#functionalargument | -| autogenerated/TaintedPath/tainted-string-steps.js:15:18:15:46 | unknown ... , path) | fileImports | fs http url | -| autogenerated/TaintedPath/tainted-string-steps.js:15:18:15:46 | unknown ... , path) | receiverName | fs | -| autogenerated/TaintedPath/tainted-string-steps.js:15:18:15:46 | unknown ... , path) | stringConcatenatedWith | | -| autogenerated/TaintedPath/tainted-string-steps.js:17:18:17:28 | path.trim() | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/tainted-string-steps.js:17:18:17:28 | path.trim() | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/tainted-string-steps.js:17:18:17:28 | path.trim() | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/tainted-string-steps.js:17:18:17:28 | path.trim() | assignedToPropName | | -| autogenerated/TaintedPath/tainted-string-steps.js:17:18:17:28 | path.trim() | calleeImports | fs | -| autogenerated/TaintedPath/tainted-string-steps.js:17:18:17:28 | path.trim() | contextFunctionInterfaces | | -| autogenerated/TaintedPath/tainted-string-steps.js:17:18:17:28 | path.trim() | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/tainted-string-steps.js:17:18:17:28 | path.trim() | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path substring i j fs readFileSync path substring 4 fs readFileSync path substring 0 i fs readFileSync path substr 4 fs readFileSync path slice 4 fs readFileSync path concat unknown fs readFileSync unknown concat path fs readFileSync unknown concat unknown path fs readFileSync path trim fs readFileSync path toLowerCase fs readFileSync path split / fs readFileSync path 0 split / 0 fs readFileSync path split / i fs readFileSync path split /\\// i fs readFileSync path 0 split ? 0 fs readFileSync path split unknown i fs readFileSync path split unknown whatever fs readFileSync path split unknown fs readFileSync path split ? i | -| autogenerated/TaintedPath/tainted-string-steps.js:17:18:17:28 | path.trim() | enclosingFunctionName | http.createServer#functionalargument | -| autogenerated/TaintedPath/tainted-string-steps.js:17:18:17:28 | path.trim() | fileImports | fs http url | -| autogenerated/TaintedPath/tainted-string-steps.js:17:18:17:28 | path.trim() | receiverName | fs | -| autogenerated/TaintedPath/tainted-string-steps.js:17:18:17:28 | path.trim() | stringConcatenatedWith | | -| autogenerated/TaintedPath/tainted-string-steps.js:18:18:18:35 | path.toLowerCase() | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/tainted-string-steps.js:18:18:18:35 | path.toLowerCase() | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/tainted-string-steps.js:18:18:18:35 | path.toLowerCase() | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/tainted-string-steps.js:18:18:18:35 | path.toLowerCase() | assignedToPropName | | -| autogenerated/TaintedPath/tainted-string-steps.js:18:18:18:35 | path.toLowerCase() | calleeImports | fs | -| autogenerated/TaintedPath/tainted-string-steps.js:18:18:18:35 | path.toLowerCase() | contextFunctionInterfaces | | -| autogenerated/TaintedPath/tainted-string-steps.js:18:18:18:35 | path.toLowerCase() | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/tainted-string-steps.js:18:18:18:35 | path.toLowerCase() | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path substring i j fs readFileSync path substring 4 fs readFileSync path substring 0 i fs readFileSync path substr 4 fs readFileSync path slice 4 fs readFileSync path concat unknown fs readFileSync unknown concat path fs readFileSync unknown concat unknown path fs readFileSync path trim fs readFileSync path toLowerCase fs readFileSync path split / fs readFileSync path 0 split / 0 fs readFileSync path split / i fs readFileSync path split /\\// i fs readFileSync path 0 split ? 0 fs readFileSync path split unknown i fs readFileSync path split unknown whatever fs readFileSync path split unknown fs readFileSync path split ? i | -| autogenerated/TaintedPath/tainted-string-steps.js:18:18:18:35 | path.toLowerCase() | enclosingFunctionName | http.createServer#functionalargument | -| autogenerated/TaintedPath/tainted-string-steps.js:18:18:18:35 | path.toLowerCase() | fileImports | fs http url | -| autogenerated/TaintedPath/tainted-string-steps.js:18:18:18:35 | path.toLowerCase() | receiverName | fs | -| autogenerated/TaintedPath/tainted-string-steps.js:18:18:18:35 | path.toLowerCase() | stringConcatenatedWith | | -| autogenerated/TaintedPath/tainted-string-steps.js:20:18:20:32 | path.split('/') | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/tainted-string-steps.js:20:18:20:32 | path.split('/') | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/tainted-string-steps.js:20:18:20:32 | path.split('/') | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/tainted-string-steps.js:20:18:20:32 | path.split('/') | assignedToPropName | | -| autogenerated/TaintedPath/tainted-string-steps.js:20:18:20:32 | path.split('/') | calleeImports | fs | -| autogenerated/TaintedPath/tainted-string-steps.js:20:18:20:32 | path.split('/') | contextFunctionInterfaces | | -| autogenerated/TaintedPath/tainted-string-steps.js:20:18:20:32 | path.split('/') | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/tainted-string-steps.js:20:18:20:32 | path.split('/') | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path substring i j fs readFileSync path substring 4 fs readFileSync path substring 0 i fs readFileSync path substr 4 fs readFileSync path slice 4 fs readFileSync path concat unknown fs readFileSync unknown concat path fs readFileSync unknown concat unknown path fs readFileSync path trim fs readFileSync path toLowerCase fs readFileSync path split / fs readFileSync path 0 split / 0 fs readFileSync path split / i fs readFileSync path split /\\// i fs readFileSync path 0 split ? 0 fs readFileSync path split unknown i fs readFileSync path split unknown whatever fs readFileSync path split unknown fs readFileSync path split ? i | -| autogenerated/TaintedPath/tainted-string-steps.js:20:18:20:32 | path.split('/') | enclosingFunctionName | http.createServer#functionalargument | -| autogenerated/TaintedPath/tainted-string-steps.js:20:18:20:32 | path.split('/') | fileImports | fs http url | -| autogenerated/TaintedPath/tainted-string-steps.js:20:18:20:32 | path.split('/') | receiverName | fs | -| autogenerated/TaintedPath/tainted-string-steps.js:20:18:20:32 | path.split('/') | stringConcatenatedWith | | -| autogenerated/TaintedPath/tainted-string-steps.js:20:29:20:31 | '/' | CalleeFlexibleAccessPath | path.split | -| autogenerated/TaintedPath/tainted-string-steps.js:20:29:20:31 | '/' | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/tainted-string-steps.js:20:29:20:31 | '/' | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/tainted-string-steps.js:20:29:20:31 | '/' | assignedToPropName | | -| autogenerated/TaintedPath/tainted-string-steps.js:20:29:20:31 | '/' | calleeImports | url | -| autogenerated/TaintedPath/tainted-string-steps.js:20:29:20:31 | '/' | contextFunctionInterfaces | | -| autogenerated/TaintedPath/tainted-string-steps.js:20:29:20:31 | '/' | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/tainted-string-steps.js:20:29:20:31 | '/' | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path substring i j fs readFileSync path substring 4 fs readFileSync path substring 0 i fs readFileSync path substr 4 fs readFileSync path slice 4 fs readFileSync path concat unknown fs readFileSync unknown concat path fs readFileSync unknown concat unknown path fs readFileSync path trim fs readFileSync path toLowerCase fs readFileSync path split / fs readFileSync path 0 split / 0 fs readFileSync path split / i fs readFileSync path split /\\// i fs readFileSync path 0 split ? 0 fs readFileSync path split unknown i fs readFileSync path split unknown whatever fs readFileSync path split unknown fs readFileSync path split ? i | -| autogenerated/TaintedPath/tainted-string-steps.js:20:29:20:31 | '/' | enclosingFunctionName | http.createServer#functionalargument | -| autogenerated/TaintedPath/tainted-string-steps.js:20:29:20:31 | '/' | fileImports | fs http url | -| autogenerated/TaintedPath/tainted-string-steps.js:20:29:20:31 | '/' | receiverName | path | -| autogenerated/TaintedPath/tainted-string-steps.js:20:29:20:31 | '/' | stringConcatenatedWith | | -| autogenerated/TaintedPath/tainted-string-steps.js:21:18:21:35 | path.split('/')[0] | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/tainted-string-steps.js:21:18:21:35 | path.split('/')[0] | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/tainted-string-steps.js:21:18:21:35 | path.split('/')[0] | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/tainted-string-steps.js:21:18:21:35 | path.split('/')[0] | assignedToPropName | | -| autogenerated/TaintedPath/tainted-string-steps.js:21:18:21:35 | path.split('/')[0] | calleeImports | fs | -| autogenerated/TaintedPath/tainted-string-steps.js:21:18:21:35 | path.split('/')[0] | contextFunctionInterfaces | | -| autogenerated/TaintedPath/tainted-string-steps.js:21:18:21:35 | path.split('/')[0] | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/tainted-string-steps.js:21:18:21:35 | path.split('/')[0] | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path substring i j fs readFileSync path substring 4 fs readFileSync path substring 0 i fs readFileSync path substr 4 fs readFileSync path slice 4 fs readFileSync path concat unknown fs readFileSync unknown concat path fs readFileSync unknown concat unknown path fs readFileSync path trim fs readFileSync path toLowerCase fs readFileSync path split / fs readFileSync path 0 split / 0 fs readFileSync path split / i fs readFileSync path split /\\// i fs readFileSync path 0 split ? 0 fs readFileSync path split unknown i fs readFileSync path split unknown whatever fs readFileSync path split unknown fs readFileSync path split ? i | -| autogenerated/TaintedPath/tainted-string-steps.js:21:18:21:35 | path.split('/')[0] | enclosingFunctionName | http.createServer#functionalargument | -| autogenerated/TaintedPath/tainted-string-steps.js:21:18:21:35 | path.split('/')[0] | fileImports | fs http url | -| autogenerated/TaintedPath/tainted-string-steps.js:21:18:21:35 | path.split('/')[0] | receiverName | fs | -| autogenerated/TaintedPath/tainted-string-steps.js:21:18:21:35 | path.split('/')[0] | stringConcatenatedWith | | -| autogenerated/TaintedPath/tainted-string-steps.js:21:29:21:31 | '/' | CalleeFlexibleAccessPath | path.split | -| autogenerated/TaintedPath/tainted-string-steps.js:21:29:21:31 | '/' | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/tainted-string-steps.js:21:29:21:31 | '/' | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/tainted-string-steps.js:21:29:21:31 | '/' | assignedToPropName | | -| autogenerated/TaintedPath/tainted-string-steps.js:21:29:21:31 | '/' | calleeImports | url | -| autogenerated/TaintedPath/tainted-string-steps.js:21:29:21:31 | '/' | contextFunctionInterfaces | | -| autogenerated/TaintedPath/tainted-string-steps.js:21:29:21:31 | '/' | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/tainted-string-steps.js:21:29:21:31 | '/' | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path substring i j fs readFileSync path substring 4 fs readFileSync path substring 0 i fs readFileSync path substr 4 fs readFileSync path slice 4 fs readFileSync path concat unknown fs readFileSync unknown concat path fs readFileSync unknown concat unknown path fs readFileSync path trim fs readFileSync path toLowerCase fs readFileSync path split / fs readFileSync path 0 split / 0 fs readFileSync path split / i fs readFileSync path split /\\// i fs readFileSync path 0 split ? 0 fs readFileSync path split unknown i fs readFileSync path split unknown whatever fs readFileSync path split unknown fs readFileSync path split ? i | -| autogenerated/TaintedPath/tainted-string-steps.js:21:29:21:31 | '/' | enclosingFunctionName | http.createServer#functionalargument | -| autogenerated/TaintedPath/tainted-string-steps.js:21:29:21:31 | '/' | fileImports | fs http url | -| autogenerated/TaintedPath/tainted-string-steps.js:21:29:21:31 | '/' | receiverName | path | -| autogenerated/TaintedPath/tainted-string-steps.js:21:29:21:31 | '/' | stringConcatenatedWith | | -| autogenerated/TaintedPath/tainted-string-steps.js:22:18:22:35 | path.split('/')[i] | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/tainted-string-steps.js:22:18:22:35 | path.split('/')[i] | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/tainted-string-steps.js:22:18:22:35 | path.split('/')[i] | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/tainted-string-steps.js:22:18:22:35 | path.split('/')[i] | assignedToPropName | | -| autogenerated/TaintedPath/tainted-string-steps.js:22:18:22:35 | path.split('/')[i] | calleeImports | fs | -| autogenerated/TaintedPath/tainted-string-steps.js:22:18:22:35 | path.split('/')[i] | contextFunctionInterfaces | | -| autogenerated/TaintedPath/tainted-string-steps.js:22:18:22:35 | path.split('/')[i] | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/tainted-string-steps.js:22:18:22:35 | path.split('/')[i] | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path substring i j fs readFileSync path substring 4 fs readFileSync path substring 0 i fs readFileSync path substr 4 fs readFileSync path slice 4 fs readFileSync path concat unknown fs readFileSync unknown concat path fs readFileSync unknown concat unknown path fs readFileSync path trim fs readFileSync path toLowerCase fs readFileSync path split / fs readFileSync path 0 split / 0 fs readFileSync path split / i fs readFileSync path split /\\// i fs readFileSync path 0 split ? 0 fs readFileSync path split unknown i fs readFileSync path split unknown whatever fs readFileSync path split unknown fs readFileSync path split ? i | -| autogenerated/TaintedPath/tainted-string-steps.js:22:18:22:35 | path.split('/')[i] | enclosingFunctionName | http.createServer#functionalargument | -| autogenerated/TaintedPath/tainted-string-steps.js:22:18:22:35 | path.split('/')[i] | fileImports | fs http url | -| autogenerated/TaintedPath/tainted-string-steps.js:22:18:22:35 | path.split('/')[i] | receiverName | fs | -| autogenerated/TaintedPath/tainted-string-steps.js:22:18:22:35 | path.split('/')[i] | stringConcatenatedWith | | -| autogenerated/TaintedPath/tainted-string-steps.js:22:29:22:31 | '/' | CalleeFlexibleAccessPath | path.split | -| autogenerated/TaintedPath/tainted-string-steps.js:22:29:22:31 | '/' | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/tainted-string-steps.js:22:29:22:31 | '/' | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/tainted-string-steps.js:22:29:22:31 | '/' | assignedToPropName | | -| autogenerated/TaintedPath/tainted-string-steps.js:22:29:22:31 | '/' | calleeImports | url | -| autogenerated/TaintedPath/tainted-string-steps.js:22:29:22:31 | '/' | contextFunctionInterfaces | | -| autogenerated/TaintedPath/tainted-string-steps.js:22:29:22:31 | '/' | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/tainted-string-steps.js:22:29:22:31 | '/' | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path substring i j fs readFileSync path substring 4 fs readFileSync path substring 0 i fs readFileSync path substr 4 fs readFileSync path slice 4 fs readFileSync path concat unknown fs readFileSync unknown concat path fs readFileSync unknown concat unknown path fs readFileSync path trim fs readFileSync path toLowerCase fs readFileSync path split / fs readFileSync path 0 split / 0 fs readFileSync path split / i fs readFileSync path split /\\// i fs readFileSync path 0 split ? 0 fs readFileSync path split unknown i fs readFileSync path split unknown whatever fs readFileSync path split unknown fs readFileSync path split ? i | -| autogenerated/TaintedPath/tainted-string-steps.js:22:29:22:31 | '/' | enclosingFunctionName | http.createServer#functionalargument | -| autogenerated/TaintedPath/tainted-string-steps.js:22:29:22:31 | '/' | fileImports | fs http url | -| autogenerated/TaintedPath/tainted-string-steps.js:22:29:22:31 | '/' | receiverName | path | -| autogenerated/TaintedPath/tainted-string-steps.js:22:29:22:31 | '/' | stringConcatenatedWith | | -| autogenerated/TaintedPath/tainted-string-steps.js:23:18:23:36 | path.split(/\\//)[i] | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/tainted-string-steps.js:23:18:23:36 | path.split(/\\//)[i] | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/tainted-string-steps.js:23:18:23:36 | path.split(/\\//)[i] | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/tainted-string-steps.js:23:18:23:36 | path.split(/\\//)[i] | assignedToPropName | | -| autogenerated/TaintedPath/tainted-string-steps.js:23:18:23:36 | path.split(/\\//)[i] | calleeImports | fs | -| autogenerated/TaintedPath/tainted-string-steps.js:23:18:23:36 | path.split(/\\//)[i] | contextFunctionInterfaces | | -| autogenerated/TaintedPath/tainted-string-steps.js:23:18:23:36 | path.split(/\\//)[i] | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/tainted-string-steps.js:23:18:23:36 | path.split(/\\//)[i] | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path substring i j fs readFileSync path substring 4 fs readFileSync path substring 0 i fs readFileSync path substr 4 fs readFileSync path slice 4 fs readFileSync path concat unknown fs readFileSync unknown concat path fs readFileSync unknown concat unknown path fs readFileSync path trim fs readFileSync path toLowerCase fs readFileSync path split / fs readFileSync path 0 split / 0 fs readFileSync path split / i fs readFileSync path split /\\// i fs readFileSync path 0 split ? 0 fs readFileSync path split unknown i fs readFileSync path split unknown whatever fs readFileSync path split unknown fs readFileSync path split ? i | -| autogenerated/TaintedPath/tainted-string-steps.js:23:18:23:36 | path.split(/\\//)[i] | enclosingFunctionName | http.createServer#functionalargument | -| autogenerated/TaintedPath/tainted-string-steps.js:23:18:23:36 | path.split(/\\//)[i] | fileImports | fs http url | -| autogenerated/TaintedPath/tainted-string-steps.js:23:18:23:36 | path.split(/\\//)[i] | receiverName | fs | -| autogenerated/TaintedPath/tainted-string-steps.js:23:18:23:36 | path.split(/\\//)[i] | stringConcatenatedWith | | -| autogenerated/TaintedPath/tainted-string-steps.js:23:29:23:32 | /\\// | CalleeFlexibleAccessPath | path.split | -| autogenerated/TaintedPath/tainted-string-steps.js:23:29:23:32 | /\\// | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/tainted-string-steps.js:23:29:23:32 | /\\// | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/tainted-string-steps.js:23:29:23:32 | /\\// | assignedToPropName | | -| autogenerated/TaintedPath/tainted-string-steps.js:23:29:23:32 | /\\// | calleeImports | url | -| autogenerated/TaintedPath/tainted-string-steps.js:23:29:23:32 | /\\// | contextFunctionInterfaces | | -| autogenerated/TaintedPath/tainted-string-steps.js:23:29:23:32 | /\\// | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/tainted-string-steps.js:23:29:23:32 | /\\// | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path substring i j fs readFileSync path substring 4 fs readFileSync path substring 0 i fs readFileSync path substr 4 fs readFileSync path slice 4 fs readFileSync path concat unknown fs readFileSync unknown concat path fs readFileSync unknown concat unknown path fs readFileSync path trim fs readFileSync path toLowerCase fs readFileSync path split / fs readFileSync path 0 split / 0 fs readFileSync path split / i fs readFileSync path split /\\// i fs readFileSync path 0 split ? 0 fs readFileSync path split unknown i fs readFileSync path split unknown whatever fs readFileSync path split unknown fs readFileSync path split ? i | -| autogenerated/TaintedPath/tainted-string-steps.js:23:29:23:32 | /\\// | enclosingFunctionName | http.createServer#functionalargument | -| autogenerated/TaintedPath/tainted-string-steps.js:23:29:23:32 | /\\// | fileImports | fs http url | -| autogenerated/TaintedPath/tainted-string-steps.js:23:29:23:32 | /\\// | receiverName | path | -| autogenerated/TaintedPath/tainted-string-steps.js:23:29:23:32 | /\\// | stringConcatenatedWith | | -| autogenerated/TaintedPath/tainted-string-steps.js:24:18:24:35 | path.split("?")[0] | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/tainted-string-steps.js:24:18:24:35 | path.split("?")[0] | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/tainted-string-steps.js:24:18:24:35 | path.split("?")[0] | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/tainted-string-steps.js:24:18:24:35 | path.split("?")[0] | assignedToPropName | | -| autogenerated/TaintedPath/tainted-string-steps.js:24:18:24:35 | path.split("?")[0] | calleeImports | fs | -| autogenerated/TaintedPath/tainted-string-steps.js:24:18:24:35 | path.split("?")[0] | contextFunctionInterfaces | | -| autogenerated/TaintedPath/tainted-string-steps.js:24:18:24:35 | path.split("?")[0] | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/tainted-string-steps.js:24:18:24:35 | path.split("?")[0] | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path substring i j fs readFileSync path substring 4 fs readFileSync path substring 0 i fs readFileSync path substr 4 fs readFileSync path slice 4 fs readFileSync path concat unknown fs readFileSync unknown concat path fs readFileSync unknown concat unknown path fs readFileSync path trim fs readFileSync path toLowerCase fs readFileSync path split / fs readFileSync path 0 split / 0 fs readFileSync path split / i fs readFileSync path split /\\// i fs readFileSync path 0 split ? 0 fs readFileSync path split unknown i fs readFileSync path split unknown whatever fs readFileSync path split unknown fs readFileSync path split ? i | -| autogenerated/TaintedPath/tainted-string-steps.js:24:18:24:35 | path.split("?")[0] | enclosingFunctionName | http.createServer#functionalargument | -| autogenerated/TaintedPath/tainted-string-steps.js:24:18:24:35 | path.split("?")[0] | fileImports | fs http url | -| autogenerated/TaintedPath/tainted-string-steps.js:24:18:24:35 | path.split("?")[0] | receiverName | fs | -| autogenerated/TaintedPath/tainted-string-steps.js:24:18:24:35 | path.split("?")[0] | stringConcatenatedWith | | -| autogenerated/TaintedPath/tainted-string-steps.js:24:29:24:31 | "?" | CalleeFlexibleAccessPath | path.split | -| autogenerated/TaintedPath/tainted-string-steps.js:24:29:24:31 | "?" | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/tainted-string-steps.js:24:29:24:31 | "?" | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/tainted-string-steps.js:24:29:24:31 | "?" | assignedToPropName | | -| autogenerated/TaintedPath/tainted-string-steps.js:24:29:24:31 | "?" | calleeImports | url | -| autogenerated/TaintedPath/tainted-string-steps.js:24:29:24:31 | "?" | contextFunctionInterfaces | | -| autogenerated/TaintedPath/tainted-string-steps.js:24:29:24:31 | "?" | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/tainted-string-steps.js:24:29:24:31 | "?" | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path substring i j fs readFileSync path substring 4 fs readFileSync path substring 0 i fs readFileSync path substr 4 fs readFileSync path slice 4 fs readFileSync path concat unknown fs readFileSync unknown concat path fs readFileSync unknown concat unknown path fs readFileSync path trim fs readFileSync path toLowerCase fs readFileSync path split / fs readFileSync path 0 split / 0 fs readFileSync path split / i fs readFileSync path split /\\// i fs readFileSync path 0 split ? 0 fs readFileSync path split unknown i fs readFileSync path split unknown whatever fs readFileSync path split unknown fs readFileSync path split ? i | -| autogenerated/TaintedPath/tainted-string-steps.js:24:29:24:31 | "?" | enclosingFunctionName | http.createServer#functionalargument | -| autogenerated/TaintedPath/tainted-string-steps.js:24:29:24:31 | "?" | fileImports | fs http url | -| autogenerated/TaintedPath/tainted-string-steps.js:24:29:24:31 | "?" | receiverName | path | -| autogenerated/TaintedPath/tainted-string-steps.js:24:29:24:31 | "?" | stringConcatenatedWith | | -| autogenerated/TaintedPath/tainted-string-steps.js:25:18:25:39 | path.sp ... own)[i] | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/tainted-string-steps.js:25:18:25:39 | path.sp ... own)[i] | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/tainted-string-steps.js:25:18:25:39 | path.sp ... own)[i] | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/tainted-string-steps.js:25:18:25:39 | path.sp ... own)[i] | assignedToPropName | | -| autogenerated/TaintedPath/tainted-string-steps.js:25:18:25:39 | path.sp ... own)[i] | calleeImports | fs | -| autogenerated/TaintedPath/tainted-string-steps.js:25:18:25:39 | path.sp ... own)[i] | contextFunctionInterfaces | | -| autogenerated/TaintedPath/tainted-string-steps.js:25:18:25:39 | path.sp ... own)[i] | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/tainted-string-steps.js:25:18:25:39 | path.sp ... own)[i] | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path substring i j fs readFileSync path substring 4 fs readFileSync path substring 0 i fs readFileSync path substr 4 fs readFileSync path slice 4 fs readFileSync path concat unknown fs readFileSync unknown concat path fs readFileSync unknown concat unknown path fs readFileSync path trim fs readFileSync path toLowerCase fs readFileSync path split / fs readFileSync path 0 split / 0 fs readFileSync path split / i fs readFileSync path split /\\// i fs readFileSync path 0 split ? 0 fs readFileSync path split unknown i fs readFileSync path split unknown whatever fs readFileSync path split unknown fs readFileSync path split ? i | -| autogenerated/TaintedPath/tainted-string-steps.js:25:18:25:39 | path.sp ... own)[i] | enclosingFunctionName | http.createServer#functionalargument | -| autogenerated/TaintedPath/tainted-string-steps.js:25:18:25:39 | path.sp ... own)[i] | fileImports | fs http url | -| autogenerated/TaintedPath/tainted-string-steps.js:25:18:25:39 | path.sp ... own)[i] | receiverName | fs | -| autogenerated/TaintedPath/tainted-string-steps.js:25:18:25:39 | path.sp ... own)[i] | stringConcatenatedWith | | -| autogenerated/TaintedPath/tainted-string-steps.js:25:29:25:35 | unknown | CalleeFlexibleAccessPath | path.split | -| autogenerated/TaintedPath/tainted-string-steps.js:25:29:25:35 | unknown | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/tainted-string-steps.js:25:29:25:35 | unknown | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/tainted-string-steps.js:25:29:25:35 | unknown | assignedToPropName | | -| autogenerated/TaintedPath/tainted-string-steps.js:25:29:25:35 | unknown | calleeImports | url | -| autogenerated/TaintedPath/tainted-string-steps.js:25:29:25:35 | unknown | contextFunctionInterfaces | | -| autogenerated/TaintedPath/tainted-string-steps.js:25:29:25:35 | unknown | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/tainted-string-steps.js:25:29:25:35 | unknown | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path substring i j fs readFileSync path substring 4 fs readFileSync path substring 0 i fs readFileSync path substr 4 fs readFileSync path slice 4 fs readFileSync path concat unknown fs readFileSync unknown concat path fs readFileSync unknown concat unknown path fs readFileSync path trim fs readFileSync path toLowerCase fs readFileSync path split / fs readFileSync path 0 split / 0 fs readFileSync path split / i fs readFileSync path split /\\// i fs readFileSync path 0 split ? 0 fs readFileSync path split unknown i fs readFileSync path split unknown whatever fs readFileSync path split unknown fs readFileSync path split ? i | -| autogenerated/TaintedPath/tainted-string-steps.js:25:29:25:35 | unknown | enclosingFunctionName | http.createServer#functionalargument | -| autogenerated/TaintedPath/tainted-string-steps.js:25:29:25:35 | unknown | fileImports | fs http url | -| autogenerated/TaintedPath/tainted-string-steps.js:25:29:25:35 | unknown | receiverName | path | -| autogenerated/TaintedPath/tainted-string-steps.js:25:29:25:35 | unknown | stringConcatenatedWith | | -| autogenerated/TaintedPath/tainted-string-steps.js:26:18:26:45 | path.sp ... hatever | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/tainted-string-steps.js:26:18:26:45 | path.sp ... hatever | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/tainted-string-steps.js:26:18:26:45 | path.sp ... hatever | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/tainted-string-steps.js:26:18:26:45 | path.sp ... hatever | assignedToPropName | | -| autogenerated/TaintedPath/tainted-string-steps.js:26:18:26:45 | path.sp ... hatever | calleeImports | fs | -| autogenerated/TaintedPath/tainted-string-steps.js:26:18:26:45 | path.sp ... hatever | contextFunctionInterfaces | | -| autogenerated/TaintedPath/tainted-string-steps.js:26:18:26:45 | path.sp ... hatever | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/tainted-string-steps.js:26:18:26:45 | path.sp ... hatever | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path substring i j fs readFileSync path substring 4 fs readFileSync path substring 0 i fs readFileSync path substr 4 fs readFileSync path slice 4 fs readFileSync path concat unknown fs readFileSync unknown concat path fs readFileSync unknown concat unknown path fs readFileSync path trim fs readFileSync path toLowerCase fs readFileSync path split / fs readFileSync path 0 split / 0 fs readFileSync path split / i fs readFileSync path split /\\// i fs readFileSync path 0 split ? 0 fs readFileSync path split unknown i fs readFileSync path split unknown whatever fs readFileSync path split unknown fs readFileSync path split ? i | -| autogenerated/TaintedPath/tainted-string-steps.js:26:18:26:45 | path.sp ... hatever | enclosingFunctionName | http.createServer#functionalargument | -| autogenerated/TaintedPath/tainted-string-steps.js:26:18:26:45 | path.sp ... hatever | fileImports | fs http url | -| autogenerated/TaintedPath/tainted-string-steps.js:26:18:26:45 | path.sp ... hatever | receiverName | fs | -| autogenerated/TaintedPath/tainted-string-steps.js:26:18:26:45 | path.sp ... hatever | stringConcatenatedWith | | -| autogenerated/TaintedPath/tainted-string-steps.js:26:29:26:35 | unknown | CalleeFlexibleAccessPath | path.split | -| autogenerated/TaintedPath/tainted-string-steps.js:26:29:26:35 | unknown | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/tainted-string-steps.js:26:29:26:35 | unknown | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/tainted-string-steps.js:26:29:26:35 | unknown | assignedToPropName | | -| autogenerated/TaintedPath/tainted-string-steps.js:26:29:26:35 | unknown | calleeImports | url | -| autogenerated/TaintedPath/tainted-string-steps.js:26:29:26:35 | unknown | contextFunctionInterfaces | | -| autogenerated/TaintedPath/tainted-string-steps.js:26:29:26:35 | unknown | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/tainted-string-steps.js:26:29:26:35 | unknown | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path substring i j fs readFileSync path substring 4 fs readFileSync path substring 0 i fs readFileSync path substr 4 fs readFileSync path slice 4 fs readFileSync path concat unknown fs readFileSync unknown concat path fs readFileSync unknown concat unknown path fs readFileSync path trim fs readFileSync path toLowerCase fs readFileSync path split / fs readFileSync path 0 split / 0 fs readFileSync path split / i fs readFileSync path split /\\// i fs readFileSync path 0 split ? 0 fs readFileSync path split unknown i fs readFileSync path split unknown whatever fs readFileSync path split unknown fs readFileSync path split ? i | -| autogenerated/TaintedPath/tainted-string-steps.js:26:29:26:35 | unknown | enclosingFunctionName | http.createServer#functionalargument | -| autogenerated/TaintedPath/tainted-string-steps.js:26:29:26:35 | unknown | fileImports | fs http url | -| autogenerated/TaintedPath/tainted-string-steps.js:26:29:26:35 | unknown | receiverName | path | -| autogenerated/TaintedPath/tainted-string-steps.js:26:29:26:35 | unknown | stringConcatenatedWith | | -| autogenerated/TaintedPath/tainted-string-steps.js:27:18:27:36 | path.split(unknown) | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/tainted-string-steps.js:27:18:27:36 | path.split(unknown) | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/tainted-string-steps.js:27:18:27:36 | path.split(unknown) | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/tainted-string-steps.js:27:18:27:36 | path.split(unknown) | assignedToPropName | | -| autogenerated/TaintedPath/tainted-string-steps.js:27:18:27:36 | path.split(unknown) | calleeImports | fs | -| autogenerated/TaintedPath/tainted-string-steps.js:27:18:27:36 | path.split(unknown) | contextFunctionInterfaces | | -| autogenerated/TaintedPath/tainted-string-steps.js:27:18:27:36 | path.split(unknown) | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/tainted-string-steps.js:27:18:27:36 | path.split(unknown) | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path substring i j fs readFileSync path substring 4 fs readFileSync path substring 0 i fs readFileSync path substr 4 fs readFileSync path slice 4 fs readFileSync path concat unknown fs readFileSync unknown concat path fs readFileSync unknown concat unknown path fs readFileSync path trim fs readFileSync path toLowerCase fs readFileSync path split / fs readFileSync path 0 split / 0 fs readFileSync path split / i fs readFileSync path split /\\// i fs readFileSync path 0 split ? 0 fs readFileSync path split unknown i fs readFileSync path split unknown whatever fs readFileSync path split unknown fs readFileSync path split ? i | -| autogenerated/TaintedPath/tainted-string-steps.js:27:18:27:36 | path.split(unknown) | enclosingFunctionName | http.createServer#functionalargument | -| autogenerated/TaintedPath/tainted-string-steps.js:27:18:27:36 | path.split(unknown) | fileImports | fs http url | -| autogenerated/TaintedPath/tainted-string-steps.js:27:18:27:36 | path.split(unknown) | receiverName | fs | -| autogenerated/TaintedPath/tainted-string-steps.js:27:18:27:36 | path.split(unknown) | stringConcatenatedWith | | -| autogenerated/TaintedPath/tainted-string-steps.js:27:29:27:35 | unknown | CalleeFlexibleAccessPath | path.split | -| autogenerated/TaintedPath/tainted-string-steps.js:27:29:27:35 | unknown | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/tainted-string-steps.js:27:29:27:35 | unknown | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/tainted-string-steps.js:27:29:27:35 | unknown | assignedToPropName | | -| autogenerated/TaintedPath/tainted-string-steps.js:27:29:27:35 | unknown | calleeImports | url | -| autogenerated/TaintedPath/tainted-string-steps.js:27:29:27:35 | unknown | contextFunctionInterfaces | | -| autogenerated/TaintedPath/tainted-string-steps.js:27:29:27:35 | unknown | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/tainted-string-steps.js:27:29:27:35 | unknown | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path substring i j fs readFileSync path substring 4 fs readFileSync path substring 0 i fs readFileSync path substr 4 fs readFileSync path slice 4 fs readFileSync path concat unknown fs readFileSync unknown concat path fs readFileSync unknown concat unknown path fs readFileSync path trim fs readFileSync path toLowerCase fs readFileSync path split / fs readFileSync path 0 split / 0 fs readFileSync path split / i fs readFileSync path split /\\// i fs readFileSync path 0 split ? 0 fs readFileSync path split unknown i fs readFileSync path split unknown whatever fs readFileSync path split unknown fs readFileSync path split ? i | -| autogenerated/TaintedPath/tainted-string-steps.js:27:29:27:35 | unknown | enclosingFunctionName | http.createServer#functionalargument | -| autogenerated/TaintedPath/tainted-string-steps.js:27:29:27:35 | unknown | fileImports | fs http url | -| autogenerated/TaintedPath/tainted-string-steps.js:27:29:27:35 | unknown | receiverName | path | -| autogenerated/TaintedPath/tainted-string-steps.js:27:29:27:35 | unknown | stringConcatenatedWith | | -| autogenerated/TaintedPath/tainted-string-steps.js:28:18:28:35 | path.split("?")[i] | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/tainted-string-steps.js:28:18:28:35 | path.split("?")[i] | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/tainted-string-steps.js:28:18:28:35 | path.split("?")[i] | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/tainted-string-steps.js:28:18:28:35 | path.split("?")[i] | assignedToPropName | | -| autogenerated/TaintedPath/tainted-string-steps.js:28:18:28:35 | path.split("?")[i] | calleeImports | fs | -| autogenerated/TaintedPath/tainted-string-steps.js:28:18:28:35 | path.split("?")[i] | contextFunctionInterfaces | | -| autogenerated/TaintedPath/tainted-string-steps.js:28:18:28:35 | path.split("?")[i] | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/tainted-string-steps.js:28:18:28:35 | path.split("?")[i] | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path substring i j fs readFileSync path substring 4 fs readFileSync path substring 0 i fs readFileSync path substr 4 fs readFileSync path slice 4 fs readFileSync path concat unknown fs readFileSync unknown concat path fs readFileSync unknown concat unknown path fs readFileSync path trim fs readFileSync path toLowerCase fs readFileSync path split / fs readFileSync path 0 split / 0 fs readFileSync path split / i fs readFileSync path split /\\// i fs readFileSync path 0 split ? 0 fs readFileSync path split unknown i fs readFileSync path split unknown whatever fs readFileSync path split unknown fs readFileSync path split ? i | -| autogenerated/TaintedPath/tainted-string-steps.js:28:18:28:35 | path.split("?")[i] | enclosingFunctionName | http.createServer#functionalargument | -| autogenerated/TaintedPath/tainted-string-steps.js:28:18:28:35 | path.split("?")[i] | fileImports | fs http url | -| autogenerated/TaintedPath/tainted-string-steps.js:28:18:28:35 | path.split("?")[i] | receiverName | fs | -| autogenerated/TaintedPath/tainted-string-steps.js:28:18:28:35 | path.split("?")[i] | stringConcatenatedWith | | -| autogenerated/TaintedPath/tainted-string-steps.js:28:29:28:31 | "?" | CalleeFlexibleAccessPath | path.split | -| autogenerated/TaintedPath/tainted-string-steps.js:28:29:28:31 | "?" | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/tainted-string-steps.js:28:29:28:31 | "?" | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/tainted-string-steps.js:28:29:28:31 | "?" | assignedToPropName | | -| autogenerated/TaintedPath/tainted-string-steps.js:28:29:28:31 | "?" | calleeImports | url | -| autogenerated/TaintedPath/tainted-string-steps.js:28:29:28:31 | "?" | contextFunctionInterfaces | | -| autogenerated/TaintedPath/tainted-string-steps.js:28:29:28:31 | "?" | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/tainted-string-steps.js:28:29:28:31 | "?" | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path substring i j fs readFileSync path substring 4 fs readFileSync path substring 0 i fs readFileSync path substr 4 fs readFileSync path slice 4 fs readFileSync path concat unknown fs readFileSync unknown concat path fs readFileSync unknown concat unknown path fs readFileSync path trim fs readFileSync path toLowerCase fs readFileSync path split / fs readFileSync path 0 split / 0 fs readFileSync path split / i fs readFileSync path split /\\// i fs readFileSync path 0 split ? 0 fs readFileSync path split unknown i fs readFileSync path split unknown whatever fs readFileSync path split unknown fs readFileSync path split ? i | -| autogenerated/TaintedPath/tainted-string-steps.js:28:29:28:31 | "?" | enclosingFunctionName | http.createServer#functionalargument | -| autogenerated/TaintedPath/tainted-string-steps.js:28:29:28:31 | "?" | fileImports | fs http url | -| autogenerated/TaintedPath/tainted-string-steps.js:28:29:28:31 | "?" | receiverName | path | -| autogenerated/TaintedPath/tainted-string-steps.js:28:29:28:31 | "?" | stringConcatenatedWith | | -| autogenerated/TaintedPath/torrents.js:1:30:1:44 | 'parse-torrent' | CalleeFlexibleAccessPath | require | -| autogenerated/TaintedPath/torrents.js:1:30:1:44 | 'parse-torrent' | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/torrents.js:1:30:1:44 | 'parse-torrent' | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/torrents.js:1:30:1:44 | 'parse-torrent' | assignedToPropName | | -| autogenerated/TaintedPath/torrents.js:1:30:1:44 | 'parse-torrent' | calleeImports | | -| autogenerated/TaintedPath/torrents.js:1:30:1:44 | 'parse-torrent' | contextFunctionInterfaces | getTorrentData(dir, torrent) | -| autogenerated/TaintedPath/torrents.js:1:30:1:44 | 'parse-torrent' | contextSurroundingFunctionParameters | | -| autogenerated/TaintedPath/torrents.js:1:30:1:44 | 'parse-torrent' | enclosingFunctionBody | | -| autogenerated/TaintedPath/torrents.js:1:30:1:44 | 'parse-torrent' | enclosingFunctionName | | -| autogenerated/TaintedPath/torrents.js:1:30:1:44 | 'parse-torrent' | fileImports | fs parse-torrent | -| autogenerated/TaintedPath/torrents.js:1:30:1:44 | 'parse-torrent' | receiverName | | -| autogenerated/TaintedPath/torrents.js:1:30:1:44 | 'parse-torrent' | stringConcatenatedWith | | -| autogenerated/TaintedPath/torrents.js:2:20:2:23 | 'fs' | CalleeFlexibleAccessPath | require | -| autogenerated/TaintedPath/torrents.js:2:20:2:23 | 'fs' | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/torrents.js:2:20:2:23 | 'fs' | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/torrents.js:2:20:2:23 | 'fs' | assignedToPropName | | -| autogenerated/TaintedPath/torrents.js:2:20:2:23 | 'fs' | calleeImports | | -| autogenerated/TaintedPath/torrents.js:2:20:2:23 | 'fs' | contextFunctionInterfaces | getTorrentData(dir, torrent) | -| autogenerated/TaintedPath/torrents.js:2:20:2:23 | 'fs' | contextSurroundingFunctionParameters | | -| autogenerated/TaintedPath/torrents.js:2:20:2:23 | 'fs' | enclosingFunctionBody | | -| autogenerated/TaintedPath/torrents.js:2:20:2:23 | 'fs' | enclosingFunctionName | | -| autogenerated/TaintedPath/torrents.js:2:20:2:23 | 'fs' | fileImports | fs parse-torrent | -| autogenerated/TaintedPath/torrents.js:2:20:2:23 | 'fs' | receiverName | | -| autogenerated/TaintedPath/torrents.js:2:20:2:23 | 'fs' | stringConcatenatedWith | | -| autogenerated/TaintedPath/torrents.js:5:26:5:32 | torrent | CalleeFlexibleAccessPath | parseTorrent | -| autogenerated/TaintedPath/torrents.js:5:26:5:32 | torrent | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/torrents.js:5:26:5:32 | torrent | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/torrents.js:5:26:5:32 | torrent | assignedToPropName | | -| autogenerated/TaintedPath/torrents.js:5:26:5:32 | torrent | calleeImports | parse-torrent | -| autogenerated/TaintedPath/torrents.js:5:26:5:32 | torrent | contextFunctionInterfaces | getTorrentData(dir, torrent) | -| autogenerated/TaintedPath/torrents.js:5:26:5:32 | torrent | contextSurroundingFunctionParameters | (dir, torrent) | -| autogenerated/TaintedPath/torrents.js:5:26:5:32 | torrent | enclosingFunctionBody | dir torrent name parseTorrent torrent name loc dir / name .torrent.data fs readFileSync loc | -| autogenerated/TaintedPath/torrents.js:5:26:5:32 | torrent | enclosingFunctionName | getTorrentData | -| autogenerated/TaintedPath/torrents.js:5:26:5:32 | torrent | fileImports | fs parse-torrent | -| autogenerated/TaintedPath/torrents.js:5:26:5:32 | torrent | receiverName | | -| autogenerated/TaintedPath/torrents.js:5:26:5:32 | torrent | stringConcatenatedWith | | -| autogenerated/TaintedPath/torrents.js:6:12:6:20 | dir + "/" | CalleeFlexibleAccessPath | | -| autogenerated/TaintedPath/torrents.js:6:12:6:20 | dir + "/" | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/torrents.js:6:12:6:20 | dir + "/" | InputArgumentIndex | | -| autogenerated/TaintedPath/torrents.js:6:12:6:20 | dir + "/" | assignedToPropName | | -| autogenerated/TaintedPath/torrents.js:6:12:6:20 | dir + "/" | calleeImports | | -| autogenerated/TaintedPath/torrents.js:6:12:6:20 | dir + "/" | contextFunctionInterfaces | getTorrentData(dir, torrent) | -| autogenerated/TaintedPath/torrents.js:6:12:6:20 | dir + "/" | contextSurroundingFunctionParameters | (dir, torrent) | -| autogenerated/TaintedPath/torrents.js:6:12:6:20 | dir + "/" | enclosingFunctionBody | dir torrent name parseTorrent torrent name loc dir / name .torrent.data fs readFileSync loc | -| autogenerated/TaintedPath/torrents.js:6:12:6:20 | dir + "/" | enclosingFunctionName | getTorrentData | -| autogenerated/TaintedPath/torrents.js:6:12:6:20 | dir + "/" | fileImports | fs parse-torrent | -| autogenerated/TaintedPath/torrents.js:6:12:6:20 | dir + "/" | receiverName | | -| autogenerated/TaintedPath/torrents.js:6:12:6:20 | dir + "/" | stringConcatenatedWith | | -| autogenerated/TaintedPath/torrents.js:7:25:7:27 | loc | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/torrents.js:7:25:7:27 | loc | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/torrents.js:7:25:7:27 | loc | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/torrents.js:7:25:7:27 | loc | assignedToPropName | | -| autogenerated/TaintedPath/torrents.js:7:25:7:27 | loc | calleeImports | fs | -| autogenerated/TaintedPath/torrents.js:7:25:7:27 | loc | contextFunctionInterfaces | getTorrentData(dir, torrent) | -| autogenerated/TaintedPath/torrents.js:7:25:7:27 | loc | contextSurroundingFunctionParameters | (dir, torrent) | -| autogenerated/TaintedPath/torrents.js:7:25:7:27 | loc | enclosingFunctionBody | dir torrent name parseTorrent torrent name loc dir / name .torrent.data fs readFileSync loc | -| autogenerated/TaintedPath/torrents.js:7:25:7:27 | loc | enclosingFunctionName | getTorrentData | -| autogenerated/TaintedPath/torrents.js:7:25:7:27 | loc | fileImports | fs parse-torrent | -| autogenerated/TaintedPath/torrents.js:7:25:7:27 | loc | receiverName | fs | -| autogenerated/TaintedPath/torrents.js:7:25:7:27 | loc | stringConcatenatedWith | | -| autogenerated/TaintedPath/typescript.ts:1:18:1:21 | 'fs' | CalleeFlexibleAccessPath | require | -| autogenerated/TaintedPath/typescript.ts:1:18:1:21 | 'fs' | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/typescript.ts:1:18:1:21 | 'fs' | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/typescript.ts:1:18:1:21 | 'fs' | assignedToPropName | | -| autogenerated/TaintedPath/typescript.ts:1:18:1:21 | 'fs' | calleeImports | | -| autogenerated/TaintedPath/typescript.ts:1:18:1:21 | 'fs' | contextFunctionInterfaces | | -| autogenerated/TaintedPath/typescript.ts:1:18:1:21 | 'fs' | contextSurroundingFunctionParameters | | -| autogenerated/TaintedPath/typescript.ts:1:18:1:21 | 'fs' | enclosingFunctionBody | | -| autogenerated/TaintedPath/typescript.ts:1:18:1:21 | 'fs' | enclosingFunctionName | | -| autogenerated/TaintedPath/typescript.ts:1:18:1:21 | 'fs' | fileImports | fs http path sanitize-filename url | -| autogenerated/TaintedPath/typescript.ts:1:18:1:21 | 'fs' | receiverName | | -| autogenerated/TaintedPath/typescript.ts:1:18:1:21 | 'fs' | stringConcatenatedWith | | -| autogenerated/TaintedPath/typescript.ts:2:20:2:25 | 'http' | CalleeFlexibleAccessPath | require | -| autogenerated/TaintedPath/typescript.ts:2:20:2:25 | 'http' | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/typescript.ts:2:20:2:25 | 'http' | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/typescript.ts:2:20:2:25 | 'http' | assignedToPropName | | -| autogenerated/TaintedPath/typescript.ts:2:20:2:25 | 'http' | calleeImports | | -| autogenerated/TaintedPath/typescript.ts:2:20:2:25 | 'http' | contextFunctionInterfaces | | -| autogenerated/TaintedPath/typescript.ts:2:20:2:25 | 'http' | contextSurroundingFunctionParameters | | -| autogenerated/TaintedPath/typescript.ts:2:20:2:25 | 'http' | enclosingFunctionBody | | -| autogenerated/TaintedPath/typescript.ts:2:20:2:25 | 'http' | enclosingFunctionName | | -| autogenerated/TaintedPath/typescript.ts:2:20:2:25 | 'http' | fileImports | fs http path sanitize-filename url | -| autogenerated/TaintedPath/typescript.ts:2:20:2:25 | 'http' | receiverName | | -| autogenerated/TaintedPath/typescript.ts:2:20:2:25 | 'http' | stringConcatenatedWith | | -| autogenerated/TaintedPath/typescript.ts:3:19:3:23 | 'url' | CalleeFlexibleAccessPath | require | -| autogenerated/TaintedPath/typescript.ts:3:19:3:23 | 'url' | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/typescript.ts:3:19:3:23 | 'url' | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/typescript.ts:3:19:3:23 | 'url' | assignedToPropName | | -| autogenerated/TaintedPath/typescript.ts:3:19:3:23 | 'url' | calleeImports | | -| autogenerated/TaintedPath/typescript.ts:3:19:3:23 | 'url' | contextFunctionInterfaces | | -| autogenerated/TaintedPath/typescript.ts:3:19:3:23 | 'url' | contextSurroundingFunctionParameters | | -| autogenerated/TaintedPath/typescript.ts:3:19:3:23 | 'url' | enclosingFunctionBody | | -| autogenerated/TaintedPath/typescript.ts:3:19:3:23 | 'url' | enclosingFunctionName | | -| autogenerated/TaintedPath/typescript.ts:3:19:3:23 | 'url' | fileImports | fs http path sanitize-filename url | -| autogenerated/TaintedPath/typescript.ts:3:19:3:23 | 'url' | receiverName | | -| autogenerated/TaintedPath/typescript.ts:3:19:3:23 | 'url' | stringConcatenatedWith | | -| autogenerated/TaintedPath/typescript.ts:4:24:4:42 | 'sanitize-filename' | CalleeFlexibleAccessPath | require | -| autogenerated/TaintedPath/typescript.ts:4:24:4:42 | 'sanitize-filename' | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/typescript.ts:4:24:4:42 | 'sanitize-filename' | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/typescript.ts:4:24:4:42 | 'sanitize-filename' | assignedToPropName | | -| autogenerated/TaintedPath/typescript.ts:4:24:4:42 | 'sanitize-filename' | calleeImports | | -| autogenerated/TaintedPath/typescript.ts:4:24:4:42 | 'sanitize-filename' | contextFunctionInterfaces | | -| autogenerated/TaintedPath/typescript.ts:4:24:4:42 | 'sanitize-filename' | contextSurroundingFunctionParameters | | -| autogenerated/TaintedPath/typescript.ts:4:24:4:42 | 'sanitize-filename' | enclosingFunctionBody | | -| autogenerated/TaintedPath/typescript.ts:4:24:4:42 | 'sanitize-filename' | enclosingFunctionName | | -| autogenerated/TaintedPath/typescript.ts:4:24:4:42 | 'sanitize-filename' | fileImports | fs http path sanitize-filename url | -| autogenerated/TaintedPath/typescript.ts:4:24:4:42 | 'sanitize-filename' | receiverName | | -| autogenerated/TaintedPath/typescript.ts:4:24:4:42 | 'sanitize-filename' | stringConcatenatedWith | | -| autogenerated/TaintedPath/typescript.ts:5:26:5:31 | 'path' | CalleeFlexibleAccessPath | require | -| autogenerated/TaintedPath/typescript.ts:5:26:5:31 | 'path' | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/typescript.ts:5:26:5:31 | 'path' | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/typescript.ts:5:26:5:31 | 'path' | assignedToPropName | | -| autogenerated/TaintedPath/typescript.ts:5:26:5:31 | 'path' | calleeImports | | -| autogenerated/TaintedPath/typescript.ts:5:26:5:31 | 'path' | contextFunctionInterfaces | | -| autogenerated/TaintedPath/typescript.ts:5:26:5:31 | 'path' | contextSurroundingFunctionParameters | | -| autogenerated/TaintedPath/typescript.ts:5:26:5:31 | 'path' | enclosingFunctionBody | | -| autogenerated/TaintedPath/typescript.ts:5:26:5:31 | 'path' | enclosingFunctionName | | -| autogenerated/TaintedPath/typescript.ts:5:26:5:31 | 'path' | fileImports | fs http path sanitize-filename url | -| autogenerated/TaintedPath/typescript.ts:5:26:5:31 | 'path' | receiverName | | -| autogenerated/TaintedPath/typescript.ts:5:26:5:31 | 'path' | stringConcatenatedWith | | -| autogenerated/TaintedPath/typescript.ts:8:32:34:1 | functio ... nted\\n\\n} | CalleeFlexibleAccessPath | http.createServer | -| autogenerated/TaintedPath/typescript.ts:8:32:34:1 | functio ... nted\\n\\n} | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/typescript.ts:8:32:34:1 | functio ... nted\\n\\n} | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/typescript.ts:8:32:34:1 | functio ... nted\\n\\n} | assignedToPropName | | -| autogenerated/TaintedPath/typescript.ts:8:32:34:1 | functio ... nted\\n\\n} | calleeImports | http | -| autogenerated/TaintedPath/typescript.ts:8:32:34:1 | functio ... nted\\n\\n} | contextFunctionInterfaces | | -| autogenerated/TaintedPath/typescript.ts:8:32:34:1 | functio ... nted\\n\\n} | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/typescript.ts:8:32:34:1 | functio ... nted\\n\\n} | enclosingFunctionBody | | -| autogenerated/TaintedPath/typescript.ts:8:32:34:1 | functio ... nted\\n\\n} | enclosingFunctionName | | -| autogenerated/TaintedPath/typescript.ts:8:32:34:1 | functio ... nted\\n\\n} | fileImports | fs http path sanitize-filename url | -| autogenerated/TaintedPath/typescript.ts:8:32:34:1 | functio ... nted\\n\\n} | receiverName | http | -| autogenerated/TaintedPath/typescript.ts:8:32:34:1 | functio ... nted\\n\\n} | stringConcatenatedWith | | -| autogenerated/TaintedPath/typescript.ts:12:29:12:32 | path | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/typescript.ts:12:29:12:32 | path | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/typescript.ts:12:29:12:32 | path | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/typescript.ts:12:29:12:32 | path | assignedToPropName | | -| autogenerated/TaintedPath/typescript.ts:12:29:12:32 | path | calleeImports | fs | -| autogenerated/TaintedPath/typescript.ts:12:29:12:32 | path | contextFunctionInterfaces | | -| autogenerated/TaintedPath/typescript.ts:12:29:12:32 | path | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/typescript.ts:12:29:12:32 | path | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path path foo.txt res write fs readFileSync path path2 path path2 res write fs readFileSync path2 path3 path path3 res write fs readFileSync path3 path4 path path4 res write fs readFileSync path4 path5 path path5 clean res write fs readFileSync path5 path6 path path6 clean res write fs readFileSync path6 | -| autogenerated/TaintedPath/typescript.ts:12:29:12:32 | path | enclosingFunctionName | http.createServer#functionalargument | -| autogenerated/TaintedPath/typescript.ts:12:29:12:32 | path | fileImports | fs http path sanitize-filename url | -| autogenerated/TaintedPath/typescript.ts:12:29:12:32 | path | receiverName | fs | -| autogenerated/TaintedPath/typescript.ts:12:29:12:32 | path | stringConcatenatedWith | | -| autogenerated/TaintedPath/typescript.ts:15:31:15:34 | path | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/typescript.ts:15:31:15:34 | path | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/typescript.ts:15:31:15:34 | path | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/typescript.ts:15:31:15:34 | path | assignedToPropName | | -| autogenerated/TaintedPath/typescript.ts:15:31:15:34 | path | calleeImports | fs | -| autogenerated/TaintedPath/typescript.ts:15:31:15:34 | path | contextFunctionInterfaces | | -| autogenerated/TaintedPath/typescript.ts:15:31:15:34 | path | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/typescript.ts:15:31:15:34 | path | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path path foo.txt res write fs readFileSync path path2 path path2 res write fs readFileSync path2 path3 path path3 res write fs readFileSync path3 path4 path path4 res write fs readFileSync path4 path5 path path5 clean res write fs readFileSync path5 path6 path path6 clean res write fs readFileSync path6 | -| autogenerated/TaintedPath/typescript.ts:15:31:15:34 | path | enclosingFunctionName | http.createServer#functionalargument | -| autogenerated/TaintedPath/typescript.ts:15:31:15:34 | path | fileImports | fs http path sanitize-filename url | -| autogenerated/TaintedPath/typescript.ts:15:31:15:34 | path | receiverName | fs | -| autogenerated/TaintedPath/typescript.ts:15:31:15:34 | path | stringConcatenatedWith | | -| autogenerated/TaintedPath/typescript.ts:18:39:18:43 | path2 | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/typescript.ts:18:39:18:43 | path2 | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/typescript.ts:18:39:18:43 | path2 | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/typescript.ts:18:39:18:43 | path2 | assignedToPropName | | -| autogenerated/TaintedPath/typescript.ts:18:39:18:43 | path2 | calleeImports | fs | -| autogenerated/TaintedPath/typescript.ts:18:39:18:43 | path2 | contextFunctionInterfaces | | -| autogenerated/TaintedPath/typescript.ts:18:39:18:43 | path2 | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/typescript.ts:18:39:18:43 | path2 | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path path foo.txt res write fs readFileSync path path2 path path2 res write fs readFileSync path2 path3 path path3 res write fs readFileSync path3 path4 path path4 res write fs readFileSync path4 path5 path path5 clean res write fs readFileSync path5 path6 path path6 clean res write fs readFileSync path6 | -| autogenerated/TaintedPath/typescript.ts:18:39:18:43 | path2 | enclosingFunctionName | http.createServer#functionalargument | -| autogenerated/TaintedPath/typescript.ts:18:39:18:43 | path2 | fileImports | fs http path sanitize-filename url | -| autogenerated/TaintedPath/typescript.ts:18:39:18:43 | path2 | receiverName | fs | -| autogenerated/TaintedPath/typescript.ts:18:39:18:43 | path2 | stringConcatenatedWith | | -| autogenerated/TaintedPath/typescript.ts:21:39:21:43 | path3 | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/typescript.ts:21:39:21:43 | path3 | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/typescript.ts:21:39:21:43 | path3 | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/typescript.ts:21:39:21:43 | path3 | assignedToPropName | | -| autogenerated/TaintedPath/typescript.ts:21:39:21:43 | path3 | calleeImports | fs | -| autogenerated/TaintedPath/typescript.ts:21:39:21:43 | path3 | contextFunctionInterfaces | | -| autogenerated/TaintedPath/typescript.ts:21:39:21:43 | path3 | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/typescript.ts:21:39:21:43 | path3 | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path path foo.txt res write fs readFileSync path path2 path path2 res write fs readFileSync path2 path3 path path3 res write fs readFileSync path3 path4 path path4 res write fs readFileSync path4 path5 path path5 clean res write fs readFileSync path5 path6 path path6 clean res write fs readFileSync path6 | -| autogenerated/TaintedPath/typescript.ts:21:39:21:43 | path3 | enclosingFunctionName | http.createServer#functionalargument | -| autogenerated/TaintedPath/typescript.ts:21:39:21:43 | path3 | fileImports | fs http path sanitize-filename url | -| autogenerated/TaintedPath/typescript.ts:21:39:21:43 | path3 | receiverName | fs | -| autogenerated/TaintedPath/typescript.ts:21:39:21:43 | path3 | stringConcatenatedWith | | -| autogenerated/TaintedPath/typescript.ts:24:39:24:43 | path4 | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/typescript.ts:24:39:24:43 | path4 | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/typescript.ts:24:39:24:43 | path4 | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/typescript.ts:24:39:24:43 | path4 | assignedToPropName | | -| autogenerated/TaintedPath/typescript.ts:24:39:24:43 | path4 | calleeImports | fs | -| autogenerated/TaintedPath/typescript.ts:24:39:24:43 | path4 | contextFunctionInterfaces | | -| autogenerated/TaintedPath/typescript.ts:24:39:24:43 | path4 | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/typescript.ts:24:39:24:43 | path4 | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path path foo.txt res write fs readFileSync path path2 path path2 res write fs readFileSync path2 path3 path path3 res write fs readFileSync path3 path4 path path4 res write fs readFileSync path4 path5 path path5 clean res write fs readFileSync path5 path6 path path6 clean res write fs readFileSync path6 | -| autogenerated/TaintedPath/typescript.ts:24:39:24:43 | path4 | enclosingFunctionName | http.createServer#functionalargument | -| autogenerated/TaintedPath/typescript.ts:24:39:24:43 | path4 | fileImports | fs http path sanitize-filename url | -| autogenerated/TaintedPath/typescript.ts:24:39:24:43 | path4 | receiverName | fs | -| autogenerated/TaintedPath/typescript.ts:24:39:24:43 | path4 | stringConcatenatedWith | | -| autogenerated/TaintedPath/typescript.ts:28:29:28:33 | path5 | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/typescript.ts:28:29:28:33 | path5 | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/typescript.ts:28:29:28:33 | path5 | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/typescript.ts:28:29:28:33 | path5 | assignedToPropName | | -| autogenerated/TaintedPath/typescript.ts:28:29:28:33 | path5 | calleeImports | fs | -| autogenerated/TaintedPath/typescript.ts:28:29:28:33 | path5 | contextFunctionInterfaces | | -| autogenerated/TaintedPath/typescript.ts:28:29:28:33 | path5 | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/typescript.ts:28:29:28:33 | path5 | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path path foo.txt res write fs readFileSync path path2 path path2 res write fs readFileSync path2 path3 path path3 res write fs readFileSync path3 path4 path path4 res write fs readFileSync path4 path5 path path5 clean res write fs readFileSync path5 path6 path path6 clean res write fs readFileSync path6 | -| autogenerated/TaintedPath/typescript.ts:28:29:28:33 | path5 | enclosingFunctionName | http.createServer#functionalargument | -| autogenerated/TaintedPath/typescript.ts:28:29:28:33 | path5 | fileImports | fs http path sanitize-filename url | -| autogenerated/TaintedPath/typescript.ts:28:29:28:33 | path5 | receiverName | fs | -| autogenerated/TaintedPath/typescript.ts:28:29:28:33 | path5 | stringConcatenatedWith | | -| autogenerated/TaintedPath/typescript.ts:32:29:32:33 | path6 | CalleeFlexibleAccessPath | fs.readFileSync | -| autogenerated/TaintedPath/typescript.ts:32:29:32:33 | path6 | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/typescript.ts:32:29:32:33 | path6 | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/typescript.ts:32:29:32:33 | path6 | assignedToPropName | | -| autogenerated/TaintedPath/typescript.ts:32:29:32:33 | path6 | calleeImports | fs | -| autogenerated/TaintedPath/typescript.ts:32:29:32:33 | path6 | contextFunctionInterfaces | | -| autogenerated/TaintedPath/typescript.ts:32:29:32:33 | path6 | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/typescript.ts:32:29:32:33 | path6 | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path path foo.txt res write fs readFileSync path path2 path path2 res write fs readFileSync path2 path3 path path3 res write fs readFileSync path3 path4 path path4 res write fs readFileSync path4 path5 path path5 clean res write fs readFileSync path5 path6 path path6 clean res write fs readFileSync path6 | -| autogenerated/TaintedPath/typescript.ts:32:29:32:33 | path6 | enclosingFunctionName | http.createServer#functionalargument | -| autogenerated/TaintedPath/typescript.ts:32:29:32:33 | path6 | fileImports | fs http path sanitize-filename url | -| autogenerated/TaintedPath/typescript.ts:32:29:32:33 | path6 | receiverName | fs | -| autogenerated/TaintedPath/typescript.ts:32:29:32:33 | path6 | stringConcatenatedWith | | -| autogenerated/TaintedPath/views.js:1:43:1:55 | req.params[0] | CalleeFlexibleAccessPath | res.render | -| autogenerated/TaintedPath/views.js:1:43:1:55 | req.params[0] | InputAccessPathFromCallee | | -| autogenerated/TaintedPath/views.js:1:43:1:55 | req.params[0] | InputArgumentIndex | 0 | -| autogenerated/TaintedPath/views.js:1:43:1:55 | req.params[0] | assignedToPropName | | -| autogenerated/TaintedPath/views.js:1:43:1:55 | req.params[0] | calleeImports | | -| autogenerated/TaintedPath/views.js:1:43:1:55 | req.params[0] | contextFunctionInterfaces | exports(req, res) | -| autogenerated/TaintedPath/views.js:1:43:1:55 | req.params[0] | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/TaintedPath/views.js:1:43:1:55 | req.params[0] | enclosingFunctionBody | req res res render req 0 params 0 | -| autogenerated/TaintedPath/views.js:1:43:1:55 | req.params[0] | enclosingFunctionName | exports | -| autogenerated/TaintedPath/views.js:1:43:1:55 | req.params[0] | fileImports | | -| autogenerated/TaintedPath/views.js:1:43:1:55 | req.params[0] | receiverName | res | -| autogenerated/TaintedPath/views.js:1:43:1:55 | req.params[0] | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/addEventListener.js:1:23:1:31 | 'message' | CalleeFlexibleAccessPath | this.addEventListener | -| autogenerated/Xss/DomBasedXss/addEventListener.js:1:23:1:31 | 'message' | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/addEventListener.js:1:23:1:31 | 'message' | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/addEventListener.js:1:23:1:31 | 'message' | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/addEventListener.js:1:23:1:31 | 'message' | calleeImports | | -| autogenerated/Xss/DomBasedXss/addEventListener.js:1:23:1:31 | 'message' | contextFunctionInterfaces | foo(x, event, y)\ntest() | -| autogenerated/Xss/DomBasedXss/addEventListener.js:1:23:1:31 | 'message' | contextSurroundingFunctionParameters | | -| autogenerated/Xss/DomBasedXss/addEventListener.js:1:23:1:31 | 'message' | enclosingFunctionBody | | -| autogenerated/Xss/DomBasedXss/addEventListener.js:1:23:1:31 | 'message' | enclosingFunctionName | | -| autogenerated/Xss/DomBasedXss/addEventListener.js:1:23:1:31 | 'message' | fileImports | | -| autogenerated/Xss/DomBasedXss/addEventListener.js:1:23:1:31 | 'message' | receiverName | | -| autogenerated/Xss/DomBasedXss/addEventListener.js:1:23:1:31 | 'message' | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/addEventListener.js:1:34:3:1 | functio ... OT OK\\n} | CalleeFlexibleAccessPath | this.addEventListener | -| autogenerated/Xss/DomBasedXss/addEventListener.js:1:34:3:1 | functio ... OT OK\\n} | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/addEventListener.js:1:34:3:1 | functio ... OT OK\\n} | InputArgumentIndex | 1 | -| autogenerated/Xss/DomBasedXss/addEventListener.js:1:34:3:1 | functio ... OT OK\\n} | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/addEventListener.js:1:34:3:1 | functio ... OT OK\\n} | calleeImports | | -| autogenerated/Xss/DomBasedXss/addEventListener.js:1:34:3:1 | functio ... OT OK\\n} | contextFunctionInterfaces | foo(x, event, y)\ntest() | -| autogenerated/Xss/DomBasedXss/addEventListener.js:1:34:3:1 | functio ... OT OK\\n} | contextSurroundingFunctionParameters | (event) | -| autogenerated/Xss/DomBasedXss/addEventListener.js:1:34:3:1 | functio ... OT OK\\n} | enclosingFunctionBody | | -| autogenerated/Xss/DomBasedXss/addEventListener.js:1:34:3:1 | functio ... OT OK\\n} | enclosingFunctionName | | -| autogenerated/Xss/DomBasedXss/addEventListener.js:1:34:3:1 | functio ... OT OK\\n} | fileImports | | -| autogenerated/Xss/DomBasedXss/addEventListener.js:1:34:3:1 | functio ... OT OK\\n} | receiverName | | -| autogenerated/Xss/DomBasedXss/addEventListener.js:1:34:3:1 | functio ... OT OK\\n} | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/addEventListener.js:2:20:2:29 | event.data | CalleeFlexibleAccessPath | document.write | -| autogenerated/Xss/DomBasedXss/addEventListener.js:2:20:2:29 | event.data | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/addEventListener.js:2:20:2:29 | event.data | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/addEventListener.js:2:20:2:29 | event.data | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/addEventListener.js:2:20:2:29 | event.data | calleeImports | | -| autogenerated/Xss/DomBasedXss/addEventListener.js:2:20:2:29 | event.data | contextFunctionInterfaces | foo(x, event, y)\ntest() | -| autogenerated/Xss/DomBasedXss/addEventListener.js:2:20:2:29 | event.data | contextSurroundingFunctionParameters | (event) | -| autogenerated/Xss/DomBasedXss/addEventListener.js:2:20:2:29 | event.data | enclosingFunctionBody | event document write event data | -| autogenerated/Xss/DomBasedXss/addEventListener.js:2:20:2:29 | event.data | enclosingFunctionName | addEventListener#functionalargument | -| autogenerated/Xss/DomBasedXss/addEventListener.js:2:20:2:29 | event.data | fileImports | | -| autogenerated/Xss/DomBasedXss/addEventListener.js:2:20:2:29 | event.data | receiverName | document | -| autogenerated/Xss/DomBasedXss/addEventListener.js:2:20:2:29 | event.data | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/addEventListener.js:5:23:5:31 | 'message' | CalleeFlexibleAccessPath | this.addEventListener | -| autogenerated/Xss/DomBasedXss/addEventListener.js:5:23:5:31 | 'message' | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/addEventListener.js:5:23:5:31 | 'message' | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/addEventListener.js:5:23:5:31 | 'message' | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/addEventListener.js:5:23:5:31 | 'message' | calleeImports | | -| autogenerated/Xss/DomBasedXss/addEventListener.js:5:23:5:31 | 'message' | contextFunctionInterfaces | foo(x, event, y)\ntest() | -| autogenerated/Xss/DomBasedXss/addEventListener.js:5:23:5:31 | 'message' | contextSurroundingFunctionParameters | | -| autogenerated/Xss/DomBasedXss/addEventListener.js:5:23:5:31 | 'message' | enclosingFunctionBody | | -| autogenerated/Xss/DomBasedXss/addEventListener.js:5:23:5:31 | 'message' | enclosingFunctionName | | -| autogenerated/Xss/DomBasedXss/addEventListener.js:5:23:5:31 | 'message' | fileImports | | -| autogenerated/Xss/DomBasedXss/addEventListener.js:5:23:5:31 | 'message' | receiverName | | -| autogenerated/Xss/DomBasedXss/addEventListener.js:5:23:5:31 | 'message' | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/addEventListener.js:5:34:7:1 | functio ... OT OK\\n} | CalleeFlexibleAccessPath | this.addEventListener | -| autogenerated/Xss/DomBasedXss/addEventListener.js:5:34:7:1 | functio ... OT OK\\n} | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/addEventListener.js:5:34:7:1 | functio ... OT OK\\n} | InputArgumentIndex | 1 | -| autogenerated/Xss/DomBasedXss/addEventListener.js:5:34:7:1 | functio ... OT OK\\n} | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/addEventListener.js:5:34:7:1 | functio ... OT OK\\n} | calleeImports | | -| autogenerated/Xss/DomBasedXss/addEventListener.js:5:34:7:1 | functio ... OT OK\\n} | contextFunctionInterfaces | foo(x, event, y)\ntest() | -| autogenerated/Xss/DomBasedXss/addEventListener.js:5:34:7:1 | functio ... OT OK\\n} | contextSurroundingFunctionParameters | (?) | -| autogenerated/Xss/DomBasedXss/addEventListener.js:5:34:7:1 | functio ... OT OK\\n} | enclosingFunctionBody | | -| autogenerated/Xss/DomBasedXss/addEventListener.js:5:34:7:1 | functio ... OT OK\\n} | enclosingFunctionName | | -| autogenerated/Xss/DomBasedXss/addEventListener.js:5:34:7:1 | functio ... OT OK\\n} | fileImports | | -| autogenerated/Xss/DomBasedXss/addEventListener.js:5:34:7:1 | functio ... OT OK\\n} | receiverName | | -| autogenerated/Xss/DomBasedXss/addEventListener.js:5:34:7:1 | functio ... OT OK\\n} | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/addEventListener.js:6:20:6:23 | data | CalleeFlexibleAccessPath | document.write | -| autogenerated/Xss/DomBasedXss/addEventListener.js:6:20:6:23 | data | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/addEventListener.js:6:20:6:23 | data | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/addEventListener.js:6:20:6:23 | data | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/addEventListener.js:6:20:6:23 | data | calleeImports | | -| autogenerated/Xss/DomBasedXss/addEventListener.js:6:20:6:23 | data | contextFunctionInterfaces | foo(x, event, y)\ntest() | -| autogenerated/Xss/DomBasedXss/addEventListener.js:6:20:6:23 | data | contextSurroundingFunctionParameters | (?) | -| autogenerated/Xss/DomBasedXss/addEventListener.js:6:20:6:23 | data | enclosingFunctionBody | data document write data | -| autogenerated/Xss/DomBasedXss/addEventListener.js:6:20:6:23 | data | enclosingFunctionName | addEventListener#functionalargument | -| autogenerated/Xss/DomBasedXss/addEventListener.js:6:20:6:23 | data | fileImports | | -| autogenerated/Xss/DomBasedXss/addEventListener.js:6:20:6:23 | data | receiverName | document | -| autogenerated/Xss/DomBasedXss/addEventListener.js:6:20:6:23 | data | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/addEventListener.js:11:24:11:29 | x.data | CalleeFlexibleAccessPath | document.write | -| autogenerated/Xss/DomBasedXss/addEventListener.js:11:24:11:29 | x.data | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/addEventListener.js:11:24:11:29 | x.data | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/addEventListener.js:11:24:11:29 | x.data | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/addEventListener.js:11:24:11:29 | x.data | calleeImports | | -| autogenerated/Xss/DomBasedXss/addEventListener.js:11:24:11:29 | x.data | contextFunctionInterfaces | foo(x, event, y)\ntest() | -| autogenerated/Xss/DomBasedXss/addEventListener.js:11:24:11:29 | x.data | contextSurroundingFunctionParameters | (x, event, y) | -| autogenerated/Xss/DomBasedXss/addEventListener.js:11:24:11:29 | x.data | enclosingFunctionBody | foo x event y document write x data document write event data document write y data window addEventListener message foo bind null data items | -| autogenerated/Xss/DomBasedXss/addEventListener.js:11:24:11:29 | x.data | enclosingFunctionName | test | -| autogenerated/Xss/DomBasedXss/addEventListener.js:11:24:11:29 | x.data | fileImports | | -| autogenerated/Xss/DomBasedXss/addEventListener.js:11:24:11:29 | x.data | receiverName | document | -| autogenerated/Xss/DomBasedXss/addEventListener.js:11:24:11:29 | x.data | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/addEventListener.js:12:24:12:33 | event.data | CalleeFlexibleAccessPath | document.write | -| autogenerated/Xss/DomBasedXss/addEventListener.js:12:24:12:33 | event.data | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/addEventListener.js:12:24:12:33 | event.data | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/addEventListener.js:12:24:12:33 | event.data | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/addEventListener.js:12:24:12:33 | event.data | calleeImports | | -| autogenerated/Xss/DomBasedXss/addEventListener.js:12:24:12:33 | event.data | contextFunctionInterfaces | foo(x, event, y)\ntest() | -| autogenerated/Xss/DomBasedXss/addEventListener.js:12:24:12:33 | event.data | contextSurroundingFunctionParameters | (x, event, y) | -| autogenerated/Xss/DomBasedXss/addEventListener.js:12:24:12:33 | event.data | enclosingFunctionBody | foo x event y document write x data document write event data document write y data window addEventListener message foo bind null data items | -| autogenerated/Xss/DomBasedXss/addEventListener.js:12:24:12:33 | event.data | enclosingFunctionName | test | -| autogenerated/Xss/DomBasedXss/addEventListener.js:12:24:12:33 | event.data | fileImports | | -| autogenerated/Xss/DomBasedXss/addEventListener.js:12:24:12:33 | event.data | receiverName | document | -| autogenerated/Xss/DomBasedXss/addEventListener.js:12:24:12:33 | event.data | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/addEventListener.js:13:24:13:29 | y.data | CalleeFlexibleAccessPath | document.write | -| autogenerated/Xss/DomBasedXss/addEventListener.js:13:24:13:29 | y.data | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/addEventListener.js:13:24:13:29 | y.data | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/addEventListener.js:13:24:13:29 | y.data | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/addEventListener.js:13:24:13:29 | y.data | calleeImports | | -| autogenerated/Xss/DomBasedXss/addEventListener.js:13:24:13:29 | y.data | contextFunctionInterfaces | foo(x, event, y)\ntest() | -| autogenerated/Xss/DomBasedXss/addEventListener.js:13:24:13:29 | y.data | contextSurroundingFunctionParameters | (x, event, y) | -| autogenerated/Xss/DomBasedXss/addEventListener.js:13:24:13:29 | y.data | enclosingFunctionBody | foo x event y document write x data document write event data document write y data window addEventListener message foo bind null data items | -| autogenerated/Xss/DomBasedXss/addEventListener.js:13:24:13:29 | y.data | enclosingFunctionName | test | -| autogenerated/Xss/DomBasedXss/addEventListener.js:13:24:13:29 | y.data | fileImports | | -| autogenerated/Xss/DomBasedXss/addEventListener.js:13:24:13:29 | y.data | receiverName | document | -| autogenerated/Xss/DomBasedXss/addEventListener.js:13:24:13:29 | y.data | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/addEventListener.js:16:29:16:37 | "message" | CalleeFlexibleAccessPath | window.addEventListener | -| autogenerated/Xss/DomBasedXss/addEventListener.js:16:29:16:37 | "message" | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/addEventListener.js:16:29:16:37 | "message" | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/addEventListener.js:16:29:16:37 | "message" | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/addEventListener.js:16:29:16:37 | "message" | calleeImports | | -| autogenerated/Xss/DomBasedXss/addEventListener.js:16:29:16:37 | "message" | contextFunctionInterfaces | foo(x, event, y)\ntest() | -| autogenerated/Xss/DomBasedXss/addEventListener.js:16:29:16:37 | "message" | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/addEventListener.js:16:29:16:37 | "message" | enclosingFunctionBody | foo x event y document write x data document write event data document write y data window addEventListener message foo bind null data items | -| autogenerated/Xss/DomBasedXss/addEventListener.js:16:29:16:37 | "message" | enclosingFunctionName | test | -| autogenerated/Xss/DomBasedXss/addEventListener.js:16:29:16:37 | "message" | fileImports | | -| autogenerated/Xss/DomBasedXss/addEventListener.js:16:29:16:37 | "message" | receiverName | window | -| autogenerated/Xss/DomBasedXss/addEventListener.js:16:29:16:37 | "message" | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/addEventListener.js:16:40:16:70 | foo.bin ... tems'}) | CalleeFlexibleAccessPath | window.addEventListener | -| autogenerated/Xss/DomBasedXss/addEventListener.js:16:40:16:70 | foo.bin ... tems'}) | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/addEventListener.js:16:40:16:70 | foo.bin ... tems'}) | InputArgumentIndex | 1 | -| autogenerated/Xss/DomBasedXss/addEventListener.js:16:40:16:70 | foo.bin ... tems'}) | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/addEventListener.js:16:40:16:70 | foo.bin ... tems'}) | calleeImports | | -| autogenerated/Xss/DomBasedXss/addEventListener.js:16:40:16:70 | foo.bin ... tems'}) | contextFunctionInterfaces | foo(x, event, y)\ntest() | -| autogenerated/Xss/DomBasedXss/addEventListener.js:16:40:16:70 | foo.bin ... tems'}) | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/addEventListener.js:16:40:16:70 | foo.bin ... tems'}) | enclosingFunctionBody | foo x event y document write x data document write event data document write y data window addEventListener message foo bind null data items | -| autogenerated/Xss/DomBasedXss/addEventListener.js:16:40:16:70 | foo.bin ... tems'}) | enclosingFunctionName | test | -| autogenerated/Xss/DomBasedXss/addEventListener.js:16:40:16:70 | foo.bin ... tems'}) | fileImports | | -| autogenerated/Xss/DomBasedXss/addEventListener.js:16:40:16:70 | foo.bin ... tems'}) | receiverName | window | -| autogenerated/Xss/DomBasedXss/addEventListener.js:16:40:16:70 | foo.bin ... tems'}) | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/addEventListener.js:16:49:16:52 | null | CalleeFlexibleAccessPath | foo.bind | -| autogenerated/Xss/DomBasedXss/addEventListener.js:16:49:16:52 | null | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/addEventListener.js:16:49:16:52 | null | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/addEventListener.js:16:49:16:52 | null | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/addEventListener.js:16:49:16:52 | null | calleeImports | | -| autogenerated/Xss/DomBasedXss/addEventListener.js:16:49:16:52 | null | contextFunctionInterfaces | foo(x, event, y)\ntest() | -| autogenerated/Xss/DomBasedXss/addEventListener.js:16:49:16:52 | null | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/addEventListener.js:16:49:16:52 | null | enclosingFunctionBody | foo x event y document write x data document write event data document write y data window addEventListener message foo bind null data items | -| autogenerated/Xss/DomBasedXss/addEventListener.js:16:49:16:52 | null | enclosingFunctionName | test | -| autogenerated/Xss/DomBasedXss/addEventListener.js:16:49:16:52 | null | fileImports | | -| autogenerated/Xss/DomBasedXss/addEventListener.js:16:49:16:52 | null | receiverName | foo | -| autogenerated/Xss/DomBasedXss/addEventListener.js:16:49:16:52 | null | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/addEventListener.js:16:55:16:69 | {data: 'items'} | CalleeFlexibleAccessPath | foo.bind | -| autogenerated/Xss/DomBasedXss/addEventListener.js:16:55:16:69 | {data: 'items'} | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/addEventListener.js:16:55:16:69 | {data: 'items'} | InputArgumentIndex | 1 | -| autogenerated/Xss/DomBasedXss/addEventListener.js:16:55:16:69 | {data: 'items'} | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/addEventListener.js:16:55:16:69 | {data: 'items'} | calleeImports | | -| autogenerated/Xss/DomBasedXss/addEventListener.js:16:55:16:69 | {data: 'items'} | contextFunctionInterfaces | foo(x, event, y)\ntest() | -| autogenerated/Xss/DomBasedXss/addEventListener.js:16:55:16:69 | {data: 'items'} | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/addEventListener.js:16:55:16:69 | {data: 'items'} | enclosingFunctionBody | foo x event y document write x data document write event data document write y data window addEventListener message foo bind null data items | -| autogenerated/Xss/DomBasedXss/addEventListener.js:16:55:16:69 | {data: 'items'} | enclosingFunctionName | test | -| autogenerated/Xss/DomBasedXss/addEventListener.js:16:55:16:69 | {data: 'items'} | fileImports | | -| autogenerated/Xss/DomBasedXss/addEventListener.js:16:55:16:69 | {data: 'items'} | receiverName | foo | -| autogenerated/Xss/DomBasedXss/addEventListener.js:16:55:16:69 | {data: 'items'} | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/addEventListener.js:16:62:16:68 | 'items' | CalleeFlexibleAccessPath | foo.bind | -| autogenerated/Xss/DomBasedXss/addEventListener.js:16:62:16:68 | 'items' | InputAccessPathFromCallee | 1.data | -| autogenerated/Xss/DomBasedXss/addEventListener.js:16:62:16:68 | 'items' | InputArgumentIndex | 1 | -| autogenerated/Xss/DomBasedXss/addEventListener.js:16:62:16:68 | 'items' | assignedToPropName | data | -| autogenerated/Xss/DomBasedXss/addEventListener.js:16:62:16:68 | 'items' | calleeImports | | -| autogenerated/Xss/DomBasedXss/addEventListener.js:16:62:16:68 | 'items' | contextFunctionInterfaces | foo(x, event, y)\ntest() | -| autogenerated/Xss/DomBasedXss/addEventListener.js:16:62:16:68 | 'items' | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/addEventListener.js:16:62:16:68 | 'items' | enclosingFunctionBody | foo x event y document write x data document write event data document write y data window addEventListener message foo bind null data items | -| autogenerated/Xss/DomBasedXss/addEventListener.js:16:62:16:68 | 'items' | enclosingFunctionName | test | -| autogenerated/Xss/DomBasedXss/addEventListener.js:16:62:16:68 | 'items' | fileImports | | -| autogenerated/Xss/DomBasedXss/addEventListener.js:16:62:16:68 | 'items' | receiverName | | -| autogenerated/Xss/DomBasedXss/addEventListener.js:16:62:16:68 | 'items' | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:7:13:7:22 | 'app-root' | CalleeFlexibleAccessPath | Component | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:7:13:7:22 | 'app-root' | InputAccessPathFromCallee | 0.selector | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:7:13:7:22 | 'app-root' | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:7:13:7:22 | 'app-root' | assignedToPropName | selector | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:7:13:7:22 | 'app-root' | calleeImports | @angular/core | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:7:13:7:22 | 'app-root' | contextFunctionInterfaces | constructor(route, sanitizer, router, sanitizer2)\nngOnInit()\nsomeMethod(routeSnapshot) | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:7:13:7:22 | 'app-root' | contextSurroundingFunctionParameters | | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:7:13:7:22 | 'app-root' | enclosingFunctionBody | | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:7:13:7:22 | 'app-root' | enclosingFunctionName | | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:7:13:7:22 | 'app-root' | fileImports | @angular/common @angular/core @angular/platform-browser @angular/router | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:7:13:7:22 | 'app-root' | receiverName | | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:7:13:7:22 | 'app-root' | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:8:16:8:37 | './app. ... t.html' | CalleeFlexibleAccessPath | Component | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:8:16:8:37 | './app. ... t.html' | InputAccessPathFromCallee | 0.templateUrl | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:8:16:8:37 | './app. ... t.html' | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:8:16:8:37 | './app. ... t.html' | assignedToPropName | templateUrl | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:8:16:8:37 | './app. ... t.html' | calleeImports | @angular/core | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:8:16:8:37 | './app. ... t.html' | contextFunctionInterfaces | constructor(route, sanitizer, router, sanitizer2)\nngOnInit()\nsomeMethod(routeSnapshot) | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:8:16:8:37 | './app. ... t.html' | contextSurroundingFunctionParameters | | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:8:16:8:37 | './app. ... t.html' | enclosingFunctionBody | | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:8:16:8:37 | './app. ... t.html' | enclosingFunctionName | | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:8:16:8:37 | './app. ... t.html' | fileImports | @angular/common @angular/core @angular/platform-browser @angular/router | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:8:16:8:37 | './app. ... t.html' | receiverName | | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:8:16:8:37 | './app. ... t.html' | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:9:14:9:36 | ['./app ... t.css'] | CalleeFlexibleAccessPath | Component | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:9:14:9:36 | ['./app ... t.css'] | InputAccessPathFromCallee | 0.styleUrls | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:9:14:9:36 | ['./app ... t.css'] | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:9:14:9:36 | ['./app ... t.css'] | assignedToPropName | styleUrls | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:9:14:9:36 | ['./app ... t.css'] | calleeImports | @angular/core | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:9:14:9:36 | ['./app ... t.css'] | contextFunctionInterfaces | constructor(route, sanitizer, router, sanitizer2)\nngOnInit()\nsomeMethod(routeSnapshot) | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:9:14:9:36 | ['./app ... t.css'] | contextSurroundingFunctionParameters | | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:9:14:9:36 | ['./app ... t.css'] | enclosingFunctionBody | | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:9:14:9:36 | ['./app ... t.css'] | enclosingFunctionName | | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:9:14:9:36 | ['./app ... t.css'] | fileImports | @angular/common @angular/core @angular/platform-browser @angular/router | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:9:14:9:36 | ['./app ... t.css'] | receiverName | | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:9:14:9:36 | ['./app ... t.css'] | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:9:15:9:35 | './app. ... nt.css' | CalleeFlexibleAccessPath | | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:9:15:9:35 | './app. ... nt.css' | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:9:15:9:35 | './app. ... nt.css' | InputArgumentIndex | | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:9:15:9:35 | './app. ... nt.css' | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:9:15:9:35 | './app. ... nt.css' | calleeImports | | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:9:15:9:35 | './app. ... nt.css' | contextFunctionInterfaces | constructor(route, sanitizer, router, sanitizer2)\nngOnInit()\nsomeMethod(routeSnapshot) | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:9:15:9:35 | './app. ... nt.css' | contextSurroundingFunctionParameters | | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:9:15:9:35 | './app. ... nt.css' | enclosingFunctionBody | | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:9:15:9:35 | './app. ... nt.css' | enclosingFunctionName | | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:9:15:9:35 | './app. ... nt.css' | fileImports | @angular/common @angular/core @angular/platform-browser @angular/router | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:9:15:9:35 | './app. ... nt.css' | receiverName | | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:9:15:9:35 | './app. ... nt.css' | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:22:44:22:71 | \\u0275getDOM ... ().href | CalleeFlexibleAccessPath | this.sanitizer.bypassSecurityTrustHtml | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:22:44:22:71 | \\u0275getDOM ... ().href | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:22:44:22:71 | \\u0275getDOM ... ().href | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:22:44:22:71 | \\u0275getDOM ... ().href | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:22:44:22:71 | \\u0275getDOM ... ().href | calleeImports | | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:22:44:22:71 | \\u0275getDOM ... ().href | contextFunctionInterfaces | constructor(route, sanitizer, router, sanitizer2)\nngOnInit()\nsomeMethod(routeSnapshot) | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:22:44:22:71 | \\u0275getDOM ... ().href | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:22:44:22:71 | \\u0275getDOM ... ().href | enclosingFunctionBody | sanitizer bypassSecurityTrustHtml \u0275getDOM getLocation href sanitizer bypassSecurityTrustHtml route snapshot params foo sanitizer bypassSecurityTrustHtml route snapshot queryParams foo sanitizer bypassSecurityTrustHtml route snapshot fragment sanitizer bypassSecurityTrustHtml route snapshot paramMap get foo sanitizer bypassSecurityTrustHtml route snapshot queryParamMap get foo route paramMap subscribe map sanitizer bypassSecurityTrustHtml map get foo sanitizer bypassSecurityTrustHtml 1 route snapshot url 1 path sanitizer bypassSecurityTrustHtml 1 route snapshot url 1 parameters x sanitizer bypassSecurityTrustHtml 1 route snapshot url 1 parameterMap get x sanitizer bypassSecurityTrustHtml 1 route snapshot url 1 parameterMap params x sanitizer bypassSecurityTrustHtml router url sanitizer2 bypassSecurityTrustHtml router url | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:22:44:22:71 | \\u0275getDOM ... ().href | enclosingFunctionName | ngOnInit | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:22:44:22:71 | \\u0275getDOM ... ().href | fileImports | @angular/common @angular/core @angular/platform-browser @angular/router | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:22:44:22:71 | \\u0275getDOM ... ().href | receiverName | | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:22:44:22:71 | \\u0275getDOM ... ().href | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:24:44:24:73 | this.ro ... ams.foo | CalleeFlexibleAccessPath | this.sanitizer.bypassSecurityTrustHtml | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:24:44:24:73 | this.ro ... ams.foo | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:24:44:24:73 | this.ro ... ams.foo | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:24:44:24:73 | this.ro ... ams.foo | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:24:44:24:73 | this.ro ... ams.foo | calleeImports | | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:24:44:24:73 | this.ro ... ams.foo | contextFunctionInterfaces | constructor(route, sanitizer, router, sanitizer2)\nngOnInit()\nsomeMethod(routeSnapshot) | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:24:44:24:73 | this.ro ... ams.foo | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:24:44:24:73 | this.ro ... ams.foo | enclosingFunctionBody | sanitizer bypassSecurityTrustHtml \u0275getDOM getLocation href sanitizer bypassSecurityTrustHtml route snapshot params foo sanitizer bypassSecurityTrustHtml route snapshot queryParams foo sanitizer bypassSecurityTrustHtml route snapshot fragment sanitizer bypassSecurityTrustHtml route snapshot paramMap get foo sanitizer bypassSecurityTrustHtml route snapshot queryParamMap get foo route paramMap subscribe map sanitizer bypassSecurityTrustHtml map get foo sanitizer bypassSecurityTrustHtml 1 route snapshot url 1 path sanitizer bypassSecurityTrustHtml 1 route snapshot url 1 parameters x sanitizer bypassSecurityTrustHtml 1 route snapshot url 1 parameterMap get x sanitizer bypassSecurityTrustHtml 1 route snapshot url 1 parameterMap params x sanitizer bypassSecurityTrustHtml router url sanitizer2 bypassSecurityTrustHtml router url | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:24:44:24:73 | this.ro ... ams.foo | enclosingFunctionName | ngOnInit | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:24:44:24:73 | this.ro ... ams.foo | fileImports | @angular/common @angular/core @angular/platform-browser @angular/router | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:24:44:24:73 | this.ro ... ams.foo | receiverName | | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:24:44:24:73 | this.ro ... ams.foo | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:25:44:25:78 | this.ro ... ams.foo | CalleeFlexibleAccessPath | this.sanitizer.bypassSecurityTrustHtml | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:25:44:25:78 | this.ro ... ams.foo | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:25:44:25:78 | this.ro ... ams.foo | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:25:44:25:78 | this.ro ... ams.foo | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:25:44:25:78 | this.ro ... ams.foo | calleeImports | | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:25:44:25:78 | this.ro ... ams.foo | contextFunctionInterfaces | constructor(route, sanitizer, router, sanitizer2)\nngOnInit()\nsomeMethod(routeSnapshot) | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:25:44:25:78 | this.ro ... ams.foo | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:25:44:25:78 | this.ro ... ams.foo | enclosingFunctionBody | sanitizer bypassSecurityTrustHtml \u0275getDOM getLocation href sanitizer bypassSecurityTrustHtml route snapshot params foo sanitizer bypassSecurityTrustHtml route snapshot queryParams foo sanitizer bypassSecurityTrustHtml route snapshot fragment sanitizer bypassSecurityTrustHtml route snapshot paramMap get foo sanitizer bypassSecurityTrustHtml route snapshot queryParamMap get foo route paramMap subscribe map sanitizer bypassSecurityTrustHtml map get foo sanitizer bypassSecurityTrustHtml 1 route snapshot url 1 path sanitizer bypassSecurityTrustHtml 1 route snapshot url 1 parameters x sanitizer bypassSecurityTrustHtml 1 route snapshot url 1 parameterMap get x sanitizer bypassSecurityTrustHtml 1 route snapshot url 1 parameterMap params x sanitizer bypassSecurityTrustHtml router url sanitizer2 bypassSecurityTrustHtml router url | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:25:44:25:78 | this.ro ... ams.foo | enclosingFunctionName | ngOnInit | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:25:44:25:78 | this.ro ... ams.foo | fileImports | @angular/common @angular/core @angular/platform-browser @angular/router | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:25:44:25:78 | this.ro ... ams.foo | receiverName | | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:25:44:25:78 | this.ro ... ams.foo | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:26:44:26:71 | this.ro ... ragment | CalleeFlexibleAccessPath | this.sanitizer.bypassSecurityTrustHtml | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:26:44:26:71 | this.ro ... ragment | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:26:44:26:71 | this.ro ... ragment | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:26:44:26:71 | this.ro ... ragment | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:26:44:26:71 | this.ro ... ragment | calleeImports | | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:26:44:26:71 | this.ro ... ragment | contextFunctionInterfaces | constructor(route, sanitizer, router, sanitizer2)\nngOnInit()\nsomeMethod(routeSnapshot) | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:26:44:26:71 | this.ro ... ragment | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:26:44:26:71 | this.ro ... ragment | enclosingFunctionBody | sanitizer bypassSecurityTrustHtml \u0275getDOM getLocation href sanitizer bypassSecurityTrustHtml route snapshot params foo sanitizer bypassSecurityTrustHtml route snapshot queryParams foo sanitizer bypassSecurityTrustHtml route snapshot fragment sanitizer bypassSecurityTrustHtml route snapshot paramMap get foo sanitizer bypassSecurityTrustHtml route snapshot queryParamMap get foo route paramMap subscribe map sanitizer bypassSecurityTrustHtml map get foo sanitizer bypassSecurityTrustHtml 1 route snapshot url 1 path sanitizer bypassSecurityTrustHtml 1 route snapshot url 1 parameters x sanitizer bypassSecurityTrustHtml 1 route snapshot url 1 parameterMap get x sanitizer bypassSecurityTrustHtml 1 route snapshot url 1 parameterMap params x sanitizer bypassSecurityTrustHtml router url sanitizer2 bypassSecurityTrustHtml router url | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:26:44:26:71 | this.ro ... ragment | enclosingFunctionName | ngOnInit | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:26:44:26:71 | this.ro ... ragment | fileImports | @angular/common @angular/core @angular/platform-browser @angular/router | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:26:44:26:71 | this.ro ... ragment | receiverName | | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:26:44:26:71 | this.ro ... ragment | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:27:44:27:82 | this.ro ... ('foo') | CalleeFlexibleAccessPath | this.sanitizer.bypassSecurityTrustHtml | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:27:44:27:82 | this.ro ... ('foo') | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:27:44:27:82 | this.ro ... ('foo') | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:27:44:27:82 | this.ro ... ('foo') | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:27:44:27:82 | this.ro ... ('foo') | calleeImports | | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:27:44:27:82 | this.ro ... ('foo') | contextFunctionInterfaces | constructor(route, sanitizer, router, sanitizer2)\nngOnInit()\nsomeMethod(routeSnapshot) | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:27:44:27:82 | this.ro ... ('foo') | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:27:44:27:82 | this.ro ... ('foo') | enclosingFunctionBody | sanitizer bypassSecurityTrustHtml \u0275getDOM getLocation href sanitizer bypassSecurityTrustHtml route snapshot params foo sanitizer bypassSecurityTrustHtml route snapshot queryParams foo sanitizer bypassSecurityTrustHtml route snapshot fragment sanitizer bypassSecurityTrustHtml route snapshot paramMap get foo sanitizer bypassSecurityTrustHtml route snapshot queryParamMap get foo route paramMap subscribe map sanitizer bypassSecurityTrustHtml map get foo sanitizer bypassSecurityTrustHtml 1 route snapshot url 1 path sanitizer bypassSecurityTrustHtml 1 route snapshot url 1 parameters x sanitizer bypassSecurityTrustHtml 1 route snapshot url 1 parameterMap get x sanitizer bypassSecurityTrustHtml 1 route snapshot url 1 parameterMap params x sanitizer bypassSecurityTrustHtml router url sanitizer2 bypassSecurityTrustHtml router url | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:27:44:27:82 | this.ro ... ('foo') | enclosingFunctionName | ngOnInit | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:27:44:27:82 | this.ro ... ('foo') | fileImports | @angular/common @angular/core @angular/platform-browser @angular/router | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:27:44:27:82 | this.ro ... ('foo') | receiverName | | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:27:44:27:82 | this.ro ... ('foo') | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:27:77:27:81 | 'foo' | CalleeFlexibleAccessPath | this.route.snapshot.paramMap.get | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:27:77:27:81 | 'foo' | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:27:77:27:81 | 'foo' | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:27:77:27:81 | 'foo' | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:27:77:27:81 | 'foo' | calleeImports | | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:27:77:27:81 | 'foo' | contextFunctionInterfaces | constructor(route, sanitizer, router, sanitizer2)\nngOnInit()\nsomeMethod(routeSnapshot) | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:27:77:27:81 | 'foo' | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:27:77:27:81 | 'foo' | enclosingFunctionBody | sanitizer bypassSecurityTrustHtml \u0275getDOM getLocation href sanitizer bypassSecurityTrustHtml route snapshot params foo sanitizer bypassSecurityTrustHtml route snapshot queryParams foo sanitizer bypassSecurityTrustHtml route snapshot fragment sanitizer bypassSecurityTrustHtml route snapshot paramMap get foo sanitizer bypassSecurityTrustHtml route snapshot queryParamMap get foo route paramMap subscribe map sanitizer bypassSecurityTrustHtml map get foo sanitizer bypassSecurityTrustHtml 1 route snapshot url 1 path sanitizer bypassSecurityTrustHtml 1 route snapshot url 1 parameters x sanitizer bypassSecurityTrustHtml 1 route snapshot url 1 parameterMap get x sanitizer bypassSecurityTrustHtml 1 route snapshot url 1 parameterMap params x sanitizer bypassSecurityTrustHtml router url sanitizer2 bypassSecurityTrustHtml router url | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:27:77:27:81 | 'foo' | enclosingFunctionName | ngOnInit | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:27:77:27:81 | 'foo' | fileImports | @angular/common @angular/core @angular/platform-browser @angular/router | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:27:77:27:81 | 'foo' | receiverName | | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:27:77:27:81 | 'foo' | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:28:44:28:87 | this.ro ... ('foo') | CalleeFlexibleAccessPath | this.sanitizer.bypassSecurityTrustHtml | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:28:44:28:87 | this.ro ... ('foo') | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:28:44:28:87 | this.ro ... ('foo') | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:28:44:28:87 | this.ro ... ('foo') | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:28:44:28:87 | this.ro ... ('foo') | calleeImports | | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:28:44:28:87 | this.ro ... ('foo') | contextFunctionInterfaces | constructor(route, sanitizer, router, sanitizer2)\nngOnInit()\nsomeMethod(routeSnapshot) | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:28:44:28:87 | this.ro ... ('foo') | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:28:44:28:87 | this.ro ... ('foo') | enclosingFunctionBody | sanitizer bypassSecurityTrustHtml \u0275getDOM getLocation href sanitizer bypassSecurityTrustHtml route snapshot params foo sanitizer bypassSecurityTrustHtml route snapshot queryParams foo sanitizer bypassSecurityTrustHtml route snapshot fragment sanitizer bypassSecurityTrustHtml route snapshot paramMap get foo sanitizer bypassSecurityTrustHtml route snapshot queryParamMap get foo route paramMap subscribe map sanitizer bypassSecurityTrustHtml map get foo sanitizer bypassSecurityTrustHtml 1 route snapshot url 1 path sanitizer bypassSecurityTrustHtml 1 route snapshot url 1 parameters x sanitizer bypassSecurityTrustHtml 1 route snapshot url 1 parameterMap get x sanitizer bypassSecurityTrustHtml 1 route snapshot url 1 parameterMap params x sanitizer bypassSecurityTrustHtml router url sanitizer2 bypassSecurityTrustHtml router url | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:28:44:28:87 | this.ro ... ('foo') | enclosingFunctionName | ngOnInit | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:28:44:28:87 | this.ro ... ('foo') | fileImports | @angular/common @angular/core @angular/platform-browser @angular/router | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:28:44:28:87 | this.ro ... ('foo') | receiverName | | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:28:44:28:87 | this.ro ... ('foo') | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:28:82:28:86 | 'foo' | CalleeFlexibleAccessPath | this.route.snapshot.queryParamMap.get | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:28:82:28:86 | 'foo' | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:28:82:28:86 | 'foo' | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:28:82:28:86 | 'foo' | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:28:82:28:86 | 'foo' | calleeImports | | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:28:82:28:86 | 'foo' | contextFunctionInterfaces | constructor(route, sanitizer, router, sanitizer2)\nngOnInit()\nsomeMethod(routeSnapshot) | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:28:82:28:86 | 'foo' | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:28:82:28:86 | 'foo' | enclosingFunctionBody | sanitizer bypassSecurityTrustHtml \u0275getDOM getLocation href sanitizer bypassSecurityTrustHtml route snapshot params foo sanitizer bypassSecurityTrustHtml route snapshot queryParams foo sanitizer bypassSecurityTrustHtml route snapshot fragment sanitizer bypassSecurityTrustHtml route snapshot paramMap get foo sanitizer bypassSecurityTrustHtml route snapshot queryParamMap get foo route paramMap subscribe map sanitizer bypassSecurityTrustHtml map get foo sanitizer bypassSecurityTrustHtml 1 route snapshot url 1 path sanitizer bypassSecurityTrustHtml 1 route snapshot url 1 parameters x sanitizer bypassSecurityTrustHtml 1 route snapshot url 1 parameterMap get x sanitizer bypassSecurityTrustHtml 1 route snapshot url 1 parameterMap params x sanitizer bypassSecurityTrustHtml router url sanitizer2 bypassSecurityTrustHtml router url | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:28:82:28:86 | 'foo' | enclosingFunctionName | ngOnInit | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:28:82:28:86 | 'foo' | fileImports | @angular/common @angular/core @angular/platform-browser @angular/router | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:28:82:28:86 | 'foo' | receiverName | | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:28:82:28:86 | 'foo' | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:29:35:31:5 | map => ... K\\n } | CalleeFlexibleAccessPath | this.route.paramMap.subscribe | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:29:35:31:5 | map => ... K\\n } | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:29:35:31:5 | map => ... K\\n } | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:29:35:31:5 | map => ... K\\n } | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:29:35:31:5 | map => ... K\\n } | calleeImports | | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:29:35:31:5 | map => ... K\\n } | contextFunctionInterfaces | constructor(route, sanitizer, router, sanitizer2)\nngOnInit()\nsomeMethod(routeSnapshot) | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:29:35:31:5 | map => ... K\\n } | contextSurroundingFunctionParameters | ()\n(map) | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:29:35:31:5 | map => ... K\\n } | enclosingFunctionBody | sanitizer bypassSecurityTrustHtml \u0275getDOM getLocation href sanitizer bypassSecurityTrustHtml route snapshot params foo sanitizer bypassSecurityTrustHtml route snapshot queryParams foo sanitizer bypassSecurityTrustHtml route snapshot fragment sanitizer bypassSecurityTrustHtml route snapshot paramMap get foo sanitizer bypassSecurityTrustHtml route snapshot queryParamMap get foo route paramMap subscribe map sanitizer bypassSecurityTrustHtml map get foo sanitizer bypassSecurityTrustHtml 1 route snapshot url 1 path sanitizer bypassSecurityTrustHtml 1 route snapshot url 1 parameters x sanitizer bypassSecurityTrustHtml 1 route snapshot url 1 parameterMap get x sanitizer bypassSecurityTrustHtml 1 route snapshot url 1 parameterMap params x sanitizer bypassSecurityTrustHtml router url sanitizer2 bypassSecurityTrustHtml router url | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:29:35:31:5 | map => ... K\\n } | enclosingFunctionName | ngOnInit | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:29:35:31:5 | map => ... K\\n } | fileImports | @angular/common @angular/core @angular/platform-browser @angular/router | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:29:35:31:5 | map => ... K\\n } | receiverName | | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:29:35:31:5 | map => ... K\\n } | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:30:46:30:59 | map.get('foo') | CalleeFlexibleAccessPath | this.sanitizer.bypassSecurityTrustHtml | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:30:46:30:59 | map.get('foo') | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:30:46:30:59 | map.get('foo') | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:30:46:30:59 | map.get('foo') | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:30:46:30:59 | map.get('foo') | calleeImports | | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:30:46:30:59 | map.get('foo') | contextFunctionInterfaces | constructor(route, sanitizer, router, sanitizer2)\nngOnInit()\nsomeMethod(routeSnapshot) | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:30:46:30:59 | map.get('foo') | contextSurroundingFunctionParameters | ()\n(map) | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:30:46:30:59 | map.get('foo') | enclosingFunctionBody | sanitizer bypassSecurityTrustHtml \u0275getDOM getLocation href sanitizer bypassSecurityTrustHtml route snapshot params foo sanitizer bypassSecurityTrustHtml route snapshot queryParams foo sanitizer bypassSecurityTrustHtml route snapshot fragment sanitizer bypassSecurityTrustHtml route snapshot paramMap get foo sanitizer bypassSecurityTrustHtml route snapshot queryParamMap get foo route paramMap subscribe map sanitizer bypassSecurityTrustHtml map get foo sanitizer bypassSecurityTrustHtml 1 route snapshot url 1 path sanitizer bypassSecurityTrustHtml 1 route snapshot url 1 parameters x sanitizer bypassSecurityTrustHtml 1 route snapshot url 1 parameterMap get x sanitizer bypassSecurityTrustHtml 1 route snapshot url 1 parameterMap params x sanitizer bypassSecurityTrustHtml router url sanitizer2 bypassSecurityTrustHtml router url | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:30:46:30:59 | map.get('foo') | enclosingFunctionName | ngOnInit | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:30:46:30:59 | map.get('foo') | fileImports | @angular/common @angular/core @angular/platform-browser @angular/router | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:30:46:30:59 | map.get('foo') | receiverName | | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:30:46:30:59 | map.get('foo') | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:30:54:30:58 | 'foo' | CalleeFlexibleAccessPath | map.get | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:30:54:30:58 | 'foo' | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:30:54:30:58 | 'foo' | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:30:54:30:58 | 'foo' | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:30:54:30:58 | 'foo' | calleeImports | | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:30:54:30:58 | 'foo' | contextFunctionInterfaces | constructor(route, sanitizer, router, sanitizer2)\nngOnInit()\nsomeMethod(routeSnapshot) | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:30:54:30:58 | 'foo' | contextSurroundingFunctionParameters | ()\n(map) | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:30:54:30:58 | 'foo' | enclosingFunctionBody | sanitizer bypassSecurityTrustHtml \u0275getDOM getLocation href sanitizer bypassSecurityTrustHtml route snapshot params foo sanitizer bypassSecurityTrustHtml route snapshot queryParams foo sanitizer bypassSecurityTrustHtml route snapshot fragment sanitizer bypassSecurityTrustHtml route snapshot paramMap get foo sanitizer bypassSecurityTrustHtml route snapshot queryParamMap get foo route paramMap subscribe map sanitizer bypassSecurityTrustHtml map get foo sanitizer bypassSecurityTrustHtml 1 route snapshot url 1 path sanitizer bypassSecurityTrustHtml 1 route snapshot url 1 parameters x sanitizer bypassSecurityTrustHtml 1 route snapshot url 1 parameterMap get x sanitizer bypassSecurityTrustHtml 1 route snapshot url 1 parameterMap params x sanitizer bypassSecurityTrustHtml router url sanitizer2 bypassSecurityTrustHtml router url | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:30:54:30:58 | 'foo' | enclosingFunctionName | ngOnInit | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:30:54:30:58 | 'foo' | fileImports | @angular/common @angular/core @angular/platform-browser @angular/router | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:30:54:30:58 | 'foo' | receiverName | map | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:30:54:30:58 | 'foo' | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:33:44:33:74 | this.ro ... 1].path | CalleeFlexibleAccessPath | this.sanitizer.bypassSecurityTrustHtml | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:33:44:33:74 | this.ro ... 1].path | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:33:44:33:74 | this.ro ... 1].path | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:33:44:33:74 | this.ro ... 1].path | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:33:44:33:74 | this.ro ... 1].path | calleeImports | | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:33:44:33:74 | this.ro ... 1].path | contextFunctionInterfaces | constructor(route, sanitizer, router, sanitizer2)\nngOnInit()\nsomeMethod(routeSnapshot) | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:33:44:33:74 | this.ro ... 1].path | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:33:44:33:74 | this.ro ... 1].path | enclosingFunctionBody | sanitizer bypassSecurityTrustHtml \u0275getDOM getLocation href sanitizer bypassSecurityTrustHtml route snapshot params foo sanitizer bypassSecurityTrustHtml route snapshot queryParams foo sanitizer bypassSecurityTrustHtml route snapshot fragment sanitizer bypassSecurityTrustHtml route snapshot paramMap get foo sanitizer bypassSecurityTrustHtml route snapshot queryParamMap get foo route paramMap subscribe map sanitizer bypassSecurityTrustHtml map get foo sanitizer bypassSecurityTrustHtml 1 route snapshot url 1 path sanitizer bypassSecurityTrustHtml 1 route snapshot url 1 parameters x sanitizer bypassSecurityTrustHtml 1 route snapshot url 1 parameterMap get x sanitizer bypassSecurityTrustHtml 1 route snapshot url 1 parameterMap params x sanitizer bypassSecurityTrustHtml router url sanitizer2 bypassSecurityTrustHtml router url | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:33:44:33:74 | this.ro ... 1].path | enclosingFunctionName | ngOnInit | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:33:44:33:74 | this.ro ... 1].path | fileImports | @angular/common @angular/core @angular/platform-browser @angular/router | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:33:44:33:74 | this.ro ... 1].path | receiverName | | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:33:44:33:74 | this.ro ... 1].path | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:34:44:34:82 | this.ro ... eters.x | CalleeFlexibleAccessPath | this.sanitizer.bypassSecurityTrustHtml | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:34:44:34:82 | this.ro ... eters.x | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:34:44:34:82 | this.ro ... eters.x | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:34:44:34:82 | this.ro ... eters.x | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:34:44:34:82 | this.ro ... eters.x | calleeImports | | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:34:44:34:82 | this.ro ... eters.x | contextFunctionInterfaces | constructor(route, sanitizer, router, sanitizer2)\nngOnInit()\nsomeMethod(routeSnapshot) | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:34:44:34:82 | this.ro ... eters.x | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:34:44:34:82 | this.ro ... eters.x | enclosingFunctionBody | sanitizer bypassSecurityTrustHtml \u0275getDOM getLocation href sanitizer bypassSecurityTrustHtml route snapshot params foo sanitizer bypassSecurityTrustHtml route snapshot queryParams foo sanitizer bypassSecurityTrustHtml route snapshot fragment sanitizer bypassSecurityTrustHtml route snapshot paramMap get foo sanitizer bypassSecurityTrustHtml route snapshot queryParamMap get foo route paramMap subscribe map sanitizer bypassSecurityTrustHtml map get foo sanitizer bypassSecurityTrustHtml 1 route snapshot url 1 path sanitizer bypassSecurityTrustHtml 1 route snapshot url 1 parameters x sanitizer bypassSecurityTrustHtml 1 route snapshot url 1 parameterMap get x sanitizer bypassSecurityTrustHtml 1 route snapshot url 1 parameterMap params x sanitizer bypassSecurityTrustHtml router url sanitizer2 bypassSecurityTrustHtml router url | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:34:44:34:82 | this.ro ... eters.x | enclosingFunctionName | ngOnInit | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:34:44:34:82 | this.ro ... eters.x | fileImports | @angular/common @angular/core @angular/platform-browser @angular/router | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:34:44:34:82 | this.ro ... eters.x | receiverName | | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:34:44:34:82 | this.ro ... eters.x | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:35:44:35:91 | this.ro ... et('x') | CalleeFlexibleAccessPath | this.sanitizer.bypassSecurityTrustHtml | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:35:44:35:91 | this.ro ... et('x') | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:35:44:35:91 | this.ro ... et('x') | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:35:44:35:91 | this.ro ... et('x') | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:35:44:35:91 | this.ro ... et('x') | calleeImports | | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:35:44:35:91 | this.ro ... et('x') | contextFunctionInterfaces | constructor(route, sanitizer, router, sanitizer2)\nngOnInit()\nsomeMethod(routeSnapshot) | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:35:44:35:91 | this.ro ... et('x') | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:35:44:35:91 | this.ro ... et('x') | enclosingFunctionBody | sanitizer bypassSecurityTrustHtml \u0275getDOM getLocation href sanitizer bypassSecurityTrustHtml route snapshot params foo sanitizer bypassSecurityTrustHtml route snapshot queryParams foo sanitizer bypassSecurityTrustHtml route snapshot fragment sanitizer bypassSecurityTrustHtml route snapshot paramMap get foo sanitizer bypassSecurityTrustHtml route snapshot queryParamMap get foo route paramMap subscribe map sanitizer bypassSecurityTrustHtml map get foo sanitizer bypassSecurityTrustHtml 1 route snapshot url 1 path sanitizer bypassSecurityTrustHtml 1 route snapshot url 1 parameters x sanitizer bypassSecurityTrustHtml 1 route snapshot url 1 parameterMap get x sanitizer bypassSecurityTrustHtml 1 route snapshot url 1 parameterMap params x sanitizer bypassSecurityTrustHtml router url sanitizer2 bypassSecurityTrustHtml router url | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:35:44:35:91 | this.ro ... et('x') | enclosingFunctionName | ngOnInit | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:35:44:35:91 | this.ro ... et('x') | fileImports | @angular/common @angular/core @angular/platform-browser @angular/router | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:35:44:35:91 | this.ro ... et('x') | receiverName | | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:35:44:35:91 | this.ro ... et('x') | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:35:88:35:90 | 'x' | CalleeFlexibleAccessPath | this.route.snapshot.url.1.parameterMap.get | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:35:88:35:90 | 'x' | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:35:88:35:90 | 'x' | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:35:88:35:90 | 'x' | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:35:88:35:90 | 'x' | calleeImports | | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:35:88:35:90 | 'x' | contextFunctionInterfaces | constructor(route, sanitizer, router, sanitizer2)\nngOnInit()\nsomeMethod(routeSnapshot) | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:35:88:35:90 | 'x' | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:35:88:35:90 | 'x' | enclosingFunctionBody | sanitizer bypassSecurityTrustHtml \u0275getDOM getLocation href sanitizer bypassSecurityTrustHtml route snapshot params foo sanitizer bypassSecurityTrustHtml route snapshot queryParams foo sanitizer bypassSecurityTrustHtml route snapshot fragment sanitizer bypassSecurityTrustHtml route snapshot paramMap get foo sanitizer bypassSecurityTrustHtml route snapshot queryParamMap get foo route paramMap subscribe map sanitizer bypassSecurityTrustHtml map get foo sanitizer bypassSecurityTrustHtml 1 route snapshot url 1 path sanitizer bypassSecurityTrustHtml 1 route snapshot url 1 parameters x sanitizer bypassSecurityTrustHtml 1 route snapshot url 1 parameterMap get x sanitizer bypassSecurityTrustHtml 1 route snapshot url 1 parameterMap params x sanitizer bypassSecurityTrustHtml router url sanitizer2 bypassSecurityTrustHtml router url | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:35:88:35:90 | 'x' | enclosingFunctionName | ngOnInit | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:35:88:35:90 | 'x' | fileImports | @angular/common @angular/core @angular/platform-browser @angular/router | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:35:88:35:90 | 'x' | receiverName | | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:35:88:35:90 | 'x' | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:36:44:36:91 | this.ro ... arams.x | CalleeFlexibleAccessPath | this.sanitizer.bypassSecurityTrustHtml | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:36:44:36:91 | this.ro ... arams.x | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:36:44:36:91 | this.ro ... arams.x | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:36:44:36:91 | this.ro ... arams.x | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:36:44:36:91 | this.ro ... arams.x | calleeImports | | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:36:44:36:91 | this.ro ... arams.x | contextFunctionInterfaces | constructor(route, sanitizer, router, sanitizer2)\nngOnInit()\nsomeMethod(routeSnapshot) | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:36:44:36:91 | this.ro ... arams.x | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:36:44:36:91 | this.ro ... arams.x | enclosingFunctionBody | sanitizer bypassSecurityTrustHtml \u0275getDOM getLocation href sanitizer bypassSecurityTrustHtml route snapshot params foo sanitizer bypassSecurityTrustHtml route snapshot queryParams foo sanitizer bypassSecurityTrustHtml route snapshot fragment sanitizer bypassSecurityTrustHtml route snapshot paramMap get foo sanitizer bypassSecurityTrustHtml route snapshot queryParamMap get foo route paramMap subscribe map sanitizer bypassSecurityTrustHtml map get foo sanitizer bypassSecurityTrustHtml 1 route snapshot url 1 path sanitizer bypassSecurityTrustHtml 1 route snapshot url 1 parameters x sanitizer bypassSecurityTrustHtml 1 route snapshot url 1 parameterMap get x sanitizer bypassSecurityTrustHtml 1 route snapshot url 1 parameterMap params x sanitizer bypassSecurityTrustHtml router url sanitizer2 bypassSecurityTrustHtml router url | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:36:44:36:91 | this.ro ... arams.x | enclosingFunctionName | ngOnInit | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:36:44:36:91 | this.ro ... arams.x | fileImports | @angular/common @angular/core @angular/platform-browser @angular/router | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:36:44:36:91 | this.ro ... arams.x | receiverName | | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:36:44:36:91 | this.ro ... arams.x | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:38:44:38:58 | this.router.url | CalleeFlexibleAccessPath | this.sanitizer.bypassSecurityTrustHtml | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:38:44:38:58 | this.router.url | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:38:44:38:58 | this.router.url | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:38:44:38:58 | this.router.url | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:38:44:38:58 | this.router.url | calleeImports | | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:38:44:38:58 | this.router.url | contextFunctionInterfaces | constructor(route, sanitizer, router, sanitizer2)\nngOnInit()\nsomeMethod(routeSnapshot) | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:38:44:38:58 | this.router.url | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:38:44:38:58 | this.router.url | enclosingFunctionBody | sanitizer bypassSecurityTrustHtml \u0275getDOM getLocation href sanitizer bypassSecurityTrustHtml route snapshot params foo sanitizer bypassSecurityTrustHtml route snapshot queryParams foo sanitizer bypassSecurityTrustHtml route snapshot fragment sanitizer bypassSecurityTrustHtml route snapshot paramMap get foo sanitizer bypassSecurityTrustHtml route snapshot queryParamMap get foo route paramMap subscribe map sanitizer bypassSecurityTrustHtml map get foo sanitizer bypassSecurityTrustHtml 1 route snapshot url 1 path sanitizer bypassSecurityTrustHtml 1 route snapshot url 1 parameters x sanitizer bypassSecurityTrustHtml 1 route snapshot url 1 parameterMap get x sanitizer bypassSecurityTrustHtml 1 route snapshot url 1 parameterMap params x sanitizer bypassSecurityTrustHtml router url sanitizer2 bypassSecurityTrustHtml router url | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:38:44:38:58 | this.router.url | enclosingFunctionName | ngOnInit | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:38:44:38:58 | this.router.url | fileImports | @angular/common @angular/core @angular/platform-browser @angular/router | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:38:44:38:58 | this.router.url | receiverName | | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:38:44:38:58 | this.router.url | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:40:45:40:59 | this.router.url | CalleeFlexibleAccessPath | this.sanitizer2.bypassSecurityTrustHtml | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:40:45:40:59 | this.router.url | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:40:45:40:59 | this.router.url | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:40:45:40:59 | this.router.url | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:40:45:40:59 | this.router.url | calleeImports | | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:40:45:40:59 | this.router.url | contextFunctionInterfaces | constructor(route, sanitizer, router, sanitizer2)\nngOnInit()\nsomeMethod(routeSnapshot) | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:40:45:40:59 | this.router.url | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:40:45:40:59 | this.router.url | enclosingFunctionBody | sanitizer bypassSecurityTrustHtml \u0275getDOM getLocation href sanitizer bypassSecurityTrustHtml route snapshot params foo sanitizer bypassSecurityTrustHtml route snapshot queryParams foo sanitizer bypassSecurityTrustHtml route snapshot fragment sanitizer bypassSecurityTrustHtml route snapshot paramMap get foo sanitizer bypassSecurityTrustHtml route snapshot queryParamMap get foo route paramMap subscribe map sanitizer bypassSecurityTrustHtml map get foo sanitizer bypassSecurityTrustHtml 1 route snapshot url 1 path sanitizer bypassSecurityTrustHtml 1 route snapshot url 1 parameters x sanitizer bypassSecurityTrustHtml 1 route snapshot url 1 parameterMap get x sanitizer bypassSecurityTrustHtml 1 route snapshot url 1 parameterMap params x sanitizer bypassSecurityTrustHtml router url sanitizer2 bypassSecurityTrustHtml router url | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:40:45:40:59 | this.router.url | enclosingFunctionName | ngOnInit | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:40:45:40:59 | this.router.url | fileImports | @angular/common @angular/core @angular/platform-browser @angular/router | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:40:45:40:59 | this.router.url | receiverName | | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:40:45:40:59 | this.router.url | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:44:44:44:76 | routeSn ... ('foo') | CalleeFlexibleAccessPath | this.sanitizer.bypassSecurityTrustHtml | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:44:44:44:76 | routeSn ... ('foo') | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:44:44:44:76 | routeSn ... ('foo') | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:44:44:44:76 | routeSn ... ('foo') | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:44:44:44:76 | routeSn ... ('foo') | calleeImports | | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:44:44:44:76 | routeSn ... ('foo') | contextFunctionInterfaces | constructor(route, sanitizer, router, sanitizer2)\nngOnInit()\nsomeMethod(routeSnapshot) | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:44:44:44:76 | routeSn ... ('foo') | contextSurroundingFunctionParameters | (routeSnapshot) | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:44:44:44:76 | routeSn ... ('foo') | enclosingFunctionBody | routeSnapshot ActivatedRouteSnapshot sanitizer bypassSecurityTrustHtml routeSnapshot paramMap get foo | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:44:44:44:76 | routeSn ... ('foo') | enclosingFunctionName | someMethod | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:44:44:44:76 | routeSn ... ('foo') | fileImports | @angular/common @angular/core @angular/platform-browser @angular/router | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:44:44:44:76 | routeSn ... ('foo') | receiverName | | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:44:44:44:76 | routeSn ... ('foo') | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:44:71:44:75 | 'foo' | CalleeFlexibleAccessPath | routeSnapshot.paramMap.get | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:44:71:44:75 | 'foo' | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:44:71:44:75 | 'foo' | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:44:71:44:75 | 'foo' | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:44:71:44:75 | 'foo' | calleeImports | | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:44:71:44:75 | 'foo' | contextFunctionInterfaces | constructor(route, sanitizer, router, sanitizer2)\nngOnInit()\nsomeMethod(routeSnapshot) | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:44:71:44:75 | 'foo' | contextSurroundingFunctionParameters | (routeSnapshot) | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:44:71:44:75 | 'foo' | enclosingFunctionBody | routeSnapshot ActivatedRouteSnapshot sanitizer bypassSecurityTrustHtml routeSnapshot paramMap get foo | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:44:71:44:75 | 'foo' | enclosingFunctionName | someMethod | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:44:71:44:75 | 'foo' | fileImports | @angular/common @angular/core @angular/platform-browser @angular/router | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:44:71:44:75 | 'foo' | receiverName | | -| autogenerated/Xss/DomBasedXss/angular2-client.ts:44:71:44:75 | 'foo' | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/classnames.js:7:31:7:84 | `` | CalleeFlexibleAccessPath | | -| autogenerated/Xss/DomBasedXss/classnames.js:7:31:7:84 | `` | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/classnames.js:7:31:7:84 | `` | InputArgumentIndex | | -| autogenerated/Xss/DomBasedXss/classnames.js:7:31:7:84 | `` | assignedToPropName | innerHTML | -| autogenerated/Xss/DomBasedXss/classnames.js:7:31:7:84 | `` | calleeImports | | -| autogenerated/Xss/DomBasedXss/classnames.js:7:31:7:84 | `` | contextFunctionInterfaces | main() | -| autogenerated/Xss/DomBasedXss/classnames.js:7:31:7:84 | `` | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/classnames.js:7:31:7:84 | `` | enclosingFunctionBody | document body innerHTML Hello document body innerHTML Hello document body innerHTML Hello unsafeStyle classNames bind foo window name document body innerHTML Hello safeStyle classNames bind document body innerHTML Hello document body innerHTML Hello document body innerHTML Hello | -| autogenerated/Xss/DomBasedXss/classnames.js:7:31:7:84 | `` | enclosingFunctionName | main | -| autogenerated/Xss/DomBasedXss/classnames.js:7:31:7:84 | `` | fileImports | classnames classnames/bind classnames/dedupe clsx | -| autogenerated/Xss/DomBasedXss/classnames.js:7:31:7:84 | `` | receiverName | | -| autogenerated/Xss/DomBasedXss/classnames.js:7:31:7:84 | `` | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/classnames.js:7:32:7:44 | Hello document body innerHTML Hello document body innerHTML Hello unsafeStyle classNames bind foo window name document body innerHTML Hello safeStyle classNames bind document body innerHTML Hello document body innerHTML Hello document body innerHTML Hello | -| autogenerated/Xss/DomBasedXss/classnames.js:7:32:7:44 | Hello' | -| autogenerated/Xss/DomBasedXss/classnames.js:7:47:7:69 | classNa ... w.name) | CalleeFlexibleAccessPath | | -| autogenerated/Xss/DomBasedXss/classnames.js:7:47:7:69 | classNa ... w.name) | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/classnames.js:7:47:7:69 | classNa ... w.name) | InputArgumentIndex | | -| autogenerated/Xss/DomBasedXss/classnames.js:7:47:7:69 | classNa ... w.name) | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/classnames.js:7:47:7:69 | classNa ... w.name) | calleeImports | | -| autogenerated/Xss/DomBasedXss/classnames.js:7:47:7:69 | classNa ... w.name) | contextFunctionInterfaces | main() | -| autogenerated/Xss/DomBasedXss/classnames.js:7:47:7:69 | classNa ... w.name) | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/classnames.js:7:47:7:69 | classNa ... w.name) | enclosingFunctionBody | document body innerHTML Hello document body innerHTML Hello document body innerHTML Hello unsafeStyle classNames bind foo window name document body innerHTML Hello safeStyle classNames bind document body innerHTML Hello document body innerHTML Hello document body innerHTML Hello | -| autogenerated/Xss/DomBasedXss/classnames.js:7:47:7:69 | classNa ... w.name) | enclosingFunctionName | main | -| autogenerated/Xss/DomBasedXss/classnames.js:7:47:7:69 | classNa ... w.name) | fileImports | classnames classnames/bind classnames/dedupe clsx | -| autogenerated/Xss/DomBasedXss/classnames.js:7:47:7:69 | classNa ... w.name) | receiverName | | -| autogenerated/Xss/DomBasedXss/classnames.js:7:47:7:69 | classNa ... w.name) | stringConcatenatedWith | 'Hello' | -| autogenerated/Xss/DomBasedXss/classnames.js:7:71:7:83 | ">Hello | CalleeFlexibleAccessPath | | -| autogenerated/Xss/DomBasedXss/classnames.js:7:71:7:83 | ">Hello | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/classnames.js:7:71:7:83 | ">Hello | InputArgumentIndex | | -| autogenerated/Xss/DomBasedXss/classnames.js:7:71:7:83 | ">Hello | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/classnames.js:7:71:7:83 | ">Hello | calleeImports | | -| autogenerated/Xss/DomBasedXss/classnames.js:7:71:7:83 | ">Hello | contextFunctionInterfaces | main() | -| autogenerated/Xss/DomBasedXss/classnames.js:7:71:7:83 | ">Hello | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/classnames.js:7:71:7:83 | ">Hello | enclosingFunctionBody | document body innerHTML Hello document body innerHTML Hello document body innerHTML Hello unsafeStyle classNames bind foo window name document body innerHTML Hello safeStyle classNames bind document body innerHTML Hello document body innerHTML Hello document body innerHTML Hello | -| autogenerated/Xss/DomBasedXss/classnames.js:7:71:7:83 | ">Hello | enclosingFunctionName | main | -| autogenerated/Xss/DomBasedXss/classnames.js:7:71:7:83 | ">Hello | fileImports | classnames classnames/bind classnames/dedupe clsx | -| autogenerated/Xss/DomBasedXss/classnames.js:7:71:7:83 | ">Hello | receiverName | | -| autogenerated/Xss/DomBasedXss/classnames.js:7:71:7:83 | ">Hello | stringConcatenatedWith | 'Hello document body innerHTML Hello document body innerHTML Hello unsafeStyle classNames bind foo window name document body innerHTML Hello safeStyle classNames bind document body innerHTML Hello document body innerHTML Hello document body innerHTML Hello | -| autogenerated/Xss/DomBasedXss/classnames.js:8:31:8:85 | `` | enclosingFunctionName | main | -| autogenerated/Xss/DomBasedXss/classnames.js:8:31:8:85 | `` | fileImports | classnames classnames/bind classnames/dedupe clsx | -| autogenerated/Xss/DomBasedXss/classnames.js:8:31:8:85 | `` | receiverName | | -| autogenerated/Xss/DomBasedXss/classnames.js:8:31:8:85 | `` | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/classnames.js:8:32:8:44 | Hello document body innerHTML Hello document body innerHTML Hello unsafeStyle classNames bind foo window name document body innerHTML Hello safeStyle classNames bind document body innerHTML Hello document body innerHTML Hello document body innerHTML Hello | -| autogenerated/Xss/DomBasedXss/classnames.js:8:32:8:44 | Hello' | -| autogenerated/Xss/DomBasedXss/classnames.js:8:47:8:70 | classNa ... w.name) | CalleeFlexibleAccessPath | | -| autogenerated/Xss/DomBasedXss/classnames.js:8:47:8:70 | classNa ... w.name) | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/classnames.js:8:47:8:70 | classNa ... w.name) | InputArgumentIndex | | -| autogenerated/Xss/DomBasedXss/classnames.js:8:47:8:70 | classNa ... w.name) | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/classnames.js:8:47:8:70 | classNa ... w.name) | calleeImports | | -| autogenerated/Xss/DomBasedXss/classnames.js:8:47:8:70 | classNa ... w.name) | contextFunctionInterfaces | main() | -| autogenerated/Xss/DomBasedXss/classnames.js:8:47:8:70 | classNa ... w.name) | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/classnames.js:8:47:8:70 | classNa ... w.name) | enclosingFunctionBody | document body innerHTML Hello document body innerHTML Hello document body innerHTML Hello unsafeStyle classNames bind foo window name document body innerHTML Hello safeStyle classNames bind document body innerHTML Hello document body innerHTML Hello document body innerHTML Hello | -| autogenerated/Xss/DomBasedXss/classnames.js:8:47:8:70 | classNa ... w.name) | enclosingFunctionName | main | -| autogenerated/Xss/DomBasedXss/classnames.js:8:47:8:70 | classNa ... w.name) | fileImports | classnames classnames/bind classnames/dedupe clsx | -| autogenerated/Xss/DomBasedXss/classnames.js:8:47:8:70 | classNa ... w.name) | receiverName | | -| autogenerated/Xss/DomBasedXss/classnames.js:8:47:8:70 | classNa ... w.name) | stringConcatenatedWith | 'Hello' | -| autogenerated/Xss/DomBasedXss/classnames.js:8:72:8:84 | ">Hello | CalleeFlexibleAccessPath | | -| autogenerated/Xss/DomBasedXss/classnames.js:8:72:8:84 | ">Hello | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/classnames.js:8:72:8:84 | ">Hello | InputArgumentIndex | | -| autogenerated/Xss/DomBasedXss/classnames.js:8:72:8:84 | ">Hello | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/classnames.js:8:72:8:84 | ">Hello | calleeImports | | -| autogenerated/Xss/DomBasedXss/classnames.js:8:72:8:84 | ">Hello | contextFunctionInterfaces | main() | -| autogenerated/Xss/DomBasedXss/classnames.js:8:72:8:84 | ">Hello | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/classnames.js:8:72:8:84 | ">Hello | enclosingFunctionBody | document body innerHTML Hello document body innerHTML Hello document body innerHTML Hello unsafeStyle classNames bind foo window name document body innerHTML Hello safeStyle classNames bind document body innerHTML Hello document body innerHTML Hello document body innerHTML Hello | -| autogenerated/Xss/DomBasedXss/classnames.js:8:72:8:84 | ">Hello | enclosingFunctionName | main | -| autogenerated/Xss/DomBasedXss/classnames.js:8:72:8:84 | ">Hello | fileImports | classnames classnames/bind classnames/dedupe clsx | -| autogenerated/Xss/DomBasedXss/classnames.js:8:72:8:84 | ">Hello | receiverName | | -| autogenerated/Xss/DomBasedXss/classnames.js:8:72:8:84 | ">Hello | stringConcatenatedWith | 'Hello document body innerHTML Hello document body innerHTML Hello unsafeStyle classNames bind foo window name document body innerHTML Hello safeStyle classNames bind document body innerHTML Hello document body innerHTML Hello document body innerHTML Hello | -| autogenerated/Xss/DomBasedXss/classnames.js:9:31:9:85 | `` | enclosingFunctionName | main | -| autogenerated/Xss/DomBasedXss/classnames.js:9:31:9:85 | `` | fileImports | classnames classnames/bind classnames/dedupe clsx | -| autogenerated/Xss/DomBasedXss/classnames.js:9:31:9:85 | `` | receiverName | | -| autogenerated/Xss/DomBasedXss/classnames.js:9:31:9:85 | `` | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/classnames.js:9:32:9:44 | Hello document body innerHTML Hello document body innerHTML Hello unsafeStyle classNames bind foo window name document body innerHTML Hello safeStyle classNames bind document body innerHTML Hello document body innerHTML Hello document body innerHTML Hello | -| autogenerated/Xss/DomBasedXss/classnames.js:9:32:9:44 | Hello' | -| autogenerated/Xss/DomBasedXss/classnames.js:9:47:9:70 | classNa ... w.name) | CalleeFlexibleAccessPath | | -| autogenerated/Xss/DomBasedXss/classnames.js:9:47:9:70 | classNa ... w.name) | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/classnames.js:9:47:9:70 | classNa ... w.name) | InputArgumentIndex | | -| autogenerated/Xss/DomBasedXss/classnames.js:9:47:9:70 | classNa ... w.name) | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/classnames.js:9:47:9:70 | classNa ... w.name) | calleeImports | | -| autogenerated/Xss/DomBasedXss/classnames.js:9:47:9:70 | classNa ... w.name) | contextFunctionInterfaces | main() | -| autogenerated/Xss/DomBasedXss/classnames.js:9:47:9:70 | classNa ... w.name) | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/classnames.js:9:47:9:70 | classNa ... w.name) | enclosingFunctionBody | document body innerHTML Hello document body innerHTML Hello document body innerHTML Hello unsafeStyle classNames bind foo window name document body innerHTML Hello safeStyle classNames bind document body innerHTML Hello document body innerHTML Hello document body innerHTML Hello | -| autogenerated/Xss/DomBasedXss/classnames.js:9:47:9:70 | classNa ... w.name) | enclosingFunctionName | main | -| autogenerated/Xss/DomBasedXss/classnames.js:9:47:9:70 | classNa ... w.name) | fileImports | classnames classnames/bind classnames/dedupe clsx | -| autogenerated/Xss/DomBasedXss/classnames.js:9:47:9:70 | classNa ... w.name) | receiverName | | -| autogenerated/Xss/DomBasedXss/classnames.js:9:47:9:70 | classNa ... w.name) | stringConcatenatedWith | 'Hello' | -| autogenerated/Xss/DomBasedXss/classnames.js:9:72:9:84 | ">Hello | CalleeFlexibleAccessPath | | -| autogenerated/Xss/DomBasedXss/classnames.js:9:72:9:84 | ">Hello | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/classnames.js:9:72:9:84 | ">Hello | InputArgumentIndex | | -| autogenerated/Xss/DomBasedXss/classnames.js:9:72:9:84 | ">Hello | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/classnames.js:9:72:9:84 | ">Hello | calleeImports | | -| autogenerated/Xss/DomBasedXss/classnames.js:9:72:9:84 | ">Hello | contextFunctionInterfaces | main() | -| autogenerated/Xss/DomBasedXss/classnames.js:9:72:9:84 | ">Hello | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/classnames.js:9:72:9:84 | ">Hello | enclosingFunctionBody | document body innerHTML Hello document body innerHTML Hello document body innerHTML Hello unsafeStyle classNames bind foo window name document body innerHTML Hello safeStyle classNames bind document body innerHTML Hello document body innerHTML Hello document body innerHTML Hello | -| autogenerated/Xss/DomBasedXss/classnames.js:9:72:9:84 | ">Hello | enclosingFunctionName | main | -| autogenerated/Xss/DomBasedXss/classnames.js:9:72:9:84 | ">Hello | fileImports | classnames classnames/bind classnames/dedupe clsx | -| autogenerated/Xss/DomBasedXss/classnames.js:9:72:9:84 | ">Hello | receiverName | | -| autogenerated/Xss/DomBasedXss/classnames.js:9:72:9:84 | ">Hello | stringConcatenatedWith | 'Hello document body innerHTML Hello document body innerHTML Hello unsafeStyle classNames bind foo window name document body innerHTML Hello safeStyle classNames bind document body innerHTML Hello document body innerHTML Hello document body innerHTML Hello | -| autogenerated/Xss/DomBasedXss/classnames.js:10:45:10:55 | window.name | enclosingFunctionName | main | -| autogenerated/Xss/DomBasedXss/classnames.js:10:45:10:55 | window.name | fileImports | classnames classnames/bind classnames/dedupe clsx | -| autogenerated/Xss/DomBasedXss/classnames.js:10:45:10:55 | window.name | receiverName | | -| autogenerated/Xss/DomBasedXss/classnames.js:10:45:10:55 | window.name | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/classnames.js:11:31:11:79 | `` | CalleeFlexibleAccessPath | | -| autogenerated/Xss/DomBasedXss/classnames.js:11:31:11:79 | `` | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/classnames.js:11:31:11:79 | `` | InputArgumentIndex | | -| autogenerated/Xss/DomBasedXss/classnames.js:11:31:11:79 | `` | assignedToPropName | innerHTML | -| autogenerated/Xss/DomBasedXss/classnames.js:11:31:11:79 | `` | calleeImports | | -| autogenerated/Xss/DomBasedXss/classnames.js:11:31:11:79 | `` | contextFunctionInterfaces | main() | -| autogenerated/Xss/DomBasedXss/classnames.js:11:31:11:79 | `` | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/classnames.js:11:31:11:79 | `` | enclosingFunctionBody | document body innerHTML Hello document body innerHTML Hello document body innerHTML Hello unsafeStyle classNames bind foo window name document body innerHTML Hello safeStyle classNames bind document body innerHTML Hello document body innerHTML Hello document body innerHTML Hello | -| autogenerated/Xss/DomBasedXss/classnames.js:11:31:11:79 | `` | enclosingFunctionName | main | -| autogenerated/Xss/DomBasedXss/classnames.js:11:31:11:79 | `` | fileImports | classnames classnames/bind classnames/dedupe clsx | -| autogenerated/Xss/DomBasedXss/classnames.js:11:31:11:79 | `` | receiverName | | -| autogenerated/Xss/DomBasedXss/classnames.js:11:31:11:79 | `` | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/classnames.js:11:32:11:44 | Hello document body innerHTML Hello document body innerHTML Hello unsafeStyle classNames bind foo window name document body innerHTML Hello safeStyle classNames bind document body innerHTML Hello document body innerHTML Hello document body innerHTML Hello | -| autogenerated/Xss/DomBasedXss/classnames.js:11:32:11:44 | Hello' | -| autogenerated/Xss/DomBasedXss/classnames.js:11:47:11:64 | unsafeStyle('foo') | CalleeFlexibleAccessPath | | -| autogenerated/Xss/DomBasedXss/classnames.js:11:47:11:64 | unsafeStyle('foo') | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/classnames.js:11:47:11:64 | unsafeStyle('foo') | InputArgumentIndex | | -| autogenerated/Xss/DomBasedXss/classnames.js:11:47:11:64 | unsafeStyle('foo') | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/classnames.js:11:47:11:64 | unsafeStyle('foo') | calleeImports | | -| autogenerated/Xss/DomBasedXss/classnames.js:11:47:11:64 | unsafeStyle('foo') | contextFunctionInterfaces | main() | -| autogenerated/Xss/DomBasedXss/classnames.js:11:47:11:64 | unsafeStyle('foo') | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/classnames.js:11:47:11:64 | unsafeStyle('foo') | enclosingFunctionBody | document body innerHTML Hello document body innerHTML Hello document body innerHTML Hello unsafeStyle classNames bind foo window name document body innerHTML Hello safeStyle classNames bind document body innerHTML Hello document body innerHTML Hello document body innerHTML Hello | -| autogenerated/Xss/DomBasedXss/classnames.js:11:47:11:64 | unsafeStyle('foo') | enclosingFunctionName | main | -| autogenerated/Xss/DomBasedXss/classnames.js:11:47:11:64 | unsafeStyle('foo') | fileImports | classnames classnames/bind classnames/dedupe clsx | -| autogenerated/Xss/DomBasedXss/classnames.js:11:47:11:64 | unsafeStyle('foo') | receiverName | | -| autogenerated/Xss/DomBasedXss/classnames.js:11:47:11:64 | unsafeStyle('foo') | stringConcatenatedWith | 'Hello' | -| autogenerated/Xss/DomBasedXss/classnames.js:11:66:11:78 | ">Hello | CalleeFlexibleAccessPath | | -| autogenerated/Xss/DomBasedXss/classnames.js:11:66:11:78 | ">Hello | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/classnames.js:11:66:11:78 | ">Hello | InputArgumentIndex | | -| autogenerated/Xss/DomBasedXss/classnames.js:11:66:11:78 | ">Hello | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/classnames.js:11:66:11:78 | ">Hello | calleeImports | | -| autogenerated/Xss/DomBasedXss/classnames.js:11:66:11:78 | ">Hello | contextFunctionInterfaces | main() | -| autogenerated/Xss/DomBasedXss/classnames.js:11:66:11:78 | ">Hello | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/classnames.js:11:66:11:78 | ">Hello | enclosingFunctionBody | document body innerHTML Hello document body innerHTML Hello document body innerHTML Hello unsafeStyle classNames bind foo window name document body innerHTML Hello safeStyle classNames bind document body innerHTML Hello document body innerHTML Hello document body innerHTML Hello | -| autogenerated/Xss/DomBasedXss/classnames.js:11:66:11:78 | ">Hello | enclosingFunctionName | main | -| autogenerated/Xss/DomBasedXss/classnames.js:11:66:11:78 | ">Hello | fileImports | classnames classnames/bind classnames/dedupe clsx | -| autogenerated/Xss/DomBasedXss/classnames.js:11:66:11:78 | ">Hello | receiverName | | -| autogenerated/Xss/DomBasedXss/classnames.js:11:66:11:78 | ">Hello | stringConcatenatedWith | 'Hello document body innerHTML Hello document body innerHTML Hello unsafeStyle classNames bind foo window name document body innerHTML Hello safeStyle classNames bind document body innerHTML Hello document body innerHTML Hello document body innerHTML Hello | -| autogenerated/Xss/DomBasedXss/classnames.js:13:31:13:83 | `` | enclosingFunctionName | main | -| autogenerated/Xss/DomBasedXss/classnames.js:13:31:13:83 | `` | fileImports | classnames classnames/bind classnames/dedupe clsx | -| autogenerated/Xss/DomBasedXss/classnames.js:13:31:13:83 | `` | receiverName | | -| autogenerated/Xss/DomBasedXss/classnames.js:13:31:13:83 | `` | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/classnames.js:13:32:13:44 | Hello document body innerHTML Hello document body innerHTML Hello unsafeStyle classNames bind foo window name document body innerHTML Hello safeStyle classNames bind document body innerHTML Hello document body innerHTML Hello document body innerHTML Hello | -| autogenerated/Xss/DomBasedXss/classnames.js:13:32:13:44 | Hello' | -| autogenerated/Xss/DomBasedXss/classnames.js:13:47:13:68 | safeSty ... w.name) | CalleeFlexibleAccessPath | | -| autogenerated/Xss/DomBasedXss/classnames.js:13:47:13:68 | safeSty ... w.name) | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/classnames.js:13:47:13:68 | safeSty ... w.name) | InputArgumentIndex | | -| autogenerated/Xss/DomBasedXss/classnames.js:13:47:13:68 | safeSty ... w.name) | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/classnames.js:13:47:13:68 | safeSty ... w.name) | calleeImports | | -| autogenerated/Xss/DomBasedXss/classnames.js:13:47:13:68 | safeSty ... w.name) | contextFunctionInterfaces | main() | -| autogenerated/Xss/DomBasedXss/classnames.js:13:47:13:68 | safeSty ... w.name) | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/classnames.js:13:47:13:68 | safeSty ... w.name) | enclosingFunctionBody | document body innerHTML Hello document body innerHTML Hello document body innerHTML Hello unsafeStyle classNames bind foo window name document body innerHTML Hello safeStyle classNames bind document body innerHTML Hello document body innerHTML Hello document body innerHTML Hello | -| autogenerated/Xss/DomBasedXss/classnames.js:13:47:13:68 | safeSty ... w.name) | enclosingFunctionName | main | -| autogenerated/Xss/DomBasedXss/classnames.js:13:47:13:68 | safeSty ... w.name) | fileImports | classnames classnames/bind classnames/dedupe clsx | -| autogenerated/Xss/DomBasedXss/classnames.js:13:47:13:68 | safeSty ... w.name) | receiverName | | -| autogenerated/Xss/DomBasedXss/classnames.js:13:47:13:68 | safeSty ... w.name) | stringConcatenatedWith | 'Hello' | -| autogenerated/Xss/DomBasedXss/classnames.js:13:70:13:82 | ">Hello | CalleeFlexibleAccessPath | | -| autogenerated/Xss/DomBasedXss/classnames.js:13:70:13:82 | ">Hello | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/classnames.js:13:70:13:82 | ">Hello | InputArgumentIndex | | -| autogenerated/Xss/DomBasedXss/classnames.js:13:70:13:82 | ">Hello | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/classnames.js:13:70:13:82 | ">Hello | calleeImports | | -| autogenerated/Xss/DomBasedXss/classnames.js:13:70:13:82 | ">Hello | contextFunctionInterfaces | main() | -| autogenerated/Xss/DomBasedXss/classnames.js:13:70:13:82 | ">Hello | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/classnames.js:13:70:13:82 | ">Hello | enclosingFunctionBody | document body innerHTML Hello document body innerHTML Hello document body innerHTML Hello unsafeStyle classNames bind foo window name document body innerHTML Hello safeStyle classNames bind document body innerHTML Hello document body innerHTML Hello document body innerHTML Hello | -| autogenerated/Xss/DomBasedXss/classnames.js:13:70:13:82 | ">Hello | enclosingFunctionName | main | -| autogenerated/Xss/DomBasedXss/classnames.js:13:70:13:82 | ">Hello | fileImports | classnames classnames/bind classnames/dedupe clsx | -| autogenerated/Xss/DomBasedXss/classnames.js:13:70:13:82 | ">Hello | receiverName | | -| autogenerated/Xss/DomBasedXss/classnames.js:13:70:13:82 | ">Hello | stringConcatenatedWith | 'Hello document body innerHTML Hello document body innerHTML Hello unsafeStyle classNames bind foo window name document body innerHTML Hello safeStyle classNames bind document body innerHTML Hello document body innerHTML Hello document body innerHTML Hello | -| autogenerated/Xss/DomBasedXss/classnames.js:14:31:14:77 | `` | enclosingFunctionName | main | -| autogenerated/Xss/DomBasedXss/classnames.js:14:31:14:77 | `` | fileImports | classnames classnames/bind classnames/dedupe clsx | -| autogenerated/Xss/DomBasedXss/classnames.js:14:31:14:77 | `` | receiverName | | -| autogenerated/Xss/DomBasedXss/classnames.js:14:31:14:77 | `` | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/classnames.js:14:32:14:44 | Hello document body innerHTML Hello document body innerHTML Hello unsafeStyle classNames bind foo window name document body innerHTML Hello safeStyle classNames bind document body innerHTML Hello document body innerHTML Hello document body innerHTML Hello | -| autogenerated/Xss/DomBasedXss/classnames.js:14:32:14:44 | Hello' | -| autogenerated/Xss/DomBasedXss/classnames.js:14:47:14:62 | safeStyle('foo') | CalleeFlexibleAccessPath | | -| autogenerated/Xss/DomBasedXss/classnames.js:14:47:14:62 | safeStyle('foo') | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/classnames.js:14:47:14:62 | safeStyle('foo') | InputArgumentIndex | | -| autogenerated/Xss/DomBasedXss/classnames.js:14:47:14:62 | safeStyle('foo') | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/classnames.js:14:47:14:62 | safeStyle('foo') | calleeImports | | -| autogenerated/Xss/DomBasedXss/classnames.js:14:47:14:62 | safeStyle('foo') | contextFunctionInterfaces | main() | -| autogenerated/Xss/DomBasedXss/classnames.js:14:47:14:62 | safeStyle('foo') | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/classnames.js:14:47:14:62 | safeStyle('foo') | enclosingFunctionBody | document body innerHTML Hello document body innerHTML Hello document body innerHTML Hello unsafeStyle classNames bind foo window name document body innerHTML Hello safeStyle classNames bind document body innerHTML Hello document body innerHTML Hello document body innerHTML Hello | -| autogenerated/Xss/DomBasedXss/classnames.js:14:47:14:62 | safeStyle('foo') | enclosingFunctionName | main | -| autogenerated/Xss/DomBasedXss/classnames.js:14:47:14:62 | safeStyle('foo') | fileImports | classnames classnames/bind classnames/dedupe clsx | -| autogenerated/Xss/DomBasedXss/classnames.js:14:47:14:62 | safeStyle('foo') | receiverName | | -| autogenerated/Xss/DomBasedXss/classnames.js:14:47:14:62 | safeStyle('foo') | stringConcatenatedWith | 'Hello' | -| autogenerated/Xss/DomBasedXss/classnames.js:14:64:14:76 | ">Hello | CalleeFlexibleAccessPath | | -| autogenerated/Xss/DomBasedXss/classnames.js:14:64:14:76 | ">Hello | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/classnames.js:14:64:14:76 | ">Hello | InputArgumentIndex | | -| autogenerated/Xss/DomBasedXss/classnames.js:14:64:14:76 | ">Hello | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/classnames.js:14:64:14:76 | ">Hello | calleeImports | | -| autogenerated/Xss/DomBasedXss/classnames.js:14:64:14:76 | ">Hello | contextFunctionInterfaces | main() | -| autogenerated/Xss/DomBasedXss/classnames.js:14:64:14:76 | ">Hello | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/classnames.js:14:64:14:76 | ">Hello | enclosingFunctionBody | document body innerHTML Hello document body innerHTML Hello document body innerHTML Hello unsafeStyle classNames bind foo window name document body innerHTML Hello safeStyle classNames bind document body innerHTML Hello document body innerHTML Hello document body innerHTML Hello | -| autogenerated/Xss/DomBasedXss/classnames.js:14:64:14:76 | ">Hello | enclosingFunctionName | main | -| autogenerated/Xss/DomBasedXss/classnames.js:14:64:14:76 | ">Hello | fileImports | classnames classnames/bind classnames/dedupe clsx | -| autogenerated/Xss/DomBasedXss/classnames.js:14:64:14:76 | ">Hello | receiverName | | -| autogenerated/Xss/DomBasedXss/classnames.js:14:64:14:76 | ">Hello | stringConcatenatedWith | 'Hello document body innerHTML Hello document body innerHTML Hello unsafeStyle classNames bind foo window name document body innerHTML Hello safeStyle classNames bind document body innerHTML Hello document body innerHTML Hello document body innerHTML Hello | -| autogenerated/Xss/DomBasedXss/classnames.js:15:31:15:78 | `` | enclosingFunctionName | main | -| autogenerated/Xss/DomBasedXss/classnames.js:15:31:15:78 | `` | fileImports | classnames classnames/bind classnames/dedupe clsx | -| autogenerated/Xss/DomBasedXss/classnames.js:15:31:15:78 | `` | receiverName | | -| autogenerated/Xss/DomBasedXss/classnames.js:15:31:15:78 | `` | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/classnames.js:15:32:15:44 | Hello document body innerHTML Hello document body innerHTML Hello unsafeStyle classNames bind foo window name document body innerHTML Hello safeStyle classNames bind document body innerHTML Hello document body innerHTML Hello document body innerHTML Hello | -| autogenerated/Xss/DomBasedXss/classnames.js:15:32:15:44 | Hello' | -| autogenerated/Xss/DomBasedXss/classnames.js:15:47:15:63 | clsx(window.name) | CalleeFlexibleAccessPath | | -| autogenerated/Xss/DomBasedXss/classnames.js:15:47:15:63 | clsx(window.name) | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/classnames.js:15:47:15:63 | clsx(window.name) | InputArgumentIndex | | -| autogenerated/Xss/DomBasedXss/classnames.js:15:47:15:63 | clsx(window.name) | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/classnames.js:15:47:15:63 | clsx(window.name) | calleeImports | | -| autogenerated/Xss/DomBasedXss/classnames.js:15:47:15:63 | clsx(window.name) | contextFunctionInterfaces | main() | -| autogenerated/Xss/DomBasedXss/classnames.js:15:47:15:63 | clsx(window.name) | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/classnames.js:15:47:15:63 | clsx(window.name) | enclosingFunctionBody | document body innerHTML Hello document body innerHTML Hello document body innerHTML Hello unsafeStyle classNames bind foo window name document body innerHTML Hello safeStyle classNames bind document body innerHTML Hello document body innerHTML Hello document body innerHTML Hello | -| autogenerated/Xss/DomBasedXss/classnames.js:15:47:15:63 | clsx(window.name) | enclosingFunctionName | main | -| autogenerated/Xss/DomBasedXss/classnames.js:15:47:15:63 | clsx(window.name) | fileImports | classnames classnames/bind classnames/dedupe clsx | -| autogenerated/Xss/DomBasedXss/classnames.js:15:47:15:63 | clsx(window.name) | receiverName | | -| autogenerated/Xss/DomBasedXss/classnames.js:15:47:15:63 | clsx(window.name) | stringConcatenatedWith | 'Hello' | -| autogenerated/Xss/DomBasedXss/classnames.js:15:65:15:77 | ">Hello | CalleeFlexibleAccessPath | | -| autogenerated/Xss/DomBasedXss/classnames.js:15:65:15:77 | ">Hello | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/classnames.js:15:65:15:77 | ">Hello | InputArgumentIndex | | -| autogenerated/Xss/DomBasedXss/classnames.js:15:65:15:77 | ">Hello | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/classnames.js:15:65:15:77 | ">Hello | calleeImports | | -| autogenerated/Xss/DomBasedXss/classnames.js:15:65:15:77 | ">Hello | contextFunctionInterfaces | main() | -| autogenerated/Xss/DomBasedXss/classnames.js:15:65:15:77 | ">Hello | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/classnames.js:15:65:15:77 | ">Hello | enclosingFunctionBody | document body innerHTML Hello document body innerHTML Hello document body innerHTML Hello unsafeStyle classNames bind foo window name document body innerHTML Hello safeStyle classNames bind document body innerHTML Hello document body innerHTML Hello document body innerHTML Hello | -| autogenerated/Xss/DomBasedXss/classnames.js:15:65:15:77 | ">Hello | enclosingFunctionName | main | -| autogenerated/Xss/DomBasedXss/classnames.js:15:65:15:77 | ">Hello | fileImports | classnames classnames/bind classnames/dedupe clsx | -| autogenerated/Xss/DomBasedXss/classnames.js:15:65:15:77 | ">Hello | receiverName | | -| autogenerated/Xss/DomBasedXss/classnames.js:15:65:15:77 | ">Hello | stringConcatenatedWith | 'click | -| autogenerated/Xss/DomBasedXss/encodeuri.js:3:5:3:15 | 'click' | -| autogenerated/Xss/DomBasedXss/encodeuri.js:3:5:3:57 | '' | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/DomBasedXss/encodeuri.js:3:5:3:57 | '' | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/encodeuri.js:3:5:3:57 | '' | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/encodeuri.js:3:5:3:57 | '' | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/encodeuri.js:3:5:3:57 | '' | calleeImports | | -| autogenerated/Xss/DomBasedXss/encodeuri.js:3:5:3:57 | '' | contextFunctionInterfaces | test() | -| autogenerated/Xss/DomBasedXss/encodeuri.js:3:5:3:57 | '' | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/encodeuri.js:3:5:3:57 | '' | enclosingFunctionBody | loc window location href $ click | -| autogenerated/Xss/DomBasedXss/encodeuri.js:3:5:3:57 | '' | enclosingFunctionName | test | -| autogenerated/Xss/DomBasedXss/encodeuri.js:3:5:3:57 | '' | fileImports | | -| autogenerated/Xss/DomBasedXss/encodeuri.js:3:5:3:57 | '' | receiverName | | -| autogenerated/Xss/DomBasedXss/encodeuri.js:3:5:3:57 | '' | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/encodeuri.js:3:19:3:41 | encodeU ... nt(loc) | CalleeFlexibleAccessPath | | -| autogenerated/Xss/DomBasedXss/encodeuri.js:3:19:3:41 | encodeU ... nt(loc) | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/encodeuri.js:3:19:3:41 | encodeU ... nt(loc) | InputArgumentIndex | | -| autogenerated/Xss/DomBasedXss/encodeuri.js:3:19:3:41 | encodeU ... nt(loc) | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/encodeuri.js:3:19:3:41 | encodeU ... nt(loc) | calleeImports | | -| autogenerated/Xss/DomBasedXss/encodeuri.js:3:19:3:41 | encodeU ... nt(loc) | contextFunctionInterfaces | test() | -| autogenerated/Xss/DomBasedXss/encodeuri.js:3:19:3:41 | encodeU ... nt(loc) | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/encodeuri.js:3:19:3:41 | encodeU ... nt(loc) | enclosingFunctionBody | loc window location href $ click | -| autogenerated/Xss/DomBasedXss/encodeuri.js:3:19:3:41 | encodeU ... nt(loc) | enclosingFunctionName | test | -| autogenerated/Xss/DomBasedXss/encodeuri.js:3:19:3:41 | encodeU ... nt(loc) | fileImports | | -| autogenerated/Xss/DomBasedXss/encodeuri.js:3:19:3:41 | encodeU ... nt(loc) | receiverName | | -| autogenerated/Xss/DomBasedXss/encodeuri.js:3:19:3:41 | encodeU ... nt(loc) | stringConcatenatedWith | 'click' | -| autogenerated/Xss/DomBasedXss/encodeuri.js:3:45:3:57 | '">click' | CalleeFlexibleAccessPath | | -| autogenerated/Xss/DomBasedXss/encodeuri.js:3:45:3:57 | '">click' | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/encodeuri.js:3:45:3:57 | '">click' | InputArgumentIndex | | -| autogenerated/Xss/DomBasedXss/encodeuri.js:3:45:3:57 | '">click' | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/encodeuri.js:3:45:3:57 | '">click' | calleeImports | | -| autogenerated/Xss/DomBasedXss/encodeuri.js:3:45:3:57 | '">click' | contextFunctionInterfaces | test() | -| autogenerated/Xss/DomBasedXss/encodeuri.js:3:45:3:57 | '">click' | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/encodeuri.js:3:45:3:57 | '">click' | enclosingFunctionBody | loc window location href $ click | -| autogenerated/Xss/DomBasedXss/encodeuri.js:3:45:3:57 | '">click' | enclosingFunctionName | test | -| autogenerated/Xss/DomBasedXss/encodeuri.js:3:45:3:57 | '">click' | fileImports | | -| autogenerated/Xss/DomBasedXss/encodeuri.js:3:45:3:57 | '">click' | receiverName | | -| autogenerated/Xss/DomBasedXss/encodeuri.js:3:45:3:57 | '">click' | stringConcatenatedWith | 'A link | -| autogenerated/Xss/DomBasedXss/event-handler-receiver.js:2:31:2:45 | '

    A link

    ' | -| autogenerated/Xss/DomBasedXss/event-handler-receiver.js:2:31:2:83 | '

    ' | CalleeFlexibleAccessPath | | -| autogenerated/Xss/DomBasedXss/event-handler-receiver.js:2:31:2:83 | '

    ' | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/event-handler-receiver.js:2:31:2:83 | '

    ' | InputArgumentIndex | | -| autogenerated/Xss/DomBasedXss/event-handler-receiver.js:2:31:2:83 | '

    ' | assignedToPropName | innerHTML | -| autogenerated/Xss/DomBasedXss/event-handler-receiver.js:2:31:2:83 | '

    ' | calleeImports | | -| autogenerated/Xss/DomBasedXss/event-handler-receiver.js:2:31:2:83 | '

    ' | contextFunctionInterfaces | onclick() | -| autogenerated/Xss/DomBasedXss/event-handler-receiver.js:2:31:2:83 | '

    ' | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/event-handler-receiver.js:2:31:2:83 | '

    ' | enclosingFunctionBody | parentNode innerHTML

    A link

    | -| autogenerated/Xss/DomBasedXss/event-handler-receiver.js:2:31:2:83 | '

    ' | enclosingFunctionName | onclick | -| autogenerated/Xss/DomBasedXss/event-handler-receiver.js:2:31:2:83 | '

    ' | fileImports | | -| autogenerated/Xss/DomBasedXss/event-handler-receiver.js:2:31:2:83 | '

    ' | receiverName | | -| autogenerated/Xss/DomBasedXss/event-handler-receiver.js:2:31:2:83 | '

    ' | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/event-handler-receiver.js:2:49:2:61 | location.href | CalleeFlexibleAccessPath | | -| autogenerated/Xss/DomBasedXss/event-handler-receiver.js:2:49:2:61 | location.href | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/event-handler-receiver.js:2:49:2:61 | location.href | InputArgumentIndex | | -| autogenerated/Xss/DomBasedXss/event-handler-receiver.js:2:49:2:61 | location.href | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/event-handler-receiver.js:2:49:2:61 | location.href | calleeImports | | -| autogenerated/Xss/DomBasedXss/event-handler-receiver.js:2:49:2:61 | location.href | contextFunctionInterfaces | onclick() | -| autogenerated/Xss/DomBasedXss/event-handler-receiver.js:2:49:2:61 | location.href | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/event-handler-receiver.js:2:49:2:61 | location.href | enclosingFunctionBody | parentNode innerHTML

    A link

    | -| autogenerated/Xss/DomBasedXss/event-handler-receiver.js:2:49:2:61 | location.href | enclosingFunctionName | onclick | -| autogenerated/Xss/DomBasedXss/event-handler-receiver.js:2:49:2:61 | location.href | fileImports | | -| autogenerated/Xss/DomBasedXss/event-handler-receiver.js:2:49:2:61 | location.href | receiverName | | -| autogenerated/Xss/DomBasedXss/event-handler-receiver.js:2:49:2:61 | location.href | stringConcatenatedWith | '

    A link

    ' | -| autogenerated/Xss/DomBasedXss/event-handler-receiver.js:2:65:2:83 | '">A link' | CalleeFlexibleAccessPath | | -| autogenerated/Xss/DomBasedXss/event-handler-receiver.js:2:65:2:83 | '">A link' | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/event-handler-receiver.js:2:65:2:83 | '">A link' | InputArgumentIndex | | -| autogenerated/Xss/DomBasedXss/event-handler-receiver.js:2:65:2:83 | '">A link' | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/event-handler-receiver.js:2:65:2:83 | '">A link' | calleeImports | | -| autogenerated/Xss/DomBasedXss/event-handler-receiver.js:2:65:2:83 | '">A link' | contextFunctionInterfaces | onclick() | -| autogenerated/Xss/DomBasedXss/event-handler-receiver.js:2:65:2:83 | '">A link' | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/event-handler-receiver.js:2:65:2:83 | '">A link' | enclosingFunctionBody | parentNode innerHTML

    A link

    | -| autogenerated/Xss/DomBasedXss/event-handler-receiver.js:2:65:2:83 | '">A link' | enclosingFunctionName | onclick | -| autogenerated/Xss/DomBasedXss/event-handler-receiver.js:2:65:2:83 | '">A link' | fileImports | | -| autogenerated/Xss/DomBasedXss/event-handler-receiver.js:2:65:2:83 | '">A link' | receiverName | | -| autogenerated/Xss/DomBasedXss/event-handler-receiver.js:2:65:2:83 | '">A link' | stringConcatenatedWith | '

    $ body html XSS: tainted $ window location hash $ location toString elm document getElementById x elm innerHTML decodeURIComponent window location hash elm innerHTML decodeURIComponent window location search elm innerHTML decodeURIComponent window location toString | -| autogenerated/Xss/DomBasedXss/jquery.js:4:5:4:11 | tainted | enclosingFunctionName | test | -| autogenerated/Xss/DomBasedXss/jquery.js:4:5:4:11 | tainted | fileImports | | -| autogenerated/Xss/DomBasedXss/jquery.js:4:5:4:11 | tainted | receiverName | | -| autogenerated/Xss/DomBasedXss/jquery.js:4:5:4:11 | tainted | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/jquery.js:5:5:5:10 | "body" | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/DomBasedXss/jquery.js:5:5:5:10 | "body" | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/jquery.js:5:5:5:10 | "body" | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/jquery.js:5:5:5:10 | "body" | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/jquery.js:5:5:5:10 | "body" | calleeImports | | -| autogenerated/Xss/DomBasedXss/jquery.js:5:5:5:10 | "body" | contextFunctionInterfaces | test() | -| autogenerated/Xss/DomBasedXss/jquery.js:5:5:5:10 | "body" | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/jquery.js:5:5:5:10 | "body" | enclosingFunctionBody | tainted document location search $ tainted $ body tainted $ . tainted $
    $ body html XSS: tainted $ window location hash $ location toString elm document getElementById x elm innerHTML decodeURIComponent window location hash elm innerHTML decodeURIComponent window location search elm innerHTML decodeURIComponent window location toString | -| autogenerated/Xss/DomBasedXss/jquery.js:5:5:5:10 | "body" | enclosingFunctionName | test | -| autogenerated/Xss/DomBasedXss/jquery.js:5:5:5:10 | "body" | fileImports | | -| autogenerated/Xss/DomBasedXss/jquery.js:5:5:5:10 | "body" | receiverName | | -| autogenerated/Xss/DomBasedXss/jquery.js:5:5:5:10 | "body" | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/jquery.js:5:13:5:19 | tainted | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/DomBasedXss/jquery.js:5:13:5:19 | tainted | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/jquery.js:5:13:5:19 | tainted | InputArgumentIndex | 1 | -| autogenerated/Xss/DomBasedXss/jquery.js:5:13:5:19 | tainted | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/jquery.js:5:13:5:19 | tainted | calleeImports | | -| autogenerated/Xss/DomBasedXss/jquery.js:5:13:5:19 | tainted | contextFunctionInterfaces | test() | -| autogenerated/Xss/DomBasedXss/jquery.js:5:13:5:19 | tainted | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/jquery.js:5:13:5:19 | tainted | enclosingFunctionBody | tainted document location search $ tainted $ body tainted $ . tainted $
    $ body html XSS: tainted $ window location hash $ location toString elm document getElementById x elm innerHTML decodeURIComponent window location hash elm innerHTML decodeURIComponent window location search elm innerHTML decodeURIComponent window location toString | -| autogenerated/Xss/DomBasedXss/jquery.js:5:13:5:19 | tainted | enclosingFunctionName | test | -| autogenerated/Xss/DomBasedXss/jquery.js:5:13:5:19 | tainted | fileImports | | -| autogenerated/Xss/DomBasedXss/jquery.js:5:13:5:19 | tainted | receiverName | | -| autogenerated/Xss/DomBasedXss/jquery.js:5:13:5:19 | tainted | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/jquery.js:6:5:6:17 | "." + tainted | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/DomBasedXss/jquery.js:6:5:6:17 | "." + tainted | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/jquery.js:6:5:6:17 | "." + tainted | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/jquery.js:6:5:6:17 | "." + tainted | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/jquery.js:6:5:6:17 | "." + tainted | calleeImports | | -| autogenerated/Xss/DomBasedXss/jquery.js:6:5:6:17 | "." + tainted | contextFunctionInterfaces | test() | -| autogenerated/Xss/DomBasedXss/jquery.js:6:5:6:17 | "." + tainted | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/jquery.js:6:5:6:17 | "." + tainted | enclosingFunctionBody | tainted document location search $ tainted $ body tainted $ . tainted $
    $ body html XSS: tainted $ window location hash $ location toString elm document getElementById x elm innerHTML decodeURIComponent window location hash elm innerHTML decodeURIComponent window location search elm innerHTML decodeURIComponent window location toString | -| autogenerated/Xss/DomBasedXss/jquery.js:6:5:6:17 | "." + tainted | enclosingFunctionName | test | -| autogenerated/Xss/DomBasedXss/jquery.js:6:5:6:17 | "." + tainted | fileImports | | -| autogenerated/Xss/DomBasedXss/jquery.js:6:5:6:17 | "." + tainted | receiverName | | -| autogenerated/Xss/DomBasedXss/jquery.js:6:5:6:17 | "." + tainted | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/jquery.js:7:5:7:16 | "
    $ body html XSS: tainted $ window location hash $ location toString elm document getElementById x elm innerHTML decodeURIComponent window location hash elm innerHTML decodeURIComponent window location search elm innerHTML decodeURIComponent window location toString | -| autogenerated/Xss/DomBasedXss/jquery.js:7:5:7:16 | "
    ' | -| autogenerated/Xss/DomBasedXss/jquery.js:7:5:7:34 | "
    " | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/DomBasedXss/jquery.js:7:5:7:34 | "
    " | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/jquery.js:7:5:7:34 | "
    " | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/jquery.js:7:5:7:34 | "
    " | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/jquery.js:7:5:7:34 | "
    " | calleeImports | | -| autogenerated/Xss/DomBasedXss/jquery.js:7:5:7:34 | "
    " | contextFunctionInterfaces | test() | -| autogenerated/Xss/DomBasedXss/jquery.js:7:5:7:34 | "
    " | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/jquery.js:7:5:7:34 | "
    " | enclosingFunctionBody | tainted document location search $ tainted $ body tainted $ . tainted $
    $ body html XSS: tainted $ window location hash $ location toString elm document getElementById x elm innerHTML decodeURIComponent window location hash elm innerHTML decodeURIComponent window location search elm innerHTML decodeURIComponent window location toString | -| autogenerated/Xss/DomBasedXss/jquery.js:7:5:7:34 | "
    " | enclosingFunctionName | test | -| autogenerated/Xss/DomBasedXss/jquery.js:7:5:7:34 | "
    " | fileImports | | -| autogenerated/Xss/DomBasedXss/jquery.js:7:5:7:34 | "
    " | receiverName | | -| autogenerated/Xss/DomBasedXss/jquery.js:7:5:7:34 | "
    " | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/jquery.js:7:20:7:26 | tainted | CalleeFlexibleAccessPath | | -| autogenerated/Xss/DomBasedXss/jquery.js:7:20:7:26 | tainted | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/jquery.js:7:20:7:26 | tainted | InputArgumentIndex | | -| autogenerated/Xss/DomBasedXss/jquery.js:7:20:7:26 | tainted | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/jquery.js:7:20:7:26 | tainted | calleeImports | | -| autogenerated/Xss/DomBasedXss/jquery.js:7:20:7:26 | tainted | contextFunctionInterfaces | test() | -| autogenerated/Xss/DomBasedXss/jquery.js:7:20:7:26 | tainted | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/jquery.js:7:20:7:26 | tainted | enclosingFunctionBody | tainted document location search $ tainted $ body tainted $ . tainted $
    $ body html XSS: tainted $ window location hash $ location toString elm document getElementById x elm innerHTML decodeURIComponent window location hash elm innerHTML decodeURIComponent window location search elm innerHTML decodeURIComponent window location toString | -| autogenerated/Xss/DomBasedXss/jquery.js:7:20:7:26 | tainted | enclosingFunctionName | test | -| autogenerated/Xss/DomBasedXss/jquery.js:7:20:7:26 | tainted | fileImports | | -| autogenerated/Xss/DomBasedXss/jquery.js:7:20:7:26 | tainted | receiverName | | -| autogenerated/Xss/DomBasedXss/jquery.js:7:20:7:26 | tainted | stringConcatenatedWith | '
    ' | -| autogenerated/Xss/DomBasedXss/jquery.js:7:30:7:34 | "\\">" | CalleeFlexibleAccessPath | | -| autogenerated/Xss/DomBasedXss/jquery.js:7:30:7:34 | "\\">" | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/jquery.js:7:30:7:34 | "\\">" | InputArgumentIndex | | -| autogenerated/Xss/DomBasedXss/jquery.js:7:30:7:34 | "\\">" | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/jquery.js:7:30:7:34 | "\\">" | calleeImports | | -| autogenerated/Xss/DomBasedXss/jquery.js:7:30:7:34 | "\\">" | contextFunctionInterfaces | test() | -| autogenerated/Xss/DomBasedXss/jquery.js:7:30:7:34 | "\\">" | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/jquery.js:7:30:7:34 | "\\">" | enclosingFunctionBody | tainted document location search $ tainted $ body tainted $ . tainted $
    $ body html XSS: tainted $ window location hash $ location toString elm document getElementById x elm innerHTML decodeURIComponent window location hash elm innerHTML decodeURIComponent window location search elm innerHTML decodeURIComponent window location toString | -| autogenerated/Xss/DomBasedXss/jquery.js:7:30:7:34 | "\\">" | enclosingFunctionName | test | -| autogenerated/Xss/DomBasedXss/jquery.js:7:30:7:34 | "\\">" | fileImports | | -| autogenerated/Xss/DomBasedXss/jquery.js:7:30:7:34 | "\\">" | receiverName | | -| autogenerated/Xss/DomBasedXss/jquery.js:7:30:7:34 | "\\">" | stringConcatenatedWith | '
    $ body html XSS: tainted $ window location hash $ location toString elm document getElementById x elm innerHTML decodeURIComponent window location hash elm innerHTML decodeURIComponent window location search elm innerHTML decodeURIComponent window location toString | -| autogenerated/Xss/DomBasedXss/jquery.js:8:5:8:10 | "body" | enclosingFunctionName | test | -| autogenerated/Xss/DomBasedXss/jquery.js:8:5:8:10 | "body" | fileImports | | -| autogenerated/Xss/DomBasedXss/jquery.js:8:5:8:10 | "body" | receiverName | | -| autogenerated/Xss/DomBasedXss/jquery.js:8:5:8:10 | "body" | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/jquery.js:8:18:8:34 | "XSS: " + tainted | CalleeFlexibleAccessPath | $().html | -| autogenerated/Xss/DomBasedXss/jquery.js:8:18:8:34 | "XSS: " + tainted | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/jquery.js:8:18:8:34 | "XSS: " + tainted | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/jquery.js:8:18:8:34 | "XSS: " + tainted | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/jquery.js:8:18:8:34 | "XSS: " + tainted | calleeImports | | -| autogenerated/Xss/DomBasedXss/jquery.js:8:18:8:34 | "XSS: " + tainted | contextFunctionInterfaces | test() | -| autogenerated/Xss/DomBasedXss/jquery.js:8:18:8:34 | "XSS: " + tainted | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/jquery.js:8:18:8:34 | "XSS: " + tainted | enclosingFunctionBody | tainted document location search $ tainted $ body tainted $ . tainted $
    $ body html XSS: tainted $ window location hash $ location toString elm document getElementById x elm innerHTML decodeURIComponent window location hash elm innerHTML decodeURIComponent window location search elm innerHTML decodeURIComponent window location toString | -| autogenerated/Xss/DomBasedXss/jquery.js:8:18:8:34 | "XSS: " + tainted | enclosingFunctionName | test | -| autogenerated/Xss/DomBasedXss/jquery.js:8:18:8:34 | "XSS: " + tainted | fileImports | | -| autogenerated/Xss/DomBasedXss/jquery.js:8:18:8:34 | "XSS: " + tainted | receiverName | | -| autogenerated/Xss/DomBasedXss/jquery.js:8:18:8:34 | "XSS: " + tainted | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/jquery.js:9:5:9:24 | window.location.hash | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/DomBasedXss/jquery.js:9:5:9:24 | window.location.hash | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/jquery.js:9:5:9:24 | window.location.hash | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/jquery.js:9:5:9:24 | window.location.hash | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/jquery.js:9:5:9:24 | window.location.hash | calleeImports | | -| autogenerated/Xss/DomBasedXss/jquery.js:9:5:9:24 | window.location.hash | contextFunctionInterfaces | test() | -| autogenerated/Xss/DomBasedXss/jquery.js:9:5:9:24 | window.location.hash | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/jquery.js:9:5:9:24 | window.location.hash | enclosingFunctionBody | tainted document location search $ tainted $ body tainted $ . tainted $
    $ body html XSS: tainted $ window location hash $ location toString elm document getElementById x elm innerHTML decodeURIComponent window location hash elm innerHTML decodeURIComponent window location search elm innerHTML decodeURIComponent window location toString | -| autogenerated/Xss/DomBasedXss/jquery.js:9:5:9:24 | window.location.hash | enclosingFunctionName | test | -| autogenerated/Xss/DomBasedXss/jquery.js:9:5:9:24 | window.location.hash | fileImports | | -| autogenerated/Xss/DomBasedXss/jquery.js:9:5:9:24 | window.location.hash | receiverName | | -| autogenerated/Xss/DomBasedXss/jquery.js:9:5:9:24 | window.location.hash | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/jquery.js:10:5:10:9 | "" | CalleeFlexibleAccessPath | | -| autogenerated/Xss/DomBasedXss/jquery.js:10:5:10:9 | "" | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/jquery.js:10:5:10:9 | "" | InputArgumentIndex | | -| autogenerated/Xss/DomBasedXss/jquery.js:10:5:10:9 | "" | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/jquery.js:10:5:10:9 | "" | calleeImports | | -| autogenerated/Xss/DomBasedXss/jquery.js:10:5:10:9 | "" | contextFunctionInterfaces | test() | -| autogenerated/Xss/DomBasedXss/jquery.js:10:5:10:9 | "" | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/jquery.js:10:5:10:9 | "" | enclosingFunctionBody | tainted document location search $ tainted $ body tainted $ . tainted $
    $ body html XSS: tainted $ window location hash $ location toString elm document getElementById x elm innerHTML decodeURIComponent window location hash elm innerHTML decodeURIComponent window location search elm innerHTML decodeURIComponent window location toString | -| autogenerated/Xss/DomBasedXss/jquery.js:10:5:10:9 | "" | enclosingFunctionName | test | -| autogenerated/Xss/DomBasedXss/jquery.js:10:5:10:9 | "" | fileImports | | -| autogenerated/Xss/DomBasedXss/jquery.js:10:5:10:9 | "" | receiverName | | -| autogenerated/Xss/DomBasedXss/jquery.js:10:5:10:9 | "" | stringConcatenatedWith | -endpoint- location.toString() + '' | -| autogenerated/Xss/DomBasedXss/jquery.js:10:5:10:40 | "" + ... "" | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/DomBasedXss/jquery.js:10:5:10:40 | "" + ... "" | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/jquery.js:10:5:10:40 | "" + ... "" | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/jquery.js:10:5:10:40 | "" + ... "" | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/jquery.js:10:5:10:40 | "" + ... "" | calleeImports | | -| autogenerated/Xss/DomBasedXss/jquery.js:10:5:10:40 | "" + ... "" | contextFunctionInterfaces | test() | -| autogenerated/Xss/DomBasedXss/jquery.js:10:5:10:40 | "" + ... "" | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/jquery.js:10:5:10:40 | "" + ... "" | enclosingFunctionBody | tainted document location search $ tainted $ body tainted $ . tainted $
    $ body html XSS: tainted $ window location hash $ location toString elm document getElementById x elm innerHTML decodeURIComponent window location hash elm innerHTML decodeURIComponent window location search elm innerHTML decodeURIComponent window location toString | -| autogenerated/Xss/DomBasedXss/jquery.js:10:5:10:40 | "" + ... "" | enclosingFunctionName | test | -| autogenerated/Xss/DomBasedXss/jquery.js:10:5:10:40 | "" + ... "" | fileImports | | -| autogenerated/Xss/DomBasedXss/jquery.js:10:5:10:40 | "" + ... "" | receiverName | | -| autogenerated/Xss/DomBasedXss/jquery.js:10:5:10:40 | "" + ... "" | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/jquery.js:10:13:10:31 | location.toString() | CalleeFlexibleAccessPath | | -| autogenerated/Xss/DomBasedXss/jquery.js:10:13:10:31 | location.toString() | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/jquery.js:10:13:10:31 | location.toString() | InputArgumentIndex | | -| autogenerated/Xss/DomBasedXss/jquery.js:10:13:10:31 | location.toString() | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/jquery.js:10:13:10:31 | location.toString() | calleeImports | | -| autogenerated/Xss/DomBasedXss/jquery.js:10:13:10:31 | location.toString() | contextFunctionInterfaces | test() | -| autogenerated/Xss/DomBasedXss/jquery.js:10:13:10:31 | location.toString() | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/jquery.js:10:13:10:31 | location.toString() | enclosingFunctionBody | tainted document location search $ tainted $ body tainted $ . tainted $
    $ body html XSS: tainted $ window location hash $ location toString elm document getElementById x elm innerHTML decodeURIComponent window location hash elm innerHTML decodeURIComponent window location search elm innerHTML decodeURIComponent window location toString | -| autogenerated/Xss/DomBasedXss/jquery.js:10:13:10:31 | location.toString() | enclosingFunctionName | test | -| autogenerated/Xss/DomBasedXss/jquery.js:10:13:10:31 | location.toString() | fileImports | | -| autogenerated/Xss/DomBasedXss/jquery.js:10:13:10:31 | location.toString() | receiverName | | -| autogenerated/Xss/DomBasedXss/jquery.js:10:13:10:31 | location.toString() | stringConcatenatedWith | '' -endpoint- '' | -| autogenerated/Xss/DomBasedXss/jquery.js:10:35:10:40 | "" | CalleeFlexibleAccessPath | | -| autogenerated/Xss/DomBasedXss/jquery.js:10:35:10:40 | "" | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/jquery.js:10:35:10:40 | "" | InputArgumentIndex | | -| autogenerated/Xss/DomBasedXss/jquery.js:10:35:10:40 | "" | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/jquery.js:10:35:10:40 | "" | calleeImports | | -| autogenerated/Xss/DomBasedXss/jquery.js:10:35:10:40 | "" | contextFunctionInterfaces | test() | -| autogenerated/Xss/DomBasedXss/jquery.js:10:35:10:40 | "" | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/jquery.js:10:35:10:40 | "" | enclosingFunctionBody | tainted document location search $ tainted $ body tainted $ . tainted $
    $ body html XSS: tainted $ window location hash $ location toString elm document getElementById x elm innerHTML decodeURIComponent window location hash elm innerHTML decodeURIComponent window location search elm innerHTML decodeURIComponent window location toString | -| autogenerated/Xss/DomBasedXss/jquery.js:10:35:10:40 | "" | enclosingFunctionName | test | -| autogenerated/Xss/DomBasedXss/jquery.js:10:35:10:40 | "" | fileImports | | -| autogenerated/Xss/DomBasedXss/jquery.js:10:35:10:40 | "" | receiverName | | -| autogenerated/Xss/DomBasedXss/jquery.js:10:35:10:40 | "" | stringConcatenatedWith | '' + location.toString() -endpoint- | -| autogenerated/Xss/DomBasedXss/jquery.js:13:37:13:39 | 'x' | CalleeFlexibleAccessPath | document.getElementById | -| autogenerated/Xss/DomBasedXss/jquery.js:13:37:13:39 | 'x' | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/jquery.js:13:37:13:39 | 'x' | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/jquery.js:13:37:13:39 | 'x' | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/jquery.js:13:37:13:39 | 'x' | calleeImports | | -| autogenerated/Xss/DomBasedXss/jquery.js:13:37:13:39 | 'x' | contextFunctionInterfaces | test() | -| autogenerated/Xss/DomBasedXss/jquery.js:13:37:13:39 | 'x' | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/jquery.js:13:37:13:39 | 'x' | enclosingFunctionBody | tainted document location search $ tainted $ body tainted $ . tainted $
    $ body html XSS: tainted $ window location hash $ location toString elm document getElementById x elm innerHTML decodeURIComponent window location hash elm innerHTML decodeURIComponent window location search elm innerHTML decodeURIComponent window location toString | -| autogenerated/Xss/DomBasedXss/jquery.js:13:37:13:39 | 'x' | enclosingFunctionName | test | -| autogenerated/Xss/DomBasedXss/jquery.js:13:37:13:39 | 'x' | fileImports | | -| autogenerated/Xss/DomBasedXss/jquery.js:13:37:13:39 | 'x' | receiverName | document | -| autogenerated/Xss/DomBasedXss/jquery.js:13:37:13:39 | 'x' | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/jquery.js:14:19:14:58 | decodeU ... n.hash) | CalleeFlexibleAccessPath | | -| autogenerated/Xss/DomBasedXss/jquery.js:14:19:14:58 | decodeU ... n.hash) | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/jquery.js:14:19:14:58 | decodeU ... n.hash) | InputArgumentIndex | | -| autogenerated/Xss/DomBasedXss/jquery.js:14:19:14:58 | decodeU ... n.hash) | assignedToPropName | innerHTML | -| autogenerated/Xss/DomBasedXss/jquery.js:14:19:14:58 | decodeU ... n.hash) | calleeImports | | -| autogenerated/Xss/DomBasedXss/jquery.js:14:19:14:58 | decodeU ... n.hash) | contextFunctionInterfaces | test() | -| autogenerated/Xss/DomBasedXss/jquery.js:14:19:14:58 | decodeU ... n.hash) | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/jquery.js:14:19:14:58 | decodeU ... n.hash) | enclosingFunctionBody | tainted document location search $ tainted $ body tainted $ . tainted $
    $ body html XSS: tainted $ window location hash $ location toString elm document getElementById x elm innerHTML decodeURIComponent window location hash elm innerHTML decodeURIComponent window location search elm innerHTML decodeURIComponent window location toString | -| autogenerated/Xss/DomBasedXss/jquery.js:14:19:14:58 | decodeU ... n.hash) | enclosingFunctionName | test | -| autogenerated/Xss/DomBasedXss/jquery.js:14:19:14:58 | decodeU ... n.hash) | fileImports | | -| autogenerated/Xss/DomBasedXss/jquery.js:14:19:14:58 | decodeU ... n.hash) | receiverName | | -| autogenerated/Xss/DomBasedXss/jquery.js:14:19:14:58 | decodeU ... n.hash) | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/jquery.js:15:19:15:60 | decodeU ... search) | CalleeFlexibleAccessPath | | -| autogenerated/Xss/DomBasedXss/jquery.js:15:19:15:60 | decodeU ... search) | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/jquery.js:15:19:15:60 | decodeU ... search) | InputArgumentIndex | | -| autogenerated/Xss/DomBasedXss/jquery.js:15:19:15:60 | decodeU ... search) | assignedToPropName | innerHTML | -| autogenerated/Xss/DomBasedXss/jquery.js:15:19:15:60 | decodeU ... search) | calleeImports | | -| autogenerated/Xss/DomBasedXss/jquery.js:15:19:15:60 | decodeU ... search) | contextFunctionInterfaces | test() | -| autogenerated/Xss/DomBasedXss/jquery.js:15:19:15:60 | decodeU ... search) | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/jquery.js:15:19:15:60 | decodeU ... search) | enclosingFunctionBody | tainted document location search $ tainted $ body tainted $ . tainted $
    $ body html XSS: tainted $ window location hash $ location toString elm document getElementById x elm innerHTML decodeURIComponent window location hash elm innerHTML decodeURIComponent window location search elm innerHTML decodeURIComponent window location toString | -| autogenerated/Xss/DomBasedXss/jquery.js:15:19:15:60 | decodeU ... search) | enclosingFunctionName | test | -| autogenerated/Xss/DomBasedXss/jquery.js:15:19:15:60 | decodeU ... search) | fileImports | | -| autogenerated/Xss/DomBasedXss/jquery.js:15:19:15:60 | decodeU ... search) | receiverName | | -| autogenerated/Xss/DomBasedXss/jquery.js:15:19:15:60 | decodeU ... search) | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/jquery.js:16:19:16:64 | decodeU ... ring()) | CalleeFlexibleAccessPath | | -| autogenerated/Xss/DomBasedXss/jquery.js:16:19:16:64 | decodeU ... ring()) | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/jquery.js:16:19:16:64 | decodeU ... ring()) | InputArgumentIndex | | -| autogenerated/Xss/DomBasedXss/jquery.js:16:19:16:64 | decodeU ... ring()) | assignedToPropName | innerHTML | -| autogenerated/Xss/DomBasedXss/jquery.js:16:19:16:64 | decodeU ... ring()) | calleeImports | | -| autogenerated/Xss/DomBasedXss/jquery.js:16:19:16:64 | decodeU ... ring()) | contextFunctionInterfaces | test() | -| autogenerated/Xss/DomBasedXss/jquery.js:16:19:16:64 | decodeU ... ring()) | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/jquery.js:16:19:16:64 | decodeU ... ring()) | enclosingFunctionBody | tainted document location search $ tainted $ body tainted $ . tainted $
    $ body html XSS: tainted $ window location hash $ location toString elm document getElementById x elm innerHTML decodeURIComponent window location hash elm innerHTML decodeURIComponent window location search elm innerHTML decodeURIComponent window location toString | -| autogenerated/Xss/DomBasedXss/jquery.js:16:19:16:64 | decodeU ... ring()) | enclosingFunctionName | test | -| autogenerated/Xss/DomBasedXss/jquery.js:16:19:16:64 | decodeU ... ring()) | fileImports | | -| autogenerated/Xss/DomBasedXss/jquery.js:16:19:16:64 | decodeU ... ring()) | receiverName | | -| autogenerated/Xss/DomBasedXss/jquery.js:16:19:16:64 | decodeU ... ring()) | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/jwt-server.js:1:23:1:31 | 'express' | CalleeFlexibleAccessPath | require | -| autogenerated/Xss/DomBasedXss/jwt-server.js:1:23:1:31 | 'express' | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/jwt-server.js:1:23:1:31 | 'express' | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/jwt-server.js:1:23:1:31 | 'express' | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/jwt-server.js:1:23:1:31 | 'express' | calleeImports | | -| autogenerated/Xss/DomBasedXss/jwt-server.js:1:23:1:31 | 'express' | contextFunctionInterfaces | | -| autogenerated/Xss/DomBasedXss/jwt-server.js:1:23:1:31 | 'express' | contextSurroundingFunctionParameters | | -| autogenerated/Xss/DomBasedXss/jwt-server.js:1:23:1:31 | 'express' | enclosingFunctionBody | | -| autogenerated/Xss/DomBasedXss/jwt-server.js:1:23:1:31 | 'express' | enclosingFunctionName | | -| autogenerated/Xss/DomBasedXss/jwt-server.js:1:23:1:31 | 'express' | fileImports | express jsdom jsonwebtoken | -| autogenerated/Xss/DomBasedXss/jwt-server.js:1:23:1:31 | 'express' | receiverName | | -| autogenerated/Xss/DomBasedXss/jwt-server.js:1:23:1:31 | 'express' | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/jwt-server.js:6:9:6:20 | '/some/path' | CalleeFlexibleAccessPath | app.get | -| autogenerated/Xss/DomBasedXss/jwt-server.js:6:9:6:20 | '/some/path' | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/jwt-server.js:6:9:6:20 | '/some/path' | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/jwt-server.js:6:9:6:20 | '/some/path' | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/jwt-server.js:6:9:6:20 | '/some/path' | calleeImports | express | -| autogenerated/Xss/DomBasedXss/jwt-server.js:6:9:6:20 | '/some/path' | contextFunctionInterfaces | | -| autogenerated/Xss/DomBasedXss/jwt-server.js:6:9:6:20 | '/some/path' | contextSurroundingFunctionParameters | | -| autogenerated/Xss/DomBasedXss/jwt-server.js:6:9:6:20 | '/some/path' | enclosingFunctionBody | | -| autogenerated/Xss/DomBasedXss/jwt-server.js:6:9:6:20 | '/some/path' | enclosingFunctionName | | -| autogenerated/Xss/DomBasedXss/jwt-server.js:6:9:6:20 | '/some/path' | fileImports | express jsdom jsonwebtoken | -| autogenerated/Xss/DomBasedXss/jwt-server.js:6:9:6:20 | '/some/path' | receiverName | app | -| autogenerated/Xss/DomBasedXss/jwt-server.js:6:9:6:20 | '/some/path' | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/jwt-server.js:6:23:13:1 | functio ... });\\n} | CalleeFlexibleAccessPath | app.get | -| autogenerated/Xss/DomBasedXss/jwt-server.js:6:23:13:1 | functio ... });\\n} | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/jwt-server.js:6:23:13:1 | functio ... });\\n} | InputArgumentIndex | 1 | -| autogenerated/Xss/DomBasedXss/jwt-server.js:6:23:13:1 | functio ... });\\n} | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/jwt-server.js:6:23:13:1 | functio ... });\\n} | calleeImports | express | -| autogenerated/Xss/DomBasedXss/jwt-server.js:6:23:13:1 | functio ... });\\n} | contextFunctionInterfaces | | -| autogenerated/Xss/DomBasedXss/jwt-server.js:6:23:13:1 | functio ... });\\n} | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/Xss/DomBasedXss/jwt-server.js:6:23:13:1 | functio ... });\\n} | enclosingFunctionBody | | -| autogenerated/Xss/DomBasedXss/jwt-server.js:6:23:13:1 | functio ... });\\n} | enclosingFunctionName | | -| autogenerated/Xss/DomBasedXss/jwt-server.js:6:23:13:1 | functio ... });\\n} | fileImports | express jsdom jsonwebtoken | -| autogenerated/Xss/DomBasedXss/jwt-server.js:6:23:13:1 | functio ... });\\n} | receiverName | app | -| autogenerated/Xss/DomBasedXss/jwt-server.js:6:23:13:1 | functio ... });\\n} | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/jwt-server.js:7:27:7:34 | "wobble" | CalleeFlexibleAccessPath | req.param | -| autogenerated/Xss/DomBasedXss/jwt-server.js:7:27:7:34 | "wobble" | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/jwt-server.js:7:27:7:34 | "wobble" | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/jwt-server.js:7:27:7:34 | "wobble" | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/jwt-server.js:7:27:7:34 | "wobble" | calleeImports | | -| autogenerated/Xss/DomBasedXss/jwt-server.js:7:27:7:34 | "wobble" | contextFunctionInterfaces | | -| autogenerated/Xss/DomBasedXss/jwt-server.js:7:27:7:34 | "wobble" | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/Xss/DomBasedXss/jwt-server.js:7:27:7:34 | "wobble" | enclosingFunctionBody | req res taint req param wobble jwt verify taint my-secret-key err decoded JSDOM decoded foo runScripts dangerously | -| autogenerated/Xss/DomBasedXss/jwt-server.js:7:27:7:34 | "wobble" | enclosingFunctionName | app.get#functionalargument | -| autogenerated/Xss/DomBasedXss/jwt-server.js:7:27:7:34 | "wobble" | fileImports | express jsdom jsonwebtoken | -| autogenerated/Xss/DomBasedXss/jwt-server.js:7:27:7:34 | "wobble" | receiverName | req | -| autogenerated/Xss/DomBasedXss/jwt-server.js:7:27:7:34 | "wobble" | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/jwt-server.js:11:19:11:29 | decoded.foo | CalleeFlexibleAccessPath | JSDOM | -| autogenerated/Xss/DomBasedXss/jwt-server.js:11:19:11:29 | decoded.foo | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/jwt-server.js:11:19:11:29 | decoded.foo | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/jwt-server.js:11:19:11:29 | decoded.foo | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/jwt-server.js:11:19:11:29 | decoded.foo | calleeImports | jsdom | -| autogenerated/Xss/DomBasedXss/jwt-server.js:11:19:11:29 | decoded.foo | contextFunctionInterfaces | | -| autogenerated/Xss/DomBasedXss/jwt-server.js:11:19:11:29 | decoded.foo | contextSurroundingFunctionParameters | (req, res)\n(err, decoded) | -| autogenerated/Xss/DomBasedXss/jwt-server.js:11:19:11:29 | decoded.foo | enclosingFunctionBody | req res taint req param wobble jwt verify taint my-secret-key err decoded JSDOM decoded foo runScripts dangerously | -| autogenerated/Xss/DomBasedXss/jwt-server.js:11:19:11:29 | decoded.foo | enclosingFunctionName | app.get#functionalargument | -| autogenerated/Xss/DomBasedXss/jwt-server.js:11:19:11:29 | decoded.foo | fileImports | express jsdom jsonwebtoken | -| autogenerated/Xss/DomBasedXss/jwt-server.js:11:19:11:29 | decoded.foo | receiverName | | -| autogenerated/Xss/DomBasedXss/jwt-server.js:11:19:11:29 | decoded.foo | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/jwt.js:4:8:4:17 | loginUrl() | CalleeFlexibleAccessPath | $.post | -| autogenerated/Xss/DomBasedXss/jwt.js:4:8:4:17 | loginUrl() | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/jwt.js:4:8:4:17 | loginUrl() | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/jwt.js:4:8:4:17 | loginUrl() | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/jwt.js:4:8:4:17 | loginUrl() | calleeImports | jquery | -| autogenerated/Xss/DomBasedXss/jwt.js:4:8:4:17 | loginUrl() | contextFunctionInterfaces | | -| autogenerated/Xss/DomBasedXss/jwt.js:4:8:4:17 | loginUrl() | contextSurroundingFunctionParameters | | -| autogenerated/Xss/DomBasedXss/jwt.js:4:8:4:17 | loginUrl() | enclosingFunctionBody | | -| autogenerated/Xss/DomBasedXss/jwt.js:4:8:4:17 | loginUrl() | enclosingFunctionName | | -| autogenerated/Xss/DomBasedXss/jwt.js:4:8:4:17 | loginUrl() | fileImports | jquery jwt-decode | -| autogenerated/Xss/DomBasedXss/jwt.js:4:8:4:17 | loginUrl() | receiverName | $ | -| autogenerated/Xss/DomBasedXss/jwt.js:4:8:4:17 | loginUrl() | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/jwt.js:4:20:4:32 | {data: "foo"} | CalleeFlexibleAccessPath | $.post | -| autogenerated/Xss/DomBasedXss/jwt.js:4:20:4:32 | {data: "foo"} | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/jwt.js:4:20:4:32 | {data: "foo"} | InputArgumentIndex | 1 | -| autogenerated/Xss/DomBasedXss/jwt.js:4:20:4:32 | {data: "foo"} | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/jwt.js:4:20:4:32 | {data: "foo"} | calleeImports | jquery | -| autogenerated/Xss/DomBasedXss/jwt.js:4:20:4:32 | {data: "foo"} | contextFunctionInterfaces | | -| autogenerated/Xss/DomBasedXss/jwt.js:4:20:4:32 | {data: "foo"} | contextSurroundingFunctionParameters | | -| autogenerated/Xss/DomBasedXss/jwt.js:4:20:4:32 | {data: "foo"} | enclosingFunctionBody | | -| autogenerated/Xss/DomBasedXss/jwt.js:4:20:4:32 | {data: "foo"} | enclosingFunctionName | | -| autogenerated/Xss/DomBasedXss/jwt.js:4:20:4:32 | {data: "foo"} | fileImports | jquery jwt-decode | -| autogenerated/Xss/DomBasedXss/jwt.js:4:20:4:32 | {data: "foo"} | receiverName | $ | -| autogenerated/Xss/DomBasedXss/jwt.js:4:20:4:32 | {data: "foo"} | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/jwt.js:4:27:4:31 | "foo" | CalleeFlexibleAccessPath | $.post | -| autogenerated/Xss/DomBasedXss/jwt.js:4:27:4:31 | "foo" | InputAccessPathFromCallee | 1.data | -| autogenerated/Xss/DomBasedXss/jwt.js:4:27:4:31 | "foo" | InputArgumentIndex | 1 | -| autogenerated/Xss/DomBasedXss/jwt.js:4:27:4:31 | "foo" | assignedToPropName | data | -| autogenerated/Xss/DomBasedXss/jwt.js:4:27:4:31 | "foo" | calleeImports | jquery | -| autogenerated/Xss/DomBasedXss/jwt.js:4:27:4:31 | "foo" | contextFunctionInterfaces | | -| autogenerated/Xss/DomBasedXss/jwt.js:4:27:4:31 | "foo" | contextSurroundingFunctionParameters | | -| autogenerated/Xss/DomBasedXss/jwt.js:4:27:4:31 | "foo" | enclosingFunctionBody | | -| autogenerated/Xss/DomBasedXss/jwt.js:4:27:4:31 | "foo" | enclosingFunctionName | | -| autogenerated/Xss/DomBasedXss/jwt.js:4:27:4:31 | "foo" | fileImports | jquery jwt-decode | -| autogenerated/Xss/DomBasedXss/jwt.js:4:27:4:31 | "foo" | receiverName | | -| autogenerated/Xss/DomBasedXss/jwt.js:4:27:4:31 | "foo" | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/jwt.js:4:35:7:1 | (data, ... ENCY]\\n} | CalleeFlexibleAccessPath | $.post | -| autogenerated/Xss/DomBasedXss/jwt.js:4:35:7:1 | (data, ... ENCY]\\n} | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/jwt.js:4:35:7:1 | (data, ... ENCY]\\n} | InputArgumentIndex | 2 | -| autogenerated/Xss/DomBasedXss/jwt.js:4:35:7:1 | (data, ... ENCY]\\n} | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/jwt.js:4:35:7:1 | (data, ... ENCY]\\n} | calleeImports | jquery | -| autogenerated/Xss/DomBasedXss/jwt.js:4:35:7:1 | (data, ... ENCY]\\n} | contextFunctionInterfaces | | -| autogenerated/Xss/DomBasedXss/jwt.js:4:35:7:1 | (data, ... ENCY]\\n} | contextSurroundingFunctionParameters | (data, xhr) | -| autogenerated/Xss/DomBasedXss/jwt.js:4:35:7:1 | (data, ... ENCY]\\n} | enclosingFunctionBody | | -| autogenerated/Xss/DomBasedXss/jwt.js:4:35:7:1 | (data, ... ENCY]\\n} | enclosingFunctionName | | -| autogenerated/Xss/DomBasedXss/jwt.js:4:35:7:1 | (data, ... ENCY]\\n} | fileImports | jquery jwt-decode | -| autogenerated/Xss/DomBasedXss/jwt.js:4:35:7:1 | (data, ... ENCY]\\n} | receiverName | $ | -| autogenerated/Xss/DomBasedXss/jwt.js:4:35:7:1 | (data, ... ENCY]\\n} | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/jwt.js:6:14:6:20 | decoded | CalleeFlexibleAccessPath | $.jGrowl | -| autogenerated/Xss/DomBasedXss/jwt.js:6:14:6:20 | decoded | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/jwt.js:6:14:6:20 | decoded | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/jwt.js:6:14:6:20 | decoded | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/jwt.js:6:14:6:20 | decoded | calleeImports | jquery | -| autogenerated/Xss/DomBasedXss/jwt.js:6:14:6:20 | decoded | contextFunctionInterfaces | | -| autogenerated/Xss/DomBasedXss/jwt.js:6:14:6:20 | decoded | contextSurroundingFunctionParameters | (data, xhr) | -| autogenerated/Xss/DomBasedXss/jwt.js:6:14:6:20 | decoded | enclosingFunctionBody | data xhr decoded jwt_decode data $ jGrowl decoded | -| autogenerated/Xss/DomBasedXss/jwt.js:6:14:6:20 | decoded | enclosingFunctionName | $.post#functionalargument | -| autogenerated/Xss/DomBasedXss/jwt.js:6:14:6:20 | decoded | fileImports | jquery jwt-decode | -| autogenerated/Xss/DomBasedXss/jwt.js:6:14:6:20 | decoded | receiverName | $ | -| autogenerated/Xss/DomBasedXss/jwt.js:6:14:6:20 | decoded | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/nodemailer.js:1:26:1:37 | 'nodemailer' | CalleeFlexibleAccessPath | require | -| autogenerated/Xss/DomBasedXss/nodemailer.js:1:26:1:37 | 'nodemailer' | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/nodemailer.js:1:26:1:37 | 'nodemailer' | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/nodemailer.js:1:26:1:37 | 'nodemailer' | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/nodemailer.js:1:26:1:37 | 'nodemailer' | calleeImports | | -| autogenerated/Xss/DomBasedXss/nodemailer.js:1:26:1:37 | 'nodemailer' | contextFunctionInterfaces | | -| autogenerated/Xss/DomBasedXss/nodemailer.js:1:26:1:37 | 'nodemailer' | contextSurroundingFunctionParameters | | -| autogenerated/Xss/DomBasedXss/nodemailer.js:1:26:1:37 | 'nodemailer' | enclosingFunctionBody | | -| autogenerated/Xss/DomBasedXss/nodemailer.js:1:26:1:37 | 'nodemailer' | enclosingFunctionName | | -| autogenerated/Xss/DomBasedXss/nodemailer.js:1:26:1:37 | 'nodemailer' | fileImports | ./backend express nodemailer | -| autogenerated/Xss/DomBasedXss/nodemailer.js:1:26:1:37 | 'nodemailer' | receiverName | | -| autogenerated/Xss/DomBasedXss/nodemailer.js:1:26:1:37 | 'nodemailer' | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/nodemailer.js:2:23:2:31 | 'express' | CalleeFlexibleAccessPath | require | -| autogenerated/Xss/DomBasedXss/nodemailer.js:2:23:2:31 | 'express' | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/nodemailer.js:2:23:2:31 | 'express' | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/nodemailer.js:2:23:2:31 | 'express' | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/nodemailer.js:2:23:2:31 | 'express' | calleeImports | | -| autogenerated/Xss/DomBasedXss/nodemailer.js:2:23:2:31 | 'express' | contextFunctionInterfaces | | -| autogenerated/Xss/DomBasedXss/nodemailer.js:2:23:2:31 | 'express' | contextSurroundingFunctionParameters | | -| autogenerated/Xss/DomBasedXss/nodemailer.js:2:23:2:31 | 'express' | enclosingFunctionBody | | -| autogenerated/Xss/DomBasedXss/nodemailer.js:2:23:2:31 | 'express' | enclosingFunctionName | | -| autogenerated/Xss/DomBasedXss/nodemailer.js:2:23:2:31 | 'express' | fileImports | ./backend express nodemailer | -| autogenerated/Xss/DomBasedXss/nodemailer.js:2:23:2:31 | 'express' | receiverName | | -| autogenerated/Xss/DomBasedXss/nodemailer.js:2:23:2:31 | 'express' | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/nodemailer.js:4:23:4:33 | './backend' | CalleeFlexibleAccessPath | require | -| autogenerated/Xss/DomBasedXss/nodemailer.js:4:23:4:33 | './backend' | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/nodemailer.js:4:23:4:33 | './backend' | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/nodemailer.js:4:23:4:33 | './backend' | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/nodemailer.js:4:23:4:33 | './backend' | calleeImports | | -| autogenerated/Xss/DomBasedXss/nodemailer.js:4:23:4:33 | './backend' | contextFunctionInterfaces | | -| autogenerated/Xss/DomBasedXss/nodemailer.js:4:23:4:33 | './backend' | contextSurroundingFunctionParameters | | -| autogenerated/Xss/DomBasedXss/nodemailer.js:4:23:4:33 | './backend' | enclosingFunctionBody | | -| autogenerated/Xss/DomBasedXss/nodemailer.js:4:23:4:33 | './backend' | enclosingFunctionName | | -| autogenerated/Xss/DomBasedXss/nodemailer.js:4:23:4:33 | './backend' | fileImports | ./backend express nodemailer | -| autogenerated/Xss/DomBasedXss/nodemailer.js:4:23:4:33 | './backend' | receiverName | | -| autogenerated/Xss/DomBasedXss/nodemailer.js:4:23:4:33 | './backend' | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/nodemailer.js:6:10:6:27 | '/private_message' | CalleeFlexibleAccessPath | app.post | -| autogenerated/Xss/DomBasedXss/nodemailer.js:6:10:6:27 | '/private_message' | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/nodemailer.js:6:10:6:27 | '/private_message' | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/nodemailer.js:6:10:6:27 | '/private_message' | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/nodemailer.js:6:10:6:27 | '/private_message' | calleeImports | express | -| autogenerated/Xss/DomBasedXss/nodemailer.js:6:10:6:27 | '/private_message' | contextFunctionInterfaces | | -| autogenerated/Xss/DomBasedXss/nodemailer.js:6:10:6:27 | '/private_message' | contextSurroundingFunctionParameters | | -| autogenerated/Xss/DomBasedXss/nodemailer.js:6:10:6:27 | '/private_message' | enclosingFunctionBody | | -| autogenerated/Xss/DomBasedXss/nodemailer.js:6:10:6:27 | '/private_message' | enclosingFunctionName | | -| autogenerated/Xss/DomBasedXss/nodemailer.js:6:10:6:27 | '/private_message' | fileImports | ./backend express nodemailer | -| autogenerated/Xss/DomBasedXss/nodemailer.js:6:10:6:27 | '/private_message' | receiverName | app | -| autogenerated/Xss/DomBasedXss/nodemailer.js:6:10:6:27 | '/private_message' | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/nodemailer.js:6:30:15:1 | (req, r ... });\\n} | CalleeFlexibleAccessPath | app.post | -| autogenerated/Xss/DomBasedXss/nodemailer.js:6:30:15:1 | (req, r ... });\\n} | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/nodemailer.js:6:30:15:1 | (req, r ... });\\n} | InputArgumentIndex | 1 | -| autogenerated/Xss/DomBasedXss/nodemailer.js:6:30:15:1 | (req, r ... });\\n} | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/nodemailer.js:6:30:15:1 | (req, r ... });\\n} | calleeImports | express | -| autogenerated/Xss/DomBasedXss/nodemailer.js:6:30:15:1 | (req, r ... });\\n} | contextFunctionInterfaces | | -| autogenerated/Xss/DomBasedXss/nodemailer.js:6:30:15:1 | (req, r ... });\\n} | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/Xss/DomBasedXss/nodemailer.js:6:30:15:1 | (req, r ... });\\n} | enclosingFunctionBody | | -| autogenerated/Xss/DomBasedXss/nodemailer.js:6:30:15:1 | (req, r ... });\\n} | enclosingFunctionName | | -| autogenerated/Xss/DomBasedXss/nodemailer.js:6:30:15:1 | (req, r ... });\\n} | fileImports | ./backend express nodemailer | -| autogenerated/Xss/DomBasedXss/nodemailer.js:6:30:15:1 | (req, r ... });\\n} | receiverName | app | -| autogenerated/Xss/DomBasedXss/nodemailer.js:6:30:15:1 | (req, r ... });\\n} | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/nodemailer.js:7:46:7:47 | {} | CalleeFlexibleAccessPath | nodemailer.createTransport | -| autogenerated/Xss/DomBasedXss/nodemailer.js:7:46:7:47 | {} | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/nodemailer.js:7:46:7:47 | {} | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/nodemailer.js:7:46:7:47 | {} | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/nodemailer.js:7:46:7:47 | {} | calleeImports | nodemailer | -| autogenerated/Xss/DomBasedXss/nodemailer.js:7:46:7:47 | {} | contextFunctionInterfaces | | -| autogenerated/Xss/DomBasedXss/nodemailer.js:7:46:7:47 | {} | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/Xss/DomBasedXss/nodemailer.js:7:46:7:47 | {} | enclosingFunctionBody | req res transport nodemailer createTransport transport sendMail from webmaster@example.com to backend getUserEmail req query receiver subject Private message text Hi, you got a message from someone. req query message . html Hi, you got a message from someone. req query message . | -| autogenerated/Xss/DomBasedXss/nodemailer.js:7:46:7:47 | {} | enclosingFunctionName | app.post#functionalargument | -| autogenerated/Xss/DomBasedXss/nodemailer.js:7:46:7:47 | {} | fileImports | ./backend express nodemailer | -| autogenerated/Xss/DomBasedXss/nodemailer.js:7:46:7:47 | {} | receiverName | nodemailer | -| autogenerated/Xss/DomBasedXss/nodemailer.js:7:46:7:47 | {} | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/nodemailer.js:8:22:14:3 | {\\n f ... OK\\n } | CalleeFlexibleAccessPath | transport.sendMail | -| autogenerated/Xss/DomBasedXss/nodemailer.js:8:22:14:3 | {\\n f ... OK\\n } | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/nodemailer.js:8:22:14:3 | {\\n f ... OK\\n } | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/nodemailer.js:8:22:14:3 | {\\n f ... OK\\n } | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/nodemailer.js:8:22:14:3 | {\\n f ... OK\\n } | calleeImports | nodemailer | -| autogenerated/Xss/DomBasedXss/nodemailer.js:8:22:14:3 | {\\n f ... OK\\n } | contextFunctionInterfaces | | -| autogenerated/Xss/DomBasedXss/nodemailer.js:8:22:14:3 | {\\n f ... OK\\n } | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/Xss/DomBasedXss/nodemailer.js:8:22:14:3 | {\\n f ... OK\\n } | enclosingFunctionBody | req res transport nodemailer createTransport transport sendMail from webmaster@example.com to backend getUserEmail req query receiver subject Private message text Hi, you got a message from someone. req query message . html Hi, you got a message from someone. req query message . | -| autogenerated/Xss/DomBasedXss/nodemailer.js:8:22:14:3 | {\\n f ... OK\\n } | enclosingFunctionName | app.post#functionalargument | -| autogenerated/Xss/DomBasedXss/nodemailer.js:8:22:14:3 | {\\n f ... OK\\n } | fileImports | ./backend express nodemailer | -| autogenerated/Xss/DomBasedXss/nodemailer.js:8:22:14:3 | {\\n f ... OK\\n } | receiverName | transport | -| autogenerated/Xss/DomBasedXss/nodemailer.js:8:22:14:3 | {\\n f ... OK\\n } | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/nodemailer.js:9:11:9:33 | 'webmas ... le.com' | CalleeFlexibleAccessPath | transport.sendMail | -| autogenerated/Xss/DomBasedXss/nodemailer.js:9:11:9:33 | 'webmas ... le.com' | InputAccessPathFromCallee | 0.from | -| autogenerated/Xss/DomBasedXss/nodemailer.js:9:11:9:33 | 'webmas ... le.com' | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/nodemailer.js:9:11:9:33 | 'webmas ... le.com' | assignedToPropName | from | -| autogenerated/Xss/DomBasedXss/nodemailer.js:9:11:9:33 | 'webmas ... le.com' | calleeImports | nodemailer | -| autogenerated/Xss/DomBasedXss/nodemailer.js:9:11:9:33 | 'webmas ... le.com' | contextFunctionInterfaces | | -| autogenerated/Xss/DomBasedXss/nodemailer.js:9:11:9:33 | 'webmas ... le.com' | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/Xss/DomBasedXss/nodemailer.js:9:11:9:33 | 'webmas ... le.com' | enclosingFunctionBody | req res transport nodemailer createTransport transport sendMail from webmaster@example.com to backend getUserEmail req query receiver subject Private message text Hi, you got a message from someone. req query message . html Hi, you got a message from someone. req query message . | -| autogenerated/Xss/DomBasedXss/nodemailer.js:9:11:9:33 | 'webmas ... le.com' | enclosingFunctionName | app.post#functionalargument | -| autogenerated/Xss/DomBasedXss/nodemailer.js:9:11:9:33 | 'webmas ... le.com' | fileImports | ./backend express nodemailer | -| autogenerated/Xss/DomBasedXss/nodemailer.js:9:11:9:33 | 'webmas ... le.com' | receiverName | | -| autogenerated/Xss/DomBasedXss/nodemailer.js:9:11:9:33 | 'webmas ... le.com' | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/nodemailer.js:10:9:10:48 | backend ... ceiver) | CalleeFlexibleAccessPath | transport.sendMail | -| autogenerated/Xss/DomBasedXss/nodemailer.js:10:9:10:48 | backend ... ceiver) | InputAccessPathFromCallee | 0.to | -| autogenerated/Xss/DomBasedXss/nodemailer.js:10:9:10:48 | backend ... ceiver) | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/nodemailer.js:10:9:10:48 | backend ... ceiver) | assignedToPropName | to | -| autogenerated/Xss/DomBasedXss/nodemailer.js:10:9:10:48 | backend ... ceiver) | calleeImports | nodemailer | -| autogenerated/Xss/DomBasedXss/nodemailer.js:10:9:10:48 | backend ... ceiver) | contextFunctionInterfaces | | -| autogenerated/Xss/DomBasedXss/nodemailer.js:10:9:10:48 | backend ... ceiver) | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/Xss/DomBasedXss/nodemailer.js:10:9:10:48 | backend ... ceiver) | enclosingFunctionBody | req res transport nodemailer createTransport transport sendMail from webmaster@example.com to backend getUserEmail req query receiver subject Private message text Hi, you got a message from someone. req query message . html Hi, you got a message from someone. req query message . | -| autogenerated/Xss/DomBasedXss/nodemailer.js:10:9:10:48 | backend ... ceiver) | enclosingFunctionName | app.post#functionalargument | -| autogenerated/Xss/DomBasedXss/nodemailer.js:10:9:10:48 | backend ... ceiver) | fileImports | ./backend express nodemailer | -| autogenerated/Xss/DomBasedXss/nodemailer.js:10:9:10:48 | backend ... ceiver) | receiverName | | -| autogenerated/Xss/DomBasedXss/nodemailer.js:10:9:10:48 | backend ... ceiver) | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/nodemailer.js:10:30:10:47 | req.query.receiver | CalleeFlexibleAccessPath | backend.getUserEmail | -| autogenerated/Xss/DomBasedXss/nodemailer.js:10:30:10:47 | req.query.receiver | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/nodemailer.js:10:30:10:47 | req.query.receiver | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/nodemailer.js:10:30:10:47 | req.query.receiver | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/nodemailer.js:10:30:10:47 | req.query.receiver | calleeImports | ./backend | -| autogenerated/Xss/DomBasedXss/nodemailer.js:10:30:10:47 | req.query.receiver | contextFunctionInterfaces | | -| autogenerated/Xss/DomBasedXss/nodemailer.js:10:30:10:47 | req.query.receiver | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/Xss/DomBasedXss/nodemailer.js:10:30:10:47 | req.query.receiver | enclosingFunctionBody | req res transport nodemailer createTransport transport sendMail from webmaster@example.com to backend getUserEmail req query receiver subject Private message text Hi, you got a message from someone. req query message . html Hi, you got a message from someone. req query message . | -| autogenerated/Xss/DomBasedXss/nodemailer.js:10:30:10:47 | req.query.receiver | enclosingFunctionName | app.post#functionalargument | -| autogenerated/Xss/DomBasedXss/nodemailer.js:10:30:10:47 | req.query.receiver | fileImports | ./backend express nodemailer | -| autogenerated/Xss/DomBasedXss/nodemailer.js:10:30:10:47 | req.query.receiver | receiverName | backend | -| autogenerated/Xss/DomBasedXss/nodemailer.js:10:30:10:47 | req.query.receiver | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/nodemailer.js:11:14:11:30 | 'Private message' | CalleeFlexibleAccessPath | transport.sendMail | -| autogenerated/Xss/DomBasedXss/nodemailer.js:11:14:11:30 | 'Private message' | InputAccessPathFromCallee | 0.subject | -| autogenerated/Xss/DomBasedXss/nodemailer.js:11:14:11:30 | 'Private message' | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/nodemailer.js:11:14:11:30 | 'Private message' | assignedToPropName | subject | -| autogenerated/Xss/DomBasedXss/nodemailer.js:11:14:11:30 | 'Private message' | calleeImports | nodemailer | -| autogenerated/Xss/DomBasedXss/nodemailer.js:11:14:11:30 | 'Private message' | contextFunctionInterfaces | | -| autogenerated/Xss/DomBasedXss/nodemailer.js:11:14:11:30 | 'Private message' | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/Xss/DomBasedXss/nodemailer.js:11:14:11:30 | 'Private message' | enclosingFunctionBody | req res transport nodemailer createTransport transport sendMail from webmaster@example.com to backend getUserEmail req query receiver subject Private message text Hi, you got a message from someone. req query message . html Hi, you got a message from someone. req query message . | -| autogenerated/Xss/DomBasedXss/nodemailer.js:11:14:11:30 | 'Private message' | enclosingFunctionName | app.post#functionalargument | -| autogenerated/Xss/DomBasedXss/nodemailer.js:11:14:11:30 | 'Private message' | fileImports | ./backend express nodemailer | -| autogenerated/Xss/DomBasedXss/nodemailer.js:11:14:11:30 | 'Private message' | receiverName | | -| autogenerated/Xss/DomBasedXss/nodemailer.js:11:14:11:30 | 'Private message' | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/nodemailer.js:12:11:12:69 | `Hi, yo ... sage}.` | CalleeFlexibleAccessPath | transport.sendMail | -| autogenerated/Xss/DomBasedXss/nodemailer.js:12:11:12:69 | `Hi, yo ... sage}.` | InputAccessPathFromCallee | 0.text | -| autogenerated/Xss/DomBasedXss/nodemailer.js:12:11:12:69 | `Hi, yo ... sage}.` | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/nodemailer.js:12:11:12:69 | `Hi, yo ... sage}.` | assignedToPropName | text | -| autogenerated/Xss/DomBasedXss/nodemailer.js:12:11:12:69 | `Hi, yo ... sage}.` | calleeImports | nodemailer | -| autogenerated/Xss/DomBasedXss/nodemailer.js:12:11:12:69 | `Hi, yo ... sage}.` | contextFunctionInterfaces | | -| autogenerated/Xss/DomBasedXss/nodemailer.js:12:11:12:69 | `Hi, yo ... sage}.` | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/Xss/DomBasedXss/nodemailer.js:12:11:12:69 | `Hi, yo ... sage}.` | enclosingFunctionBody | req res transport nodemailer createTransport transport sendMail from webmaster@example.com to backend getUserEmail req query receiver subject Private message text Hi, you got a message from someone. req query message . html Hi, you got a message from someone. req query message . | -| autogenerated/Xss/DomBasedXss/nodemailer.js:12:11:12:69 | `Hi, yo ... sage}.` | enclosingFunctionName | app.post#functionalargument | -| autogenerated/Xss/DomBasedXss/nodemailer.js:12:11:12:69 | `Hi, yo ... sage}.` | fileImports | ./backend express nodemailer | -| autogenerated/Xss/DomBasedXss/nodemailer.js:12:11:12:69 | `Hi, yo ... sage}.` | receiverName | | -| autogenerated/Xss/DomBasedXss/nodemailer.js:12:11:12:69 | `Hi, yo ... sage}.` | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/nodemailer.js:13:11:13:69 | `Hi, yo ... sage}.` | CalleeFlexibleAccessPath | transport.sendMail | -| autogenerated/Xss/DomBasedXss/nodemailer.js:13:11:13:69 | `Hi, yo ... sage}.` | InputAccessPathFromCallee | 0.html | -| autogenerated/Xss/DomBasedXss/nodemailer.js:13:11:13:69 | `Hi, yo ... sage}.` | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/nodemailer.js:13:11:13:69 | `Hi, yo ... sage}.` | assignedToPropName | html | -| autogenerated/Xss/DomBasedXss/nodemailer.js:13:11:13:69 | `Hi, yo ... sage}.` | calleeImports | nodemailer | -| autogenerated/Xss/DomBasedXss/nodemailer.js:13:11:13:69 | `Hi, yo ... sage}.` | contextFunctionInterfaces | | -| autogenerated/Xss/DomBasedXss/nodemailer.js:13:11:13:69 | `Hi, yo ... sage}.` | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/Xss/DomBasedXss/nodemailer.js:13:11:13:69 | `Hi, yo ... sage}.` | enclosingFunctionBody | req res transport nodemailer createTransport transport sendMail from webmaster@example.com to backend getUserEmail req query receiver subject Private message text Hi, you got a message from someone. req query message . html Hi, you got a message from someone. req query message . | -| autogenerated/Xss/DomBasedXss/nodemailer.js:13:11:13:69 | `Hi, yo ... sage}.` | enclosingFunctionName | app.post#functionalargument | -| autogenerated/Xss/DomBasedXss/nodemailer.js:13:11:13:69 | `Hi, yo ... sage}.` | fileImports | ./backend express nodemailer | -| autogenerated/Xss/DomBasedXss/nodemailer.js:13:11:13:69 | `Hi, yo ... sage}.` | receiverName | | -| autogenerated/Xss/DomBasedXss/nodemailer.js:13:11:13:69 | `Hi, yo ... sage}.` | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:4:5:4:10 | 'myId' | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:4:5:4:10 | 'myId' | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:4:5:4:10 | 'myId' | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:4:5:4:10 | 'myId' | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:4:5:4:10 | 'myId' | calleeImports | | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:4:5:4:10 | 'myId' | contextFunctionInterfaces | badSanitizer()\ninner(x)\nsanitizeBad(x)\ntest() | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:4:5:4:10 | 'myId' | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:4:5:4:10 | 'myId' | enclosingFunctionBody | target document location search $ myId html sanitize DOMPurify sanitize target target $ myId html target tainted target $ myId html tainted sanitize tainted DOMPurify sanitize tainted $ myId html tainted inner target inner x $ myId html x sanitize x DOMPurify sanitize x $ myId html x | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:4:5:4:10 | 'myId' | enclosingFunctionName | test | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:4:5:4:10 | 'myId' | fileImports | | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:4:5:4:10 | 'myId' | receiverName | | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:4:5:4:10 | 'myId' | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:4:18:4:63 | sanitiz ... target | CalleeFlexibleAccessPath | $().html | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:4:18:4:63 | sanitiz ... target | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:4:18:4:63 | sanitiz ... target | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:4:18:4:63 | sanitiz ... target | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:4:18:4:63 | sanitiz ... target | calleeImports | | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:4:18:4:63 | sanitiz ... target | contextFunctionInterfaces | badSanitizer()\ninner(x)\nsanitizeBad(x)\ntest() | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:4:18:4:63 | sanitiz ... target | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:4:18:4:63 | sanitiz ... target | enclosingFunctionBody | target document location search $ myId html sanitize DOMPurify sanitize target target $ myId html target tainted target $ myId html tainted sanitize tainted DOMPurify sanitize tainted $ myId html tainted inner target inner x $ myId html x sanitize x DOMPurify sanitize x $ myId html x | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:4:18:4:63 | sanitiz ... target | enclosingFunctionName | test | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:4:18:4:63 | sanitiz ... target | fileImports | | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:4:18:4:63 | sanitiz ... target | receiverName | | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:4:18:4:63 | sanitiz ... target | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:6:5:6:10 | 'myId' | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:6:5:6:10 | 'myId' | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:6:5:6:10 | 'myId' | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:6:5:6:10 | 'myId' | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:6:5:6:10 | 'myId' | calleeImports | | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:6:5:6:10 | 'myId' | contextFunctionInterfaces | badSanitizer()\ninner(x)\nsanitizeBad(x)\ntest() | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:6:5:6:10 | 'myId' | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:6:5:6:10 | 'myId' | enclosingFunctionBody | target document location search $ myId html sanitize DOMPurify sanitize target target $ myId html target tainted target $ myId html tainted sanitize tainted DOMPurify sanitize tainted $ myId html tainted inner target inner x $ myId html x sanitize x DOMPurify sanitize x $ myId html x | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:6:5:6:10 | 'myId' | enclosingFunctionName | test | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:6:5:6:10 | 'myId' | fileImports | | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:6:5:6:10 | 'myId' | receiverName | | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:6:5:6:10 | 'myId' | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:6:18:6:23 | target | CalleeFlexibleAccessPath | $().html | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:6:18:6:23 | target | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:6:18:6:23 | target | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:6:18:6:23 | target | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:6:18:6:23 | target | calleeImports | | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:6:18:6:23 | target | contextFunctionInterfaces | badSanitizer()\ninner(x)\nsanitizeBad(x)\ntest() | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:6:18:6:23 | target | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:6:18:6:23 | target | enclosingFunctionBody | target document location search $ myId html sanitize DOMPurify sanitize target target $ myId html target tainted target $ myId html tainted sanitize tainted DOMPurify sanitize tainted $ myId html tainted inner target inner x $ myId html x sanitize x DOMPurify sanitize x $ myId html x | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:6:18:6:23 | target | enclosingFunctionName | test | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:6:18:6:23 | target | fileImports | | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:6:18:6:23 | target | receiverName | | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:6:18:6:23 | target | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:9:5:9:10 | 'myId' | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:9:5:9:10 | 'myId' | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:9:5:9:10 | 'myId' | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:9:5:9:10 | 'myId' | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:9:5:9:10 | 'myId' | calleeImports | | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:9:5:9:10 | 'myId' | contextFunctionInterfaces | badSanitizer()\ninner(x)\nsanitizeBad(x)\ntest() | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:9:5:9:10 | 'myId' | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:9:5:9:10 | 'myId' | enclosingFunctionBody | target document location search $ myId html sanitize DOMPurify sanitize target target $ myId html target tainted target $ myId html tainted sanitize tainted DOMPurify sanitize tainted $ myId html tainted inner target inner x $ myId html x sanitize x DOMPurify sanitize x $ myId html x | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:9:5:9:10 | 'myId' | enclosingFunctionName | test | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:9:5:9:10 | 'myId' | fileImports | | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:9:5:9:10 | 'myId' | receiverName | | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:9:5:9:10 | 'myId' | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:9:18:9:24 | tainted | CalleeFlexibleAccessPath | $().html | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:9:18:9:24 | tainted | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:9:18:9:24 | tainted | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:9:18:9:24 | tainted | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:9:18:9:24 | tainted | calleeImports | | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:9:18:9:24 | tainted | contextFunctionInterfaces | badSanitizer()\ninner(x)\nsanitizeBad(x)\ntest() | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:9:18:9:24 | tainted | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:9:18:9:24 | tainted | enclosingFunctionBody | target document location search $ myId html sanitize DOMPurify sanitize target target $ myId html target tainted target $ myId html tainted sanitize tainted DOMPurify sanitize tainted $ myId html tainted inner target inner x $ myId html x sanitize x DOMPurify sanitize x $ myId html x | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:9:18:9:24 | tainted | enclosingFunctionName | test | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:9:18:9:24 | tainted | fileImports | | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:9:18:9:24 | tainted | receiverName | | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:9:18:9:24 | tainted | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:13:5:13:10 | 'myId' | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:13:5:13:10 | 'myId' | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:13:5:13:10 | 'myId' | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:13:5:13:10 | 'myId' | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:13:5:13:10 | 'myId' | calleeImports | | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:13:5:13:10 | 'myId' | contextFunctionInterfaces | badSanitizer()\ninner(x)\nsanitizeBad(x)\ntest() | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:13:5:13:10 | 'myId' | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:13:5:13:10 | 'myId' | enclosingFunctionBody | target document location search $ myId html sanitize DOMPurify sanitize target target $ myId html target tainted target $ myId html tainted sanitize tainted DOMPurify sanitize tainted $ myId html tainted inner target inner x $ myId html x sanitize x DOMPurify sanitize x $ myId html x | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:13:5:13:10 | 'myId' | enclosingFunctionName | test | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:13:5:13:10 | 'myId' | fileImports | | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:13:5:13:10 | 'myId' | receiverName | | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:13:5:13:10 | 'myId' | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:13:18:13:24 | tainted | CalleeFlexibleAccessPath | $().html | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:13:18:13:24 | tainted | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:13:18:13:24 | tainted | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:13:18:13:24 | tainted | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:13:18:13:24 | tainted | calleeImports | | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:13:18:13:24 | tainted | contextFunctionInterfaces | badSanitizer()\ninner(x)\nsanitizeBad(x)\ntest() | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:13:18:13:24 | tainted | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:13:18:13:24 | tainted | enclosingFunctionBody | target document location search $ myId html sanitize DOMPurify sanitize target target $ myId html target tainted target $ myId html tainted sanitize tainted DOMPurify sanitize tainted $ myId html tainted inner target inner x $ myId html x sanitize x DOMPurify sanitize x $ myId html x | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:13:18:13:24 | tainted | enclosingFunctionName | test | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:13:18:13:24 | tainted | fileImports | | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:13:18:13:24 | tainted | receiverName | | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:13:18:13:24 | tainted | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:17:7:17:12 | 'myId' | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:17:7:17:12 | 'myId' | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:17:7:17:12 | 'myId' | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:17:7:17:12 | 'myId' | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:17:7:17:12 | 'myId' | calleeImports | | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:17:7:17:12 | 'myId' | contextFunctionInterfaces | badSanitizer()\ninner(x)\nsanitizeBad(x)\ntest() | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:17:7:17:12 | 'myId' | contextSurroundingFunctionParameters | (x) | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:17:7:17:12 | 'myId' | enclosingFunctionBody | target document location search $ myId html sanitize DOMPurify sanitize target target $ myId html target tainted target $ myId html tainted sanitize tainted DOMPurify sanitize tainted $ myId html tainted inner target inner x $ myId html x sanitize x DOMPurify sanitize x $ myId html x | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:17:7:17:12 | 'myId' | enclosingFunctionName | test | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:17:7:17:12 | 'myId' | fileImports | | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:17:7:17:12 | 'myId' | receiverName | | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:17:7:17:12 | 'myId' | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:17:20:17:20 | x | CalleeFlexibleAccessPath | $().html | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:17:20:17:20 | x | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:17:20:17:20 | x | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:17:20:17:20 | x | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:17:20:17:20 | x | calleeImports | | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:17:20:17:20 | x | contextFunctionInterfaces | badSanitizer()\ninner(x)\nsanitizeBad(x)\ntest() | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:17:20:17:20 | x | contextSurroundingFunctionParameters | (x) | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:17:20:17:20 | x | enclosingFunctionBody | target document location search $ myId html sanitize DOMPurify sanitize target target $ myId html target tainted target $ myId html tainted sanitize tainted DOMPurify sanitize tainted $ myId html tainted inner target inner x $ myId html x sanitize x DOMPurify sanitize x $ myId html x | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:17:20:17:20 | x | enclosingFunctionName | test | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:17:20:17:20 | x | fileImports | | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:17:20:17:20 | x | receiverName | | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:17:20:17:20 | x | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:21:7:21:12 | 'myId' | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:21:7:21:12 | 'myId' | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:21:7:21:12 | 'myId' | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:21:7:21:12 | 'myId' | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:21:7:21:12 | 'myId' | calleeImports | | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:21:7:21:12 | 'myId' | contextFunctionInterfaces | badSanitizer()\ninner(x)\nsanitizeBad(x)\ntest() | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:21:7:21:12 | 'myId' | contextSurroundingFunctionParameters | (x) | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:21:7:21:12 | 'myId' | enclosingFunctionBody | target document location search $ myId html sanitize DOMPurify sanitize target target $ myId html target tainted target $ myId html tainted sanitize tainted DOMPurify sanitize tainted $ myId html tainted inner target inner x $ myId html x sanitize x DOMPurify sanitize x $ myId html x | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:21:7:21:12 | 'myId' | enclosingFunctionName | test | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:21:7:21:12 | 'myId' | fileImports | | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:21:7:21:12 | 'myId' | receiverName | | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:21:7:21:12 | 'myId' | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:21:20:21:20 | x | CalleeFlexibleAccessPath | $().html | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:21:20:21:20 | x | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:21:20:21:20 | x | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:21:20:21:20 | x | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:21:20:21:20 | x | calleeImports | | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:21:20:21:20 | x | contextFunctionInterfaces | badSanitizer()\ninner(x)\nsanitizeBad(x)\ntest() | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:21:20:21:20 | x | contextSurroundingFunctionParameters | (x) | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:21:20:21:20 | x | enclosingFunctionBody | target document location search $ myId html sanitize DOMPurify sanitize target target $ myId html target tainted target $ myId html tainted sanitize tainted DOMPurify sanitize tainted $ myId html tainted inner target inner x $ myId html x sanitize x DOMPurify sanitize x $ myId html x | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:21:20:21:20 | x | enclosingFunctionName | test | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:21:20:21:20 | x | fileImports | | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:21:20:21:20 | x | receiverName | | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:21:20:21:20 | x | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:32:5:32:10 | 'myId' | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:32:5:32:10 | 'myId' | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:32:5:32:10 | 'myId' | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:32:5:32:10 | 'myId' | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:32:5:32:10 | 'myId' | calleeImports | | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:32:5:32:10 | 'myId' | contextFunctionInterfaces | badSanitizer()\ninner(x)\nsanitizeBad(x)\ntest() | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:32:5:32:10 | 'myId' | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:32:5:32:10 | 'myId' | enclosingFunctionBody | target document location search sanitizeBad x x tainted2 target $ myId html tainted2 sanitize tainted2 sanitizeBad tainted2 $ myId html tainted2 tainted3 target $ myId html tainted3 sanitize tainted3 sanitizeBad tainted3 $ myId html tainted3 $ myId html sanitize sanitizeBad target target | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:32:5:32:10 | 'myId' | enclosingFunctionName | badSanitizer | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:32:5:32:10 | 'myId' | fileImports | | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:32:5:32:10 | 'myId' | receiverName | | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:32:5:32:10 | 'myId' | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:32:18:32:25 | tainted2 | CalleeFlexibleAccessPath | $().html | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:32:18:32:25 | tainted2 | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:32:18:32:25 | tainted2 | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:32:18:32:25 | tainted2 | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:32:18:32:25 | tainted2 | calleeImports | | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:32:18:32:25 | tainted2 | contextFunctionInterfaces | badSanitizer()\ninner(x)\nsanitizeBad(x)\ntest() | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:32:18:32:25 | tainted2 | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:32:18:32:25 | tainted2 | enclosingFunctionBody | target document location search sanitizeBad x x tainted2 target $ myId html tainted2 sanitize tainted2 sanitizeBad tainted2 $ myId html tainted2 tainted3 target $ myId html tainted3 sanitize tainted3 sanitizeBad tainted3 $ myId html tainted3 $ myId html sanitize sanitizeBad target target | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:32:18:32:25 | tainted2 | enclosingFunctionName | badSanitizer | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:32:18:32:25 | tainted2 | fileImports | | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:32:18:32:25 | tainted2 | receiverName | | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:32:18:32:25 | tainted2 | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:34:28:34:35 | tainted2 | CalleeFlexibleAccessPath | sanitizeBad | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:34:28:34:35 | tainted2 | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:34:28:34:35 | tainted2 | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:34:28:34:35 | tainted2 | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:34:28:34:35 | tainted2 | calleeImports | | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:34:28:34:35 | tainted2 | contextFunctionInterfaces | badSanitizer()\ninner(x)\nsanitizeBad(x)\ntest() | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:34:28:34:35 | tainted2 | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:34:28:34:35 | tainted2 | enclosingFunctionBody | target document location search sanitizeBad x x tainted2 target $ myId html tainted2 sanitize tainted2 sanitizeBad tainted2 $ myId html tainted2 tainted3 target $ myId html tainted3 sanitize tainted3 sanitizeBad tainted3 $ myId html tainted3 $ myId html sanitize sanitizeBad target target | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:34:28:34:35 | tainted2 | enclosingFunctionName | badSanitizer | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:34:28:34:35 | tainted2 | fileImports | | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:34:28:34:35 | tainted2 | receiverName | | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:34:28:34:35 | tainted2 | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:36:5:36:10 | 'myId' | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:36:5:36:10 | 'myId' | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:36:5:36:10 | 'myId' | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:36:5:36:10 | 'myId' | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:36:5:36:10 | 'myId' | calleeImports | | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:36:5:36:10 | 'myId' | contextFunctionInterfaces | badSanitizer()\ninner(x)\nsanitizeBad(x)\ntest() | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:36:5:36:10 | 'myId' | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:36:5:36:10 | 'myId' | enclosingFunctionBody | target document location search sanitizeBad x x tainted2 target $ myId html tainted2 sanitize tainted2 sanitizeBad tainted2 $ myId html tainted2 tainted3 target $ myId html tainted3 sanitize tainted3 sanitizeBad tainted3 $ myId html tainted3 $ myId html sanitize sanitizeBad target target | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:36:5:36:10 | 'myId' | enclosingFunctionName | badSanitizer | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:36:5:36:10 | 'myId' | fileImports | | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:36:5:36:10 | 'myId' | receiverName | | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:36:5:36:10 | 'myId' | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:36:18:36:25 | tainted2 | CalleeFlexibleAccessPath | $().html | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:36:18:36:25 | tainted2 | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:36:18:36:25 | tainted2 | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:36:18:36:25 | tainted2 | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:36:18:36:25 | tainted2 | calleeImports | | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:36:18:36:25 | tainted2 | contextFunctionInterfaces | badSanitizer()\ninner(x)\nsanitizeBad(x)\ntest() | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:36:18:36:25 | tainted2 | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:36:18:36:25 | tainted2 | enclosingFunctionBody | target document location search sanitizeBad x x tainted2 target $ myId html tainted2 sanitize tainted2 sanitizeBad tainted2 $ myId html tainted2 tainted3 target $ myId html tainted3 sanitize tainted3 sanitizeBad tainted3 $ myId html tainted3 $ myId html sanitize sanitizeBad target target | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:36:18:36:25 | tainted2 | enclosingFunctionName | badSanitizer | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:36:18:36:25 | tainted2 | fileImports | | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:36:18:36:25 | tainted2 | receiverName | | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:36:18:36:25 | tainted2 | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:39:5:39:10 | 'myId' | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:39:5:39:10 | 'myId' | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:39:5:39:10 | 'myId' | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:39:5:39:10 | 'myId' | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:39:5:39:10 | 'myId' | calleeImports | | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:39:5:39:10 | 'myId' | contextFunctionInterfaces | badSanitizer()\ninner(x)\nsanitizeBad(x)\ntest() | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:39:5:39:10 | 'myId' | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:39:5:39:10 | 'myId' | enclosingFunctionBody | target document location search sanitizeBad x x tainted2 target $ myId html tainted2 sanitize tainted2 sanitizeBad tainted2 $ myId html tainted2 tainted3 target $ myId html tainted3 sanitize tainted3 sanitizeBad tainted3 $ myId html tainted3 $ myId html sanitize sanitizeBad target target | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:39:5:39:10 | 'myId' | enclosingFunctionName | badSanitizer | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:39:5:39:10 | 'myId' | fileImports | | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:39:5:39:10 | 'myId' | receiverName | | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:39:5:39:10 | 'myId' | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:39:18:39:25 | tainted3 | CalleeFlexibleAccessPath | $().html | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:39:18:39:25 | tainted3 | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:39:18:39:25 | tainted3 | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:39:18:39:25 | tainted3 | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:39:18:39:25 | tainted3 | calleeImports | | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:39:18:39:25 | tainted3 | contextFunctionInterfaces | badSanitizer()\ninner(x)\nsanitizeBad(x)\ntest() | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:39:18:39:25 | tainted3 | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:39:18:39:25 | tainted3 | enclosingFunctionBody | target document location search sanitizeBad x x tainted2 target $ myId html tainted2 sanitize tainted2 sanitizeBad tainted2 $ myId html tainted2 tainted3 target $ myId html tainted3 sanitize tainted3 sanitizeBad tainted3 $ myId html tainted3 $ myId html sanitize sanitizeBad target target | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:39:18:39:25 | tainted3 | enclosingFunctionName | badSanitizer | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:39:18:39:25 | tainted3 | fileImports | | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:39:18:39:25 | tainted3 | receiverName | | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:39:18:39:25 | tainted3 | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:41:28:41:35 | tainted3 | CalleeFlexibleAccessPath | sanitizeBad | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:41:28:41:35 | tainted3 | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:41:28:41:35 | tainted3 | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:41:28:41:35 | tainted3 | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:41:28:41:35 | tainted3 | calleeImports | | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:41:28:41:35 | tainted3 | contextFunctionInterfaces | badSanitizer()\ninner(x)\nsanitizeBad(x)\ntest() | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:41:28:41:35 | tainted3 | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:41:28:41:35 | tainted3 | enclosingFunctionBody | target document location search sanitizeBad x x tainted2 target $ myId html tainted2 sanitize tainted2 sanitizeBad tainted2 $ myId html tainted2 tainted3 target $ myId html tainted3 sanitize tainted3 sanitizeBad tainted3 $ myId html tainted3 $ myId html sanitize sanitizeBad target target | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:41:28:41:35 | tainted3 | enclosingFunctionName | badSanitizer | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:41:28:41:35 | tainted3 | fileImports | | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:41:28:41:35 | tainted3 | receiverName | | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:41:28:41:35 | tainted3 | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:43:5:43:10 | 'myId' | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:43:5:43:10 | 'myId' | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:43:5:43:10 | 'myId' | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:43:5:43:10 | 'myId' | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:43:5:43:10 | 'myId' | calleeImports | | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:43:5:43:10 | 'myId' | contextFunctionInterfaces | badSanitizer()\ninner(x)\nsanitizeBad(x)\ntest() | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:43:5:43:10 | 'myId' | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:43:5:43:10 | 'myId' | enclosingFunctionBody | target document location search sanitizeBad x x tainted2 target $ myId html tainted2 sanitize tainted2 sanitizeBad tainted2 $ myId html tainted2 tainted3 target $ myId html tainted3 sanitize tainted3 sanitizeBad tainted3 $ myId html tainted3 $ myId html sanitize sanitizeBad target target | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:43:5:43:10 | 'myId' | enclosingFunctionName | badSanitizer | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:43:5:43:10 | 'myId' | fileImports | | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:43:5:43:10 | 'myId' | receiverName | | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:43:5:43:10 | 'myId' | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:43:18:43:25 | tainted3 | CalleeFlexibleAccessPath | $().html | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:43:18:43:25 | tainted3 | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:43:18:43:25 | tainted3 | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:43:18:43:25 | tainted3 | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:43:18:43:25 | tainted3 | calleeImports | | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:43:18:43:25 | tainted3 | contextFunctionInterfaces | badSanitizer()\ninner(x)\nsanitizeBad(x)\ntest() | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:43:18:43:25 | tainted3 | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:43:18:43:25 | tainted3 | enclosingFunctionBody | target document location search sanitizeBad x x tainted2 target $ myId html tainted2 sanitize tainted2 sanitizeBad tainted2 $ myId html tainted2 tainted3 target $ myId html tainted3 sanitize tainted3 sanitizeBad tainted3 $ myId html tainted3 $ myId html sanitize sanitizeBad target target | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:43:18:43:25 | tainted3 | enclosingFunctionName | badSanitizer | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:43:18:43:25 | tainted3 | fileImports | | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:43:18:43:25 | tainted3 | receiverName | | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:43:18:43:25 | tainted3 | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:45:5:45:10 | 'myId' | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:45:5:45:10 | 'myId' | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:45:5:45:10 | 'myId' | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:45:5:45:10 | 'myId' | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:45:5:45:10 | 'myId' | calleeImports | | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:45:5:45:10 | 'myId' | contextFunctionInterfaces | badSanitizer()\ninner(x)\nsanitizeBad(x)\ntest() | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:45:5:45:10 | 'myId' | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:45:5:45:10 | 'myId' | enclosingFunctionBody | target document location search sanitizeBad x x tainted2 target $ myId html tainted2 sanitize tainted2 sanitizeBad tainted2 $ myId html tainted2 tainted3 target $ myId html tainted3 sanitize tainted3 sanitizeBad tainted3 $ myId html tainted3 $ myId html sanitize sanitizeBad target target | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:45:5:45:10 | 'myId' | enclosingFunctionName | badSanitizer | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:45:5:45:10 | 'myId' | fileImports | | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:45:5:45:10 | 'myId' | receiverName | | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:45:5:45:10 | 'myId' | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:45:18:45:56 | sanitiz ... target | CalleeFlexibleAccessPath | $().html | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:45:18:45:56 | sanitiz ... target | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:45:18:45:56 | sanitiz ... target | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:45:18:45:56 | sanitiz ... target | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:45:18:45:56 | sanitiz ... target | calleeImports | | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:45:18:45:56 | sanitiz ... target | contextFunctionInterfaces | badSanitizer()\ninner(x)\nsanitizeBad(x)\ntest() | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:45:18:45:56 | sanitiz ... target | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:45:18:45:56 | sanitiz ... target | enclosingFunctionBody | target document location search sanitizeBad x x tainted2 target $ myId html tainted2 sanitize tainted2 sanitizeBad tainted2 $ myId html tainted2 tainted3 target $ myId html tainted3 sanitize tainted3 sanitizeBad tainted3 $ myId html tainted3 $ myId html sanitize sanitizeBad target target | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:45:18:45:56 | sanitiz ... target | enclosingFunctionName | badSanitizer | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:45:18:45:56 | sanitiz ... target | fileImports | | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:45:18:45:56 | sanitiz ... target | receiverName | | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:45:18:45:56 | sanitiz ... target | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:45:41:45:46 | target | CalleeFlexibleAccessPath | sanitizeBad | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:45:41:45:46 | target | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:45:41:45:46 | target | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:45:41:45:46 | target | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:45:41:45:46 | target | calleeImports | | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:45:41:45:46 | target | contextFunctionInterfaces | badSanitizer()\ninner(x)\nsanitizeBad(x)\ntest() | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:45:41:45:46 | target | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:45:41:45:46 | target | enclosingFunctionBody | target document location search sanitizeBad x x tainted2 target $ myId html tainted2 sanitize tainted2 sanitizeBad tainted2 $ myId html tainted2 tainted3 target $ myId html tainted3 sanitize tainted3 sanitizeBad tainted3 $ myId html tainted3 $ myId html sanitize sanitizeBad target target | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:45:41:45:46 | target | enclosingFunctionName | badSanitizer | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:45:41:45:46 | target | fileImports | | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:45:41:45:46 | target | receiverName | | -| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:45:41:45:46 | target | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/react-create-context.js:3:45:3:48 | null | CalleeFlexibleAccessPath | createContext | -| autogenerated/Xss/DomBasedXss/react-create-context.js:3:45:3:48 | null | InputAccessPathFromCallee | 0.root | -| autogenerated/Xss/DomBasedXss/react-create-context.js:3:45:3:48 | null | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/react-create-context.js:3:45:3:48 | null | assignedToPropName | root | -| autogenerated/Xss/DomBasedXss/react-create-context.js:3:45:3:48 | null | calleeImports | react | -| autogenerated/Xss/DomBasedXss/react-create-context.js:3:45:3:48 | null | contextFunctionInterfaces | | -| autogenerated/Xss/DomBasedXss/react-create-context.js:3:45:3:48 | null | contextSurroundingFunctionParameters | | -| autogenerated/Xss/DomBasedXss/react-create-context.js:3:45:3:48 | null | enclosingFunctionBody | | -| autogenerated/Xss/DomBasedXss/react-create-context.js:3:45:3:48 | null | enclosingFunctionName | | -| autogenerated/Xss/DomBasedXss/react-create-context.js:3:45:3:48 | null | fileImports | react | -| autogenerated/Xss/DomBasedXss/react-create-context.js:3:45:3:48 | null | receiverName | | -| autogenerated/Xss/DomBasedXss/react-create-context.js:3:45:3:48 | null | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/react-native.js:6:9:6:20 | '/some/path' | CalleeFlexibleAccessPath | app.get | -| autogenerated/Xss/DomBasedXss/react-native.js:6:9:6:20 | '/some/path' | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/react-native.js:6:9:6:20 | '/some/path' | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/react-native.js:6:9:6:20 | '/some/path' | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/react-native.js:6:9:6:20 | '/some/path' | calleeImports | express | -| autogenerated/Xss/DomBasedXss/react-native.js:6:9:6:20 | '/some/path' | contextFunctionInterfaces | | -| autogenerated/Xss/DomBasedXss/react-native.js:6:9:6:20 | '/some/path' | contextSurroundingFunctionParameters | | -| autogenerated/Xss/DomBasedXss/react-native.js:6:9:6:20 | '/some/path' | enclosingFunctionBody | | -| autogenerated/Xss/DomBasedXss/react-native.js:6:9:6:20 | '/some/path' | enclosingFunctionName | | -| autogenerated/Xss/DomBasedXss/react-native.js:6:9:6:20 | '/some/path' | fileImports | express react-native | -| autogenerated/Xss/DomBasedXss/react-native.js:6:9:6:20 | '/some/path' | receiverName | app | -| autogenerated/Xss/DomBasedXss/react-native.js:6:9:6:20 | '/some/path' | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/react-native.js:6:23:10:1 | functio ... OT OK\\n} | CalleeFlexibleAccessPath | app.get | -| autogenerated/Xss/DomBasedXss/react-native.js:6:23:10:1 | functio ... OT OK\\n} | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/react-native.js:6:23:10:1 | functio ... OT OK\\n} | InputArgumentIndex | 1 | -| autogenerated/Xss/DomBasedXss/react-native.js:6:23:10:1 | functio ... OT OK\\n} | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/react-native.js:6:23:10:1 | functio ... OT OK\\n} | calleeImports | express | -| autogenerated/Xss/DomBasedXss/react-native.js:6:23:10:1 | functio ... OT OK\\n} | contextFunctionInterfaces | | -| autogenerated/Xss/DomBasedXss/react-native.js:6:23:10:1 | functio ... OT OK\\n} | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/Xss/DomBasedXss/react-native.js:6:23:10:1 | functio ... OT OK\\n} | enclosingFunctionBody | | -| autogenerated/Xss/DomBasedXss/react-native.js:6:23:10:1 | functio ... OT OK\\n} | enclosingFunctionName | | -| autogenerated/Xss/DomBasedXss/react-native.js:6:23:10:1 | functio ... OT OK\\n} | fileImports | express react-native | -| autogenerated/Xss/DomBasedXss/react-native.js:6:23:10:1 | functio ... OT OK\\n} | receiverName | app | -| autogenerated/Xss/DomBasedXss/react-native.js:6:23:10:1 | functio ... OT OK\\n} | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/react-native.js:7:27:7:32 | "code" | CalleeFlexibleAccessPath | req.param | -| autogenerated/Xss/DomBasedXss/react-native.js:7:27:7:32 | "code" | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/react-native.js:7:27:7:32 | "code" | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/react-native.js:7:27:7:32 | "code" | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/react-native.js:7:27:7:32 | "code" | calleeImports | | -| autogenerated/Xss/DomBasedXss/react-native.js:7:27:7:32 | "code" | contextFunctionInterfaces | | -| autogenerated/Xss/DomBasedXss/react-native.js:7:27:7:32 | "code" | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/Xss/DomBasedXss/react-native.js:7:27:7:32 | "code" | enclosingFunctionBody | req res tainted req param code WebView html tainted WebView source html tainted | -| autogenerated/Xss/DomBasedXss/react-native.js:7:27:7:32 | "code" | enclosingFunctionName | app.get#functionalargument | -| autogenerated/Xss/DomBasedXss/react-native.js:7:27:7:32 | "code" | fileImports | express react-native | -| autogenerated/Xss/DomBasedXss/react-native.js:7:27:7:32 | "code" | receiverName | req | -| autogenerated/Xss/DomBasedXss/react-native.js:7:27:7:32 | "code" | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/react-native.js:8:18:8:24 | tainted | CalleeFlexibleAccessPath | | -| autogenerated/Xss/DomBasedXss/react-native.js:8:18:8:24 | tainted | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/react-native.js:8:18:8:24 | tainted | InputArgumentIndex | | -| autogenerated/Xss/DomBasedXss/react-native.js:8:18:8:24 | tainted | assignedToPropName | html | -| autogenerated/Xss/DomBasedXss/react-native.js:8:18:8:24 | tainted | calleeImports | | -| autogenerated/Xss/DomBasedXss/react-native.js:8:18:8:24 | tainted | contextFunctionInterfaces | | -| autogenerated/Xss/DomBasedXss/react-native.js:8:18:8:24 | tainted | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/Xss/DomBasedXss/react-native.js:8:18:8:24 | tainted | enclosingFunctionBody | req res tainted req param code WebView html tainted WebView source html tainted | -| autogenerated/Xss/DomBasedXss/react-native.js:8:18:8:24 | tainted | enclosingFunctionName | app.get#functionalargument | -| autogenerated/Xss/DomBasedXss/react-native.js:8:18:8:24 | tainted | fileImports | express react-native | -| autogenerated/Xss/DomBasedXss/react-native.js:8:18:8:24 | tainted | receiverName | | -| autogenerated/Xss/DomBasedXss/react-native.js:8:18:8:24 | tainted | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/react-native.js:9:27:9:33 | tainted | CalleeFlexibleAccessPath | | -| autogenerated/Xss/DomBasedXss/react-native.js:9:27:9:33 | tainted | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/react-native.js:9:27:9:33 | tainted | InputArgumentIndex | | -| autogenerated/Xss/DomBasedXss/react-native.js:9:27:9:33 | tainted | assignedToPropName | html | -| autogenerated/Xss/DomBasedXss/react-native.js:9:27:9:33 | tainted | calleeImports | | -| autogenerated/Xss/DomBasedXss/react-native.js:9:27:9:33 | tainted | contextFunctionInterfaces | | -| autogenerated/Xss/DomBasedXss/react-native.js:9:27:9:33 | tainted | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/Xss/DomBasedXss/react-native.js:9:27:9:33 | tainted | enclosingFunctionBody | req res tainted req param code WebView html tainted WebView source html tainted | -| autogenerated/Xss/DomBasedXss/react-native.js:9:27:9:33 | tainted | enclosingFunctionName | app.get#functionalargument | -| autogenerated/Xss/DomBasedXss/react-native.js:9:27:9:33 | tainted | fileImports | express react-native | -| autogenerated/Xss/DomBasedXss/react-native.js:9:27:9:33 | tainted | receiverName | | -| autogenerated/Xss/DomBasedXss/react-native.js:9:27:9:33 | tainted | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/react-use-context.js:5:23:5:31 | MyContext | CalleeFlexibleAccessPath | useContext | -| autogenerated/Xss/DomBasedXss/react-use-context.js:5:23:5:31 | MyContext | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/react-use-context.js:5:23:5:31 | MyContext | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/react-use-context.js:5:23:5:31 | MyContext | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/react-use-context.js:5:23:5:31 | MyContext | calleeImports | react | -| autogenerated/Xss/DomBasedXss/react-use-context.js:5:23:5:31 | MyContext | contextFunctionInterfaces | constructor(args)\nfoo()\nuseDoc1()\nuseMyContext() | -| autogenerated/Xss/DomBasedXss/react-use-context.js:5:23:5:31 | MyContext | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/react-use-context.js:5:23:5:31 | MyContext | enclosingFunctionBody | useContext MyContext | -| autogenerated/Xss/DomBasedXss/react-use-context.js:5:23:5:31 | MyContext | enclosingFunctionName | useMyContext | -| autogenerated/Xss/DomBasedXss/react-use-context.js:5:23:5:31 | MyContext | fileImports | ./react-create-context react | -| autogenerated/Xss/DomBasedXss/react-use-context.js:5:23:5:31 | MyContext | receiverName | | -| autogenerated/Xss/DomBasedXss/react-use-context.js:5:23:5:31 | MyContext | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/react-use-context.js:10:22:10:32 | window.name | CalleeFlexibleAccessPath | root.appendChild | -| autogenerated/Xss/DomBasedXss/react-use-context.js:10:22:10:32 | window.name | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/react-use-context.js:10:22:10:32 | window.name | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/react-use-context.js:10:22:10:32 | window.name | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/react-use-context.js:10:22:10:32 | window.name | calleeImports | | -| autogenerated/Xss/DomBasedXss/react-use-context.js:10:22:10:32 | window.name | contextFunctionInterfaces | constructor(args)\nfoo()\nuseDoc1()\nuseMyContext() | -| autogenerated/Xss/DomBasedXss/react-use-context.js:10:22:10:32 | window.name | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/react-use-context.js:10:22:10:32 | window.name | enclosingFunctionBody | root useMyContext root appendChild window name | -| autogenerated/Xss/DomBasedXss/react-use-context.js:10:22:10:32 | window.name | enclosingFunctionName | useDoc1 | -| autogenerated/Xss/DomBasedXss/react-use-context.js:10:22:10:32 | window.name | fileImports | ./react-create-context react | -| autogenerated/Xss/DomBasedXss/react-use-context.js:10:22:10:32 | window.name | receiverName | root | -| autogenerated/Xss/DomBasedXss/react-use-context.js:10:22:10:32 | window.name | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/react-use-context.js:16:26:16:36 | window.name | CalleeFlexibleAccessPath | root.appendChild | -| autogenerated/Xss/DomBasedXss/react-use-context.js:16:26:16:36 | window.name | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/react-use-context.js:16:26:16:36 | window.name | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/react-use-context.js:16:26:16:36 | window.name | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/react-use-context.js:16:26:16:36 | window.name | calleeImports | | -| autogenerated/Xss/DomBasedXss/react-use-context.js:16:26:16:36 | window.name | contextFunctionInterfaces | constructor(args)\nfoo()\nuseDoc1()\nuseMyContext() | -| autogenerated/Xss/DomBasedXss/react-use-context.js:16:26:16:36 | window.name | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/react-use-context.js:16:26:16:36 | window.name | enclosingFunctionBody | root context root appendChild window name | -| autogenerated/Xss/DomBasedXss/react-use-context.js:16:26:16:36 | window.name | enclosingFunctionName | foo | -| autogenerated/Xss/DomBasedXss/react-use-context.js:16:26:16:36 | window.name | fileImports | ./react-create-context react | -| autogenerated/Xss/DomBasedXss/react-use-context.js:16:26:16:36 | window.name | receiverName | root | -| autogenerated/Xss/DomBasedXss/react-use-context.js:16:26:16:36 | window.name | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/react-use-state.js:5:42:5:56 | {__html: state} | CalleeFlexibleAccessPath | | -| autogenerated/Xss/DomBasedXss/react-use-state.js:5:42:5:56 | {__html: state} | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/react-use-state.js:5:42:5:56 | {__html: state} | InputArgumentIndex | | -| autogenerated/Xss/DomBasedXss/react-use-state.js:5:42:5:56 | {__html: state} | assignedToPropName | dangerouslySetInnerHTML | -| autogenerated/Xss/DomBasedXss/react-use-state.js:5:42:5:56 | {__html: state} | calleeImports | | -| autogenerated/Xss/DomBasedXss/react-use-state.js:5:42:5:56 | {__html: state} | contextFunctionInterfaces | initialState()\nsetStateValue()\nsetStateValueLazy()\nsetStateValueLazy()\nsetStateValueSafe() | -| autogenerated/Xss/DomBasedXss/react-use-state.js:5:42:5:56 | {__html: state} | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/react-use-state.js:5:42:5:56 | {__html: state} | enclosingFunctionBody | state setState useState window name div dangerouslySetInnerHTML __html state | -| autogenerated/Xss/DomBasedXss/react-use-state.js:5:42:5:56 | {__html: state} | enclosingFunctionName | initialState | -| autogenerated/Xss/DomBasedXss/react-use-state.js:5:42:5:56 | {__html: state} | fileImports | react | -| autogenerated/Xss/DomBasedXss/react-use-state.js:5:42:5:56 | {__html: state} | receiverName | | -| autogenerated/Xss/DomBasedXss/react-use-state.js:5:42:5:56 | {__html: state} | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/react-use-state.js:5:51:5:55 | state | CalleeFlexibleAccessPath | | -| autogenerated/Xss/DomBasedXss/react-use-state.js:5:51:5:55 | state | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/react-use-state.js:5:51:5:55 | state | InputArgumentIndex | | -| autogenerated/Xss/DomBasedXss/react-use-state.js:5:51:5:55 | state | assignedToPropName | __html | -| autogenerated/Xss/DomBasedXss/react-use-state.js:5:51:5:55 | state | calleeImports | | -| autogenerated/Xss/DomBasedXss/react-use-state.js:5:51:5:55 | state | contextFunctionInterfaces | initialState()\nsetStateValue()\nsetStateValueLazy()\nsetStateValueLazy()\nsetStateValueSafe() | -| autogenerated/Xss/DomBasedXss/react-use-state.js:5:51:5:55 | state | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/react-use-state.js:5:51:5:55 | state | enclosingFunctionBody | state setState useState window name div dangerouslySetInnerHTML __html state | -| autogenerated/Xss/DomBasedXss/react-use-state.js:5:51:5:55 | state | enclosingFunctionName | initialState | -| autogenerated/Xss/DomBasedXss/react-use-state.js:5:51:5:55 | state | fileImports | react | -| autogenerated/Xss/DomBasedXss/react-use-state.js:5:51:5:55 | state | receiverName | | -| autogenerated/Xss/DomBasedXss/react-use-state.js:5:51:5:55 | state | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/react-use-state.js:11:42:11:56 | {__html: state} | CalleeFlexibleAccessPath | | -| autogenerated/Xss/DomBasedXss/react-use-state.js:11:42:11:56 | {__html: state} | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/react-use-state.js:11:42:11:56 | {__html: state} | InputArgumentIndex | | -| autogenerated/Xss/DomBasedXss/react-use-state.js:11:42:11:56 | {__html: state} | assignedToPropName | dangerouslySetInnerHTML | -| autogenerated/Xss/DomBasedXss/react-use-state.js:11:42:11:56 | {__html: state} | calleeImports | | -| autogenerated/Xss/DomBasedXss/react-use-state.js:11:42:11:56 | {__html: state} | contextFunctionInterfaces | initialState()\nsetStateValue()\nsetStateValueLazy()\nsetStateValueLazy()\nsetStateValueSafe() | -| autogenerated/Xss/DomBasedXss/react-use-state.js:11:42:11:56 | {__html: state} | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/react-use-state.js:11:42:11:56 | {__html: state} | enclosingFunctionBody | state setState useState foo setState window name div dangerouslySetInnerHTML __html state | -| autogenerated/Xss/DomBasedXss/react-use-state.js:11:42:11:56 | {__html: state} | enclosingFunctionName | setStateValue | -| autogenerated/Xss/DomBasedXss/react-use-state.js:11:42:11:56 | {__html: state} | fileImports | react | -| autogenerated/Xss/DomBasedXss/react-use-state.js:11:42:11:56 | {__html: state} | receiverName | | -| autogenerated/Xss/DomBasedXss/react-use-state.js:11:42:11:56 | {__html: state} | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/react-use-state.js:11:51:11:55 | state | CalleeFlexibleAccessPath | | -| autogenerated/Xss/DomBasedXss/react-use-state.js:11:51:11:55 | state | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/react-use-state.js:11:51:11:55 | state | InputArgumentIndex | | -| autogenerated/Xss/DomBasedXss/react-use-state.js:11:51:11:55 | state | assignedToPropName | __html | -| autogenerated/Xss/DomBasedXss/react-use-state.js:11:51:11:55 | state | calleeImports | | -| autogenerated/Xss/DomBasedXss/react-use-state.js:11:51:11:55 | state | contextFunctionInterfaces | initialState()\nsetStateValue()\nsetStateValueLazy()\nsetStateValueLazy()\nsetStateValueSafe() | -| autogenerated/Xss/DomBasedXss/react-use-state.js:11:51:11:55 | state | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/react-use-state.js:11:51:11:55 | state | enclosingFunctionBody | state setState useState foo setState window name div dangerouslySetInnerHTML __html state | -| autogenerated/Xss/DomBasedXss/react-use-state.js:11:51:11:55 | state | enclosingFunctionName | setStateValue | -| autogenerated/Xss/DomBasedXss/react-use-state.js:11:51:11:55 | state | fileImports | react | -| autogenerated/Xss/DomBasedXss/react-use-state.js:11:51:11:55 | state | receiverName | | -| autogenerated/Xss/DomBasedXss/react-use-state.js:11:51:11:55 | state | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/react-use-state.js:17:42:17:56 | {__html: state} | CalleeFlexibleAccessPath | | -| autogenerated/Xss/DomBasedXss/react-use-state.js:17:42:17:56 | {__html: state} | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/react-use-state.js:17:42:17:56 | {__html: state} | InputArgumentIndex | | -| autogenerated/Xss/DomBasedXss/react-use-state.js:17:42:17:56 | {__html: state} | assignedToPropName | dangerouslySetInnerHTML | -| autogenerated/Xss/DomBasedXss/react-use-state.js:17:42:17:56 | {__html: state} | calleeImports | | -| autogenerated/Xss/DomBasedXss/react-use-state.js:17:42:17:56 | {__html: state} | contextFunctionInterfaces | initialState()\nsetStateValue()\nsetStateValueLazy()\nsetStateValueLazy()\nsetStateValueSafe() | -| autogenerated/Xss/DomBasedXss/react-use-state.js:17:42:17:56 | {__html: state} | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/react-use-state.js:17:42:17:56 | {__html: state} | enclosingFunctionBody | state setState useState foo setState window name div dangerouslySetInnerHTML __html state | -| autogenerated/Xss/DomBasedXss/react-use-state.js:17:42:17:56 | {__html: state} | enclosingFunctionName | setStateValueLazy | -| autogenerated/Xss/DomBasedXss/react-use-state.js:17:42:17:56 | {__html: state} | fileImports | react | -| autogenerated/Xss/DomBasedXss/react-use-state.js:17:42:17:56 | {__html: state} | receiverName | | -| autogenerated/Xss/DomBasedXss/react-use-state.js:17:42:17:56 | {__html: state} | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/react-use-state.js:17:51:17:55 | state | CalleeFlexibleAccessPath | | -| autogenerated/Xss/DomBasedXss/react-use-state.js:17:51:17:55 | state | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/react-use-state.js:17:51:17:55 | state | InputArgumentIndex | | -| autogenerated/Xss/DomBasedXss/react-use-state.js:17:51:17:55 | state | assignedToPropName | __html | -| autogenerated/Xss/DomBasedXss/react-use-state.js:17:51:17:55 | state | calleeImports | | -| autogenerated/Xss/DomBasedXss/react-use-state.js:17:51:17:55 | state | contextFunctionInterfaces | initialState()\nsetStateValue()\nsetStateValueLazy()\nsetStateValueLazy()\nsetStateValueSafe() | -| autogenerated/Xss/DomBasedXss/react-use-state.js:17:51:17:55 | state | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/react-use-state.js:17:51:17:55 | state | enclosingFunctionBody | state setState useState foo setState window name div dangerouslySetInnerHTML __html state | -| autogenerated/Xss/DomBasedXss/react-use-state.js:17:51:17:55 | state | enclosingFunctionName | setStateValueLazy | -| autogenerated/Xss/DomBasedXss/react-use-state.js:17:51:17:55 | state | fileImports | react | -| autogenerated/Xss/DomBasedXss/react-use-state.js:17:51:17:55 | state | receiverName | | -| autogenerated/Xss/DomBasedXss/react-use-state.js:17:51:17:55 | state | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/react-use-state.js:23:35:23:38 | prev | CalleeFlexibleAccessPath | | -| autogenerated/Xss/DomBasedXss/react-use-state.js:23:35:23:38 | prev | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/react-use-state.js:23:35:23:38 | prev | InputArgumentIndex | | -| autogenerated/Xss/DomBasedXss/react-use-state.js:23:35:23:38 | prev | assignedToPropName | innerHTML | -| autogenerated/Xss/DomBasedXss/react-use-state.js:23:35:23:38 | prev | calleeImports | | -| autogenerated/Xss/DomBasedXss/react-use-state.js:23:35:23:38 | prev | contextFunctionInterfaces | initialState()\nsetStateValue()\nsetStateValueLazy()\nsetStateValueLazy()\nsetStateValueSafe() | -| autogenerated/Xss/DomBasedXss/react-use-state.js:23:35:23:38 | prev | contextSurroundingFunctionParameters | ()\n(prev) | -| autogenerated/Xss/DomBasedXss/react-use-state.js:23:35:23:38 | prev | enclosingFunctionBody | state setState useState foo setState prev document body innerHTML prev setState window name | -| autogenerated/Xss/DomBasedXss/react-use-state.js:23:35:23:38 | prev | enclosingFunctionName | setStateValueLazy | -| autogenerated/Xss/DomBasedXss/react-use-state.js:23:35:23:38 | prev | fileImports | react | -| autogenerated/Xss/DomBasedXss/react-use-state.js:23:35:23:38 | prev | receiverName | | -| autogenerated/Xss/DomBasedXss/react-use-state.js:23:35:23:38 | prev | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/react-use-state.js:32:42:32:56 | {__html: state} | CalleeFlexibleAccessPath | | -| autogenerated/Xss/DomBasedXss/react-use-state.js:32:42:32:56 | {__html: state} | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/react-use-state.js:32:42:32:56 | {__html: state} | InputArgumentIndex | | -| autogenerated/Xss/DomBasedXss/react-use-state.js:32:42:32:56 | {__html: state} | assignedToPropName | dangerouslySetInnerHTML | -| autogenerated/Xss/DomBasedXss/react-use-state.js:32:42:32:56 | {__html: state} | calleeImports | | -| autogenerated/Xss/DomBasedXss/react-use-state.js:32:42:32:56 | {__html: state} | contextFunctionInterfaces | initialState()\nsetStateValue()\nsetStateValueLazy()\nsetStateValueLazy()\nsetStateValueSafe() | -| autogenerated/Xss/DomBasedXss/react-use-state.js:32:42:32:56 | {__html: state} | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/react-use-state.js:32:42:32:56 | {__html: state} | enclosingFunctionBody | state setState useState foo setState safe setState also safe div dangerouslySetInnerHTML __html state | -| autogenerated/Xss/DomBasedXss/react-use-state.js:32:42:32:56 | {__html: state} | enclosingFunctionName | setStateValueSafe | -| autogenerated/Xss/DomBasedXss/react-use-state.js:32:42:32:56 | {__html: state} | fileImports | react | -| autogenerated/Xss/DomBasedXss/react-use-state.js:32:42:32:56 | {__html: state} | receiverName | | -| autogenerated/Xss/DomBasedXss/react-use-state.js:32:42:32:56 | {__html: state} | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/react-use-state.js:32:51:32:55 | state | CalleeFlexibleAccessPath | | -| autogenerated/Xss/DomBasedXss/react-use-state.js:32:51:32:55 | state | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/react-use-state.js:32:51:32:55 | state | InputArgumentIndex | | -| autogenerated/Xss/DomBasedXss/react-use-state.js:32:51:32:55 | state | assignedToPropName | __html | -| autogenerated/Xss/DomBasedXss/react-use-state.js:32:51:32:55 | state | calleeImports | | -| autogenerated/Xss/DomBasedXss/react-use-state.js:32:51:32:55 | state | contextFunctionInterfaces | initialState()\nsetStateValue()\nsetStateValueLazy()\nsetStateValueLazy()\nsetStateValueSafe() | -| autogenerated/Xss/DomBasedXss/react-use-state.js:32:51:32:55 | state | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/react-use-state.js:32:51:32:55 | state | enclosingFunctionBody | state setState useState foo setState safe setState also safe div dangerouslySetInnerHTML __html state | -| autogenerated/Xss/DomBasedXss/react-use-state.js:32:51:32:55 | state | enclosingFunctionName | setStateValueSafe | -| autogenerated/Xss/DomBasedXss/react-use-state.js:32:51:32:55 | state | fileImports | react | -| autogenerated/Xss/DomBasedXss/react-use-state.js:32:51:32:55 | state | receiverName | | -| autogenerated/Xss/DomBasedXss/react-use-state.js:32:51:32:55 | state | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:18:19:18:30 | " escapeHtml tainted elt innerHTML
    escapeAttr tainted
    regex /[<>'"&]/ regex test tainted elt innerHTML tainted elt innerHTML tainted regex test tainted elt innerHTML tainted elt innerHTML tainted regex exec tainted elt innerHTML tainted elt innerHTML tainted regex exec tainted null elt innerHTML tainted elt innerHTML tainted regex exec tainted null elt innerHTML tainted elt innerHTML tainted elt innerHTML tainted replace /<\\w+/g | -| autogenerated/Xss/DomBasedXss/sanitiser.js:18:19:18:30 | "' + escapeHtml() + '' | -| autogenerated/Xss/DomBasedXss/sanitiser.js:18:19:18:91 | "" | CalleeFlexibleAccessPath | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:18:19:18:91 | "" | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:18:19:18:91 | "" | InputArgumentIndex | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:18:19:18:91 | "" | assignedToPropName | innerHTML | -| autogenerated/Xss/DomBasedXss/sanitiser.js:18:19:18:91 | "" | calleeImports | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:18:19:18:91 | "" | contextFunctionInterfaces | escapeAttr(s)\nescapeHtml(s)\ntest() | -| autogenerated/Xss/DomBasedXss/sanitiser.js:18:19:18:91 | "" | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/sanitiser.js:18:19:18:91 | "" | enclosingFunctionBody | tainted window name elt document createElement elt innerHTML escapeHtml tainted elt innerHTML
    escapeAttr tainted
    regex /[<>'"&]/ regex test tainted elt innerHTML tainted elt innerHTML tainted regex test tainted elt innerHTML tainted elt innerHTML tainted regex exec tainted elt innerHTML tainted elt innerHTML tainted regex exec tainted null elt innerHTML tainted elt innerHTML tainted regex exec tainted null elt innerHTML tainted elt innerHTML tainted elt innerHTML tainted replace /<\\w+/g | -| autogenerated/Xss/DomBasedXss/sanitiser.js:18:19:18:91 | "" | enclosingFunctionName | test | -| autogenerated/Xss/DomBasedXss/sanitiser.js:18:19:18:91 | "" | fileImports | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:18:19:18:91 | "" | receiverName | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:18:19:18:91 | "" | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:18:34:18:52 | escapeAttr(tainted) | CalleeFlexibleAccessPath | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:18:34:18:52 | escapeAttr(tainted) | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:18:34:18:52 | escapeAttr(tainted) | InputArgumentIndex | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:18:34:18:52 | escapeAttr(tainted) | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:18:34:18:52 | escapeAttr(tainted) | calleeImports | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:18:34:18:52 | escapeAttr(tainted) | contextFunctionInterfaces | escapeAttr(s)\nescapeHtml(s)\ntest() | -| autogenerated/Xss/DomBasedXss/sanitiser.js:18:34:18:52 | escapeAttr(tainted) | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/sanitiser.js:18:34:18:52 | escapeAttr(tainted) | enclosingFunctionBody | tainted window name elt document createElement elt innerHTML escapeHtml tainted elt innerHTML
    escapeAttr tainted
    regex /[<>'"&]/ regex test tainted elt innerHTML tainted elt innerHTML tainted regex test tainted elt innerHTML tainted elt innerHTML tainted regex exec tainted elt innerHTML tainted elt innerHTML tainted regex exec tainted null elt innerHTML tainted elt innerHTML tainted regex exec tainted null elt innerHTML tainted elt innerHTML tainted elt innerHTML tainted replace /<\\w+/g | -| autogenerated/Xss/DomBasedXss/sanitiser.js:18:34:18:52 | escapeAttr(tainted) | enclosingFunctionName | test | -| autogenerated/Xss/DomBasedXss/sanitiser.js:18:34:18:52 | escapeAttr(tainted) | fileImports | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:18:34:18:52 | escapeAttr(tainted) | receiverName | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:18:34:18:52 | escapeAttr(tainted) | stringConcatenatedWith | '    ' + escapeHtml() + '' | -| autogenerated/Xss/DomBasedXss/sanitiser.js:18:56:18:60 | "\\">" | CalleeFlexibleAccessPath | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:18:56:18:60 | "\\">" | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:18:56:18:60 | "\\">" | InputArgumentIndex | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:18:56:18:60 | "\\">" | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:18:56:18:60 | "\\">" | calleeImports | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:18:56:18:60 | "\\">" | contextFunctionInterfaces | escapeAttr(s)\nescapeHtml(s)\ntest() | -| autogenerated/Xss/DomBasedXss/sanitiser.js:18:56:18:60 | "\\">" | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/sanitiser.js:18:56:18:60 | "\\">" | enclosingFunctionBody | tainted window name elt document createElement elt innerHTML escapeHtml tainted elt innerHTML
    escapeAttr tainted
    regex /[<>'"&]/ regex test tainted elt innerHTML tainted elt innerHTML tainted regex test tainted elt innerHTML tainted elt innerHTML tainted regex exec tainted elt innerHTML tainted elt innerHTML tainted regex exec tainted null elt innerHTML tainted elt innerHTML tainted regex exec tainted null elt innerHTML tainted elt innerHTML tainted elt innerHTML tainted replace /<\\w+/g | -| autogenerated/Xss/DomBasedXss/sanitiser.js:18:56:18:60 | "\\">" | enclosingFunctionName | test | -| autogenerated/Xss/DomBasedXss/sanitiser.js:18:56:18:60 | "\\">" | fileImports | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:18:56:18:60 | "\\">" | receiverName | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:18:56:18:60 | "\\">" | stringConcatenatedWith | ' escapeHtml tainted elt innerHTML
    escapeAttr tainted
    regex /[<>'"&]/ regex test tainted elt innerHTML tainted elt innerHTML tainted regex test tainted elt innerHTML tainted elt innerHTML tainted regex exec tainted elt innerHTML tainted elt innerHTML tainted regex exec tainted null elt innerHTML tainted elt innerHTML tainted regex exec tainted null elt innerHTML tainted elt innerHTML tainted elt innerHTML tainted replace /<\\w+/g | -| autogenerated/Xss/DomBasedXss/sanitiser.js:18:64:18:82 | escapeHtml(tainted) | enclosingFunctionName | test | -| autogenerated/Xss/DomBasedXss/sanitiser.js:18:64:18:82 | escapeHtml(tainted) | fileImports | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:18:64:18:82 | escapeHtml(tainted) | receiverName | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:18:64:18:82 | escapeHtml(tainted) | stringConcatenatedWith | '' -endpoint- '' | -| autogenerated/Xss/DomBasedXss/sanitiser.js:18:86:18:91 | "" | CalleeFlexibleAccessPath | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:18:86:18:91 | "" | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:18:86:18:91 | "" | InputArgumentIndex | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:18:86:18:91 | "" | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:18:86:18:91 | "" | calleeImports | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:18:86:18:91 | "" | contextFunctionInterfaces | escapeAttr(s)\nescapeHtml(s)\ntest() | -| autogenerated/Xss/DomBasedXss/sanitiser.js:18:86:18:91 | "" | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/sanitiser.js:18:86:18:91 | "" | enclosingFunctionBody | tainted window name elt document createElement elt innerHTML escapeHtml tainted elt innerHTML
    escapeAttr tainted
    regex /[<>'"&]/ regex test tainted elt innerHTML tainted elt innerHTML tainted regex test tainted elt innerHTML tainted elt innerHTML tainted regex exec tainted elt innerHTML tainted elt innerHTML tainted regex exec tainted null elt innerHTML tainted elt innerHTML tainted regex exec tainted null elt innerHTML tainted elt innerHTML tainted elt innerHTML tainted replace /<\\w+/g | -| autogenerated/Xss/DomBasedXss/sanitiser.js:18:86:18:91 | "" | enclosingFunctionName | test | -| autogenerated/Xss/DomBasedXss/sanitiser.js:18:86:18:91 | "" | fileImports | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:18:86:18:91 | "" | receiverName | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:18:86:18:91 | "" | stringConcatenatedWith | '' + escapeHtml() -endpoint- | -| autogenerated/Xss/DomBasedXss/sanitiser.js:19:19:19:25 | "
    " | CalleeFlexibleAccessPath | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:19:19:19:25 | "
    " | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:19:19:19:25 | "
    " | InputArgumentIndex | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:19:19:19:25 | "
    " | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:19:19:19:25 | "
    " | calleeImports | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:19:19:19:25 | "
    " | contextFunctionInterfaces | escapeAttr(s)\nescapeHtml(s)\ntest() | -| autogenerated/Xss/DomBasedXss/sanitiser.js:19:19:19:25 | "
    " | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/sanitiser.js:19:19:19:25 | "
    " | enclosingFunctionBody | tainted window name elt document createElement elt innerHTML escapeHtml tainted elt innerHTML
    escapeAttr tainted
    regex /[<>'"&]/ regex test tainted elt innerHTML tainted elt innerHTML tainted regex test tainted elt innerHTML tainted elt innerHTML tainted regex exec tainted elt innerHTML tainted elt innerHTML tainted regex exec tainted null elt innerHTML tainted elt innerHTML tainted regex exec tainted null elt innerHTML tainted elt innerHTML tainted elt innerHTML tainted replace /<\\w+/g | -| autogenerated/Xss/DomBasedXss/sanitiser.js:19:19:19:25 | "
    " | enclosingFunctionName | test | -| autogenerated/Xss/DomBasedXss/sanitiser.js:19:19:19:25 | "
    " | fileImports | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:19:19:19:25 | "
    " | receiverName | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:19:19:19:25 | "
    " | stringConcatenatedWith | -endpoint- escapeAttr() + '
    ' | -| autogenerated/Xss/DomBasedXss/sanitiser.js:19:19:19:58 | "
    " ...
    " | CalleeFlexibleAccessPath | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:19:19:19:58 | "
    " ...
    " | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:19:19:19:58 | "
    " ...
    " | InputArgumentIndex | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:19:19:19:58 | "
    " ...
    " | assignedToPropName | innerHTML | -| autogenerated/Xss/DomBasedXss/sanitiser.js:19:19:19:58 | "
    " ...
    " | calleeImports | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:19:19:19:58 | "
    " ...
    " | contextFunctionInterfaces | escapeAttr(s)\nescapeHtml(s)\ntest() | -| autogenerated/Xss/DomBasedXss/sanitiser.js:19:19:19:58 | "
    " ...
    " | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/sanitiser.js:19:19:19:58 | "
    " ...
    " | enclosingFunctionBody | tainted window name elt document createElement elt innerHTML     escapeHtml tainted elt innerHTML
    escapeAttr tainted
    regex /[<>'"&]/ regex test tainted elt innerHTML tainted elt innerHTML tainted regex test tainted elt innerHTML tainted elt innerHTML tainted regex exec tainted elt innerHTML tainted elt innerHTML tainted regex exec tainted null elt innerHTML tainted elt innerHTML tainted regex exec tainted null elt innerHTML tainted elt innerHTML tainted elt innerHTML tainted replace /<\\w+/g | -| autogenerated/Xss/DomBasedXss/sanitiser.js:19:19:19:58 | "
    " ...
    " | enclosingFunctionName | test | -| autogenerated/Xss/DomBasedXss/sanitiser.js:19:19:19:58 | "
    " ...
    " | fileImports | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:19:19:19:58 | "
    " ...
    " | receiverName | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:19:19:19:58 | "
    " ...
    " | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:19:29:19:47 | escapeAttr(tainted) | CalleeFlexibleAccessPath | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:19:29:19:47 | escapeAttr(tainted) | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:19:29:19:47 | escapeAttr(tainted) | InputArgumentIndex | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:19:29:19:47 | escapeAttr(tainted) | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:19:29:19:47 | escapeAttr(tainted) | calleeImports | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:19:29:19:47 | escapeAttr(tainted) | contextFunctionInterfaces | escapeAttr(s)\nescapeHtml(s)\ntest() | -| autogenerated/Xss/DomBasedXss/sanitiser.js:19:29:19:47 | escapeAttr(tainted) | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/sanitiser.js:19:29:19:47 | escapeAttr(tainted) | enclosingFunctionBody | tainted window name elt document createElement elt innerHTML escapeHtml tainted elt innerHTML
    escapeAttr tainted
    regex /[<>'"&]/ regex test tainted elt innerHTML tainted elt innerHTML tainted regex test tainted elt innerHTML tainted elt innerHTML tainted regex exec tainted elt innerHTML tainted elt innerHTML tainted regex exec tainted null elt innerHTML tainted elt innerHTML tainted regex exec tainted null elt innerHTML tainted elt innerHTML tainted elt innerHTML tainted replace /<\\w+/g | -| autogenerated/Xss/DomBasedXss/sanitiser.js:19:29:19:47 | escapeAttr(tainted) | enclosingFunctionName | test | -| autogenerated/Xss/DomBasedXss/sanitiser.js:19:29:19:47 | escapeAttr(tainted) | fileImports | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:19:29:19:47 | escapeAttr(tainted) | receiverName | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:19:29:19:47 | escapeAttr(tainted) | stringConcatenatedWith | '
    ' -endpoint- '
    ' | -| autogenerated/Xss/DomBasedXss/sanitiser.js:19:51:19:58 | "
    " | CalleeFlexibleAccessPath | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:19:51:19:58 | "
    " | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:19:51:19:58 | "
    " | InputArgumentIndex | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:19:51:19:58 | "
    " | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:19:51:19:58 | "
    " | calleeImports | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:19:51:19:58 | "
    " | contextFunctionInterfaces | escapeAttr(s)\nescapeHtml(s)\ntest() | -| autogenerated/Xss/DomBasedXss/sanitiser.js:19:51:19:58 | "
    " | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/sanitiser.js:19:51:19:58 | "
    " | enclosingFunctionBody | tainted window name elt document createElement elt innerHTML escapeHtml tainted elt innerHTML
    escapeAttr tainted
    regex /[<>'"&]/ regex test tainted elt innerHTML tainted elt innerHTML tainted regex test tainted elt innerHTML tainted elt innerHTML tainted regex exec tainted elt innerHTML tainted elt innerHTML tainted regex exec tainted null elt innerHTML tainted elt innerHTML tainted regex exec tainted null elt innerHTML tainted elt innerHTML tainted elt innerHTML tainted replace /<\\w+/g | -| autogenerated/Xss/DomBasedXss/sanitiser.js:19:51:19:58 | "
    " | enclosingFunctionName | test | -| autogenerated/Xss/DomBasedXss/sanitiser.js:19:51:19:58 | "
    " | fileImports | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:19:51:19:58 | "
    " | receiverName | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:19:51:19:58 | "
    " | stringConcatenatedWith | '
    ' + escapeAttr() -endpoint- | -| autogenerated/Xss/DomBasedXss/sanitiser.js:22:18:22:24 | tainted | CalleeFlexibleAccessPath | regex.test | -| autogenerated/Xss/DomBasedXss/sanitiser.js:22:18:22:24 | tainted | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:22:18:22:24 | tainted | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/sanitiser.js:22:18:22:24 | tainted | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:22:18:22:24 | tainted | calleeImports | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:22:18:22:24 | tainted | contextFunctionInterfaces | escapeAttr(s)\nescapeHtml(s)\ntest() | -| autogenerated/Xss/DomBasedXss/sanitiser.js:22:18:22:24 | tainted | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/sanitiser.js:22:18:22:24 | tainted | enclosingFunctionBody | tainted window name elt document createElement elt innerHTML escapeHtml tainted elt innerHTML
    escapeAttr tainted
    regex /[<>'"&]/ regex test tainted elt innerHTML tainted elt innerHTML tainted regex test tainted elt innerHTML tainted elt innerHTML tainted regex exec tainted elt innerHTML tainted elt innerHTML tainted regex exec tainted null elt innerHTML tainted elt innerHTML tainted regex exec tainted null elt innerHTML tainted elt innerHTML tainted elt innerHTML tainted replace /<\\w+/g | -| autogenerated/Xss/DomBasedXss/sanitiser.js:22:18:22:24 | tainted | enclosingFunctionName | test | -| autogenerated/Xss/DomBasedXss/sanitiser.js:22:18:22:24 | tainted | fileImports | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:22:18:22:24 | tainted | receiverName | regex | -| autogenerated/Xss/DomBasedXss/sanitiser.js:22:18:22:24 | tainted | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:23:21:23:25 | '' | CalleeFlexibleAccessPath | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:23:21:23:25 | '' | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:23:21:23:25 | '' | InputArgumentIndex | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:23:21:23:25 | '' | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:23:21:23:25 | '' | calleeImports | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:23:21:23:25 | '' | contextFunctionInterfaces | escapeAttr(s)\nescapeHtml(s)\ntest() | -| autogenerated/Xss/DomBasedXss/sanitiser.js:23:21:23:25 | '' | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/sanitiser.js:23:21:23:25 | '' | enclosingFunctionBody | tainted window name elt document createElement elt innerHTML escapeHtml tainted elt innerHTML
    escapeAttr tainted
    regex /[<>'"&]/ regex test tainted elt innerHTML tainted elt innerHTML tainted regex test tainted elt innerHTML tainted elt innerHTML tainted regex exec tainted elt innerHTML tainted elt innerHTML tainted regex exec tainted null elt innerHTML tainted elt innerHTML tainted regex exec tainted null elt innerHTML tainted elt innerHTML tainted elt innerHTML tainted replace /<\\w+/g | -| autogenerated/Xss/DomBasedXss/sanitiser.js:23:21:23:25 | '' | enclosingFunctionName | test | -| autogenerated/Xss/DomBasedXss/sanitiser.js:23:21:23:25 | '' | fileImports | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:23:21:23:25 | '' | receiverName | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:23:21:23:25 | '' | stringConcatenatedWith | -endpoint- tainted + '' | -| autogenerated/Xss/DomBasedXss/sanitiser.js:23:21:23:44 | '' + ... '' | CalleeFlexibleAccessPath | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:23:21:23:44 | '' + ... '' | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:23:21:23:44 | '' + ... '' | InputArgumentIndex | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:23:21:23:44 | '' + ... '' | assignedToPropName | innerHTML | -| autogenerated/Xss/DomBasedXss/sanitiser.js:23:21:23:44 | '' + ... '' | calleeImports | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:23:21:23:44 | '' + ... '' | contextFunctionInterfaces | escapeAttr(s)\nescapeHtml(s)\ntest() | -| autogenerated/Xss/DomBasedXss/sanitiser.js:23:21:23:44 | '' + ... '' | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/sanitiser.js:23:21:23:44 | '' + ... '' | enclosingFunctionBody | tainted window name elt document createElement elt innerHTML escapeHtml tainted elt innerHTML
    escapeAttr tainted
    regex /[<>'"&]/ regex test tainted elt innerHTML tainted elt innerHTML tainted regex test tainted elt innerHTML tainted elt innerHTML tainted regex exec tainted elt innerHTML tainted elt innerHTML tainted regex exec tainted null elt innerHTML tainted elt innerHTML tainted regex exec tainted null elt innerHTML tainted elt innerHTML tainted elt innerHTML tainted replace /<\\w+/g | -| autogenerated/Xss/DomBasedXss/sanitiser.js:23:21:23:44 | '' + ... '' | enclosingFunctionName | test | -| autogenerated/Xss/DomBasedXss/sanitiser.js:23:21:23:44 | '' + ... '' | fileImports | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:23:21:23:44 | '' + ... '' | receiverName | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:23:21:23:44 | '' + ... '' | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:23:29:23:35 | tainted | CalleeFlexibleAccessPath | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:23:29:23:35 | tainted | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:23:29:23:35 | tainted | InputArgumentIndex | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:23:29:23:35 | tainted | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:23:29:23:35 | tainted | calleeImports | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:23:29:23:35 | tainted | contextFunctionInterfaces | escapeAttr(s)\nescapeHtml(s)\ntest() | -| autogenerated/Xss/DomBasedXss/sanitiser.js:23:29:23:35 | tainted | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/sanitiser.js:23:29:23:35 | tainted | enclosingFunctionBody | tainted window name elt document createElement elt innerHTML escapeHtml tainted elt innerHTML
    escapeAttr tainted
    regex /[<>'"&]/ regex test tainted elt innerHTML tainted elt innerHTML tainted regex test tainted elt innerHTML tainted elt innerHTML tainted regex exec tainted elt innerHTML tainted elt innerHTML tainted regex exec tainted null elt innerHTML tainted elt innerHTML tainted regex exec tainted null elt innerHTML tainted elt innerHTML tainted elt innerHTML tainted replace /<\\w+/g | -| autogenerated/Xss/DomBasedXss/sanitiser.js:23:29:23:35 | tainted | enclosingFunctionName | test | -| autogenerated/Xss/DomBasedXss/sanitiser.js:23:29:23:35 | tainted | fileImports | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:23:29:23:35 | tainted | receiverName | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:23:29:23:35 | tainted | stringConcatenatedWith | '' -endpoint- '' | -| autogenerated/Xss/DomBasedXss/sanitiser.js:23:39:23:44 | '    ' | CalleeFlexibleAccessPath | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:23:39:23:44 | '    ' | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:23:39:23:44 | '    ' | InputArgumentIndex | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:23:39:23:44 | '    ' | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:23:39:23:44 | '    ' | calleeImports | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:23:39:23:44 | '    ' | contextFunctionInterfaces | escapeAttr(s)\nescapeHtml(s)\ntest() | -| autogenerated/Xss/DomBasedXss/sanitiser.js:23:39:23:44 | '    ' | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/sanitiser.js:23:39:23:44 | '    ' | enclosingFunctionBody | tainted window name elt document createElement elt innerHTML escapeHtml tainted elt innerHTML
    escapeAttr tainted
    regex /[<>'"&]/ regex test tainted elt innerHTML tainted elt innerHTML tainted regex test tainted elt innerHTML tainted elt innerHTML tainted regex exec tainted elt innerHTML tainted elt innerHTML tainted regex exec tainted null elt innerHTML tainted elt innerHTML tainted regex exec tainted null elt innerHTML tainted elt innerHTML tainted elt innerHTML tainted replace /<\\w+/g | -| autogenerated/Xss/DomBasedXss/sanitiser.js:23:39:23:44 | '    ' | enclosingFunctionName | test | -| autogenerated/Xss/DomBasedXss/sanitiser.js:23:39:23:44 | '    ' | fileImports | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:23:39:23:44 | '    ' | receiverName | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:23:39:23:44 | '' | stringConcatenatedWith | '' + tainted -endpoint- | -| autogenerated/Xss/DomBasedXss/sanitiser.js:25:21:25:25 | '' | CalleeFlexibleAccessPath | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:25:21:25:25 | '' | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:25:21:25:25 | '' | InputArgumentIndex | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:25:21:25:25 | '' | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:25:21:25:25 | '' | calleeImports | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:25:21:25:25 | '' | contextFunctionInterfaces | escapeAttr(s)\nescapeHtml(s)\ntest() | -| autogenerated/Xss/DomBasedXss/sanitiser.js:25:21:25:25 | '' | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/sanitiser.js:25:21:25:25 | '' | enclosingFunctionBody | tainted window name elt document createElement elt innerHTML escapeHtml tainted elt innerHTML
    escapeAttr tainted
    regex /[<>'"&]/ regex test tainted elt innerHTML tainted elt innerHTML tainted regex test tainted elt innerHTML tainted elt innerHTML tainted regex exec tainted elt innerHTML tainted elt innerHTML tainted regex exec tainted null elt innerHTML tainted elt innerHTML tainted regex exec tainted null elt innerHTML tainted elt innerHTML tainted elt innerHTML tainted replace /<\\w+/g | -| autogenerated/Xss/DomBasedXss/sanitiser.js:25:21:25:25 | '' | enclosingFunctionName | test | -| autogenerated/Xss/DomBasedXss/sanitiser.js:25:21:25:25 | '' | fileImports | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:25:21:25:25 | '' | receiverName | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:25:21:25:25 | '' | stringConcatenatedWith | -endpoint- tainted + '' | -| autogenerated/Xss/DomBasedXss/sanitiser.js:25:21:25:44 | '' + ... '' | CalleeFlexibleAccessPath | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:25:21:25:44 | '' + ... '' | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:25:21:25:44 | '' + ... '' | InputArgumentIndex | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:25:21:25:44 | '' + ... '' | assignedToPropName | innerHTML | -| autogenerated/Xss/DomBasedXss/sanitiser.js:25:21:25:44 | '' + ... '' | calleeImports | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:25:21:25:44 | '' + ... '' | contextFunctionInterfaces | escapeAttr(s)\nescapeHtml(s)\ntest() | -| autogenerated/Xss/DomBasedXss/sanitiser.js:25:21:25:44 | '' + ... '' | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/sanitiser.js:25:21:25:44 | '' + ... '' | enclosingFunctionBody | tainted window name elt document createElement elt innerHTML escapeHtml tainted elt innerHTML
    escapeAttr tainted
    regex /[<>'"&]/ regex test tainted elt innerHTML tainted elt innerHTML tainted regex test tainted elt innerHTML tainted elt innerHTML tainted regex exec tainted elt innerHTML tainted elt innerHTML tainted regex exec tainted null elt innerHTML tainted elt innerHTML tainted regex exec tainted null elt innerHTML tainted elt innerHTML tainted elt innerHTML tainted replace /<\\w+/g | -| autogenerated/Xss/DomBasedXss/sanitiser.js:25:21:25:44 | '' + ... '' | enclosingFunctionName | test | -| autogenerated/Xss/DomBasedXss/sanitiser.js:25:21:25:44 | '' + ... '' | fileImports | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:25:21:25:44 | '' + ... '' | receiverName | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:25:21:25:44 | '' + ... '' | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:25:29:25:35 | tainted | CalleeFlexibleAccessPath | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:25:29:25:35 | tainted | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:25:29:25:35 | tainted | InputArgumentIndex | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:25:29:25:35 | tainted | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:25:29:25:35 | tainted | calleeImports | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:25:29:25:35 | tainted | contextFunctionInterfaces | escapeAttr(s)\nescapeHtml(s)\ntest() | -| autogenerated/Xss/DomBasedXss/sanitiser.js:25:29:25:35 | tainted | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/sanitiser.js:25:29:25:35 | tainted | enclosingFunctionBody | tainted window name elt document createElement elt innerHTML escapeHtml tainted elt innerHTML
    escapeAttr tainted
    regex /[<>'"&]/ regex test tainted elt innerHTML tainted elt innerHTML tainted regex test tainted elt innerHTML tainted elt innerHTML tainted regex exec tainted elt innerHTML tainted elt innerHTML tainted regex exec tainted null elt innerHTML tainted elt innerHTML tainted regex exec tainted null elt innerHTML tainted elt innerHTML tainted elt innerHTML tainted replace /<\\w+/g | -| autogenerated/Xss/DomBasedXss/sanitiser.js:25:29:25:35 | tainted | enclosingFunctionName | test | -| autogenerated/Xss/DomBasedXss/sanitiser.js:25:29:25:35 | tainted | fileImports | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:25:29:25:35 | tainted | receiverName | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:25:29:25:35 | tainted | stringConcatenatedWith | '' -endpoint- '' | -| autogenerated/Xss/DomBasedXss/sanitiser.js:25:39:25:44 | '    ' | CalleeFlexibleAccessPath | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:25:39:25:44 | '    ' | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:25:39:25:44 | '    ' | InputArgumentIndex | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:25:39:25:44 | '    ' | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:25:39:25:44 | '    ' | calleeImports | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:25:39:25:44 | '    ' | contextFunctionInterfaces | escapeAttr(s)\nescapeHtml(s)\ntest() | -| autogenerated/Xss/DomBasedXss/sanitiser.js:25:39:25:44 | '    ' | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/sanitiser.js:25:39:25:44 | '    ' | enclosingFunctionBody | tainted window name elt document createElement elt innerHTML escapeHtml tainted elt innerHTML
    escapeAttr tainted
    regex /[<>'"&]/ regex test tainted elt innerHTML tainted elt innerHTML tainted regex test tainted elt innerHTML tainted elt innerHTML tainted regex exec tainted elt innerHTML tainted elt innerHTML tainted regex exec tainted null elt innerHTML tainted elt innerHTML tainted regex exec tainted null elt innerHTML tainted elt innerHTML tainted elt innerHTML tainted replace /<\\w+/g | -| autogenerated/Xss/DomBasedXss/sanitiser.js:25:39:25:44 | '    ' | enclosingFunctionName | test | -| autogenerated/Xss/DomBasedXss/sanitiser.js:25:39:25:44 | '    ' | fileImports | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:25:39:25:44 | '    ' | receiverName | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:25:39:25:44 | '    ' | stringConcatenatedWith | '' + tainted -endpoint- | -| autogenerated/Xss/DomBasedXss/sanitiser.js:27:19:27:25 | tainted | CalleeFlexibleAccessPath | regex.test | -| autogenerated/Xss/DomBasedXss/sanitiser.js:27:19:27:25 | tainted | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:27:19:27:25 | tainted | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/sanitiser.js:27:19:27:25 | tainted | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:27:19:27:25 | tainted | calleeImports | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:27:19:27:25 | tainted | contextFunctionInterfaces | escapeAttr(s)\nescapeHtml(s)\ntest() | -| autogenerated/Xss/DomBasedXss/sanitiser.js:27:19:27:25 | tainted | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/sanitiser.js:27:19:27:25 | tainted | enclosingFunctionBody | tainted window name elt document createElement elt innerHTML escapeHtml tainted elt innerHTML
    escapeAttr tainted
    regex /[<>'"&]/ regex test tainted elt innerHTML tainted elt innerHTML tainted regex test tainted elt innerHTML tainted elt innerHTML tainted regex exec tainted elt innerHTML tainted elt innerHTML tainted regex exec tainted null elt innerHTML tainted elt innerHTML tainted regex exec tainted null elt innerHTML tainted elt innerHTML tainted elt innerHTML tainted replace /<\\w+/g | -| autogenerated/Xss/DomBasedXss/sanitiser.js:27:19:27:25 | tainted | enclosingFunctionName | test | -| autogenerated/Xss/DomBasedXss/sanitiser.js:27:19:27:25 | tainted | fileImports | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:27:19:27:25 | tainted | receiverName | regex | -| autogenerated/Xss/DomBasedXss/sanitiser.js:27:19:27:25 | tainted | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:28:21:28:25 | '' | CalleeFlexibleAccessPath | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:28:21:28:25 | '' | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:28:21:28:25 | '' | InputArgumentIndex | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:28:21:28:25 | '' | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:28:21:28:25 | '' | calleeImports | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:28:21:28:25 | '' | contextFunctionInterfaces | escapeAttr(s)\nescapeHtml(s)\ntest() | -| autogenerated/Xss/DomBasedXss/sanitiser.js:28:21:28:25 | '' | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/sanitiser.js:28:21:28:25 | '' | enclosingFunctionBody | tainted window name elt document createElement elt innerHTML escapeHtml tainted elt innerHTML
    escapeAttr tainted
    regex /[<>'"&]/ regex test tainted elt innerHTML tainted elt innerHTML tainted regex test tainted elt innerHTML tainted elt innerHTML tainted regex exec tainted elt innerHTML tainted elt innerHTML tainted regex exec tainted null elt innerHTML tainted elt innerHTML tainted regex exec tainted null elt innerHTML tainted elt innerHTML tainted elt innerHTML tainted replace /<\\w+/g | -| autogenerated/Xss/DomBasedXss/sanitiser.js:28:21:28:25 | '' | enclosingFunctionName | test | -| autogenerated/Xss/DomBasedXss/sanitiser.js:28:21:28:25 | '' | fileImports | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:28:21:28:25 | '' | receiverName | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:28:21:28:25 | '' | stringConcatenatedWith | -endpoint- tainted + '' | -| autogenerated/Xss/DomBasedXss/sanitiser.js:28:21:28:44 | '' + ... '' | CalleeFlexibleAccessPath | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:28:21:28:44 | '' + ... '' | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:28:21:28:44 | '' + ... '' | InputArgumentIndex | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:28:21:28:44 | '' + ... '' | assignedToPropName | innerHTML | -| autogenerated/Xss/DomBasedXss/sanitiser.js:28:21:28:44 | '' + ... '' | calleeImports | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:28:21:28:44 | '' + ... '' | contextFunctionInterfaces | escapeAttr(s)\nescapeHtml(s)\ntest() | -| autogenerated/Xss/DomBasedXss/sanitiser.js:28:21:28:44 | '' + ... '' | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/sanitiser.js:28:21:28:44 | '' + ... '' | enclosingFunctionBody | tainted window name elt document createElement elt innerHTML escapeHtml tainted elt innerHTML
    escapeAttr tainted
    regex /[<>'"&]/ regex test tainted elt innerHTML tainted elt innerHTML tainted regex test tainted elt innerHTML tainted elt innerHTML tainted regex exec tainted elt innerHTML tainted elt innerHTML tainted regex exec tainted null elt innerHTML tainted elt innerHTML tainted regex exec tainted null elt innerHTML tainted elt innerHTML tainted elt innerHTML tainted replace /<\\w+/g | -| autogenerated/Xss/DomBasedXss/sanitiser.js:28:21:28:44 | '' + ... '' | enclosingFunctionName | test | -| autogenerated/Xss/DomBasedXss/sanitiser.js:28:21:28:44 | '' + ... '' | fileImports | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:28:21:28:44 | '' + ... '' | receiverName | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:28:21:28:44 | '' + ... '' | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:28:29:28:35 | tainted | CalleeFlexibleAccessPath | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:28:29:28:35 | tainted | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:28:29:28:35 | tainted | InputArgumentIndex | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:28:29:28:35 | tainted | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:28:29:28:35 | tainted | calleeImports | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:28:29:28:35 | tainted | contextFunctionInterfaces | escapeAttr(s)\nescapeHtml(s)\ntest() | -| autogenerated/Xss/DomBasedXss/sanitiser.js:28:29:28:35 | tainted | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/sanitiser.js:28:29:28:35 | tainted | enclosingFunctionBody | tainted window name elt document createElement elt innerHTML escapeHtml tainted elt innerHTML
    escapeAttr tainted
    regex /[<>'"&]/ regex test tainted elt innerHTML tainted elt innerHTML tainted regex test tainted elt innerHTML tainted elt innerHTML tainted regex exec tainted elt innerHTML tainted elt innerHTML tainted regex exec tainted null elt innerHTML tainted elt innerHTML tainted regex exec tainted null elt innerHTML tainted elt innerHTML tainted elt innerHTML tainted replace /<\\w+/g | -| autogenerated/Xss/DomBasedXss/sanitiser.js:28:29:28:35 | tainted | enclosingFunctionName | test | -| autogenerated/Xss/DomBasedXss/sanitiser.js:28:29:28:35 | tainted | fileImports | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:28:29:28:35 | tainted | receiverName | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:28:29:28:35 | tainted | stringConcatenatedWith | '' -endpoint- '' | -| autogenerated/Xss/DomBasedXss/sanitiser.js:28:39:28:44 | '    ' | CalleeFlexibleAccessPath | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:28:39:28:44 | '    ' | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:28:39:28:44 | '    ' | InputArgumentIndex | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:28:39:28:44 | '    ' | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:28:39:28:44 | '    ' | calleeImports | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:28:39:28:44 | '    ' | contextFunctionInterfaces | escapeAttr(s)\nescapeHtml(s)\ntest() | -| autogenerated/Xss/DomBasedXss/sanitiser.js:28:39:28:44 | '    ' | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/sanitiser.js:28:39:28:44 | '    ' | enclosingFunctionBody | tainted window name elt document createElement elt innerHTML escapeHtml tainted elt innerHTML
    escapeAttr tainted
    regex /[<>'"&]/ regex test tainted elt innerHTML tainted elt innerHTML tainted regex test tainted elt innerHTML tainted elt innerHTML tainted regex exec tainted elt innerHTML tainted elt innerHTML tainted regex exec tainted null elt innerHTML tainted elt innerHTML tainted regex exec tainted null elt innerHTML tainted elt innerHTML tainted elt innerHTML tainted replace /<\\w+/g | -| autogenerated/Xss/DomBasedXss/sanitiser.js:28:39:28:44 | '    ' | enclosingFunctionName | test | -| autogenerated/Xss/DomBasedXss/sanitiser.js:28:39:28:44 | '    ' | fileImports | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:28:39:28:44 | '    ' | receiverName | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:28:39:28:44 | '    ' | stringConcatenatedWith | '' + tainted -endpoint- | -| autogenerated/Xss/DomBasedXss/sanitiser.js:30:21:30:25 | '' | CalleeFlexibleAccessPath | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:30:21:30:25 | '' | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:30:21:30:25 | '' | InputArgumentIndex | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:30:21:30:25 | '' | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:30:21:30:25 | '' | calleeImports | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:30:21:30:25 | '' | contextFunctionInterfaces | escapeAttr(s)\nescapeHtml(s)\ntest() | -| autogenerated/Xss/DomBasedXss/sanitiser.js:30:21:30:25 | '' | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/sanitiser.js:30:21:30:25 | '' | enclosingFunctionBody | tainted window name elt document createElement elt innerHTML escapeHtml tainted elt innerHTML
    escapeAttr tainted
    regex /[<>'"&]/ regex test tainted elt innerHTML tainted elt innerHTML tainted regex test tainted elt innerHTML tainted elt innerHTML tainted regex exec tainted elt innerHTML tainted elt innerHTML tainted regex exec tainted null elt innerHTML tainted elt innerHTML tainted regex exec tainted null elt innerHTML tainted elt innerHTML tainted elt innerHTML tainted replace /<\\w+/g | -| autogenerated/Xss/DomBasedXss/sanitiser.js:30:21:30:25 | '' | enclosingFunctionName | test | -| autogenerated/Xss/DomBasedXss/sanitiser.js:30:21:30:25 | '' | fileImports | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:30:21:30:25 | '' | receiverName | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:30:21:30:25 | '' | stringConcatenatedWith | -endpoint- tainted + '' | -| autogenerated/Xss/DomBasedXss/sanitiser.js:30:21:30:44 | '' + ... '' | CalleeFlexibleAccessPath | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:30:21:30:44 | '' + ... '' | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:30:21:30:44 | '' + ... '' | InputArgumentIndex | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:30:21:30:44 | '' + ... '' | assignedToPropName | innerHTML | -| autogenerated/Xss/DomBasedXss/sanitiser.js:30:21:30:44 | '' + ... '' | calleeImports | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:30:21:30:44 | '' + ... '' | contextFunctionInterfaces | escapeAttr(s)\nescapeHtml(s)\ntest() | -| autogenerated/Xss/DomBasedXss/sanitiser.js:30:21:30:44 | '' + ... '' | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/sanitiser.js:30:21:30:44 | '' + ... '' | enclosingFunctionBody | tainted window name elt document createElement elt innerHTML escapeHtml tainted elt innerHTML
    escapeAttr tainted
    regex /[<>'"&]/ regex test tainted elt innerHTML tainted elt innerHTML tainted regex test tainted elt innerHTML tainted elt innerHTML tainted regex exec tainted elt innerHTML tainted elt innerHTML tainted regex exec tainted null elt innerHTML tainted elt innerHTML tainted regex exec tainted null elt innerHTML tainted elt innerHTML tainted elt innerHTML tainted replace /<\\w+/g | -| autogenerated/Xss/DomBasedXss/sanitiser.js:30:21:30:44 | '' + ... '' | enclosingFunctionName | test | -| autogenerated/Xss/DomBasedXss/sanitiser.js:30:21:30:44 | '' + ... '' | fileImports | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:30:21:30:44 | '' + ... '' | receiverName | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:30:21:30:44 | '' + ... '' | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:30:29:30:35 | tainted | CalleeFlexibleAccessPath | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:30:29:30:35 | tainted | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:30:29:30:35 | tainted | InputArgumentIndex | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:30:29:30:35 | tainted | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:30:29:30:35 | tainted | calleeImports | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:30:29:30:35 | tainted | contextFunctionInterfaces | escapeAttr(s)\nescapeHtml(s)\ntest() | -| autogenerated/Xss/DomBasedXss/sanitiser.js:30:29:30:35 | tainted | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/sanitiser.js:30:29:30:35 | tainted | enclosingFunctionBody | tainted window name elt document createElement elt innerHTML escapeHtml tainted elt innerHTML
    escapeAttr tainted
    regex /[<>'"&]/ regex test tainted elt innerHTML tainted elt innerHTML tainted regex test tainted elt innerHTML tainted elt innerHTML tainted regex exec tainted elt innerHTML tainted elt innerHTML tainted regex exec tainted null elt innerHTML tainted elt innerHTML tainted regex exec tainted null elt innerHTML tainted elt innerHTML tainted elt innerHTML tainted replace /<\\w+/g | -| autogenerated/Xss/DomBasedXss/sanitiser.js:30:29:30:35 | tainted | enclosingFunctionName | test | -| autogenerated/Xss/DomBasedXss/sanitiser.js:30:29:30:35 | tainted | fileImports | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:30:29:30:35 | tainted | receiverName | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:30:29:30:35 | tainted | stringConcatenatedWith | '' -endpoint- '' | -| autogenerated/Xss/DomBasedXss/sanitiser.js:30:39:30:44 | '    ' | CalleeFlexibleAccessPath | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:30:39:30:44 | '    ' | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:30:39:30:44 | '    ' | InputArgumentIndex | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:30:39:30:44 | '    ' | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:30:39:30:44 | '    ' | calleeImports | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:30:39:30:44 | '    ' | contextFunctionInterfaces | escapeAttr(s)\nescapeHtml(s)\ntest() | -| autogenerated/Xss/DomBasedXss/sanitiser.js:30:39:30:44 | '    ' | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/sanitiser.js:30:39:30:44 | '    ' | enclosingFunctionBody | tainted window name elt document createElement elt innerHTML escapeHtml tainted elt innerHTML
    escapeAttr tainted
    regex /[<>'"&]/ regex test tainted elt innerHTML tainted elt innerHTML tainted regex test tainted elt innerHTML tainted elt innerHTML tainted regex exec tainted elt innerHTML tainted elt innerHTML tainted regex exec tainted null elt innerHTML tainted elt innerHTML tainted regex exec tainted null elt innerHTML tainted elt innerHTML tainted elt innerHTML tainted replace /<\\w+/g | -| autogenerated/Xss/DomBasedXss/sanitiser.js:30:39:30:44 | '    ' | enclosingFunctionName | test | -| autogenerated/Xss/DomBasedXss/sanitiser.js:30:39:30:44 | '    ' | fileImports | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:30:39:30:44 | '    ' | receiverName | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:30:39:30:44 | '    ' | stringConcatenatedWith | '' + tainted -endpoint- | -| autogenerated/Xss/DomBasedXss/sanitiser.js:32:18:32:24 | tainted | CalleeFlexibleAccessPath | regex.exec | -| autogenerated/Xss/DomBasedXss/sanitiser.js:32:18:32:24 | tainted | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:32:18:32:24 | tainted | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/sanitiser.js:32:18:32:24 | tainted | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:32:18:32:24 | tainted | calleeImports | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:32:18:32:24 | tainted | contextFunctionInterfaces | escapeAttr(s)\nescapeHtml(s)\ntest() | -| autogenerated/Xss/DomBasedXss/sanitiser.js:32:18:32:24 | tainted | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/sanitiser.js:32:18:32:24 | tainted | enclosingFunctionBody | tainted window name elt document createElement elt innerHTML escapeHtml tainted elt innerHTML
    escapeAttr tainted
    regex /[<>'"&]/ regex test tainted elt innerHTML tainted elt innerHTML tainted regex test tainted elt innerHTML tainted elt innerHTML tainted regex exec tainted elt innerHTML tainted elt innerHTML tainted regex exec tainted null elt innerHTML tainted elt innerHTML tainted regex exec tainted null elt innerHTML tainted elt innerHTML tainted elt innerHTML tainted replace /<\\w+/g | -| autogenerated/Xss/DomBasedXss/sanitiser.js:32:18:32:24 | tainted | enclosingFunctionName | test | -| autogenerated/Xss/DomBasedXss/sanitiser.js:32:18:32:24 | tainted | fileImports | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:32:18:32:24 | tainted | receiverName | regex | -| autogenerated/Xss/DomBasedXss/sanitiser.js:32:18:32:24 | tainted | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:33:21:33:25 | '' | CalleeFlexibleAccessPath | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:33:21:33:25 | '' | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:33:21:33:25 | '' | InputArgumentIndex | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:33:21:33:25 | '' | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:33:21:33:25 | '' | calleeImports | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:33:21:33:25 | '' | contextFunctionInterfaces | escapeAttr(s)\nescapeHtml(s)\ntest() | -| autogenerated/Xss/DomBasedXss/sanitiser.js:33:21:33:25 | '' | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/sanitiser.js:33:21:33:25 | '' | enclosingFunctionBody | tainted window name elt document createElement elt innerHTML escapeHtml tainted elt innerHTML
    escapeAttr tainted
    regex /[<>'"&]/ regex test tainted elt innerHTML tainted elt innerHTML tainted regex test tainted elt innerHTML tainted elt innerHTML tainted regex exec tainted elt innerHTML tainted elt innerHTML tainted regex exec tainted null elt innerHTML tainted elt innerHTML tainted regex exec tainted null elt innerHTML tainted elt innerHTML tainted elt innerHTML tainted replace /<\\w+/g | -| autogenerated/Xss/DomBasedXss/sanitiser.js:33:21:33:25 | '' | enclosingFunctionName | test | -| autogenerated/Xss/DomBasedXss/sanitiser.js:33:21:33:25 | '' | fileImports | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:33:21:33:25 | '' | receiverName | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:33:21:33:25 | '' | stringConcatenatedWith | -endpoint- tainted + '' | -| autogenerated/Xss/DomBasedXss/sanitiser.js:33:21:33:44 | '' + ... '' | CalleeFlexibleAccessPath | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:33:21:33:44 | '' + ... '' | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:33:21:33:44 | '' + ... '' | InputArgumentIndex | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:33:21:33:44 | '' + ... '' | assignedToPropName | innerHTML | -| autogenerated/Xss/DomBasedXss/sanitiser.js:33:21:33:44 | '' + ... '' | calleeImports | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:33:21:33:44 | '' + ... '' | contextFunctionInterfaces | escapeAttr(s)\nescapeHtml(s)\ntest() | -| autogenerated/Xss/DomBasedXss/sanitiser.js:33:21:33:44 | '' + ... '' | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/sanitiser.js:33:21:33:44 | '' + ... '' | enclosingFunctionBody | tainted window name elt document createElement elt innerHTML escapeHtml tainted elt innerHTML
    escapeAttr tainted
    regex /[<>'"&]/ regex test tainted elt innerHTML tainted elt innerHTML tainted regex test tainted elt innerHTML tainted elt innerHTML tainted regex exec tainted elt innerHTML tainted elt innerHTML tainted regex exec tainted null elt innerHTML tainted elt innerHTML tainted regex exec tainted null elt innerHTML tainted elt innerHTML tainted elt innerHTML tainted replace /<\\w+/g | -| autogenerated/Xss/DomBasedXss/sanitiser.js:33:21:33:44 | '' + ... '' | enclosingFunctionName | test | -| autogenerated/Xss/DomBasedXss/sanitiser.js:33:21:33:44 | '' + ... '' | fileImports | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:33:21:33:44 | '' + ... '' | receiverName | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:33:21:33:44 | '' + ... '' | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:33:29:33:35 | tainted | CalleeFlexibleAccessPath | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:33:29:33:35 | tainted | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:33:29:33:35 | tainted | InputArgumentIndex | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:33:29:33:35 | tainted | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:33:29:33:35 | tainted | calleeImports | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:33:29:33:35 | tainted | contextFunctionInterfaces | escapeAttr(s)\nescapeHtml(s)\ntest() | -| autogenerated/Xss/DomBasedXss/sanitiser.js:33:29:33:35 | tainted | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/sanitiser.js:33:29:33:35 | tainted | enclosingFunctionBody | tainted window name elt document createElement elt innerHTML escapeHtml tainted elt innerHTML
    escapeAttr tainted
    regex /[<>'"&]/ regex test tainted elt innerHTML tainted elt innerHTML tainted regex test tainted elt innerHTML tainted elt innerHTML tainted regex exec tainted elt innerHTML tainted elt innerHTML tainted regex exec tainted null elt innerHTML tainted elt innerHTML tainted regex exec tainted null elt innerHTML tainted elt innerHTML tainted elt innerHTML tainted replace /<\\w+/g | -| autogenerated/Xss/DomBasedXss/sanitiser.js:33:29:33:35 | tainted | enclosingFunctionName | test | -| autogenerated/Xss/DomBasedXss/sanitiser.js:33:29:33:35 | tainted | fileImports | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:33:29:33:35 | tainted | receiverName | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:33:29:33:35 | tainted | stringConcatenatedWith | '' -endpoint- '' | -| autogenerated/Xss/DomBasedXss/sanitiser.js:33:39:33:44 | '    ' | CalleeFlexibleAccessPath | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:33:39:33:44 | '    ' | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:33:39:33:44 | '    ' | InputArgumentIndex | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:33:39:33:44 | '    ' | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:33:39:33:44 | '    ' | calleeImports | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:33:39:33:44 | '    ' | contextFunctionInterfaces | escapeAttr(s)\nescapeHtml(s)\ntest() | -| autogenerated/Xss/DomBasedXss/sanitiser.js:33:39:33:44 | '    ' | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/sanitiser.js:33:39:33:44 | '    ' | enclosingFunctionBody | tainted window name elt document createElement elt innerHTML escapeHtml tainted elt innerHTML
    escapeAttr tainted
    regex /[<>'"&]/ regex test tainted elt innerHTML tainted elt innerHTML tainted regex test tainted elt innerHTML tainted elt innerHTML tainted regex exec tainted elt innerHTML tainted elt innerHTML tainted regex exec tainted null elt innerHTML tainted elt innerHTML tainted regex exec tainted null elt innerHTML tainted elt innerHTML tainted elt innerHTML tainted replace /<\\w+/g | -| autogenerated/Xss/DomBasedXss/sanitiser.js:33:39:33:44 | '    ' | enclosingFunctionName | test | -| autogenerated/Xss/DomBasedXss/sanitiser.js:33:39:33:44 | '    ' | fileImports | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:33:39:33:44 | '    ' | receiverName | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:33:39:33:44 | '    ' | stringConcatenatedWith | '' + tainted -endpoint- | -| autogenerated/Xss/DomBasedXss/sanitiser.js:35:21:35:25 | '' | CalleeFlexibleAccessPath | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:35:21:35:25 | '' | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:35:21:35:25 | '' | InputArgumentIndex | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:35:21:35:25 | '' | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:35:21:35:25 | '' | calleeImports | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:35:21:35:25 | '' | contextFunctionInterfaces | escapeAttr(s)\nescapeHtml(s)\ntest() | -| autogenerated/Xss/DomBasedXss/sanitiser.js:35:21:35:25 | '' | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/sanitiser.js:35:21:35:25 | '' | enclosingFunctionBody | tainted window name elt document createElement elt innerHTML escapeHtml tainted elt innerHTML
    escapeAttr tainted
    regex /[<>'"&]/ regex test tainted elt innerHTML tainted elt innerHTML tainted regex test tainted elt innerHTML tainted elt innerHTML tainted regex exec tainted elt innerHTML tainted elt innerHTML tainted regex exec tainted null elt innerHTML tainted elt innerHTML tainted regex exec tainted null elt innerHTML tainted elt innerHTML tainted elt innerHTML tainted replace /<\\w+/g | -| autogenerated/Xss/DomBasedXss/sanitiser.js:35:21:35:25 | '' | enclosingFunctionName | test | -| autogenerated/Xss/DomBasedXss/sanitiser.js:35:21:35:25 | '' | fileImports | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:35:21:35:25 | '' | receiverName | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:35:21:35:25 | '' | stringConcatenatedWith | -endpoint- tainted + '' | -| autogenerated/Xss/DomBasedXss/sanitiser.js:35:21:35:44 | '' + ... '' | CalleeFlexibleAccessPath | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:35:21:35:44 | '' + ... '' | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:35:21:35:44 | '' + ... '' | InputArgumentIndex | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:35:21:35:44 | '' + ... '' | assignedToPropName | innerHTML | -| autogenerated/Xss/DomBasedXss/sanitiser.js:35:21:35:44 | '' + ... '' | calleeImports | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:35:21:35:44 | '' + ... '' | contextFunctionInterfaces | escapeAttr(s)\nescapeHtml(s)\ntest() | -| autogenerated/Xss/DomBasedXss/sanitiser.js:35:21:35:44 | '' + ... '' | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/sanitiser.js:35:21:35:44 | '' + ... '' | enclosingFunctionBody | tainted window name elt document createElement elt innerHTML escapeHtml tainted elt innerHTML
    escapeAttr tainted
    regex /[<>'"&]/ regex test tainted elt innerHTML tainted elt innerHTML tainted regex test tainted elt innerHTML tainted elt innerHTML tainted regex exec tainted elt innerHTML tainted elt innerHTML tainted regex exec tainted null elt innerHTML tainted elt innerHTML tainted regex exec tainted null elt innerHTML tainted elt innerHTML tainted elt innerHTML tainted replace /<\\w+/g | -| autogenerated/Xss/DomBasedXss/sanitiser.js:35:21:35:44 | '' + ... '' | enclosingFunctionName | test | -| autogenerated/Xss/DomBasedXss/sanitiser.js:35:21:35:44 | '' + ... '' | fileImports | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:35:21:35:44 | '' + ... '' | receiverName | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:35:21:35:44 | '' + ... '' | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:35:29:35:35 | tainted | CalleeFlexibleAccessPath | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:35:29:35:35 | tainted | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:35:29:35:35 | tainted | InputArgumentIndex | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:35:29:35:35 | tainted | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:35:29:35:35 | tainted | calleeImports | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:35:29:35:35 | tainted | contextFunctionInterfaces | escapeAttr(s)\nescapeHtml(s)\ntest() | -| autogenerated/Xss/DomBasedXss/sanitiser.js:35:29:35:35 | tainted | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/sanitiser.js:35:29:35:35 | tainted | enclosingFunctionBody | tainted window name elt document createElement elt innerHTML escapeHtml tainted elt innerHTML
    escapeAttr tainted
    regex /[<>'"&]/ regex test tainted elt innerHTML tainted elt innerHTML tainted regex test tainted elt innerHTML tainted elt innerHTML tainted regex exec tainted elt innerHTML tainted elt innerHTML tainted regex exec tainted null elt innerHTML tainted elt innerHTML tainted regex exec tainted null elt innerHTML tainted elt innerHTML tainted elt innerHTML tainted replace /<\\w+/g | -| autogenerated/Xss/DomBasedXss/sanitiser.js:35:29:35:35 | tainted | enclosingFunctionName | test | -| autogenerated/Xss/DomBasedXss/sanitiser.js:35:29:35:35 | tainted | fileImports | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:35:29:35:35 | tainted | receiverName | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:35:29:35:35 | tainted | stringConcatenatedWith | '' -endpoint- '' | -| autogenerated/Xss/DomBasedXss/sanitiser.js:35:39:35:44 | '    ' | CalleeFlexibleAccessPath | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:35:39:35:44 | '    ' | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:35:39:35:44 | '    ' | InputArgumentIndex | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:35:39:35:44 | '    ' | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:35:39:35:44 | '    ' | calleeImports | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:35:39:35:44 | '    ' | contextFunctionInterfaces | escapeAttr(s)\nescapeHtml(s)\ntest() | -| autogenerated/Xss/DomBasedXss/sanitiser.js:35:39:35:44 | '    ' | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/sanitiser.js:35:39:35:44 | '    ' | enclosingFunctionBody | tainted window name elt document createElement elt innerHTML escapeHtml tainted elt innerHTML
    escapeAttr tainted
    regex /[<>'"&]/ regex test tainted elt innerHTML tainted elt innerHTML tainted regex test tainted elt innerHTML tainted elt innerHTML tainted regex exec tainted elt innerHTML tainted elt innerHTML tainted regex exec tainted null elt innerHTML tainted elt innerHTML tainted regex exec tainted null elt innerHTML tainted elt innerHTML tainted elt innerHTML tainted replace /<\\w+/g | -| autogenerated/Xss/DomBasedXss/sanitiser.js:35:39:35:44 | '    ' | enclosingFunctionName | test | -| autogenerated/Xss/DomBasedXss/sanitiser.js:35:39:35:44 | '    ' | fileImports | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:35:39:35:44 | '    ' | receiverName | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:35:39:35:44 | '    ' | stringConcatenatedWith | '' + tainted -endpoint- | -| autogenerated/Xss/DomBasedXss/sanitiser.js:38:21:38:25 | '' | CalleeFlexibleAccessPath | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:38:21:38:25 | '' | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:38:21:38:25 | '' | InputArgumentIndex | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:38:21:38:25 | '' | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:38:21:38:25 | '' | calleeImports | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:38:21:38:25 | '' | contextFunctionInterfaces | escapeAttr(s)\nescapeHtml(s)\ntest() | -| autogenerated/Xss/DomBasedXss/sanitiser.js:38:21:38:25 | '' | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/sanitiser.js:38:21:38:25 | '' | enclosingFunctionBody | tainted window name elt document createElement elt innerHTML escapeHtml tainted elt innerHTML
    escapeAttr tainted
    regex /[<>'"&]/ regex test tainted elt innerHTML tainted elt innerHTML tainted regex test tainted elt innerHTML tainted elt innerHTML tainted regex exec tainted elt innerHTML tainted elt innerHTML tainted regex exec tainted null elt innerHTML tainted elt innerHTML tainted regex exec tainted null elt innerHTML tainted elt innerHTML tainted elt innerHTML tainted replace /<\\w+/g | -| autogenerated/Xss/DomBasedXss/sanitiser.js:38:21:38:25 | '' | enclosingFunctionName | test | -| autogenerated/Xss/DomBasedXss/sanitiser.js:38:21:38:25 | '' | fileImports | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:38:21:38:25 | '' | receiverName | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:38:21:38:25 | '' | stringConcatenatedWith | -endpoint- tainted + '' | -| autogenerated/Xss/DomBasedXss/sanitiser.js:38:21:38:44 | '' + ... '' | CalleeFlexibleAccessPath | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:38:21:38:44 | '' + ... '' | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:38:21:38:44 | '' + ... '' | InputArgumentIndex | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:38:21:38:44 | '' + ... '' | assignedToPropName | innerHTML | -| autogenerated/Xss/DomBasedXss/sanitiser.js:38:21:38:44 | '' + ... '' | calleeImports | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:38:21:38:44 | '' + ... '' | contextFunctionInterfaces | escapeAttr(s)\nescapeHtml(s)\ntest() | -| autogenerated/Xss/DomBasedXss/sanitiser.js:38:21:38:44 | '' + ... '' | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/sanitiser.js:38:21:38:44 | '' + ... '' | enclosingFunctionBody | tainted window name elt document createElement elt innerHTML escapeHtml tainted elt innerHTML
    escapeAttr tainted
    regex /[<>'"&]/ regex test tainted elt innerHTML tainted elt innerHTML tainted regex test tainted elt innerHTML tainted elt innerHTML tainted regex exec tainted elt innerHTML tainted elt innerHTML tainted regex exec tainted null elt innerHTML tainted elt innerHTML tainted regex exec tainted null elt innerHTML tainted elt innerHTML tainted elt innerHTML tainted replace /<\\w+/g | -| autogenerated/Xss/DomBasedXss/sanitiser.js:38:21:38:44 | '' + ... '' | enclosingFunctionName | test | -| autogenerated/Xss/DomBasedXss/sanitiser.js:38:21:38:44 | '' + ... '' | fileImports | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:38:21:38:44 | '' + ... '' | receiverName | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:38:21:38:44 | '' + ... '' | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:38:29:38:35 | tainted | CalleeFlexibleAccessPath | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:38:29:38:35 | tainted | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:38:29:38:35 | tainted | InputArgumentIndex | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:38:29:38:35 | tainted | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:38:29:38:35 | tainted | calleeImports | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:38:29:38:35 | tainted | contextFunctionInterfaces | escapeAttr(s)\nescapeHtml(s)\ntest() | -| autogenerated/Xss/DomBasedXss/sanitiser.js:38:29:38:35 | tainted | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/sanitiser.js:38:29:38:35 | tainted | enclosingFunctionBody | tainted window name elt document createElement elt innerHTML escapeHtml tainted elt innerHTML
    escapeAttr tainted
    regex /[<>'"&]/ regex test tainted elt innerHTML tainted elt innerHTML tainted regex test tainted elt innerHTML tainted elt innerHTML tainted regex exec tainted elt innerHTML tainted elt innerHTML tainted regex exec tainted null elt innerHTML tainted elt innerHTML tainted regex exec tainted null elt innerHTML tainted elt innerHTML tainted elt innerHTML tainted replace /<\\w+/g | -| autogenerated/Xss/DomBasedXss/sanitiser.js:38:29:38:35 | tainted | enclosingFunctionName | test | -| autogenerated/Xss/DomBasedXss/sanitiser.js:38:29:38:35 | tainted | fileImports | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:38:29:38:35 | tainted | receiverName | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:38:29:38:35 | tainted | stringConcatenatedWith | '' -endpoint- '' | -| autogenerated/Xss/DomBasedXss/sanitiser.js:38:39:38:44 | '    ' | CalleeFlexibleAccessPath | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:38:39:38:44 | '    ' | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:38:39:38:44 | '    ' | InputArgumentIndex | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:38:39:38:44 | '    ' | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:38:39:38:44 | '    ' | calleeImports | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:38:39:38:44 | '    ' | contextFunctionInterfaces | escapeAttr(s)\nescapeHtml(s)\ntest() | -| autogenerated/Xss/DomBasedXss/sanitiser.js:38:39:38:44 | '    ' | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/sanitiser.js:38:39:38:44 | '    ' | enclosingFunctionBody | tainted window name elt document createElement elt innerHTML escapeHtml tainted elt innerHTML
    escapeAttr tainted
    regex /[<>'"&]/ regex test tainted elt innerHTML tainted elt innerHTML tainted regex test tainted elt innerHTML tainted elt innerHTML tainted regex exec tainted elt innerHTML tainted elt innerHTML tainted regex exec tainted null elt innerHTML tainted elt innerHTML tainted regex exec tainted null elt innerHTML tainted elt innerHTML tainted elt innerHTML tainted replace /<\\w+/g | -| autogenerated/Xss/DomBasedXss/sanitiser.js:38:39:38:44 | '    ' | enclosingFunctionName | test | -| autogenerated/Xss/DomBasedXss/sanitiser.js:38:39:38:44 | '    ' | fileImports | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:38:39:38:44 | '    ' | receiverName | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:38:39:38:44 | '    ' | stringConcatenatedWith | '' + tainted -endpoint- | -| autogenerated/Xss/DomBasedXss/sanitiser.js:40:21:40:25 | '' | CalleeFlexibleAccessPath | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:40:21:40:25 | '' | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:40:21:40:25 | '' | InputArgumentIndex | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:40:21:40:25 | '' | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:40:21:40:25 | '' | calleeImports | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:40:21:40:25 | '' | contextFunctionInterfaces | escapeAttr(s)\nescapeHtml(s)\ntest() | -| autogenerated/Xss/DomBasedXss/sanitiser.js:40:21:40:25 | '' | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/sanitiser.js:40:21:40:25 | '' | enclosingFunctionBody | tainted window name elt document createElement elt innerHTML escapeHtml tainted elt innerHTML
    escapeAttr tainted
    regex /[<>'"&]/ regex test tainted elt innerHTML tainted elt innerHTML tainted regex test tainted elt innerHTML tainted elt innerHTML tainted regex exec tainted elt innerHTML tainted elt innerHTML tainted regex exec tainted null elt innerHTML tainted elt innerHTML tainted regex exec tainted null elt innerHTML tainted elt innerHTML tainted elt innerHTML tainted replace /<\\w+/g | -| autogenerated/Xss/DomBasedXss/sanitiser.js:40:21:40:25 | '' | enclosingFunctionName | test | -| autogenerated/Xss/DomBasedXss/sanitiser.js:40:21:40:25 | '' | fileImports | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:40:21:40:25 | '' | receiverName | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:40:21:40:25 | '' | stringConcatenatedWith | -endpoint- tainted + '' | -| autogenerated/Xss/DomBasedXss/sanitiser.js:40:21:40:44 | '' + ... '' | CalleeFlexibleAccessPath | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:40:21:40:44 | '' + ... '' | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:40:21:40:44 | '' + ... '' | InputArgumentIndex | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:40:21:40:44 | '' + ... '' | assignedToPropName | innerHTML | -| autogenerated/Xss/DomBasedXss/sanitiser.js:40:21:40:44 | '' + ... '' | calleeImports | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:40:21:40:44 | '' + ... '' | contextFunctionInterfaces | escapeAttr(s)\nescapeHtml(s)\ntest() | -| autogenerated/Xss/DomBasedXss/sanitiser.js:40:21:40:44 | '' + ... '' | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/sanitiser.js:40:21:40:44 | '' + ... '' | enclosingFunctionBody | tainted window name elt document createElement elt innerHTML escapeHtml tainted elt innerHTML
    escapeAttr tainted
    regex /[<>'"&]/ regex test tainted elt innerHTML tainted elt innerHTML tainted regex test tainted elt innerHTML tainted elt innerHTML tainted regex exec tainted elt innerHTML tainted elt innerHTML tainted regex exec tainted null elt innerHTML tainted elt innerHTML tainted regex exec tainted null elt innerHTML tainted elt innerHTML tainted elt innerHTML tainted replace /<\\w+/g | -| autogenerated/Xss/DomBasedXss/sanitiser.js:40:21:40:44 | '' + ... '' | enclosingFunctionName | test | -| autogenerated/Xss/DomBasedXss/sanitiser.js:40:21:40:44 | '' + ... '' | fileImports | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:40:21:40:44 | '' + ... '' | receiverName | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:40:21:40:44 | '' + ... '' | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:40:29:40:35 | tainted | CalleeFlexibleAccessPath | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:40:29:40:35 | tainted | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:40:29:40:35 | tainted | InputArgumentIndex | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:40:29:40:35 | tainted | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:40:29:40:35 | tainted | calleeImports | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:40:29:40:35 | tainted | contextFunctionInterfaces | escapeAttr(s)\nescapeHtml(s)\ntest() | -| autogenerated/Xss/DomBasedXss/sanitiser.js:40:29:40:35 | tainted | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/sanitiser.js:40:29:40:35 | tainted | enclosingFunctionBody | tainted window name elt document createElement elt innerHTML escapeHtml tainted elt innerHTML
    escapeAttr tainted
    regex /[<>'"&]/ regex test tainted elt innerHTML tainted elt innerHTML tainted regex test tainted elt innerHTML tainted elt innerHTML tainted regex exec tainted elt innerHTML tainted elt innerHTML tainted regex exec tainted null elt innerHTML tainted elt innerHTML tainted regex exec tainted null elt innerHTML tainted elt innerHTML tainted elt innerHTML tainted replace /<\\w+/g | -| autogenerated/Xss/DomBasedXss/sanitiser.js:40:29:40:35 | tainted | enclosingFunctionName | test | -| autogenerated/Xss/DomBasedXss/sanitiser.js:40:29:40:35 | tainted | fileImports | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:40:29:40:35 | tainted | receiverName | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:40:29:40:35 | tainted | stringConcatenatedWith | '' -endpoint- '' | -| autogenerated/Xss/DomBasedXss/sanitiser.js:40:39:40:44 | '    ' | CalleeFlexibleAccessPath | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:40:39:40:44 | '    ' | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:40:39:40:44 | '    ' | InputArgumentIndex | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:40:39:40:44 | '    ' | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:40:39:40:44 | '    ' | calleeImports | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:40:39:40:44 | '    ' | contextFunctionInterfaces | escapeAttr(s)\nescapeHtml(s)\ntest() | -| autogenerated/Xss/DomBasedXss/sanitiser.js:40:39:40:44 | '    ' | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/sanitiser.js:40:39:40:44 | '    ' | enclosingFunctionBody | tainted window name elt document createElement elt innerHTML escapeHtml tainted elt innerHTML
    escapeAttr tainted
    regex /[<>'"&]/ regex test tainted elt innerHTML tainted elt innerHTML tainted regex test tainted elt innerHTML tainted elt innerHTML tainted regex exec tainted elt innerHTML tainted elt innerHTML tainted regex exec tainted null elt innerHTML tainted elt innerHTML tainted regex exec tainted null elt innerHTML tainted elt innerHTML tainted elt innerHTML tainted replace /<\\w+/g | -| autogenerated/Xss/DomBasedXss/sanitiser.js:40:39:40:44 | '    ' | enclosingFunctionName | test | -| autogenerated/Xss/DomBasedXss/sanitiser.js:40:39:40:44 | '    ' | fileImports | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:40:39:40:44 | '    ' | receiverName | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:40:39:40:44 | '    ' | stringConcatenatedWith | '' + tainted -endpoint- | -| autogenerated/Xss/DomBasedXss/sanitiser.js:43:21:43:25 | '' | CalleeFlexibleAccessPath | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:43:21:43:25 | '' | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:43:21:43:25 | '' | InputArgumentIndex | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:43:21:43:25 | '' | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:43:21:43:25 | '' | calleeImports | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:43:21:43:25 | '' | contextFunctionInterfaces | escapeAttr(s)\nescapeHtml(s)\ntest() | -| autogenerated/Xss/DomBasedXss/sanitiser.js:43:21:43:25 | '' | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/sanitiser.js:43:21:43:25 | '' | enclosingFunctionBody | tainted window name elt document createElement elt innerHTML escapeHtml tainted elt innerHTML
    escapeAttr tainted
    regex /[<>'"&]/ regex test tainted elt innerHTML tainted elt innerHTML tainted regex test tainted elt innerHTML tainted elt innerHTML tainted regex exec tainted elt innerHTML tainted elt innerHTML tainted regex exec tainted null elt innerHTML tainted elt innerHTML tainted regex exec tainted null elt innerHTML tainted elt innerHTML tainted elt innerHTML tainted replace /<\\w+/g | -| autogenerated/Xss/DomBasedXss/sanitiser.js:43:21:43:25 | '' | enclosingFunctionName | test | -| autogenerated/Xss/DomBasedXss/sanitiser.js:43:21:43:25 | '' | fileImports | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:43:21:43:25 | '' | receiverName | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:43:21:43:25 | '' | stringConcatenatedWith | -endpoint- tainted + '' | -| autogenerated/Xss/DomBasedXss/sanitiser.js:43:21:43:44 | '' + ... '' | CalleeFlexibleAccessPath | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:43:21:43:44 | '' + ... '' | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:43:21:43:44 | '' + ... '' | InputArgumentIndex | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:43:21:43:44 | '' + ... '' | assignedToPropName | innerHTML | -| autogenerated/Xss/DomBasedXss/sanitiser.js:43:21:43:44 | '' + ... '' | calleeImports | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:43:21:43:44 | '' + ... '' | contextFunctionInterfaces | escapeAttr(s)\nescapeHtml(s)\ntest() | -| autogenerated/Xss/DomBasedXss/sanitiser.js:43:21:43:44 | '' + ... '' | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/sanitiser.js:43:21:43:44 | '' + ... '' | enclosingFunctionBody | tainted window name elt document createElement elt innerHTML escapeHtml tainted elt innerHTML
    escapeAttr tainted
    regex /[<>'"&]/ regex test tainted elt innerHTML tainted elt innerHTML tainted regex test tainted elt innerHTML tainted elt innerHTML tainted regex exec tainted elt innerHTML tainted elt innerHTML tainted regex exec tainted null elt innerHTML tainted elt innerHTML tainted regex exec tainted null elt innerHTML tainted elt innerHTML tainted elt innerHTML tainted replace /<\\w+/g | -| autogenerated/Xss/DomBasedXss/sanitiser.js:43:21:43:44 | '' + ... '' | enclosingFunctionName | test | -| autogenerated/Xss/DomBasedXss/sanitiser.js:43:21:43:44 | '' + ... '' | fileImports | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:43:21:43:44 | '' + ... '' | receiverName | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:43:21:43:44 | '' + ... '' | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:43:29:43:35 | tainted | CalleeFlexibleAccessPath | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:43:29:43:35 | tainted | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:43:29:43:35 | tainted | InputArgumentIndex | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:43:29:43:35 | tainted | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:43:29:43:35 | tainted | calleeImports | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:43:29:43:35 | tainted | contextFunctionInterfaces | escapeAttr(s)\nescapeHtml(s)\ntest() | -| autogenerated/Xss/DomBasedXss/sanitiser.js:43:29:43:35 | tainted | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/sanitiser.js:43:29:43:35 | tainted | enclosingFunctionBody | tainted window name elt document createElement elt innerHTML escapeHtml tainted elt innerHTML
    escapeAttr tainted
    regex /[<>'"&]/ regex test tainted elt innerHTML tainted elt innerHTML tainted regex test tainted elt innerHTML tainted elt innerHTML tainted regex exec tainted elt innerHTML tainted elt innerHTML tainted regex exec tainted null elt innerHTML tainted elt innerHTML tainted regex exec tainted null elt innerHTML tainted elt innerHTML tainted elt innerHTML tainted replace /<\\w+/g | -| autogenerated/Xss/DomBasedXss/sanitiser.js:43:29:43:35 | tainted | enclosingFunctionName | test | -| autogenerated/Xss/DomBasedXss/sanitiser.js:43:29:43:35 | tainted | fileImports | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:43:29:43:35 | tainted | receiverName | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:43:29:43:35 | tainted | stringConcatenatedWith | '' -endpoint- '' | -| autogenerated/Xss/DomBasedXss/sanitiser.js:43:39:43:44 | '    ' | CalleeFlexibleAccessPath | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:43:39:43:44 | '    ' | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:43:39:43:44 | '    ' | InputArgumentIndex | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:43:39:43:44 | '    ' | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:43:39:43:44 | '    ' | calleeImports | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:43:39:43:44 | '    ' | contextFunctionInterfaces | escapeAttr(s)\nescapeHtml(s)\ntest() | -| autogenerated/Xss/DomBasedXss/sanitiser.js:43:39:43:44 | '    ' | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/sanitiser.js:43:39:43:44 | '    ' | enclosingFunctionBody | tainted window name elt document createElement elt innerHTML escapeHtml tainted elt innerHTML
    escapeAttr tainted
    regex /[<>'"&]/ regex test tainted elt innerHTML tainted elt innerHTML tainted regex test tainted elt innerHTML tainted elt innerHTML tainted regex exec tainted elt innerHTML tainted elt innerHTML tainted regex exec tainted null elt innerHTML tainted elt innerHTML tainted regex exec tainted null elt innerHTML tainted elt innerHTML tainted elt innerHTML tainted replace /<\\w+/g | -| autogenerated/Xss/DomBasedXss/sanitiser.js:43:39:43:44 | '    ' | enclosingFunctionName | test | -| autogenerated/Xss/DomBasedXss/sanitiser.js:43:39:43:44 | '    ' | fileImports | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:43:39:43:44 | '    ' | receiverName | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:43:39:43:44 | '    ' | stringConcatenatedWith | '' + tainted -endpoint- | -| autogenerated/Xss/DomBasedXss/sanitiser.js:45:21:45:25 | '' | CalleeFlexibleAccessPath | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:45:21:45:25 | '' | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:45:21:45:25 | '' | InputArgumentIndex | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:45:21:45:25 | '' | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:45:21:45:25 | '' | calleeImports | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:45:21:45:25 | '' | contextFunctionInterfaces | escapeAttr(s)\nescapeHtml(s)\ntest() | -| autogenerated/Xss/DomBasedXss/sanitiser.js:45:21:45:25 | '' | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/sanitiser.js:45:21:45:25 | '' | enclosingFunctionBody | tainted window name elt document createElement elt innerHTML escapeHtml tainted elt innerHTML
    escapeAttr tainted
    regex /[<>'"&]/ regex test tainted elt innerHTML tainted elt innerHTML tainted regex test tainted elt innerHTML tainted elt innerHTML tainted regex exec tainted elt innerHTML tainted elt innerHTML tainted regex exec tainted null elt innerHTML tainted elt innerHTML tainted regex exec tainted null elt innerHTML tainted elt innerHTML tainted elt innerHTML tainted replace /<\\w+/g | -| autogenerated/Xss/DomBasedXss/sanitiser.js:45:21:45:25 | '' | enclosingFunctionName | test | -| autogenerated/Xss/DomBasedXss/sanitiser.js:45:21:45:25 | '' | fileImports | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:45:21:45:25 | '' | receiverName | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:45:21:45:25 | '' | stringConcatenatedWith | -endpoint- tainted + '' | -| autogenerated/Xss/DomBasedXss/sanitiser.js:45:21:45:44 | '' + ... '' | CalleeFlexibleAccessPath | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:45:21:45:44 | '' + ... '' | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:45:21:45:44 | '' + ... '' | InputArgumentIndex | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:45:21:45:44 | '' + ... '' | assignedToPropName | innerHTML | -| autogenerated/Xss/DomBasedXss/sanitiser.js:45:21:45:44 | '' + ... '' | calleeImports | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:45:21:45:44 | '' + ... '' | contextFunctionInterfaces | escapeAttr(s)\nescapeHtml(s)\ntest() | -| autogenerated/Xss/DomBasedXss/sanitiser.js:45:21:45:44 | '' + ... '' | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/sanitiser.js:45:21:45:44 | '' + ... '' | enclosingFunctionBody | tainted window name elt document createElement elt innerHTML escapeHtml tainted elt innerHTML
    escapeAttr tainted
    regex /[<>'"&]/ regex test tainted elt innerHTML tainted elt innerHTML tainted regex test tainted elt innerHTML tainted elt innerHTML tainted regex exec tainted elt innerHTML tainted elt innerHTML tainted regex exec tainted null elt innerHTML tainted elt innerHTML tainted regex exec tainted null elt innerHTML tainted elt innerHTML tainted elt innerHTML tainted replace /<\\w+/g | -| autogenerated/Xss/DomBasedXss/sanitiser.js:45:21:45:44 | '' + ... '' | enclosingFunctionName | test | -| autogenerated/Xss/DomBasedXss/sanitiser.js:45:21:45:44 | '' + ... '' | fileImports | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:45:21:45:44 | '' + ... '' | receiverName | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:45:21:45:44 | '' + ... '' | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:45:29:45:35 | tainted | CalleeFlexibleAccessPath | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:45:29:45:35 | tainted | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:45:29:45:35 | tainted | InputArgumentIndex | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:45:29:45:35 | tainted | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:45:29:45:35 | tainted | calleeImports | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:45:29:45:35 | tainted | contextFunctionInterfaces | escapeAttr(s)\nescapeHtml(s)\ntest() | -| autogenerated/Xss/DomBasedXss/sanitiser.js:45:29:45:35 | tainted | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/sanitiser.js:45:29:45:35 | tainted | enclosingFunctionBody | tainted window name elt document createElement elt innerHTML escapeHtml tainted elt innerHTML
    escapeAttr tainted
    regex /[<>'"&]/ regex test tainted elt innerHTML tainted elt innerHTML tainted regex test tainted elt innerHTML tainted elt innerHTML tainted regex exec tainted elt innerHTML tainted elt innerHTML tainted regex exec tainted null elt innerHTML tainted elt innerHTML tainted regex exec tainted null elt innerHTML tainted elt innerHTML tainted elt innerHTML tainted replace /<\\w+/g | -| autogenerated/Xss/DomBasedXss/sanitiser.js:45:29:45:35 | tainted | enclosingFunctionName | test | -| autogenerated/Xss/DomBasedXss/sanitiser.js:45:29:45:35 | tainted | fileImports | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:45:29:45:35 | tainted | receiverName | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:45:29:45:35 | tainted | stringConcatenatedWith | '' -endpoint- '' | -| autogenerated/Xss/DomBasedXss/sanitiser.js:45:39:45:44 | '    ' | CalleeFlexibleAccessPath | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:45:39:45:44 | '    ' | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:45:39:45:44 | '    ' | InputArgumentIndex | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:45:39:45:44 | '    ' | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:45:39:45:44 | '    ' | calleeImports | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:45:39:45:44 | '    ' | contextFunctionInterfaces | escapeAttr(s)\nescapeHtml(s)\ntest() | -| autogenerated/Xss/DomBasedXss/sanitiser.js:45:39:45:44 | '    ' | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/sanitiser.js:45:39:45:44 | '    ' | enclosingFunctionBody | tainted window name elt document createElement elt innerHTML escapeHtml tainted elt innerHTML
    escapeAttr tainted
    regex /[<>'"&]/ regex test tainted elt innerHTML tainted elt innerHTML tainted regex test tainted elt innerHTML tainted elt innerHTML tainted regex exec tainted elt innerHTML tainted elt innerHTML tainted regex exec tainted null elt innerHTML tainted elt innerHTML tainted regex exec tainted null elt innerHTML tainted elt innerHTML tainted elt innerHTML tainted replace /<\\w+/g | -| autogenerated/Xss/DomBasedXss/sanitiser.js:45:39:45:44 | '    ' | enclosingFunctionName | test | -| autogenerated/Xss/DomBasedXss/sanitiser.js:45:39:45:44 | '    ' | fileImports | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:45:39:45:44 | '    ' | receiverName | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:45:39:45:44 | '    ' | stringConcatenatedWith | '' + tainted -endpoint- | -| autogenerated/Xss/DomBasedXss/sanitiser.js:48:19:48:46 | tainted ... /g, '') | CalleeFlexibleAccessPath | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:48:19:48:46 | tainted ... /g, '') | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:48:19:48:46 | tainted ... /g, '') | InputArgumentIndex | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:48:19:48:46 | tainted ... /g, '') | assignedToPropName | innerHTML | -| autogenerated/Xss/DomBasedXss/sanitiser.js:48:19:48:46 | tainted ... /g, '') | calleeImports | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:48:19:48:46 | tainted ... /g, '') | contextFunctionInterfaces | escapeAttr(s)\nescapeHtml(s)\ntest() | -| autogenerated/Xss/DomBasedXss/sanitiser.js:48:19:48:46 | tainted ... /g, '') | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/sanitiser.js:48:19:48:46 | tainted ... /g, '') | enclosingFunctionBody | tainted window name elt document createElement elt innerHTML escapeHtml tainted elt innerHTML
    escapeAttr tainted
    regex /[<>'"&]/ regex test tainted elt innerHTML tainted elt innerHTML tainted regex test tainted elt innerHTML tainted elt innerHTML tainted regex exec tainted elt innerHTML tainted elt innerHTML tainted regex exec tainted null elt innerHTML tainted elt innerHTML tainted regex exec tainted null elt innerHTML tainted elt innerHTML tainted elt innerHTML tainted replace /<\\w+/g | -| autogenerated/Xss/DomBasedXss/sanitiser.js:48:19:48:46 | tainted ... /g, '') | enclosingFunctionName | test | -| autogenerated/Xss/DomBasedXss/sanitiser.js:48:19:48:46 | tainted ... /g, '') | fileImports | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:48:19:48:46 | tainted ... /g, '') | receiverName | | -| autogenerated/Xss/DomBasedXss/sanitiser.js:48:19:48:46 | tainted ... /g, '') | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:2:28:2:36 | 'session' | CalleeFlexibleAccessPath | sessionStorage.setItem | -| autogenerated/Xss/DomBasedXss/stored-xss.js:2:28:2:36 | 'session' | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:2:28:2:36 | 'session' | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/stored-xss.js:2:28:2:36 | 'session' | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:2:28:2:36 | 'session' | calleeImports | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:2:28:2:36 | 'session' | contextFunctionInterfaces | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:2:28:2:36 | 'session' | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/stored-xss.js:2:28:2:36 | 'session' | enclosingFunctionBody | sessionStorage setItem session document location search localStorage setItem local document location search $ myId html sessionStorage getItem session $ myId html localStorage getItem session $ myId html sessionStorage getItem local $ myId html localStorage getItem local href localStorage getItem local $ myId html something | -| autogenerated/Xss/DomBasedXss/stored-xss.js:2:28:2:36 | 'session' | enclosingFunctionName | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:2:28:2:36 | 'session' | fileImports | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:2:28:2:36 | 'session' | receiverName | sessionStorage | -| autogenerated/Xss/DomBasedXss/stored-xss.js:2:28:2:36 | 'session' | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:2:39:2:62 | documen ... .search | CalleeFlexibleAccessPath | sessionStorage.setItem | -| autogenerated/Xss/DomBasedXss/stored-xss.js:2:39:2:62 | documen ... .search | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:2:39:2:62 | documen ... .search | InputArgumentIndex | 1 | -| autogenerated/Xss/DomBasedXss/stored-xss.js:2:39:2:62 | documen ... .search | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:2:39:2:62 | documen ... .search | calleeImports | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:2:39:2:62 | documen ... .search | contextFunctionInterfaces | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:2:39:2:62 | documen ... .search | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/stored-xss.js:2:39:2:62 | documen ... .search | enclosingFunctionBody | sessionStorage setItem session document location search localStorage setItem local document location search $ myId html sessionStorage getItem session $ myId html localStorage getItem session $ myId html sessionStorage getItem local $ myId html localStorage getItem local href localStorage getItem local $ myId html something | -| autogenerated/Xss/DomBasedXss/stored-xss.js:2:39:2:62 | documen ... .search | enclosingFunctionName | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:2:39:2:62 | documen ... .search | fileImports | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:2:39:2:62 | documen ... .search | receiverName | sessionStorage | -| autogenerated/Xss/DomBasedXss/stored-xss.js:2:39:2:62 | documen ... .search | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:3:26:3:32 | 'local' | CalleeFlexibleAccessPath | localStorage.setItem | -| autogenerated/Xss/DomBasedXss/stored-xss.js:3:26:3:32 | 'local' | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:3:26:3:32 | 'local' | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/stored-xss.js:3:26:3:32 | 'local' | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:3:26:3:32 | 'local' | calleeImports | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:3:26:3:32 | 'local' | contextFunctionInterfaces | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:3:26:3:32 | 'local' | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/stored-xss.js:3:26:3:32 | 'local' | enclosingFunctionBody | sessionStorage setItem session document location search localStorage setItem local document location search $ myId html sessionStorage getItem session $ myId html localStorage getItem session $ myId html sessionStorage getItem local $ myId html localStorage getItem local href localStorage getItem local $ myId html something | -| autogenerated/Xss/DomBasedXss/stored-xss.js:3:26:3:32 | 'local' | enclosingFunctionName | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:3:26:3:32 | 'local' | fileImports | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:3:26:3:32 | 'local' | receiverName | localStorage | -| autogenerated/Xss/DomBasedXss/stored-xss.js:3:26:3:32 | 'local' | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:3:35:3:58 | documen ... .search | CalleeFlexibleAccessPath | localStorage.setItem | -| autogenerated/Xss/DomBasedXss/stored-xss.js:3:35:3:58 | documen ... .search | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:3:35:3:58 | documen ... .search | InputArgumentIndex | 1 | -| autogenerated/Xss/DomBasedXss/stored-xss.js:3:35:3:58 | documen ... .search | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:3:35:3:58 | documen ... .search | calleeImports | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:3:35:3:58 | documen ... .search | contextFunctionInterfaces | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:3:35:3:58 | documen ... .search | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/stored-xss.js:3:35:3:58 | documen ... .search | enclosingFunctionBody | sessionStorage setItem session document location search localStorage setItem local document location search $ myId html sessionStorage getItem session $ myId html localStorage getItem session $ myId html sessionStorage getItem local $ myId html localStorage getItem local href localStorage getItem local $ myId html something | -| autogenerated/Xss/DomBasedXss/stored-xss.js:3:35:3:58 | documen ... .search | enclosingFunctionName | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:3:35:3:58 | documen ... .search | fileImports | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:3:35:3:58 | documen ... .search | receiverName | localStorage | -| autogenerated/Xss/DomBasedXss/stored-xss.js:3:35:3:58 | documen ... .search | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:5:7:5:12 | 'myId' | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/DomBasedXss/stored-xss.js:5:7:5:12 | 'myId' | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:5:7:5:12 | 'myId' | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/stored-xss.js:5:7:5:12 | 'myId' | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:5:7:5:12 | 'myId' | calleeImports | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:5:7:5:12 | 'myId' | contextFunctionInterfaces | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:5:7:5:12 | 'myId' | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/stored-xss.js:5:7:5:12 | 'myId' | enclosingFunctionBody | sessionStorage setItem session document location search localStorage setItem local document location search $ myId html sessionStorage getItem session $ myId html localStorage getItem session $ myId html sessionStorage getItem local $ myId html localStorage getItem local href localStorage getItem local $ myId html something | -| autogenerated/Xss/DomBasedXss/stored-xss.js:5:7:5:12 | 'myId' | enclosingFunctionName | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:5:7:5:12 | 'myId' | fileImports | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:5:7:5:12 | 'myId' | receiverName | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:5:7:5:12 | 'myId' | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:5:20:5:52 | session ... ssion') | CalleeFlexibleAccessPath | $().html | -| autogenerated/Xss/DomBasedXss/stored-xss.js:5:20:5:52 | session ... ssion') | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:5:20:5:52 | session ... ssion') | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/stored-xss.js:5:20:5:52 | session ... ssion') | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:5:20:5:52 | session ... ssion') | calleeImports | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:5:20:5:52 | session ... ssion') | contextFunctionInterfaces | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:5:20:5:52 | session ... ssion') | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/stored-xss.js:5:20:5:52 | session ... ssion') | enclosingFunctionBody | sessionStorage setItem session document location search localStorage setItem local document location search $ myId html sessionStorage getItem session $ myId html localStorage getItem session $ myId html sessionStorage getItem local $ myId html localStorage getItem local href localStorage getItem local $ myId html something | -| autogenerated/Xss/DomBasedXss/stored-xss.js:5:20:5:52 | session ... ssion') | enclosingFunctionName | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:5:20:5:52 | session ... ssion') | fileImports | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:5:20:5:52 | session ... ssion') | receiverName | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:5:20:5:52 | session ... ssion') | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:5:43:5:51 | 'session' | CalleeFlexibleAccessPath | sessionStorage.getItem | -| autogenerated/Xss/DomBasedXss/stored-xss.js:5:43:5:51 | 'session' | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:5:43:5:51 | 'session' | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/stored-xss.js:5:43:5:51 | 'session' | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:5:43:5:51 | 'session' | calleeImports | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:5:43:5:51 | 'session' | contextFunctionInterfaces | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:5:43:5:51 | 'session' | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/stored-xss.js:5:43:5:51 | 'session' | enclosingFunctionBody | sessionStorage setItem session document location search localStorage setItem local document location search $ myId html sessionStorage getItem session $ myId html localStorage getItem session $ myId html sessionStorage getItem local $ myId html localStorage getItem local href localStorage getItem local $ myId html something | -| autogenerated/Xss/DomBasedXss/stored-xss.js:5:43:5:51 | 'session' | enclosingFunctionName | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:5:43:5:51 | 'session' | fileImports | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:5:43:5:51 | 'session' | receiverName | sessionStorage | -| autogenerated/Xss/DomBasedXss/stored-xss.js:5:43:5:51 | 'session' | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:6:7:6:12 | 'myId' | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/DomBasedXss/stored-xss.js:6:7:6:12 | 'myId' | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:6:7:6:12 | 'myId' | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/stored-xss.js:6:7:6:12 | 'myId' | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:6:7:6:12 | 'myId' | calleeImports | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:6:7:6:12 | 'myId' | contextFunctionInterfaces | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:6:7:6:12 | 'myId' | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/stored-xss.js:6:7:6:12 | 'myId' | enclosingFunctionBody | sessionStorage setItem session document location search localStorage setItem local document location search $ myId html sessionStorage getItem session $ myId html localStorage getItem session $ myId html sessionStorage getItem local $ myId html localStorage getItem local href localStorage getItem local $ myId html something | -| autogenerated/Xss/DomBasedXss/stored-xss.js:6:7:6:12 | 'myId' | enclosingFunctionName | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:6:7:6:12 | 'myId' | fileImports | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:6:7:6:12 | 'myId' | receiverName | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:6:7:6:12 | 'myId' | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:6:20:6:50 | localSt ... ssion') | CalleeFlexibleAccessPath | $().html | -| autogenerated/Xss/DomBasedXss/stored-xss.js:6:20:6:50 | localSt ... ssion') | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:6:20:6:50 | localSt ... ssion') | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/stored-xss.js:6:20:6:50 | localSt ... ssion') | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:6:20:6:50 | localSt ... ssion') | calleeImports | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:6:20:6:50 | localSt ... ssion') | contextFunctionInterfaces | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:6:20:6:50 | localSt ... ssion') | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/stored-xss.js:6:20:6:50 | localSt ... ssion') | enclosingFunctionBody | sessionStorage setItem session document location search localStorage setItem local document location search $ myId html sessionStorage getItem session $ myId html localStorage getItem session $ myId html sessionStorage getItem local $ myId html localStorage getItem local href localStorage getItem local $ myId html something | -| autogenerated/Xss/DomBasedXss/stored-xss.js:6:20:6:50 | localSt ... ssion') | enclosingFunctionName | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:6:20:6:50 | localSt ... ssion') | fileImports | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:6:20:6:50 | localSt ... ssion') | receiverName | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:6:20:6:50 | localSt ... ssion') | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:6:41:6:49 | 'session' | CalleeFlexibleAccessPath | localStorage.getItem | -| autogenerated/Xss/DomBasedXss/stored-xss.js:6:41:6:49 | 'session' | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:6:41:6:49 | 'session' | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/stored-xss.js:6:41:6:49 | 'session' | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:6:41:6:49 | 'session' | calleeImports | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:6:41:6:49 | 'session' | contextFunctionInterfaces | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:6:41:6:49 | 'session' | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/stored-xss.js:6:41:6:49 | 'session' | enclosingFunctionBody | sessionStorage setItem session document location search localStorage setItem local document location search $ myId html sessionStorage getItem session $ myId html localStorage getItem session $ myId html sessionStorage getItem local $ myId html localStorage getItem local href localStorage getItem local $ myId html something | -| autogenerated/Xss/DomBasedXss/stored-xss.js:6:41:6:49 | 'session' | enclosingFunctionName | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:6:41:6:49 | 'session' | fileImports | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:6:41:6:49 | 'session' | receiverName | localStorage | -| autogenerated/Xss/DomBasedXss/stored-xss.js:6:41:6:49 | 'session' | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:7:7:7:12 | 'myId' | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/DomBasedXss/stored-xss.js:7:7:7:12 | 'myId' | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:7:7:7:12 | 'myId' | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/stored-xss.js:7:7:7:12 | 'myId' | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:7:7:7:12 | 'myId' | calleeImports | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:7:7:7:12 | 'myId' | contextFunctionInterfaces | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:7:7:7:12 | 'myId' | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/stored-xss.js:7:7:7:12 | 'myId' | enclosingFunctionBody | sessionStorage setItem session document location search localStorage setItem local document location search $ myId html sessionStorage getItem session $ myId html localStorage getItem session $ myId html sessionStorage getItem local $ myId html localStorage getItem local href localStorage getItem local $ myId html something | -| autogenerated/Xss/DomBasedXss/stored-xss.js:7:7:7:12 | 'myId' | enclosingFunctionName | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:7:7:7:12 | 'myId' | fileImports | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:7:7:7:12 | 'myId' | receiverName | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:7:7:7:12 | 'myId' | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:7:20:7:50 | session ... local') | CalleeFlexibleAccessPath | $().html | -| autogenerated/Xss/DomBasedXss/stored-xss.js:7:20:7:50 | session ... local') | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:7:20:7:50 | session ... local') | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/stored-xss.js:7:20:7:50 | session ... local') | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:7:20:7:50 | session ... local') | calleeImports | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:7:20:7:50 | session ... local') | contextFunctionInterfaces | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:7:20:7:50 | session ... local') | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/stored-xss.js:7:20:7:50 | session ... local') | enclosingFunctionBody | sessionStorage setItem session document location search localStorage setItem local document location search $ myId html sessionStorage getItem session $ myId html localStorage getItem session $ myId html sessionStorage getItem local $ myId html localStorage getItem local href localStorage getItem local $ myId html something | -| autogenerated/Xss/DomBasedXss/stored-xss.js:7:20:7:50 | session ... local') | enclosingFunctionName | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:7:20:7:50 | session ... local') | fileImports | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:7:20:7:50 | session ... local') | receiverName | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:7:20:7:50 | session ... local') | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:7:43:7:49 | 'local' | CalleeFlexibleAccessPath | sessionStorage.getItem | -| autogenerated/Xss/DomBasedXss/stored-xss.js:7:43:7:49 | 'local' | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:7:43:7:49 | 'local' | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/stored-xss.js:7:43:7:49 | 'local' | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:7:43:7:49 | 'local' | calleeImports | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:7:43:7:49 | 'local' | contextFunctionInterfaces | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:7:43:7:49 | 'local' | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/stored-xss.js:7:43:7:49 | 'local' | enclosingFunctionBody | sessionStorage setItem session document location search localStorage setItem local document location search $ myId html sessionStorage getItem session $ myId html localStorage getItem session $ myId html sessionStorage getItem local $ myId html localStorage getItem local href localStorage getItem local $ myId html something | -| autogenerated/Xss/DomBasedXss/stored-xss.js:7:43:7:49 | 'local' | enclosingFunctionName | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:7:43:7:49 | 'local' | fileImports | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:7:43:7:49 | 'local' | receiverName | sessionStorage | -| autogenerated/Xss/DomBasedXss/stored-xss.js:7:43:7:49 | 'local' | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:8:7:8:12 | 'myId' | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/DomBasedXss/stored-xss.js:8:7:8:12 | 'myId' | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:8:7:8:12 | 'myId' | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/stored-xss.js:8:7:8:12 | 'myId' | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:8:7:8:12 | 'myId' | calleeImports | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:8:7:8:12 | 'myId' | contextFunctionInterfaces | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:8:7:8:12 | 'myId' | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/stored-xss.js:8:7:8:12 | 'myId' | enclosingFunctionBody | sessionStorage setItem session document location search localStorage setItem local document location search $ myId html sessionStorage getItem session $ myId html localStorage getItem session $ myId html sessionStorage getItem local $ myId html localStorage getItem local href localStorage getItem local $ myId html something | -| autogenerated/Xss/DomBasedXss/stored-xss.js:8:7:8:12 | 'myId' | enclosingFunctionName | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:8:7:8:12 | 'myId' | fileImports | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:8:7:8:12 | 'myId' | receiverName | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:8:7:8:12 | 'myId' | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:8:20:8:48 | localSt ... local') | CalleeFlexibleAccessPath | $().html | -| autogenerated/Xss/DomBasedXss/stored-xss.js:8:20:8:48 | localSt ... local') | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:8:20:8:48 | localSt ... local') | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/stored-xss.js:8:20:8:48 | localSt ... local') | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:8:20:8:48 | localSt ... local') | calleeImports | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:8:20:8:48 | localSt ... local') | contextFunctionInterfaces | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:8:20:8:48 | localSt ... local') | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/stored-xss.js:8:20:8:48 | localSt ... local') | enclosingFunctionBody | sessionStorage setItem session document location search localStorage setItem local document location search $ myId html sessionStorage getItem session $ myId html localStorage getItem session $ myId html sessionStorage getItem local $ myId html localStorage getItem local href localStorage getItem local $ myId html something | -| autogenerated/Xss/DomBasedXss/stored-xss.js:8:20:8:48 | localSt ... local') | enclosingFunctionName | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:8:20:8:48 | localSt ... local') | fileImports | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:8:20:8:48 | localSt ... local') | receiverName | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:8:20:8:48 | localSt ... local') | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:8:41:8:47 | 'local' | CalleeFlexibleAccessPath | localStorage.getItem | -| autogenerated/Xss/DomBasedXss/stored-xss.js:8:41:8:47 | 'local' | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:8:41:8:47 | 'local' | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/stored-xss.js:8:41:8:47 | 'local' | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:8:41:8:47 | 'local' | calleeImports | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:8:41:8:47 | 'local' | contextFunctionInterfaces | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:8:41:8:47 | 'local' | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/stored-xss.js:8:41:8:47 | 'local' | enclosingFunctionBody | sessionStorage setItem session document location search localStorage setItem local document location search $ myId html sessionStorage getItem session $ myId html localStorage getItem session $ myId html sessionStorage getItem local $ myId html localStorage getItem local href localStorage getItem local $ myId html something | -| autogenerated/Xss/DomBasedXss/stored-xss.js:8:41:8:47 | 'local' | enclosingFunctionName | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:8:41:8:47 | 'local' | fileImports | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:8:41:8:47 | 'local' | receiverName | localStorage | -| autogenerated/Xss/DomBasedXss/stored-xss.js:8:41:8:47 | 'local' | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:10:37:10:43 | 'local' | CalleeFlexibleAccessPath | localStorage.getItem | -| autogenerated/Xss/DomBasedXss/stored-xss.js:10:37:10:43 | 'local' | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:10:37:10:43 | 'local' | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/stored-xss.js:10:37:10:43 | 'local' | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:10:37:10:43 | 'local' | calleeImports | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:10:37:10:43 | 'local' | contextFunctionInterfaces | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:10:37:10:43 | 'local' | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/stored-xss.js:10:37:10:43 | 'local' | enclosingFunctionBody | sessionStorage setItem session document location search localStorage setItem local document location search $ myId html sessionStorage getItem session $ myId html localStorage getItem session $ myId html sessionStorage getItem local $ myId html localStorage getItem local href localStorage getItem local $ myId html something | -| autogenerated/Xss/DomBasedXss/stored-xss.js:10:37:10:43 | 'local' | enclosingFunctionName | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:10:37:10:43 | 'local' | fileImports | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:10:37:10:43 | 'local' | receiverName | localStorage | -| autogenerated/Xss/DomBasedXss/stored-xss.js:10:37:10:43 | 'local' | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:12:7:12:12 | 'myId' | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/DomBasedXss/stored-xss.js:12:7:12:12 | 'myId' | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:12:7:12:12 | 'myId' | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/stored-xss.js:12:7:12:12 | 'myId' | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:12:7:12:12 | 'myId' | calleeImports | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:12:7:12:12 | 'myId' | contextFunctionInterfaces | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:12:7:12:12 | 'myId' | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/stored-xss.js:12:7:12:12 | 'myId' | enclosingFunctionBody | sessionStorage setItem session document location search localStorage setItem local document location search $ myId html sessionStorage getItem session $ myId html localStorage getItem session $ myId html sessionStorage getItem local $ myId html localStorage getItem local href localStorage getItem local $ myId html something | -| autogenerated/Xss/DomBasedXss/stored-xss.js:12:7:12:12 | 'myId' | enclosingFunctionName | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:12:7:12:12 | 'myId' | fileImports | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:12:7:12:12 | 'myId' | receiverName | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:12:7:12:12 | 'myId' | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:12:20:12:31 | " something | -| autogenerated/Xss/DomBasedXss/stored-xss.js:12:20:12:31 | "foobar' | -| autogenerated/Xss/DomBasedXss/stored-xss.js:12:20:12:54 | "" | CalleeFlexibleAccessPath | $().html | -| autogenerated/Xss/DomBasedXss/stored-xss.js:12:20:12:54 | "" | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:12:20:12:54 | "" | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/stored-xss.js:12:20:12:54 | "" | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:12:20:12:54 | "" | calleeImports | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:12:20:12:54 | "" | contextFunctionInterfaces | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:12:20:12:54 | "" | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/stored-xss.js:12:20:12:54 | "" | enclosingFunctionBody | sessionStorage setItem session document location search localStorage setItem local document location search $ myId html sessionStorage getItem session $ myId html localStorage getItem session $ myId html sessionStorage getItem local $ myId html localStorage getItem local href localStorage getItem local $ myId html something | -| autogenerated/Xss/DomBasedXss/stored-xss.js:12:20:12:54 | "" | enclosingFunctionName | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:12:20:12:54 | "" | fileImports | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:12:20:12:54 | "" | receiverName | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:12:20:12:54 | "" | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:12:35:12:38 | href | CalleeFlexibleAccessPath | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:12:35:12:38 | href | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:12:35:12:38 | href | InputArgumentIndex | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:12:35:12:38 | href | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:12:35:12:38 | href | calleeImports | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:12:35:12:38 | href | contextFunctionInterfaces | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:12:35:12:38 | href | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/stored-xss.js:12:35:12:38 | href | enclosingFunctionBody | sessionStorage setItem session document location search localStorage setItem local document location search $ myId html sessionStorage getItem session $ myId html localStorage getItem session $ myId html sessionStorage getItem local $ myId html localStorage getItem local href localStorage getItem local $ myId html something | -| autogenerated/Xss/DomBasedXss/stored-xss.js:12:35:12:38 | href | enclosingFunctionName | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:12:35:12:38 | href | fileImports | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:12:35:12:38 | href | receiverName | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:12:35:12:38 | href | stringConcatenatedWith | 'foobar" | CalleeFlexibleAccessPath | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:12:42:12:54 | ">foobar" | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:12:42:12:54 | ">foobar" | InputArgumentIndex | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:12:42:12:54 | ">foobar" | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:12:42:12:54 | ">foobar" | calleeImports | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:12:42:12:54 | ">foobar" | contextFunctionInterfaces | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:12:42:12:54 | ">foobar" | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/stored-xss.js:12:42:12:54 | ">foobar" | enclosingFunctionBody | sessionStorage setItem session document location search localStorage setItem local document location search $ myId html sessionStorage getItem session $ myId html localStorage getItem session $ myId html sessionStorage getItem local $ myId html localStorage getItem local href localStorage getItem local $ myId html something | -| autogenerated/Xss/DomBasedXss/stored-xss.js:12:42:12:54 | ">foobar" | enclosingFunctionName | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:12:42:12:54 | ">foobar" | fileImports | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:12:42:12:54 | ">foobar" | receiverName | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:12:42:12:54 | ">foobar" | stringConcatenatedWith | ' something | -| autogenerated/Xss/DomBasedXss/stored-xss.js:14:22:14:25 | "\\"" | enclosingFunctionName | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:14:22:14:25 | "\\"" | fileImports | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:14:22:14:25 | "\\"" | receiverName | href | -| autogenerated/Xss/DomBasedXss/stored-xss.js:14:22:14:25 | "\\"" | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:17:7:17:12 | 'myId' | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/DomBasedXss/stored-xss.js:17:7:17:12 | 'myId' | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:17:7:17:12 | 'myId' | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/stored-xss.js:17:7:17:12 | 'myId' | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:17:7:17:12 | 'myId' | calleeImports | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:17:7:17:12 | 'myId' | contextFunctionInterfaces | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:17:7:17:12 | 'myId' | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/stored-xss.js:17:7:17:12 | 'myId' | enclosingFunctionBody | sessionStorage setItem session document location search localStorage setItem local document location search $ myId html sessionStorage getItem session $ myId html localStorage getItem session $ myId html sessionStorage getItem local $ myId html localStorage getItem local href localStorage getItem local $ myId html something | -| autogenerated/Xss/DomBasedXss/stored-xss.js:17:7:17:12 | 'myId' | enclosingFunctionName | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:17:7:17:12 | 'myId' | fileImports | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:17:7:17:12 | 'myId' | receiverName | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:17:7:17:12 | 'myId' | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:17:20:17:31 | " something | -| autogenerated/Xss/DomBasedXss/stored-xss.js:17:20:17:31 | "' | -| autogenerated/Xss/DomBasedXss/stored-xss.js:17:20:17:45 | "" | CalleeFlexibleAccessPath | $().html | -| autogenerated/Xss/DomBasedXss/stored-xss.js:17:20:17:45 | "" | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:17:20:17:45 | "" | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/stored-xss.js:17:20:17:45 | "" | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:17:20:17:45 | "" | calleeImports | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:17:20:17:45 | "" | contextFunctionInterfaces | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:17:20:17:45 | "" | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/stored-xss.js:17:20:17:45 | "" | enclosingFunctionBody | sessionStorage setItem session document location search localStorage setItem local document location search $ myId html sessionStorage getItem session $ myId html localStorage getItem session $ myId html sessionStorage getItem local $ myId html localStorage getItem local href localStorage getItem local $ myId html something | -| autogenerated/Xss/DomBasedXss/stored-xss.js:17:20:17:45 | "" | enclosingFunctionName | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:17:20:17:45 | "" | fileImports | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:17:20:17:45 | "" | receiverName | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:17:20:17:45 | "" | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:17:35:17:38 | href | CalleeFlexibleAccessPath | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:17:35:17:38 | href | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:17:35:17:38 | href | InputArgumentIndex | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:17:35:17:38 | href | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:17:35:17:38 | href | calleeImports | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:17:35:17:38 | href | contextFunctionInterfaces | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:17:35:17:38 | href | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/stored-xss.js:17:35:17:38 | href | enclosingFunctionBody | sessionStorage setItem session document location search localStorage setItem local document location search $ myId html sessionStorage getItem session $ myId html localStorage getItem session $ myId html sessionStorage getItem local $ myId html localStorage getItem local href localStorage getItem local $ myId html something | -| autogenerated/Xss/DomBasedXss/stored-xss.js:17:35:17:38 | href | enclosingFunctionName | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:17:35:17:38 | href | fileImports | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:17:35:17:38 | href | receiverName | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:17:35:17:38 | href | stringConcatenatedWith | '" | CalleeFlexibleAccessPath | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:17:42:17:45 | "/>" | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:17:42:17:45 | "/>" | InputArgumentIndex | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:17:42:17:45 | "/>" | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:17:42:17:45 | "/>" | calleeImports | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:17:42:17:45 | "/>" | contextFunctionInterfaces | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:17:42:17:45 | "/>" | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/stored-xss.js:17:42:17:45 | "/>" | enclosingFunctionBody | sessionStorage setItem session document location search localStorage setItem local document location search $ myId html sessionStorage getItem session $ myId html localStorage getItem session $ myId html sessionStorage getItem local $ myId html localStorage getItem local href localStorage getItem local $ myId html something | -| autogenerated/Xss/DomBasedXss/stored-xss.js:17:42:17:45 | "/>" | enclosingFunctionName | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:17:42:17:45 | "/>" | fileImports | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:17:42:17:45 | "/>" | receiverName | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:17:42:17:45 | "/>" | stringConcatenatedWith | 'foobar href indexOf " 1 $ myId html something | -| autogenerated/Xss/DomBasedXss/stored-xss.js:19:38:19:44 | 'local' | enclosingFunctionName | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:19:38:19:44 | 'local' | fileImports | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:19:38:19:44 | 'local' | receiverName | localStorage | -| autogenerated/Xss/DomBasedXss/stored-xss.js:19:38:19:44 | 'local' | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:20:23:20:26 | "\\"" | CalleeFlexibleAccessPath | href2.indexOf | -| autogenerated/Xss/DomBasedXss/stored-xss.js:20:23:20:26 | "\\"" | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:20:23:20:26 | "\\"" | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/stored-xss.js:20:23:20:26 | "\\"" | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:20:23:20:26 | "\\"" | calleeImports | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:20:23:20:26 | "\\"" | contextFunctionInterfaces | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:20:23:20:26 | "\\"" | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/stored-xss.js:20:23:20:26 | "\\"" | enclosingFunctionBody | sessionStorage setItem session document location search localStorage setItem local document location search $ myId html sessionStorage getItem session $ myId html localStorage getItem session $ myId html sessionStorage getItem local $ myId html localStorage getItem local href localStorage getItem local $ myId html something | -| autogenerated/Xss/DomBasedXss/stored-xss.js:20:23:20:26 | "\\"" | enclosingFunctionName | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:20:23:20:26 | "\\"" | fileImports | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:20:23:20:26 | "\\"" | receiverName | href2 | -| autogenerated/Xss/DomBasedXss/stored-xss.js:20:23:20:26 | "\\"" | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:23:7:23:12 | 'myId' | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/DomBasedXss/stored-xss.js:23:7:23:12 | 'myId' | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:23:7:23:12 | 'myId' | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/stored-xss.js:23:7:23:12 | 'myId' | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:23:7:23:12 | 'myId' | calleeImports | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:23:7:23:12 | 'myId' | contextFunctionInterfaces | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:23:7:23:12 | 'myId' | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/stored-xss.js:23:7:23:12 | 'myId' | enclosingFunctionBody | sessionStorage setItem session document location search localStorage setItem local document location search $ myId html sessionStorage getItem session $ myId html localStorage getItem session $ myId html sessionStorage getItem local $ myId html localStorage getItem local href localStorage getItem local $ myId html something | -| autogenerated/Xss/DomBasedXss/stored-xss.js:23:7:23:12 | 'myId' | enclosingFunctionName | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:23:7:23:12 | 'myId' | fileImports | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:23:7:23:12 | 'myId' | receiverName | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:23:7:23:12 | 'myId' | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:23:20:23:33 | "\\n something | -| autogenerated/Xss/DomBasedXss/stored-xss.js:23:20:23:33 | "\\nfoobar' | -| autogenerated/Xss/DomBasedXss/stored-xss.js:23:20:23:57 | "\\n" | CalleeFlexibleAccessPath | $().html | -| autogenerated/Xss/DomBasedXss/stored-xss.js:23:20:23:57 | "\\n" | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:23:20:23:57 | "\\n" | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/stored-xss.js:23:20:23:57 | "\\n" | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:23:20:23:57 | "\\n" | calleeImports | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:23:20:23:57 | "\\n" | contextFunctionInterfaces | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:23:20:23:57 | "\\n" | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/stored-xss.js:23:20:23:57 | "\\n" | enclosingFunctionBody | sessionStorage setItem session document location search localStorage setItem local document location search $ myId html sessionStorage getItem session $ myId html localStorage getItem session $ myId html sessionStorage getItem local $ myId html localStorage getItem local href localStorage getItem local $ myId html something | -| autogenerated/Xss/DomBasedXss/stored-xss.js:23:20:23:57 | "\\n" | enclosingFunctionName | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:23:20:23:57 | "\\n" | fileImports | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:23:20:23:57 | "\\n" | receiverName | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:23:20:23:57 | "\\n" | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:23:37:23:41 | href2 | CalleeFlexibleAccessPath | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:23:37:23:41 | href2 | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:23:37:23:41 | href2 | InputArgumentIndex | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:23:37:23:41 | href2 | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:23:37:23:41 | href2 | calleeImports | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:23:37:23:41 | href2 | contextFunctionInterfaces | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:23:37:23:41 | href2 | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/stored-xss.js:23:37:23:41 | href2 | enclosingFunctionBody | sessionStorage setItem session document location search localStorage setItem local document location search $ myId html sessionStorage getItem session $ myId html localStorage getItem session $ myId html sessionStorage getItem local $ myId html localStorage getItem local href localStorage getItem local $ myId html something | -| autogenerated/Xss/DomBasedXss/stored-xss.js:23:37:23:41 | href2 | enclosingFunctionName | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:23:37:23:41 | href2 | fileImports | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:23:37:23:41 | href2 | receiverName | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:23:37:23:41 | href2 | stringConcatenatedWith | '\nfoobar" | CalleeFlexibleAccessPath | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:23:45:23:57 | ">foobar" | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:23:45:23:57 | ">foobar" | InputArgumentIndex | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:23:45:23:57 | ">foobar" | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:23:45:23:57 | ">foobar" | calleeImports | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:23:45:23:57 | ">foobar" | contextFunctionInterfaces | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:23:45:23:57 | ">foobar" | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/stored-xss.js:23:45:23:57 | ">foobar" | enclosingFunctionBody | sessionStorage setItem session document location search localStorage setItem local document location search $ myId html sessionStorage getItem session $ myId html localStorage getItem session $ myId html sessionStorage getItem local $ myId html localStorage getItem local href localStorage getItem local $ myId html something | -| autogenerated/Xss/DomBasedXss/stored-xss.js:23:45:23:57 | ">foobar" | enclosingFunctionName | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:23:45:23:57 | ">foobar" | fileImports | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:23:45:23:57 | ">foobar" | receiverName | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:23:45:23:57 | ">foobar" | stringConcatenatedWith | '\nfoobar href indexOf " 1 $ myId html something | -| autogenerated/Xss/DomBasedXss/stored-xss.js:25:38:25:44 | 'local' | enclosingFunctionName | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:25:38:25:44 | 'local' | fileImports | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:25:38:25:44 | 'local' | receiverName | localStorage | -| autogenerated/Xss/DomBasedXss/stored-xss.js:25:38:25:44 | 'local' | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:26:23:26:26 | "\\"" | CalleeFlexibleAccessPath | href3.indexOf | -| autogenerated/Xss/DomBasedXss/stored-xss.js:26:23:26:26 | "\\"" | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:26:23:26:26 | "\\"" | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/stored-xss.js:26:23:26:26 | "\\"" | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:26:23:26:26 | "\\"" | calleeImports | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:26:23:26:26 | "\\"" | contextFunctionInterfaces | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:26:23:26:26 | "\\"" | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/stored-xss.js:26:23:26:26 | "\\"" | enclosingFunctionBody | sessionStorage setItem session document location search localStorage setItem local document location search $ myId html sessionStorage getItem session $ myId html localStorage getItem session $ myId html sessionStorage getItem local $ myId html localStorage getItem local href localStorage getItem local $ myId html something | -| autogenerated/Xss/DomBasedXss/stored-xss.js:26:23:26:26 | "\\"" | enclosingFunctionName | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:26:23:26:26 | "\\"" | fileImports | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:26:23:26:26 | "\\"" | receiverName | href3 | -| autogenerated/Xss/DomBasedXss/stored-xss.js:26:23:26:26 | "\\"" | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:29:7:29:12 | 'myId' | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/DomBasedXss/stored-xss.js:29:7:29:12 | 'myId' | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:29:7:29:12 | 'myId' | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/stored-xss.js:29:7:29:12 | 'myId' | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:29:7:29:12 | 'myId' | calleeImports | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:29:7:29:12 | 'myId' | contextFunctionInterfaces | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:29:7:29:12 | 'myId' | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/stored-xss.js:29:7:29:12 | 'myId' | enclosingFunctionBody | sessionStorage setItem session document location search localStorage setItem local document location search $ myId html sessionStorage getItem session $ myId html localStorage getItem session $ myId html sessionStorage getItem local $ myId html localStorage getItem local href localStorage getItem local $ myId html something | -| autogenerated/Xss/DomBasedXss/stored-xss.js:29:7:29:12 | 'myId' | enclosingFunctionName | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:29:7:29:12 | 'myId' | fileImports | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:29:7:29:12 | 'myId' | receiverName | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:29:7:29:12 | 'myId' | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:29:20:29:35 | '\\r\\n something | -| autogenerated/Xss/DomBasedXss/stored-xss.js:29:20:29:35 | '\\r\\n' + 'something' + '' | -| autogenerated/Xss/DomBasedXss/stored-xss.js:29:20:29:73 | '\\r\\n' | CalleeFlexibleAccessPath | $().html | -| autogenerated/Xss/DomBasedXss/stored-xss.js:29:20:29:73 | '\\r\\n' | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:29:20:29:73 | '\\r\\n' | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/stored-xss.js:29:20:29:73 | '\\r\\n' | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:29:20:29:73 | '\\r\\n' | calleeImports | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:29:20:29:73 | '\\r\\n' | contextFunctionInterfaces | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:29:20:29:73 | '\\r\\n' | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/stored-xss.js:29:20:29:73 | '\\r\\n' | enclosingFunctionBody | sessionStorage setItem session document location search localStorage setItem local document location search $ myId html sessionStorage getItem session $ myId html localStorage getItem session $ myId html sessionStorage getItem local $ myId html localStorage getItem local href localStorage getItem local $ myId html something | -| autogenerated/Xss/DomBasedXss/stored-xss.js:29:20:29:73 | '\\r\\n' | enclosingFunctionName | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:29:20:29:73 | '\\r\\n' | fileImports | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:29:20:29:73 | '\\r\\n' | receiverName | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:29:20:29:73 | '\\r\\n' | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:29:39:29:43 | href3 | CalleeFlexibleAccessPath | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:29:39:29:43 | href3 | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:29:39:29:43 | href3 | InputArgumentIndex | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:29:39:29:43 | href3 | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:29:39:29:43 | href3 | calleeImports | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:29:39:29:43 | href3 | contextFunctionInterfaces | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:29:39:29:43 | href3 | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/stored-xss.js:29:39:29:43 | href3 | enclosingFunctionBody | sessionStorage setItem session document location search localStorage setItem local document location search $ myId html sessionStorage getItem session $ myId html localStorage getItem session $ myId html sessionStorage getItem local $ myId html localStorage getItem local href localStorage getItem local $ myId html something | -| autogenerated/Xss/DomBasedXss/stored-xss.js:29:39:29:43 | href3 | enclosingFunctionName | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:29:39:29:43 | href3 | fileImports | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:29:39:29:43 | href3 | receiverName | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:29:39:29:43 | href3 | stringConcatenatedWith | '\r\n' + 'something' + '' | -| autogenerated/Xss/DomBasedXss/stored-xss.js:29:47:29:50 | '">' | CalleeFlexibleAccessPath | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:29:47:29:50 | '">' | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:29:47:29:50 | '">' | InputArgumentIndex | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:29:47:29:50 | '">' | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:29:47:29:50 | '">' | calleeImports | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:29:47:29:50 | '">' | contextFunctionInterfaces | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:29:47:29:50 | '">' | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/stored-xss.js:29:47:29:50 | '">' | enclosingFunctionBody | sessionStorage setItem session document location search localStorage setItem local document location search $ myId html sessionStorage getItem session $ myId html localStorage getItem session $ myId html sessionStorage getItem local $ myId html localStorage getItem local href localStorage getItem local $ myId html something | -| autogenerated/Xss/DomBasedXss/stored-xss.js:29:47:29:50 | '">' | enclosingFunctionName | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:29:47:29:50 | '">' | fileImports | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:29:47:29:50 | '">' | receiverName | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:29:47:29:50 | '">' | stringConcatenatedWith | '\r\n something | -| autogenerated/Xss/DomBasedXss/stored-xss.js:29:54:29:64 | "something" | enclosingFunctionName | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:29:54:29:64 | "something" | fileImports | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:29:54:29:64 | "something" | receiverName | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:29:54:29:64 | "something" | stringConcatenatedWith | '\r\n' -endpoint- '' | -| autogenerated/Xss/DomBasedXss/stored-xss.js:29:68:29:73 | '' | CalleeFlexibleAccessPath | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:29:68:29:73 | '' | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:29:68:29:73 | '' | InputArgumentIndex | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:29:68:29:73 | '' | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:29:68:29:73 | '' | calleeImports | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:29:68:29:73 | '' | contextFunctionInterfaces | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:29:68:29:73 | '' | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/stored-xss.js:29:68:29:73 | '' | enclosingFunctionBody | sessionStorage setItem session document location search localStorage setItem local document location search $ myId html sessionStorage getItem session $ myId html localStorage getItem session $ myId html sessionStorage getItem local $ myId html localStorage getItem local href localStorage getItem local $ myId html something | -| autogenerated/Xss/DomBasedXss/stored-xss.js:29:68:29:73 | '' | enclosingFunctionName | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:29:68:29:73 | '' | fileImports | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:29:68:29:73 | '' | receiverName | | -| autogenerated/Xss/DomBasedXss/stored-xss.js:29:68:29:73 | '' | stringConcatenatedWith | '\r\n' + 'something' -endpoint- | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:1:16:1:51 | documen ... deAt(0) | CalleeFlexibleAccessPath | document.write | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:1:16:1:51 | documen ... deAt(0) | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:1:16:1:51 | documen ... deAt(0) | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:1:16:1:51 | documen ... deAt(0) | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:1:16:1:51 | documen ... deAt(0) | calleeImports | | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:1:16:1:51 | documen ... deAt(0) | contextFunctionInterfaces | | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:1:16:1:51 | documen ... deAt(0) | contextSurroundingFunctionParameters | | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:1:16:1:51 | documen ... deAt(0) | enclosingFunctionBody | | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:1:16:1:51 | documen ... deAt(0) | enclosingFunctionName | | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:1:16:1:51 | documen ... deAt(0) | fileImports | | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:1:16:1:51 | documen ... deAt(0) | receiverName | document | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:1:16:1:51 | documen ... deAt(0) | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:1:50:1:50 | 0 | CalleeFlexibleAccessPath | document.location.href.charCodeAt | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:1:50:1:50 | 0 | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:1:50:1:50 | 0 | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:1:50:1:50 | 0 | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:1:50:1:50 | 0 | calleeImports | | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:1:50:1:50 | 0 | contextFunctionInterfaces | | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:1:50:1:50 | 0 | contextSurroundingFunctionParameters | | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:1:50:1:50 | 0 | enclosingFunctionBody | | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:1:50:1:50 | 0 | enclosingFunctionName | | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:1:50:1:50 | 0 | fileImports | | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:1:50:1:50 | 0 | receiverName | | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:1:50:1:50 | 0 | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:3:16:3:32 | document.location | CalleeFlexibleAccessPath | document.write | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:3:16:3:32 | document.location | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:3:16:3:32 | document.location | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:3:16:3:32 | document.location | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:3:16:3:32 | document.location | calleeImports | | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:3:16:3:32 | document.location | contextFunctionInterfaces | | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:3:16:3:32 | document.location | contextSurroundingFunctionParameters | | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:3:16:3:32 | document.location | enclosingFunctionBody | | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:3:16:3:32 | document.location | enclosingFunctionName | | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:3:16:3:32 | document.location | fileImports | | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:3:16:3:32 | document.location | receiverName | document | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:3:16:3:32 | document.location | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:4:16:4:37 | documen ... on.href | CalleeFlexibleAccessPath | document.write | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:4:16:4:37 | documen ... on.href | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:4:16:4:37 | documen ... on.href | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:4:16:4:37 | documen ... on.href | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:4:16:4:37 | documen ... on.href | calleeImports | | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:4:16:4:37 | documen ... on.href | contextFunctionInterfaces | | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:4:16:4:37 | documen ... on.href | contextSurroundingFunctionParameters | | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:4:16:4:37 | documen ... on.href | enclosingFunctionBody | | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:4:16:4:37 | documen ... on.href | enclosingFunctionName | | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:4:16:4:37 | documen ... on.href | fileImports | | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:4:16:4:37 | documen ... on.href | receiverName | document | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:4:16:4:37 | documen ... on.href | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:5:16:5:47 | documen ... lueOf() | CalleeFlexibleAccessPath | document.write | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:5:16:5:47 | documen ... lueOf() | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:5:16:5:47 | documen ... lueOf() | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:5:16:5:47 | documen ... lueOf() | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:5:16:5:47 | documen ... lueOf() | calleeImports | | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:5:16:5:47 | documen ... lueOf() | contextFunctionInterfaces | | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:5:16:5:47 | documen ... lueOf() | contextSurroundingFunctionParameters | | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:5:16:5:47 | documen ... lueOf() | enclosingFunctionBody | | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:5:16:5:47 | documen ... lueOf() | enclosingFunctionName | | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:5:16:5:47 | documen ... lueOf() | fileImports | | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:5:16:5:47 | documen ... lueOf() | receiverName | document | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:5:16:5:47 | documen ... lueOf() | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:6:16:6:43 | documen ... f.sup() | CalleeFlexibleAccessPath | document.write | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:6:16:6:43 | documen ... f.sup() | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:6:16:6:43 | documen ... f.sup() | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:6:16:6:43 | documen ... f.sup() | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:6:16:6:43 | documen ... f.sup() | calleeImports | | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:6:16:6:43 | documen ... f.sup() | contextFunctionInterfaces | | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:6:16:6:43 | documen ... f.sup() | contextSurroundingFunctionParameters | | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:6:16:6:43 | documen ... f.sup() | enclosingFunctionBody | | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:6:16:6:43 | documen ... f.sup() | enclosingFunctionName | | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:6:16:6:43 | documen ... f.sup() | fileImports | | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:6:16:6:43 | documen ... f.sup() | receiverName | document | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:6:16:6:43 | documen ... f.sup() | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:7:16:7:51 | documen ... rCase() | CalleeFlexibleAccessPath | document.write | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:7:16:7:51 | documen ... rCase() | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:7:16:7:51 | documen ... rCase() | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:7:16:7:51 | documen ... rCase() | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:7:16:7:51 | documen ... rCase() | calleeImports | | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:7:16:7:51 | documen ... rCase() | contextFunctionInterfaces | | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:7:16:7:51 | documen ... rCase() | contextSurroundingFunctionParameters | | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:7:16:7:51 | documen ... rCase() | enclosingFunctionBody | | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:7:16:7:51 | documen ... rCase() | enclosingFunctionName | | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:7:16:7:51 | documen ... rCase() | fileImports | | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:7:16:7:51 | documen ... rCase() | receiverName | document | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:7:16:7:51 | documen ... rCase() | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:8:16:8:48 | documen ... mLeft() | CalleeFlexibleAccessPath | document.write | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:8:16:8:48 | documen ... mLeft() | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:8:16:8:48 | documen ... mLeft() | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:8:16:8:48 | documen ... mLeft() | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:8:16:8:48 | documen ... mLeft() | calleeImports | | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:8:16:8:48 | documen ... mLeft() | contextFunctionInterfaces | | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:8:16:8:48 | documen ... mLeft() | contextSurroundingFunctionParameters | | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:8:16:8:48 | documen ... mLeft() | enclosingFunctionBody | | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:8:16:8:48 | documen ... mLeft() | enclosingFunctionName | | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:8:16:8:48 | documen ... mLeft() | fileImports | | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:8:16:8:48 | documen ... mLeft() | receiverName | document | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:8:16:8:48 | documen ... mLeft() | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:9:16:9:58 | String. ... n.href) | CalleeFlexibleAccessPath | document.write | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:9:16:9:58 | String. ... n.href) | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:9:16:9:58 | String. ... n.href) | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:9:16:9:58 | String. ... n.href) | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:9:16:9:58 | String. ... n.href) | calleeImports | | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:9:16:9:58 | String. ... n.href) | contextFunctionInterfaces | | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:9:16:9:58 | String. ... n.href) | contextSurroundingFunctionParameters | | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:9:16:9:58 | String. ... n.href) | enclosingFunctionBody | | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:9:16:9:58 | String. ... n.href) | enclosingFunctionName | | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:9:16:9:58 | String. ... n.href) | fileImports | | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:9:16:9:58 | String. ... n.href) | receiverName | document | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:9:16:9:58 | String. ... n.href) | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:10:16:10:45 | String( ... n.href) | CalleeFlexibleAccessPath | document.write | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:10:16:10:45 | String( ... n.href) | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:10:16:10:45 | String( ... n.href) | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:10:16:10:45 | String( ... n.href) | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:10:16:10:45 | String( ... n.href) | calleeImports | | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:10:16:10:45 | String( ... n.href) | contextFunctionInterfaces | | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:10:16:10:45 | String( ... n.href) | contextSurroundingFunctionParameters | | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:10:16:10:45 | String( ... n.href) | enclosingFunctionBody | | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:10:16:10:45 | String( ... n.href) | enclosingFunctionName | | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:10:16:10:45 | String( ... n.href) | fileImports | | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:10:16:10:45 | String( ... n.href) | receiverName | document | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:10:16:10:45 | String( ... n.href) | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:11:16:11:45 | escape( ... n.href) | CalleeFlexibleAccessPath | document.write | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:11:16:11:45 | escape( ... n.href) | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:11:16:11:45 | escape( ... n.href) | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:11:16:11:45 | escape( ... n.href) | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:11:16:11:45 | escape( ... n.href) | calleeImports | | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:11:16:11:45 | escape( ... n.href) | contextFunctionInterfaces | | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:11:16:11:45 | escape( ... n.href) | contextSurroundingFunctionParameters | | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:11:16:11:45 | escape( ... n.href) | enclosingFunctionBody | | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:11:16:11:45 | escape( ... n.href) | enclosingFunctionName | | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:11:16:11:45 | escape( ... n.href) | fileImports | | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:11:16:11:45 | escape( ... n.href) | receiverName | document | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:11:16:11:45 | escape( ... n.href) | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:12:16:12:61 | escape( ... href))) | CalleeFlexibleAccessPath | document.write | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:12:16:12:61 | escape( ... href))) | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:12:16:12:61 | escape( ... href))) | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:12:16:12:61 | escape( ... href))) | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:12:16:12:61 | escape( ... href))) | calleeImports | | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:12:16:12:61 | escape( ... href))) | contextFunctionInterfaces | | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:12:16:12:61 | escape( ... href))) | contextSurroundingFunctionParameters | | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:12:16:12:61 | escape( ... href))) | enclosingFunctionBody | | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:12:16:12:61 | escape( ... href))) | enclosingFunctionName | | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:12:16:12:61 | escape( ... href))) | fileImports | | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:12:16:12:61 | escape( ... href))) | receiverName | document | -| autogenerated/Xss/DomBasedXss/string-manipulations.js:12:16:12:61 | escape( ... href))) | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/translate.js:7:59:7:59 | 1 | CalleeFlexibleAccessPath | target.substring | -| autogenerated/Xss/DomBasedXss/translate.js:7:59:7:59 | 1 | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/translate.js:7:59:7:59 | 1 | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/translate.js:7:59:7:59 | 1 | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/translate.js:7:59:7:59 | 1 | calleeImports | | -| autogenerated/Xss/DomBasedXss/translate.js:7:59:7:59 | 1 | contextFunctionInterfaces | | -| autogenerated/Xss/DomBasedXss/translate.js:7:59:7:59 | 1 | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/translate.js:7:59:7:59 | 1 | enclosingFunctionBody | translate own goal backpass fumble feint target document location search searchParams URLSearchParams target substring 1 $ original-term html searchParams get term $ translated-term html translate searchParams get term | -| autogenerated/Xss/DomBasedXss/translate.js:7:59:7:59 | 1 | enclosingFunctionName | | -| autogenerated/Xss/DomBasedXss/translate.js:7:59:7:59 | 1 | fileImports | | -| autogenerated/Xss/DomBasedXss/translate.js:7:59:7:59 | 1 | receiverName | target | -| autogenerated/Xss/DomBasedXss/translate.js:7:59:7:59 | 1 | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/translate.js:9:5:9:19 | 'original-term' | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/DomBasedXss/translate.js:9:5:9:19 | 'original-term' | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/translate.js:9:5:9:19 | 'original-term' | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/translate.js:9:5:9:19 | 'original-term' | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/translate.js:9:5:9:19 | 'original-term' | calleeImports | | -| autogenerated/Xss/DomBasedXss/translate.js:9:5:9:19 | 'original-term' | contextFunctionInterfaces | | -| autogenerated/Xss/DomBasedXss/translate.js:9:5:9:19 | 'original-term' | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/translate.js:9:5:9:19 | 'original-term' | enclosingFunctionBody | translate own goal backpass fumble feint target document location search searchParams URLSearchParams target substring 1 $ original-term html searchParams get term $ translated-term html translate searchParams get term | -| autogenerated/Xss/DomBasedXss/translate.js:9:5:9:19 | 'original-term' | enclosingFunctionName | | -| autogenerated/Xss/DomBasedXss/translate.js:9:5:9:19 | 'original-term' | fileImports | | -| autogenerated/Xss/DomBasedXss/translate.js:9:5:9:19 | 'original-term' | receiverName | | -| autogenerated/Xss/DomBasedXss/translate.js:9:5:9:19 | 'original-term' | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/translate.js:9:27:9:50 | searchP ... 'term') | CalleeFlexibleAccessPath | $().html | -| autogenerated/Xss/DomBasedXss/translate.js:9:27:9:50 | searchP ... 'term') | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/translate.js:9:27:9:50 | searchP ... 'term') | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/translate.js:9:27:9:50 | searchP ... 'term') | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/translate.js:9:27:9:50 | searchP ... 'term') | calleeImports | | -| autogenerated/Xss/DomBasedXss/translate.js:9:27:9:50 | searchP ... 'term') | contextFunctionInterfaces | | -| autogenerated/Xss/DomBasedXss/translate.js:9:27:9:50 | searchP ... 'term') | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/translate.js:9:27:9:50 | searchP ... 'term') | enclosingFunctionBody | translate own goal backpass fumble feint target document location search searchParams URLSearchParams target substring 1 $ original-term html searchParams get term $ translated-term html translate searchParams get term | -| autogenerated/Xss/DomBasedXss/translate.js:9:27:9:50 | searchP ... 'term') | enclosingFunctionName | | -| autogenerated/Xss/DomBasedXss/translate.js:9:27:9:50 | searchP ... 'term') | fileImports | | -| autogenerated/Xss/DomBasedXss/translate.js:9:27:9:50 | searchP ... 'term') | receiverName | | -| autogenerated/Xss/DomBasedXss/translate.js:9:27:9:50 | searchP ... 'term') | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/translate.js:9:44:9:49 | 'term' | CalleeFlexibleAccessPath | searchParams.get | -| autogenerated/Xss/DomBasedXss/translate.js:9:44:9:49 | 'term' | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/translate.js:9:44:9:49 | 'term' | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/translate.js:9:44:9:49 | 'term' | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/translate.js:9:44:9:49 | 'term' | calleeImports | | -| autogenerated/Xss/DomBasedXss/translate.js:9:44:9:49 | 'term' | contextFunctionInterfaces | | -| autogenerated/Xss/DomBasedXss/translate.js:9:44:9:49 | 'term' | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/translate.js:9:44:9:49 | 'term' | enclosingFunctionBody | translate own goal backpass fumble feint target document location search searchParams URLSearchParams target substring 1 $ original-term html searchParams get term $ translated-term html translate searchParams get term | -| autogenerated/Xss/DomBasedXss/translate.js:9:44:9:49 | 'term' | enclosingFunctionName | | -| autogenerated/Xss/DomBasedXss/translate.js:9:44:9:49 | 'term' | fileImports | | -| autogenerated/Xss/DomBasedXss/translate.js:9:44:9:49 | 'term' | receiverName | searchParams | -| autogenerated/Xss/DomBasedXss/translate.js:9:44:9:49 | 'term' | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/translate.js:11:5:11:21 | 'translated-term' | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/DomBasedXss/translate.js:11:5:11:21 | 'translated-term' | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/translate.js:11:5:11:21 | 'translated-term' | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/translate.js:11:5:11:21 | 'translated-term' | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/translate.js:11:5:11:21 | 'translated-term' | calleeImports | | -| autogenerated/Xss/DomBasedXss/translate.js:11:5:11:21 | 'translated-term' | contextFunctionInterfaces | | -| autogenerated/Xss/DomBasedXss/translate.js:11:5:11:21 | 'translated-term' | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/translate.js:11:5:11:21 | 'translated-term' | enclosingFunctionBody | translate own goal backpass fumble feint target document location search searchParams URLSearchParams target substring 1 $ original-term html searchParams get term $ translated-term html translate searchParams get term | -| autogenerated/Xss/DomBasedXss/translate.js:11:5:11:21 | 'translated-term' | enclosingFunctionName | | -| autogenerated/Xss/DomBasedXss/translate.js:11:5:11:21 | 'translated-term' | fileImports | | -| autogenerated/Xss/DomBasedXss/translate.js:11:5:11:21 | 'translated-term' | receiverName | | -| autogenerated/Xss/DomBasedXss/translate.js:11:5:11:21 | 'translated-term' | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/translate.js:11:29:11:63 | transla ... term')] | CalleeFlexibleAccessPath | $().html | -| autogenerated/Xss/DomBasedXss/translate.js:11:29:11:63 | transla ... term')] | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/translate.js:11:29:11:63 | transla ... term')] | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/translate.js:11:29:11:63 | transla ... term')] | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/translate.js:11:29:11:63 | transla ... term')] | calleeImports | | -| autogenerated/Xss/DomBasedXss/translate.js:11:29:11:63 | transla ... term')] | contextFunctionInterfaces | | -| autogenerated/Xss/DomBasedXss/translate.js:11:29:11:63 | transla ... term')] | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/translate.js:11:29:11:63 | transla ... term')] | enclosingFunctionBody | translate own goal backpass fumble feint target document location search searchParams URLSearchParams target substring 1 $ original-term html searchParams get term $ translated-term html translate searchParams get term | -| autogenerated/Xss/DomBasedXss/translate.js:11:29:11:63 | transla ... term')] | enclosingFunctionName | | -| autogenerated/Xss/DomBasedXss/translate.js:11:29:11:63 | transla ... term')] | fileImports | | -| autogenerated/Xss/DomBasedXss/translate.js:11:29:11:63 | transla ... term')] | receiverName | | -| autogenerated/Xss/DomBasedXss/translate.js:11:29:11:63 | transla ... term')] | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/translate.js:11:56:11:61 | 'term' | CalleeFlexibleAccessPath | searchParams.get | -| autogenerated/Xss/DomBasedXss/translate.js:11:56:11:61 | 'term' | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/translate.js:11:56:11:61 | 'term' | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/translate.js:11:56:11:61 | 'term' | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/translate.js:11:56:11:61 | 'term' | calleeImports | | -| autogenerated/Xss/DomBasedXss/translate.js:11:56:11:61 | 'term' | contextFunctionInterfaces | | -| autogenerated/Xss/DomBasedXss/translate.js:11:56:11:61 | 'term' | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/translate.js:11:56:11:61 | 'term' | enclosingFunctionBody | translate own goal backpass fumble feint target document location search searchParams URLSearchParams target substring 1 $ original-term html searchParams get term $ translated-term html translate searchParams get term | -| autogenerated/Xss/DomBasedXss/translate.js:11:56:11:61 | 'term' | enclosingFunctionName | | -| autogenerated/Xss/DomBasedXss/translate.js:11:56:11:61 | 'term' | fileImports | | -| autogenerated/Xss/DomBasedXss/translate.js:11:56:11:61 | 'term' | receiverName | searchParams | -| autogenerated/Xss/DomBasedXss/translate.js:11:56:11:61 | 'term' | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst3.js:1:35:1:39 | "foo" | CalleeFlexibleAccessPath | document.getElementById | -| autogenerated/Xss/DomBasedXss/tst3.js:1:35:1:39 | "foo" | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst3.js:1:35:1:39 | "foo" | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst3.js:1:35:1:39 | "foo" | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst3.js:1:35:1:39 | "foo" | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst3.js:1:35:1:39 | "foo" | contextFunctionInterfaces | | -| autogenerated/Xss/DomBasedXss/tst3.js:1:35:1:39 | "foo" | contextSurroundingFunctionParameters | | -| autogenerated/Xss/DomBasedXss/tst3.js:1:35:1:39 | "foo" | enclosingFunctionBody | | -| autogenerated/Xss/DomBasedXss/tst3.js:1:35:1:39 | "foo" | enclosingFunctionName | | -| autogenerated/Xss/DomBasedXss/tst3.js:1:35:1:39 | "foo" | fileImports | | -| autogenerated/Xss/DomBasedXss/tst3.js:1:35:1:39 | "foo" | receiverName | document | -| autogenerated/Xss/DomBasedXss/tst3.js:1:35:1:39 | "foo" | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst3.js:2:72:2:72 | 1 | CalleeFlexibleAccessPath | window.location.search.substr | -| autogenerated/Xss/DomBasedXss/tst3.js:2:72:2:72 | 1 | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst3.js:2:72:2:72 | 1 | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst3.js:2:72:2:72 | 1 | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst3.js:2:72:2:72 | 1 | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst3.js:2:72:2:72 | 1 | contextFunctionInterfaces | | -| autogenerated/Xss/DomBasedXss/tst3.js:2:72:2:72 | 1 | contextSurroundingFunctionParameters | | -| autogenerated/Xss/DomBasedXss/tst3.js:2:72:2:72 | 1 | enclosingFunctionBody | | -| autogenerated/Xss/DomBasedXss/tst3.js:2:72:2:72 | 1 | enclosingFunctionName | | -| autogenerated/Xss/DomBasedXss/tst3.js:2:72:2:72 | 1 | fileImports | | -| autogenerated/Xss/DomBasedXss/tst3.js:2:72:2:72 | 1 | receiverName | | -| autogenerated/Xss/DomBasedXss/tst3.js:2:72:2:72 | 1 | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst3.js:4:25:4:32 | data.src | CalleeFlexibleAccessPath | foo.setAttribute | -| autogenerated/Xss/DomBasedXss/tst3.js:4:25:4:32 | data.src | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst3.js:4:25:4:32 | data.src | InputArgumentIndex | 1 | -| autogenerated/Xss/DomBasedXss/tst3.js:4:25:4:32 | data.src | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst3.js:4:25:4:32 | data.src | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst3.js:4:25:4:32 | data.src | contextFunctionInterfaces | | -| autogenerated/Xss/DomBasedXss/tst3.js:4:25:4:32 | data.src | contextSurroundingFunctionParameters | | -| autogenerated/Xss/DomBasedXss/tst3.js:4:25:4:32 | data.src | enclosingFunctionBody | | -| autogenerated/Xss/DomBasedXss/tst3.js:4:25:4:32 | data.src | enclosingFunctionName | | -| autogenerated/Xss/DomBasedXss/tst3.js:4:25:4:32 | data.src | fileImports | | -| autogenerated/Xss/DomBasedXss/tst3.js:4:25:4:32 | data.src | receiverName | foo | -| autogenerated/Xss/DomBasedXss/tst3.js:4:25:4:32 | data.src | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst3.js:5:26:5:31 | data.p | CalleeFlexibleAccessPath | foo.setAttribute | -| autogenerated/Xss/DomBasedXss/tst3.js:5:26:5:31 | data.p | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst3.js:5:26:5:31 | data.p | InputArgumentIndex | 1 | -| autogenerated/Xss/DomBasedXss/tst3.js:5:26:5:31 | data.p | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst3.js:5:26:5:31 | data.p | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst3.js:5:26:5:31 | data.p | contextFunctionInterfaces | | -| autogenerated/Xss/DomBasedXss/tst3.js:5:26:5:31 | data.p | contextSurroundingFunctionParameters | | -| autogenerated/Xss/DomBasedXss/tst3.js:5:26:5:31 | data.p | enclosingFunctionBody | | -| autogenerated/Xss/DomBasedXss/tst3.js:5:26:5:31 | data.p | enclosingFunctionName | | -| autogenerated/Xss/DomBasedXss/tst3.js:5:26:5:31 | data.p | fileImports | | -| autogenerated/Xss/DomBasedXss/tst3.js:5:26:5:31 | data.p | receiverName | foo | -| autogenerated/Xss/DomBasedXss/tst3.js:5:26:5:31 | data.p | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst3.js:6:18:6:24 | "width" | CalleeFlexibleAccessPath | foo.setAttribute | -| autogenerated/Xss/DomBasedXss/tst3.js:6:18:6:24 | "width" | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst3.js:6:18:6:24 | "width" | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst3.js:6:18:6:24 | "width" | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst3.js:6:18:6:24 | "width" | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst3.js:6:18:6:24 | "width" | contextFunctionInterfaces | | -| autogenerated/Xss/DomBasedXss/tst3.js:6:18:6:24 | "width" | contextSurroundingFunctionParameters | | -| autogenerated/Xss/DomBasedXss/tst3.js:6:18:6:24 | "width" | enclosingFunctionBody | | -| autogenerated/Xss/DomBasedXss/tst3.js:6:18:6:24 | "width" | enclosingFunctionName | | -| autogenerated/Xss/DomBasedXss/tst3.js:6:18:6:24 | "width" | fileImports | | -| autogenerated/Xss/DomBasedXss/tst3.js:6:18:6:24 | "width" | receiverName | foo | -| autogenerated/Xss/DomBasedXss/tst3.js:6:18:6:24 | "width" | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst3.js:6:27:6:32 | data.w | CalleeFlexibleAccessPath | foo.setAttribute | -| autogenerated/Xss/DomBasedXss/tst3.js:6:27:6:32 | data.w | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst3.js:6:27:6:32 | data.w | InputArgumentIndex | 1 | -| autogenerated/Xss/DomBasedXss/tst3.js:6:27:6:32 | data.w | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst3.js:6:27:6:32 | data.w | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst3.js:6:27:6:32 | data.w | contextFunctionInterfaces | | -| autogenerated/Xss/DomBasedXss/tst3.js:6:27:6:32 | data.w | contextSurroundingFunctionParameters | | -| autogenerated/Xss/DomBasedXss/tst3.js:6:27:6:32 | data.w | enclosingFunctionBody | | -| autogenerated/Xss/DomBasedXss/tst3.js:6:27:6:32 | data.w | enclosingFunctionName | | -| autogenerated/Xss/DomBasedXss/tst3.js:6:27:6:32 | data.w | fileImports | | -| autogenerated/Xss/DomBasedXss/tst3.js:6:27:6:32 | data.w | receiverName | foo | -| autogenerated/Xss/DomBasedXss/tst3.js:6:27:6:32 | data.w | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst3.js:7:32:7:37 | data.p | CalleeFlexibleAccessPath | foo.setAttribute | -| autogenerated/Xss/DomBasedXss/tst3.js:7:32:7:37 | data.p | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst3.js:7:32:7:37 | data.p | InputArgumentIndex | 1 | -| autogenerated/Xss/DomBasedXss/tst3.js:7:32:7:37 | data.p | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst3.js:7:32:7:37 | data.p | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst3.js:7:32:7:37 | data.p | contextFunctionInterfaces | | -| autogenerated/Xss/DomBasedXss/tst3.js:7:32:7:37 | data.p | contextSurroundingFunctionParameters | | -| autogenerated/Xss/DomBasedXss/tst3.js:7:32:7:37 | data.p | enclosingFunctionBody | | -| autogenerated/Xss/DomBasedXss/tst3.js:7:32:7:37 | data.p | enclosingFunctionName | | -| autogenerated/Xss/DomBasedXss/tst3.js:7:32:7:37 | data.p | fileImports | | -| autogenerated/Xss/DomBasedXss/tst3.js:7:32:7:37 | data.p | receiverName | foo | -| autogenerated/Xss/DomBasedXss/tst3.js:7:32:7:37 | data.p | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst3.js:9:37:9:42 | data.p | CalleeFlexibleAccessPath | foo.setAttributeNS | -| autogenerated/Xss/DomBasedXss/tst3.js:9:37:9:42 | data.p | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst3.js:9:37:9:42 | data.p | InputArgumentIndex | 2 | -| autogenerated/Xss/DomBasedXss/tst3.js:9:37:9:42 | data.p | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst3.js:9:37:9:42 | data.p | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst3.js:9:37:9:42 | data.p | contextFunctionInterfaces | | -| autogenerated/Xss/DomBasedXss/tst3.js:9:37:9:42 | data.p | contextSurroundingFunctionParameters | | -| autogenerated/Xss/DomBasedXss/tst3.js:9:37:9:42 | data.p | enclosingFunctionBody | | -| autogenerated/Xss/DomBasedXss/tst3.js:9:37:9:42 | data.p | enclosingFunctionName | | -| autogenerated/Xss/DomBasedXss/tst3.js:9:37:9:42 | data.p | fileImports | | -| autogenerated/Xss/DomBasedXss/tst3.js:9:37:9:42 | data.p | receiverName | foo | -| autogenerated/Xss/DomBasedXss/tst3.js:9:37:9:42 | data.p | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst3.js:10:38:10:43 | data.p | CalleeFlexibleAccessPath | foo.setAttributeNS | -| autogenerated/Xss/DomBasedXss/tst3.js:10:38:10:43 | data.p | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst3.js:10:38:10:43 | data.p | InputArgumentIndex | 2 | -| autogenerated/Xss/DomBasedXss/tst3.js:10:38:10:43 | data.p | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst3.js:10:38:10:43 | data.p | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst3.js:10:38:10:43 | data.p | contextFunctionInterfaces | | -| autogenerated/Xss/DomBasedXss/tst3.js:10:38:10:43 | data.p | contextSurroundingFunctionParameters | | -| autogenerated/Xss/DomBasedXss/tst3.js:10:38:10:43 | data.p | enclosingFunctionBody | | -| autogenerated/Xss/DomBasedXss/tst3.js:10:38:10:43 | data.p | enclosingFunctionName | | -| autogenerated/Xss/DomBasedXss/tst3.js:10:38:10:43 | data.p | fileImports | | -| autogenerated/Xss/DomBasedXss/tst3.js:10:38:10:43 | data.p | receiverName | foo | -| autogenerated/Xss/DomBasedXss/tst3.js:10:38:10:43 | data.p | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst3.js:11:20:11:24 | 'baz' | CalleeFlexibleAccessPath | foo.setAttributeNS | -| autogenerated/Xss/DomBasedXss/tst3.js:11:20:11:24 | 'baz' | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst3.js:11:20:11:24 | 'baz' | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst3.js:11:20:11:24 | 'baz' | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst3.js:11:20:11:24 | 'baz' | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst3.js:11:20:11:24 | 'baz' | contextFunctionInterfaces | | -| autogenerated/Xss/DomBasedXss/tst3.js:11:20:11:24 | 'baz' | contextSurroundingFunctionParameters | | -| autogenerated/Xss/DomBasedXss/tst3.js:11:20:11:24 | 'baz' | enclosingFunctionBody | | -| autogenerated/Xss/DomBasedXss/tst3.js:11:20:11:24 | 'baz' | enclosingFunctionName | | -| autogenerated/Xss/DomBasedXss/tst3.js:11:20:11:24 | 'baz' | fileImports | | -| autogenerated/Xss/DomBasedXss/tst3.js:11:20:11:24 | 'baz' | receiverName | foo | -| autogenerated/Xss/DomBasedXss/tst3.js:11:20:11:24 | 'baz' | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst3.js:11:27:11:33 | 'width' | CalleeFlexibleAccessPath | foo.setAttributeNS | -| autogenerated/Xss/DomBasedXss/tst3.js:11:27:11:33 | 'width' | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst3.js:11:27:11:33 | 'width' | InputArgumentIndex | 1 | -| autogenerated/Xss/DomBasedXss/tst3.js:11:27:11:33 | 'width' | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst3.js:11:27:11:33 | 'width' | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst3.js:11:27:11:33 | 'width' | contextFunctionInterfaces | | -| autogenerated/Xss/DomBasedXss/tst3.js:11:27:11:33 | 'width' | contextSurroundingFunctionParameters | | -| autogenerated/Xss/DomBasedXss/tst3.js:11:27:11:33 | 'width' | enclosingFunctionBody | | -| autogenerated/Xss/DomBasedXss/tst3.js:11:27:11:33 | 'width' | enclosingFunctionName | | -| autogenerated/Xss/DomBasedXss/tst3.js:11:27:11:33 | 'width' | fileImports | | -| autogenerated/Xss/DomBasedXss/tst3.js:11:27:11:33 | 'width' | receiverName | foo | -| autogenerated/Xss/DomBasedXss/tst3.js:11:27:11:33 | 'width' | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst3.js:11:36:11:41 | data.w | CalleeFlexibleAccessPath | foo.setAttributeNS | -| autogenerated/Xss/DomBasedXss/tst3.js:11:36:11:41 | data.w | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst3.js:11:36:11:41 | data.w | InputArgumentIndex | 2 | -| autogenerated/Xss/DomBasedXss/tst3.js:11:36:11:41 | data.w | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst3.js:11:36:11:41 | data.w | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst3.js:11:36:11:41 | data.w | contextFunctionInterfaces | | -| autogenerated/Xss/DomBasedXss/tst3.js:11:36:11:41 | data.w | contextSurroundingFunctionParameters | | -| autogenerated/Xss/DomBasedXss/tst3.js:11:36:11:41 | data.w | enclosingFunctionBody | | -| autogenerated/Xss/DomBasedXss/tst3.js:11:36:11:41 | data.w | enclosingFunctionName | | -| autogenerated/Xss/DomBasedXss/tst3.js:11:36:11:41 | data.w | fileImports | | -| autogenerated/Xss/DomBasedXss/tst3.js:11:36:11:41 | data.w | receiverName | foo | -| autogenerated/Xss/DomBasedXss/tst3.js:11:36:11:41 | data.w | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst3.js:15:20:15:20 | p | CalleeFlexibleAccessPath | foo.setAttribute | -| autogenerated/Xss/DomBasedXss/tst3.js:15:20:15:20 | p | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst3.js:15:20:15:20 | p | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst3.js:15:20:15:20 | p | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst3.js:15:20:15:20 | p | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst3.js:15:20:15:20 | p | contextFunctionInterfaces | | -| autogenerated/Xss/DomBasedXss/tst3.js:15:20:15:20 | p | contextSurroundingFunctionParameters | | -| autogenerated/Xss/DomBasedXss/tst3.js:15:20:15:20 | p | enclosingFunctionBody | | -| autogenerated/Xss/DomBasedXss/tst3.js:15:20:15:20 | p | enclosingFunctionName | | -| autogenerated/Xss/DomBasedXss/tst3.js:15:20:15:20 | p | fileImports | | -| autogenerated/Xss/DomBasedXss/tst3.js:15:20:15:20 | p | receiverName | foo | -| autogenerated/Xss/DomBasedXss/tst3.js:15:20:15:20 | p | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst3.js:15:23:15:29 | data[p] | CalleeFlexibleAccessPath | foo.setAttribute | -| autogenerated/Xss/DomBasedXss/tst3.js:15:23:15:29 | data[p] | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst3.js:15:23:15:29 | data[p] | InputArgumentIndex | 1 | -| autogenerated/Xss/DomBasedXss/tst3.js:15:23:15:29 | data[p] | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst3.js:15:23:15:29 | data[p] | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst3.js:15:23:15:29 | data[p] | contextFunctionInterfaces | | -| autogenerated/Xss/DomBasedXss/tst3.js:15:23:15:29 | data[p] | contextSurroundingFunctionParameters | | -| autogenerated/Xss/DomBasedXss/tst3.js:15:23:15:29 | data[p] | enclosingFunctionBody | | -| autogenerated/Xss/DomBasedXss/tst3.js:15:23:15:29 | data[p] | enclosingFunctionName | | -| autogenerated/Xss/DomBasedXss/tst3.js:15:23:15:29 | data[p] | fileImports | | -| autogenerated/Xss/DomBasedXss/tst3.js:15:23:15:29 | data[p] | receiverName | foo | -| autogenerated/Xss/DomBasedXss/tst3.js:15:23:15:29 | data[p] | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:5:5:5:10 | 'myId' | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/DomBasedXss/tst.js:5:5:5:10 | 'myId' | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:5:5:5:10 | 'myId' | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:5:5:5:10 | 'myId' | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:5:5:5:10 | 'myId' | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:5:5:5:10 | 'myId' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:5:5:5:10 | 'myId' | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/tst.js:5:5:5:10 | 'myId' | enclosingFunctionBody | target document location search $ myId html target document write document write $
    $
    $
    params URL document location searchParams $ name html params get name searchParams URLSearchParams target substring 1 $ name html searchParams get name | -| autogenerated/Xss/DomBasedXss/tst.js:5:5:5:10 | 'myId' | enclosingFunctionName | test | -| autogenerated/Xss/DomBasedXss/tst.js:5:5:5:10 | 'myId' | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:5:5:5:10 | 'myId' | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:5:5:5:10 | 'myId' | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:5:18:5:23 | target | CalleeFlexibleAccessPath | $().html | -| autogenerated/Xss/DomBasedXss/tst.js:5:18:5:23 | target | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:5:18:5:23 | target | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:5:18:5:23 | target | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:5:18:5:23 | target | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:5:18:5:23 | target | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:5:18:5:23 | target | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/tst.js:5:18:5:23 | target | enclosingFunctionBody | target document location search $ myId html target document write document write $
    $
    $
    params URL document location searchParams $ name html params get name searchParams URLSearchParams target substring 1 $ name html searchParams get name | -| autogenerated/Xss/DomBasedXss/tst.js:5:18:5:23 | target | enclosingFunctionName | test | -| autogenerated/Xss/DomBasedXss/tst.js:5:18:5:23 | target | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:5:18:5:23 | target | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:5:18:5:23 | target | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:8:18:8:35 | " document write $
    $
    $
    params URL document location searchParams $ name html params get name searchParams URLSearchParams target substring 1 $ name html searchParams get name | -| autogenerated/Xss/DomBasedXss/tst.js:8:18:8:35 | "' | -| autogenerated/Xss/DomBasedXss/tst.js:8:18:8:126 | "" | CalleeFlexibleAccessPath | document.write | -| autogenerated/Xss/DomBasedXss/tst.js:8:18:8:126 | "" | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:8:18:8:126 | "" | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:8:18:8:126 | "" | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:8:18:8:126 | "" | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:8:18:8:126 | "" | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:8:18:8:126 | "" | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/tst.js:8:18:8:126 | "" | enclosingFunctionBody | target document location search $ myId html target document write document write $
    $
    $
    params URL document location searchParams $ name html params get name searchParams URLSearchParams target substring 1 $ name html searchParams get name | -| autogenerated/Xss/DomBasedXss/tst.js:8:18:8:126 | "" | enclosingFunctionName | test | -| autogenerated/Xss/DomBasedXss/tst.js:8:18:8:126 | "" | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:8:18:8:126 | "" | receiverName | document | -| autogenerated/Xss/DomBasedXss/tst.js:8:18:8:126 | "" | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:8:37:8:114 | documen ... t=")+8) | CalleeFlexibleAccessPath | | -| autogenerated/Xss/DomBasedXss/tst.js:8:37:8:114 | documen ... t=")+8) | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:8:37:8:114 | documen ... t=")+8) | InputArgumentIndex | | -| autogenerated/Xss/DomBasedXss/tst.js:8:37:8:114 | documen ... t=")+8) | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:8:37:8:114 | documen ... t=")+8) | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:8:37:8:114 | documen ... t=")+8) | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:8:37:8:114 | documen ... t=")+8) | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/tst.js:8:37:8:114 | documen ... t=")+8) | enclosingFunctionBody | target document location search $ myId html target document write document write $
    $
    $
    params URL document location searchParams $ name html params get name searchParams URLSearchParams target substring 1 $ name html searchParams get name | -| autogenerated/Xss/DomBasedXss/tst.js:8:37:8:114 | documen ... t=")+8) | enclosingFunctionName | test | -| autogenerated/Xss/DomBasedXss/tst.js:8:37:8:114 | documen ... t=")+8) | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:8:37:8:114 | documen ... t=")+8) | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:8:37:8:114 | documen ... t=")+8) | stringConcatenatedWith | '' | -| autogenerated/Xss/DomBasedXss/tst.js:8:70:8:113 | documen ... lt=")+8 | CalleeFlexibleAccessPath | document.location.href.substring | -| autogenerated/Xss/DomBasedXss/tst.js:8:70:8:113 | documen ... lt=")+8 | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:8:70:8:113 | documen ... lt=")+8 | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:8:70:8:113 | documen ... lt=")+8 | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:8:70:8:113 | documen ... lt=")+8 | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:8:70:8:113 | documen ... lt=")+8 | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:8:70:8:113 | documen ... lt=")+8 | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/tst.js:8:70:8:113 | documen ... lt=")+8 | enclosingFunctionBody | target document location search $ myId html target document write document write $
    $
    $
    params URL document location searchParams $ name html params get name searchParams URLSearchParams target substring 1 $ name html searchParams get name | -| autogenerated/Xss/DomBasedXss/tst.js:8:70:8:113 | documen ... lt=")+8 | enclosingFunctionName | test | -| autogenerated/Xss/DomBasedXss/tst.js:8:70:8:113 | documen ... lt=")+8 | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:8:70:8:113 | documen ... lt=")+8 | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:8:70:8:113 | documen ... lt=")+8 | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:8:101:8:110 | "default=" | CalleeFlexibleAccessPath | document.location.href.indexOf | -| autogenerated/Xss/DomBasedXss/tst.js:8:101:8:110 | "default=" | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:8:101:8:110 | "default=" | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:8:101:8:110 | "default=" | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:8:101:8:110 | "default=" | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:8:101:8:110 | "default=" | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:8:101:8:110 | "default=" | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/tst.js:8:101:8:110 | "default=" | enclosingFunctionBody | target document location search $ myId html target document write document write $
    $
    $
    params URL document location searchParams $ name html params get name searchParams URLSearchParams target substring 1 $ name html searchParams get name | -| autogenerated/Xss/DomBasedXss/tst.js:8:101:8:110 | "default=" | enclosingFunctionName | test | -| autogenerated/Xss/DomBasedXss/tst.js:8:101:8:110 | "default=" | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:8:101:8:110 | "default=" | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:8:101:8:110 | "default=" | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:8:116:8:126 | "" | CalleeFlexibleAccessPath | | -| autogenerated/Xss/DomBasedXss/tst.js:8:116:8:126 | "" | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:8:116:8:126 | "" | InputArgumentIndex | | -| autogenerated/Xss/DomBasedXss/tst.js:8:116:8:126 | "" | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:8:116:8:126 | "" | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:8:116:8:126 | "" | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:8:116:8:126 | "" | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/tst.js:8:116:8:126 | "" | enclosingFunctionBody | target document location search $ myId html target document write document write $
    $
    $
    params URL document location searchParams $ name html params get name searchParams URLSearchParams target substring 1 $ name html searchParams get name | -| autogenerated/Xss/DomBasedXss/tst.js:8:116:8:126 | "" | enclosingFunctionName | test | -| autogenerated/Xss/DomBasedXss/tst.js:8:116:8:126 | "" | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:8:116:8:126 | "" | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:8:116:8:126 | "" | stringConcatenatedWith | '
    $
    $
    params URL document location searchParams $ name html params get name searchParams URLSearchParams target substring 1 $ name html searchParams get name | -| autogenerated/Xss/DomBasedXss/tst.js:9:18:9:51 | "" | enclosingFunctionName | test | -| autogenerated/Xss/DomBasedXss/tst.js:9:18:9:51 | "" | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:9:18:9:51 | "" | receiverName | document | -| autogenerated/Xss/DomBasedXss/tst.js:9:18:9:51 | "" | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:12:5:12:24 | '
    document location href substring document location href indexOf default= 8 document write $
    $
    $
    params URL document location searchParams $ name html params get name searchParams URLSearchParams target substring 1 $ name html searchParams get name | -| autogenerated/Xss/DomBasedXss/tst.js:12:5:12:24 | '
    ' | -| autogenerated/Xss/DomBasedXss/tst.js:12:5:12:42 | '
    ' | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/DomBasedXss/tst.js:12:5:12:42 | '
    ' | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:12:5:12:42 | '
    ' | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:12:5:12:42 | '
    ' | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:12:5:12:42 | '
    ' | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:12:5:12:42 | '
    ' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:12:5:12:42 | '
    ' | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/tst.js:12:5:12:42 | '
    ' | enclosingFunctionBody | target document location search $ myId html target document write document write $
    $
    $
    params URL document location searchParams $ name html params get name searchParams URLSearchParams target substring 1 $ name html searchParams get name | -| autogenerated/Xss/DomBasedXss/tst.js:12:5:12:42 | '
    ' | enclosingFunctionName | test | -| autogenerated/Xss/DomBasedXss/tst.js:12:5:12:42 | '
    ' | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:12:5:12:42 | '
    ' | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:12:5:12:42 | '
    ' | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:12:28:12:33 | target | CalleeFlexibleAccessPath | | -| autogenerated/Xss/DomBasedXss/tst.js:12:28:12:33 | target | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:12:28:12:33 | target | InputArgumentIndex | | -| autogenerated/Xss/DomBasedXss/tst.js:12:28:12:33 | target | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:12:28:12:33 | target | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:12:28:12:33 | target | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:12:28:12:33 | target | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/tst.js:12:28:12:33 | target | enclosingFunctionBody | target document location search $ myId html target document write document write $
    $
    $
    params URL document location searchParams $ name html params get name searchParams URLSearchParams target substring 1 $ name html searchParams get name | -| autogenerated/Xss/DomBasedXss/tst.js:12:28:12:33 | target | enclosingFunctionName | test | -| autogenerated/Xss/DomBasedXss/tst.js:12:28:12:33 | target | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:12:28:12:33 | target | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:12:28:12:33 | target | stringConcatenatedWith | '
    ' | -| autogenerated/Xss/DomBasedXss/tst.js:12:37:12:42 | 'px">' | CalleeFlexibleAccessPath | | -| autogenerated/Xss/DomBasedXss/tst.js:12:37:12:42 | 'px">' | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:12:37:12:42 | 'px">' | InputArgumentIndex | | -| autogenerated/Xss/DomBasedXss/tst.js:12:37:12:42 | 'px">' | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:12:37:12:42 | 'px">' | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:12:37:12:42 | 'px">' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:12:37:12:42 | 'px">' | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/tst.js:12:37:12:42 | 'px">' | enclosingFunctionBody | target document location search $ myId html target document write document write $
    $
    $
    params URL document location searchParams $ name html params get name searchParams URLSearchParams target substring 1 $ name html searchParams get name | -| autogenerated/Xss/DomBasedXss/tst.js:12:37:12:42 | 'px">' | enclosingFunctionName | test | -| autogenerated/Xss/DomBasedXss/tst.js:12:37:12:42 | 'px">' | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:12:37:12:42 | 'px">' | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:12:37:12:42 | 'px">' | stringConcatenatedWith | '
    $
    $
    params URL document location searchParams $ name html params get name searchParams URLSearchParams target substring 1 $ name html searchParams get name | -| autogenerated/Xss/DomBasedXss/tst.js:14:5:14:24 | '
    ' | -| autogenerated/Xss/DomBasedXss/tst.js:14:5:14:43 | '
    ' | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/DomBasedXss/tst.js:14:5:14:43 | '
    ' | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:14:5:14:43 | '
    ' | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:14:5:14:43 | '
    ' | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:14:5:14:43 | '
    ' | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:14:5:14:43 | '
    ' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:14:5:14:43 | '
    ' | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/tst.js:14:5:14:43 | '
    ' | enclosingFunctionBody | target document location search $ myId html target document write document write $
    $
    $
    params URL document location searchParams $ name html params get name searchParams URLSearchParams target substring 1 $ name html searchParams get name | -| autogenerated/Xss/DomBasedXss/tst.js:14:5:14:43 | '
    ' | enclosingFunctionName | test | -| autogenerated/Xss/DomBasedXss/tst.js:14:5:14:43 | '
    ' | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:14:5:14:43 | '
    ' | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:14:5:14:43 | '
    ' | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:14:28:14:34 | +target | CalleeFlexibleAccessPath | | -| autogenerated/Xss/DomBasedXss/tst.js:14:28:14:34 | +target | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:14:28:14:34 | +target | InputArgumentIndex | | -| autogenerated/Xss/DomBasedXss/tst.js:14:28:14:34 | +target | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:14:28:14:34 | +target | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:14:28:14:34 | +target | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:14:28:14:34 | +target | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/tst.js:14:28:14:34 | +target | enclosingFunctionBody | target document location search $ myId html target document write document write $
    $
    $
    params URL document location searchParams $ name html params get name searchParams URLSearchParams target substring 1 $ name html searchParams get name | -| autogenerated/Xss/DomBasedXss/tst.js:14:28:14:34 | +target | enclosingFunctionName | test | -| autogenerated/Xss/DomBasedXss/tst.js:14:28:14:34 | +target | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:14:28:14:34 | +target | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:14:28:14:34 | +target | stringConcatenatedWith | '
    ' | -| autogenerated/Xss/DomBasedXss/tst.js:14:38:14:43 | 'px">' | CalleeFlexibleAccessPath | | -| autogenerated/Xss/DomBasedXss/tst.js:14:38:14:43 | 'px">' | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:14:38:14:43 | 'px">' | InputArgumentIndex | | -| autogenerated/Xss/DomBasedXss/tst.js:14:38:14:43 | 'px">' | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:14:38:14:43 | 'px">' | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:14:38:14:43 | 'px">' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:14:38:14:43 | 'px">' | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/tst.js:14:38:14:43 | 'px">' | enclosingFunctionBody | target document location search $ myId html target document write document write $
    $
    $
    params URL document location searchParams $ name html params get name searchParams URLSearchParams target substring 1 $ name html searchParams get name | -| autogenerated/Xss/DomBasedXss/tst.js:14:38:14:43 | 'px">' | enclosingFunctionName | test | -| autogenerated/Xss/DomBasedXss/tst.js:14:38:14:43 | 'px">' | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:14:38:14:43 | 'px">' | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:14:38:14:43 | 'px">' | stringConcatenatedWith | '
    $
    $
    params URL document location searchParams $ name html params get name searchParams URLSearchParams target substring 1 $ name html searchParams get name | -| autogenerated/Xss/DomBasedXss/tst.js:15:5:15:24 | '
    ' | -| autogenerated/Xss/DomBasedXss/tst.js:15:5:15:52 | '
    ' | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/DomBasedXss/tst.js:15:5:15:52 | '
    ' | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:15:5:15:52 | '
    ' | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:15:5:15:52 | '
    ' | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:15:5:15:52 | '
    ' | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:15:5:15:52 | '
    ' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:15:5:15:52 | '
    ' | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/tst.js:15:5:15:52 | '
    ' | enclosingFunctionBody | target document location search $ myId html target document write document write $
    $
    $
    params URL document location searchParams $ name html params get name searchParams URLSearchParams target substring 1 $ name html searchParams get name | -| autogenerated/Xss/DomBasedXss/tst.js:15:5:15:52 | '
    ' | enclosingFunctionName | test | -| autogenerated/Xss/DomBasedXss/tst.js:15:5:15:52 | '
    ' | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:15:5:15:52 | '
    ' | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:15:5:15:52 | '
    ' | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:15:28:15:43 | parseInt(target) | CalleeFlexibleAccessPath | | -| autogenerated/Xss/DomBasedXss/tst.js:15:28:15:43 | parseInt(target) | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:15:28:15:43 | parseInt(target) | InputArgumentIndex | | -| autogenerated/Xss/DomBasedXss/tst.js:15:28:15:43 | parseInt(target) | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:15:28:15:43 | parseInt(target) | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:15:28:15:43 | parseInt(target) | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:15:28:15:43 | parseInt(target) | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/tst.js:15:28:15:43 | parseInt(target) | enclosingFunctionBody | target document location search $ myId html target document write document write $
    $
    $
    params URL document location searchParams $ name html params get name searchParams URLSearchParams target substring 1 $ name html searchParams get name | -| autogenerated/Xss/DomBasedXss/tst.js:15:28:15:43 | parseInt(target) | enclosingFunctionName | test | -| autogenerated/Xss/DomBasedXss/tst.js:15:28:15:43 | parseInt(target) | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:15:28:15:43 | parseInt(target) | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:15:28:15:43 | parseInt(target) | stringConcatenatedWith | '
    ' | -| autogenerated/Xss/DomBasedXss/tst.js:15:37:15:42 | target | CalleeFlexibleAccessPath | parseInt | -| autogenerated/Xss/DomBasedXss/tst.js:15:37:15:42 | target | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:15:37:15:42 | target | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:15:37:15:42 | target | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:15:37:15:42 | target | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:15:37:15:42 | target | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:15:37:15:42 | target | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/tst.js:15:37:15:42 | target | enclosingFunctionBody | target document location search $ myId html target document write document write $
    $
    $
    params URL document location searchParams $ name html params get name searchParams URLSearchParams target substring 1 $ name html searchParams get name | -| autogenerated/Xss/DomBasedXss/tst.js:15:37:15:42 | target | enclosingFunctionName | test | -| autogenerated/Xss/DomBasedXss/tst.js:15:37:15:42 | target | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:15:37:15:42 | target | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:15:37:15:42 | target | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:15:47:15:52 | 'px">' | CalleeFlexibleAccessPath | | -| autogenerated/Xss/DomBasedXss/tst.js:15:47:15:52 | 'px">' | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:15:47:15:52 | 'px">' | InputArgumentIndex | | -| autogenerated/Xss/DomBasedXss/tst.js:15:47:15:52 | 'px">' | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:15:47:15:52 | 'px">' | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:15:47:15:52 | 'px">' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:15:47:15:52 | 'px">' | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/tst.js:15:47:15:52 | 'px">' | enclosingFunctionBody | target document location search $ myId html target document write document write $
    $
    $
    params URL document location searchParams $ name html params get name searchParams URLSearchParams target substring 1 $ name html searchParams get name | -| autogenerated/Xss/DomBasedXss/tst.js:15:47:15:52 | 'px">' | enclosingFunctionName | test | -| autogenerated/Xss/DomBasedXss/tst.js:15:47:15:52 | 'px">' | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:15:47:15:52 | 'px">' | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:15:47:15:52 | 'px">' | stringConcatenatedWith | '
    $
    $
    params URL document location searchParams $ name html params get name searchParams URLSearchParams target substring 1 $ name html searchParams get name | -| autogenerated/Xss/DomBasedXss/tst.js:18:5:18:10 | 'name' | enclosingFunctionName | test | -| autogenerated/Xss/DomBasedXss/tst.js:18:5:18:10 | 'name' | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:18:5:18:10 | 'name' | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:18:5:18:10 | 'name' | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:18:18:18:35 | params.get('name') | CalleeFlexibleAccessPath | $().html | -| autogenerated/Xss/DomBasedXss/tst.js:18:18:18:35 | params.get('name') | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:18:18:18:35 | params.get('name') | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:18:18:18:35 | params.get('name') | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:18:18:18:35 | params.get('name') | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:18:18:18:35 | params.get('name') | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:18:18:18:35 | params.get('name') | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/tst.js:18:18:18:35 | params.get('name') | enclosingFunctionBody | target document location search $ myId html target document write document write $
    $
    $
    params URL document location searchParams $ name html params get name searchParams URLSearchParams target substring 1 $ name html searchParams get name | -| autogenerated/Xss/DomBasedXss/tst.js:18:18:18:35 | params.get('name') | enclosingFunctionName | test | -| autogenerated/Xss/DomBasedXss/tst.js:18:18:18:35 | params.get('name') | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:18:18:18:35 | params.get('name') | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:18:18:18:35 | params.get('name') | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:18:29:18:34 | 'name' | CalleeFlexibleAccessPath | params.get | -| autogenerated/Xss/DomBasedXss/tst.js:18:29:18:34 | 'name' | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:18:29:18:34 | 'name' | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:18:29:18:34 | 'name' | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:18:29:18:34 | 'name' | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:18:29:18:34 | 'name' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:18:29:18:34 | 'name' | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/tst.js:18:29:18:34 | 'name' | enclosingFunctionBody | target document location search $ myId html target document write document write $
    $
    $
    params URL document location searchParams $ name html params get name searchParams URLSearchParams target substring 1 $ name html searchParams get name | -| autogenerated/Xss/DomBasedXss/tst.js:18:29:18:34 | 'name' | enclosingFunctionName | test | -| autogenerated/Xss/DomBasedXss/tst.js:18:29:18:34 | 'name' | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:18:29:18:34 | 'name' | receiverName | params | -| autogenerated/Xss/DomBasedXss/tst.js:18:29:18:34 | 'name' | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:20:59:20:59 | 1 | CalleeFlexibleAccessPath | target.substring | -| autogenerated/Xss/DomBasedXss/tst.js:20:59:20:59 | 1 | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:20:59:20:59 | 1 | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:20:59:20:59 | 1 | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:20:59:20:59 | 1 | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:20:59:20:59 | 1 | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:20:59:20:59 | 1 | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/tst.js:20:59:20:59 | 1 | enclosingFunctionBody | target document location search $ myId html target document write document write $
    $
    $
    params URL document location searchParams $ name html params get name searchParams URLSearchParams target substring 1 $ name html searchParams get name | -| autogenerated/Xss/DomBasedXss/tst.js:20:59:20:59 | 1 | enclosingFunctionName | test | -| autogenerated/Xss/DomBasedXss/tst.js:20:59:20:59 | 1 | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:20:59:20:59 | 1 | receiverName | target | -| autogenerated/Xss/DomBasedXss/tst.js:20:59:20:59 | 1 | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:21:5:21:10 | 'name' | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/DomBasedXss/tst.js:21:5:21:10 | 'name' | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:21:5:21:10 | 'name' | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:21:5:21:10 | 'name' | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:21:5:21:10 | 'name' | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:21:5:21:10 | 'name' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:21:5:21:10 | 'name' | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/tst.js:21:5:21:10 | 'name' | enclosingFunctionBody | target document location search $ myId html target document write document write $
    $
    $
    params URL document location searchParams $ name html params get name searchParams URLSearchParams target substring 1 $ name html searchParams get name | -| autogenerated/Xss/DomBasedXss/tst.js:21:5:21:10 | 'name' | enclosingFunctionName | test | -| autogenerated/Xss/DomBasedXss/tst.js:21:5:21:10 | 'name' | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:21:5:21:10 | 'name' | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:21:5:21:10 | 'name' | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:21:18:21:41 | searchP ... 'name') | CalleeFlexibleAccessPath | $().html | -| autogenerated/Xss/DomBasedXss/tst.js:21:18:21:41 | searchP ... 'name') | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:21:18:21:41 | searchP ... 'name') | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:21:18:21:41 | searchP ... 'name') | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:21:18:21:41 | searchP ... 'name') | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:21:18:21:41 | searchP ... 'name') | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:21:18:21:41 | searchP ... 'name') | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/tst.js:21:18:21:41 | searchP ... 'name') | enclosingFunctionBody | target document location search $ myId html target document write document write $
    $
    $
    params URL document location searchParams $ name html params get name searchParams URLSearchParams target substring 1 $ name html searchParams get name | -| autogenerated/Xss/DomBasedXss/tst.js:21:18:21:41 | searchP ... 'name') | enclosingFunctionName | test | -| autogenerated/Xss/DomBasedXss/tst.js:21:18:21:41 | searchP ... 'name') | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:21:18:21:41 | searchP ... 'name') | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:21:18:21:41 | searchP ... 'name') | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:21:35:21:40 | 'name' | CalleeFlexibleAccessPath | searchParams.get | -| autogenerated/Xss/DomBasedXss/tst.js:21:35:21:40 | 'name' | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:21:35:21:40 | 'name' | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:21:35:21:40 | 'name' | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:21:35:21:40 | 'name' | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:21:35:21:40 | 'name' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:21:35:21:40 | 'name' | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/tst.js:21:35:21:40 | 'name' | enclosingFunctionBody | target document location search $ myId html target document write document write $
    $
    $
    params URL document location searchParams $ name html params get name searchParams URLSearchParams target substring 1 $ name html searchParams get name | -| autogenerated/Xss/DomBasedXss/tst.js:21:35:21:40 | 'name' | enclosingFunctionName | test | -| autogenerated/Xss/DomBasedXss/tst.js:21:35:21:40 | 'name' | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:21:35:21:40 | 'name' | receiverName | searchParams | -| autogenerated/Xss/DomBasedXss/tst.js:21:35:21:40 | 'name' | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:26:5:26:10 | 'myId' | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/DomBasedXss/tst.js:26:5:26:10 | 'myId' | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:26:5:26:10 | 'myId' | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:26:5:26:10 | 'myId' | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:26:5:26:10 | 'myId' | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:26:5:26:10 | 'myId' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:26:5:26:10 | 'myId' | contextSurroundingFunctionParameters | (target) | -| autogenerated/Xss/DomBasedXss/tst.js:26:5:26:10 | 'myId' | enclosingFunctionBody | target $ myId html target | -| autogenerated/Xss/DomBasedXss/tst.js:26:5:26:10 | 'myId' | enclosingFunctionName | foo | -| autogenerated/Xss/DomBasedXss/tst.js:26:5:26:10 | 'myId' | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:26:5:26:10 | 'myId' | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:26:5:26:10 | 'myId' | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:26:18:26:23 | target | CalleeFlexibleAccessPath | $().html | -| autogenerated/Xss/DomBasedXss/tst.js:26:18:26:23 | target | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:26:18:26:23 | target | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:26:18:26:23 | target | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:26:18:26:23 | target | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:26:18:26:23 | target | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:26:18:26:23 | target | contextSurroundingFunctionParameters | (target) | -| autogenerated/Xss/DomBasedXss/tst.js:26:18:26:23 | target | enclosingFunctionBody | target $ myId html target | -| autogenerated/Xss/DomBasedXss/tst.js:26:18:26:23 | target | enclosingFunctionName | foo | -| autogenerated/Xss/DomBasedXss/tst.js:26:18:26:23 | target | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:26:18:26:23 | target | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:26:18:26:23 | target | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:34:3:34:8 | 'myId' | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/DomBasedXss/tst.js:34:3:34:8 | 'myId' | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:34:3:34:8 | 'myId' | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:34:3:34:8 | 'myId' | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:34:3:34:8 | 'myId' | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:34:3:34:8 | 'myId' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:34:3:34:8 | 'myId' | contextSurroundingFunctionParameters | | -| autogenerated/Xss/DomBasedXss/tst.js:34:3:34:8 | 'myId' | enclosingFunctionBody | | -| autogenerated/Xss/DomBasedXss/tst.js:34:3:34:8 | 'myId' | enclosingFunctionName | | -| autogenerated/Xss/DomBasedXss/tst.js:34:3:34:8 | 'myId' | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:34:3:34:8 | 'myId' | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:34:3:34:8 | 'myId' | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:34:16:34:20 | bar() | CalleeFlexibleAccessPath | $().html | -| autogenerated/Xss/DomBasedXss/tst.js:34:16:34:20 | bar() | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:34:16:34:20 | bar() | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:34:16:34:20 | bar() | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:34:16:34:20 | bar() | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:34:16:34:20 | bar() | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:34:16:34:20 | bar() | contextSurroundingFunctionParameters | | -| autogenerated/Xss/DomBasedXss/tst.js:34:16:34:20 | bar() | enclosingFunctionBody | | -| autogenerated/Xss/DomBasedXss/tst.js:34:16:34:20 | bar() | enclosingFunctionName | | -| autogenerated/Xss/DomBasedXss/tst.js:34:16:34:20 | bar() | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:34:16:34:20 | bar() | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:34:16:34:20 | bar() | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:40:3:40:8 | 'myId' | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/DomBasedXss/tst.js:40:3:40:8 | 'myId' | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:40:3:40:8 | 'myId' | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:40:3:40:8 | 'myId' | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:40:3:40:8 | 'myId' | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:40:3:40:8 | 'myId' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:40:3:40:8 | 'myId' | contextSurroundingFunctionParameters | | -| autogenerated/Xss/DomBasedXss/tst.js:40:3:40:8 | 'myId' | enclosingFunctionBody | | -| autogenerated/Xss/DomBasedXss/tst.js:40:3:40:8 | 'myId' | enclosingFunctionName | | -| autogenerated/Xss/DomBasedXss/tst.js:40:3:40:8 | 'myId' | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:40:3:40:8 | 'myId' | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:40:3:40:8 | 'myId' | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:40:16:40:44 | baz(doc ... search) | CalleeFlexibleAccessPath | $().html | -| autogenerated/Xss/DomBasedXss/tst.js:40:16:40:44 | baz(doc ... search) | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:40:16:40:44 | baz(doc ... search) | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:40:16:40:44 | baz(doc ... search) | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:40:16:40:44 | baz(doc ... search) | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:40:16:40:44 | baz(doc ... search) | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:40:16:40:44 | baz(doc ... search) | contextSurroundingFunctionParameters | | -| autogenerated/Xss/DomBasedXss/tst.js:40:16:40:44 | baz(doc ... search) | enclosingFunctionBody | | -| autogenerated/Xss/DomBasedXss/tst.js:40:16:40:44 | baz(doc ... search) | enclosingFunctionName | | -| autogenerated/Xss/DomBasedXss/tst.js:40:16:40:44 | baz(doc ... search) | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:40:16:40:44 | baz(doc ... search) | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:40:16:40:44 | baz(doc ... search) | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:40:20:40:43 | documen ... .search | CalleeFlexibleAccessPath | baz | -| autogenerated/Xss/DomBasedXss/tst.js:40:20:40:43 | documen ... .search | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:40:20:40:43 | documen ... .search | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:40:20:40:43 | documen ... .search | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:40:20:40:43 | documen ... .search | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:40:20:40:43 | documen ... .search | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:40:20:40:43 | documen ... .search | contextSurroundingFunctionParameters | | -| autogenerated/Xss/DomBasedXss/tst.js:40:20:40:43 | documen ... .search | enclosingFunctionBody | | -| autogenerated/Xss/DomBasedXss/tst.js:40:20:40:43 | documen ... .search | enclosingFunctionName | | -| autogenerated/Xss/DomBasedXss/tst.js:40:20:40:43 | documen ... .search | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:40:20:40:43 | documen ... .search | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:40:20:40:43 | documen ... .search | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:43:10:43:16 | "
    " | CalleeFlexibleAccessPath | | -| autogenerated/Xss/DomBasedXss/tst.js:43:10:43:16 | "
    " | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:43:10:43:16 | "
    " | InputArgumentIndex | | -| autogenerated/Xss/DomBasedXss/tst.js:43:10:43:16 | "
    " | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:43:10:43:16 | "
    " | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:43:10:43:16 | "
    " | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:43:10:43:16 | "
    " | contextSurroundingFunctionParameters | (s) | -| autogenerated/Xss/DomBasedXss/tst.js:43:10:43:16 | "
    " | enclosingFunctionBody | s
    s
    | -| autogenerated/Xss/DomBasedXss/tst.js:43:10:43:16 | "
    " | enclosingFunctionName | wrap | -| autogenerated/Xss/DomBasedXss/tst.js:43:10:43:16 | "
    " | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:43:10:43:16 | "
    " | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:43:10:43:16 | "
    " | stringConcatenatedWith | -endpoint- s + '
    ' | -| autogenerated/Xss/DomBasedXss/tst.js:43:20:43:20 | s | CalleeFlexibleAccessPath | | -| autogenerated/Xss/DomBasedXss/tst.js:43:20:43:20 | s | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:43:20:43:20 | s | InputArgumentIndex | | -| autogenerated/Xss/DomBasedXss/tst.js:43:20:43:20 | s | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:43:20:43:20 | s | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:43:20:43:20 | s | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:43:20:43:20 | s | contextSurroundingFunctionParameters | (s) | -| autogenerated/Xss/DomBasedXss/tst.js:43:20:43:20 | s | enclosingFunctionBody | s
    s
    | -| autogenerated/Xss/DomBasedXss/tst.js:43:20:43:20 | s | enclosingFunctionName | wrap | -| autogenerated/Xss/DomBasedXss/tst.js:43:20:43:20 | s | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:43:20:43:20 | s | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:43:20:43:20 | s | stringConcatenatedWith | '
    ' -endpoint- '
    ' | -| autogenerated/Xss/DomBasedXss/tst.js:43:24:43:31 | "
    " | CalleeFlexibleAccessPath | | -| autogenerated/Xss/DomBasedXss/tst.js:43:24:43:31 | "
    " | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:43:24:43:31 | "
    " | InputArgumentIndex | | -| autogenerated/Xss/DomBasedXss/tst.js:43:24:43:31 | "
    " | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:43:24:43:31 | "
    " | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:43:24:43:31 | "
    " | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:43:24:43:31 | "
    " | contextSurroundingFunctionParameters | (s) | -| autogenerated/Xss/DomBasedXss/tst.js:43:24:43:31 | "
    " | enclosingFunctionBody | s
    s
    | -| autogenerated/Xss/DomBasedXss/tst.js:43:24:43:31 | "
    " | enclosingFunctionName | wrap | -| autogenerated/Xss/DomBasedXss/tst.js:43:24:43:31 | "
    " | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:43:24:43:31 | "
    " | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:43:24:43:31 | "
    " | stringConcatenatedWith | '
    ' + s -endpoint- | -| autogenerated/Xss/DomBasedXss/tst.js:46:3:46:8 | 'myId' | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/DomBasedXss/tst.js:46:3:46:8 | 'myId' | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:46:3:46:8 | 'myId' | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:46:3:46:8 | 'myId' | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:46:3:46:8 | 'myId' | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:46:3:46:8 | 'myId' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:46:3:46:8 | 'myId' | contextSurroundingFunctionParameters | | -| autogenerated/Xss/DomBasedXss/tst.js:46:3:46:8 | 'myId' | enclosingFunctionBody | | -| autogenerated/Xss/DomBasedXss/tst.js:46:3:46:8 | 'myId' | enclosingFunctionName | | -| autogenerated/Xss/DomBasedXss/tst.js:46:3:46:8 | 'myId' | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:46:3:46:8 | 'myId' | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:46:3:46:8 | 'myId' | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:46:16:46:45 | wrap(do ... search) | CalleeFlexibleAccessPath | $().html | -| autogenerated/Xss/DomBasedXss/tst.js:46:16:46:45 | wrap(do ... search) | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:46:16:46:45 | wrap(do ... search) | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:46:16:46:45 | wrap(do ... search) | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:46:16:46:45 | wrap(do ... search) | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:46:16:46:45 | wrap(do ... search) | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:46:16:46:45 | wrap(do ... search) | contextSurroundingFunctionParameters | | -| autogenerated/Xss/DomBasedXss/tst.js:46:16:46:45 | wrap(do ... search) | enclosingFunctionBody | | -| autogenerated/Xss/DomBasedXss/tst.js:46:16:46:45 | wrap(do ... search) | enclosingFunctionName | | -| autogenerated/Xss/DomBasedXss/tst.js:46:16:46:45 | wrap(do ... search) | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:46:16:46:45 | wrap(do ... search) | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:46:16:46:45 | wrap(do ... search) | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:50:21:50:21 | 1 | CalleeFlexibleAccessPath | s.substr | -| autogenerated/Xss/DomBasedXss/tst.js:50:21:50:21 | 1 | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:50:21:50:21 | 1 | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:50:21:50:21 | 1 | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:50:21:50:21 | 1 | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:50:21:50:21 | 1 | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:50:21:50:21 | 1 | contextSurroundingFunctionParameters | (s) | -| autogenerated/Xss/DomBasedXss/tst.js:50:21:50:21 | 1 | enclosingFunctionBody | s s s substr 1 | -| autogenerated/Xss/DomBasedXss/tst.js:50:21:50:21 | 1 | enclosingFunctionName | chop | -| autogenerated/Xss/DomBasedXss/tst.js:50:21:50:21 | 1 | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:50:21:50:21 | 1 | receiverName | s | -| autogenerated/Xss/DomBasedXss/tst.js:50:21:50:21 | 1 | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:54:3:54:8 | 'myId' | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/DomBasedXss/tst.js:54:3:54:8 | 'myId' | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:54:3:54:8 | 'myId' | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:54:3:54:8 | 'myId' | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:54:3:54:8 | 'myId' | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:54:3:54:8 | 'myId' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:54:3:54:8 | 'myId' | contextSurroundingFunctionParameters | | -| autogenerated/Xss/DomBasedXss/tst.js:54:3:54:8 | 'myId' | enclosingFunctionBody | | -| autogenerated/Xss/DomBasedXss/tst.js:54:3:54:8 | 'myId' | enclosingFunctionName | | -| autogenerated/Xss/DomBasedXss/tst.js:54:3:54:8 | 'myId' | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:54:3:54:8 | 'myId' | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:54:3:54:8 | 'myId' | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:54:16:54:45 | chop(do ... search) | CalleeFlexibleAccessPath | $().html | -| autogenerated/Xss/DomBasedXss/tst.js:54:16:54:45 | chop(do ... search) | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:54:16:54:45 | chop(do ... search) | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:54:16:54:45 | chop(do ... search) | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:54:16:54:45 | chop(do ... search) | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:54:16:54:45 | chop(do ... search) | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:54:16:54:45 | chop(do ... search) | contextSurroundingFunctionParameters | | -| autogenerated/Xss/DomBasedXss/tst.js:54:16:54:45 | chop(do ... search) | enclosingFunctionBody | | -| autogenerated/Xss/DomBasedXss/tst.js:54:16:54:45 | chop(do ... search) | enclosingFunctionName | | -| autogenerated/Xss/DomBasedXss/tst.js:54:16:54:45 | chop(do ... search) | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:54:16:54:45 | chop(do ... search) | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:54:16:54:45 | chop(do ... search) | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:56:3:56:8 | 'myId' | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/DomBasedXss/tst.js:56:3:56:8 | 'myId' | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:56:3:56:8 | 'myId' | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:56:3:56:8 | 'myId' | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:56:3:56:8 | 'myId' | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:56:3:56:8 | 'myId' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:56:3:56:8 | 'myId' | contextSurroundingFunctionParameters | | -| autogenerated/Xss/DomBasedXss/tst.js:56:3:56:8 | 'myId' | enclosingFunctionBody | | -| autogenerated/Xss/DomBasedXss/tst.js:56:3:56:8 | 'myId' | enclosingFunctionName | | -| autogenerated/Xss/DomBasedXss/tst.js:56:3:56:8 | 'myId' | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:56:3:56:8 | 'myId' | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:56:3:56:8 | 'myId' | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:56:16:56:45 | chop(do ... search) | CalleeFlexibleAccessPath | $().html | -| autogenerated/Xss/DomBasedXss/tst.js:56:16:56:45 | chop(do ... search) | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:56:16:56:45 | chop(do ... search) | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:56:16:56:45 | chop(do ... search) | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:56:16:56:45 | chop(do ... search) | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:56:16:56:45 | chop(do ... search) | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:56:16:56:45 | chop(do ... search) | contextSurroundingFunctionParameters | | -| autogenerated/Xss/DomBasedXss/tst.js:56:16:56:45 | chop(do ... search) | enclosingFunctionBody | | -| autogenerated/Xss/DomBasedXss/tst.js:56:16:56:45 | chop(do ... search) | enclosingFunctionName | | -| autogenerated/Xss/DomBasedXss/tst.js:56:16:56:45 | chop(do ... search) | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:56:16:56:45 | chop(do ... search) | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:56:16:56:45 | chop(do ... search) | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:58:3:58:8 | 'myId' | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/DomBasedXss/tst.js:58:3:58:8 | 'myId' | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:58:3:58:8 | 'myId' | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:58:3:58:8 | 'myId' | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:58:3:58:8 | 'myId' | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:58:3:58:8 | 'myId' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:58:3:58:8 | 'myId' | contextSurroundingFunctionParameters | | -| autogenerated/Xss/DomBasedXss/tst.js:58:3:58:8 | 'myId' | enclosingFunctionBody | | -| autogenerated/Xss/DomBasedXss/tst.js:58:3:58:8 | 'myId' | enclosingFunctionName | | -| autogenerated/Xss/DomBasedXss/tst.js:58:3:58:8 | 'myId' | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:58:3:58:8 | 'myId' | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:58:3:58:8 | 'myId' | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:58:16:58:32 | wrap(chop(bar())) | CalleeFlexibleAccessPath | $().html | -| autogenerated/Xss/DomBasedXss/tst.js:58:16:58:32 | wrap(chop(bar())) | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:58:16:58:32 | wrap(chop(bar())) | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:58:16:58:32 | wrap(chop(bar())) | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:58:16:58:32 | wrap(chop(bar())) | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:58:16:58:32 | wrap(chop(bar())) | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:58:16:58:32 | wrap(chop(bar())) | contextSurroundingFunctionParameters | | -| autogenerated/Xss/DomBasedXss/tst.js:58:16:58:32 | wrap(chop(bar())) | enclosingFunctionBody | | -| autogenerated/Xss/DomBasedXss/tst.js:58:16:58:32 | wrap(chop(bar())) | enclosingFunctionName | | -| autogenerated/Xss/DomBasedXss/tst.js:58:16:58:32 | wrap(chop(bar())) | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:58:16:58:32 | wrap(chop(bar())) | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:58:16:58:32 | wrap(chop(bar())) | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:62:5:62:10 | 'myId' | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/DomBasedXss/tst.js:62:5:62:10 | 'myId' | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:62:5:62:10 | 'myId' | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:62:5:62:10 | 'myId' | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:62:5:62:10 | 'myId' | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:62:5:62:10 | 'myId' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:62:5:62:10 | 'myId' | contextSurroundingFunctionParameters | (s) | -| autogenerated/Xss/DomBasedXss/tst.js:62:5:62:10 | 'myId' | enclosingFunctionBody | s $ myId html s | -| autogenerated/Xss/DomBasedXss/tst.js:62:5:62:10 | 'myId' | enclosingFunctionName | dangerouslySetInnerHtml | -| autogenerated/Xss/DomBasedXss/tst.js:62:5:62:10 | 'myId' | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:62:5:62:10 | 'myId' | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:62:5:62:10 | 'myId' | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:62:18:62:18 | s | CalleeFlexibleAccessPath | $().html | -| autogenerated/Xss/DomBasedXss/tst.js:62:18:62:18 | s | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:62:18:62:18 | s | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:62:18:62:18 | s | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:62:18:62:18 | s | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:62:18:62:18 | s | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:62:18:62:18 | s | contextSurroundingFunctionParameters | (s) | -| autogenerated/Xss/DomBasedXss/tst.js:62:18:62:18 | s | enclosingFunctionBody | s $ myId html s | -| autogenerated/Xss/DomBasedXss/tst.js:62:18:62:18 | s | enclosingFunctionName | dangerouslySetInnerHtml | -| autogenerated/Xss/DomBasedXss/tst.js:62:18:62:18 | s | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:62:18:62:18 | s | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:62:18:62:18 | s | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:68:3:68:8 | 'myId' | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/DomBasedXss/tst.js:68:3:68:8 | 'myId' | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:68:3:68:8 | 'myId' | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:68:3:68:8 | 'myId' | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:68:3:68:8 | 'myId' | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:68:3:68:8 | 'myId' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:68:3:68:8 | 'myId' | contextSurroundingFunctionParameters | | -| autogenerated/Xss/DomBasedXss/tst.js:68:3:68:8 | 'myId' | enclosingFunctionBody | | -| autogenerated/Xss/DomBasedXss/tst.js:68:3:68:8 | 'myId' | enclosingFunctionName | | -| autogenerated/Xss/DomBasedXss/tst.js:68:3:68:8 | 'myId' | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:68:3:68:8 | 'myId' | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:68:3:68:8 | 'myId' | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:68:16:68:20 | bar() | CalleeFlexibleAccessPath | $().html | -| autogenerated/Xss/DomBasedXss/tst.js:68:16:68:20 | bar() | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:68:16:68:20 | bar() | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:68:16:68:20 | bar() | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:68:16:68:20 | bar() | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:68:16:68:20 | bar() | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:68:16:68:20 | bar() | contextSurroundingFunctionParameters | | -| autogenerated/Xss/DomBasedXss/tst.js:68:16:68:20 | bar() | enclosingFunctionBody | | -| autogenerated/Xss/DomBasedXss/tst.js:68:16:68:20 | bar() | enclosingFunctionName | | -| autogenerated/Xss/DomBasedXss/tst.js:68:16:68:20 | bar() | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:68:16:68:20 | bar() | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:68:16:68:20 | bar() | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:73:7:73:12 | 'myId' | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/DomBasedXss/tst.js:73:7:73:12 | 'myId' | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:73:7:73:12 | 'myId' | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:73:7:73:12 | 'myId' | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:73:7:73:12 | 'myId' | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:73:7:73:12 | 'myId' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:73:7:73:12 | 'myId' | contextSurroundingFunctionParameters | (x) | -| autogenerated/Xss/DomBasedXss/tst.js:73:7:73:12 | 'myId' | enclosingFunctionBody | x x $ myId html x | -| autogenerated/Xss/DomBasedXss/tst.js:73:7:73:12 | 'myId' | enclosingFunctionName | forEach#functionalargument | -| autogenerated/Xss/DomBasedXss/tst.js:73:7:73:12 | 'myId' | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:73:7:73:12 | 'myId' | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:73:7:73:12 | 'myId' | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:73:20:73:20 | x | CalleeFlexibleAccessPath | $().html | -| autogenerated/Xss/DomBasedXss/tst.js:73:20:73:20 | x | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:73:20:73:20 | x | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:73:20:73:20 | x | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:73:20:73:20 | x | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:73:20:73:20 | x | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:73:20:73:20 | x | contextSurroundingFunctionParameters | (x) | -| autogenerated/Xss/DomBasedXss/tst.js:73:20:73:20 | x | enclosingFunctionBody | x x $ myId html x | -| autogenerated/Xss/DomBasedXss/tst.js:73:20:73:20 | x | enclosingFunctionName | forEach#functionalargument | -| autogenerated/Xss/DomBasedXss/tst.js:73:20:73:20 | x | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:73:20:73:20 | x | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:73:20:73:20 | x | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:77:40:77:73 | {__html ... search} | CalleeFlexibleAccessPath | | -| autogenerated/Xss/DomBasedXss/tst.js:77:40:77:73 | {__html ... search} | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:77:40:77:73 | {__html ... search} | InputArgumentIndex | | -| autogenerated/Xss/DomBasedXss/tst.js:77:40:77:73 | {__html ... search} | assignedToPropName | dangerouslySetInnerHTML | -| autogenerated/Xss/DomBasedXss/tst.js:77:40:77:73 | {__html ... search} | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:77:40:77:73 | {__html ... search} | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:77:40:77:73 | {__html ... search} | contextSurroundingFunctionParameters | | -| autogenerated/Xss/DomBasedXss/tst.js:77:40:77:73 | {__html ... search} | enclosingFunctionBody | | -| autogenerated/Xss/DomBasedXss/tst.js:77:40:77:73 | {__html ... search} | enclosingFunctionName | | -| autogenerated/Xss/DomBasedXss/tst.js:77:40:77:73 | {__html ... search} | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:77:40:77:73 | {__html ... search} | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:77:40:77:73 | {__html ... search} | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:77:49:77:72 | documen ... .search | CalleeFlexibleAccessPath | | -| autogenerated/Xss/DomBasedXss/tst.js:77:49:77:72 | documen ... .search | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:77:49:77:72 | documen ... .search | InputArgumentIndex | | -| autogenerated/Xss/DomBasedXss/tst.js:77:49:77:72 | documen ... .search | assignedToPropName | __html | -| autogenerated/Xss/DomBasedXss/tst.js:77:49:77:72 | documen ... .search | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:77:49:77:72 | documen ... .search | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:77:49:77:72 | documen ... .search | contextSurroundingFunctionParameters | | -| autogenerated/Xss/DomBasedXss/tst.js:77:49:77:72 | documen ... .search | enclosingFunctionBody | | -| autogenerated/Xss/DomBasedXss/tst.js:77:49:77:72 | documen ... .search | enclosingFunctionName | | -| autogenerated/Xss/DomBasedXss/tst.js:77:49:77:72 | documen ... .search | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:77:49:77:72 | documen ... .search | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:77:49:77:72 | documen ... .search | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:79:16:79:22 | 'myApp' | CalleeFlexibleAccessPath | angular.module | -| autogenerated/Xss/DomBasedXss/tst.js:79:16:79:22 | 'myApp' | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:79:16:79:22 | 'myApp' | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:79:16:79:22 | 'myApp' | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:79:16:79:22 | 'myApp' | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:79:16:79:22 | 'myApp' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:79:16:79:22 | 'myApp' | contextSurroundingFunctionParameters | | -| autogenerated/Xss/DomBasedXss/tst.js:79:16:79:22 | 'myApp' | enclosingFunctionBody | | -| autogenerated/Xss/DomBasedXss/tst.js:79:16:79:22 | 'myApp' | enclosingFunctionName | | -| autogenerated/Xss/DomBasedXss/tst.js:79:16:79:22 | 'myApp' | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:79:16:79:22 | 'myApp' | receiverName | angular | -| autogenerated/Xss/DomBasedXss/tst.js:79:16:79:22 | 'myApp' | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:79:25:79:26 | [] | CalleeFlexibleAccessPath | angular.module | -| autogenerated/Xss/DomBasedXss/tst.js:79:25:79:26 | [] | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:79:25:79:26 | [] | InputArgumentIndex | 1 | -| autogenerated/Xss/DomBasedXss/tst.js:79:25:79:26 | [] | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:79:25:79:26 | [] | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:79:25:79:26 | [] | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:79:25:79:26 | [] | contextSurroundingFunctionParameters | | -| autogenerated/Xss/DomBasedXss/tst.js:79:25:79:26 | [] | enclosingFunctionBody | | -| autogenerated/Xss/DomBasedXss/tst.js:79:25:79:26 | [] | enclosingFunctionName | | -| autogenerated/Xss/DomBasedXss/tst.js:79:25:79:26 | [] | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:79:25:79:26 | [] | receiverName | angular | -| autogenerated/Xss/DomBasedXss/tst.js:79:25:79:26 | [] | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:80:14:80:24 | "myService" | CalleeFlexibleAccessPath | angular.module().service | -| autogenerated/Xss/DomBasedXss/tst.js:80:14:80:24 | "myService" | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:80:14:80:24 | "myService" | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:80:14:80:24 | "myService" | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:80:14:80:24 | "myService" | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:80:14:80:24 | "myService" | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:80:14:80:24 | "myService" | contextSurroundingFunctionParameters | | -| autogenerated/Xss/DomBasedXss/tst.js:80:14:80:24 | "myService" | enclosingFunctionBody | | -| autogenerated/Xss/DomBasedXss/tst.js:80:14:80:24 | "myService" | enclosingFunctionName | | -| autogenerated/Xss/DomBasedXss/tst.js:80:14:80:24 | "myService" | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:80:14:80:24 | "myService" | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:80:14:80:24 | "myService" | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:80:27:88:5 | functio ... K\\n } | CalleeFlexibleAccessPath | angular.module().service | -| autogenerated/Xss/DomBasedXss/tst.js:80:27:88:5 | functio ... K\\n } | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:80:27:88:5 | functio ... K\\n } | InputArgumentIndex | 1 | -| autogenerated/Xss/DomBasedXss/tst.js:80:27:88:5 | functio ... K\\n } | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:80:27:88:5 | functio ... K\\n } | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:80:27:88:5 | functio ... K\\n } | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:80:27:88:5 | functio ... K\\n } | contextSurroundingFunctionParameters | ($sce, $other) | -| autogenerated/Xss/DomBasedXss/tst.js:80:27:88:5 | functio ... K\\n } | enclosingFunctionBody | | -| autogenerated/Xss/DomBasedXss/tst.js:80:27:88:5 | functio ... K\\n } | enclosingFunctionName | | -| autogenerated/Xss/DomBasedXss/tst.js:80:27:88:5 | functio ... K\\n } | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:80:27:88:5 | functio ... K\\n } | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:80:27:88:5 | functio ... K\\n } | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:81:26:81:49 | documen ... .search | CalleeFlexibleAccessPath | $sce.trustAsHtml | -| autogenerated/Xss/DomBasedXss/tst.js:81:26:81:49 | documen ... .search | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:81:26:81:49 | documen ... .search | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:81:26:81:49 | documen ... .search | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:81:26:81:49 | documen ... .search | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:81:26:81:49 | documen ... .search | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:81:26:81:49 | documen ... .search | contextSurroundingFunctionParameters | ($sce, $other) | -| autogenerated/Xss/DomBasedXss/tst.js:81:26:81:49 | documen ... .search | enclosingFunctionBody | $sce $other $sce trustAsHtml document location search $sce trustAsCss document location search $sce trustAsUNKNOWN document location search $sce trustAs $sce HTML document location search $sce trustAs $sce CSS document location search $sce trustAs UNKNOWN document location search $other trustAsHtml document location search | -| autogenerated/Xss/DomBasedXss/tst.js:81:26:81:49 | documen ... .search | enclosingFunctionName | service#functionalargument | -| autogenerated/Xss/DomBasedXss/tst.js:81:26:81:49 | documen ... .search | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:81:26:81:49 | documen ... .search | receiverName | $sce | -| autogenerated/Xss/DomBasedXss/tst.js:81:26:81:49 | documen ... .search | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:82:25:82:48 | documen ... .search | CalleeFlexibleAccessPath | $sce.trustAsCss | -| autogenerated/Xss/DomBasedXss/tst.js:82:25:82:48 | documen ... .search | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:82:25:82:48 | documen ... .search | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:82:25:82:48 | documen ... .search | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:82:25:82:48 | documen ... .search | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:82:25:82:48 | documen ... .search | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:82:25:82:48 | documen ... .search | contextSurroundingFunctionParameters | ($sce, $other) | -| autogenerated/Xss/DomBasedXss/tst.js:82:25:82:48 | documen ... .search | enclosingFunctionBody | $sce $other $sce trustAsHtml document location search $sce trustAsCss document location search $sce trustAsUNKNOWN document location search $sce trustAs $sce HTML document location search $sce trustAs $sce CSS document location search $sce trustAs UNKNOWN document location search $other trustAsHtml document location search | -| autogenerated/Xss/DomBasedXss/tst.js:82:25:82:48 | documen ... .search | enclosingFunctionName | service#functionalargument | -| autogenerated/Xss/DomBasedXss/tst.js:82:25:82:48 | documen ... .search | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:82:25:82:48 | documen ... .search | receiverName | $sce | -| autogenerated/Xss/DomBasedXss/tst.js:82:25:82:48 | documen ... .search | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:83:29:83:52 | documen ... .search | CalleeFlexibleAccessPath | $sce.trustAsUNKNOWN | -| autogenerated/Xss/DomBasedXss/tst.js:83:29:83:52 | documen ... .search | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:83:29:83:52 | documen ... .search | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:83:29:83:52 | documen ... .search | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:83:29:83:52 | documen ... .search | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:83:29:83:52 | documen ... .search | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:83:29:83:52 | documen ... .search | contextSurroundingFunctionParameters | ($sce, $other) | -| autogenerated/Xss/DomBasedXss/tst.js:83:29:83:52 | documen ... .search | enclosingFunctionBody | $sce $other $sce trustAsHtml document location search $sce trustAsCss document location search $sce trustAsUNKNOWN document location search $sce trustAs $sce HTML document location search $sce trustAs $sce CSS document location search $sce trustAs UNKNOWN document location search $other trustAsHtml document location search | -| autogenerated/Xss/DomBasedXss/tst.js:83:29:83:52 | documen ... .search | enclosingFunctionName | service#functionalargument | -| autogenerated/Xss/DomBasedXss/tst.js:83:29:83:52 | documen ... .search | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:83:29:83:52 | documen ... .search | receiverName | $sce | -| autogenerated/Xss/DomBasedXss/tst.js:83:29:83:52 | documen ... .search | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:84:33:84:56 | documen ... .search | CalleeFlexibleAccessPath | $sce.trustAs | -| autogenerated/Xss/DomBasedXss/tst.js:84:33:84:56 | documen ... .search | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:84:33:84:56 | documen ... .search | InputArgumentIndex | 1 | -| autogenerated/Xss/DomBasedXss/tst.js:84:33:84:56 | documen ... .search | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:84:33:84:56 | documen ... .search | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:84:33:84:56 | documen ... .search | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:84:33:84:56 | documen ... .search | contextSurroundingFunctionParameters | ($sce, $other) | -| autogenerated/Xss/DomBasedXss/tst.js:84:33:84:56 | documen ... .search | enclosingFunctionBody | $sce $other $sce trustAsHtml document location search $sce trustAsCss document location search $sce trustAsUNKNOWN document location search $sce trustAs $sce HTML document location search $sce trustAs $sce CSS document location search $sce trustAs UNKNOWN document location search $other trustAsHtml document location search | -| autogenerated/Xss/DomBasedXss/tst.js:84:33:84:56 | documen ... .search | enclosingFunctionName | service#functionalargument | -| autogenerated/Xss/DomBasedXss/tst.js:84:33:84:56 | documen ... .search | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:84:33:84:56 | documen ... .search | receiverName | $sce | -| autogenerated/Xss/DomBasedXss/tst.js:84:33:84:56 | documen ... .search | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:85:32:85:55 | documen ... .search | CalleeFlexibleAccessPath | $sce.trustAs | -| autogenerated/Xss/DomBasedXss/tst.js:85:32:85:55 | documen ... .search | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:85:32:85:55 | documen ... .search | InputArgumentIndex | 1 | -| autogenerated/Xss/DomBasedXss/tst.js:85:32:85:55 | documen ... .search | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:85:32:85:55 | documen ... .search | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:85:32:85:55 | documen ... .search | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:85:32:85:55 | documen ... .search | contextSurroundingFunctionParameters | ($sce, $other) | -| autogenerated/Xss/DomBasedXss/tst.js:85:32:85:55 | documen ... .search | enclosingFunctionBody | $sce $other $sce trustAsHtml document location search $sce trustAsCss document location search $sce trustAsUNKNOWN document location search $sce trustAs $sce HTML document location search $sce trustAs $sce CSS document location search $sce trustAs UNKNOWN document location search $other trustAsHtml document location search | -| autogenerated/Xss/DomBasedXss/tst.js:85:32:85:55 | documen ... .search | enclosingFunctionName | service#functionalargument | -| autogenerated/Xss/DomBasedXss/tst.js:85:32:85:55 | documen ... .search | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:85:32:85:55 | documen ... .search | receiverName | $sce | -| autogenerated/Xss/DomBasedXss/tst.js:85:32:85:55 | documen ... .search | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:86:22:86:28 | UNKNOWN | CalleeFlexibleAccessPath | $sce.trustAs | -| autogenerated/Xss/DomBasedXss/tst.js:86:22:86:28 | UNKNOWN | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:86:22:86:28 | UNKNOWN | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:86:22:86:28 | UNKNOWN | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:86:22:86:28 | UNKNOWN | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:86:22:86:28 | UNKNOWN | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:86:22:86:28 | UNKNOWN | contextSurroundingFunctionParameters | ($sce, $other) | -| autogenerated/Xss/DomBasedXss/tst.js:86:22:86:28 | UNKNOWN | enclosingFunctionBody | $sce $other $sce trustAsHtml document location search $sce trustAsCss document location search $sce trustAsUNKNOWN document location search $sce trustAs $sce HTML document location search $sce trustAs $sce CSS document location search $sce trustAs UNKNOWN document location search $other trustAsHtml document location search | -| autogenerated/Xss/DomBasedXss/tst.js:86:22:86:28 | UNKNOWN | enclosingFunctionName | service#functionalargument | -| autogenerated/Xss/DomBasedXss/tst.js:86:22:86:28 | UNKNOWN | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:86:22:86:28 | UNKNOWN | receiverName | $sce | -| autogenerated/Xss/DomBasedXss/tst.js:86:22:86:28 | UNKNOWN | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:86:31:86:54 | documen ... .search | CalleeFlexibleAccessPath | $sce.trustAs | -| autogenerated/Xss/DomBasedXss/tst.js:86:31:86:54 | documen ... .search | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:86:31:86:54 | documen ... .search | InputArgumentIndex | 1 | -| autogenerated/Xss/DomBasedXss/tst.js:86:31:86:54 | documen ... .search | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:86:31:86:54 | documen ... .search | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:86:31:86:54 | documen ... .search | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:86:31:86:54 | documen ... .search | contextSurroundingFunctionParameters | ($sce, $other) | -| autogenerated/Xss/DomBasedXss/tst.js:86:31:86:54 | documen ... .search | enclosingFunctionBody | $sce $other $sce trustAsHtml document location search $sce trustAsCss document location search $sce trustAsUNKNOWN document location search $sce trustAs $sce HTML document location search $sce trustAs $sce CSS document location search $sce trustAs UNKNOWN document location search $other trustAsHtml document location search | -| autogenerated/Xss/DomBasedXss/tst.js:86:31:86:54 | documen ... .search | enclosingFunctionName | service#functionalargument | -| autogenerated/Xss/DomBasedXss/tst.js:86:31:86:54 | documen ... .search | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:86:31:86:54 | documen ... .search | receiverName | $sce | -| autogenerated/Xss/DomBasedXss/tst.js:86:31:86:54 | documen ... .search | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:87:28:87:51 | documen ... .search | CalleeFlexibleAccessPath | $other.trustAsHtml | -| autogenerated/Xss/DomBasedXss/tst.js:87:28:87:51 | documen ... .search | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:87:28:87:51 | documen ... .search | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:87:28:87:51 | documen ... .search | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:87:28:87:51 | documen ... .search | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:87:28:87:51 | documen ... .search | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:87:28:87:51 | documen ... .search | contextSurroundingFunctionParameters | ($sce, $other) | -| autogenerated/Xss/DomBasedXss/tst.js:87:28:87:51 | documen ... .search | enclosingFunctionBody | $sce $other $sce trustAsHtml document location search $sce trustAsCss document location search $sce trustAsUNKNOWN document location search $sce trustAs $sce HTML document location search $sce trustAs $sce CSS document location search $sce trustAs UNKNOWN document location search $other trustAsHtml document location search | -| autogenerated/Xss/DomBasedXss/tst.js:87:28:87:51 | documen ... .search | enclosingFunctionName | service#functionalargument | -| autogenerated/Xss/DomBasedXss/tst.js:87:28:87:51 | documen ... .search | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:87:28:87:51 | documen ... .search | receiverName | $other | -| autogenerated/Xss/DomBasedXss/tst.js:87:28:87:51 | documen ... .search | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:89:14:89:25 | "myService2" | CalleeFlexibleAccessPath | angular.module().service().service | -| autogenerated/Xss/DomBasedXss/tst.js:89:14:89:25 | "myService2" | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:89:14:89:25 | "myService2" | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:89:14:89:25 | "myService2" | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:89:14:89:25 | "myService2" | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:89:14:89:25 | "myService2" | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:89:14:89:25 | "myService2" | contextSurroundingFunctionParameters | | -| autogenerated/Xss/DomBasedXss/tst.js:89:14:89:25 | "myService2" | enclosingFunctionBody | | -| autogenerated/Xss/DomBasedXss/tst.js:89:14:89:25 | "myService2" | enclosingFunctionName | | -| autogenerated/Xss/DomBasedXss/tst.js:89:14:89:25 | "myService2" | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:89:14:89:25 | "myService2" | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:89:14:89:25 | "myService2" | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:89:28:92:5 | functio ... K\\n } | CalleeFlexibleAccessPath | angular.module().service().service | -| autogenerated/Xss/DomBasedXss/tst.js:89:28:92:5 | functio ... K\\n } | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:89:28:92:5 | functio ... K\\n } | InputArgumentIndex | 1 | -| autogenerated/Xss/DomBasedXss/tst.js:89:28:92:5 | functio ... K\\n } | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:89:28:92:5 | functio ... K\\n } | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:89:28:92:5 | functio ... K\\n } | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:89:28:92:5 | functio ... K\\n } | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/tst.js:89:28:92:5 | functio ... K\\n } | enclosingFunctionBody | | -| autogenerated/Xss/DomBasedXss/tst.js:89:28:92:5 | functio ... K\\n } | enclosingFunctionName | | -| autogenerated/Xss/DomBasedXss/tst.js:89:28:92:5 | functio ... K\\n } | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:89:28:92:5 | functio ... K\\n } | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:89:28:92:5 | functio ... K\\n } | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:90:25:90:31 | '
    ' | CalleeFlexibleAccessPath | angular.element | -| autogenerated/Xss/DomBasedXss/tst.js:90:25:90:31 | '
    ' | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:90:25:90:31 | '
    ' | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:90:25:90:31 | '
    ' | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:90:25:90:31 | '
    ' | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:90:25:90:31 | '
    ' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:90:25:90:31 | '
    ' | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/tst.js:90:25:90:31 | '
    ' | enclosingFunctionBody | angular element
    html document location search angular element
    html SAFE | -| autogenerated/Xss/DomBasedXss/tst.js:90:25:90:31 | '
    ' | enclosingFunctionName | service#functionalargument | -| autogenerated/Xss/DomBasedXss/tst.js:90:25:90:31 | '
    ' | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:90:25:90:31 | '
    ' | receiverName | angular | -| autogenerated/Xss/DomBasedXss/tst.js:90:25:90:31 | '
    ' | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:90:39:90:62 | documen ... .search | CalleeFlexibleAccessPath | angular.element().html | -| autogenerated/Xss/DomBasedXss/tst.js:90:39:90:62 | documen ... .search | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:90:39:90:62 | documen ... .search | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:90:39:90:62 | documen ... .search | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:90:39:90:62 | documen ... .search | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:90:39:90:62 | documen ... .search | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:90:39:90:62 | documen ... .search | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/tst.js:90:39:90:62 | documen ... .search | enclosingFunctionBody | angular element
    html document location search angular element
    html SAFE | -| autogenerated/Xss/DomBasedXss/tst.js:90:39:90:62 | documen ... .search | enclosingFunctionName | service#functionalargument | -| autogenerated/Xss/DomBasedXss/tst.js:90:39:90:62 | documen ... .search | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:90:39:90:62 | documen ... .search | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:90:39:90:62 | documen ... .search | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:91:25:91:31 | '
    ' | CalleeFlexibleAccessPath | angular.element | -| autogenerated/Xss/DomBasedXss/tst.js:91:25:91:31 | '
    ' | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:91:25:91:31 | '
    ' | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:91:25:91:31 | '
    ' | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:91:25:91:31 | '
    ' | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:91:25:91:31 | '
    ' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:91:25:91:31 | '
    ' | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/tst.js:91:25:91:31 | '
    ' | enclosingFunctionBody | angular element
    html document location search angular element
    html SAFE | -| autogenerated/Xss/DomBasedXss/tst.js:91:25:91:31 | '
    ' | enclosingFunctionName | service#functionalargument | -| autogenerated/Xss/DomBasedXss/tst.js:91:25:91:31 | '
    ' | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:91:25:91:31 | '
    ' | receiverName | angular | -| autogenerated/Xss/DomBasedXss/tst.js:91:25:91:31 | '
    ' | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:91:39:91:44 | 'SAFE' | CalleeFlexibleAccessPath | angular.element().html | -| autogenerated/Xss/DomBasedXss/tst.js:91:39:91:44 | 'SAFE' | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:91:39:91:44 | 'SAFE' | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:91:39:91:44 | 'SAFE' | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:91:39:91:44 | 'SAFE' | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:91:39:91:44 | 'SAFE' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:91:39:91:44 | 'SAFE' | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/tst.js:91:39:91:44 | 'SAFE' | enclosingFunctionBody | angular element
    html document location search angular element
    html SAFE | -| autogenerated/Xss/DomBasedXss/tst.js:91:39:91:44 | 'SAFE' | enclosingFunctionName | service#functionalargument | -| autogenerated/Xss/DomBasedXss/tst.js:91:39:91:44 | 'SAFE' | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:91:39:91:44 | 'SAFE' | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:91:39:91:44 | 'SAFE' | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:93:16:93:27 | 'myCustomer' | CalleeFlexibleAccessPath | angular.module().service().service().directive | -| autogenerated/Xss/DomBasedXss/tst.js:93:16:93:27 | 'myCustomer' | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:93:16:93:27 | 'myCustomer' | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:93:16:93:27 | 'myCustomer' | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:93:16:93:27 | 'myCustomer' | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:93:16:93:27 | 'myCustomer' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:93:16:93:27 | 'myCustomer' | contextSurroundingFunctionParameters | | -| autogenerated/Xss/DomBasedXss/tst.js:93:16:93:27 | 'myCustomer' | enclosingFunctionBody | | -| autogenerated/Xss/DomBasedXss/tst.js:93:16:93:27 | 'myCustomer' | enclosingFunctionName | | -| autogenerated/Xss/DomBasedXss/tst.js:93:16:93:27 | 'myCustomer' | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:93:16:93:27 | 'myCustomer' | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:93:16:93:27 | 'myCustomer' | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:93:30:100:5 | functio ... ;\\n } | CalleeFlexibleAccessPath | angular.module().service().service().directive | -| autogenerated/Xss/DomBasedXss/tst.js:93:30:100:5 | functio ... ;\\n } | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:93:30:100:5 | functio ... ;\\n } | InputArgumentIndex | 1 | -| autogenerated/Xss/DomBasedXss/tst.js:93:30:100:5 | functio ... ;\\n } | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:93:30:100:5 | functio ... ;\\n } | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:93:30:100:5 | functio ... ;\\n } | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:93:30:100:5 | functio ... ;\\n } | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/tst.js:93:30:100:5 | functio ... ;\\n } | enclosingFunctionBody | | -| autogenerated/Xss/DomBasedXss/tst.js:93:30:100:5 | functio ... ;\\n } | enclosingFunctionName | | -| autogenerated/Xss/DomBasedXss/tst.js:93:30:100:5 | functio ... ;\\n } | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:93:30:100:5 | functio ... ;\\n } | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:93:30:100:5 | functio ... ;\\n } | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:96:30:96:53 | documen ... .search | CalleeFlexibleAccessPath | element.html | -| autogenerated/Xss/DomBasedXss/tst.js:96:30:96:53 | documen ... .search | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:96:30:96:53 | documen ... .search | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:96:30:96:53 | documen ... .search | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:96:30:96:53 | documen ... .search | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:96:30:96:53 | documen ... .search | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:96:30:96:53 | documen ... .search | contextSurroundingFunctionParameters | ()\n(scope, element) | -| autogenerated/Xss/DomBasedXss/tst.js:96:30:96:53 | documen ... .search | enclosingFunctionBody | link scope element element html document location search element html SAFE | -| autogenerated/Xss/DomBasedXss/tst.js:96:30:96:53 | documen ... .search | enclosingFunctionName | directive#functionalargument | -| autogenerated/Xss/DomBasedXss/tst.js:96:30:96:53 | documen ... .search | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:96:30:96:53 | documen ... .search | receiverName | element | -| autogenerated/Xss/DomBasedXss/tst.js:96:30:96:53 | documen ... .search | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:97:30:97:35 | 'SAFE' | CalleeFlexibleAccessPath | element.html | -| autogenerated/Xss/DomBasedXss/tst.js:97:30:97:35 | 'SAFE' | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:97:30:97:35 | 'SAFE' | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:97:30:97:35 | 'SAFE' | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:97:30:97:35 | 'SAFE' | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:97:30:97:35 | 'SAFE' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:97:30:97:35 | 'SAFE' | contextSurroundingFunctionParameters | ()\n(scope, element) | -| autogenerated/Xss/DomBasedXss/tst.js:97:30:97:35 | 'SAFE' | enclosingFunctionBody | link scope element element html document location search element html SAFE | -| autogenerated/Xss/DomBasedXss/tst.js:97:30:97:35 | 'SAFE' | enclosingFunctionName | directive#functionalargument | -| autogenerated/Xss/DomBasedXss/tst.js:97:30:97:35 | 'SAFE' | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:97:30:97:35 | 'SAFE' | receiverName | element | -| autogenerated/Xss/DomBasedXss/tst.js:97:30:97:35 | 'SAFE' | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:101:14:101:25 | "myService3" | CalleeFlexibleAccessPath | angular.module().service().service().directive().service | -| autogenerated/Xss/DomBasedXss/tst.js:101:14:101:25 | "myService3" | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:101:14:101:25 | "myService3" | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:101:14:101:25 | "myService3" | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:101:14:101:25 | "myService3" | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:101:14:101:25 | "myService3" | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:101:14:101:25 | "myService3" | contextSurroundingFunctionParameters | | -| autogenerated/Xss/DomBasedXss/tst.js:101:14:101:25 | "myService3" | enclosingFunctionBody | | -| autogenerated/Xss/DomBasedXss/tst.js:101:14:101:25 | "myService3" | enclosingFunctionName | | -| autogenerated/Xss/DomBasedXss/tst.js:101:14:101:25 | "myService3" | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:101:14:101:25 | "myService3" | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:101:14:101:25 | "myService3" | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:101:28:104:5 | functio ... K\\n } | CalleeFlexibleAccessPath | angular.module().service().service().directive().service | -| autogenerated/Xss/DomBasedXss/tst.js:101:28:104:5 | functio ... K\\n } | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:101:28:104:5 | functio ... K\\n } | InputArgumentIndex | 1 | -| autogenerated/Xss/DomBasedXss/tst.js:101:28:104:5 | functio ... K\\n } | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:101:28:104:5 | functio ... K\\n } | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:101:28:104:5 | functio ... K\\n } | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:101:28:104:5 | functio ... K\\n } | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/tst.js:101:28:104:5 | functio ... K\\n } | enclosingFunctionBody | | -| autogenerated/Xss/DomBasedXss/tst.js:101:28:104:5 | functio ... K\\n } | enclosingFunctionName | | -| autogenerated/Xss/DomBasedXss/tst.js:101:28:104:5 | functio ... K\\n } | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:101:28:104:5 | functio ... K\\n } | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:101:28:104:5 | functio ... K\\n } | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:102:25:102:48 | documen ... .search | CalleeFlexibleAccessPath | angular.element | -| autogenerated/Xss/DomBasedXss/tst.js:102:25:102:48 | documen ... .search | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:102:25:102:48 | documen ... .search | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:102:25:102:48 | documen ... .search | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:102:25:102:48 | documen ... .search | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:102:25:102:48 | documen ... .search | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:102:25:102:48 | documen ... .search | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/tst.js:102:25:102:48 | documen ... .search | enclosingFunctionBody | angular element document location search angular element SAFE | -| autogenerated/Xss/DomBasedXss/tst.js:102:25:102:48 | documen ... .search | enclosingFunctionName | service#functionalargument | -| autogenerated/Xss/DomBasedXss/tst.js:102:25:102:48 | documen ... .search | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:102:25:102:48 | documen ... .search | receiverName | angular | -| autogenerated/Xss/DomBasedXss/tst.js:102:25:102:48 | documen ... .search | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:103:25:103:30 | 'SAFE' | CalleeFlexibleAccessPath | angular.element | -| autogenerated/Xss/DomBasedXss/tst.js:103:25:103:30 | 'SAFE' | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:103:25:103:30 | 'SAFE' | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:103:25:103:30 | 'SAFE' | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:103:25:103:30 | 'SAFE' | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:103:25:103:30 | 'SAFE' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:103:25:103:30 | 'SAFE' | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/tst.js:103:25:103:30 | 'SAFE' | enclosingFunctionBody | angular element document location search angular element SAFE | -| autogenerated/Xss/DomBasedXss/tst.js:103:25:103:30 | 'SAFE' | enclosingFunctionName | service#functionalargument | -| autogenerated/Xss/DomBasedXss/tst.js:103:25:103:30 | 'SAFE' | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:103:25:103:30 | 'SAFE' | receiverName | angular | -| autogenerated/Xss/DomBasedXss/tst.js:103:25:103:30 | 'SAFE' | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:107:43:107:43 | 1 | CalleeFlexibleAccessPath | document.location.search.substr | -| autogenerated/Xss/DomBasedXss/tst.js:107:43:107:43 | 1 | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:107:43:107:43 | 1 | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:107:43:107:43 | 1 | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:107:43:107:43 | 1 | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:107:43:107:43 | 1 | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:107:43:107:43 | 1 | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/tst.js:107:43:107:43 | 1 | enclosingFunctionBody | v document location search substr 1 document write v /^\\d+$/ test v document write v m /^\\d+$/ exec v document write v v match /^\\d+$/ document write v v match ^\\d+$ document write v /\\d+/ test v document write v /^\\d+$/ test v document write v | -| autogenerated/Xss/DomBasedXss/tst.js:107:43:107:43 | 1 | enclosingFunctionName | tst | -| autogenerated/Xss/DomBasedXss/tst.js:107:43:107:43 | 1 | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:107:43:107:43 | 1 | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:107:43:107:43 | 1 | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:110:18:110:18 | v | CalleeFlexibleAccessPath | document.write | -| autogenerated/Xss/DomBasedXss/tst.js:110:18:110:18 | v | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:110:18:110:18 | v | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:110:18:110:18 | v | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:110:18:110:18 | v | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:110:18:110:18 | v | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:110:18:110:18 | v | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/tst.js:110:18:110:18 | v | enclosingFunctionBody | v document location search substr 1 document write v /^\\d+$/ test v document write v m /^\\d+$/ exec v document write v v match /^\\d+$/ document write v v match ^\\d+$ document write v /\\d+/ test v document write v /^\\d+$/ test v document write v | -| autogenerated/Xss/DomBasedXss/tst.js:110:18:110:18 | v | enclosingFunctionName | tst | -| autogenerated/Xss/DomBasedXss/tst.js:110:18:110:18 | v | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:110:18:110:18 | v | receiverName | document | -| autogenerated/Xss/DomBasedXss/tst.js:110:18:110:18 | v | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:112:20:112:20 | v | CalleeFlexibleAccessPath | ?.test | -| autogenerated/Xss/DomBasedXss/tst.js:112:20:112:20 | v | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:112:20:112:20 | v | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:112:20:112:20 | v | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:112:20:112:20 | v | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:112:20:112:20 | v | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:112:20:112:20 | v | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/tst.js:112:20:112:20 | v | enclosingFunctionBody | v document location search substr 1 document write v /^\\d+$/ test v document write v m /^\\d+$/ exec v document write v v match /^\\d+$/ document write v v match ^\\d+$ document write v /\\d+/ test v document write v /^\\d+$/ test v document write v | -| autogenerated/Xss/DomBasedXss/tst.js:112:20:112:20 | v | enclosingFunctionName | tst | -| autogenerated/Xss/DomBasedXss/tst.js:112:20:112:20 | v | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:112:20:112:20 | v | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:112:20:112:20 | v | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:114:20:114:20 | v | CalleeFlexibleAccessPath | document.write | -| autogenerated/Xss/DomBasedXss/tst.js:114:20:114:20 | v | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:114:20:114:20 | v | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:114:20:114:20 | v | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:114:20:114:20 | v | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:114:20:114:20 | v | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:114:20:114:20 | v | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/tst.js:114:20:114:20 | v | enclosingFunctionBody | v document location search substr 1 document write v /^\\d+$/ test v document write v m /^\\d+$/ exec v document write v v match /^\\d+$/ document write v v match ^\\d+$ document write v /\\d+/ test v document write v /^\\d+$/ test v document write v | -| autogenerated/Xss/DomBasedXss/tst.js:114:20:114:20 | v | enclosingFunctionName | tst | -| autogenerated/Xss/DomBasedXss/tst.js:114:20:114:20 | v | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:114:20:114:20 | v | receiverName | document | -| autogenerated/Xss/DomBasedXss/tst.js:114:20:114:20 | v | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:119:20:119:20 | v | CalleeFlexibleAccessPath | document.write | -| autogenerated/Xss/DomBasedXss/tst.js:119:20:119:20 | v | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:119:20:119:20 | v | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:119:20:119:20 | v | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:119:20:119:20 | v | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:119:20:119:20 | v | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:119:20:119:20 | v | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/tst.js:119:20:119:20 | v | enclosingFunctionBody | v document location search substr 1 document write v /^\\d+$/ test v document write v m /^\\d+$/ exec v document write v v match /^\\d+$/ document write v v match ^\\d+$ document write v /\\d+/ test v document write v /^\\d+$/ test v document write v | -| autogenerated/Xss/DomBasedXss/tst.js:119:20:119:20 | v | enclosingFunctionName | tst | -| autogenerated/Xss/DomBasedXss/tst.js:119:20:119:20 | v | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:119:20:119:20 | v | receiverName | document | -| autogenerated/Xss/DomBasedXss/tst.js:119:20:119:20 | v | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:122:15:122:21 | /^\\d+$/ | CalleeFlexibleAccessPath | v.match | -| autogenerated/Xss/DomBasedXss/tst.js:122:15:122:21 | /^\\d+$/ | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:122:15:122:21 | /^\\d+$/ | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:122:15:122:21 | /^\\d+$/ | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:122:15:122:21 | /^\\d+$/ | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:122:15:122:21 | /^\\d+$/ | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:122:15:122:21 | /^\\d+$/ | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/tst.js:122:15:122:21 | /^\\d+$/ | enclosingFunctionBody | v document location search substr 1 document write v /^\\d+$/ test v document write v m /^\\d+$/ exec v document write v v match /^\\d+$/ document write v v match ^\\d+$ document write v /\\d+/ test v document write v /^\\d+$/ test v document write v | -| autogenerated/Xss/DomBasedXss/tst.js:122:15:122:21 | /^\\d+$/ | enclosingFunctionName | tst | -| autogenerated/Xss/DomBasedXss/tst.js:122:15:122:21 | /^\\d+$/ | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:122:15:122:21 | /^\\d+$/ | receiverName | v | -| autogenerated/Xss/DomBasedXss/tst.js:122:15:122:21 | /^\\d+$/ | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:124:22:124:22 | v | CalleeFlexibleAccessPath | document.write | -| autogenerated/Xss/DomBasedXss/tst.js:124:22:124:22 | v | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:124:22:124:22 | v | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:124:22:124:22 | v | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:124:22:124:22 | v | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:124:22:124:22 | v | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:124:22:124:22 | v | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/tst.js:124:22:124:22 | v | enclosingFunctionBody | v document location search substr 1 document write v /^\\d+$/ test v document write v m /^\\d+$/ exec v document write v v match /^\\d+$/ document write v v match ^\\d+$ document write v /\\d+/ test v document write v /^\\d+$/ test v document write v | -| autogenerated/Xss/DomBasedXss/tst.js:124:22:124:22 | v | enclosingFunctionName | tst | -| autogenerated/Xss/DomBasedXss/tst.js:124:22:124:22 | v | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:124:22:124:22 | v | receiverName | document | -| autogenerated/Xss/DomBasedXss/tst.js:124:22:124:22 | v | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:127:15:127:22 | "^\\\\d+$" | CalleeFlexibleAccessPath | v.match | -| autogenerated/Xss/DomBasedXss/tst.js:127:15:127:22 | "^\\\\d+$" | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:127:15:127:22 | "^\\\\d+$" | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:127:15:127:22 | "^\\\\d+$" | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:127:15:127:22 | "^\\\\d+$" | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:127:15:127:22 | "^\\\\d+$" | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:127:15:127:22 | "^\\\\d+$" | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/tst.js:127:15:127:22 | "^\\\\d+$" | enclosingFunctionBody | v document location search substr 1 document write v /^\\d+$/ test v document write v m /^\\d+$/ exec v document write v v match /^\\d+$/ document write v v match ^\\d+$ document write v /\\d+/ test v document write v /^\\d+$/ test v document write v | -| autogenerated/Xss/DomBasedXss/tst.js:127:15:127:22 | "^\\\\d+$" | enclosingFunctionName | tst | -| autogenerated/Xss/DomBasedXss/tst.js:127:15:127:22 | "^\\\\d+$" | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:127:15:127:22 | "^\\\\d+$" | receiverName | v | -| autogenerated/Xss/DomBasedXss/tst.js:127:15:127:22 | "^\\\\d+$" | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:129:22:129:22 | v | CalleeFlexibleAccessPath | document.write | -| autogenerated/Xss/DomBasedXss/tst.js:129:22:129:22 | v | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:129:22:129:22 | v | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:129:22:129:22 | v | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:129:22:129:22 | v | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:129:22:129:22 | v | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:129:22:129:22 | v | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/tst.js:129:22:129:22 | v | enclosingFunctionBody | v document location search substr 1 document write v /^\\d+$/ test v document write v m /^\\d+$/ exec v document write v v match /^\\d+$/ document write v v match ^\\d+$ document write v /\\d+/ test v document write v /^\\d+$/ test v document write v | -| autogenerated/Xss/DomBasedXss/tst.js:129:22:129:22 | v | enclosingFunctionName | tst | -| autogenerated/Xss/DomBasedXss/tst.js:129:22:129:22 | v | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:129:22:129:22 | v | receiverName | document | -| autogenerated/Xss/DomBasedXss/tst.js:129:22:129:22 | v | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:132:20:132:20 | v | CalleeFlexibleAccessPath | ?.test | -| autogenerated/Xss/DomBasedXss/tst.js:132:20:132:20 | v | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:132:20:132:20 | v | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:132:20:132:20 | v | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:132:20:132:20 | v | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:132:20:132:20 | v | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:132:20:132:20 | v | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/tst.js:132:20:132:20 | v | enclosingFunctionBody | v document location search substr 1 document write v /^\\d+$/ test v document write v m /^\\d+$/ exec v document write v v match /^\\d+$/ document write v v match ^\\d+$ document write v /\\d+/ test v document write v /^\\d+$/ test v document write v | -| autogenerated/Xss/DomBasedXss/tst.js:132:20:132:20 | v | enclosingFunctionName | tst | -| autogenerated/Xss/DomBasedXss/tst.js:132:20:132:20 | v | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:132:20:132:20 | v | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:132:20:132:20 | v | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:136:18:136:18 | v | CalleeFlexibleAccessPath | document.write | -| autogenerated/Xss/DomBasedXss/tst.js:136:18:136:18 | v | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:136:18:136:18 | v | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:136:18:136:18 | v | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:136:18:136:18 | v | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:136:18:136:18 | v | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:136:18:136:18 | v | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/tst.js:136:18:136:18 | v | enclosingFunctionBody | v document location search substr 1 document write v /^\\d+$/ test v document write v m /^\\d+$/ exec v document write v v match /^\\d+$/ document write v v match ^\\d+$ document write v /\\d+/ test v document write v /^\\d+$/ test v document write v | -| autogenerated/Xss/DomBasedXss/tst.js:136:18:136:18 | v | enclosingFunctionName | tst | -| autogenerated/Xss/DomBasedXss/tst.js:136:18:136:18 | v | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:136:18:136:18 | v | receiverName | document | -| autogenerated/Xss/DomBasedXss/tst.js:136:18:136:18 | v | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:138:22:138:22 | v | CalleeFlexibleAccessPath | ?.test | -| autogenerated/Xss/DomBasedXss/tst.js:138:22:138:22 | v | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:138:22:138:22 | v | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:138:22:138:22 | v | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:138:22:138:22 | v | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:138:22:138:22 | v | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:138:22:138:22 | v | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/tst.js:138:22:138:22 | v | enclosingFunctionBody | v document location search substr 1 document write v /^\\d+$/ test v document write v m /^\\d+$/ exec v document write v v match /^\\d+$/ document write v v match ^\\d+$ document write v /\\d+/ test v document write v /^\\d+$/ test v document write v | -| autogenerated/Xss/DomBasedXss/tst.js:138:22:138:22 | v | enclosingFunctionName | tst | -| autogenerated/Xss/DomBasedXss/tst.js:138:22:138:22 | v | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:138:22:138:22 | v | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:138:22:138:22 | v | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:142:18:142:18 | v | CalleeFlexibleAccessPath | document.write | -| autogenerated/Xss/DomBasedXss/tst.js:142:18:142:18 | v | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:142:18:142:18 | v | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:142:18:142:18 | v | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:142:18:142:18 | v | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:142:18:142:18 | v | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:142:18:142:18 | v | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/tst.js:142:18:142:18 | v | enclosingFunctionBody | v document location search substr 1 document write v /^\\d+$/ test v document write v m /^\\d+$/ exec v document write v v match /^\\d+$/ document write v v match ^\\d+$ document write v /\\d+/ test v document write v /^\\d+$/ test v document write v | -| autogenerated/Xss/DomBasedXss/tst.js:142:18:142:18 | v | enclosingFunctionName | tst | -| autogenerated/Xss/DomBasedXss/tst.js:142:18:142:18 | v | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:142:18:142:18 | v | receiverName | document | -| autogenerated/Xss/DomBasedXss/tst.js:142:18:142:18 | v | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:146:20:146:26 | 'myApp' | CalleeFlexibleAccessPath | angular.module | -| autogenerated/Xss/DomBasedXss/tst.js:146:20:146:26 | 'myApp' | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:146:20:146:26 | 'myApp' | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:146:20:146:26 | 'myApp' | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:146:20:146:26 | 'myApp' | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:146:20:146:26 | 'myApp' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:146:20:146:26 | 'myApp' | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/tst.js:146:20:146:26 | 'myApp' | enclosingFunctionBody | angular module myApp factory xssSource_to_service xssSinkService1 xssSinkService1 xssSinkService1 window location search factory xssSinkService1 v $
    html v factory xssSource_from_service xssSourceService xssSourceService $
    html xssSourceService factory xssSourceService window location search factory innocentSource_to_service xssSinkService2 xssSinkService2 xssSinkService2 innocent factory xssSinkService2 v $
    html v factory innocentSource_from_service innocentSourceService innocentSourceService $
    html innocentSourceService factory innocentSourceService innocent | -| autogenerated/Xss/DomBasedXss/tst.js:146:20:146:26 | 'myApp' | enclosingFunctionName | angularJSServices | -| autogenerated/Xss/DomBasedXss/tst.js:146:20:146:26 | 'myApp' | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:146:20:146:26 | 'myApp' | receiverName | angular | -| autogenerated/Xss/DomBasedXss/tst.js:146:20:146:26 | 'myApp' | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:146:29:146:30 | [] | CalleeFlexibleAccessPath | angular.module | -| autogenerated/Xss/DomBasedXss/tst.js:146:29:146:30 | [] | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:146:29:146:30 | [] | InputArgumentIndex | 1 | -| autogenerated/Xss/DomBasedXss/tst.js:146:29:146:30 | [] | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:146:29:146:30 | [] | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:146:29:146:30 | [] | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:146:29:146:30 | [] | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/tst.js:146:29:146:30 | [] | enclosingFunctionBody | angular module myApp factory xssSource_to_service xssSinkService1 xssSinkService1 xssSinkService1 window location search factory xssSinkService1 v $
    html v factory xssSource_from_service xssSourceService xssSourceService $
    html xssSourceService factory xssSourceService window location search factory innocentSource_to_service xssSinkService2 xssSinkService2 xssSinkService2 innocent factory xssSinkService2 v $
    html v factory innocentSource_from_service innocentSourceService innocentSourceService $
    html innocentSourceService factory innocentSourceService innocent | -| autogenerated/Xss/DomBasedXss/tst.js:146:29:146:30 | [] | enclosingFunctionName | angularJSServices | -| autogenerated/Xss/DomBasedXss/tst.js:146:29:146:30 | [] | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:146:29:146:30 | [] | receiverName | angular | -| autogenerated/Xss/DomBasedXss/tst.js:146:29:146:30 | [] | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:147:18:147:39 | "xssSou ... ervice" | CalleeFlexibleAccessPath | angular.module().factory | -| autogenerated/Xss/DomBasedXss/tst.js:147:18:147:39 | "xssSou ... ervice" | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:147:18:147:39 | "xssSou ... ervice" | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:147:18:147:39 | "xssSou ... ervice" | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:147:18:147:39 | "xssSou ... ervice" | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:147:18:147:39 | "xssSou ... ervice" | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:147:18:147:39 | "xssSou ... ervice" | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/tst.js:147:18:147:39 | "xssSou ... ervice" | enclosingFunctionBody | angular module myApp factory xssSource_to_service xssSinkService1 xssSinkService1 xssSinkService1 window location search factory xssSinkService1 v $
    html v factory xssSource_from_service xssSourceService xssSourceService $
    html xssSourceService factory xssSourceService window location search factory innocentSource_to_service xssSinkService2 xssSinkService2 xssSinkService2 innocent factory xssSinkService2 v $
    html v factory innocentSource_from_service innocentSourceService innocentSourceService $
    html innocentSourceService factory innocentSourceService innocent | -| autogenerated/Xss/DomBasedXss/tst.js:147:18:147:39 | "xssSou ... ervice" | enclosingFunctionName | angularJSServices | -| autogenerated/Xss/DomBasedXss/tst.js:147:18:147:39 | "xssSou ... ervice" | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:147:18:147:39 | "xssSou ... ervice" | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:147:18:147:39 | "xssSou ... ervice" | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:147:42:149:10 | ["xssSi ... }] | CalleeFlexibleAccessPath | angular.module().factory | -| autogenerated/Xss/DomBasedXss/tst.js:147:42:149:10 | ["xssSi ... }] | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:147:42:149:10 | ["xssSi ... }] | InputArgumentIndex | 1 | -| autogenerated/Xss/DomBasedXss/tst.js:147:42:149:10 | ["xssSi ... }] | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:147:42:149:10 | ["xssSi ... }] | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:147:42:149:10 | ["xssSi ... }] | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:147:42:149:10 | ["xssSi ... }] | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/tst.js:147:42:149:10 | ["xssSi ... }] | enclosingFunctionBody | angular module myApp factory xssSource_to_service xssSinkService1 xssSinkService1 xssSinkService1 window location search factory xssSinkService1 v $
    html v factory xssSource_from_service xssSourceService xssSourceService $
    html xssSourceService factory xssSourceService window location search factory innocentSource_to_service xssSinkService2 xssSinkService2 xssSinkService2 innocent factory xssSinkService2 v $
    html v factory innocentSource_from_service innocentSourceService innocentSourceService $
    html innocentSourceService factory innocentSourceService innocent | -| autogenerated/Xss/DomBasedXss/tst.js:147:42:149:10 | ["xssSi ... }] | enclosingFunctionName | angularJSServices | -| autogenerated/Xss/DomBasedXss/tst.js:147:42:149:10 | ["xssSi ... }] | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:147:42:149:10 | ["xssSi ... }] | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:147:42:149:10 | ["xssSi ... }] | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:147:43:147:59 | "xssSinkService1" | CalleeFlexibleAccessPath | | -| autogenerated/Xss/DomBasedXss/tst.js:147:43:147:59 | "xssSinkService1" | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:147:43:147:59 | "xssSinkService1" | InputArgumentIndex | | -| autogenerated/Xss/DomBasedXss/tst.js:147:43:147:59 | "xssSinkService1" | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:147:43:147:59 | "xssSinkService1" | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:147:43:147:59 | "xssSinkService1" | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:147:43:147:59 | "xssSinkService1" | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/tst.js:147:43:147:59 | "xssSinkService1" | enclosingFunctionBody | angular module myApp factory xssSource_to_service xssSinkService1 xssSinkService1 xssSinkService1 window location search factory xssSinkService1 v $
    html v factory xssSource_from_service xssSourceService xssSourceService $
    html xssSourceService factory xssSourceService window location search factory innocentSource_to_service xssSinkService2 xssSinkService2 xssSinkService2 innocent factory xssSinkService2 v $
    html v factory innocentSource_from_service innocentSourceService innocentSourceService $
    html innocentSourceService factory innocentSourceService innocent | -| autogenerated/Xss/DomBasedXss/tst.js:147:43:147:59 | "xssSinkService1" | enclosingFunctionName | angularJSServices | -| autogenerated/Xss/DomBasedXss/tst.js:147:43:147:59 | "xssSinkService1" | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:147:43:147:59 | "xssSinkService1" | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:147:43:147:59 | "xssSinkService1" | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:147:62:149:9 | functio ... } | CalleeFlexibleAccessPath | | -| autogenerated/Xss/DomBasedXss/tst.js:147:62:149:9 | functio ... } | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:147:62:149:9 | functio ... } | InputArgumentIndex | | -| autogenerated/Xss/DomBasedXss/tst.js:147:62:149:9 | functio ... } | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:147:62:149:9 | functio ... } | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:147:62:149:9 | functio ... } | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:147:62:149:9 | functio ... } | contextSurroundingFunctionParameters | ()\n(xssSinkService1) | -| autogenerated/Xss/DomBasedXss/tst.js:147:62:149:9 | functio ... } | enclosingFunctionBody | angular module myApp factory xssSource_to_service xssSinkService1 xssSinkService1 xssSinkService1 window location search factory xssSinkService1 v $
    html v factory xssSource_from_service xssSourceService xssSourceService $
    html xssSourceService factory xssSourceService window location search factory innocentSource_to_service xssSinkService2 xssSinkService2 xssSinkService2 innocent factory xssSinkService2 v $
    html v factory innocentSource_from_service innocentSourceService innocentSourceService $
    html innocentSourceService factory innocentSourceService innocent | -| autogenerated/Xss/DomBasedXss/tst.js:147:62:149:9 | functio ... } | enclosingFunctionName | angularJSServices | -| autogenerated/Xss/DomBasedXss/tst.js:147:62:149:9 | functio ... } | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:147:62:149:9 | functio ... } | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:147:62:149:9 | functio ... } | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:150:18:150:34 | "xssSinkService1" | CalleeFlexibleAccessPath | angular.module().factory().factory | -| autogenerated/Xss/DomBasedXss/tst.js:150:18:150:34 | "xssSinkService1" | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:150:18:150:34 | "xssSinkService1" | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:150:18:150:34 | "xssSinkService1" | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:150:18:150:34 | "xssSinkService1" | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:150:18:150:34 | "xssSinkService1" | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:150:18:150:34 | "xssSinkService1" | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/tst.js:150:18:150:34 | "xssSinkService1" | enclosingFunctionBody | angular module myApp factory xssSource_to_service xssSinkService1 xssSinkService1 xssSinkService1 window location search factory xssSinkService1 v $
    html v factory xssSource_from_service xssSourceService xssSourceService $
    html xssSourceService factory xssSourceService window location search factory innocentSource_to_service xssSinkService2 xssSinkService2 xssSinkService2 innocent factory xssSinkService2 v $
    html v factory innocentSource_from_service innocentSourceService innocentSourceService $
    html innocentSourceService factory innocentSourceService innocent | -| autogenerated/Xss/DomBasedXss/tst.js:150:18:150:34 | "xssSinkService1" | enclosingFunctionName | angularJSServices | -| autogenerated/Xss/DomBasedXss/tst.js:150:18:150:34 | "xssSinkService1" | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:150:18:150:34 | "xssSinkService1" | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:150:18:150:34 | "xssSinkService1" | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:150:37:152:9 | functio ... } | CalleeFlexibleAccessPath | angular.module().factory().factory | -| autogenerated/Xss/DomBasedXss/tst.js:150:37:152:9 | functio ... } | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:150:37:152:9 | functio ... } | InputArgumentIndex | 1 | -| autogenerated/Xss/DomBasedXss/tst.js:150:37:152:9 | functio ... } | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:150:37:152:9 | functio ... } | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:150:37:152:9 | functio ... } | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:150:37:152:9 | functio ... } | contextSurroundingFunctionParameters | ()\n() | -| autogenerated/Xss/DomBasedXss/tst.js:150:37:152:9 | functio ... } | enclosingFunctionBody | angular module myApp factory xssSource_to_service xssSinkService1 xssSinkService1 xssSinkService1 window location search factory xssSinkService1 v $
    html v factory xssSource_from_service xssSourceService xssSourceService $
    html xssSourceService factory xssSourceService window location search factory innocentSource_to_service xssSinkService2 xssSinkService2 xssSinkService2 innocent factory xssSinkService2 v $
    html v factory innocentSource_from_service innocentSourceService innocentSourceService $
    html innocentSourceService factory innocentSourceService innocent | -| autogenerated/Xss/DomBasedXss/tst.js:150:37:152:9 | functio ... } | enclosingFunctionName | angularJSServices | -| autogenerated/Xss/DomBasedXss/tst.js:150:37:152:9 | functio ... } | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:150:37:152:9 | functio ... } | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:150:37:152:9 | functio ... } | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:151:35:151:41 | "
    " | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/DomBasedXss/tst.js:151:35:151:41 | "
    " | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:151:35:151:41 | "
    " | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:151:35:151:41 | "
    " | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:151:35:151:41 | "
    " | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:151:35:151:41 | "
    " | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:151:35:151:41 | "
    " | contextSurroundingFunctionParameters | ()\n()\n(v) | -| autogenerated/Xss/DomBasedXss/tst.js:151:35:151:41 | "
    " | enclosingFunctionBody | angular module myApp factory xssSource_to_service xssSinkService1 xssSinkService1 xssSinkService1 window location search factory xssSinkService1 v $
    html v factory xssSource_from_service xssSourceService xssSourceService $
    html xssSourceService factory xssSourceService window location search factory innocentSource_to_service xssSinkService2 xssSinkService2 xssSinkService2 innocent factory xssSinkService2 v $
    html v factory innocentSource_from_service innocentSourceService innocentSourceService $
    html innocentSourceService factory innocentSourceService innocent | -| autogenerated/Xss/DomBasedXss/tst.js:151:35:151:41 | "
    " | enclosingFunctionName | angularJSServices | -| autogenerated/Xss/DomBasedXss/tst.js:151:35:151:41 | "
    " | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:151:35:151:41 | "
    " | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:151:35:151:41 | "
    " | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:151:49:151:49 | v | CalleeFlexibleAccessPath | $().html | -| autogenerated/Xss/DomBasedXss/tst.js:151:49:151:49 | v | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:151:49:151:49 | v | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:151:49:151:49 | v | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:151:49:151:49 | v | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:151:49:151:49 | v | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:151:49:151:49 | v | contextSurroundingFunctionParameters | ()\n()\n(v) | -| autogenerated/Xss/DomBasedXss/tst.js:151:49:151:49 | v | enclosingFunctionBody | angular module myApp factory xssSource_to_service xssSinkService1 xssSinkService1 xssSinkService1 window location search factory xssSinkService1 v $
    html v factory xssSource_from_service xssSourceService xssSourceService $
    html xssSourceService factory xssSourceService window location search factory innocentSource_to_service xssSinkService2 xssSinkService2 xssSinkService2 innocent factory xssSinkService2 v $
    html v factory innocentSource_from_service innocentSourceService innocentSourceService $
    html innocentSourceService factory innocentSourceService innocent | -| autogenerated/Xss/DomBasedXss/tst.js:151:49:151:49 | v | enclosingFunctionName | angularJSServices | -| autogenerated/Xss/DomBasedXss/tst.js:151:49:151:49 | v | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:151:49:151:49 | v | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:151:49:151:49 | v | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:154:18:154:41 | "xssSou ... ervice" | CalleeFlexibleAccessPath | angular.module().factory().factory().factory | -| autogenerated/Xss/DomBasedXss/tst.js:154:18:154:41 | "xssSou ... ervice" | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:154:18:154:41 | "xssSou ... ervice" | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:154:18:154:41 | "xssSou ... ervice" | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:154:18:154:41 | "xssSou ... ervice" | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:154:18:154:41 | "xssSou ... ervice" | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:154:18:154:41 | "xssSou ... ervice" | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/tst.js:154:18:154:41 | "xssSou ... ervice" | enclosingFunctionBody | angular module myApp factory xssSource_to_service xssSinkService1 xssSinkService1 xssSinkService1 window location search factory xssSinkService1 v $
    html v factory xssSource_from_service xssSourceService xssSourceService $
    html xssSourceService factory xssSourceService window location search factory innocentSource_to_service xssSinkService2 xssSinkService2 xssSinkService2 innocent factory xssSinkService2 v $
    html v factory innocentSource_from_service innocentSourceService innocentSourceService $
    html innocentSourceService factory innocentSourceService innocent | -| autogenerated/Xss/DomBasedXss/tst.js:154:18:154:41 | "xssSou ... ervice" | enclosingFunctionName | angularJSServices | -| autogenerated/Xss/DomBasedXss/tst.js:154:18:154:41 | "xssSou ... ervice" | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:154:18:154:41 | "xssSou ... ervice" | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:154:18:154:41 | "xssSou ... ervice" | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:154:44:156:10 | ["xssSo ... }] | CalleeFlexibleAccessPath | angular.module().factory().factory().factory | -| autogenerated/Xss/DomBasedXss/tst.js:154:44:156:10 | ["xssSo ... }] | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:154:44:156:10 | ["xssSo ... }] | InputArgumentIndex | 1 | -| autogenerated/Xss/DomBasedXss/tst.js:154:44:156:10 | ["xssSo ... }] | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:154:44:156:10 | ["xssSo ... }] | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:154:44:156:10 | ["xssSo ... }] | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:154:44:156:10 | ["xssSo ... }] | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/tst.js:154:44:156:10 | ["xssSo ... }] | enclosingFunctionBody | angular module myApp factory xssSource_to_service xssSinkService1 xssSinkService1 xssSinkService1 window location search factory xssSinkService1 v $
    html v factory xssSource_from_service xssSourceService xssSourceService $
    html xssSourceService factory xssSourceService window location search factory innocentSource_to_service xssSinkService2 xssSinkService2 xssSinkService2 innocent factory xssSinkService2 v $
    html v factory innocentSource_from_service innocentSourceService innocentSourceService $
    html innocentSourceService factory innocentSourceService innocent | -| autogenerated/Xss/DomBasedXss/tst.js:154:44:156:10 | ["xssSo ... }] | enclosingFunctionName | angularJSServices | -| autogenerated/Xss/DomBasedXss/tst.js:154:44:156:10 | ["xssSo ... }] | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:154:44:156:10 | ["xssSo ... }] | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:154:44:156:10 | ["xssSo ... }] | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:154:45:154:62 | "xssSourceService" | CalleeFlexibleAccessPath | | -| autogenerated/Xss/DomBasedXss/tst.js:154:45:154:62 | "xssSourceService" | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:154:45:154:62 | "xssSourceService" | InputArgumentIndex | | -| autogenerated/Xss/DomBasedXss/tst.js:154:45:154:62 | "xssSourceService" | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:154:45:154:62 | "xssSourceService" | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:154:45:154:62 | "xssSourceService" | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:154:45:154:62 | "xssSourceService" | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/tst.js:154:45:154:62 | "xssSourceService" | enclosingFunctionBody | angular module myApp factory xssSource_to_service xssSinkService1 xssSinkService1 xssSinkService1 window location search factory xssSinkService1 v $
    html v factory xssSource_from_service xssSourceService xssSourceService $
    html xssSourceService factory xssSourceService window location search factory innocentSource_to_service xssSinkService2 xssSinkService2 xssSinkService2 innocent factory xssSinkService2 v $
    html v factory innocentSource_from_service innocentSourceService innocentSourceService $
    html innocentSourceService factory innocentSourceService innocent | -| autogenerated/Xss/DomBasedXss/tst.js:154:45:154:62 | "xssSourceService" | enclosingFunctionName | angularJSServices | -| autogenerated/Xss/DomBasedXss/tst.js:154:45:154:62 | "xssSourceService" | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:154:45:154:62 | "xssSourceService" | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:154:45:154:62 | "xssSourceService" | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:154:65:156:9 | functio ... } | CalleeFlexibleAccessPath | | -| autogenerated/Xss/DomBasedXss/tst.js:154:65:156:9 | functio ... } | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:154:65:156:9 | functio ... } | InputArgumentIndex | | -| autogenerated/Xss/DomBasedXss/tst.js:154:65:156:9 | functio ... } | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:154:65:156:9 | functio ... } | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:154:65:156:9 | functio ... } | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:154:65:156:9 | functio ... } | contextSurroundingFunctionParameters | ()\n(xssSourceService) | -| autogenerated/Xss/DomBasedXss/tst.js:154:65:156:9 | functio ... } | enclosingFunctionBody | angular module myApp factory xssSource_to_service xssSinkService1 xssSinkService1 xssSinkService1 window location search factory xssSinkService1 v $
    html v factory xssSource_from_service xssSourceService xssSourceService $
    html xssSourceService factory xssSourceService window location search factory innocentSource_to_service xssSinkService2 xssSinkService2 xssSinkService2 innocent factory xssSinkService2 v $
    html v factory innocentSource_from_service innocentSourceService innocentSourceService $
    html innocentSourceService factory innocentSourceService innocent | -| autogenerated/Xss/DomBasedXss/tst.js:154:65:156:9 | functio ... } | enclosingFunctionName | angularJSServices | -| autogenerated/Xss/DomBasedXss/tst.js:154:65:156:9 | functio ... } | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:154:65:156:9 | functio ... } | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:154:65:156:9 | functio ... } | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:155:15:155:21 | "
    " | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/DomBasedXss/tst.js:155:15:155:21 | "
    " | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:155:15:155:21 | "
    " | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:155:15:155:21 | "
    " | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:155:15:155:21 | "
    " | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:155:15:155:21 | "
    " | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:155:15:155:21 | "
    " | contextSurroundingFunctionParameters | ()\n(xssSourceService) | -| autogenerated/Xss/DomBasedXss/tst.js:155:15:155:21 | "
    " | enclosingFunctionBody | angular module myApp factory xssSource_to_service xssSinkService1 xssSinkService1 xssSinkService1 window location search factory xssSinkService1 v $
    html v factory xssSource_from_service xssSourceService xssSourceService $
    html xssSourceService factory xssSourceService window location search factory innocentSource_to_service xssSinkService2 xssSinkService2 xssSinkService2 innocent factory xssSinkService2 v $
    html v factory innocentSource_from_service innocentSourceService innocentSourceService $
    html innocentSourceService factory innocentSourceService innocent | -| autogenerated/Xss/DomBasedXss/tst.js:155:15:155:21 | "
    " | enclosingFunctionName | angularJSServices | -| autogenerated/Xss/DomBasedXss/tst.js:155:15:155:21 | "
    " | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:155:15:155:21 | "
    " | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:155:15:155:21 | "
    " | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:155:29:155:46 | xssSourceService() | CalleeFlexibleAccessPath | $().html | -| autogenerated/Xss/DomBasedXss/tst.js:155:29:155:46 | xssSourceService() | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:155:29:155:46 | xssSourceService() | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:155:29:155:46 | xssSourceService() | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:155:29:155:46 | xssSourceService() | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:155:29:155:46 | xssSourceService() | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:155:29:155:46 | xssSourceService() | contextSurroundingFunctionParameters | ()\n(xssSourceService) | -| autogenerated/Xss/DomBasedXss/tst.js:155:29:155:46 | xssSourceService() | enclosingFunctionBody | angular module myApp factory xssSource_to_service xssSinkService1 xssSinkService1 xssSinkService1 window location search factory xssSinkService1 v $
    html v factory xssSource_from_service xssSourceService xssSourceService $
    html xssSourceService factory xssSourceService window location search factory innocentSource_to_service xssSinkService2 xssSinkService2 xssSinkService2 innocent factory xssSinkService2 v $
    html v factory innocentSource_from_service innocentSourceService innocentSourceService $
    html innocentSourceService factory innocentSourceService innocent | -| autogenerated/Xss/DomBasedXss/tst.js:155:29:155:46 | xssSourceService() | enclosingFunctionName | angularJSServices | -| autogenerated/Xss/DomBasedXss/tst.js:155:29:155:46 | xssSourceService() | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:155:29:155:46 | xssSourceService() | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:155:29:155:46 | xssSourceService() | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:157:18:157:35 | "xssSourceService" | CalleeFlexibleAccessPath | angular.module().factory().factory().factory().factory | -| autogenerated/Xss/DomBasedXss/tst.js:157:18:157:35 | "xssSourceService" | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:157:18:157:35 | "xssSourceService" | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:157:18:157:35 | "xssSourceService" | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:157:18:157:35 | "xssSourceService" | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:157:18:157:35 | "xssSourceService" | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:157:18:157:35 | "xssSourceService" | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/tst.js:157:18:157:35 | "xssSourceService" | enclosingFunctionBody | angular module myApp factory xssSource_to_service xssSinkService1 xssSinkService1 xssSinkService1 window location search factory xssSinkService1 v $
    html v factory xssSource_from_service xssSourceService xssSourceService $
    html xssSourceService factory xssSourceService window location search factory innocentSource_to_service xssSinkService2 xssSinkService2 xssSinkService2 innocent factory xssSinkService2 v $
    html v factory innocentSource_from_service innocentSourceService innocentSourceService $
    html innocentSourceService factory innocentSourceService innocent | -| autogenerated/Xss/DomBasedXss/tst.js:157:18:157:35 | "xssSourceService" | enclosingFunctionName | angularJSServices | -| autogenerated/Xss/DomBasedXss/tst.js:157:18:157:35 | "xssSourceService" | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:157:18:157:35 | "xssSourceService" | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:157:18:157:35 | "xssSourceService" | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:157:38:159:9 | functio ... } | CalleeFlexibleAccessPath | angular.module().factory().factory().factory().factory | -| autogenerated/Xss/DomBasedXss/tst.js:157:38:159:9 | functio ... } | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:157:38:159:9 | functio ... } | InputArgumentIndex | 1 | -| autogenerated/Xss/DomBasedXss/tst.js:157:38:159:9 | functio ... } | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:157:38:159:9 | functio ... } | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:157:38:159:9 | functio ... } | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:157:38:159:9 | functio ... } | contextSurroundingFunctionParameters | ()\n() | -| autogenerated/Xss/DomBasedXss/tst.js:157:38:159:9 | functio ... } | enclosingFunctionBody | angular module myApp factory xssSource_to_service xssSinkService1 xssSinkService1 xssSinkService1 window location search factory xssSinkService1 v $
    html v factory xssSource_from_service xssSourceService xssSourceService $
    html xssSourceService factory xssSourceService window location search factory innocentSource_to_service xssSinkService2 xssSinkService2 xssSinkService2 innocent factory xssSinkService2 v $
    html v factory innocentSource_from_service innocentSourceService innocentSourceService $
    html innocentSourceService factory innocentSourceService innocent | -| autogenerated/Xss/DomBasedXss/tst.js:157:38:159:9 | functio ... } | enclosingFunctionName | angularJSServices | -| autogenerated/Xss/DomBasedXss/tst.js:157:38:159:9 | functio ... } | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:157:38:159:9 | functio ... } | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:157:38:159:9 | functio ... } | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:161:18:161:44 | "innoce ... ervice" | CalleeFlexibleAccessPath | angular.module().factory().factory().factory().factory().factory | -| autogenerated/Xss/DomBasedXss/tst.js:161:18:161:44 | "innoce ... ervice" | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:161:18:161:44 | "innoce ... ervice" | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:161:18:161:44 | "innoce ... ervice" | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:161:18:161:44 | "innoce ... ervice" | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:161:18:161:44 | "innoce ... ervice" | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:161:18:161:44 | "innoce ... ervice" | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/tst.js:161:18:161:44 | "innoce ... ervice" | enclosingFunctionBody | angular module myApp factory xssSource_to_service xssSinkService1 xssSinkService1 xssSinkService1 window location search factory xssSinkService1 v $
    html v factory xssSource_from_service xssSourceService xssSourceService $
    html xssSourceService factory xssSourceService window location search factory innocentSource_to_service xssSinkService2 xssSinkService2 xssSinkService2 innocent factory xssSinkService2 v $
    html v factory innocentSource_from_service innocentSourceService innocentSourceService $
    html innocentSourceService factory innocentSourceService innocent | -| autogenerated/Xss/DomBasedXss/tst.js:161:18:161:44 | "innoce ... ervice" | enclosingFunctionName | angularJSServices | -| autogenerated/Xss/DomBasedXss/tst.js:161:18:161:44 | "innoce ... ervice" | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:161:18:161:44 | "innoce ... ervice" | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:161:18:161:44 | "innoce ... ervice" | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:161:47:163:10 | ["xssSi ... }] | CalleeFlexibleAccessPath | angular.module().factory().factory().factory().factory().factory | -| autogenerated/Xss/DomBasedXss/tst.js:161:47:163:10 | ["xssSi ... }] | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:161:47:163:10 | ["xssSi ... }] | InputArgumentIndex | 1 | -| autogenerated/Xss/DomBasedXss/tst.js:161:47:163:10 | ["xssSi ... }] | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:161:47:163:10 | ["xssSi ... }] | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:161:47:163:10 | ["xssSi ... }] | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:161:47:163:10 | ["xssSi ... }] | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/tst.js:161:47:163:10 | ["xssSi ... }] | enclosingFunctionBody | angular module myApp factory xssSource_to_service xssSinkService1 xssSinkService1 xssSinkService1 window location search factory xssSinkService1 v $
    html v factory xssSource_from_service xssSourceService xssSourceService $
    html xssSourceService factory xssSourceService window location search factory innocentSource_to_service xssSinkService2 xssSinkService2 xssSinkService2 innocent factory xssSinkService2 v $
    html v factory innocentSource_from_service innocentSourceService innocentSourceService $
    html innocentSourceService factory innocentSourceService innocent | -| autogenerated/Xss/DomBasedXss/tst.js:161:47:163:10 | ["xssSi ... }] | enclosingFunctionName | angularJSServices | -| autogenerated/Xss/DomBasedXss/tst.js:161:47:163:10 | ["xssSi ... }] | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:161:47:163:10 | ["xssSi ... }] | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:161:47:163:10 | ["xssSi ... }] | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:161:48:161:64 | "xssSinkService2" | CalleeFlexibleAccessPath | | -| autogenerated/Xss/DomBasedXss/tst.js:161:48:161:64 | "xssSinkService2" | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:161:48:161:64 | "xssSinkService2" | InputArgumentIndex | | -| autogenerated/Xss/DomBasedXss/tst.js:161:48:161:64 | "xssSinkService2" | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:161:48:161:64 | "xssSinkService2" | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:161:48:161:64 | "xssSinkService2" | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:161:48:161:64 | "xssSinkService2" | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/tst.js:161:48:161:64 | "xssSinkService2" | enclosingFunctionBody | angular module myApp factory xssSource_to_service xssSinkService1 xssSinkService1 xssSinkService1 window location search factory xssSinkService1 v $
    html v factory xssSource_from_service xssSourceService xssSourceService $
    html xssSourceService factory xssSourceService window location search factory innocentSource_to_service xssSinkService2 xssSinkService2 xssSinkService2 innocent factory xssSinkService2 v $
    html v factory innocentSource_from_service innocentSourceService innocentSourceService $
    html innocentSourceService factory innocentSourceService innocent | -| autogenerated/Xss/DomBasedXss/tst.js:161:48:161:64 | "xssSinkService2" | enclosingFunctionName | angularJSServices | -| autogenerated/Xss/DomBasedXss/tst.js:161:48:161:64 | "xssSinkService2" | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:161:48:161:64 | "xssSinkService2" | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:161:48:161:64 | "xssSinkService2" | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:161:67:163:9 | functio ... } | CalleeFlexibleAccessPath | | -| autogenerated/Xss/DomBasedXss/tst.js:161:67:163:9 | functio ... } | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:161:67:163:9 | functio ... } | InputArgumentIndex | | -| autogenerated/Xss/DomBasedXss/tst.js:161:67:163:9 | functio ... } | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:161:67:163:9 | functio ... } | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:161:67:163:9 | functio ... } | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:161:67:163:9 | functio ... } | contextSurroundingFunctionParameters | ()\n(xssSinkService2) | -| autogenerated/Xss/DomBasedXss/tst.js:161:67:163:9 | functio ... } | enclosingFunctionBody | angular module myApp factory xssSource_to_service xssSinkService1 xssSinkService1 xssSinkService1 window location search factory xssSinkService1 v $
    html v factory xssSource_from_service xssSourceService xssSourceService $
    html xssSourceService factory xssSourceService window location search factory innocentSource_to_service xssSinkService2 xssSinkService2 xssSinkService2 innocent factory xssSinkService2 v $
    html v factory innocentSource_from_service innocentSourceService innocentSourceService $
    html innocentSourceService factory innocentSourceService innocent | -| autogenerated/Xss/DomBasedXss/tst.js:161:67:163:9 | functio ... } | enclosingFunctionName | angularJSServices | -| autogenerated/Xss/DomBasedXss/tst.js:161:67:163:9 | functio ... } | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:161:67:163:9 | functio ... } | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:161:67:163:9 | functio ... } | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:164:18:164:34 | "xssSinkService2" | CalleeFlexibleAccessPath | angular.module().factory().factory().factory().factory().factory().factory | -| autogenerated/Xss/DomBasedXss/tst.js:164:18:164:34 | "xssSinkService2" | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:164:18:164:34 | "xssSinkService2" | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:164:18:164:34 | "xssSinkService2" | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:164:18:164:34 | "xssSinkService2" | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:164:18:164:34 | "xssSinkService2" | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:164:18:164:34 | "xssSinkService2" | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/tst.js:164:18:164:34 | "xssSinkService2" | enclosingFunctionBody | angular module myApp factory xssSource_to_service xssSinkService1 xssSinkService1 xssSinkService1 window location search factory xssSinkService1 v $
    html v factory xssSource_from_service xssSourceService xssSourceService $
    html xssSourceService factory xssSourceService window location search factory innocentSource_to_service xssSinkService2 xssSinkService2 xssSinkService2 innocent factory xssSinkService2 v $
    html v factory innocentSource_from_service innocentSourceService innocentSourceService $
    html innocentSourceService factory innocentSourceService innocent | -| autogenerated/Xss/DomBasedXss/tst.js:164:18:164:34 | "xssSinkService2" | enclosingFunctionName | angularJSServices | -| autogenerated/Xss/DomBasedXss/tst.js:164:18:164:34 | "xssSinkService2" | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:164:18:164:34 | "xssSinkService2" | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:164:18:164:34 | "xssSinkService2" | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:164:37:166:9 | functio ... } | CalleeFlexibleAccessPath | angular.module().factory().factory().factory().factory().factory().factory | -| autogenerated/Xss/DomBasedXss/tst.js:164:37:166:9 | functio ... } | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:164:37:166:9 | functio ... } | InputArgumentIndex | 1 | -| autogenerated/Xss/DomBasedXss/tst.js:164:37:166:9 | functio ... } | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:164:37:166:9 | functio ... } | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:164:37:166:9 | functio ... } | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:164:37:166:9 | functio ... } | contextSurroundingFunctionParameters | ()\n() | -| autogenerated/Xss/DomBasedXss/tst.js:164:37:166:9 | functio ... } | enclosingFunctionBody | angular module myApp factory xssSource_to_service xssSinkService1 xssSinkService1 xssSinkService1 window location search factory xssSinkService1 v $
    html v factory xssSource_from_service xssSourceService xssSourceService $
    html xssSourceService factory xssSourceService window location search factory innocentSource_to_service xssSinkService2 xssSinkService2 xssSinkService2 innocent factory xssSinkService2 v $
    html v factory innocentSource_from_service innocentSourceService innocentSourceService $
    html innocentSourceService factory innocentSourceService innocent | -| autogenerated/Xss/DomBasedXss/tst.js:164:37:166:9 | functio ... } | enclosingFunctionName | angularJSServices | -| autogenerated/Xss/DomBasedXss/tst.js:164:37:166:9 | functio ... } | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:164:37:166:9 | functio ... } | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:164:37:166:9 | functio ... } | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:165:35:165:41 | "
    " | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/DomBasedXss/tst.js:165:35:165:41 | "
    " | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:165:35:165:41 | "
    " | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:165:35:165:41 | "
    " | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:165:35:165:41 | "
    " | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:165:35:165:41 | "
    " | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:165:35:165:41 | "
    " | contextSurroundingFunctionParameters | ()\n()\n(v) | -| autogenerated/Xss/DomBasedXss/tst.js:165:35:165:41 | "
    " | enclosingFunctionBody | angular module myApp factory xssSource_to_service xssSinkService1 xssSinkService1 xssSinkService1 window location search factory xssSinkService1 v $
    html v factory xssSource_from_service xssSourceService xssSourceService $
    html xssSourceService factory xssSourceService window location search factory innocentSource_to_service xssSinkService2 xssSinkService2 xssSinkService2 innocent factory xssSinkService2 v $
    html v factory innocentSource_from_service innocentSourceService innocentSourceService $
    html innocentSourceService factory innocentSourceService innocent | -| autogenerated/Xss/DomBasedXss/tst.js:165:35:165:41 | "
    " | enclosingFunctionName | angularJSServices | -| autogenerated/Xss/DomBasedXss/tst.js:165:35:165:41 | "
    " | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:165:35:165:41 | "
    " | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:165:35:165:41 | "
    " | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:165:49:165:49 | v | CalleeFlexibleAccessPath | $().html | -| autogenerated/Xss/DomBasedXss/tst.js:165:49:165:49 | v | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:165:49:165:49 | v | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:165:49:165:49 | v | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:165:49:165:49 | v | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:165:49:165:49 | v | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:165:49:165:49 | v | contextSurroundingFunctionParameters | ()\n()\n(v) | -| autogenerated/Xss/DomBasedXss/tst.js:165:49:165:49 | v | enclosingFunctionBody | angular module myApp factory xssSource_to_service xssSinkService1 xssSinkService1 xssSinkService1 window location search factory xssSinkService1 v $
    html v factory xssSource_from_service xssSourceService xssSourceService $
    html xssSourceService factory xssSourceService window location search factory innocentSource_to_service xssSinkService2 xssSinkService2 xssSinkService2 innocent factory xssSinkService2 v $
    html v factory innocentSource_from_service innocentSourceService innocentSourceService $
    html innocentSourceService factory innocentSourceService innocent | -| autogenerated/Xss/DomBasedXss/tst.js:165:49:165:49 | v | enclosingFunctionName | angularJSServices | -| autogenerated/Xss/DomBasedXss/tst.js:165:49:165:49 | v | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:165:49:165:49 | v | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:165:49:165:49 | v | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:168:18:168:46 | "innoce ... ervice" | CalleeFlexibleAccessPath | angular.module().factory().factory().factory().factory().factory().factory().factory | -| autogenerated/Xss/DomBasedXss/tst.js:168:18:168:46 | "innoce ... ervice" | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:168:18:168:46 | "innoce ... ervice" | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:168:18:168:46 | "innoce ... ervice" | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:168:18:168:46 | "innoce ... ervice" | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:168:18:168:46 | "innoce ... ervice" | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:168:18:168:46 | "innoce ... ervice" | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/tst.js:168:18:168:46 | "innoce ... ervice" | enclosingFunctionBody | angular module myApp factory xssSource_to_service xssSinkService1 xssSinkService1 xssSinkService1 window location search factory xssSinkService1 v $
    html v factory xssSource_from_service xssSourceService xssSourceService $
    html xssSourceService factory xssSourceService window location search factory innocentSource_to_service xssSinkService2 xssSinkService2 xssSinkService2 innocent factory xssSinkService2 v $
    html v factory innocentSource_from_service innocentSourceService innocentSourceService $
    html innocentSourceService factory innocentSourceService innocent | -| autogenerated/Xss/DomBasedXss/tst.js:168:18:168:46 | "innoce ... ervice" | enclosingFunctionName | angularJSServices | -| autogenerated/Xss/DomBasedXss/tst.js:168:18:168:46 | "innoce ... ervice" | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:168:18:168:46 | "innoce ... ervice" | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:168:18:168:46 | "innoce ... ervice" | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:168:49:170:10 | ["innoc ... }] | CalleeFlexibleAccessPath | angular.module().factory().factory().factory().factory().factory().factory().factory | -| autogenerated/Xss/DomBasedXss/tst.js:168:49:170:10 | ["innoc ... }] | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:168:49:170:10 | ["innoc ... }] | InputArgumentIndex | 1 | -| autogenerated/Xss/DomBasedXss/tst.js:168:49:170:10 | ["innoc ... }] | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:168:49:170:10 | ["innoc ... }] | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:168:49:170:10 | ["innoc ... }] | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:168:49:170:10 | ["innoc ... }] | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/tst.js:168:49:170:10 | ["innoc ... }] | enclosingFunctionBody | angular module myApp factory xssSource_to_service xssSinkService1 xssSinkService1 xssSinkService1 window location search factory xssSinkService1 v $
    html v factory xssSource_from_service xssSourceService xssSourceService $
    html xssSourceService factory xssSourceService window location search factory innocentSource_to_service xssSinkService2 xssSinkService2 xssSinkService2 innocent factory xssSinkService2 v $
    html v factory innocentSource_from_service innocentSourceService innocentSourceService $
    html innocentSourceService factory innocentSourceService innocent | -| autogenerated/Xss/DomBasedXss/tst.js:168:49:170:10 | ["innoc ... }] | enclosingFunctionName | angularJSServices | -| autogenerated/Xss/DomBasedXss/tst.js:168:49:170:10 | ["innoc ... }] | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:168:49:170:10 | ["innoc ... }] | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:168:49:170:10 | ["innoc ... }] | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:168:50:168:72 | "innoce ... ervice" | CalleeFlexibleAccessPath | | -| autogenerated/Xss/DomBasedXss/tst.js:168:50:168:72 | "innoce ... ervice" | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:168:50:168:72 | "innoce ... ervice" | InputArgumentIndex | | -| autogenerated/Xss/DomBasedXss/tst.js:168:50:168:72 | "innoce ... ervice" | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:168:50:168:72 | "innoce ... ervice" | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:168:50:168:72 | "innoce ... ervice" | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:168:50:168:72 | "innoce ... ervice" | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/tst.js:168:50:168:72 | "innoce ... ervice" | enclosingFunctionBody | angular module myApp factory xssSource_to_service xssSinkService1 xssSinkService1 xssSinkService1 window location search factory xssSinkService1 v $
    html v factory xssSource_from_service xssSourceService xssSourceService $
    html xssSourceService factory xssSourceService window location search factory innocentSource_to_service xssSinkService2 xssSinkService2 xssSinkService2 innocent factory xssSinkService2 v $
    html v factory innocentSource_from_service innocentSourceService innocentSourceService $
    html innocentSourceService factory innocentSourceService innocent | -| autogenerated/Xss/DomBasedXss/tst.js:168:50:168:72 | "innoce ... ervice" | enclosingFunctionName | angularJSServices | -| autogenerated/Xss/DomBasedXss/tst.js:168:50:168:72 | "innoce ... ervice" | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:168:50:168:72 | "innoce ... ervice" | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:168:50:168:72 | "innoce ... ervice" | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:168:75:170:9 | functio ... } | CalleeFlexibleAccessPath | | -| autogenerated/Xss/DomBasedXss/tst.js:168:75:170:9 | functio ... } | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:168:75:170:9 | functio ... } | InputArgumentIndex | | -| autogenerated/Xss/DomBasedXss/tst.js:168:75:170:9 | functio ... } | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:168:75:170:9 | functio ... } | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:168:75:170:9 | functio ... } | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:168:75:170:9 | functio ... } | contextSurroundingFunctionParameters | ()\n(innocentSourceService) | -| autogenerated/Xss/DomBasedXss/tst.js:168:75:170:9 | functio ... } | enclosingFunctionBody | angular module myApp factory xssSource_to_service xssSinkService1 xssSinkService1 xssSinkService1 window location search factory xssSinkService1 v $
    html v factory xssSource_from_service xssSourceService xssSourceService $
    html xssSourceService factory xssSourceService window location search factory innocentSource_to_service xssSinkService2 xssSinkService2 xssSinkService2 innocent factory xssSinkService2 v $
    html v factory innocentSource_from_service innocentSourceService innocentSourceService $
    html innocentSourceService factory innocentSourceService innocent | -| autogenerated/Xss/DomBasedXss/tst.js:168:75:170:9 | functio ... } | enclosingFunctionName | angularJSServices | -| autogenerated/Xss/DomBasedXss/tst.js:168:75:170:9 | functio ... } | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:168:75:170:9 | functio ... } | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:168:75:170:9 | functio ... } | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:169:15:169:21 | "
    " | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/DomBasedXss/tst.js:169:15:169:21 | "
    " | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:169:15:169:21 | "
    " | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:169:15:169:21 | "
    " | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:169:15:169:21 | "
    " | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:169:15:169:21 | "
    " | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:169:15:169:21 | "
    " | contextSurroundingFunctionParameters | ()\n(innocentSourceService) | -| autogenerated/Xss/DomBasedXss/tst.js:169:15:169:21 | "
    " | enclosingFunctionBody | angular module myApp factory xssSource_to_service xssSinkService1 xssSinkService1 xssSinkService1 window location search factory xssSinkService1 v $
    html v factory xssSource_from_service xssSourceService xssSourceService $
    html xssSourceService factory xssSourceService window location search factory innocentSource_to_service xssSinkService2 xssSinkService2 xssSinkService2 innocent factory xssSinkService2 v $
    html v factory innocentSource_from_service innocentSourceService innocentSourceService $
    html innocentSourceService factory innocentSourceService innocent | -| autogenerated/Xss/DomBasedXss/tst.js:169:15:169:21 | "
    " | enclosingFunctionName | angularJSServices | -| autogenerated/Xss/DomBasedXss/tst.js:169:15:169:21 | "
    " | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:169:15:169:21 | "
    " | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:169:15:169:21 | "
    " | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:169:29:169:51 | innocen ... rvice() | CalleeFlexibleAccessPath | $().html | -| autogenerated/Xss/DomBasedXss/tst.js:169:29:169:51 | innocen ... rvice() | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:169:29:169:51 | innocen ... rvice() | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:169:29:169:51 | innocen ... rvice() | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:169:29:169:51 | innocen ... rvice() | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:169:29:169:51 | innocen ... rvice() | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:169:29:169:51 | innocen ... rvice() | contextSurroundingFunctionParameters | ()\n(innocentSourceService) | -| autogenerated/Xss/DomBasedXss/tst.js:169:29:169:51 | innocen ... rvice() | enclosingFunctionBody | angular module myApp factory xssSource_to_service xssSinkService1 xssSinkService1 xssSinkService1 window location search factory xssSinkService1 v $
    html v factory xssSource_from_service xssSourceService xssSourceService $
    html xssSourceService factory xssSourceService window location search factory innocentSource_to_service xssSinkService2 xssSinkService2 xssSinkService2 innocent factory xssSinkService2 v $
    html v factory innocentSource_from_service innocentSourceService innocentSourceService $
    html innocentSourceService factory innocentSourceService innocent | -| autogenerated/Xss/DomBasedXss/tst.js:169:29:169:51 | innocen ... rvice() | enclosingFunctionName | angularJSServices | -| autogenerated/Xss/DomBasedXss/tst.js:169:29:169:51 | innocen ... rvice() | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:169:29:169:51 | innocen ... rvice() | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:169:29:169:51 | innocen ... rvice() | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:171:18:171:40 | "innoce ... ervice" | CalleeFlexibleAccessPath | angular.module().factory().factory().factory().factory().factory().factory().factory().factory | -| autogenerated/Xss/DomBasedXss/tst.js:171:18:171:40 | "innoce ... ervice" | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:171:18:171:40 | "innoce ... ervice" | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:171:18:171:40 | "innoce ... ervice" | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:171:18:171:40 | "innoce ... ervice" | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:171:18:171:40 | "innoce ... ervice" | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:171:18:171:40 | "innoce ... ervice" | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/tst.js:171:18:171:40 | "innoce ... ervice" | enclosingFunctionBody | angular module myApp factory xssSource_to_service xssSinkService1 xssSinkService1 xssSinkService1 window location search factory xssSinkService1 v $
    html v factory xssSource_from_service xssSourceService xssSourceService $
    html xssSourceService factory xssSourceService window location search factory innocentSource_to_service xssSinkService2 xssSinkService2 xssSinkService2 innocent factory xssSinkService2 v $
    html v factory innocentSource_from_service innocentSourceService innocentSourceService $
    html innocentSourceService factory innocentSourceService innocent | -| autogenerated/Xss/DomBasedXss/tst.js:171:18:171:40 | "innoce ... ervice" | enclosingFunctionName | angularJSServices | -| autogenerated/Xss/DomBasedXss/tst.js:171:18:171:40 | "innoce ... ervice" | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:171:18:171:40 | "innoce ... ervice" | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:171:18:171:40 | "innoce ... ervice" | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:171:43:173:9 | functio ... } | CalleeFlexibleAccessPath | angular.module().factory().factory().factory().factory().factory().factory().factory().factory | -| autogenerated/Xss/DomBasedXss/tst.js:171:43:173:9 | functio ... } | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:171:43:173:9 | functio ... } | InputArgumentIndex | 1 | -| autogenerated/Xss/DomBasedXss/tst.js:171:43:173:9 | functio ... } | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:171:43:173:9 | functio ... } | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:171:43:173:9 | functio ... } | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:171:43:173:9 | functio ... } | contextSurroundingFunctionParameters | ()\n() | -| autogenerated/Xss/DomBasedXss/tst.js:171:43:173:9 | functio ... } | enclosingFunctionBody | angular module myApp factory xssSource_to_service xssSinkService1 xssSinkService1 xssSinkService1 window location search factory xssSinkService1 v $
    html v factory xssSource_from_service xssSourceService xssSourceService $
    html xssSourceService factory xssSourceService window location search factory innocentSource_to_service xssSinkService2 xssSinkService2 xssSinkService2 innocent factory xssSinkService2 v $
    html v factory innocentSource_from_service innocentSourceService innocentSourceService $
    html innocentSourceService factory innocentSourceService innocent | -| autogenerated/Xss/DomBasedXss/tst.js:171:43:173:9 | functio ... } | enclosingFunctionName | angularJSServices | -| autogenerated/Xss/DomBasedXss/tst.js:171:43:173:9 | functio ... } | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:171:43:173:9 | functio ... } | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:171:43:173:9 | functio ... } | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:180:28:180:33 | target | CalleeFlexibleAccessPath | parser.parseFromString | -| autogenerated/Xss/DomBasedXss/tst.js:180:28:180:33 | target | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:180:28:180:33 | target | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:180:28:180:33 | target | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:180:28:180:33 | target | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:180:28:180:33 | target | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:180:28:180:33 | target | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/tst.js:180:28:180:33 | target | enclosingFunctionBody | target document location search parser DOMParser parser parseFromString target application/xml | -| autogenerated/Xss/DomBasedXss/tst.js:180:28:180:33 | target | enclosingFunctionName | testDOMParser | -| autogenerated/Xss/DomBasedXss/tst.js:180:28:180:33 | target | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:180:28:180:33 | target | receiverName | parser | -| autogenerated/Xss/DomBasedXss/tst.js:180:28:180:33 | target | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:186:31:186:37 | tainted | CalleeFlexibleAccessPath | | -| autogenerated/Xss/DomBasedXss/tst.js:186:31:186:37 | tainted | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:186:31:186:37 | tainted | InputArgumentIndex | | -| autogenerated/Xss/DomBasedXss/tst.js:186:31:186:37 | tainted | assignedToPropName | innerHTML | -| autogenerated/Xss/DomBasedXss/tst.js:186:31:186:37 | tainted | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:186:31:186:37 | tainted | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:186:31:186:37 | tainted | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/tst.js:186:31:186:37 | tainted | enclosingFunctionBody | tainted document location search document body innerHTML tainted document createElement innerHTML tainted createElement innerHTML tainted document 0 getElementsByClassName 0 innerHTML tainted getElementsByClassName 0 0 innerHTML tainted getElementsByClassName item innerHTML tainted | -| autogenerated/Xss/DomBasedXss/tst.js:186:31:186:37 | tainted | enclosingFunctionName | references | -| autogenerated/Xss/DomBasedXss/tst.js:186:31:186:37 | tainted | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:186:31:186:37 | tainted | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:186:31:186:37 | tainted | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:188:42:188:48 | tainted | CalleeFlexibleAccessPath | | -| autogenerated/Xss/DomBasedXss/tst.js:188:42:188:48 | tainted | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:188:42:188:48 | tainted | InputArgumentIndex | | -| autogenerated/Xss/DomBasedXss/tst.js:188:42:188:48 | tainted | assignedToPropName | innerHTML | -| autogenerated/Xss/DomBasedXss/tst.js:188:42:188:48 | tainted | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:188:42:188:48 | tainted | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:188:42:188:48 | tainted | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/tst.js:188:42:188:48 | tainted | enclosingFunctionBody | tainted document location search document body innerHTML tainted document createElement innerHTML tainted createElement innerHTML tainted document 0 getElementsByClassName 0 innerHTML tainted getElementsByClassName 0 0 innerHTML tainted getElementsByClassName item innerHTML tainted | -| autogenerated/Xss/DomBasedXss/tst.js:188:42:188:48 | tainted | enclosingFunctionName | references | -| autogenerated/Xss/DomBasedXss/tst.js:188:42:188:48 | tainted | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:188:42:188:48 | tainted | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:188:42:188:48 | tainted | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:189:33:189:39 | tainted | CalleeFlexibleAccessPath | | -| autogenerated/Xss/DomBasedXss/tst.js:189:33:189:39 | tainted | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:189:33:189:39 | tainted | InputArgumentIndex | | -| autogenerated/Xss/DomBasedXss/tst.js:189:33:189:39 | tainted | assignedToPropName | innerHTML | -| autogenerated/Xss/DomBasedXss/tst.js:189:33:189:39 | tainted | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:189:33:189:39 | tainted | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:189:33:189:39 | tainted | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/tst.js:189:33:189:39 | tainted | enclosingFunctionBody | tainted document location search document body innerHTML tainted document createElement innerHTML tainted createElement innerHTML tainted document 0 getElementsByClassName 0 innerHTML tainted getElementsByClassName 0 0 innerHTML tainted getElementsByClassName item innerHTML tainted | -| autogenerated/Xss/DomBasedXss/tst.js:189:33:189:39 | tainted | enclosingFunctionName | references | -| autogenerated/Xss/DomBasedXss/tst.js:189:33:189:39 | tainted | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:189:33:189:39 | tainted | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:189:33:189:39 | tainted | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:191:54:191:60 | tainted | CalleeFlexibleAccessPath | | -| autogenerated/Xss/DomBasedXss/tst.js:191:54:191:60 | tainted | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:191:54:191:60 | tainted | InputArgumentIndex | | -| autogenerated/Xss/DomBasedXss/tst.js:191:54:191:60 | tainted | assignedToPropName | innerHTML | -| autogenerated/Xss/DomBasedXss/tst.js:191:54:191:60 | tainted | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:191:54:191:60 | tainted | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:191:54:191:60 | tainted | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/tst.js:191:54:191:60 | tainted | enclosingFunctionBody | tainted document location search document body innerHTML tainted document createElement innerHTML tainted createElement innerHTML tainted document 0 getElementsByClassName 0 innerHTML tainted getElementsByClassName 0 0 innerHTML tainted getElementsByClassName item innerHTML tainted | -| autogenerated/Xss/DomBasedXss/tst.js:191:54:191:60 | tainted | enclosingFunctionName | references | -| autogenerated/Xss/DomBasedXss/tst.js:191:54:191:60 | tainted | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:191:54:191:60 | tainted | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:191:54:191:60 | tainted | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:192:45:192:51 | tainted | CalleeFlexibleAccessPath | | -| autogenerated/Xss/DomBasedXss/tst.js:192:45:192:51 | tainted | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:192:45:192:51 | tainted | InputArgumentIndex | | -| autogenerated/Xss/DomBasedXss/tst.js:192:45:192:51 | tainted | assignedToPropName | innerHTML | -| autogenerated/Xss/DomBasedXss/tst.js:192:45:192:51 | tainted | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:192:45:192:51 | tainted | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:192:45:192:51 | tainted | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/tst.js:192:45:192:51 | tainted | enclosingFunctionBody | tainted document location search document body innerHTML tainted document createElement innerHTML tainted createElement innerHTML tainted document 0 getElementsByClassName 0 innerHTML tainted getElementsByClassName 0 0 innerHTML tainted getElementsByClassName item innerHTML tainted | -| autogenerated/Xss/DomBasedXss/tst.js:192:45:192:51 | tainted | enclosingFunctionName | references | -| autogenerated/Xss/DomBasedXss/tst.js:192:45:192:51 | tainted | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:192:45:192:51 | tainted | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:192:45:192:51 | tainted | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:193:49:193:55 | tainted | CalleeFlexibleAccessPath | | -| autogenerated/Xss/DomBasedXss/tst.js:193:49:193:55 | tainted | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:193:49:193:55 | tainted | InputArgumentIndex | | -| autogenerated/Xss/DomBasedXss/tst.js:193:49:193:55 | tainted | assignedToPropName | innerHTML | -| autogenerated/Xss/DomBasedXss/tst.js:193:49:193:55 | tainted | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:193:49:193:55 | tainted | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:193:49:193:55 | tainted | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/tst.js:193:49:193:55 | tainted | enclosingFunctionBody | tainted document location search document body innerHTML tainted document createElement innerHTML tainted createElement innerHTML tainted document 0 getElementsByClassName 0 innerHTML tainted getElementsByClassName 0 0 innerHTML tainted getElementsByClassName item innerHTML tainted | -| autogenerated/Xss/DomBasedXss/tst.js:193:49:193:55 | tainted | enclosingFunctionName | references | -| autogenerated/Xss/DomBasedXss/tst.js:193:49:193:55 | tainted | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:193:49:193:55 | tainted | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:193:49:193:55 | tainted | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:199:25:199:29 | "div" | CalleeFlexibleAccessPath | React.createElement | -| autogenerated/Xss/DomBasedXss/tst.js:199:25:199:29 | "div" | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:199:25:199:29 | "div" | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:199:25:199:29 | "div" | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:199:25:199:29 | "div" | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:199:25:199:29 | "div" | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:199:25:199:29 | "div" | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/tst.js:199:25:199:29 | "div" | enclosingFunctionBody | tainted document location search React createElement div dangerouslySetInnerHTML __html tainted React createFactory div dangerouslySetInnerHTML __html tainted C1 React Component constructor state tainted1 tainted state notTainted dbLookup setState tainted2 tainted state tainted3 tainted state tainted4 tainted test $ myId html state tainted1 $ myId html state tainted2 $ myId html state tainted3 $ myId html state notTainted setState prevState $ myId html prevState tainted4 C2 React Component args constructor test $ myId html props tainted1 $ myId html props tainted2 $ myId html props tainted3 $ myId html props notTainted setState prevState prevProps $ myId html prevProps tainted4 C2 defaultProps tainted1 tainted C2 tainted2 tainted C2 tainted3 tainted C2 tainted4 tainted C3 React Component constructor props props state stateTainted props propTainted render span dangerouslySetInnerHTML __html state stateTainted C3 propTainted tainted | -| autogenerated/Xss/DomBasedXss/tst.js:199:25:199:29 | "div" | enclosingFunctionName | react | -| autogenerated/Xss/DomBasedXss/tst.js:199:25:199:29 | "div" | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:199:25:199:29 | "div" | receiverName | React | -| autogenerated/Xss/DomBasedXss/tst.js:199:25:199:29 | "div" | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:199:32:199:75 | {danger ... inted}} | CalleeFlexibleAccessPath | React.createElement | -| autogenerated/Xss/DomBasedXss/tst.js:199:32:199:75 | {danger ... inted}} | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:199:32:199:75 | {danger ... inted}} | InputArgumentIndex | 1 | -| autogenerated/Xss/DomBasedXss/tst.js:199:32:199:75 | {danger ... inted}} | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:199:32:199:75 | {danger ... inted}} | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:199:32:199:75 | {danger ... inted}} | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:199:32:199:75 | {danger ... inted}} | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/tst.js:199:32:199:75 | {danger ... inted}} | enclosingFunctionBody | tainted document location search React createElement div dangerouslySetInnerHTML __html tainted React createFactory div dangerouslySetInnerHTML __html tainted C1 React Component constructor state tainted1 tainted state notTainted dbLookup setState tainted2 tainted state tainted3 tainted state tainted4 tainted test $ myId html state tainted1 $ myId html state tainted2 $ myId html state tainted3 $ myId html state notTainted setState prevState $ myId html prevState tainted4 C2 React Component args constructor test $ myId html props tainted1 $ myId html props tainted2 $ myId html props tainted3 $ myId html props notTainted setState prevState prevProps $ myId html prevProps tainted4 C2 defaultProps tainted1 tainted C2 tainted2 tainted C2 tainted3 tainted C2 tainted4 tainted C3 React Component constructor props props state stateTainted props propTainted render span dangerouslySetInnerHTML __html state stateTainted C3 propTainted tainted | -| autogenerated/Xss/DomBasedXss/tst.js:199:32:199:75 | {danger ... inted}} | enclosingFunctionName | react | -| autogenerated/Xss/DomBasedXss/tst.js:199:32:199:75 | {danger ... inted}} | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:199:32:199:75 | {danger ... inted}} | receiverName | React | -| autogenerated/Xss/DomBasedXss/tst.js:199:32:199:75 | {danger ... inted}} | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:199:58:199:74 | {__html: tainted} | CalleeFlexibleAccessPath | React.createElement | -| autogenerated/Xss/DomBasedXss/tst.js:199:58:199:74 | {__html: tainted} | InputAccessPathFromCallee | 1.dangerouslySetInnerHTML | -| autogenerated/Xss/DomBasedXss/tst.js:199:58:199:74 | {__html: tainted} | InputArgumentIndex | 1 | -| autogenerated/Xss/DomBasedXss/tst.js:199:58:199:74 | {__html: tainted} | assignedToPropName | dangerouslySetInnerHTML | -| autogenerated/Xss/DomBasedXss/tst.js:199:58:199:74 | {__html: tainted} | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:199:58:199:74 | {__html: tainted} | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:199:58:199:74 | {__html: tainted} | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/tst.js:199:58:199:74 | {__html: tainted} | enclosingFunctionBody | tainted document location search React createElement div dangerouslySetInnerHTML __html tainted React createFactory div dangerouslySetInnerHTML __html tainted C1 React Component constructor state tainted1 tainted state notTainted dbLookup setState tainted2 tainted state tainted3 tainted state tainted4 tainted test $ myId html state tainted1 $ myId html state tainted2 $ myId html state tainted3 $ myId html state notTainted setState prevState $ myId html prevState tainted4 C2 React Component args constructor test $ myId html props tainted1 $ myId html props tainted2 $ myId html props tainted3 $ myId html props notTainted setState prevState prevProps $ myId html prevProps tainted4 C2 defaultProps tainted1 tainted C2 tainted2 tainted C2 tainted3 tainted C2 tainted4 tainted C3 React Component constructor props props state stateTainted props propTainted render span dangerouslySetInnerHTML __html state stateTainted C3 propTainted tainted | -| autogenerated/Xss/DomBasedXss/tst.js:199:58:199:74 | {__html: tainted} | enclosingFunctionName | react | -| autogenerated/Xss/DomBasedXss/tst.js:199:58:199:74 | {__html: tainted} | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:199:58:199:74 | {__html: tainted} | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:199:58:199:74 | {__html: tainted} | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:199:67:199:73 | tainted | CalleeFlexibleAccessPath | React.createElement | -| autogenerated/Xss/DomBasedXss/tst.js:199:67:199:73 | tainted | InputAccessPathFromCallee | 1.dangerouslySetInnerHTML.__html | -| autogenerated/Xss/DomBasedXss/tst.js:199:67:199:73 | tainted | InputArgumentIndex | 1 | -| autogenerated/Xss/DomBasedXss/tst.js:199:67:199:73 | tainted | assignedToPropName | __html | -| autogenerated/Xss/DomBasedXss/tst.js:199:67:199:73 | tainted | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:199:67:199:73 | tainted | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:199:67:199:73 | tainted | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/tst.js:199:67:199:73 | tainted | enclosingFunctionBody | tainted document location search React createElement div dangerouslySetInnerHTML __html tainted React createFactory div dangerouslySetInnerHTML __html tainted C1 React Component constructor state tainted1 tainted state notTainted dbLookup setState tainted2 tainted state tainted3 tainted state tainted4 tainted test $ myId html state tainted1 $ myId html state tainted2 $ myId html state tainted3 $ myId html state notTainted setState prevState $ myId html prevState tainted4 C2 React Component args constructor test $ myId html props tainted1 $ myId html props tainted2 $ myId html props tainted3 $ myId html props notTainted setState prevState prevProps $ myId html prevProps tainted4 C2 defaultProps tainted1 tainted C2 tainted2 tainted C2 tainted3 tainted C2 tainted4 tainted C3 React Component constructor props props state stateTainted props propTainted render span dangerouslySetInnerHTML __html state stateTainted C3 propTainted tainted | -| autogenerated/Xss/DomBasedXss/tst.js:199:67:199:73 | tainted | enclosingFunctionName | react | -| autogenerated/Xss/DomBasedXss/tst.js:199:67:199:73 | tainted | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:199:67:199:73 | tainted | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:199:67:199:73 | tainted | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:200:25:200:29 | "div" | CalleeFlexibleAccessPath | React.createFactory | -| autogenerated/Xss/DomBasedXss/tst.js:200:25:200:29 | "div" | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:200:25:200:29 | "div" | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:200:25:200:29 | "div" | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:200:25:200:29 | "div" | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:200:25:200:29 | "div" | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:200:25:200:29 | "div" | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/tst.js:200:25:200:29 | "div" | enclosingFunctionBody | tainted document location search React createElement div dangerouslySetInnerHTML __html tainted React createFactory div dangerouslySetInnerHTML __html tainted C1 React Component constructor state tainted1 tainted state notTainted dbLookup setState tainted2 tainted state tainted3 tainted state tainted4 tainted test $ myId html state tainted1 $ myId html state tainted2 $ myId html state tainted3 $ myId html state notTainted setState prevState $ myId html prevState tainted4 C2 React Component args constructor test $ myId html props tainted1 $ myId html props tainted2 $ myId html props tainted3 $ myId html props notTainted setState prevState prevProps $ myId html prevProps tainted4 C2 defaultProps tainted1 tainted C2 tainted2 tainted C2 tainted3 tainted C2 tainted4 tainted C3 React Component constructor props props state stateTainted props propTainted render span dangerouslySetInnerHTML __html state stateTainted C3 propTainted tainted | -| autogenerated/Xss/DomBasedXss/tst.js:200:25:200:29 | "div" | enclosingFunctionName | react | -| autogenerated/Xss/DomBasedXss/tst.js:200:25:200:29 | "div" | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:200:25:200:29 | "div" | receiverName | React | -| autogenerated/Xss/DomBasedXss/tst.js:200:25:200:29 | "div" | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:200:32:200:75 | {danger ... inted}} | CalleeFlexibleAccessPath | React.createFactory() | -| autogenerated/Xss/DomBasedXss/tst.js:200:32:200:75 | {danger ... inted}} | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:200:32:200:75 | {danger ... inted}} | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:200:32:200:75 | {danger ... inted}} | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:200:32:200:75 | {danger ... inted}} | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:200:32:200:75 | {danger ... inted}} | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:200:32:200:75 | {danger ... inted}} | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/tst.js:200:32:200:75 | {danger ... inted}} | enclosingFunctionBody | tainted document location search React createElement div dangerouslySetInnerHTML __html tainted React createFactory div dangerouslySetInnerHTML __html tainted C1 React Component constructor state tainted1 tainted state notTainted dbLookup setState tainted2 tainted state tainted3 tainted state tainted4 tainted test $ myId html state tainted1 $ myId html state tainted2 $ myId html state tainted3 $ myId html state notTainted setState prevState $ myId html prevState tainted4 C2 React Component args constructor test $ myId html props tainted1 $ myId html props tainted2 $ myId html props tainted3 $ myId html props notTainted setState prevState prevProps $ myId html prevProps tainted4 C2 defaultProps tainted1 tainted C2 tainted2 tainted C2 tainted3 tainted C2 tainted4 tainted C3 React Component constructor props props state stateTainted props propTainted render span dangerouslySetInnerHTML __html state stateTainted C3 propTainted tainted | -| autogenerated/Xss/DomBasedXss/tst.js:200:32:200:75 | {danger ... inted}} | enclosingFunctionName | react | -| autogenerated/Xss/DomBasedXss/tst.js:200:32:200:75 | {danger ... inted}} | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:200:32:200:75 | {danger ... inted}} | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:200:32:200:75 | {danger ... inted}} | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:200:58:200:74 | {__html: tainted} | CalleeFlexibleAccessPath | React.createFactory() | -| autogenerated/Xss/DomBasedXss/tst.js:200:58:200:74 | {__html: tainted} | InputAccessPathFromCallee | 0.dangerouslySetInnerHTML | -| autogenerated/Xss/DomBasedXss/tst.js:200:58:200:74 | {__html: tainted} | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:200:58:200:74 | {__html: tainted} | assignedToPropName | dangerouslySetInnerHTML | -| autogenerated/Xss/DomBasedXss/tst.js:200:58:200:74 | {__html: tainted} | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:200:58:200:74 | {__html: tainted} | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:200:58:200:74 | {__html: tainted} | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/tst.js:200:58:200:74 | {__html: tainted} | enclosingFunctionBody | tainted document location search React createElement div dangerouslySetInnerHTML __html tainted React createFactory div dangerouslySetInnerHTML __html tainted C1 React Component constructor state tainted1 tainted state notTainted dbLookup setState tainted2 tainted state tainted3 tainted state tainted4 tainted test $ myId html state tainted1 $ myId html state tainted2 $ myId html state tainted3 $ myId html state notTainted setState prevState $ myId html prevState tainted4 C2 React Component args constructor test $ myId html props tainted1 $ myId html props tainted2 $ myId html props tainted3 $ myId html props notTainted setState prevState prevProps $ myId html prevProps tainted4 C2 defaultProps tainted1 tainted C2 tainted2 tainted C2 tainted3 tainted C2 tainted4 tainted C3 React Component constructor props props state stateTainted props propTainted render span dangerouslySetInnerHTML __html state stateTainted C3 propTainted tainted | -| autogenerated/Xss/DomBasedXss/tst.js:200:58:200:74 | {__html: tainted} | enclosingFunctionName | react | -| autogenerated/Xss/DomBasedXss/tst.js:200:58:200:74 | {__html: tainted} | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:200:58:200:74 | {__html: tainted} | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:200:58:200:74 | {__html: tainted} | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:200:67:200:73 | tainted | CalleeFlexibleAccessPath | React.createFactory() | -| autogenerated/Xss/DomBasedXss/tst.js:200:67:200:73 | tainted | InputAccessPathFromCallee | 0.dangerouslySetInnerHTML.__html | -| autogenerated/Xss/DomBasedXss/tst.js:200:67:200:73 | tainted | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:200:67:200:73 | tainted | assignedToPropName | __html | -| autogenerated/Xss/DomBasedXss/tst.js:200:67:200:73 | tainted | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:200:67:200:73 | tainted | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:200:67:200:73 | tainted | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/tst.js:200:67:200:73 | tainted | enclosingFunctionBody | tainted document location search React createElement div dangerouslySetInnerHTML __html tainted React createFactory div dangerouslySetInnerHTML __html tainted C1 React Component constructor state tainted1 tainted state notTainted dbLookup setState tainted2 tainted state tainted3 tainted state tainted4 tainted test $ myId html state tainted1 $ myId html state tainted2 $ myId html state tainted3 $ myId html state notTainted setState prevState $ myId html prevState tainted4 C2 React Component args constructor test $ myId html props tainted1 $ myId html props tainted2 $ myId html props tainted3 $ myId html props notTainted setState prevState prevProps $ myId html prevProps tainted4 C2 defaultProps tainted1 tainted C2 tainted2 tainted C2 tainted3 tainted C2 tainted4 tainted C3 React Component constructor props props state stateTainted props propTainted render span dangerouslySetInnerHTML __html state stateTainted C3 propTainted tainted | -| autogenerated/Xss/DomBasedXss/tst.js:200:67:200:73 | tainted | enclosingFunctionName | react | -| autogenerated/Xss/DomBasedXss/tst.js:200:67:200:73 | tainted | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:200:67:200:73 | tainted | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:200:67:200:73 | tainted | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:206:27:206:55 | () => ( ... nted }) | CalleeFlexibleAccessPath | this.setState | -| autogenerated/Xss/DomBasedXss/tst.js:206:27:206:55 | () => ( ... nted }) | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:206:27:206:55 | () => ( ... nted }) | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:206:27:206:55 | () => ( ... nted }) | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:206:27:206:55 | () => ( ... nted }) | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:206:27:206:55 | () => ( ... nted }) | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:206:27:206:55 | () => ( ... nted }) | contextSurroundingFunctionParameters | ()\n()\n() | -| autogenerated/Xss/DomBasedXss/tst.js:206:27:206:55 | () => ( ... nted }) | enclosingFunctionBody | tainted document location search React createElement div dangerouslySetInnerHTML __html tainted React createFactory div dangerouslySetInnerHTML __html tainted C1 React Component constructor state tainted1 tainted state notTainted dbLookup setState tainted2 tainted state tainted3 tainted state tainted4 tainted test $ myId html state tainted1 $ myId html state tainted2 $ myId html state tainted3 $ myId html state notTainted setState prevState $ myId html prevState tainted4 C2 React Component args constructor test $ myId html props tainted1 $ myId html props tainted2 $ myId html props tainted3 $ myId html props notTainted setState prevState prevProps $ myId html prevProps tainted4 C2 defaultProps tainted1 tainted C2 tainted2 tainted C2 tainted3 tainted C2 tainted4 tainted C3 React Component constructor props props state stateTainted props propTainted render span dangerouslySetInnerHTML __html state stateTainted C3 propTainted tainted | -| autogenerated/Xss/DomBasedXss/tst.js:206:27:206:55 | () => ( ... nted }) | enclosingFunctionName | react | -| autogenerated/Xss/DomBasedXss/tst.js:206:27:206:55 | () => ( ... nted }) | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:206:27:206:55 | () => ( ... nted }) | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:206:27:206:55 | () => ( ... nted }) | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:212:15:212:20 | 'myId' | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/DomBasedXss/tst.js:212:15:212:20 | 'myId' | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:212:15:212:20 | 'myId' | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:212:15:212:20 | 'myId' | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:212:15:212:20 | 'myId' | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:212:15:212:20 | 'myId' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:212:15:212:20 | 'myId' | contextSurroundingFunctionParameters | ()\n() | -| autogenerated/Xss/DomBasedXss/tst.js:212:15:212:20 | 'myId' | enclosingFunctionBody | tainted document location search React createElement div dangerouslySetInnerHTML __html tainted React createFactory div dangerouslySetInnerHTML __html tainted C1 React Component constructor state tainted1 tainted state notTainted dbLookup setState tainted2 tainted state tainted3 tainted state tainted4 tainted test $ myId html state tainted1 $ myId html state tainted2 $ myId html state tainted3 $ myId html state notTainted setState prevState $ myId html prevState tainted4 C2 React Component args constructor test $ myId html props tainted1 $ myId html props tainted2 $ myId html props tainted3 $ myId html props notTainted setState prevState prevProps $ myId html prevProps tainted4 C2 defaultProps tainted1 tainted C2 tainted2 tainted C2 tainted3 tainted C2 tainted4 tainted C3 React Component constructor props props state stateTainted props propTainted render span dangerouslySetInnerHTML __html state stateTainted C3 propTainted tainted | -| autogenerated/Xss/DomBasedXss/tst.js:212:15:212:20 | 'myId' | enclosingFunctionName | react | -| autogenerated/Xss/DomBasedXss/tst.js:212:15:212:20 | 'myId' | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:212:15:212:20 | 'myId' | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:212:15:212:20 | 'myId' | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:212:28:212:46 | this.state.tainted1 | CalleeFlexibleAccessPath | $().html | -| autogenerated/Xss/DomBasedXss/tst.js:212:28:212:46 | this.state.tainted1 | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:212:28:212:46 | this.state.tainted1 | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:212:28:212:46 | this.state.tainted1 | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:212:28:212:46 | this.state.tainted1 | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:212:28:212:46 | this.state.tainted1 | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:212:28:212:46 | this.state.tainted1 | contextSurroundingFunctionParameters | ()\n() | -| autogenerated/Xss/DomBasedXss/tst.js:212:28:212:46 | this.state.tainted1 | enclosingFunctionBody | tainted document location search React createElement div dangerouslySetInnerHTML __html tainted React createFactory div dangerouslySetInnerHTML __html tainted C1 React Component constructor state tainted1 tainted state notTainted dbLookup setState tainted2 tainted state tainted3 tainted state tainted4 tainted test $ myId html state tainted1 $ myId html state tainted2 $ myId html state tainted3 $ myId html state notTainted setState prevState $ myId html prevState tainted4 C2 React Component args constructor test $ myId html props tainted1 $ myId html props tainted2 $ myId html props tainted3 $ myId html props notTainted setState prevState prevProps $ myId html prevProps tainted4 C2 defaultProps tainted1 tainted C2 tainted2 tainted C2 tainted3 tainted C2 tainted4 tainted C3 React Component constructor props props state stateTainted props propTainted render span dangerouslySetInnerHTML __html state stateTainted C3 propTainted tainted | -| autogenerated/Xss/DomBasedXss/tst.js:212:28:212:46 | this.state.tainted1 | enclosingFunctionName | react | -| autogenerated/Xss/DomBasedXss/tst.js:212:28:212:46 | this.state.tainted1 | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:212:28:212:46 | this.state.tainted1 | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:212:28:212:46 | this.state.tainted1 | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:213:15:213:20 | 'myId' | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/DomBasedXss/tst.js:213:15:213:20 | 'myId' | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:213:15:213:20 | 'myId' | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:213:15:213:20 | 'myId' | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:213:15:213:20 | 'myId' | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:213:15:213:20 | 'myId' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:213:15:213:20 | 'myId' | contextSurroundingFunctionParameters | ()\n() | -| autogenerated/Xss/DomBasedXss/tst.js:213:15:213:20 | 'myId' | enclosingFunctionBody | tainted document location search React createElement div dangerouslySetInnerHTML __html tainted React createFactory div dangerouslySetInnerHTML __html tainted C1 React Component constructor state tainted1 tainted state notTainted dbLookup setState tainted2 tainted state tainted3 tainted state tainted4 tainted test $ myId html state tainted1 $ myId html state tainted2 $ myId html state tainted3 $ myId html state notTainted setState prevState $ myId html prevState tainted4 C2 React Component args constructor test $ myId html props tainted1 $ myId html props tainted2 $ myId html props tainted3 $ myId html props notTainted setState prevState prevProps $ myId html prevProps tainted4 C2 defaultProps tainted1 tainted C2 tainted2 tainted C2 tainted3 tainted C2 tainted4 tainted C3 React Component constructor props props state stateTainted props propTainted render span dangerouslySetInnerHTML __html state stateTainted C3 propTainted tainted | -| autogenerated/Xss/DomBasedXss/tst.js:213:15:213:20 | 'myId' | enclosingFunctionName | react | -| autogenerated/Xss/DomBasedXss/tst.js:213:15:213:20 | 'myId' | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:213:15:213:20 | 'myId' | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:213:15:213:20 | 'myId' | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:213:28:213:46 | this.state.tainted2 | CalleeFlexibleAccessPath | $().html | -| autogenerated/Xss/DomBasedXss/tst.js:213:28:213:46 | this.state.tainted2 | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:213:28:213:46 | this.state.tainted2 | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:213:28:213:46 | this.state.tainted2 | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:213:28:213:46 | this.state.tainted2 | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:213:28:213:46 | this.state.tainted2 | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:213:28:213:46 | this.state.tainted2 | contextSurroundingFunctionParameters | ()\n() | -| autogenerated/Xss/DomBasedXss/tst.js:213:28:213:46 | this.state.tainted2 | enclosingFunctionBody | tainted document location search React createElement div dangerouslySetInnerHTML __html tainted React createFactory div dangerouslySetInnerHTML __html tainted C1 React Component constructor state tainted1 tainted state notTainted dbLookup setState tainted2 tainted state tainted3 tainted state tainted4 tainted test $ myId html state tainted1 $ myId html state tainted2 $ myId html state tainted3 $ myId html state notTainted setState prevState $ myId html prevState tainted4 C2 React Component args constructor test $ myId html props tainted1 $ myId html props tainted2 $ myId html props tainted3 $ myId html props notTainted setState prevState prevProps $ myId html prevProps tainted4 C2 defaultProps tainted1 tainted C2 tainted2 tainted C2 tainted3 tainted C2 tainted4 tainted C3 React Component constructor props props state stateTainted props propTainted render span dangerouslySetInnerHTML __html state stateTainted C3 propTainted tainted | -| autogenerated/Xss/DomBasedXss/tst.js:213:28:213:46 | this.state.tainted2 | enclosingFunctionName | react | -| autogenerated/Xss/DomBasedXss/tst.js:213:28:213:46 | this.state.tainted2 | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:213:28:213:46 | this.state.tainted2 | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:213:28:213:46 | this.state.tainted2 | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:214:15:214:20 | 'myId' | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/DomBasedXss/tst.js:214:15:214:20 | 'myId' | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:214:15:214:20 | 'myId' | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:214:15:214:20 | 'myId' | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:214:15:214:20 | 'myId' | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:214:15:214:20 | 'myId' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:214:15:214:20 | 'myId' | contextSurroundingFunctionParameters | ()\n() | -| autogenerated/Xss/DomBasedXss/tst.js:214:15:214:20 | 'myId' | enclosingFunctionBody | tainted document location search React createElement div dangerouslySetInnerHTML __html tainted React createFactory div dangerouslySetInnerHTML __html tainted C1 React Component constructor state tainted1 tainted state notTainted dbLookup setState tainted2 tainted state tainted3 tainted state tainted4 tainted test $ myId html state tainted1 $ myId html state tainted2 $ myId html state tainted3 $ myId html state notTainted setState prevState $ myId html prevState tainted4 C2 React Component args constructor test $ myId html props tainted1 $ myId html props tainted2 $ myId html props tainted3 $ myId html props notTainted setState prevState prevProps $ myId html prevProps tainted4 C2 defaultProps tainted1 tainted C2 tainted2 tainted C2 tainted3 tainted C2 tainted4 tainted C3 React Component constructor props props state stateTainted props propTainted render span dangerouslySetInnerHTML __html state stateTainted C3 propTainted tainted | -| autogenerated/Xss/DomBasedXss/tst.js:214:15:214:20 | 'myId' | enclosingFunctionName | react | -| autogenerated/Xss/DomBasedXss/tst.js:214:15:214:20 | 'myId' | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:214:15:214:20 | 'myId' | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:214:15:214:20 | 'myId' | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:214:28:214:46 | this.state.tainted3 | CalleeFlexibleAccessPath | $().html | -| autogenerated/Xss/DomBasedXss/tst.js:214:28:214:46 | this.state.tainted3 | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:214:28:214:46 | this.state.tainted3 | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:214:28:214:46 | this.state.tainted3 | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:214:28:214:46 | this.state.tainted3 | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:214:28:214:46 | this.state.tainted3 | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:214:28:214:46 | this.state.tainted3 | contextSurroundingFunctionParameters | ()\n() | -| autogenerated/Xss/DomBasedXss/tst.js:214:28:214:46 | this.state.tainted3 | enclosingFunctionBody | tainted document location search React createElement div dangerouslySetInnerHTML __html tainted React createFactory div dangerouslySetInnerHTML __html tainted C1 React Component constructor state tainted1 tainted state notTainted dbLookup setState tainted2 tainted state tainted3 tainted state tainted4 tainted test $ myId html state tainted1 $ myId html state tainted2 $ myId html state tainted3 $ myId html state notTainted setState prevState $ myId html prevState tainted4 C2 React Component args constructor test $ myId html props tainted1 $ myId html props tainted2 $ myId html props tainted3 $ myId html props notTainted setState prevState prevProps $ myId html prevProps tainted4 C2 defaultProps tainted1 tainted C2 tainted2 tainted C2 tainted3 tainted C2 tainted4 tainted C3 React Component constructor props props state stateTainted props propTainted render span dangerouslySetInnerHTML __html state stateTainted C3 propTainted tainted | -| autogenerated/Xss/DomBasedXss/tst.js:214:28:214:46 | this.state.tainted3 | enclosingFunctionName | react | -| autogenerated/Xss/DomBasedXss/tst.js:214:28:214:46 | this.state.tainted3 | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:214:28:214:46 | this.state.tainted3 | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:214:28:214:46 | this.state.tainted3 | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:215:15:215:20 | 'myId' | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/DomBasedXss/tst.js:215:15:215:20 | 'myId' | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:215:15:215:20 | 'myId' | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:215:15:215:20 | 'myId' | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:215:15:215:20 | 'myId' | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:215:15:215:20 | 'myId' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:215:15:215:20 | 'myId' | contextSurroundingFunctionParameters | ()\n() | -| autogenerated/Xss/DomBasedXss/tst.js:215:15:215:20 | 'myId' | enclosingFunctionBody | tainted document location search React createElement div dangerouslySetInnerHTML __html tainted React createFactory div dangerouslySetInnerHTML __html tainted C1 React Component constructor state tainted1 tainted state notTainted dbLookup setState tainted2 tainted state tainted3 tainted state tainted4 tainted test $ myId html state tainted1 $ myId html state tainted2 $ myId html state tainted3 $ myId html state notTainted setState prevState $ myId html prevState tainted4 C2 React Component args constructor test $ myId html props tainted1 $ myId html props tainted2 $ myId html props tainted3 $ myId html props notTainted setState prevState prevProps $ myId html prevProps tainted4 C2 defaultProps tainted1 tainted C2 tainted2 tainted C2 tainted3 tainted C2 tainted4 tainted C3 React Component constructor props props state stateTainted props propTainted render span dangerouslySetInnerHTML __html state stateTainted C3 propTainted tainted | -| autogenerated/Xss/DomBasedXss/tst.js:215:15:215:20 | 'myId' | enclosingFunctionName | react | -| autogenerated/Xss/DomBasedXss/tst.js:215:15:215:20 | 'myId' | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:215:15:215:20 | 'myId' | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:215:15:215:20 | 'myId' | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:215:28:215:48 | this.st ... Tainted | CalleeFlexibleAccessPath | $().html | -| autogenerated/Xss/DomBasedXss/tst.js:215:28:215:48 | this.st ... Tainted | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:215:28:215:48 | this.st ... Tainted | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:215:28:215:48 | this.st ... Tainted | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:215:28:215:48 | this.st ... Tainted | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:215:28:215:48 | this.st ... Tainted | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:215:28:215:48 | this.st ... Tainted | contextSurroundingFunctionParameters | ()\n() | -| autogenerated/Xss/DomBasedXss/tst.js:215:28:215:48 | this.st ... Tainted | enclosingFunctionBody | tainted document location search React createElement div dangerouslySetInnerHTML __html tainted React createFactory div dangerouslySetInnerHTML __html tainted C1 React Component constructor state tainted1 tainted state notTainted dbLookup setState tainted2 tainted state tainted3 tainted state tainted4 tainted test $ myId html state tainted1 $ myId html state tainted2 $ myId html state tainted3 $ myId html state notTainted setState prevState $ myId html prevState tainted4 C2 React Component args constructor test $ myId html props tainted1 $ myId html props tainted2 $ myId html props tainted3 $ myId html props notTainted setState prevState prevProps $ myId html prevProps tainted4 C2 defaultProps tainted1 tainted C2 tainted2 tainted C2 tainted3 tainted C2 tainted4 tainted C3 React Component constructor props props state stateTainted props propTainted render span dangerouslySetInnerHTML __html state stateTainted C3 propTainted tainted | -| autogenerated/Xss/DomBasedXss/tst.js:215:28:215:48 | this.st ... Tainted | enclosingFunctionName | react | -| autogenerated/Xss/DomBasedXss/tst.js:215:28:215:48 | this.st ... Tainted | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:215:28:215:48 | this.st ... Tainted | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:215:28:215:48 | this.st ... Tainted | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:217:27:219:13 | prevSta ... } | CalleeFlexibleAccessPath | this.setState | -| autogenerated/Xss/DomBasedXss/tst.js:217:27:219:13 | prevSta ... } | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:217:27:219:13 | prevSta ... } | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:217:27:219:13 | prevSta ... } | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:217:27:219:13 | prevSta ... } | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:217:27:219:13 | prevSta ... } | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:217:27:219:13 | prevSta ... } | contextSurroundingFunctionParameters | ()\n()\n(prevState) | -| autogenerated/Xss/DomBasedXss/tst.js:217:27:219:13 | prevSta ... } | enclosingFunctionBody | tainted document location search React createElement div dangerouslySetInnerHTML __html tainted React createFactory div dangerouslySetInnerHTML __html tainted C1 React Component constructor state tainted1 tainted state notTainted dbLookup setState tainted2 tainted state tainted3 tainted state tainted4 tainted test $ myId html state tainted1 $ myId html state tainted2 $ myId html state tainted3 $ myId html state notTainted setState prevState $ myId html prevState tainted4 C2 React Component args constructor test $ myId html props tainted1 $ myId html props tainted2 $ myId html props tainted3 $ myId html props notTainted setState prevState prevProps $ myId html prevProps tainted4 C2 defaultProps tainted1 tainted C2 tainted2 tainted C2 tainted3 tainted C2 tainted4 tainted C3 React Component constructor props props state stateTainted props propTainted render span dangerouslySetInnerHTML __html state stateTainted C3 propTainted tainted | -| autogenerated/Xss/DomBasedXss/tst.js:217:27:219:13 | prevSta ... } | enclosingFunctionName | react | -| autogenerated/Xss/DomBasedXss/tst.js:217:27:219:13 | prevSta ... } | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:217:27:219:13 | prevSta ... } | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:217:27:219:13 | prevSta ... } | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:218:19:218:24 | 'myId' | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/DomBasedXss/tst.js:218:19:218:24 | 'myId' | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:218:19:218:24 | 'myId' | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:218:19:218:24 | 'myId' | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:218:19:218:24 | 'myId' | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:218:19:218:24 | 'myId' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:218:19:218:24 | 'myId' | contextSurroundingFunctionParameters | ()\n()\n(prevState) | -| autogenerated/Xss/DomBasedXss/tst.js:218:19:218:24 | 'myId' | enclosingFunctionBody | tainted document location search React createElement div dangerouslySetInnerHTML __html tainted React createFactory div dangerouslySetInnerHTML __html tainted C1 React Component constructor state tainted1 tainted state notTainted dbLookup setState tainted2 tainted state tainted3 tainted state tainted4 tainted test $ myId html state tainted1 $ myId html state tainted2 $ myId html state tainted3 $ myId html state notTainted setState prevState $ myId html prevState tainted4 C2 React Component args constructor test $ myId html props tainted1 $ myId html props tainted2 $ myId html props tainted3 $ myId html props notTainted setState prevState prevProps $ myId html prevProps tainted4 C2 defaultProps tainted1 tainted C2 tainted2 tainted C2 tainted3 tainted C2 tainted4 tainted C3 React Component constructor props props state stateTainted props propTainted render span dangerouslySetInnerHTML __html state stateTainted C3 propTainted tainted | -| autogenerated/Xss/DomBasedXss/tst.js:218:19:218:24 | 'myId' | enclosingFunctionName | react | -| autogenerated/Xss/DomBasedXss/tst.js:218:19:218:24 | 'myId' | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:218:19:218:24 | 'myId' | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:218:19:218:24 | 'myId' | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:218:32:218:49 | prevState.tainted4 | CalleeFlexibleAccessPath | $().html | -| autogenerated/Xss/DomBasedXss/tst.js:218:32:218:49 | prevState.tainted4 | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:218:32:218:49 | prevState.tainted4 | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:218:32:218:49 | prevState.tainted4 | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:218:32:218:49 | prevState.tainted4 | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:218:32:218:49 | prevState.tainted4 | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:218:32:218:49 | prevState.tainted4 | contextSurroundingFunctionParameters | ()\n()\n(prevState) | -| autogenerated/Xss/DomBasedXss/tst.js:218:32:218:49 | prevState.tainted4 | enclosingFunctionBody | tainted document location search React createElement div dangerouslySetInnerHTML __html tainted React createFactory div dangerouslySetInnerHTML __html tainted C1 React Component constructor state tainted1 tainted state notTainted dbLookup setState tainted2 tainted state tainted3 tainted state tainted4 tainted test $ myId html state tainted1 $ myId html state tainted2 $ myId html state tainted3 $ myId html state notTainted setState prevState $ myId html prevState tainted4 C2 React Component args constructor test $ myId html props tainted1 $ myId html props tainted2 $ myId html props tainted3 $ myId html props notTainted setState prevState prevProps $ myId html prevProps tainted4 C2 defaultProps tainted1 tainted C2 tainted2 tainted C2 tainted3 tainted C2 tainted4 tainted C3 React Component constructor props props state stateTainted props propTainted render span dangerouslySetInnerHTML __html state stateTainted C3 propTainted tainted | -| autogenerated/Xss/DomBasedXss/tst.js:218:32:218:49 | prevState.tainted4 | enclosingFunctionName | react | -| autogenerated/Xss/DomBasedXss/tst.js:218:32:218:49 | prevState.tainted4 | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:218:32:218:49 | prevState.tainted4 | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:218:32:218:49 | prevState.tainted4 | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:225:15:225:20 | 'myId' | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/DomBasedXss/tst.js:225:15:225:20 | 'myId' | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:225:15:225:20 | 'myId' | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:225:15:225:20 | 'myId' | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:225:15:225:20 | 'myId' | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:225:15:225:20 | 'myId' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:225:15:225:20 | 'myId' | contextSurroundingFunctionParameters | ()\n() | -| autogenerated/Xss/DomBasedXss/tst.js:225:15:225:20 | 'myId' | enclosingFunctionBody | tainted document location search React createElement div dangerouslySetInnerHTML __html tainted React createFactory div dangerouslySetInnerHTML __html tainted C1 React Component constructor state tainted1 tainted state notTainted dbLookup setState tainted2 tainted state tainted3 tainted state tainted4 tainted test $ myId html state tainted1 $ myId html state tainted2 $ myId html state tainted3 $ myId html state notTainted setState prevState $ myId html prevState tainted4 C2 React Component args constructor test $ myId html props tainted1 $ myId html props tainted2 $ myId html props tainted3 $ myId html props notTainted setState prevState prevProps $ myId html prevProps tainted4 C2 defaultProps tainted1 tainted C2 tainted2 tainted C2 tainted3 tainted C2 tainted4 tainted C3 React Component constructor props props state stateTainted props propTainted render span dangerouslySetInnerHTML __html state stateTainted C3 propTainted tainted | -| autogenerated/Xss/DomBasedXss/tst.js:225:15:225:20 | 'myId' | enclosingFunctionName | react | -| autogenerated/Xss/DomBasedXss/tst.js:225:15:225:20 | 'myId' | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:225:15:225:20 | 'myId' | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:225:15:225:20 | 'myId' | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:225:28:225:46 | this.props.tainted1 | CalleeFlexibleAccessPath | $().html | -| autogenerated/Xss/DomBasedXss/tst.js:225:28:225:46 | this.props.tainted1 | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:225:28:225:46 | this.props.tainted1 | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:225:28:225:46 | this.props.tainted1 | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:225:28:225:46 | this.props.tainted1 | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:225:28:225:46 | this.props.tainted1 | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:225:28:225:46 | this.props.tainted1 | contextSurroundingFunctionParameters | ()\n() | -| autogenerated/Xss/DomBasedXss/tst.js:225:28:225:46 | this.props.tainted1 | enclosingFunctionBody | tainted document location search React createElement div dangerouslySetInnerHTML __html tainted React createFactory div dangerouslySetInnerHTML __html tainted C1 React Component constructor state tainted1 tainted state notTainted dbLookup setState tainted2 tainted state tainted3 tainted state tainted4 tainted test $ myId html state tainted1 $ myId html state tainted2 $ myId html state tainted3 $ myId html state notTainted setState prevState $ myId html prevState tainted4 C2 React Component args constructor test $ myId html props tainted1 $ myId html props tainted2 $ myId html props tainted3 $ myId html props notTainted setState prevState prevProps $ myId html prevProps tainted4 C2 defaultProps tainted1 tainted C2 tainted2 tainted C2 tainted3 tainted C2 tainted4 tainted C3 React Component constructor props props state stateTainted props propTainted render span dangerouslySetInnerHTML __html state stateTainted C3 propTainted tainted | -| autogenerated/Xss/DomBasedXss/tst.js:225:28:225:46 | this.props.tainted1 | enclosingFunctionName | react | -| autogenerated/Xss/DomBasedXss/tst.js:225:28:225:46 | this.props.tainted1 | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:225:28:225:46 | this.props.tainted1 | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:225:28:225:46 | this.props.tainted1 | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:226:15:226:20 | 'myId' | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/DomBasedXss/tst.js:226:15:226:20 | 'myId' | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:226:15:226:20 | 'myId' | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:226:15:226:20 | 'myId' | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:226:15:226:20 | 'myId' | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:226:15:226:20 | 'myId' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:226:15:226:20 | 'myId' | contextSurroundingFunctionParameters | ()\n() | -| autogenerated/Xss/DomBasedXss/tst.js:226:15:226:20 | 'myId' | enclosingFunctionBody | tainted document location search React createElement div dangerouslySetInnerHTML __html tainted React createFactory div dangerouslySetInnerHTML __html tainted C1 React Component constructor state tainted1 tainted state notTainted dbLookup setState tainted2 tainted state tainted3 tainted state tainted4 tainted test $ myId html state tainted1 $ myId html state tainted2 $ myId html state tainted3 $ myId html state notTainted setState prevState $ myId html prevState tainted4 C2 React Component args constructor test $ myId html props tainted1 $ myId html props tainted2 $ myId html props tainted3 $ myId html props notTainted setState prevState prevProps $ myId html prevProps tainted4 C2 defaultProps tainted1 tainted C2 tainted2 tainted C2 tainted3 tainted C2 tainted4 tainted C3 React Component constructor props props state stateTainted props propTainted render span dangerouslySetInnerHTML __html state stateTainted C3 propTainted tainted | -| autogenerated/Xss/DomBasedXss/tst.js:226:15:226:20 | 'myId' | enclosingFunctionName | react | -| autogenerated/Xss/DomBasedXss/tst.js:226:15:226:20 | 'myId' | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:226:15:226:20 | 'myId' | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:226:15:226:20 | 'myId' | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:226:28:226:46 | this.props.tainted2 | CalleeFlexibleAccessPath | $().html | -| autogenerated/Xss/DomBasedXss/tst.js:226:28:226:46 | this.props.tainted2 | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:226:28:226:46 | this.props.tainted2 | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:226:28:226:46 | this.props.tainted2 | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:226:28:226:46 | this.props.tainted2 | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:226:28:226:46 | this.props.tainted2 | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:226:28:226:46 | this.props.tainted2 | contextSurroundingFunctionParameters | ()\n() | -| autogenerated/Xss/DomBasedXss/tst.js:226:28:226:46 | this.props.tainted2 | enclosingFunctionBody | tainted document location search React createElement div dangerouslySetInnerHTML __html tainted React createFactory div dangerouslySetInnerHTML __html tainted C1 React Component constructor state tainted1 tainted state notTainted dbLookup setState tainted2 tainted state tainted3 tainted state tainted4 tainted test $ myId html state tainted1 $ myId html state tainted2 $ myId html state tainted3 $ myId html state notTainted setState prevState $ myId html prevState tainted4 C2 React Component args constructor test $ myId html props tainted1 $ myId html props tainted2 $ myId html props tainted3 $ myId html props notTainted setState prevState prevProps $ myId html prevProps tainted4 C2 defaultProps tainted1 tainted C2 tainted2 tainted C2 tainted3 tainted C2 tainted4 tainted C3 React Component constructor props props state stateTainted props propTainted render span dangerouslySetInnerHTML __html state stateTainted C3 propTainted tainted | -| autogenerated/Xss/DomBasedXss/tst.js:226:28:226:46 | this.props.tainted2 | enclosingFunctionName | react | -| autogenerated/Xss/DomBasedXss/tst.js:226:28:226:46 | this.props.tainted2 | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:226:28:226:46 | this.props.tainted2 | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:226:28:226:46 | this.props.tainted2 | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:227:15:227:20 | 'myId' | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/DomBasedXss/tst.js:227:15:227:20 | 'myId' | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:227:15:227:20 | 'myId' | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:227:15:227:20 | 'myId' | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:227:15:227:20 | 'myId' | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:227:15:227:20 | 'myId' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:227:15:227:20 | 'myId' | contextSurroundingFunctionParameters | ()\n() | -| autogenerated/Xss/DomBasedXss/tst.js:227:15:227:20 | 'myId' | enclosingFunctionBody | tainted document location search React createElement div dangerouslySetInnerHTML __html tainted React createFactory div dangerouslySetInnerHTML __html tainted C1 React Component constructor state tainted1 tainted state notTainted dbLookup setState tainted2 tainted state tainted3 tainted state tainted4 tainted test $ myId html state tainted1 $ myId html state tainted2 $ myId html state tainted3 $ myId html state notTainted setState prevState $ myId html prevState tainted4 C2 React Component args constructor test $ myId html props tainted1 $ myId html props tainted2 $ myId html props tainted3 $ myId html props notTainted setState prevState prevProps $ myId html prevProps tainted4 C2 defaultProps tainted1 tainted C2 tainted2 tainted C2 tainted3 tainted C2 tainted4 tainted C3 React Component constructor props props state stateTainted props propTainted render span dangerouslySetInnerHTML __html state stateTainted C3 propTainted tainted | -| autogenerated/Xss/DomBasedXss/tst.js:227:15:227:20 | 'myId' | enclosingFunctionName | react | -| autogenerated/Xss/DomBasedXss/tst.js:227:15:227:20 | 'myId' | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:227:15:227:20 | 'myId' | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:227:15:227:20 | 'myId' | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:227:28:227:46 | this.props.tainted3 | CalleeFlexibleAccessPath | $().html | -| autogenerated/Xss/DomBasedXss/tst.js:227:28:227:46 | this.props.tainted3 | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:227:28:227:46 | this.props.tainted3 | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:227:28:227:46 | this.props.tainted3 | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:227:28:227:46 | this.props.tainted3 | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:227:28:227:46 | this.props.tainted3 | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:227:28:227:46 | this.props.tainted3 | contextSurroundingFunctionParameters | ()\n() | -| autogenerated/Xss/DomBasedXss/tst.js:227:28:227:46 | this.props.tainted3 | enclosingFunctionBody | tainted document location search React createElement div dangerouslySetInnerHTML __html tainted React createFactory div dangerouslySetInnerHTML __html tainted C1 React Component constructor state tainted1 tainted state notTainted dbLookup setState tainted2 tainted state tainted3 tainted state tainted4 tainted test $ myId html state tainted1 $ myId html state tainted2 $ myId html state tainted3 $ myId html state notTainted setState prevState $ myId html prevState tainted4 C2 React Component args constructor test $ myId html props tainted1 $ myId html props tainted2 $ myId html props tainted3 $ myId html props notTainted setState prevState prevProps $ myId html prevProps tainted4 C2 defaultProps tainted1 tainted C2 tainted2 tainted C2 tainted3 tainted C2 tainted4 tainted C3 React Component constructor props props state stateTainted props propTainted render span dangerouslySetInnerHTML __html state stateTainted C3 propTainted tainted | -| autogenerated/Xss/DomBasedXss/tst.js:227:28:227:46 | this.props.tainted3 | enclosingFunctionName | react | -| autogenerated/Xss/DomBasedXss/tst.js:227:28:227:46 | this.props.tainted3 | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:227:28:227:46 | this.props.tainted3 | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:227:28:227:46 | this.props.tainted3 | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:228:15:228:20 | 'myId' | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/DomBasedXss/tst.js:228:15:228:20 | 'myId' | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:228:15:228:20 | 'myId' | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:228:15:228:20 | 'myId' | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:228:15:228:20 | 'myId' | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:228:15:228:20 | 'myId' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:228:15:228:20 | 'myId' | contextSurroundingFunctionParameters | ()\n() | -| autogenerated/Xss/DomBasedXss/tst.js:228:15:228:20 | 'myId' | enclosingFunctionBody | tainted document location search React createElement div dangerouslySetInnerHTML __html tainted React createFactory div dangerouslySetInnerHTML __html tainted C1 React Component constructor state tainted1 tainted state notTainted dbLookup setState tainted2 tainted state tainted3 tainted state tainted4 tainted test $ myId html state tainted1 $ myId html state tainted2 $ myId html state tainted3 $ myId html state notTainted setState prevState $ myId html prevState tainted4 C2 React Component args constructor test $ myId html props tainted1 $ myId html props tainted2 $ myId html props tainted3 $ myId html props notTainted setState prevState prevProps $ myId html prevProps tainted4 C2 defaultProps tainted1 tainted C2 tainted2 tainted C2 tainted3 tainted C2 tainted4 tainted C3 React Component constructor props props state stateTainted props propTainted render span dangerouslySetInnerHTML __html state stateTainted C3 propTainted tainted | -| autogenerated/Xss/DomBasedXss/tst.js:228:15:228:20 | 'myId' | enclosingFunctionName | react | -| autogenerated/Xss/DomBasedXss/tst.js:228:15:228:20 | 'myId' | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:228:15:228:20 | 'myId' | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:228:15:228:20 | 'myId' | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:228:28:228:48 | this.pr ... Tainted | CalleeFlexibleAccessPath | $().html | -| autogenerated/Xss/DomBasedXss/tst.js:228:28:228:48 | this.pr ... Tainted | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:228:28:228:48 | this.pr ... Tainted | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:228:28:228:48 | this.pr ... Tainted | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:228:28:228:48 | this.pr ... Tainted | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:228:28:228:48 | this.pr ... Tainted | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:228:28:228:48 | this.pr ... Tainted | contextSurroundingFunctionParameters | ()\n() | -| autogenerated/Xss/DomBasedXss/tst.js:228:28:228:48 | this.pr ... Tainted | enclosingFunctionBody | tainted document location search React createElement div dangerouslySetInnerHTML __html tainted React createFactory div dangerouslySetInnerHTML __html tainted C1 React Component constructor state tainted1 tainted state notTainted dbLookup setState tainted2 tainted state tainted3 tainted state tainted4 tainted test $ myId html state tainted1 $ myId html state tainted2 $ myId html state tainted3 $ myId html state notTainted setState prevState $ myId html prevState tainted4 C2 React Component args constructor test $ myId html props tainted1 $ myId html props tainted2 $ myId html props tainted3 $ myId html props notTainted setState prevState prevProps $ myId html prevProps tainted4 C2 defaultProps tainted1 tainted C2 tainted2 tainted C2 tainted3 tainted C2 tainted4 tainted C3 React Component constructor props props state stateTainted props propTainted render span dangerouslySetInnerHTML __html state stateTainted C3 propTainted tainted | -| autogenerated/Xss/DomBasedXss/tst.js:228:28:228:48 | this.pr ... Tainted | enclosingFunctionName | react | -| autogenerated/Xss/DomBasedXss/tst.js:228:28:228:48 | this.pr ... Tainted | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:228:28:228:48 | this.pr ... Tainted | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:228:28:228:48 | this.pr ... Tainted | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:230:27:232:13 | (prevSt ... } | CalleeFlexibleAccessPath | this.setState | -| autogenerated/Xss/DomBasedXss/tst.js:230:27:232:13 | (prevSt ... } | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:230:27:232:13 | (prevSt ... } | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:230:27:232:13 | (prevSt ... } | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:230:27:232:13 | (prevSt ... } | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:230:27:232:13 | (prevSt ... } | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:230:27:232:13 | (prevSt ... } | contextSurroundingFunctionParameters | ()\n()\n(prevState, prevProps) | -| autogenerated/Xss/DomBasedXss/tst.js:230:27:232:13 | (prevSt ... } | enclosingFunctionBody | tainted document location search React createElement div dangerouslySetInnerHTML __html tainted React createFactory div dangerouslySetInnerHTML __html tainted C1 React Component constructor state tainted1 tainted state notTainted dbLookup setState tainted2 tainted state tainted3 tainted state tainted4 tainted test $ myId html state tainted1 $ myId html state tainted2 $ myId html state tainted3 $ myId html state notTainted setState prevState $ myId html prevState tainted4 C2 React Component args constructor test $ myId html props tainted1 $ myId html props tainted2 $ myId html props tainted3 $ myId html props notTainted setState prevState prevProps $ myId html prevProps tainted4 C2 defaultProps tainted1 tainted C2 tainted2 tainted C2 tainted3 tainted C2 tainted4 tainted C3 React Component constructor props props state stateTainted props propTainted render span dangerouslySetInnerHTML __html state stateTainted C3 propTainted tainted | -| autogenerated/Xss/DomBasedXss/tst.js:230:27:232:13 | (prevSt ... } | enclosingFunctionName | react | -| autogenerated/Xss/DomBasedXss/tst.js:230:27:232:13 | (prevSt ... } | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:230:27:232:13 | (prevSt ... } | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:230:27:232:13 | (prevSt ... } | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:231:19:231:24 | 'myId' | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/DomBasedXss/tst.js:231:19:231:24 | 'myId' | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:231:19:231:24 | 'myId' | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:231:19:231:24 | 'myId' | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:231:19:231:24 | 'myId' | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:231:19:231:24 | 'myId' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:231:19:231:24 | 'myId' | contextSurroundingFunctionParameters | ()\n()\n(prevState, prevProps) | -| autogenerated/Xss/DomBasedXss/tst.js:231:19:231:24 | 'myId' | enclosingFunctionBody | tainted document location search React createElement div dangerouslySetInnerHTML __html tainted React createFactory div dangerouslySetInnerHTML __html tainted C1 React Component constructor state tainted1 tainted state notTainted dbLookup setState tainted2 tainted state tainted3 tainted state tainted4 tainted test $ myId html state tainted1 $ myId html state tainted2 $ myId html state tainted3 $ myId html state notTainted setState prevState $ myId html prevState tainted4 C2 React Component args constructor test $ myId html props tainted1 $ myId html props tainted2 $ myId html props tainted3 $ myId html props notTainted setState prevState prevProps $ myId html prevProps tainted4 C2 defaultProps tainted1 tainted C2 tainted2 tainted C2 tainted3 tainted C2 tainted4 tainted C3 React Component constructor props props state stateTainted props propTainted render span dangerouslySetInnerHTML __html state stateTainted C3 propTainted tainted | -| autogenerated/Xss/DomBasedXss/tst.js:231:19:231:24 | 'myId' | enclosingFunctionName | react | -| autogenerated/Xss/DomBasedXss/tst.js:231:19:231:24 | 'myId' | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:231:19:231:24 | 'myId' | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:231:19:231:24 | 'myId' | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:231:32:231:49 | prevProps.tainted4 | CalleeFlexibleAccessPath | $().html | -| autogenerated/Xss/DomBasedXss/tst.js:231:32:231:49 | prevProps.tainted4 | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:231:32:231:49 | prevProps.tainted4 | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:231:32:231:49 | prevProps.tainted4 | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:231:32:231:49 | prevProps.tainted4 | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:231:32:231:49 | prevProps.tainted4 | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:231:32:231:49 | prevProps.tainted4 | contextSurroundingFunctionParameters | ()\n()\n(prevState, prevProps) | -| autogenerated/Xss/DomBasedXss/tst.js:231:32:231:49 | prevProps.tainted4 | enclosingFunctionBody | tainted document location search React createElement div dangerouslySetInnerHTML __html tainted React createFactory div dangerouslySetInnerHTML __html tainted C1 React Component constructor state tainted1 tainted state notTainted dbLookup setState tainted2 tainted state tainted3 tainted state tainted4 tainted test $ myId html state tainted1 $ myId html state tainted2 $ myId html state tainted3 $ myId html state notTainted setState prevState $ myId html prevState tainted4 C2 React Component args constructor test $ myId html props tainted1 $ myId html props tainted2 $ myId html props tainted3 $ myId html props notTainted setState prevState prevProps $ myId html prevProps tainted4 C2 defaultProps tainted1 tainted C2 tainted2 tainted C2 tainted3 tainted C2 tainted4 tainted C3 React Component constructor props props state stateTainted props propTainted render span dangerouslySetInnerHTML __html state stateTainted C3 propTainted tainted | -| autogenerated/Xss/DomBasedXss/tst.js:231:32:231:49 | prevProps.tainted4 | enclosingFunctionName | react | -| autogenerated/Xss/DomBasedXss/tst.js:231:32:231:49 | prevProps.tainted4 | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:231:32:231:49 | prevProps.tainted4 | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:231:32:231:49 | prevProps.tainted4 | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:246:19:246:23 | props | CalleeFlexibleAccessPath | super | -| autogenerated/Xss/DomBasedXss/tst.js:246:19:246:23 | props | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:246:19:246:23 | props | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:246:19:246:23 | props | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:246:19:246:23 | props | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:246:19:246:23 | props | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:246:19:246:23 | props | contextSurroundingFunctionParameters | ()\n(props) | -| autogenerated/Xss/DomBasedXss/tst.js:246:19:246:23 | props | enclosingFunctionBody | tainted document location search React createElement div dangerouslySetInnerHTML __html tainted React createFactory div dangerouslySetInnerHTML __html tainted C1 React Component constructor state tainted1 tainted state notTainted dbLookup setState tainted2 tainted state tainted3 tainted state tainted4 tainted test $ myId html state tainted1 $ myId html state tainted2 $ myId html state tainted3 $ myId html state notTainted setState prevState $ myId html prevState tainted4 C2 React Component args constructor test $ myId html props tainted1 $ myId html props tainted2 $ myId html props tainted3 $ myId html props notTainted setState prevState prevProps $ myId html prevProps tainted4 C2 defaultProps tainted1 tainted C2 tainted2 tainted C2 tainted3 tainted C2 tainted4 tainted C3 React Component constructor props props state stateTainted props propTainted render span dangerouslySetInnerHTML __html state stateTainted C3 propTainted tainted | -| autogenerated/Xss/DomBasedXss/tst.js:246:19:246:23 | props | enclosingFunctionName | react | -| autogenerated/Xss/DomBasedXss/tst.js:246:19:246:23 | props | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:246:19:246:23 | props | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:246:19:246:23 | props | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:251:51:251:83 | {__html ... ainted} | CalleeFlexibleAccessPath | | -| autogenerated/Xss/DomBasedXss/tst.js:251:51:251:83 | {__html ... ainted} | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:251:51:251:83 | {__html ... ainted} | InputArgumentIndex | | -| autogenerated/Xss/DomBasedXss/tst.js:251:51:251:83 | {__html ... ainted} | assignedToPropName | dangerouslySetInnerHTML | -| autogenerated/Xss/DomBasedXss/tst.js:251:51:251:83 | {__html ... ainted} | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:251:51:251:83 | {__html ... ainted} | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:251:51:251:83 | {__html ... ainted} | contextSurroundingFunctionParameters | ()\n() | -| autogenerated/Xss/DomBasedXss/tst.js:251:51:251:83 | {__html ... ainted} | enclosingFunctionBody | tainted document location search React createElement div dangerouslySetInnerHTML __html tainted React createFactory div dangerouslySetInnerHTML __html tainted C1 React Component constructor state tainted1 tainted state notTainted dbLookup setState tainted2 tainted state tainted3 tainted state tainted4 tainted test $ myId html state tainted1 $ myId html state tainted2 $ myId html state tainted3 $ myId html state notTainted setState prevState $ myId html prevState tainted4 C2 React Component args constructor test $ myId html props tainted1 $ myId html props tainted2 $ myId html props tainted3 $ myId html props notTainted setState prevState prevProps $ myId html prevProps tainted4 C2 defaultProps tainted1 tainted C2 tainted2 tainted C2 tainted3 tainted C2 tainted4 tainted C3 React Component constructor props props state stateTainted props propTainted render span dangerouslySetInnerHTML __html state stateTainted C3 propTainted tainted | -| autogenerated/Xss/DomBasedXss/tst.js:251:51:251:83 | {__html ... ainted} | enclosingFunctionName | react | -| autogenerated/Xss/DomBasedXss/tst.js:251:51:251:83 | {__html ... ainted} | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:251:51:251:83 | {__html ... ainted} | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:251:51:251:83 | {__html ... ainted} | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:251:60:251:82 | this.st ... Tainted | CalleeFlexibleAccessPath | | -| autogenerated/Xss/DomBasedXss/tst.js:251:60:251:82 | this.st ... Tainted | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:251:60:251:82 | this.st ... Tainted | InputArgumentIndex | | -| autogenerated/Xss/DomBasedXss/tst.js:251:60:251:82 | this.st ... Tainted | assignedToPropName | __html | -| autogenerated/Xss/DomBasedXss/tst.js:251:60:251:82 | this.st ... Tainted | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:251:60:251:82 | this.st ... Tainted | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:251:60:251:82 | this.st ... Tainted | contextSurroundingFunctionParameters | ()\n() | -| autogenerated/Xss/DomBasedXss/tst.js:251:60:251:82 | this.st ... Tainted | enclosingFunctionBody | tainted document location search React createElement div dangerouslySetInnerHTML __html tainted React createFactory div dangerouslySetInnerHTML __html tainted C1 React Component constructor state tainted1 tainted state notTainted dbLookup setState tainted2 tainted state tainted3 tainted state tainted4 tainted test $ myId html state tainted1 $ myId html state tainted2 $ myId html state tainted3 $ myId html state notTainted setState prevState $ myId html prevState tainted4 C2 React Component args constructor test $ myId html props tainted1 $ myId html props tainted2 $ myId html props tainted3 $ myId html props notTainted setState prevState prevProps $ myId html prevProps tainted4 C2 defaultProps tainted1 tainted C2 tainted2 tainted C2 tainted3 tainted C2 tainted4 tainted C3 React Component constructor props props state stateTainted props propTainted render span dangerouslySetInnerHTML __html state stateTainted C3 propTainted tainted | -| autogenerated/Xss/DomBasedXss/tst.js:251:60:251:82 | this.st ... Tainted | enclosingFunctionName | react | -| autogenerated/Xss/DomBasedXss/tst.js:251:60:251:82 | this.st ... Tainted | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:251:60:251:82 | this.st ... Tainted | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:251:60:251:82 | this.st ... Tainted | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:259:7:259:17 | window.name | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/DomBasedXss/tst.js:259:7:259:17 | window.name | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:259:7:259:17 | window.name | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:259:7:259:17 | window.name | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:259:7:259:17 | window.name | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:259:7:259:17 | window.name | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:259:7:259:17 | window.name | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/tst.js:259:7:259:17 | window.name | enclosingFunctionBody | $ window name $ name | -| autogenerated/Xss/DomBasedXss/tst.js:259:7:259:17 | window.name | enclosingFunctionName | windowName | -| autogenerated/Xss/DomBasedXss/tst.js:259:7:259:17 | window.name | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:259:7:259:17 | window.name | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:259:7:259:17 | window.name | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:260:7:260:10 | name | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/DomBasedXss/tst.js:260:7:260:10 | name | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:260:7:260:10 | name | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:260:7:260:10 | name | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:260:7:260:10 | name | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:260:7:260:10 | name | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:260:7:260:10 | name | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/tst.js:260:7:260:10 | name | enclosingFunctionBody | $ window name $ name | -| autogenerated/Xss/DomBasedXss/tst.js:260:7:260:10 | name | enclosingFunctionName | windowName | -| autogenerated/Xss/DomBasedXss/tst.js:260:7:260:10 | name | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:260:7:260:10 | name | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:260:7:260:10 | name | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:264:11:264:21 | window.name | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/DomBasedXss/tst.js:264:11:264:21 | window.name | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:264:11:264:21 | window.name | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:264:11:264:21 | window.name | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:264:11:264:21 | window.name | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:264:11:264:21 | window.name | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:264:11:264:21 | window.name | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/tst.js:264:11:264:21 | window.name | enclosingFunctionBody | name a b $ window name $ name | -| autogenerated/Xss/DomBasedXss/tst.js:264:11:264:21 | window.name | enclosingFunctionName | windowNameAssigned | -| autogenerated/Xss/DomBasedXss/tst.js:264:11:264:21 | window.name | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:264:11:264:21 | window.name | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:264:11:264:21 | window.name | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:265:11:265:14 | name | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/DomBasedXss/tst.js:265:11:265:14 | name | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:265:11:265:14 | name | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:265:11:265:14 | name | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:265:11:265:14 | name | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:265:11:265:14 | name | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:265:11:265:14 | name | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/tst.js:265:11:265:14 | name | enclosingFunctionBody | name a b $ window name $ name | -| autogenerated/Xss/DomBasedXss/tst.js:265:11:265:14 | name | enclosingFunctionName | windowNameAssigned | -| autogenerated/Xss/DomBasedXss/tst.js:265:11:265:14 | name | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:265:11:265:14 | name | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:265:11:265:14 | name | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:270:7:270:14 | location | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/DomBasedXss/tst.js:270:7:270:14 | location | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:270:7:270:14 | location | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:270:7:270:14 | location | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:270:7:270:14 | location | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:270:7:270:14 | location | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:270:7:270:14 | location | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/tst.js:270:7:270:14 | location | enclosingFunctionBody | $ location $ window location $ document location loc1 location loc2 window location loc3 document location $ loc1 $ loc2 $ loc3 $ body append location | -| autogenerated/Xss/DomBasedXss/tst.js:270:7:270:14 | location | enclosingFunctionName | jqueryLocation | -| autogenerated/Xss/DomBasedXss/tst.js:270:7:270:14 | location | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:270:7:270:14 | location | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:270:7:270:14 | location | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:271:7:271:21 | window.location | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/DomBasedXss/tst.js:271:7:271:21 | window.location | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:271:7:271:21 | window.location | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:271:7:271:21 | window.location | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:271:7:271:21 | window.location | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:271:7:271:21 | window.location | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:271:7:271:21 | window.location | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/tst.js:271:7:271:21 | window.location | enclosingFunctionBody | $ location $ window location $ document location loc1 location loc2 window location loc3 document location $ loc1 $ loc2 $ loc3 $ body append location | -| autogenerated/Xss/DomBasedXss/tst.js:271:7:271:21 | window.location | enclosingFunctionName | jqueryLocation | -| autogenerated/Xss/DomBasedXss/tst.js:271:7:271:21 | window.location | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:271:7:271:21 | window.location | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:271:7:271:21 | window.location | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:272:7:272:23 | document.location | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/DomBasedXss/tst.js:272:7:272:23 | document.location | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:272:7:272:23 | document.location | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:272:7:272:23 | document.location | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:272:7:272:23 | document.location | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:272:7:272:23 | document.location | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:272:7:272:23 | document.location | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/tst.js:272:7:272:23 | document.location | enclosingFunctionBody | $ location $ window location $ document location loc1 location loc2 window location loc3 document location $ loc1 $ loc2 $ loc3 $ body append location | -| autogenerated/Xss/DomBasedXss/tst.js:272:7:272:23 | document.location | enclosingFunctionName | jqueryLocation | -| autogenerated/Xss/DomBasedXss/tst.js:272:7:272:23 | document.location | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:272:7:272:23 | document.location | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:272:7:272:23 | document.location | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:276:7:276:10 | loc1 | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/DomBasedXss/tst.js:276:7:276:10 | loc1 | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:276:7:276:10 | loc1 | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:276:7:276:10 | loc1 | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:276:7:276:10 | loc1 | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:276:7:276:10 | loc1 | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:276:7:276:10 | loc1 | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/tst.js:276:7:276:10 | loc1 | enclosingFunctionBody | $ location $ window location $ document location loc1 location loc2 window location loc3 document location $ loc1 $ loc2 $ loc3 $ body append location | -| autogenerated/Xss/DomBasedXss/tst.js:276:7:276:10 | loc1 | enclosingFunctionName | jqueryLocation | -| autogenerated/Xss/DomBasedXss/tst.js:276:7:276:10 | loc1 | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:276:7:276:10 | loc1 | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:276:7:276:10 | loc1 | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:277:7:277:10 | loc2 | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/DomBasedXss/tst.js:277:7:277:10 | loc2 | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:277:7:277:10 | loc2 | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:277:7:277:10 | loc2 | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:277:7:277:10 | loc2 | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:277:7:277:10 | loc2 | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:277:7:277:10 | loc2 | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/tst.js:277:7:277:10 | loc2 | enclosingFunctionBody | $ location $ window location $ document location loc1 location loc2 window location loc3 document location $ loc1 $ loc2 $ loc3 $ body append location | -| autogenerated/Xss/DomBasedXss/tst.js:277:7:277:10 | loc2 | enclosingFunctionName | jqueryLocation | -| autogenerated/Xss/DomBasedXss/tst.js:277:7:277:10 | loc2 | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:277:7:277:10 | loc2 | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:277:7:277:10 | loc2 | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:278:7:278:10 | loc3 | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/DomBasedXss/tst.js:278:7:278:10 | loc3 | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:278:7:278:10 | loc3 | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:278:7:278:10 | loc3 | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:278:7:278:10 | loc3 | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:278:7:278:10 | loc3 | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:278:7:278:10 | loc3 | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/tst.js:278:7:278:10 | loc3 | enclosingFunctionBody | $ location $ window location $ document location loc1 location loc2 window location loc3 document location $ loc1 $ loc2 $ loc3 $ body append location | -| autogenerated/Xss/DomBasedXss/tst.js:278:7:278:10 | loc3 | enclosingFunctionName | jqueryLocation | -| autogenerated/Xss/DomBasedXss/tst.js:278:7:278:10 | loc3 | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:278:7:278:10 | loc3 | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:278:7:278:10 | loc3 | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:280:7:280:12 | "body" | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/DomBasedXss/tst.js:280:7:280:12 | "body" | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:280:7:280:12 | "body" | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:280:7:280:12 | "body" | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:280:7:280:12 | "body" | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:280:7:280:12 | "body" | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:280:7:280:12 | "body" | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/tst.js:280:7:280:12 | "body" | enclosingFunctionBody | $ location $ window location $ document location loc1 location loc2 window location loc3 document location $ loc1 $ loc2 $ loc3 $ body append location | -| autogenerated/Xss/DomBasedXss/tst.js:280:7:280:12 | "body" | enclosingFunctionName | jqueryLocation | -| autogenerated/Xss/DomBasedXss/tst.js:280:7:280:12 | "body" | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:280:7:280:12 | "body" | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:280:7:280:12 | "body" | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:280:22:280:29 | location | CalleeFlexibleAccessPath | $().append | -| autogenerated/Xss/DomBasedXss/tst.js:280:22:280:29 | location | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:280:22:280:29 | location | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:280:22:280:29 | location | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:280:22:280:29 | location | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:280:22:280:29 | location | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:280:22:280:29 | location | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/tst.js:280:22:280:29 | location | enclosingFunctionBody | $ location $ window location $ document location loc1 location loc2 window location loc3 document location $ loc1 $ loc2 $ loc3 $ body append location | -| autogenerated/Xss/DomBasedXss/tst.js:280:22:280:29 | location | enclosingFunctionName | jqueryLocation | -| autogenerated/Xss/DomBasedXss/tst.js:280:22:280:29 | location | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:280:22:280:29 | location | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:280:22:280:29 | location | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:287:22:287:65 | documen ... item(0) | CalleeFlexibleAccessPath | range.selectNode | -| autogenerated/Xss/DomBasedXss/tst.js:287:22:287:65 | documen ... item(0) | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:287:22:287:65 | documen ... item(0) | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:287:22:287:65 | documen ... item(0) | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:287:22:287:65 | documen ... item(0) | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:287:22:287:65 | documen ... item(0) | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:287:22:287:65 | documen ... item(0) | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/tst.js:287:22:287:65 | documen ... item(0) | enclosingFunctionBody | tainted window name range document createRange range selectNode document getElementsByTagName div item 0 documentFragment range createContextualFragment tainted document body appendChild documentFragment | -| autogenerated/Xss/DomBasedXss/tst.js:287:22:287:65 | documen ... item(0) | enclosingFunctionName | testCreateContextualFragment | -| autogenerated/Xss/DomBasedXss/tst.js:287:22:287:65 | documen ... item(0) | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:287:22:287:65 | documen ... item(0) | receiverName | range | -| autogenerated/Xss/DomBasedXss/tst.js:287:22:287:65 | documen ... item(0) | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:287:52:287:56 | "div" | CalleeFlexibleAccessPath | document.getElementsByTagName | -| autogenerated/Xss/DomBasedXss/tst.js:287:52:287:56 | "div" | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:287:52:287:56 | "div" | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:287:52:287:56 | "div" | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:287:52:287:56 | "div" | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:287:52:287:56 | "div" | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:287:52:287:56 | "div" | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/tst.js:287:52:287:56 | "div" | enclosingFunctionBody | tainted window name range document createRange range selectNode document getElementsByTagName div item 0 documentFragment range createContextualFragment tainted document body appendChild documentFragment | -| autogenerated/Xss/DomBasedXss/tst.js:287:52:287:56 | "div" | enclosingFunctionName | testCreateContextualFragment | -| autogenerated/Xss/DomBasedXss/tst.js:287:52:287:56 | "div" | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:287:52:287:56 | "div" | receiverName | document | -| autogenerated/Xss/DomBasedXss/tst.js:287:52:287:56 | "div" | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:287:64:287:64 | 0 | CalleeFlexibleAccessPath | document.getElementsByTagName().item | -| autogenerated/Xss/DomBasedXss/tst.js:287:64:287:64 | 0 | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:287:64:287:64 | 0 | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:287:64:287:64 | 0 | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:287:64:287:64 | 0 | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:287:64:287:64 | 0 | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:287:64:287:64 | 0 | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/tst.js:287:64:287:64 | 0 | enclosingFunctionBody | tainted window name range document createRange range selectNode document getElementsByTagName div item 0 documentFragment range createContextualFragment tainted document body appendChild documentFragment | -| autogenerated/Xss/DomBasedXss/tst.js:287:64:287:64 | 0 | enclosingFunctionName | testCreateContextualFragment | -| autogenerated/Xss/DomBasedXss/tst.js:287:64:287:64 | 0 | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:287:64:287:64 | 0 | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:287:64:287:64 | 0 | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:288:59:288:65 | tainted | CalleeFlexibleAccessPath | range.createContextualFragment | -| autogenerated/Xss/DomBasedXss/tst.js:288:59:288:65 | tainted | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:288:59:288:65 | tainted | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:288:59:288:65 | tainted | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:288:59:288:65 | tainted | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:288:59:288:65 | tainted | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:288:59:288:65 | tainted | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/tst.js:288:59:288:65 | tainted | enclosingFunctionBody | tainted window name range document createRange range selectNode document getElementsByTagName div item 0 documentFragment range createContextualFragment tainted document body appendChild documentFragment | -| autogenerated/Xss/DomBasedXss/tst.js:288:59:288:65 | tainted | enclosingFunctionName | testCreateContextualFragment | -| autogenerated/Xss/DomBasedXss/tst.js:288:59:288:65 | tainted | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:288:59:288:65 | tainted | receiverName | range | -| autogenerated/Xss/DomBasedXss/tst.js:288:59:288:65 | tainted | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:289:31:289:46 | documentFragment | CalleeFlexibleAccessPath | document.body.appendChild | -| autogenerated/Xss/DomBasedXss/tst.js:289:31:289:46 | documentFragment | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:289:31:289:46 | documentFragment | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:289:31:289:46 | documentFragment | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:289:31:289:46 | documentFragment | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:289:31:289:46 | documentFragment | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:289:31:289:46 | documentFragment | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/tst.js:289:31:289:46 | documentFragment | enclosingFunctionBody | tainted window name range document createRange range selectNode document getElementsByTagName div item 0 documentFragment range createContextualFragment tainted document body appendChild documentFragment | -| autogenerated/Xss/DomBasedXss/tst.js:289:31:289:46 | documentFragment | enclosingFunctionName | testCreateContextualFragment | -| autogenerated/Xss/DomBasedXss/tst.js:289:31:289:46 | documentFragment | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:289:31:289:46 | documentFragment | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:289:31:289:46 | documentFragment | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:296:9:296:9 | p | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/DomBasedXss/tst.js:296:9:296:9 | p | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:296:9:296:9 | p | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:296:9:296:9 | p | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:296:9:296:9 | p | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:296:9:296:9 | p | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:296:9:296:9 | p | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/tst.js:296:9:296:9 | p | enclosingFunctionBody | obj obj Math random window name p obj $ p | -| autogenerated/Xss/DomBasedXss/tst.js:296:9:296:9 | p | enclosingFunctionName | flowThroughPropertyNames | -| autogenerated/Xss/DomBasedXss/tst.js:296:9:296:9 | p | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:296:9:296:9 | p | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:296:9:296:9 | p | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:303:5:303:10 | "body" | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/DomBasedXss/tst.js:303:5:303:10 | "body" | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:303:5:303:10 | "body" | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:303:5:303:10 | "body" | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:303:5:303:10 | "body" | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:303:5:303:10 | "body" | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:303:5:303:10 | "body" | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/tst.js:303:5:303:10 | "body" | enclosingFunctionBody | location e $ body append e location e $ body append e | -| autogenerated/Xss/DomBasedXss/tst.js:303:5:303:10 | "body" | enclosingFunctionName | basicExceptions | -| autogenerated/Xss/DomBasedXss/tst.js:303:5:303:10 | "body" | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:303:5:303:10 | "body" | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:303:5:303:10 | "body" | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:303:20:303:20 | e | CalleeFlexibleAccessPath | $().append | -| autogenerated/Xss/DomBasedXss/tst.js:303:20:303:20 | e | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:303:20:303:20 | e | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:303:20:303:20 | e | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:303:20:303:20 | e | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:303:20:303:20 | e | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:303:20:303:20 | e | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/tst.js:303:20:303:20 | e | enclosingFunctionBody | location e $ body append e location e $ body append e | -| autogenerated/Xss/DomBasedXss/tst.js:303:20:303:20 | e | enclosingFunctionName | basicExceptions | -| autogenerated/Xss/DomBasedXss/tst.js:303:20:303:20 | e | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:303:20:303:20 | e | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:303:20:303:20 | e | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:311:5:311:10 | "body" | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/DomBasedXss/tst.js:311:5:311:10 | "body" | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:311:5:311:10 | "body" | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:311:5:311:10 | "body" | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:311:5:311:10 | "body" | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:311:5:311:10 | "body" | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:311:5:311:10 | "body" | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/tst.js:311:5:311:10 | "body" | enclosingFunctionBody | location e $ body append e location e $ body append e | -| autogenerated/Xss/DomBasedXss/tst.js:311:5:311:10 | "body" | enclosingFunctionName | basicExceptions | -| autogenerated/Xss/DomBasedXss/tst.js:311:5:311:10 | "body" | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:311:5:311:10 | "body" | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:311:5:311:10 | "body" | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:311:20:311:20 | e | CalleeFlexibleAccessPath | $().append | -| autogenerated/Xss/DomBasedXss/tst.js:311:20:311:20 | e | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:311:20:311:20 | e | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:311:20:311:20 | e | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:311:20:311:20 | e | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:311:20:311:20 | e | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:311:20:311:20 | e | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/tst.js:311:20:311:20 | e | enclosingFunctionBody | location e $ body append e location e $ body append e | -| autogenerated/Xss/DomBasedXss/tst.js:311:20:311:20 | e | enclosingFunctionName | basicExceptions | -| autogenerated/Xss/DomBasedXss/tst.js:311:20:311:20 | e | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:311:20:311:20 | e | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:311:20:311:20 | e | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:316:35:316:42 | location | CalleeFlexibleAccessPath | Handlebars.SafeString | -| autogenerated/Xss/DomBasedXss/tst.js:316:35:316:42 | location | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:316:35:316:42 | location | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:316:35:316:42 | location | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:316:35:316:42 | location | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:316:35:316:42 | location | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:316:35:316:42 | location | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/tst.js:316:35:316:42 | location | enclosingFunctionBody | Handlebars SafeString location | -| autogenerated/Xss/DomBasedXss/tst.js:316:35:316:42 | location | enclosingFunctionName | handlebarsSafeString | -| autogenerated/Xss/DomBasedXss/tst.js:316:35:316:42 | location | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:316:35:316:42 | location | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:316:35:316:42 | location | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:323:5:323:10 | 'myId' | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/DomBasedXss/tst.js:323:5:323:10 | 'myId' | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:323:5:323:10 | 'myId' | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:323:5:323:10 | 'myId' | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:323:5:323:10 | 'myId' | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:323:5:323:10 | 'myId' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:323:5:323:10 | 'myId' | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/tst.js:323:5:323:10 | 'myId' | enclosingFunctionBody | target document location search $ myId html target length | -| autogenerated/Xss/DomBasedXss/tst.js:323:5:323:10 | 'myId' | enclosingFunctionName | test2 | -| autogenerated/Xss/DomBasedXss/tst.js:323:5:323:10 | 'myId' | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:323:5:323:10 | 'myId' | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:323:5:323:10 | 'myId' | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:323:18:323:30 | target.length | CalleeFlexibleAccessPath | $().html | -| autogenerated/Xss/DomBasedXss/tst.js:323:18:323:30 | target.length | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:323:18:323:30 | target.length | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:323:18:323:30 | target.length | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:323:18:323:30 | target.length | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:323:18:323:30 | target.length | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:323:18:323:30 | target.length | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/tst.js:323:18:323:30 | target.length | enclosingFunctionBody | target document location search $ myId html target length | -| autogenerated/Xss/DomBasedXss/tst.js:323:18:323:30 | target.length | enclosingFunctionName | test2 | -| autogenerated/Xss/DomBasedXss/tst.js:323:18:323:30 | target.length | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:323:18:323:30 | target.length | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:323:18:323:30 | target.length | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:332:5:332:10 | 'name' | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/DomBasedXss/tst.js:332:5:332:10 | 'name' | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:332:5:332:10 | 'name' | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:332:5:332:10 | 'name' | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:332:5:332:10 | 'name' | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:332:5:332:10 | 'name' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:332:5:332:10 | 'name' | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/tst.js:332:5:332:10 | 'name' | enclosingFunctionBody | params getTaintedUrl searchParams $ name html params get name myUrl getTaintedUrl $ name html myUrl get name | -| autogenerated/Xss/DomBasedXss/tst.js:332:5:332:10 | 'name' | enclosingFunctionName | URLPseudoProperties | -| autogenerated/Xss/DomBasedXss/tst.js:332:5:332:10 | 'name' | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:332:5:332:10 | 'name' | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:332:5:332:10 | 'name' | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:332:18:332:35 | params.get('name') | CalleeFlexibleAccessPath | $().html | -| autogenerated/Xss/DomBasedXss/tst.js:332:18:332:35 | params.get('name') | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:332:18:332:35 | params.get('name') | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:332:18:332:35 | params.get('name') | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:332:18:332:35 | params.get('name') | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:332:18:332:35 | params.get('name') | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:332:18:332:35 | params.get('name') | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/tst.js:332:18:332:35 | params.get('name') | enclosingFunctionBody | params getTaintedUrl searchParams $ name html params get name myUrl getTaintedUrl $ name html myUrl get name | -| autogenerated/Xss/DomBasedXss/tst.js:332:18:332:35 | params.get('name') | enclosingFunctionName | URLPseudoProperties | -| autogenerated/Xss/DomBasedXss/tst.js:332:18:332:35 | params.get('name') | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:332:18:332:35 | params.get('name') | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:332:18:332:35 | params.get('name') | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:332:29:332:34 | 'name' | CalleeFlexibleAccessPath | params.get | -| autogenerated/Xss/DomBasedXss/tst.js:332:29:332:34 | 'name' | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:332:29:332:34 | 'name' | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:332:29:332:34 | 'name' | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:332:29:332:34 | 'name' | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:332:29:332:34 | 'name' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:332:29:332:34 | 'name' | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/tst.js:332:29:332:34 | 'name' | enclosingFunctionBody | params getTaintedUrl searchParams $ name html params get name myUrl getTaintedUrl $ name html myUrl get name | -| autogenerated/Xss/DomBasedXss/tst.js:332:29:332:34 | 'name' | enclosingFunctionName | URLPseudoProperties | -| autogenerated/Xss/DomBasedXss/tst.js:332:29:332:34 | 'name' | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:332:29:332:34 | 'name' | receiverName | params | -| autogenerated/Xss/DomBasedXss/tst.js:332:29:332:34 | 'name' | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:335:5:335:10 | 'name' | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/DomBasedXss/tst.js:335:5:335:10 | 'name' | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:335:5:335:10 | 'name' | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:335:5:335:10 | 'name' | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:335:5:335:10 | 'name' | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:335:5:335:10 | 'name' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:335:5:335:10 | 'name' | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/tst.js:335:5:335:10 | 'name' | enclosingFunctionBody | params getTaintedUrl searchParams $ name html params get name myUrl getTaintedUrl $ name html myUrl get name | -| autogenerated/Xss/DomBasedXss/tst.js:335:5:335:10 | 'name' | enclosingFunctionName | URLPseudoProperties | -| autogenerated/Xss/DomBasedXss/tst.js:335:5:335:10 | 'name' | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:335:5:335:10 | 'name' | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:335:5:335:10 | 'name' | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:335:18:335:34 | myUrl.get('name') | CalleeFlexibleAccessPath | $().html | -| autogenerated/Xss/DomBasedXss/tst.js:335:18:335:34 | myUrl.get('name') | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:335:18:335:34 | myUrl.get('name') | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:335:18:335:34 | myUrl.get('name') | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:335:18:335:34 | myUrl.get('name') | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:335:18:335:34 | myUrl.get('name') | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:335:18:335:34 | myUrl.get('name') | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/tst.js:335:18:335:34 | myUrl.get('name') | enclosingFunctionBody | params getTaintedUrl searchParams $ name html params get name myUrl getTaintedUrl $ name html myUrl get name | -| autogenerated/Xss/DomBasedXss/tst.js:335:18:335:34 | myUrl.get('name') | enclosingFunctionName | URLPseudoProperties | -| autogenerated/Xss/DomBasedXss/tst.js:335:18:335:34 | myUrl.get('name') | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:335:18:335:34 | myUrl.get('name') | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:335:18:335:34 | myUrl.get('name') | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:335:28:335:33 | 'name' | CalleeFlexibleAccessPath | myUrl.get | -| autogenerated/Xss/DomBasedXss/tst.js:335:28:335:33 | 'name' | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:335:28:335:33 | 'name' | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:335:28:335:33 | 'name' | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:335:28:335:33 | 'name' | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:335:28:335:33 | 'name' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:335:28:335:33 | 'name' | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/tst.js:335:28:335:33 | 'name' | enclosingFunctionBody | params getTaintedUrl searchParams $ name html params get name myUrl getTaintedUrl $ name html myUrl get name | -| autogenerated/Xss/DomBasedXss/tst.js:335:28:335:33 | 'name' | enclosingFunctionName | URLPseudoProperties | -| autogenerated/Xss/DomBasedXss/tst.js:335:28:335:33 | 'name' | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:335:28:335:33 | 'name' | receiverName | myUrl | -| autogenerated/Xss/DomBasedXss/tst.js:335:28:335:33 | 'name' | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:343:5:343:30 | getUrl( ... ring(1) | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/DomBasedXss/tst.js:343:5:343:30 | getUrl( ... ring(1) | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:343:5:343:30 | getUrl( ... ring(1) | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:343:5:343:30 | getUrl( ... ring(1) | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:343:5:343:30 | getUrl( ... ring(1) | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:343:5:343:30 | getUrl( ... ring(1) | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:343:5:343:30 | getUrl( ... ring(1) | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/tst.js:343:5:343:30 | getUrl( ... ring(1) | enclosingFunctionBody | getUrl URL document location $ getUrl hash substring 1 | -| autogenerated/Xss/DomBasedXss/tst.js:343:5:343:30 | getUrl( ... ring(1) | enclosingFunctionName | hash | -| autogenerated/Xss/DomBasedXss/tst.js:343:5:343:30 | getUrl( ... ring(1) | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:343:5:343:30 | getUrl( ... ring(1) | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:343:5:343:30 | getUrl( ... ring(1) | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:343:29:343:29 | 1 | CalleeFlexibleAccessPath | getUrl().hash.substring | -| autogenerated/Xss/DomBasedXss/tst.js:343:29:343:29 | 1 | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:343:29:343:29 | 1 | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:343:29:343:29 | 1 | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:343:29:343:29 | 1 | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:343:29:343:29 | 1 | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:343:29:343:29 | 1 | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/tst.js:343:29:343:29 | 1 | enclosingFunctionBody | getUrl URL document location $ getUrl hash substring 1 | -| autogenerated/Xss/DomBasedXss/tst.js:343:29:343:29 | 1 | enclosingFunctionName | hash | -| autogenerated/Xss/DomBasedXss/tst.js:343:29:343:29 | 1 | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:343:29:343:29 | 1 | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:343:29:343:29 | 1 | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:349:12:349:17 | target | CalleeFlexibleAccessPath | $.jGrowl | -| autogenerated/Xss/DomBasedXss/tst.js:349:12:349:17 | target | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:349:12:349:17 | target | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:349:12:349:17 | target | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:349:12:349:17 | target | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:349:12:349:17 | target | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:349:12:349:17 | target | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/tst.js:349:12:349:17 | target | enclosingFunctionBody | target document location search $ jGrowl target | -| autogenerated/Xss/DomBasedXss/tst.js:349:12:349:17 | target | enclosingFunctionName | growl | -| autogenerated/Xss/DomBasedXss/tst.js:349:12:349:17 | target | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:349:12:349:17 | target | receiverName | $ | -| autogenerated/Xss/DomBasedXss/tst.js:349:12:349:17 | target | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:356:16:356:21 | target | CalleeFlexibleAccessPath | this.html | -| autogenerated/Xss/DomBasedXss/tst.js:356:16:356:21 | target | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:356:16:356:21 | target | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:356:16:356:21 | target | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:356:16:356:21 | target | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:356:16:356:21 | target | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:356:16:356:21 | target | contextSurroundingFunctionParameters | ()\n() | -| autogenerated/Xss/DomBasedXss/tst.js:356:16:356:21 | target | enclosingFunctionBody | pluginName myFancyJQueryPlugin myPlugin target document location search html target innerHTML target each i e innerHTML target html target e innerHTML target $ fn pluginName myPlugin | -| autogenerated/Xss/DomBasedXss/tst.js:356:16:356:21 | target | enclosingFunctionName | thisNodes | -| autogenerated/Xss/DomBasedXss/tst.js:356:16:356:21 | target | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:356:16:356:21 | target | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:356:16:356:21 | target | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:357:20:357:25 | target | CalleeFlexibleAccessPath | | -| autogenerated/Xss/DomBasedXss/tst.js:357:20:357:25 | target | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:357:20:357:25 | target | InputArgumentIndex | | -| autogenerated/Xss/DomBasedXss/tst.js:357:20:357:25 | target | assignedToPropName | innerHTML | -| autogenerated/Xss/DomBasedXss/tst.js:357:20:357:25 | target | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:357:20:357:25 | target | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:357:20:357:25 | target | contextSurroundingFunctionParameters | ()\n() | -| autogenerated/Xss/DomBasedXss/tst.js:357:20:357:25 | target | enclosingFunctionBody | pluginName myFancyJQueryPlugin myPlugin target document location search html target innerHTML target each i e innerHTML target html target e innerHTML target $ fn pluginName myPlugin | -| autogenerated/Xss/DomBasedXss/tst.js:357:20:357:25 | target | enclosingFunctionName | thisNodes | -| autogenerated/Xss/DomBasedXss/tst.js:357:20:357:25 | target | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:357:20:357:25 | target | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:357:20:357:25 | target | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:359:13:364:3 | functio ... OK.\\n\\t\\t} | CalleeFlexibleAccessPath | this.each | -| autogenerated/Xss/DomBasedXss/tst.js:359:13:364:3 | functio ... OK.\\n\\t\\t} | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:359:13:364:3 | functio ... OK.\\n\\t\\t} | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:359:13:364:3 | functio ... OK.\\n\\t\\t} | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:359:13:364:3 | functio ... OK.\\n\\t\\t} | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:359:13:364:3 | functio ... OK.\\n\\t\\t} | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:359:13:364:3 | functio ... OK.\\n\\t\\t} | contextSurroundingFunctionParameters | ()\n()\n(i, e) | -| autogenerated/Xss/DomBasedXss/tst.js:359:13:364:3 | functio ... OK.\\n\\t\\t} | enclosingFunctionBody | pluginName myFancyJQueryPlugin myPlugin target document location search html target innerHTML target each i e innerHTML target html target e innerHTML target $ fn pluginName myPlugin | -| autogenerated/Xss/DomBasedXss/tst.js:359:13:364:3 | functio ... OK.\\n\\t\\t} | enclosingFunctionName | thisNodes | -| autogenerated/Xss/DomBasedXss/tst.js:359:13:364:3 | functio ... OK.\\n\\t\\t} | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:359:13:364:3 | functio ... OK.\\n\\t\\t} | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:359:13:364:3 | functio ... OK.\\n\\t\\t} | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:360:21:360:26 | target | CalleeFlexibleAccessPath | | -| autogenerated/Xss/DomBasedXss/tst.js:360:21:360:26 | target | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:360:21:360:26 | target | InputArgumentIndex | | -| autogenerated/Xss/DomBasedXss/tst.js:360:21:360:26 | target | assignedToPropName | innerHTML | -| autogenerated/Xss/DomBasedXss/tst.js:360:21:360:26 | target | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:360:21:360:26 | target | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:360:21:360:26 | target | contextSurroundingFunctionParameters | ()\n()\n(i, e) | -| autogenerated/Xss/DomBasedXss/tst.js:360:21:360:26 | target | enclosingFunctionBody | pluginName myFancyJQueryPlugin myPlugin target document location search html target innerHTML target each i e innerHTML target html target e innerHTML target $ fn pluginName myPlugin | -| autogenerated/Xss/DomBasedXss/tst.js:360:21:360:26 | target | enclosingFunctionName | thisNodes | -| autogenerated/Xss/DomBasedXss/tst.js:360:21:360:26 | target | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:360:21:360:26 | target | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:360:21:360:26 | target | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:361:14:361:19 | target | CalleeFlexibleAccessPath | this.html | -| autogenerated/Xss/DomBasedXss/tst.js:361:14:361:19 | target | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:361:14:361:19 | target | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:361:14:361:19 | target | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:361:14:361:19 | target | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:361:14:361:19 | target | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:361:14:361:19 | target | contextSurroundingFunctionParameters | ()\n()\n(i, e) | -| autogenerated/Xss/DomBasedXss/tst.js:361:14:361:19 | target | enclosingFunctionBody | pluginName myFancyJQueryPlugin myPlugin target document location search html target innerHTML target each i e innerHTML target html target e innerHTML target $ fn pluginName myPlugin | -| autogenerated/Xss/DomBasedXss/tst.js:361:14:361:19 | target | enclosingFunctionName | thisNodes | -| autogenerated/Xss/DomBasedXss/tst.js:361:14:361:19 | target | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:361:14:361:19 | target | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:361:14:361:19 | target | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:363:18:363:23 | target | CalleeFlexibleAccessPath | | -| autogenerated/Xss/DomBasedXss/tst.js:363:18:363:23 | target | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:363:18:363:23 | target | InputArgumentIndex | | -| autogenerated/Xss/DomBasedXss/tst.js:363:18:363:23 | target | assignedToPropName | innerHTML | -| autogenerated/Xss/DomBasedXss/tst.js:363:18:363:23 | target | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:363:18:363:23 | target | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:363:18:363:23 | target | contextSurroundingFunctionParameters | ()\n()\n(i, e) | -| autogenerated/Xss/DomBasedXss/tst.js:363:18:363:23 | target | enclosingFunctionBody | pluginName myFancyJQueryPlugin myPlugin target document location search html target innerHTML target each i e innerHTML target html target e innerHTML target $ fn pluginName myPlugin | -| autogenerated/Xss/DomBasedXss/tst.js:363:18:363:23 | target | enclosingFunctionName | thisNodes | -| autogenerated/Xss/DomBasedXss/tst.js:363:18:363:23 | target | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:363:18:363:23 | target | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:363:18:363:23 | target | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:374:5:374:10 | 'myId' | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/DomBasedXss/tst.js:374:5:374:10 | 'myId' | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:374:5:374:10 | 'myId' | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:374:5:374:10 | 'myId' | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:374:5:374:10 | 'myId' | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:374:5:374:10 | 'myId' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:374:5:374:10 | 'myId' | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/tst.js:374:5:374:10 | 'myId' | enclosingFunctionBody | target document location search $ myId html target $ myid html document 0 location href split ? 0 | -| autogenerated/Xss/DomBasedXss/tst.js:374:5:374:10 | 'myId' | enclosingFunctionName | test | -| autogenerated/Xss/DomBasedXss/tst.js:374:5:374:10 | 'myId' | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:374:5:374:10 | 'myId' | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:374:5:374:10 | 'myId' | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:374:18:374:23 | target | CalleeFlexibleAccessPath | $().html | -| autogenerated/Xss/DomBasedXss/tst.js:374:18:374:23 | target | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:374:18:374:23 | target | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:374:18:374:23 | target | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:374:18:374:23 | target | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:374:18:374:23 | target | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:374:18:374:23 | target | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/tst.js:374:18:374:23 | target | enclosingFunctionBody | target document location search $ myId html target $ myid html document 0 location href split ? 0 | -| autogenerated/Xss/DomBasedXss/tst.js:374:18:374:23 | target | enclosingFunctionName | test | -| autogenerated/Xss/DomBasedXss/tst.js:374:18:374:23 | target | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:374:18:374:23 | target | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:374:18:374:23 | target | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:377:5:377:10 | 'myid' | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/DomBasedXss/tst.js:377:5:377:10 | 'myid' | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:377:5:377:10 | 'myid' | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:377:5:377:10 | 'myid' | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:377:5:377:10 | 'myid' | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:377:5:377:10 | 'myid' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:377:5:377:10 | 'myid' | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/tst.js:377:5:377:10 | 'myid' | enclosingFunctionBody | target document location search $ myId html target $ myid html document 0 location href split ? 0 | -| autogenerated/Xss/DomBasedXss/tst.js:377:5:377:10 | 'myid' | enclosingFunctionName | test | -| autogenerated/Xss/DomBasedXss/tst.js:377:5:377:10 | 'myid' | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:377:5:377:10 | 'myid' | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:377:5:377:10 | 'myid' | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:377:18:377:53 | documen ... "?")[0] | CalleeFlexibleAccessPath | $().html | -| autogenerated/Xss/DomBasedXss/tst.js:377:18:377:53 | documen ... "?")[0] | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:377:18:377:53 | documen ... "?")[0] | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:377:18:377:53 | documen ... "?")[0] | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:377:18:377:53 | documen ... "?")[0] | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:377:18:377:53 | documen ... "?")[0] | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:377:18:377:53 | documen ... "?")[0] | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/tst.js:377:18:377:53 | documen ... "?")[0] | enclosingFunctionBody | target document location search $ myId html target $ myid html document 0 location href split ? 0 | -| autogenerated/Xss/DomBasedXss/tst.js:377:18:377:53 | documen ... "?")[0] | enclosingFunctionName | test | -| autogenerated/Xss/DomBasedXss/tst.js:377:18:377:53 | documen ... "?")[0] | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:377:18:377:53 | documen ... "?")[0] | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:377:18:377:53 | documen ... "?")[0] | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:377:47:377:49 | "?" | CalleeFlexibleAccessPath | document.location.href.split | -| autogenerated/Xss/DomBasedXss/tst.js:377:47:377:49 | "?" | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:377:47:377:49 | "?" | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:377:47:377:49 | "?" | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:377:47:377:49 | "?" | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:377:47:377:49 | "?" | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:377:47:377:49 | "?" | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/tst.js:377:47:377:49 | "?" | enclosingFunctionBody | target document location search $ myId html target $ myid html document 0 location href split ? 0 | -| autogenerated/Xss/DomBasedXss/tst.js:377:47:377:49 | "?" | enclosingFunctionName | test | -| autogenerated/Xss/DomBasedXss/tst.js:377:47:377:49 | "?" | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:377:47:377:49 | "?" | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:377:47:377:49 | "?" | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:384:5:384:10 | 'myId' | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/DomBasedXss/tst.js:384:5:384:10 | 'myId' | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:384:5:384:10 | 'myId' | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:384:5:384:10 | 'myId' | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:384:5:384:10 | 'myId' | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:384:5:384:10 | 'myId' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:384:5:384:10 | 'myId' | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/tst.js:384:5:384:10 | 'myId' | enclosingFunctionBody | target document location search $ myId html target $ myId html target taint target taint2 2 $ myId html target taint2 target taint3 document location search $ myId html target taint3 target sub taint4 2 $ myId html target sub taint4 $ myId html target taint5 target taint5 safe target taint6 2 random $ myId html target taint6 random target taint7 safe $ myId html target taint7 target taint8 target taint8 $ myId html target taint8 target taint9 target taint9 safe $ myId html target taint9 | -| autogenerated/Xss/DomBasedXss/tst.js:384:5:384:10 | 'myId' | enclosingFunctionName | test | -| autogenerated/Xss/DomBasedXss/tst.js:384:5:384:10 | 'myId' | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:384:5:384:10 | 'myId' | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:384:5:384:10 | 'myId' | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:384:18:384:23 | target | CalleeFlexibleAccessPath | $().html | -| autogenerated/Xss/DomBasedXss/tst.js:384:18:384:23 | target | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:384:18:384:23 | target | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:384:18:384:23 | target | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:384:18:384:23 | target | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:384:18:384:23 | target | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:384:18:384:23 | target | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/tst.js:384:18:384:23 | target | enclosingFunctionBody | target document location search $ myId html target $ myId html target taint target taint2 2 $ myId html target taint2 target taint3 document location search $ myId html target taint3 target sub taint4 2 $ myId html target sub taint4 $ myId html target taint5 target taint5 safe target taint6 2 random $ myId html target taint6 random target taint7 safe $ myId html target taint7 target taint8 target taint8 $ myId html target taint8 target taint9 target taint9 safe $ myId html target taint9 | -| autogenerated/Xss/DomBasedXss/tst.js:384:18:384:23 | target | enclosingFunctionName | test | -| autogenerated/Xss/DomBasedXss/tst.js:384:18:384:23 | target | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:384:18:384:23 | target | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:384:18:384:23 | target | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:386:5:386:10 | 'myId' | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/DomBasedXss/tst.js:386:5:386:10 | 'myId' | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:386:5:386:10 | 'myId' | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:386:5:386:10 | 'myId' | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:386:5:386:10 | 'myId' | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:386:5:386:10 | 'myId' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:386:5:386:10 | 'myId' | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/tst.js:386:5:386:10 | 'myId' | enclosingFunctionBody | target document location search $ myId html target $ myId html target taint target taint2 2 $ myId html target taint2 target taint3 document location search $ myId html target taint3 target sub taint4 2 $ myId html target sub taint4 $ myId html target taint5 target taint5 safe target taint6 2 random $ myId html target taint6 random target taint7 safe $ myId html target taint7 target taint8 target taint8 $ myId html target taint8 target taint9 target taint9 safe $ myId html target taint9 | -| autogenerated/Xss/DomBasedXss/tst.js:386:5:386:10 | 'myId' | enclosingFunctionName | test | -| autogenerated/Xss/DomBasedXss/tst.js:386:5:386:10 | 'myId' | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:386:5:386:10 | 'myId' | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:386:5:386:10 | 'myId' | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:386:18:386:29 | target.taint | CalleeFlexibleAccessPath | $().html | -| autogenerated/Xss/DomBasedXss/tst.js:386:18:386:29 | target.taint | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:386:18:386:29 | target.taint | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:386:18:386:29 | target.taint | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:386:18:386:29 | target.taint | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:386:18:386:29 | target.taint | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:386:18:386:29 | target.taint | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/tst.js:386:18:386:29 | target.taint | enclosingFunctionBody | target document location search $ myId html target $ myId html target taint target taint2 2 $ myId html target taint2 target taint3 document location search $ myId html target taint3 target sub taint4 2 $ myId html target sub taint4 $ myId html target taint5 target taint5 safe target taint6 2 random $ myId html target taint6 random target taint7 safe $ myId html target taint7 target taint8 target taint8 $ myId html target taint8 target taint9 target taint9 safe $ myId html target taint9 | -| autogenerated/Xss/DomBasedXss/tst.js:386:18:386:29 | target.taint | enclosingFunctionName | test | -| autogenerated/Xss/DomBasedXss/tst.js:386:18:386:29 | target.taint | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:386:18:386:29 | target.taint | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:386:18:386:29 | target.taint | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:389:5:389:10 | 'myId' | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/DomBasedXss/tst.js:389:5:389:10 | 'myId' | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:389:5:389:10 | 'myId' | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:389:5:389:10 | 'myId' | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:389:5:389:10 | 'myId' | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:389:5:389:10 | 'myId' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:389:5:389:10 | 'myId' | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/tst.js:389:5:389:10 | 'myId' | enclosingFunctionBody | target document location search $ myId html target $ myId html target taint target taint2 2 $ myId html target taint2 target taint3 document location search $ myId html target taint3 target sub taint4 2 $ myId html target sub taint4 $ myId html target taint5 target taint5 safe target taint6 2 random $ myId html target taint6 random target taint7 safe $ myId html target taint7 target taint8 target taint8 $ myId html target taint8 target taint9 target taint9 safe $ myId html target taint9 | -| autogenerated/Xss/DomBasedXss/tst.js:389:5:389:10 | 'myId' | enclosingFunctionName | test | -| autogenerated/Xss/DomBasedXss/tst.js:389:5:389:10 | 'myId' | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:389:5:389:10 | 'myId' | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:389:5:389:10 | 'myId' | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:389:18:389:30 | target.taint2 | CalleeFlexibleAccessPath | $().html | -| autogenerated/Xss/DomBasedXss/tst.js:389:18:389:30 | target.taint2 | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:389:18:389:30 | target.taint2 | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:389:18:389:30 | target.taint2 | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:389:18:389:30 | target.taint2 | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:389:18:389:30 | target.taint2 | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:389:18:389:30 | target.taint2 | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/tst.js:389:18:389:30 | target.taint2 | enclosingFunctionBody | target document location search $ myId html target $ myId html target taint target taint2 2 $ myId html target taint2 target taint3 document location search $ myId html target taint3 target sub taint4 2 $ myId html target sub taint4 $ myId html target taint5 target taint5 safe target taint6 2 random $ myId html target taint6 random target taint7 safe $ myId html target taint7 target taint8 target taint8 $ myId html target taint8 target taint9 target taint9 safe $ myId html target taint9 | -| autogenerated/Xss/DomBasedXss/tst.js:389:18:389:30 | target.taint2 | enclosingFunctionName | test | -| autogenerated/Xss/DomBasedXss/tst.js:389:18:389:30 | target.taint2 | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:389:18:389:30 | target.taint2 | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:389:18:389:30 | target.taint2 | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:392:5:392:10 | 'myId' | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/DomBasedXss/tst.js:392:5:392:10 | 'myId' | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:392:5:392:10 | 'myId' | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:392:5:392:10 | 'myId' | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:392:5:392:10 | 'myId' | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:392:5:392:10 | 'myId' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:392:5:392:10 | 'myId' | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/tst.js:392:5:392:10 | 'myId' | enclosingFunctionBody | target document location search $ myId html target $ myId html target taint target taint2 2 $ myId html target taint2 target taint3 document location search $ myId html target taint3 target sub taint4 2 $ myId html target sub taint4 $ myId html target taint5 target taint5 safe target taint6 2 random $ myId html target taint6 random target taint7 safe $ myId html target taint7 target taint8 target taint8 $ myId html target taint8 target taint9 target taint9 safe $ myId html target taint9 | -| autogenerated/Xss/DomBasedXss/tst.js:392:5:392:10 | 'myId' | enclosingFunctionName | test | -| autogenerated/Xss/DomBasedXss/tst.js:392:5:392:10 | 'myId' | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:392:5:392:10 | 'myId' | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:392:5:392:10 | 'myId' | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:392:18:392:30 | target.taint3 | CalleeFlexibleAccessPath | $().html | -| autogenerated/Xss/DomBasedXss/tst.js:392:18:392:30 | target.taint3 | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:392:18:392:30 | target.taint3 | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:392:18:392:30 | target.taint3 | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:392:18:392:30 | target.taint3 | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:392:18:392:30 | target.taint3 | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:392:18:392:30 | target.taint3 | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/tst.js:392:18:392:30 | target.taint3 | enclosingFunctionBody | target document location search $ myId html target $ myId html target taint target taint2 2 $ myId html target taint2 target taint3 document location search $ myId html target taint3 target sub taint4 2 $ myId html target sub taint4 $ myId html target taint5 target taint5 safe target taint6 2 random $ myId html target taint6 random target taint7 safe $ myId html target taint7 target taint8 target taint8 $ myId html target taint8 target taint9 target taint9 safe $ myId html target taint9 | -| autogenerated/Xss/DomBasedXss/tst.js:392:18:392:30 | target.taint3 | enclosingFunctionName | test | -| autogenerated/Xss/DomBasedXss/tst.js:392:18:392:30 | target.taint3 | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:392:18:392:30 | target.taint3 | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:392:18:392:30 | target.taint3 | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:395:5:395:10 | 'myId' | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/DomBasedXss/tst.js:395:5:395:10 | 'myId' | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:395:5:395:10 | 'myId' | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:395:5:395:10 | 'myId' | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:395:5:395:10 | 'myId' | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:395:5:395:10 | 'myId' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:395:5:395:10 | 'myId' | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/tst.js:395:5:395:10 | 'myId' | enclosingFunctionBody | target document location search $ myId html target $ myId html target taint target taint2 2 $ myId html target taint2 target taint3 document location search $ myId html target taint3 target sub taint4 2 $ myId html target sub taint4 $ myId html target taint5 target taint5 safe target taint6 2 random $ myId html target taint6 random target taint7 safe $ myId html target taint7 target taint8 target taint8 $ myId html target taint8 target taint9 target taint9 safe $ myId html target taint9 | -| autogenerated/Xss/DomBasedXss/tst.js:395:5:395:10 | 'myId' | enclosingFunctionName | test | -| autogenerated/Xss/DomBasedXss/tst.js:395:5:395:10 | 'myId' | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:395:5:395:10 | 'myId' | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:395:5:395:10 | 'myId' | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:395:18:395:34 | target.sub.taint4 | CalleeFlexibleAccessPath | $().html | -| autogenerated/Xss/DomBasedXss/tst.js:395:18:395:34 | target.sub.taint4 | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:395:18:395:34 | target.sub.taint4 | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:395:18:395:34 | target.sub.taint4 | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:395:18:395:34 | target.sub.taint4 | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:395:18:395:34 | target.sub.taint4 | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:395:18:395:34 | target.sub.taint4 | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/tst.js:395:18:395:34 | target.sub.taint4 | enclosingFunctionBody | target document location search $ myId html target $ myId html target taint target taint2 2 $ myId html target taint2 target taint3 document location search $ myId html target taint3 target sub taint4 2 $ myId html target sub taint4 $ myId html target taint5 target taint5 safe target taint6 2 random $ myId html target taint6 random target taint7 safe $ myId html target taint7 target taint8 target taint8 $ myId html target taint8 target taint9 target taint9 safe $ myId html target taint9 | -| autogenerated/Xss/DomBasedXss/tst.js:395:18:395:34 | target.sub.taint4 | enclosingFunctionName | test | -| autogenerated/Xss/DomBasedXss/tst.js:395:18:395:34 | target.sub.taint4 | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:395:18:395:34 | target.sub.taint4 | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:395:18:395:34 | target.sub.taint4 | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:397:5:397:10 | 'myId' | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/DomBasedXss/tst.js:397:5:397:10 | 'myId' | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:397:5:397:10 | 'myId' | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:397:5:397:10 | 'myId' | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:397:5:397:10 | 'myId' | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:397:5:397:10 | 'myId' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:397:5:397:10 | 'myId' | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/tst.js:397:5:397:10 | 'myId' | enclosingFunctionBody | target document location search $ myId html target $ myId html target taint target taint2 2 $ myId html target taint2 target taint3 document location search $ myId html target taint3 target sub taint4 2 $ myId html target sub taint4 $ myId html target taint5 target taint5 safe target taint6 2 random $ myId html target taint6 random target taint7 safe $ myId html target taint7 target taint8 target taint8 $ myId html target taint8 target taint9 target taint9 safe $ myId html target taint9 | -| autogenerated/Xss/DomBasedXss/tst.js:397:5:397:10 | 'myId' | enclosingFunctionName | test | -| autogenerated/Xss/DomBasedXss/tst.js:397:5:397:10 | 'myId' | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:397:5:397:10 | 'myId' | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:397:5:397:10 | 'myId' | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:397:18:397:30 | target.taint5 | CalleeFlexibleAccessPath | $().html | -| autogenerated/Xss/DomBasedXss/tst.js:397:18:397:30 | target.taint5 | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:397:18:397:30 | target.taint5 | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:397:18:397:30 | target.taint5 | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:397:18:397:30 | target.taint5 | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:397:18:397:30 | target.taint5 | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:397:18:397:30 | target.taint5 | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/tst.js:397:18:397:30 | target.taint5 | enclosingFunctionBody | target document location search $ myId html target $ myId html target taint target taint2 2 $ myId html target taint2 target taint3 document location search $ myId html target taint3 target sub taint4 2 $ myId html target sub taint4 $ myId html target taint5 target taint5 safe target taint6 2 random $ myId html target taint6 random target taint7 safe $ myId html target taint7 target taint8 target taint8 $ myId html target taint8 target taint9 target taint9 safe $ myId html target taint9 | -| autogenerated/Xss/DomBasedXss/tst.js:397:18:397:30 | target.taint5 | enclosingFunctionName | test | -| autogenerated/Xss/DomBasedXss/tst.js:397:18:397:30 | target.taint5 | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:397:18:397:30 | target.taint5 | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:397:18:397:30 | target.taint5 | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:402:5:402:10 | 'myId' | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/DomBasedXss/tst.js:402:5:402:10 | 'myId' | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:402:5:402:10 | 'myId' | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:402:5:402:10 | 'myId' | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:402:5:402:10 | 'myId' | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:402:5:402:10 | 'myId' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:402:5:402:10 | 'myId' | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/tst.js:402:5:402:10 | 'myId' | enclosingFunctionBody | target document location search $ myId html target $ myId html target taint target taint2 2 $ myId html target taint2 target taint3 document location search $ myId html target taint3 target sub taint4 2 $ myId html target sub taint4 $ myId html target taint5 target taint5 safe target taint6 2 random $ myId html target taint6 random target taint7 safe $ myId html target taint7 target taint8 target taint8 $ myId html target taint8 target taint9 target taint9 safe $ myId html target taint9 | -| autogenerated/Xss/DomBasedXss/tst.js:402:5:402:10 | 'myId' | enclosingFunctionName | test | -| autogenerated/Xss/DomBasedXss/tst.js:402:5:402:10 | 'myId' | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:402:5:402:10 | 'myId' | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:402:5:402:10 | 'myId' | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:402:18:402:30 | target.taint6 | CalleeFlexibleAccessPath | $().html | -| autogenerated/Xss/DomBasedXss/tst.js:402:18:402:30 | target.taint6 | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:402:18:402:30 | target.taint6 | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:402:18:402:30 | target.taint6 | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:402:18:402:30 | target.taint6 | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:402:18:402:30 | target.taint6 | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:402:18:402:30 | target.taint6 | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/tst.js:402:18:402:30 | target.taint6 | enclosingFunctionBody | target document location search $ myId html target $ myId html target taint target taint2 2 $ myId html target taint2 target taint3 document location search $ myId html target taint3 target sub taint4 2 $ myId html target sub taint4 $ myId html target taint5 target taint5 safe target taint6 2 random $ myId html target taint6 random target taint7 safe $ myId html target taint7 target taint8 target taint8 $ myId html target taint8 target taint9 target taint9 safe $ myId html target taint9 | -| autogenerated/Xss/DomBasedXss/tst.js:402:18:402:30 | target.taint6 | enclosingFunctionName | test | -| autogenerated/Xss/DomBasedXss/tst.js:402:18:402:30 | target.taint6 | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:402:18:402:30 | target.taint6 | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:402:18:402:30 | target.taint6 | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:406:5:406:10 | 'myId' | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/DomBasedXss/tst.js:406:5:406:10 | 'myId' | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:406:5:406:10 | 'myId' | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:406:5:406:10 | 'myId' | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:406:5:406:10 | 'myId' | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:406:5:406:10 | 'myId' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:406:5:406:10 | 'myId' | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/tst.js:406:5:406:10 | 'myId' | enclosingFunctionBody | target document location search $ myId html target $ myId html target taint target taint2 2 $ myId html target taint2 target taint3 document location search $ myId html target taint3 target sub taint4 2 $ myId html target sub taint4 $ myId html target taint5 target taint5 safe target taint6 2 random $ myId html target taint6 random target taint7 safe $ myId html target taint7 target taint8 target taint8 $ myId html target taint8 target taint9 target taint9 safe $ myId html target taint9 | -| autogenerated/Xss/DomBasedXss/tst.js:406:5:406:10 | 'myId' | enclosingFunctionName | test | -| autogenerated/Xss/DomBasedXss/tst.js:406:5:406:10 | 'myId' | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:406:5:406:10 | 'myId' | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:406:5:406:10 | 'myId' | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:406:18:406:30 | target.taint7 | CalleeFlexibleAccessPath | $().html | -| autogenerated/Xss/DomBasedXss/tst.js:406:18:406:30 | target.taint7 | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:406:18:406:30 | target.taint7 | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:406:18:406:30 | target.taint7 | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:406:18:406:30 | target.taint7 | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:406:18:406:30 | target.taint7 | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:406:18:406:30 | target.taint7 | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/tst.js:406:18:406:30 | target.taint7 | enclosingFunctionBody | target document location search $ myId html target $ myId html target taint target taint2 2 $ myId html target taint2 target taint3 document location search $ myId html target taint3 target sub taint4 2 $ myId html target sub taint4 $ myId html target taint5 target taint5 safe target taint6 2 random $ myId html target taint6 random target taint7 safe $ myId html target taint7 target taint8 target taint8 $ myId html target taint8 target taint9 target taint9 safe $ myId html target taint9 | -| autogenerated/Xss/DomBasedXss/tst.js:406:18:406:30 | target.taint7 | enclosingFunctionName | test | -| autogenerated/Xss/DomBasedXss/tst.js:406:18:406:30 | target.taint7 | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:406:18:406:30 | target.taint7 | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:406:18:406:30 | target.taint7 | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:409:5:409:10 | 'myId' | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/DomBasedXss/tst.js:409:5:409:10 | 'myId' | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:409:5:409:10 | 'myId' | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:409:5:409:10 | 'myId' | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:409:5:409:10 | 'myId' | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:409:5:409:10 | 'myId' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:409:5:409:10 | 'myId' | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/tst.js:409:5:409:10 | 'myId' | enclosingFunctionBody | target document location search $ myId html target $ myId html target taint target taint2 2 $ myId html target taint2 target taint3 document location search $ myId html target taint3 target sub taint4 2 $ myId html target sub taint4 $ myId html target taint5 target taint5 safe target taint6 2 random $ myId html target taint6 random target taint7 safe $ myId html target taint7 target taint8 target taint8 $ myId html target taint8 target taint9 target taint9 safe $ myId html target taint9 | -| autogenerated/Xss/DomBasedXss/tst.js:409:5:409:10 | 'myId' | enclosingFunctionName | test | -| autogenerated/Xss/DomBasedXss/tst.js:409:5:409:10 | 'myId' | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:409:5:409:10 | 'myId' | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:409:5:409:10 | 'myId' | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:409:18:409:30 | target.taint8 | CalleeFlexibleAccessPath | $().html | -| autogenerated/Xss/DomBasedXss/tst.js:409:18:409:30 | target.taint8 | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:409:18:409:30 | target.taint8 | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:409:18:409:30 | target.taint8 | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:409:18:409:30 | target.taint8 | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:409:18:409:30 | target.taint8 | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:409:18:409:30 | target.taint8 | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/tst.js:409:18:409:30 | target.taint8 | enclosingFunctionBody | target document location search $ myId html target $ myId html target taint target taint2 2 $ myId html target taint2 target taint3 document location search $ myId html target taint3 target sub taint4 2 $ myId html target sub taint4 $ myId html target taint5 target taint5 safe target taint6 2 random $ myId html target taint6 random target taint7 safe $ myId html target taint7 target taint8 target taint8 $ myId html target taint8 target taint9 target taint9 safe $ myId html target taint9 | -| autogenerated/Xss/DomBasedXss/tst.js:409:18:409:30 | target.taint8 | enclosingFunctionName | test | -| autogenerated/Xss/DomBasedXss/tst.js:409:18:409:30 | target.taint8 | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:409:18:409:30 | target.taint8 | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:409:18:409:30 | target.taint8 | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:412:5:412:10 | 'myId' | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/DomBasedXss/tst.js:412:5:412:10 | 'myId' | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:412:5:412:10 | 'myId' | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:412:5:412:10 | 'myId' | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:412:5:412:10 | 'myId' | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:412:5:412:10 | 'myId' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:412:5:412:10 | 'myId' | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/tst.js:412:5:412:10 | 'myId' | enclosingFunctionBody | target document location search $ myId html target $ myId html target taint target taint2 2 $ myId html target taint2 target taint3 document location search $ myId html target taint3 target sub taint4 2 $ myId html target sub taint4 $ myId html target taint5 target taint5 safe target taint6 2 random $ myId html target taint6 random target taint7 safe $ myId html target taint7 target taint8 target taint8 $ myId html target taint8 target taint9 target taint9 safe $ myId html target taint9 | -| autogenerated/Xss/DomBasedXss/tst.js:412:5:412:10 | 'myId' | enclosingFunctionName | test | -| autogenerated/Xss/DomBasedXss/tst.js:412:5:412:10 | 'myId' | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:412:5:412:10 | 'myId' | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:412:5:412:10 | 'myId' | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:412:18:412:30 | target.taint9 | CalleeFlexibleAccessPath | $().html | -| autogenerated/Xss/DomBasedXss/tst.js:412:18:412:30 | target.taint9 | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:412:18:412:30 | target.taint9 | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:412:18:412:30 | target.taint9 | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:412:18:412:30 | target.taint9 | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:412:18:412:30 | target.taint9 | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:412:18:412:30 | target.taint9 | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/tst.js:412:18:412:30 | target.taint9 | enclosingFunctionBody | target document location search $ myId html target $ myId html target taint target taint2 2 $ myId html target taint2 target taint3 document location search $ myId html target taint3 target sub taint4 2 $ myId html target sub taint4 $ myId html target taint5 target taint5 safe target taint6 2 random $ myId html target taint6 random target taint7 safe $ myId html target taint7 target taint8 target taint8 $ myId html target taint8 target taint9 target taint9 safe $ myId html target taint9 | -| autogenerated/Xss/DomBasedXss/tst.js:412:18:412:30 | target.taint9 | enclosingFunctionName | test | -| autogenerated/Xss/DomBasedXss/tst.js:412:18:412:30 | target.taint9 | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:412:18:412:30 | target.taint9 | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:412:18:412:30 | target.taint9 | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:416:45:416:45 | 1 | CalleeFlexibleAccessPath | window.location.hash.substr | -| autogenerated/Xss/DomBasedXss/tst.js:416:45:416:45 | 1 | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:416:45:416:45 | 1 | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:416:45:416:45 | 1 | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:416:45:416:45 | 1 | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:416:45:416:45 | 1 | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:416:45:416:45 | 1 | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/tst.js:416:45:416:45 | 1 | enclosingFunctionBody | payload window location hash substr 1 document write payload match window location hash match /hello (\\w+)/ match document write match 1 1 document write window 1 location hash split # 1 | -| autogenerated/Xss/DomBasedXss/tst.js:416:45:416:45 | 1 | enclosingFunctionName | hash2 | -| autogenerated/Xss/DomBasedXss/tst.js:416:45:416:45 | 1 | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:416:45:416:45 | 1 | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:416:45:416:45 | 1 | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:417:18:417:24 | payload | CalleeFlexibleAccessPath | document.write | -| autogenerated/Xss/DomBasedXss/tst.js:417:18:417:24 | payload | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:417:18:417:24 | payload | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:417:18:417:24 | payload | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:417:18:417:24 | payload | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:417:18:417:24 | payload | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:417:18:417:24 | payload | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/tst.js:417:18:417:24 | payload | enclosingFunctionBody | payload window location hash substr 1 document write payload match window location hash match /hello (\\w+)/ match document write match 1 1 document write window 1 location hash split # 1 | -| autogenerated/Xss/DomBasedXss/tst.js:417:18:417:24 | payload | enclosingFunctionName | hash2 | -| autogenerated/Xss/DomBasedXss/tst.js:417:18:417:24 | payload | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:417:18:417:24 | payload | receiverName | document | -| autogenerated/Xss/DomBasedXss/tst.js:417:18:417:24 | payload | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:419:42:419:54 | /hello (\\w+)/ | CalleeFlexibleAccessPath | window.location.hash.match | -| autogenerated/Xss/DomBasedXss/tst.js:419:42:419:54 | /hello (\\w+)/ | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:419:42:419:54 | /hello (\\w+)/ | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:419:42:419:54 | /hello (\\w+)/ | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:419:42:419:54 | /hello (\\w+)/ | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:419:42:419:54 | /hello (\\w+)/ | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:419:42:419:54 | /hello (\\w+)/ | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/tst.js:419:42:419:54 | /hello (\\w+)/ | enclosingFunctionBody | payload window location hash substr 1 document write payload match window location hash match /hello (\\w+)/ match document write match 1 1 document write window 1 location hash split # 1 | -| autogenerated/Xss/DomBasedXss/tst.js:419:42:419:54 | /hello (\\w+)/ | enclosingFunctionName | hash2 | -| autogenerated/Xss/DomBasedXss/tst.js:419:42:419:54 | /hello (\\w+)/ | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:419:42:419:54 | /hello (\\w+)/ | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:419:42:419:54 | /hello (\\w+)/ | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:421:20:421:27 | match[1] | CalleeFlexibleAccessPath | document.write | -| autogenerated/Xss/DomBasedXss/tst.js:421:20:421:27 | match[1] | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:421:20:421:27 | match[1] | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:421:20:421:27 | match[1] | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:421:20:421:27 | match[1] | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:421:20:421:27 | match[1] | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:421:20:421:27 | match[1] | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/tst.js:421:20:421:27 | match[1] | enclosingFunctionBody | payload window location hash substr 1 document write payload match window location hash match /hello (\\w+)/ match document write match 1 1 document write window 1 location hash split # 1 | -| autogenerated/Xss/DomBasedXss/tst.js:421:20:421:27 | match[1] | enclosingFunctionName | hash2 | -| autogenerated/Xss/DomBasedXss/tst.js:421:20:421:27 | match[1] | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:421:20:421:27 | match[1] | receiverName | document | -| autogenerated/Xss/DomBasedXss/tst.js:421:20:421:27 | match[1] | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:424:18:424:51 | window. ... '#')[1] | CalleeFlexibleAccessPath | document.write | -| autogenerated/Xss/DomBasedXss/tst.js:424:18:424:51 | window. ... '#')[1] | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:424:18:424:51 | window. ... '#')[1] | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:424:18:424:51 | window. ... '#')[1] | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:424:18:424:51 | window. ... '#')[1] | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:424:18:424:51 | window. ... '#')[1] | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:424:18:424:51 | window. ... '#')[1] | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/tst.js:424:18:424:51 | window. ... '#')[1] | enclosingFunctionBody | payload window location hash substr 1 document write payload match window location hash match /hello (\\w+)/ match document write match 1 1 document write window 1 location hash split # 1 | -| autogenerated/Xss/DomBasedXss/tst.js:424:18:424:51 | window. ... '#')[1] | enclosingFunctionName | hash2 | -| autogenerated/Xss/DomBasedXss/tst.js:424:18:424:51 | window. ... '#')[1] | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:424:18:424:51 | window. ... '#')[1] | receiverName | document | -| autogenerated/Xss/DomBasedXss/tst.js:424:18:424:51 | window. ... '#')[1] | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:424:45:424:47 | '#' | CalleeFlexibleAccessPath | window.location.hash.split | -| autogenerated/Xss/DomBasedXss/tst.js:424:45:424:47 | '#' | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:424:45:424:47 | '#' | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:424:45:424:47 | '#' | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:424:45:424:47 | '#' | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:424:45:424:47 | '#' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:424:45:424:47 | '#' | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/tst.js:424:45:424:47 | '#' | enclosingFunctionBody | payload window location hash substr 1 document write payload match window location hash match /hello (\\w+)/ match document write match 1 1 document write window 1 location hash split # 1 | -| autogenerated/Xss/DomBasedXss/tst.js:424:45:424:47 | '#' | enclosingFunctionName | hash2 | -| autogenerated/Xss/DomBasedXss/tst.js:424:45:424:47 | '#' | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:424:45:424:47 | '#' | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:424:45:424:47 | '#' | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:430:5:430:10 | "#foo" | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/DomBasedXss/tst.js:430:5:430:10 | "#foo" | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:430:5:430:10 | "#foo" | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:430:5:430:10 | "#foo" | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:430:5:430:10 | "#foo" | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:430:5:430:10 | "#foo" | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:430:5:430:10 | "#foo" | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/tst.js:430:5:430:10 | "#foo" | enclosingFunctionBody | target document location search $ #foo html target replace /[\\s\\S]*<\\/metadata>/ $ #foo html target replace /<\|>/g | -| autogenerated/Xss/DomBasedXss/tst.js:430:5:430:10 | "#foo" | enclosingFunctionName | nonGlobalSanitizer | -| autogenerated/Xss/DomBasedXss/tst.js:430:5:430:10 | "#foo" | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:430:5:430:10 | "#foo" | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:430:5:430:10 | "#foo" | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:430:18:430:89 | target. ... data>') | CalleeFlexibleAccessPath | $().html | -| autogenerated/Xss/DomBasedXss/tst.js:430:18:430:89 | target. ... data>') | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:430:18:430:89 | target. ... data>') | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:430:18:430:89 | target. ... data>') | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:430:18:430:89 | target. ... data>') | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:430:18:430:89 | target. ... data>') | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:430:18:430:89 | target. ... data>') | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/tst.js:430:18:430:89 | target. ... data>') | enclosingFunctionBody | target document location search $ #foo html target replace /[\\s\\S]*<\\/metadata>/ $ #foo html target replace /<\|>/g | -| autogenerated/Xss/DomBasedXss/tst.js:430:18:430:89 | target. ... data>') | enclosingFunctionName | nonGlobalSanitizer | -| autogenerated/Xss/DomBasedXss/tst.js:430:18:430:89 | target. ... data>') | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:430:18:430:89 | target. ... data>') | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:430:18:430:89 | target. ... data>') | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:432:5:432:10 | "#foo" | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/DomBasedXss/tst.js:432:5:432:10 | "#foo" | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:432:5:432:10 | "#foo" | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:432:5:432:10 | "#foo" | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:432:5:432:10 | "#foo" | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:432:5:432:10 | "#foo" | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:432:5:432:10 | "#foo" | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/tst.js:432:5:432:10 | "#foo" | enclosingFunctionBody | target document location search $ #foo html target replace /[\\s\\S]*<\\/metadata>/ $ #foo html target replace /<\|>/g | -| autogenerated/Xss/DomBasedXss/tst.js:432:5:432:10 | "#foo" | enclosingFunctionName | nonGlobalSanitizer | -| autogenerated/Xss/DomBasedXss/tst.js:432:5:432:10 | "#foo" | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:432:5:432:10 | "#foo" | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:432:5:432:10 | "#foo" | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/tst.js:432:18:432:43 | target. ... /g, '') | CalleeFlexibleAccessPath | $().html | -| autogenerated/Xss/DomBasedXss/tst.js:432:18:432:43 | target. ... /g, '') | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/tst.js:432:18:432:43 | target. ... /g, '') | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/tst.js:432:18:432:43 | target. ... /g, '') | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/tst.js:432:18:432:43 | target. ... /g, '') | calleeImports | | -| autogenerated/Xss/DomBasedXss/tst.js:432:18:432:43 | target. ... /g, '') | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) | -| autogenerated/Xss/DomBasedXss/tst.js:432:18:432:43 | target. ... /g, '') | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/tst.js:432:18:432:43 | target. ... /g, '') | enclosingFunctionBody | target document location search $ #foo html target replace /[\\s\\S]*<\\/metadata>/ $ #foo html target replace /<\|>/g | -| autogenerated/Xss/DomBasedXss/tst.js:432:18:432:43 | target. ... /g, '') | enclosingFunctionName | nonGlobalSanitizer | -| autogenerated/Xss/DomBasedXss/tst.js:432:18:432:43 | target. ... /g, '') | fileImports | | -| autogenerated/Xss/DomBasedXss/tst.js:432:18:432:43 | target. ... /g, '') | receiverName | | -| autogenerated/Xss/DomBasedXss/tst.js:432:18:432:43 | target. ... /g, '') | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/typeahead.js:2:38:4:3 | {\\n p ... Url\\n } | CalleeFlexibleAccessPath | Bloodhound | -| autogenerated/Xss/DomBasedXss/typeahead.js:2:38:4:3 | {\\n p ... Url\\n } | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/typeahead.js:2:38:4:3 | {\\n p ... Url\\n } | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/typeahead.js:2:38:4:3 | {\\n p ... Url\\n } | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/typeahead.js:2:38:4:3 | {\\n p ... Url\\n } | calleeImports | | -| autogenerated/Xss/DomBasedXss/typeahead.js:2:38:4:3 | {\\n p ... Url\\n } | contextFunctionInterfaces | source(query, cb)\nsuggestion(loc)\nsuggestion(val) | -| autogenerated/Xss/DomBasedXss/typeahead.js:2:38:4:3 | {\\n p ... Url\\n } | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/typeahead.js:2:38:4:3 | {\\n p ... Url\\n } | enclosingFunctionBody | autocompleter Bloodhound prefetch remoteUrl autocompleter initialize $ .typeahead typeahead source autocompleter ttAdapter templates suggestion loc loc $ .typeahead typeahead name dashboards source query cb target document location search cb target templates suggestion val val | -| autogenerated/Xss/DomBasedXss/typeahead.js:2:38:4:3 | {\\n p ... Url\\n } | enclosingFunctionName | | -| autogenerated/Xss/DomBasedXss/typeahead.js:2:38:4:3 | {\\n p ... Url\\n } | fileImports | | -| autogenerated/Xss/DomBasedXss/typeahead.js:2:38:4:3 | {\\n p ... Url\\n } | receiverName | | -| autogenerated/Xss/DomBasedXss/typeahead.js:2:38:4:3 | {\\n p ... Url\\n } | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/typeahead.js:3:15:3:23 | remoteUrl | CalleeFlexibleAccessPath | Bloodhound | -| autogenerated/Xss/DomBasedXss/typeahead.js:3:15:3:23 | remoteUrl | InputAccessPathFromCallee | ?.prefetch | -| autogenerated/Xss/DomBasedXss/typeahead.js:3:15:3:23 | remoteUrl | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/typeahead.js:3:15:3:23 | remoteUrl | assignedToPropName | prefetch | -| autogenerated/Xss/DomBasedXss/typeahead.js:3:15:3:23 | remoteUrl | calleeImports | | -| autogenerated/Xss/DomBasedXss/typeahead.js:3:15:3:23 | remoteUrl | contextFunctionInterfaces | source(query, cb)\nsuggestion(loc)\nsuggestion(val) | -| autogenerated/Xss/DomBasedXss/typeahead.js:3:15:3:23 | remoteUrl | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/typeahead.js:3:15:3:23 | remoteUrl | enclosingFunctionBody | autocompleter Bloodhound prefetch remoteUrl autocompleter initialize $ .typeahead typeahead source autocompleter ttAdapter templates suggestion loc loc $ .typeahead typeahead name dashboards source query cb target document location search cb target templates suggestion val val | -| autogenerated/Xss/DomBasedXss/typeahead.js:3:15:3:23 | remoteUrl | enclosingFunctionName | | -| autogenerated/Xss/DomBasedXss/typeahead.js:3:15:3:23 | remoteUrl | fileImports | | -| autogenerated/Xss/DomBasedXss/typeahead.js:3:15:3:23 | remoteUrl | receiverName | | -| autogenerated/Xss/DomBasedXss/typeahead.js:3:15:3:23 | remoteUrl | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/typeahead.js:6:5:6:16 | '.typeahead' | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/DomBasedXss/typeahead.js:6:5:6:16 | '.typeahead' | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/typeahead.js:6:5:6:16 | '.typeahead' | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/typeahead.js:6:5:6:16 | '.typeahead' | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/typeahead.js:6:5:6:16 | '.typeahead' | calleeImports | | -| autogenerated/Xss/DomBasedXss/typeahead.js:6:5:6:16 | '.typeahead' | contextFunctionInterfaces | source(query, cb)\nsuggestion(loc)\nsuggestion(val) | -| autogenerated/Xss/DomBasedXss/typeahead.js:6:5:6:16 | '.typeahead' | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/typeahead.js:6:5:6:16 | '.typeahead' | enclosingFunctionBody | autocompleter Bloodhound prefetch remoteUrl autocompleter initialize $ .typeahead typeahead source autocompleter ttAdapter templates suggestion loc loc $ .typeahead typeahead name dashboards source query cb target document location search cb target templates suggestion val val | -| autogenerated/Xss/DomBasedXss/typeahead.js:6:5:6:16 | '.typeahead' | enclosingFunctionName | | -| autogenerated/Xss/DomBasedXss/typeahead.js:6:5:6:16 | '.typeahead' | fileImports | | -| autogenerated/Xss/DomBasedXss/typeahead.js:6:5:6:16 | '.typeahead' | receiverName | | -| autogenerated/Xss/DomBasedXss/typeahead.js:6:5:6:16 | '.typeahead' | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/typeahead.js:6:29:6:30 | {} | CalleeFlexibleAccessPath | $().typeahead | -| autogenerated/Xss/DomBasedXss/typeahead.js:6:29:6:30 | {} | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/typeahead.js:6:29:6:30 | {} | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/typeahead.js:6:29:6:30 | {} | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/typeahead.js:6:29:6:30 | {} | calleeImports | | -| autogenerated/Xss/DomBasedXss/typeahead.js:6:29:6:30 | {} | contextFunctionInterfaces | source(query, cb)\nsuggestion(loc)\nsuggestion(val) | -| autogenerated/Xss/DomBasedXss/typeahead.js:6:29:6:30 | {} | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/typeahead.js:6:29:6:30 | {} | enclosingFunctionBody | autocompleter Bloodhound prefetch remoteUrl autocompleter initialize $ .typeahead typeahead source autocompleter ttAdapter templates suggestion loc loc $ .typeahead typeahead name dashboards source query cb target document location search cb target templates suggestion val val | -| autogenerated/Xss/DomBasedXss/typeahead.js:6:29:6:30 | {} | enclosingFunctionName | | -| autogenerated/Xss/DomBasedXss/typeahead.js:6:29:6:30 | {} | fileImports | | -| autogenerated/Xss/DomBasedXss/typeahead.js:6:29:6:30 | {} | receiverName | | -| autogenerated/Xss/DomBasedXss/typeahead.js:6:29:6:30 | {} | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/typeahead.js:6:33:13:3 | {\\n s ... }\\n } | CalleeFlexibleAccessPath | $().typeahead | -| autogenerated/Xss/DomBasedXss/typeahead.js:6:33:13:3 | {\\n s ... }\\n } | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/typeahead.js:6:33:13:3 | {\\n s ... }\\n } | InputArgumentIndex | 1 | -| autogenerated/Xss/DomBasedXss/typeahead.js:6:33:13:3 | {\\n s ... }\\n } | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/typeahead.js:6:33:13:3 | {\\n s ... }\\n } | calleeImports | | -| autogenerated/Xss/DomBasedXss/typeahead.js:6:33:13:3 | {\\n s ... }\\n } | contextFunctionInterfaces | source(query, cb)\nsuggestion(loc)\nsuggestion(val) | -| autogenerated/Xss/DomBasedXss/typeahead.js:6:33:13:3 | {\\n s ... }\\n } | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/typeahead.js:6:33:13:3 | {\\n s ... }\\n } | enclosingFunctionBody | autocompleter Bloodhound prefetch remoteUrl autocompleter initialize $ .typeahead typeahead source autocompleter ttAdapter templates suggestion loc loc $ .typeahead typeahead name dashboards source query cb target document location search cb target templates suggestion val val | -| autogenerated/Xss/DomBasedXss/typeahead.js:6:33:13:3 | {\\n s ... }\\n } | enclosingFunctionName | | -| autogenerated/Xss/DomBasedXss/typeahead.js:6:33:13:3 | {\\n s ... }\\n } | fileImports | | -| autogenerated/Xss/DomBasedXss/typeahead.js:6:33:13:3 | {\\n s ... }\\n } | receiverName | | -| autogenerated/Xss/DomBasedXss/typeahead.js:6:33:13:3 | {\\n s ... }\\n } | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/typeahead.js:7:13:7:37 | autocom ... apter() | CalleeFlexibleAccessPath | $().typeahead | -| autogenerated/Xss/DomBasedXss/typeahead.js:7:13:7:37 | autocom ... apter() | InputAccessPathFromCallee | 1.source | -| autogenerated/Xss/DomBasedXss/typeahead.js:7:13:7:37 | autocom ... apter() | InputArgumentIndex | 1 | -| autogenerated/Xss/DomBasedXss/typeahead.js:7:13:7:37 | autocom ... apter() | assignedToPropName | source | -| autogenerated/Xss/DomBasedXss/typeahead.js:7:13:7:37 | autocom ... apter() | calleeImports | | -| autogenerated/Xss/DomBasedXss/typeahead.js:7:13:7:37 | autocom ... apter() | contextFunctionInterfaces | source(query, cb)\nsuggestion(loc)\nsuggestion(val) | -| autogenerated/Xss/DomBasedXss/typeahead.js:7:13:7:37 | autocom ... apter() | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/typeahead.js:7:13:7:37 | autocom ... apter() | enclosingFunctionBody | autocompleter Bloodhound prefetch remoteUrl autocompleter initialize $ .typeahead typeahead source autocompleter ttAdapter templates suggestion loc loc $ .typeahead typeahead name dashboards source query cb target document location search cb target templates suggestion val val | -| autogenerated/Xss/DomBasedXss/typeahead.js:7:13:7:37 | autocom ... apter() | enclosingFunctionName | | -| autogenerated/Xss/DomBasedXss/typeahead.js:7:13:7:37 | autocom ... apter() | fileImports | | -| autogenerated/Xss/DomBasedXss/typeahead.js:7:13:7:37 | autocom ... apter() | receiverName | | -| autogenerated/Xss/DomBasedXss/typeahead.js:7:13:7:37 | autocom ... apter() | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/typeahead.js:8:16:12:5 | {\\n ... }\\n } | CalleeFlexibleAccessPath | $().typeahead | -| autogenerated/Xss/DomBasedXss/typeahead.js:8:16:12:5 | {\\n ... }\\n } | InputAccessPathFromCallee | 1.templates | -| autogenerated/Xss/DomBasedXss/typeahead.js:8:16:12:5 | {\\n ... }\\n } | InputArgumentIndex | 1 | -| autogenerated/Xss/DomBasedXss/typeahead.js:8:16:12:5 | {\\n ... }\\n } | assignedToPropName | templates | -| autogenerated/Xss/DomBasedXss/typeahead.js:8:16:12:5 | {\\n ... }\\n } | calleeImports | | -| autogenerated/Xss/DomBasedXss/typeahead.js:8:16:12:5 | {\\n ... }\\n } | contextFunctionInterfaces | source(query, cb)\nsuggestion(loc)\nsuggestion(val) | -| autogenerated/Xss/DomBasedXss/typeahead.js:8:16:12:5 | {\\n ... }\\n } | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/typeahead.js:8:16:12:5 | {\\n ... }\\n } | enclosingFunctionBody | autocompleter Bloodhound prefetch remoteUrl autocompleter initialize $ .typeahead typeahead source autocompleter ttAdapter templates suggestion loc loc $ .typeahead typeahead name dashboards source query cb target document location search cb target templates suggestion val val | -| autogenerated/Xss/DomBasedXss/typeahead.js:8:16:12:5 | {\\n ... }\\n } | enclosingFunctionName | | -| autogenerated/Xss/DomBasedXss/typeahead.js:8:16:12:5 | {\\n ... }\\n } | fileImports | | -| autogenerated/Xss/DomBasedXss/typeahead.js:8:16:12:5 | {\\n ... }\\n } | receiverName | | -| autogenerated/Xss/DomBasedXss/typeahead.js:8:16:12:5 | {\\n ... }\\n } | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/typeahead.js:9:19:11:7 | functio ... } | CalleeFlexibleAccessPath | $().typeahead | -| autogenerated/Xss/DomBasedXss/typeahead.js:9:19:11:7 | functio ... } | InputAccessPathFromCallee | 1.templates.suggestion | -| autogenerated/Xss/DomBasedXss/typeahead.js:9:19:11:7 | functio ... } | InputArgumentIndex | 1 | -| autogenerated/Xss/DomBasedXss/typeahead.js:9:19:11:7 | functio ... } | assignedToPropName | suggestion | -| autogenerated/Xss/DomBasedXss/typeahead.js:9:19:11:7 | functio ... } | calleeImports | | -| autogenerated/Xss/DomBasedXss/typeahead.js:9:19:11:7 | functio ... } | contextFunctionInterfaces | source(query, cb)\nsuggestion(loc)\nsuggestion(val) | -| autogenerated/Xss/DomBasedXss/typeahead.js:9:19:11:7 | functio ... } | contextSurroundingFunctionParameters | ()\n(loc) | -| autogenerated/Xss/DomBasedXss/typeahead.js:9:19:11:7 | functio ... } | enclosingFunctionBody | autocompleter Bloodhound prefetch remoteUrl autocompleter initialize $ .typeahead typeahead source autocompleter ttAdapter templates suggestion loc loc $ .typeahead typeahead name dashboards source query cb target document location search cb target templates suggestion val val | -| autogenerated/Xss/DomBasedXss/typeahead.js:9:19:11:7 | functio ... } | enclosingFunctionName | | -| autogenerated/Xss/DomBasedXss/typeahead.js:9:19:11:7 | functio ... } | fileImports | | -| autogenerated/Xss/DomBasedXss/typeahead.js:9:19:11:7 | functio ... } | receiverName | | -| autogenerated/Xss/DomBasedXss/typeahead.js:9:19:11:7 | functio ... } | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/typeahead.js:10:16:10:18 | loc | CalleeFlexibleAccessPath | | -| autogenerated/Xss/DomBasedXss/typeahead.js:10:16:10:18 | loc | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/typeahead.js:10:16:10:18 | loc | InputArgumentIndex | | -| autogenerated/Xss/DomBasedXss/typeahead.js:10:16:10:18 | loc | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/typeahead.js:10:16:10:18 | loc | calleeImports | | -| autogenerated/Xss/DomBasedXss/typeahead.js:10:16:10:18 | loc | contextFunctionInterfaces | source(query, cb)\nsuggestion(loc)\nsuggestion(val) | -| autogenerated/Xss/DomBasedXss/typeahead.js:10:16:10:18 | loc | contextSurroundingFunctionParameters | ()\n(loc) | -| autogenerated/Xss/DomBasedXss/typeahead.js:10:16:10:18 | loc | enclosingFunctionBody | autocompleter Bloodhound prefetch remoteUrl autocompleter initialize $ .typeahead typeahead source autocompleter ttAdapter templates suggestion loc loc $ .typeahead typeahead name dashboards source query cb target document location search cb target templates suggestion val val | -| autogenerated/Xss/DomBasedXss/typeahead.js:10:16:10:18 | loc | enclosingFunctionName | | -| autogenerated/Xss/DomBasedXss/typeahead.js:10:16:10:18 | loc | fileImports | | -| autogenerated/Xss/DomBasedXss/typeahead.js:10:16:10:18 | loc | receiverName | | -| autogenerated/Xss/DomBasedXss/typeahead.js:10:16:10:18 | loc | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/typeahead.js:16:5:16:16 | '.typeahead' | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/DomBasedXss/typeahead.js:16:5:16:16 | '.typeahead' | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/typeahead.js:16:5:16:16 | '.typeahead' | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/typeahead.js:16:5:16:16 | '.typeahead' | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/typeahead.js:16:5:16:16 | '.typeahead' | calleeImports | | -| autogenerated/Xss/DomBasedXss/typeahead.js:16:5:16:16 | '.typeahead' | contextFunctionInterfaces | source(query, cb)\nsuggestion(loc)\nsuggestion(val) | -| autogenerated/Xss/DomBasedXss/typeahead.js:16:5:16:16 | '.typeahead' | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/typeahead.js:16:5:16:16 | '.typeahead' | enclosingFunctionBody | autocompleter Bloodhound prefetch remoteUrl autocompleter initialize $ .typeahead typeahead source autocompleter ttAdapter templates suggestion loc loc $ .typeahead typeahead name dashboards source query cb target document location search cb target templates suggestion val val | -| autogenerated/Xss/DomBasedXss/typeahead.js:16:5:16:16 | '.typeahead' | enclosingFunctionName | | -| autogenerated/Xss/DomBasedXss/typeahead.js:16:5:16:16 | '.typeahead' | fileImports | | -| autogenerated/Xss/DomBasedXss/typeahead.js:16:5:16:16 | '.typeahead' | receiverName | | -| autogenerated/Xss/DomBasedXss/typeahead.js:16:5:16:16 | '.typeahead' | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/typeahead.js:16:29:16:30 | {} | CalleeFlexibleAccessPath | $().typeahead | -| autogenerated/Xss/DomBasedXss/typeahead.js:16:29:16:30 | {} | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/typeahead.js:16:29:16:30 | {} | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/typeahead.js:16:29:16:30 | {} | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/typeahead.js:16:29:16:30 | {} | calleeImports | | -| autogenerated/Xss/DomBasedXss/typeahead.js:16:29:16:30 | {} | contextFunctionInterfaces | source(query, cb)\nsuggestion(loc)\nsuggestion(val) | -| autogenerated/Xss/DomBasedXss/typeahead.js:16:29:16:30 | {} | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/typeahead.js:16:29:16:30 | {} | enclosingFunctionBody | autocompleter Bloodhound prefetch remoteUrl autocompleter initialize $ .typeahead typeahead source autocompleter ttAdapter templates suggestion loc loc $ .typeahead typeahead name dashboards source query cb target document location search cb target templates suggestion val val | -| autogenerated/Xss/DomBasedXss/typeahead.js:16:29:16:30 | {} | enclosingFunctionName | | -| autogenerated/Xss/DomBasedXss/typeahead.js:16:29:16:30 | {} | fileImports | | -| autogenerated/Xss/DomBasedXss/typeahead.js:16:29:16:30 | {} | receiverName | | -| autogenerated/Xss/DomBasedXss/typeahead.js:16:29:16:30 | {} | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/typeahead.js:17:5:28:5 | {\\n ... }\\n } | CalleeFlexibleAccessPath | $().typeahead | -| autogenerated/Xss/DomBasedXss/typeahead.js:17:5:28:5 | {\\n ... }\\n } | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/typeahead.js:17:5:28:5 | {\\n ... }\\n } | InputArgumentIndex | 1 | -| autogenerated/Xss/DomBasedXss/typeahead.js:17:5:28:5 | {\\n ... }\\n } | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/typeahead.js:17:5:28:5 | {\\n ... }\\n } | calleeImports | | -| autogenerated/Xss/DomBasedXss/typeahead.js:17:5:28:5 | {\\n ... }\\n } | contextFunctionInterfaces | source(query, cb)\nsuggestion(loc)\nsuggestion(val) | -| autogenerated/Xss/DomBasedXss/typeahead.js:17:5:28:5 | {\\n ... }\\n } | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/typeahead.js:17:5:28:5 | {\\n ... }\\n } | enclosingFunctionBody | autocompleter Bloodhound prefetch remoteUrl autocompleter initialize $ .typeahead typeahead source autocompleter ttAdapter templates suggestion loc loc $ .typeahead typeahead name dashboards source query cb target document location search cb target templates suggestion val val | -| autogenerated/Xss/DomBasedXss/typeahead.js:17:5:28:5 | {\\n ... }\\n } | enclosingFunctionName | | -| autogenerated/Xss/DomBasedXss/typeahead.js:17:5:28:5 | {\\n ... }\\n } | fileImports | | -| autogenerated/Xss/DomBasedXss/typeahead.js:17:5:28:5 | {\\n ... }\\n } | receiverName | | -| autogenerated/Xss/DomBasedXss/typeahead.js:17:5:28:5 | {\\n ... }\\n } | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/typeahead.js:18:13:18:24 | 'dashboards' | CalleeFlexibleAccessPath | $().typeahead | -| autogenerated/Xss/DomBasedXss/typeahead.js:18:13:18:24 | 'dashboards' | InputAccessPathFromCallee | 1.name | -| autogenerated/Xss/DomBasedXss/typeahead.js:18:13:18:24 | 'dashboards' | InputArgumentIndex | 1 | -| autogenerated/Xss/DomBasedXss/typeahead.js:18:13:18:24 | 'dashboards' | assignedToPropName | name | -| autogenerated/Xss/DomBasedXss/typeahead.js:18:13:18:24 | 'dashboards' | calleeImports | | -| autogenerated/Xss/DomBasedXss/typeahead.js:18:13:18:24 | 'dashboards' | contextFunctionInterfaces | source(query, cb)\nsuggestion(loc)\nsuggestion(val) | -| autogenerated/Xss/DomBasedXss/typeahead.js:18:13:18:24 | 'dashboards' | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/typeahead.js:18:13:18:24 | 'dashboards' | enclosingFunctionBody | autocompleter Bloodhound prefetch remoteUrl autocompleter initialize $ .typeahead typeahead source autocompleter ttAdapter templates suggestion loc loc $ .typeahead typeahead name dashboards source query cb target document location search cb target templates suggestion val val | -| autogenerated/Xss/DomBasedXss/typeahead.js:18:13:18:24 | 'dashboards' | enclosingFunctionName | | -| autogenerated/Xss/DomBasedXss/typeahead.js:18:13:18:24 | 'dashboards' | fileImports | | -| autogenerated/Xss/DomBasedXss/typeahead.js:18:13:18:24 | 'dashboards' | receiverName | | -| autogenerated/Xss/DomBasedXss/typeahead.js:18:13:18:24 | 'dashboards' | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/typeahead.js:19:15:22:7 | functio ... } | CalleeFlexibleAccessPath | $().typeahead | -| autogenerated/Xss/DomBasedXss/typeahead.js:19:15:22:7 | functio ... } | InputAccessPathFromCallee | 1.source | -| autogenerated/Xss/DomBasedXss/typeahead.js:19:15:22:7 | functio ... } | InputArgumentIndex | 1 | -| autogenerated/Xss/DomBasedXss/typeahead.js:19:15:22:7 | functio ... } | assignedToPropName | source | -| autogenerated/Xss/DomBasedXss/typeahead.js:19:15:22:7 | functio ... } | calleeImports | | -| autogenerated/Xss/DomBasedXss/typeahead.js:19:15:22:7 | functio ... } | contextFunctionInterfaces | source(query, cb)\nsuggestion(loc)\nsuggestion(val) | -| autogenerated/Xss/DomBasedXss/typeahead.js:19:15:22:7 | functio ... } | contextSurroundingFunctionParameters | ()\n(query, cb) | -| autogenerated/Xss/DomBasedXss/typeahead.js:19:15:22:7 | functio ... } | enclosingFunctionBody | autocompleter Bloodhound prefetch remoteUrl autocompleter initialize $ .typeahead typeahead source autocompleter ttAdapter templates suggestion loc loc $ .typeahead typeahead name dashboards source query cb target document location search cb target templates suggestion val val | -| autogenerated/Xss/DomBasedXss/typeahead.js:19:15:22:7 | functio ... } | enclosingFunctionName | | -| autogenerated/Xss/DomBasedXss/typeahead.js:19:15:22:7 | functio ... } | fileImports | | -| autogenerated/Xss/DomBasedXss/typeahead.js:19:15:22:7 | functio ... } | receiverName | | -| autogenerated/Xss/DomBasedXss/typeahead.js:19:15:22:7 | functio ... } | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/typeahead.js:23:18:27:7 | {\\n ... } | CalleeFlexibleAccessPath | $().typeahead | -| autogenerated/Xss/DomBasedXss/typeahead.js:23:18:27:7 | {\\n ... } | InputAccessPathFromCallee | 1.templates | -| autogenerated/Xss/DomBasedXss/typeahead.js:23:18:27:7 | {\\n ... } | InputArgumentIndex | 1 | -| autogenerated/Xss/DomBasedXss/typeahead.js:23:18:27:7 | {\\n ... } | assignedToPropName | templates | -| autogenerated/Xss/DomBasedXss/typeahead.js:23:18:27:7 | {\\n ... } | calleeImports | | -| autogenerated/Xss/DomBasedXss/typeahead.js:23:18:27:7 | {\\n ... } | contextFunctionInterfaces | source(query, cb)\nsuggestion(loc)\nsuggestion(val) | -| autogenerated/Xss/DomBasedXss/typeahead.js:23:18:27:7 | {\\n ... } | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/typeahead.js:23:18:27:7 | {\\n ... } | enclosingFunctionBody | autocompleter Bloodhound prefetch remoteUrl autocompleter initialize $ .typeahead typeahead source autocompleter ttAdapter templates suggestion loc loc $ .typeahead typeahead name dashboards source query cb target document location search cb target templates suggestion val val | -| autogenerated/Xss/DomBasedXss/typeahead.js:23:18:27:7 | {\\n ... } | enclosingFunctionName | | -| autogenerated/Xss/DomBasedXss/typeahead.js:23:18:27:7 | {\\n ... } | fileImports | | -| autogenerated/Xss/DomBasedXss/typeahead.js:23:18:27:7 | {\\n ... } | receiverName | | -| autogenerated/Xss/DomBasedXss/typeahead.js:23:18:27:7 | {\\n ... } | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/typeahead.js:24:21:26:9 | functio ... } | CalleeFlexibleAccessPath | $().typeahead | -| autogenerated/Xss/DomBasedXss/typeahead.js:24:21:26:9 | functio ... } | InputAccessPathFromCallee | 1.templates.suggestion | -| autogenerated/Xss/DomBasedXss/typeahead.js:24:21:26:9 | functio ... } | InputArgumentIndex | 1 | -| autogenerated/Xss/DomBasedXss/typeahead.js:24:21:26:9 | functio ... } | assignedToPropName | suggestion | -| autogenerated/Xss/DomBasedXss/typeahead.js:24:21:26:9 | functio ... } | calleeImports | | -| autogenerated/Xss/DomBasedXss/typeahead.js:24:21:26:9 | functio ... } | contextFunctionInterfaces | source(query, cb)\nsuggestion(loc)\nsuggestion(val) | -| autogenerated/Xss/DomBasedXss/typeahead.js:24:21:26:9 | functio ... } | contextSurroundingFunctionParameters | ()\n(val) | -| autogenerated/Xss/DomBasedXss/typeahead.js:24:21:26:9 | functio ... } | enclosingFunctionBody | autocompleter Bloodhound prefetch remoteUrl autocompleter initialize $ .typeahead typeahead source autocompleter ttAdapter templates suggestion loc loc $ .typeahead typeahead name dashboards source query cb target document location search cb target templates suggestion val val | -| autogenerated/Xss/DomBasedXss/typeahead.js:24:21:26:9 | functio ... } | enclosingFunctionName | | -| autogenerated/Xss/DomBasedXss/typeahead.js:24:21:26:9 | functio ... } | fileImports | | -| autogenerated/Xss/DomBasedXss/typeahead.js:24:21:26:9 | functio ... } | receiverName | | -| autogenerated/Xss/DomBasedXss/typeahead.js:24:21:26:9 | functio ... } | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/typeahead.js:25:18:25:20 | val | CalleeFlexibleAccessPath | | -| autogenerated/Xss/DomBasedXss/typeahead.js:25:18:25:20 | val | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/typeahead.js:25:18:25:20 | val | InputArgumentIndex | | -| autogenerated/Xss/DomBasedXss/typeahead.js:25:18:25:20 | val | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/typeahead.js:25:18:25:20 | val | calleeImports | | -| autogenerated/Xss/DomBasedXss/typeahead.js:25:18:25:20 | val | contextFunctionInterfaces | source(query, cb)\nsuggestion(loc)\nsuggestion(val) | -| autogenerated/Xss/DomBasedXss/typeahead.js:25:18:25:20 | val | contextSurroundingFunctionParameters | ()\n(val) | -| autogenerated/Xss/DomBasedXss/typeahead.js:25:18:25:20 | val | enclosingFunctionBody | autocompleter Bloodhound prefetch remoteUrl autocompleter initialize $ .typeahead typeahead source autocompleter ttAdapter templates suggestion loc loc $ .typeahead typeahead name dashboards source query cb target document location search cb target templates suggestion val val | -| autogenerated/Xss/DomBasedXss/typeahead.js:25:18:25:20 | val | enclosingFunctionName | | -| autogenerated/Xss/DomBasedXss/typeahead.js:25:18:25:20 | val | fileImports | | -| autogenerated/Xss/DomBasedXss/typeahead.js:25:18:25:20 | val | receiverName | | -| autogenerated/Xss/DomBasedXss/typeahead.js:25:18:25:20 | val | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:4:4:4:10 | "
    " | CalleeFlexibleAccessPath | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:4:4:4:10 | "
    " | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:4:4:4:10 | "
    " | InputArgumentIndex | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:4:4:4:10 | "
    " | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:4:4:4:10 | "
    " | calleeImports | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:4:4:4:10 | "
    " | contextFunctionInterfaces | indirection1(attrs)\nindirection2(attrs)\ntest() | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:4:4:4:10 | "
    " | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:4:4:4:10 | "
    " | enclosingFunctionBody | tainted document location search $
    tainted
    $
    tainted
    $
    concat tainted concat
    $
    tainted
    join $
    $
    $
    join indirection1 attrs
    content
    indirection2 attrs
    concat content concat
    $ indirection1 document location search attrs $ indirection2 document location search attrs | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:4:4:4:10 | "
    " | enclosingFunctionName | test | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:4:4:4:10 | "
    " | fileImports | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:4:4:4:10 | "
    " | receiverName | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:4:4:4:10 | "
    " | stringConcatenatedWith | -endpoint- tainted + '
    ' | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:4:4:4:31 | "
    " ...
    " | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:4:4:4:31 | "
    " ...
    " | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:4:4:4:31 | "
    " ...
    " | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:4:4:4:31 | "
    " ...
    " | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:4:4:4:31 | "
    " ...
    " | calleeImports | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:4:4:4:31 | "
    " ...
    " | contextFunctionInterfaces | indirection1(attrs)\nindirection2(attrs)\ntest() | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:4:4:4:31 | "
    " ...
    " | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:4:4:4:31 | "
    " ...
    " | enclosingFunctionBody | tainted document location search $
    tainted
    $
    tainted
    $
    concat tainted concat
    $
    tainted
    join $
    $
    $
    join indirection1 attrs
    content
    indirection2 attrs
    concat content concat
    $ indirection1 document location search attrs $ indirection2 document location search attrs | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:4:4:4:31 | "
    " ...
    " | enclosingFunctionName | test | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:4:4:4:31 | "
    " ...
    " | fileImports | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:4:4:4:31 | "
    " ...
    " | receiverName | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:4:4:4:31 | "
    " ...
    " | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:4:14:4:20 | tainted | CalleeFlexibleAccessPath | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:4:14:4:20 | tainted | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:4:14:4:20 | tainted | InputArgumentIndex | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:4:14:4:20 | tainted | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:4:14:4:20 | tainted | calleeImports | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:4:14:4:20 | tainted | contextFunctionInterfaces | indirection1(attrs)\nindirection2(attrs)\ntest() | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:4:14:4:20 | tainted | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:4:14:4:20 | tainted | enclosingFunctionBody | tainted document location search $
    tainted
    $
    tainted
    $
    concat tainted concat
    $
    tainted
    join $
    $
    $
    join indirection1 attrs
    content
    indirection2 attrs
    concat content concat
    $ indirection1 document location search attrs $ indirection2 document location search attrs | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:4:14:4:20 | tainted | enclosingFunctionName | test | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:4:14:4:20 | tainted | fileImports | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:4:14:4:20 | tainted | receiverName | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:4:14:4:20 | tainted | stringConcatenatedWith | '
    ' -endpoint- '
    ' | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:4:24:4:31 | "
    " | CalleeFlexibleAccessPath | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:4:24:4:31 | "
    " | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:4:24:4:31 | "
    " | InputArgumentIndex | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:4:24:4:31 | "
    " | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:4:24:4:31 | "
    " | calleeImports | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:4:24:4:31 | "
    " | contextFunctionInterfaces | indirection1(attrs)\nindirection2(attrs)\ntest() | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:4:24:4:31 | "
    " | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:4:24:4:31 | "
    " | enclosingFunctionBody | tainted document location search $
    tainted
    $
    tainted
    $
    concat tainted concat
    $
    tainted
    join $
    $
    $
    join indirection1 attrs
    content
    indirection2 attrs
    concat content concat
    $ indirection1 document location search attrs $ indirection2 document location search attrs | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:4:24:4:31 | "
    " | enclosingFunctionName | test | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:4:24:4:31 | "
    " | fileImports | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:4:24:4:31 | "
    " | receiverName | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:4:24:4:31 | "
    " | stringConcatenatedWith | '
    ' + tainted -endpoint- | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:5:4:5:26 | `
    $ ...
    ` | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:5:4:5:26 | `
    $ ...
    ` | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:5:4:5:26 | `
    $ ...
    ` | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:5:4:5:26 | `
    $ ...
    ` | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:5:4:5:26 | `
    $ ...
    ` | calleeImports | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:5:4:5:26 | `
    $ ...
    ` | contextFunctionInterfaces | indirection1(attrs)\nindirection2(attrs)\ntest() | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:5:4:5:26 | `
    $ ...
    ` | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:5:4:5:26 | `
    $ ...
    ` | enclosingFunctionBody | tainted document location search $
    tainted
    $
    tainted
    $
    concat tainted concat
    $
    tainted
    join $
    $
    $
    join indirection1 attrs
    content
    indirection2 attrs
    concat content concat
    $ indirection1 document location search attrs $ indirection2 document location search attrs | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:5:4:5:26 | `
    $ ...
    ` | enclosingFunctionName | test | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:5:4:5:26 | `
    $ ...
    ` | fileImports | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:5:4:5:26 | `
    $ ...
    ` | receiverName | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:5:4:5:26 | `
    $ ...
    ` | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:5:5:5:9 |
    | CalleeFlexibleAccessPath | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:5:5:5:9 |
    | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:5:5:5:9 |
    | InputArgumentIndex | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:5:5:5:9 |
    | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:5:5:5:9 |
    | calleeImports | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:5:5:5:9 |
    | contextFunctionInterfaces | indirection1(attrs)\nindirection2(attrs)\ntest() | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:5:5:5:9 |
    | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:5:5:5:9 |
    | enclosingFunctionBody | tainted document location search $
    tainted
    $
    tainted
    $
    concat tainted concat
    $
    tainted
    join $
    $
    $
    join indirection1 attrs
    content
    indirection2 attrs
    concat content concat
    $ indirection1 document location search attrs $ indirection2 document location search attrs | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:5:5:5:9 |
    | enclosingFunctionName | test | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:5:5:5:9 |
    | fileImports | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:5:5:5:9 |
    | receiverName | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:5:5:5:9 |
    | stringConcatenatedWith | -endpoint- tainted + '
    ' | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:5:12:5:18 | tainted | CalleeFlexibleAccessPath | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:5:12:5:18 | tainted | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:5:12:5:18 | tainted | InputArgumentIndex | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:5:12:5:18 | tainted | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:5:12:5:18 | tainted | calleeImports | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:5:12:5:18 | tainted | contextFunctionInterfaces | indirection1(attrs)\nindirection2(attrs)\ntest() | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:5:12:5:18 | tainted | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:5:12:5:18 | tainted | enclosingFunctionBody | tainted document location search $
    tainted
    $
    tainted
    $
    concat tainted concat
    $
    tainted
    join $
    $
    $
    join indirection1 attrs
    content
    indirection2 attrs
    concat content concat
    $ indirection1 document location search attrs $ indirection2 document location search attrs | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:5:12:5:18 | tainted | enclosingFunctionName | test | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:5:12:5:18 | tainted | fileImports | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:5:12:5:18 | tainted | receiverName | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:5:12:5:18 | tainted | stringConcatenatedWith | '
    ' -endpoint- '
    ' | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:5:20:5:25 |
    | CalleeFlexibleAccessPath | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:5:20:5:25 |
    | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:5:20:5:25 |
    | InputArgumentIndex | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:5:20:5:25 |
    | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:5:20:5:25 |
    | calleeImports | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:5:20:5:25 |
    | contextFunctionInterfaces | indirection1(attrs)\nindirection2(attrs)\ntest() | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:5:20:5:25 |
    | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:5:20:5:25 |
    | enclosingFunctionBody | tainted document location search $
    tainted
    $
    tainted
    $
    concat tainted concat
    $
    tainted
    join $
    $
    $
    join indirection1 attrs
    content
    indirection2 attrs
    concat content concat
    $ indirection1 document location search attrs $ indirection2 document location search attrs | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:5:20:5:25 |
    | enclosingFunctionName | test | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:5:20:5:25 |
    | fileImports | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:5:20:5:25 |
    | receiverName | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:5:20:5:25 |
    | stringConcatenatedWith | '
    ' + tainted -endpoint- | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:6:4:6:10 | "
    " | CalleeFlexibleAccessPath | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:6:4:6:10 | "
    " | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:6:4:6:10 | "
    " | InputArgumentIndex | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:6:4:6:10 | "
    " | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:6:4:6:10 | "
    " | calleeImports | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:6:4:6:10 | "
    " | contextFunctionInterfaces | indirection1(attrs)\nindirection2(attrs)\ntest() | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:6:4:6:10 | "
    " | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:6:4:6:10 | "
    " | enclosingFunctionBody | tainted document location search $
    tainted
    $
    tainted
    $
    concat tainted concat
    $
    tainted
    join $
    $
    $
    join indirection1 attrs
    content
    indirection2 attrs
    concat content concat
    $ indirection1 document location search attrs $ indirection2 document location search attrs | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:6:4:6:10 | "
    " | enclosingFunctionName | test | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:6:4:6:10 | "
    " | fileImports | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:6:4:6:10 | "
    " | receiverName | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:6:4:6:10 | "
    " | stringConcatenatedWith | -endpoint- tainted + '
    ' | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:6:4:6:43 | "
    " ... /div>") | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:6:4:6:43 | "
    " ... /div>") | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:6:4:6:43 | "
    " ... /div>") | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:6:4:6:43 | "
    " ... /div>") | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:6:4:6:43 | "
    " ... /div>") | calleeImports | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:6:4:6:43 | "
    " ... /div>") | contextFunctionInterfaces | indirection1(attrs)\nindirection2(attrs)\ntest() | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:6:4:6:43 | "
    " ... /div>") | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:6:4:6:43 | "
    " ... /div>") | enclosingFunctionBody | tainted document location search $
    tainted
    $
    tainted
    $
    concat tainted concat
    $
    tainted
    join $
    $
    $
    join indirection1 attrs
    content
    indirection2 attrs
    concat content concat
    $ indirection1 document location search attrs $ indirection2 document location search attrs | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:6:4:6:43 | "
    " ... /div>") | enclosingFunctionName | test | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:6:4:6:43 | "
    " ... /div>") | fileImports | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:6:4:6:43 | "
    " ... /div>") | receiverName | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:6:4:6:43 | "
    " ... /div>") | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:6:19:6:25 | tainted | CalleeFlexibleAccessPath | ?.concat | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:6:19:6:25 | tainted | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:6:19:6:25 | tainted | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:6:19:6:25 | tainted | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:6:19:6:25 | tainted | calleeImports | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:6:19:6:25 | tainted | contextFunctionInterfaces | indirection1(attrs)\nindirection2(attrs)\ntest() | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:6:19:6:25 | tainted | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:6:19:6:25 | tainted | enclosingFunctionBody | tainted document location search $
    tainted
    $
    tainted
    $
    concat tainted concat
    $
    tainted
    join $
    $
    $
    join indirection1 attrs
    content
    indirection2 attrs
    concat content concat
    $ indirection1 document location search attrs $ indirection2 document location search attrs | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:6:19:6:25 | tainted | enclosingFunctionName | test | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:6:19:6:25 | tainted | fileImports | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:6:19:6:25 | tainted | receiverName | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:6:19:6:25 | tainted | stringConcatenatedWith | '
    ' -endpoint- '
    ' | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:7:4:7:38 | ["
    ... .join() | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:7:4:7:38 | ["
    ... .join() | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:7:4:7:38 | ["
    ... .join() | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:7:4:7:38 | ["
    ... .join() | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:7:4:7:38 | ["
    ... .join() | calleeImports | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:7:4:7:38 | ["
    ... .join() | contextFunctionInterfaces | indirection1(attrs)\nindirection2(attrs)\ntest() | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:7:4:7:38 | ["
    ... .join() | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:7:4:7:38 | ["
    ... .join() | enclosingFunctionBody | tainted document location search $
    tainted
    $
    tainted
    $
    concat tainted concat
    $
    tainted
    join $
    $
    $
    join indirection1 attrs
    content
    indirection2 attrs
    concat content concat
    $ indirection1 document location search attrs $ indirection2 document location search attrs | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:7:4:7:38 | ["
    ... .join() | enclosingFunctionName | test | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:7:4:7:38 | ["
    ... .join() | fileImports | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:7:4:7:38 | ["
    ... .join() | receiverName | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:7:4:7:38 | ["
    ... .join() | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:7:5:7:11 | "
    " | CalleeFlexibleAccessPath | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:7:5:7:11 | "
    " | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:7:5:7:11 | "
    " | InputArgumentIndex | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:7:5:7:11 | "
    " | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:7:5:7:11 | "
    " | calleeImports | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:7:5:7:11 | "
    " | contextFunctionInterfaces | indirection1(attrs)\nindirection2(attrs)\ntest() | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:7:5:7:11 | "
    " | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:7:5:7:11 | "
    " | enclosingFunctionBody | tainted document location search $
    tainted
    $
    tainted
    $
    concat tainted concat
    $
    tainted
    join $
    $
    $
    join indirection1 attrs
    content
    indirection2 attrs
    concat content concat
    $ indirection1 document location search attrs $ indirection2 document location search attrs | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:7:5:7:11 | "
    " | enclosingFunctionName | test | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:7:5:7:11 | "
    " | fileImports | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:7:5:7:11 | "
    " | receiverName | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:7:5:7:11 | "
    " | stringConcatenatedWith | -endpoint- tainted + '
    ' | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:7:14:7:20 | tainted | CalleeFlexibleAccessPath | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:7:14:7:20 | tainted | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:7:14:7:20 | tainted | InputArgumentIndex | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:7:14:7:20 | tainted | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:7:14:7:20 | tainted | calleeImports | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:7:14:7:20 | tainted | contextFunctionInterfaces | indirection1(attrs)\nindirection2(attrs)\ntest() | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:7:14:7:20 | tainted | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:7:14:7:20 | tainted | enclosingFunctionBody | tainted document location search $
    tainted
    $
    tainted
    $
    concat tainted concat
    $
    tainted
    join $
    $
    $
    join indirection1 attrs
    content
    indirection2 attrs
    concat content concat
    $ indirection1 document location search attrs $ indirection2 document location search attrs | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:7:14:7:20 | tainted | enclosingFunctionName | test | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:7:14:7:20 | tainted | fileImports | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:7:14:7:20 | tainted | receiverName | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:7:14:7:20 | tainted | stringConcatenatedWith | '
    ' -endpoint- '
    ' | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:7:23:7:30 | "
    " | CalleeFlexibleAccessPath | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:7:23:7:30 | "
    " | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:7:23:7:30 | "
    " | InputArgumentIndex | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:7:23:7:30 | "
    " | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:7:23:7:30 | "
    " | calleeImports | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:7:23:7:30 | "
    " | contextFunctionInterfaces | indirection1(attrs)\nindirection2(attrs)\ntest() | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:7:23:7:30 | "
    " | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:7:23:7:30 | "
    " | enclosingFunctionBody | tainted document location search $
    tainted
    $
    tainted
    $
    concat tainted concat
    $
    tainted
    join $
    $
    $
    join indirection1 attrs
    content
    indirection2 attrs
    concat content concat
    $ indirection1 document location search attrs $ indirection2 document location search attrs | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:7:23:7:30 | "
    " | enclosingFunctionName | test | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:7:23:7:30 | "
    " | fileImports | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:7:23:7:30 | "
    " | receiverName | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:7:23:7:30 | "
    " | stringConcatenatedWith | '
    ' + tainted -endpoint- | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:9:4:9:15 | "
    tainted
    $
    tainted
    $
    concat tainted concat
    $
    tainted
    join $
    $
    $
    join indirection1 attrs
    content
    indirection2 attrs
    concat content concat
    $ indirection1 document location search attrs $ indirection2 document location search attrs | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:9:4:9:15 | "
    ' | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:9:4:9:34 | "
    " | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:9:4:9:34 | "
    " | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:9:4:9:34 | "
    " | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:9:4:9:34 | "
    " | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:9:4:9:34 | "
    " | calleeImports | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:9:4:9:34 | "
    " | contextFunctionInterfaces | indirection1(attrs)\nindirection2(attrs)\ntest() | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:9:4:9:34 | "
    " | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:9:4:9:34 | "
    " | enclosingFunctionBody | tainted document location search $
    tainted
    $
    tainted
    $
    concat tainted concat
    $
    tainted
    join $
    $
    $
    join indirection1 attrs
    content
    indirection2 attrs
    concat content concat
    $ indirection1 document location search attrs $ indirection2 document location search attrs | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:9:4:9:34 | "
    " | enclosingFunctionName | test | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:9:4:9:34 | "
    " | fileImports | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:9:4:9:34 | "
    " | receiverName | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:9:4:9:34 | "
    " | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:9:19:9:25 | tainted | CalleeFlexibleAccessPath | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:9:19:9:25 | tainted | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:9:19:9:25 | tainted | InputArgumentIndex | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:9:19:9:25 | tainted | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:9:19:9:25 | tainted | calleeImports | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:9:19:9:25 | tainted | contextFunctionInterfaces | indirection1(attrs)\nindirection2(attrs)\ntest() | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:9:19:9:25 | tainted | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:9:19:9:25 | tainted | enclosingFunctionBody | tainted document location search $
    tainted
    $
    tainted
    $
    concat tainted concat
    $
    tainted
    join $
    $
    $
    join indirection1 attrs
    content
    indirection2 attrs
    concat content concat
    $ indirection1 document location search attrs $ indirection2 document location search attrs | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:9:19:9:25 | tainted | enclosingFunctionName | test | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:9:19:9:25 | tainted | fileImports | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:9:19:9:25 | tainted | receiverName | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:9:19:9:25 | tainted | stringConcatenatedWith | '
    ' | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:9:29:9:34 | "\\"/>" | CalleeFlexibleAccessPath | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:9:29:9:34 | "\\"/>" | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:9:29:9:34 | "\\"/>" | InputArgumentIndex | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:9:29:9:34 | "\\"/>" | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:9:29:9:34 | "\\"/>" | calleeImports | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:9:29:9:34 | "\\"/>" | contextFunctionInterfaces | indirection1(attrs)\nindirection2(attrs)\ntest() | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:9:29:9:34 | "\\"/>" | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:9:29:9:34 | "\\"/>" | enclosingFunctionBody | tainted document location search $
    tainted
    $
    tainted
    $
    concat tainted concat
    $
    tainted
    join $
    $
    $
    join indirection1 attrs
    content
    indirection2 attrs
    concat content concat
    $ indirection1 document location search attrs $ indirection2 document location search attrs | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:9:29:9:34 | "\\"/>" | enclosingFunctionName | test | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:9:29:9:34 | "\\"/>" | fileImports | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:9:29:9:34 | "\\"/>" | receiverName | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:9:29:9:34 | "\\"/>" | stringConcatenatedWith | '
    ` | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:10:4:10:27 | `
    ` | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:10:4:10:27 | `
    ` | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:10:4:10:27 | `
    ` | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:10:4:10:27 | `
    ` | calleeImports | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:10:4:10:27 | `
    ` | contextFunctionInterfaces | indirection1(attrs)\nindirection2(attrs)\ntest() | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:10:4:10:27 | `
    ` | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:10:4:10:27 | `
    ` | enclosingFunctionBody | tainted document location search $
    tainted
    $
    tainted
    $
    concat tainted concat
    $
    tainted
    join $
    $
    $
    join indirection1 attrs
    content
    indirection2 attrs
    concat content concat
    $ indirection1 document location search attrs $ indirection2 document location search attrs | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:10:4:10:27 | `
    ` | enclosingFunctionName | test | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:10:4:10:27 | `
    ` | fileImports | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:10:4:10:27 | `
    ` | receiverName | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:10:4:10:27 | `
    ` | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:10:5:10:13 |
    tainted
    $
    tainted
    $
    concat tainted concat
    $
    tainted
    join $
    $
    $
    join indirection1 attrs
    content
    indirection2 attrs
    concat content concat
    $ indirection1 document location search attrs $ indirection2 document location search attrs | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:10:5:10:13 |
    ' | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:10:16:10:22 | tainted | CalleeFlexibleAccessPath | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:10:16:10:22 | tainted | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:10:16:10:22 | tainted | InputArgumentIndex | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:10:16:10:22 | tainted | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:10:16:10:22 | tainted | calleeImports | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:10:16:10:22 | tainted | contextFunctionInterfaces | indirection1(attrs)\nindirection2(attrs)\ntest() | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:10:16:10:22 | tainted | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:10:16:10:22 | tainted | enclosingFunctionBody | tainted document location search $
    tainted
    $
    tainted
    $
    concat tainted concat
    $
    tainted
    join $
    $
    $
    join indirection1 attrs
    content
    indirection2 attrs
    concat content concat
    $ indirection1 document location search attrs $ indirection2 document location search attrs | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:10:16:10:22 | tainted | enclosingFunctionName | test | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:10:16:10:22 | tainted | fileImports | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:10:16:10:22 | tainted | receiverName | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:10:16:10:22 | tainted | stringConcatenatedWith | '
    ' | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:10:24:10:26 | "/> | CalleeFlexibleAccessPath | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:10:24:10:26 | "/> | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:10:24:10:26 | "/> | InputArgumentIndex | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:10:24:10:26 | "/> | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:10:24:10:26 | "/> | calleeImports | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:10:24:10:26 | "/> | contextFunctionInterfaces | indirection1(attrs)\nindirection2(attrs)\ntest() | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:10:24:10:26 | "/> | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:10:24:10:26 | "/> | enclosingFunctionBody | tainted document location search $
    tainted
    $
    tainted
    $
    concat tainted concat
    $
    tainted
    join $
    $
    $
    join indirection1 attrs
    content
    indirection2 attrs
    concat content concat
    $ indirection1 document location search attrs $ indirection2 document location search attrs | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:10:24:10:26 | "/> | enclosingFunctionName | test | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:10:24:10:26 | "/> | fileImports | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:10:24:10:26 | "/> | receiverName | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:10:24:10:26 | "/> | stringConcatenatedWith | '
    tainted
    $
    tainted
    $
    concat tainted concat
    $
    tainted
    join $
    $
    $
    join indirection1 attrs
    content
    indirection2 attrs
    concat content concat
    $ indirection1 document location search attrs $ indirection2 document location search attrs | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:11:4:11:15 | "
    ' | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:11:4:11:44 | "
    ") | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:11:4:11:44 | "
    ") | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:11:4:11:44 | "
    ") | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:11:4:11:44 | "
    ") | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:11:4:11:44 | "
    ") | calleeImports | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:11:4:11:44 | "
    ") | contextFunctionInterfaces | indirection1(attrs)\nindirection2(attrs)\ntest() | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:11:4:11:44 | "
    ") | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:11:4:11:44 | "
    ") | enclosingFunctionBody | tainted document location search $
    tainted
    $
    tainted
    $
    concat tainted concat
    $
    tainted
    join $
    $
    $
    join indirection1 attrs
    content
    indirection2 attrs
    concat content concat
    $ indirection1 document location search attrs $ indirection2 document location search attrs | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:11:4:11:44 | "
    ") | enclosingFunctionName | test | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:11:4:11:44 | "
    ") | fileImports | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:11:4:11:44 | "
    ") | receiverName | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:11:4:11:44 | "
    ") | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:11:24:11:30 | tainted | CalleeFlexibleAccessPath | ?.concat | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:11:24:11:30 | tainted | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:11:24:11:30 | tainted | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:11:24:11:30 | tainted | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:11:24:11:30 | tainted | calleeImports | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:11:24:11:30 | tainted | contextFunctionInterfaces | indirection1(attrs)\nindirection2(attrs)\ntest() | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:11:24:11:30 | tainted | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:11:24:11:30 | tainted | enclosingFunctionBody | tainted document location search $
    tainted
    $
    tainted
    $
    concat tainted concat
    $
    tainted
    join $
    $
    $
    join indirection1 attrs
    content
    indirection2 attrs
    concat content concat
    $ indirection1 document location search attrs $ indirection2 document location search attrs | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:11:24:11:30 | tainted | enclosingFunctionName | test | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:11:24:11:30 | tainted | fileImports | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:11:24:11:30 | tainted | receiverName | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:11:24:11:30 | tainted | stringConcatenatedWith | '
    tainted
    $
    tainted
    $
    concat tainted concat
    $
    tainted
    join $
    $
    $
    join indirection1 attrs
    content
    indirection2 attrs
    concat content concat
    $ indirection1 document location search attrs $ indirection2 document location search attrs | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:12:4:12:41 | ["
    tainted
    $
    tainted
    $
    concat tainted concat
    $
    tainted
    join $
    $
    $
    join indirection1 attrs
    content
    indirection2 attrs
    concat content concat
    $ indirection1 document location search attrs $ indirection2 document location search attrs | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:12:5:12:16 | "
    ' | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:12:19:12:25 | tainted | CalleeFlexibleAccessPath | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:12:19:12:25 | tainted | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:12:19:12:25 | tainted | InputArgumentIndex | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:12:19:12:25 | tainted | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:12:19:12:25 | tainted | calleeImports | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:12:19:12:25 | tainted | contextFunctionInterfaces | indirection1(attrs)\nindirection2(attrs)\ntest() | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:12:19:12:25 | tainted | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:12:19:12:25 | tainted | enclosingFunctionBody | tainted document location search $
    tainted
    $
    tainted
    $
    concat tainted concat
    $
    tainted
    join $
    $
    $
    join indirection1 attrs
    content
    indirection2 attrs
    concat content concat
    $ indirection1 document location search attrs $ indirection2 document location search attrs | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:12:19:12:25 | tainted | enclosingFunctionName | test | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:12:19:12:25 | tainted | fileImports | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:12:19:12:25 | tainted | receiverName | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:12:19:12:25 | tainted | stringConcatenatedWith | '
    ' | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:12:28:12:33 | "\\"/>" | CalleeFlexibleAccessPath | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:12:28:12:33 | "\\"/>" | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:12:28:12:33 | "\\"/>" | InputArgumentIndex | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:12:28:12:33 | "\\"/>" | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:12:28:12:33 | "\\"/>" | calleeImports | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:12:28:12:33 | "\\"/>" | contextFunctionInterfaces | indirection1(attrs)\nindirection2(attrs)\ntest() | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:12:28:12:33 | "\\"/>" | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:12:28:12:33 | "\\"/>" | enclosingFunctionBody | tainted document location search $
    tainted
    $
    tainted
    $
    concat tainted concat
    $
    tainted
    join $
    $
    $
    join indirection1 attrs
    content
    indirection2 attrs
    concat content concat
    $ indirection1 document location search attrs $ indirection2 document location search attrs | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:12:28:12:33 | "\\"/>" | enclosingFunctionName | test | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:12:28:12:33 | "\\"/>" | fileImports | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:12:28:12:33 | "\\"/>" | receiverName | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:12:28:12:33 | "\\"/>" | stringConcatenatedWith | '
    $
    $
    join indirection1 attrs
    content
    indirection2 attrs
    concat content concat
    $ indirection1 document location search attrs $ indirection2 document location search attrs | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:15:10:15:23 | '
    ' + content + '
    ' | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:15:27:15:55 | (attrs. ... 'left') | CalleeFlexibleAccessPath | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:15:27:15:55 | (attrs. ... 'left') | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:15:27:15:55 | (attrs. ... 'left') | InputArgumentIndex | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:15:27:15:55 | (attrs. ... 'left') | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:15:27:15:55 | (attrs. ... 'left') | calleeImports | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:15:27:15:55 | (attrs. ... 'left') | contextFunctionInterfaces | indirection1(attrs)\nindirection2(attrs)\ntest() | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:15:27:15:55 | (attrs. ... 'left') | contextSurroundingFunctionParameters | (attrs) | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:15:27:15:55 | (attrs. ... 'left') | enclosingFunctionBody | tainted document location search $
    tainted
    $
    tainted
    $
    concat tainted concat
    $
    tainted
    join $
    $
    $
    join indirection1 attrs
    content
    indirection2 attrs
    concat content concat
    $ indirection1 document location search attrs $ indirection2 document location search attrs | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:15:27:15:55 | (attrs. ... 'left') | enclosingFunctionName | test | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:15:27:15:55 | (attrs. ... 'left') | fileImports | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:15:27:15:55 | (attrs. ... 'left') | receiverName | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:15:27:15:55 | (attrs. ... 'left') | stringConcatenatedWith | '
    ' + content + '
    ' | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:15:59:15:62 | '">' | CalleeFlexibleAccessPath | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:15:59:15:62 | '">' | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:15:59:15:62 | '">' | InputArgumentIndex | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:15:59:15:62 | '">' | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:15:59:15:62 | '">' | calleeImports | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:15:59:15:62 | '">' | contextFunctionInterfaces | indirection1(attrs)\nindirection2(attrs)\ntest() | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:15:59:15:62 | '">' | contextSurroundingFunctionParameters | (attrs) | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:15:59:15:62 | '">' | enclosingFunctionBody | tainted document location search $
    tainted
    $
    tainted
    $
    concat tainted concat
    $
    tainted
    join $
    $
    $
    join indirection1 attrs
    content
    indirection2 attrs
    concat content concat
    $ indirection1 document location search attrs $ indirection2 document location search attrs | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:15:59:15:62 | '">' | enclosingFunctionName | test | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:15:59:15:62 | '">' | fileImports | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:15:59:15:62 | '">' | receiverName | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:15:59:15:62 | '">' | stringConcatenatedWith | '
    $
    $
    join indirection1 attrs
    content
    indirection2 attrs
    concat content concat
    $ indirection1 document location search attrs $ indirection2 document location search attrs | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:15:66:15:72 | content | enclosingFunctionName | test | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:15:66:15:72 | content | fileImports | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:15:66:15:72 | content | receiverName | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:15:66:15:72 | content | stringConcatenatedWith | '
    ' -endpoint- '
    ' | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:15:76:15:83 | '
    ' | CalleeFlexibleAccessPath | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:15:76:15:83 | '
    ' | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:15:76:15:83 | '
    ' | InputArgumentIndex | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:15:76:15:83 | '
    ' | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:15:76:15:83 | '
    ' | calleeImports | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:15:76:15:83 | '
    ' | contextFunctionInterfaces | indirection1(attrs)\nindirection2(attrs)\ntest() | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:15:76:15:83 | '
    ' | contextSurroundingFunctionParameters | (attrs) | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:15:76:15:83 | '
    ' | enclosingFunctionBody | tainted document location search $
    tainted
    $
    tainted
    $
    concat tainted concat
    $
    tainted
    join $
    $
    $
    join indirection1 attrs
    content
    indirection2 attrs
    concat content concat
    $ indirection1 document location search attrs $ indirection2 document location search attrs | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:15:76:15:83 | '
    ' | enclosingFunctionName | test | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:15:76:15:83 | '
    ' | fileImports | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:15:76:15:83 | '
    ' | receiverName | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:15:76:15:83 | '
    ' | stringConcatenatedWith | '
    ' + content -endpoint- | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:18:10:18:23 | '
    tainted
    $
    tainted
    $
    concat tainted concat
    $
    tainted
    join $
    $
    $
    join indirection1 attrs
    content
    indirection2 attrs
    concat content concat
    $ indirection1 document location search attrs $ indirection2 document location search attrs | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:18:10:18:23 | '
    ' + content + '
    ' | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:18:32:18:58 | attrs.d ... 'left' | CalleeFlexibleAccessPath | ?.concat | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:18:32:18:58 | attrs.d ... 'left' | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:18:32:18:58 | attrs.d ... 'left' | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:18:32:18:58 | attrs.d ... 'left' | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:18:32:18:58 | attrs.d ... 'left' | calleeImports | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:18:32:18:58 | attrs.d ... 'left' | contextFunctionInterfaces | indirection1(attrs)\nindirection2(attrs)\ntest() | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:18:32:18:58 | attrs.d ... 'left' | contextSurroundingFunctionParameters | (attrs) | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:18:32:18:58 | attrs.d ... 'left' | enclosingFunctionBody | tainted document location search $
    tainted
    $
    tainted
    $
    concat tainted concat
    $
    tainted
    join $
    $
    $
    join indirection1 attrs
    content
    indirection2 attrs
    concat content concat
    $ indirection1 document location search attrs $ indirection2 document location search attrs | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:18:32:18:58 | attrs.d ... 'left' | enclosingFunctionName | test | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:18:32:18:58 | attrs.d ... 'left' | fileImports | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:18:32:18:58 | attrs.d ... 'left' | receiverName | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:18:32:18:58 | attrs.d ... 'left' | stringConcatenatedWith | '
    ' + content + '
    ' | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:18:68:18:71 | '">' | CalleeFlexibleAccessPath | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:18:68:18:71 | '">' | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:18:68:18:71 | '">' | InputArgumentIndex | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:18:68:18:71 | '">' | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:18:68:18:71 | '">' | calleeImports | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:18:68:18:71 | '">' | contextFunctionInterfaces | indirection1(attrs)\nindirection2(attrs)\ntest() | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:18:68:18:71 | '">' | contextSurroundingFunctionParameters | (attrs) | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:18:68:18:71 | '">' | enclosingFunctionBody | tainted document location search $
    tainted
    $
    tainted
    $
    concat tainted concat
    $
    tainted
    join $
    $
    $
    join indirection1 attrs
    content
    indirection2 attrs
    concat content concat
    $ indirection1 document location search attrs $ indirection2 document location search attrs | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:18:68:18:71 | '">' | enclosingFunctionName | test | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:18:68:18:71 | '">' | fileImports | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:18:68:18:71 | '">' | receiverName | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:18:68:18:71 | '">' | stringConcatenatedWith | '
    $
    $
    join indirection1 attrs
    content
    indirection2 attrs
    concat content concat
    $ indirection1 document location search attrs $ indirection2 document location search attrs | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:18:80:18:86 | content | enclosingFunctionName | test | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:18:80:18:86 | content | fileImports | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:18:80:18:86 | content | receiverName | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:18:80:18:86 | content | stringConcatenatedWith | '
    ' -endpoint- '
    ' | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:20:4:20:47 | indirec ... .attrs) | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:20:4:20:47 | indirec ... .attrs) | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:20:4:20:47 | indirec ... .attrs) | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:20:4:20:47 | indirec ... .attrs) | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:20:4:20:47 | indirec ... .attrs) | calleeImports | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:20:4:20:47 | indirec ... .attrs) | contextFunctionInterfaces | indirection1(attrs)\nindirection2(attrs)\ntest() | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:20:4:20:47 | indirec ... .attrs) | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:20:4:20:47 | indirec ... .attrs) | enclosingFunctionBody | tainted document location search $
    tainted
    $
    tainted
    $
    concat tainted concat
    $
    tainted
    join $
    $
    $
    join indirection1 attrs
    content
    indirection2 attrs
    concat content concat
    $ indirection1 document location search attrs $ indirection2 document location search attrs | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:20:4:20:47 | indirec ... .attrs) | enclosingFunctionName | test | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:20:4:20:47 | indirec ... .attrs) | fileImports | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:20:4:20:47 | indirec ... .attrs) | receiverName | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:20:4:20:47 | indirec ... .attrs) | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:21:4:21:47 | indirec ... .attrs) | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:21:4:21:47 | indirec ... .attrs) | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:21:4:21:47 | indirec ... .attrs) | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:21:4:21:47 | indirec ... .attrs) | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:21:4:21:47 | indirec ... .attrs) | calleeImports | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:21:4:21:47 | indirec ... .attrs) | contextFunctionInterfaces | indirection1(attrs)\nindirection2(attrs)\ntest() | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:21:4:21:47 | indirec ... .attrs) | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:21:4:21:47 | indirec ... .attrs) | enclosingFunctionBody | tainted document location search $
    tainted
    $
    tainted
    $
    concat tainted concat
    $
    tainted
    join $
    $
    $
    join indirection1 attrs
    content
    indirection2 attrs
    concat content concat
    $ indirection1 document location search attrs $ indirection2 document location search attrs | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:21:4:21:47 | indirec ... .attrs) | enclosingFunctionName | test | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:21:4:21:47 | indirec ... .attrs) | fileImports | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:21:4:21:47 | indirec ... .attrs) | receiverName | | -| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:21:4:21:47 | indirec ... .attrs) | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/winjs.js:2:52:2:52 | 1 | CalleeFlexibleAccessPath | document.location.search.substring | -| autogenerated/Xss/DomBasedXss/winjs.js:2:52:2:52 | 1 | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/winjs.js:2:52:2:52 | 1 | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/winjs.js:2:52:2:52 | 1 | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/winjs.js:2:52:2:52 | 1 | calleeImports | | -| autogenerated/Xss/DomBasedXss/winjs.js:2:52:2:52 | 1 | contextFunctionInterfaces | test(elt) | -| autogenerated/Xss/DomBasedXss/winjs.js:2:52:2:52 | 1 | contextSurroundingFunctionParameters | (elt) | -| autogenerated/Xss/DomBasedXss/winjs.js:2:52:2:52 | 1 | enclosingFunctionBody | elt tainted document location search substring 1 WinJS Utilities setInnerHTMLUnsafe elt tainted WinJS Utilities setOuterHTMLUnsafe elt tainted | -| autogenerated/Xss/DomBasedXss/winjs.js:2:52:2:52 | 1 | enclosingFunctionName | test | -| autogenerated/Xss/DomBasedXss/winjs.js:2:52:2:52 | 1 | fileImports | | -| autogenerated/Xss/DomBasedXss/winjs.js:2:52:2:52 | 1 | receiverName | | -| autogenerated/Xss/DomBasedXss/winjs.js:2:52:2:52 | 1 | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/winjs.js:3:43:3:49 | tainted | CalleeFlexibleAccessPath | WinJS.Utilities.setInnerHTMLUnsafe | -| autogenerated/Xss/DomBasedXss/winjs.js:3:43:3:49 | tainted | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/winjs.js:3:43:3:49 | tainted | InputArgumentIndex | 1 | -| autogenerated/Xss/DomBasedXss/winjs.js:3:43:3:49 | tainted | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/winjs.js:3:43:3:49 | tainted | calleeImports | | -| autogenerated/Xss/DomBasedXss/winjs.js:3:43:3:49 | tainted | contextFunctionInterfaces | test(elt) | -| autogenerated/Xss/DomBasedXss/winjs.js:3:43:3:49 | tainted | contextSurroundingFunctionParameters | (elt) | -| autogenerated/Xss/DomBasedXss/winjs.js:3:43:3:49 | tainted | enclosingFunctionBody | elt tainted document location search substring 1 WinJS Utilities setInnerHTMLUnsafe elt tainted WinJS Utilities setOuterHTMLUnsafe elt tainted | -| autogenerated/Xss/DomBasedXss/winjs.js:3:43:3:49 | tainted | enclosingFunctionName | test | -| autogenerated/Xss/DomBasedXss/winjs.js:3:43:3:49 | tainted | fileImports | | -| autogenerated/Xss/DomBasedXss/winjs.js:3:43:3:49 | tainted | receiverName | | -| autogenerated/Xss/DomBasedXss/winjs.js:3:43:3:49 | tainted | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/winjs.js:4:43:4:49 | tainted | CalleeFlexibleAccessPath | WinJS.Utilities.setOuterHTMLUnsafe | -| autogenerated/Xss/DomBasedXss/winjs.js:4:43:4:49 | tainted | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/winjs.js:4:43:4:49 | tainted | InputArgumentIndex | 1 | -| autogenerated/Xss/DomBasedXss/winjs.js:4:43:4:49 | tainted | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/winjs.js:4:43:4:49 | tainted | calleeImports | | -| autogenerated/Xss/DomBasedXss/winjs.js:4:43:4:49 | tainted | contextFunctionInterfaces | test(elt) | -| autogenerated/Xss/DomBasedXss/winjs.js:4:43:4:49 | tainted | contextSurroundingFunctionParameters | (elt) | -| autogenerated/Xss/DomBasedXss/winjs.js:4:43:4:49 | tainted | enclosingFunctionBody | elt tainted document location search substring 1 WinJS Utilities setInnerHTMLUnsafe elt tainted WinJS Utilities setOuterHTMLUnsafe elt tainted | -| autogenerated/Xss/DomBasedXss/winjs.js:4:43:4:49 | tainted | enclosingFunctionName | test | -| autogenerated/Xss/DomBasedXss/winjs.js:4:43:4:49 | tainted | fileImports | | -| autogenerated/Xss/DomBasedXss/winjs.js:4:43:4:49 | tainted | receiverName | | -| autogenerated/Xss/DomBasedXss/winjs.js:4:43:4:49 | tainted | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:1:3:1:10 | document | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:1:3:1:10 | document | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:1:3:1:10 | document | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:1:3:1:10 | document | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:1:3:1:10 | document | calleeImports | | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:1:3:1:10 | document | contextFunctionInterfaces | onreadystatechange() | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:1:3:1:10 | document | contextSurroundingFunctionParameters | | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:1:3:1:10 | document | enclosingFunctionBody | | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:1:3:1:10 | document | enclosingFunctionName | | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:1:3:1:10 | document | fileImports | | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:1:3:1:10 | document | receiverName | | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:1:3:1:10 | document | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:1:19:16:1 | functio ... }\\n} | CalleeFlexibleAccessPath | $().ready | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:1:19:16:1 | functio ... }\\n} | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:1:19:16:1 | functio ... }\\n} | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:1:19:16:1 | functio ... }\\n} | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:1:19:16:1 | functio ... }\\n} | calleeImports | | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:1:19:16:1 | functio ... }\\n} | contextFunctionInterfaces | onreadystatechange() | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:1:19:16:1 | functio ... }\\n} | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:1:19:16:1 | functio ... }\\n} | enclosingFunctionBody | | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:1:19:16:1 | functio ... }\\n} | enclosingFunctionName | | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:1:19:16:1 | functio ... }\\n} | fileImports | | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:1:19:16:1 | functio ... }\\n} | receiverName | | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:1:19:16:1 | functio ... }\\n} | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:4:21:4:23 | url | CalleeFlexibleAccessPath | xhr.open | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:4:21:4:23 | url | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:4:21:4:23 | url | InputArgumentIndex | 1 | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:4:21:4:23 | url | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:4:21:4:23 | url | calleeImports | | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:4:21:4:23 | url | contextFunctionInterfaces | onreadystatechange() | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:4:21:4:23 | url | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:4:21:4:23 | url | enclosingFunctionBody | xhr XMLHttpRequest url {{ some_url }} xhr open GET url true xhr setRequestHeader Content-Type application/json xhr onreadystatechange xhr readyState 4 json JSON parse xhr responseText $ #myThing html json message xhr send error console log error | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:4:21:4:23 | url | enclosingFunctionName | ready#functionalargument | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:4:21:4:23 | url | fileImports | | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:4:21:4:23 | url | receiverName | xhr | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:4:21:4:23 | url | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:5:26:5:39 | "Content-Type" | CalleeFlexibleAccessPath | xhr.setRequestHeader | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:5:26:5:39 | "Content-Type" | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:5:26:5:39 | "Content-Type" | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:5:26:5:39 | "Content-Type" | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:5:26:5:39 | "Content-Type" | calleeImports | | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:5:26:5:39 | "Content-Type" | contextFunctionInterfaces | onreadystatechange() | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:5:26:5:39 | "Content-Type" | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:5:26:5:39 | "Content-Type" | enclosingFunctionBody | xhr XMLHttpRequest url {{ some_url }} xhr open GET url true xhr setRequestHeader Content-Type application/json xhr onreadystatechange xhr readyState 4 json JSON parse xhr responseText $ #myThing html json message xhr send error console log error | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:5:26:5:39 | "Content-Type" | enclosingFunctionName | ready#functionalargument | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:5:26:5:39 | "Content-Type" | fileImports | | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:5:26:5:39 | "Content-Type" | receiverName | xhr | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:5:26:5:39 | "Content-Type" | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:5:42:5:59 | "application/json" | CalleeFlexibleAccessPath | xhr.setRequestHeader | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:5:42:5:59 | "application/json" | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:5:42:5:59 | "application/json" | InputArgumentIndex | 1 | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:5:42:5:59 | "application/json" | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:5:42:5:59 | "application/json" | calleeImports | | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:5:42:5:59 | "application/json" | contextFunctionInterfaces | onreadystatechange() | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:5:42:5:59 | "application/json" | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:5:42:5:59 | "application/json" | enclosingFunctionBody | xhr XMLHttpRequest url {{ some_url }} xhr open GET url true xhr setRequestHeader Content-Type application/json xhr onreadystatechange xhr readyState 4 json JSON parse xhr responseText $ #myThing html json message xhr send error console log error | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:5:42:5:59 | "application/json" | enclosingFunctionName | ready#functionalargument | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:5:42:5:59 | "application/json" | fileImports | | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:5:42:5:59 | "application/json" | receiverName | xhr | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:5:42:5:59 | "application/json" | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:9:11:9:20 | "#myThing" | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:9:11:9:20 | "#myThing" | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:9:11:9:20 | "#myThing" | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:9:11:9:20 | "#myThing" | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:9:11:9:20 | "#myThing" | calleeImports | | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:9:11:9:20 | "#myThing" | contextFunctionInterfaces | onreadystatechange() | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:9:11:9:20 | "#myThing" | contextSurroundingFunctionParameters | ()\n() | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:9:11:9:20 | "#myThing" | enclosingFunctionBody | xhr XMLHttpRequest url {{ some_url }} xhr open GET url true xhr setRequestHeader Content-Type application/json xhr onreadystatechange xhr readyState 4 json JSON parse xhr responseText $ #myThing html json message xhr send error console log error | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:9:11:9:20 | "#myThing" | enclosingFunctionName | ready#functionalargument | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:9:11:9:20 | "#myThing" | fileImports | | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:9:11:9:20 | "#myThing" | receiverName | | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:9:11:9:20 | "#myThing" | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:9:28:9:39 | json.message | CalleeFlexibleAccessPath | $().html | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:9:28:9:39 | json.message | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:9:28:9:39 | json.message | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:9:28:9:39 | json.message | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:9:28:9:39 | json.message | calleeImports | | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:9:28:9:39 | json.message | contextFunctionInterfaces | onreadystatechange() | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:9:28:9:39 | json.message | contextSurroundingFunctionParameters | ()\n() | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:9:28:9:39 | json.message | enclosingFunctionBody | xhr XMLHttpRequest url {{ some_url }} xhr open GET url true xhr setRequestHeader Content-Type application/json xhr onreadystatechange xhr readyState 4 json JSON parse xhr responseText $ #myThing html json message xhr send error console log error | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:9:28:9:39 | json.message | enclosingFunctionName | ready#functionalargument | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:9:28:9:39 | json.message | fileImports | | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:9:28:9:39 | json.message | receiverName | | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:9:28:9:39 | json.message | stringConcatenatedWith | | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:14:21:14:25 | error | CalleeFlexibleAccessPath | console.log | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:14:21:14:25 | error | InputAccessPathFromCallee | | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:14:21:14:25 | error | InputArgumentIndex | 0 | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:14:21:14:25 | error | assignedToPropName | | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:14:21:14:25 | error | calleeImports | | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:14:21:14:25 | error | contextFunctionInterfaces | onreadystatechange() | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:14:21:14:25 | error | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:14:21:14:25 | error | enclosingFunctionBody | xhr XMLHttpRequest url {{ some_url }} xhr open GET url true xhr setRequestHeader Content-Type application/json xhr onreadystatechange xhr readyState 4 json JSON parse xhr responseText $ #myThing html json message xhr send error console log error | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:14:21:14:25 | error | enclosingFunctionName | ready#functionalargument | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:14:21:14:25 | error | fileImports | | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:14:21:14:25 | error | receiverName | console | -| autogenerated/Xss/DomBasedXss/xmlRequest.js:14:21:14:25 | error | stringConcatenatedWith | | -| autogenerated/Xss/ExceptionXss/ajv.js:7:15:7:70 | {type: ... mber'}} | CalleeFlexibleAccessPath | ajv.addSchema | -| autogenerated/Xss/ExceptionXss/ajv.js:7:15:7:70 | {type: ... mber'}} | InputAccessPathFromCallee | | -| autogenerated/Xss/ExceptionXss/ajv.js:7:15:7:70 | {type: ... mber'}} | InputArgumentIndex | 0 | -| autogenerated/Xss/ExceptionXss/ajv.js:7:15:7:70 | {type: ... mber'}} | assignedToPropName | | -| autogenerated/Xss/ExceptionXss/ajv.js:7:15:7:70 | {type: ... mber'}} | calleeImports | ajv | -| autogenerated/Xss/ExceptionXss/ajv.js:7:15:7:70 | {type: ... mber'}} | contextFunctionInterfaces | | -| autogenerated/Xss/ExceptionXss/ajv.js:7:15:7:70 | {type: ... mber'}} | contextSurroundingFunctionParameters | | -| autogenerated/Xss/ExceptionXss/ajv.js:7:15:7:70 | {type: ... mber'}} | enclosingFunctionBody | | -| autogenerated/Xss/ExceptionXss/ajv.js:7:15:7:70 | {type: ... mber'}} | enclosingFunctionName | | -| autogenerated/Xss/ExceptionXss/ajv.js:7:15:7:70 | {type: ... mber'}} | fileImports | ajv express | -| autogenerated/Xss/ExceptionXss/ajv.js:7:15:7:70 | {type: ... mber'}} | receiverName | ajv | -| autogenerated/Xss/ExceptionXss/ajv.js:7:15:7:70 | {type: ... mber'}} | stringConcatenatedWith | | -| autogenerated/Xss/ExceptionXss/ajv.js:7:22:7:29 | 'object' | CalleeFlexibleAccessPath | ajv.addSchema | -| autogenerated/Xss/ExceptionXss/ajv.js:7:22:7:29 | 'object' | InputAccessPathFromCallee | 0.type | -| autogenerated/Xss/ExceptionXss/ajv.js:7:22:7:29 | 'object' | InputArgumentIndex | 0 | -| autogenerated/Xss/ExceptionXss/ajv.js:7:22:7:29 | 'object' | assignedToPropName | type | -| autogenerated/Xss/ExceptionXss/ajv.js:7:22:7:29 | 'object' | calleeImports | ajv | -| autogenerated/Xss/ExceptionXss/ajv.js:7:22:7:29 | 'object' | contextFunctionInterfaces | | -| autogenerated/Xss/ExceptionXss/ajv.js:7:22:7:29 | 'object' | contextSurroundingFunctionParameters | | -| autogenerated/Xss/ExceptionXss/ajv.js:7:22:7:29 | 'object' | enclosingFunctionBody | | -| autogenerated/Xss/ExceptionXss/ajv.js:7:22:7:29 | 'object' | enclosingFunctionName | | -| autogenerated/Xss/ExceptionXss/ajv.js:7:22:7:29 | 'object' | fileImports | ajv express | -| autogenerated/Xss/ExceptionXss/ajv.js:7:22:7:29 | 'object' | receiverName | | -| autogenerated/Xss/ExceptionXss/ajv.js:7:22:7:29 | 'object' | stringConcatenatedWith | | -| autogenerated/Xss/ExceptionXss/ajv.js:7:54:7:69 | {type: 'number'} | CalleeFlexibleAccessPath | ajv.addSchema | -| autogenerated/Xss/ExceptionXss/ajv.js:7:54:7:69 | {type: 'number'} | InputAccessPathFromCallee | 0.additionalProperties | -| autogenerated/Xss/ExceptionXss/ajv.js:7:54:7:69 | {type: 'number'} | InputArgumentIndex | 0 | -| autogenerated/Xss/ExceptionXss/ajv.js:7:54:7:69 | {type: 'number'} | assignedToPropName | additionalProperties | -| autogenerated/Xss/ExceptionXss/ajv.js:7:54:7:69 | {type: 'number'} | calleeImports | ajv | -| autogenerated/Xss/ExceptionXss/ajv.js:7:54:7:69 | {type: 'number'} | contextFunctionInterfaces | | -| autogenerated/Xss/ExceptionXss/ajv.js:7:54:7:69 | {type: 'number'} | contextSurroundingFunctionParameters | | -| autogenerated/Xss/ExceptionXss/ajv.js:7:54:7:69 | {type: 'number'} | enclosingFunctionBody | | -| autogenerated/Xss/ExceptionXss/ajv.js:7:54:7:69 | {type: 'number'} | enclosingFunctionName | | -| autogenerated/Xss/ExceptionXss/ajv.js:7:54:7:69 | {type: 'number'} | fileImports | ajv express | -| autogenerated/Xss/ExceptionXss/ajv.js:7:54:7:69 | {type: 'number'} | receiverName | | -| autogenerated/Xss/ExceptionXss/ajv.js:7:54:7:69 | {type: 'number'} | stringConcatenatedWith | | -| autogenerated/Xss/ExceptionXss/ajv.js:7:61:7:68 | 'number' | CalleeFlexibleAccessPath | ajv.addSchema | -| autogenerated/Xss/ExceptionXss/ajv.js:7:61:7:68 | 'number' | InputAccessPathFromCallee | 0.additionalProperties.type | -| autogenerated/Xss/ExceptionXss/ajv.js:7:61:7:68 | 'number' | InputArgumentIndex | 0 | -| autogenerated/Xss/ExceptionXss/ajv.js:7:61:7:68 | 'number' | assignedToPropName | type | -| autogenerated/Xss/ExceptionXss/ajv.js:7:61:7:68 | 'number' | calleeImports | ajv | -| autogenerated/Xss/ExceptionXss/ajv.js:7:61:7:68 | 'number' | contextFunctionInterfaces | | -| autogenerated/Xss/ExceptionXss/ajv.js:7:61:7:68 | 'number' | contextSurroundingFunctionParameters | | -| autogenerated/Xss/ExceptionXss/ajv.js:7:61:7:68 | 'number' | enclosingFunctionBody | | -| autogenerated/Xss/ExceptionXss/ajv.js:7:61:7:68 | 'number' | enclosingFunctionName | | -| autogenerated/Xss/ExceptionXss/ajv.js:7:61:7:68 | 'number' | fileImports | ajv express | -| autogenerated/Xss/ExceptionXss/ajv.js:7:61:7:68 | 'number' | receiverName | | -| autogenerated/Xss/ExceptionXss/ajv.js:7:61:7:68 | 'number' | stringConcatenatedWith | | -| autogenerated/Xss/ExceptionXss/ajv.js:7:73:7:82 | 'pollData' | CalleeFlexibleAccessPath | ajv.addSchema | -| autogenerated/Xss/ExceptionXss/ajv.js:7:73:7:82 | 'pollData' | InputAccessPathFromCallee | | -| autogenerated/Xss/ExceptionXss/ajv.js:7:73:7:82 | 'pollData' | InputArgumentIndex | 1 | -| autogenerated/Xss/ExceptionXss/ajv.js:7:73:7:82 | 'pollData' | assignedToPropName | | -| autogenerated/Xss/ExceptionXss/ajv.js:7:73:7:82 | 'pollData' | calleeImports | ajv | -| autogenerated/Xss/ExceptionXss/ajv.js:7:73:7:82 | 'pollData' | contextFunctionInterfaces | | -| autogenerated/Xss/ExceptionXss/ajv.js:7:73:7:82 | 'pollData' | contextSurroundingFunctionParameters | | -| autogenerated/Xss/ExceptionXss/ajv.js:7:73:7:82 | 'pollData' | enclosingFunctionBody | | -| autogenerated/Xss/ExceptionXss/ajv.js:7:73:7:82 | 'pollData' | enclosingFunctionName | | -| autogenerated/Xss/ExceptionXss/ajv.js:7:73:7:82 | 'pollData' | fileImports | ajv express | -| autogenerated/Xss/ExceptionXss/ajv.js:7:73:7:82 | 'pollData' | receiverName | ajv | -| autogenerated/Xss/ExceptionXss/ajv.js:7:73:7:82 | 'pollData' | stringConcatenatedWith | | -| autogenerated/Xss/ExceptionXss/ajv.js:9:10:9:20 | '/polldata' | CalleeFlexibleAccessPath | app.post | -| autogenerated/Xss/ExceptionXss/ajv.js:9:10:9:20 | '/polldata' | InputAccessPathFromCallee | | -| autogenerated/Xss/ExceptionXss/ajv.js:9:10:9:20 | '/polldata' | InputArgumentIndex | 0 | -| autogenerated/Xss/ExceptionXss/ajv.js:9:10:9:20 | '/polldata' | assignedToPropName | | -| autogenerated/Xss/ExceptionXss/ajv.js:9:10:9:20 | '/polldata' | calleeImports | express | -| autogenerated/Xss/ExceptionXss/ajv.js:9:10:9:20 | '/polldata' | contextFunctionInterfaces | | -| autogenerated/Xss/ExceptionXss/ajv.js:9:10:9:20 | '/polldata' | contextSurroundingFunctionParameters | | -| autogenerated/Xss/ExceptionXss/ajv.js:9:10:9:20 | '/polldata' | enclosingFunctionBody | | -| autogenerated/Xss/ExceptionXss/ajv.js:9:10:9:20 | '/polldata' | enclosingFunctionName | | -| autogenerated/Xss/ExceptionXss/ajv.js:9:10:9:20 | '/polldata' | fileImports | ajv express | -| autogenerated/Xss/ExceptionXss/ajv.js:9:10:9:20 | '/polldata' | receiverName | app | -| autogenerated/Xss/ExceptionXss/ajv.js:9:10:9:20 | '/polldata' | stringConcatenatedWith | | -| autogenerated/Xss/ExceptionXss/ajv.js:9:23:13:1 | (req, r ... }\\n} | CalleeFlexibleAccessPath | app.post | -| autogenerated/Xss/ExceptionXss/ajv.js:9:23:13:1 | (req, r ... }\\n} | InputAccessPathFromCallee | | -| autogenerated/Xss/ExceptionXss/ajv.js:9:23:13:1 | (req, r ... }\\n} | InputArgumentIndex | 1 | -| autogenerated/Xss/ExceptionXss/ajv.js:9:23:13:1 | (req, r ... }\\n} | assignedToPropName | | -| autogenerated/Xss/ExceptionXss/ajv.js:9:23:13:1 | (req, r ... }\\n} | calleeImports | express | -| autogenerated/Xss/ExceptionXss/ajv.js:9:23:13:1 | (req, r ... }\\n} | contextFunctionInterfaces | | -| autogenerated/Xss/ExceptionXss/ajv.js:9:23:13:1 | (req, r ... }\\n} | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/Xss/ExceptionXss/ajv.js:9:23:13:1 | (req, r ... }\\n} | enclosingFunctionBody | | -| autogenerated/Xss/ExceptionXss/ajv.js:9:23:13:1 | (req, r ... }\\n} | enclosingFunctionName | | -| autogenerated/Xss/ExceptionXss/ajv.js:9:23:13:1 | (req, r ... }\\n} | fileImports | ajv express | -| autogenerated/Xss/ExceptionXss/ajv.js:9:23:13:1 | (req, r ... }\\n} | receiverName | app | -| autogenerated/Xss/ExceptionXss/ajv.js:9:23:13:1 | (req, r ... }\\n} | stringConcatenatedWith | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:5:11:5:11 | x | CalleeFlexibleAccessPath | unknown | -| autogenerated/Xss/ExceptionXss/exception-xss.js:5:11:5:11 | x | InputAccessPathFromCallee | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:5:11:5:11 | x | InputArgumentIndex | 0 | -| autogenerated/Xss/ExceptionXss/exception-xss.js:5:11:5:11 | x | assignedToPropName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:5:11:5:11 | x | calleeImports | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:5:11:5:11 | x | contextFunctionInterfaces | deep(x)\ndeep2(x)\ninner(tainted, resolve)\ninner(x)\nmyWeirdInner(x)\nsafe(x) | -| autogenerated/Xss/ExceptionXss/exception-xss.js:5:11:5:11 | x | contextSurroundingFunctionParameters | (x) | -| autogenerated/Xss/ExceptionXss/exception-xss.js:5:11:5:11 | x | enclosingFunctionBody | foo document location inner x unknown x unknown foo e $ myId html e inner foo e $ myId html e unknown foo bar e $ myId html e unknown prop foo e $ myId html e unknown bar foo e $ myId html e deep x deep2 x deep2 x inner x deep bar foo e $ myId html e tmp bar foo e $ myId html e safe x foo x bar safe foo e $ myId html e safe call null foo e $ myId html e myWeirdInner myWeirdInner x inner x e $ myId html e myWeirdInner foo e $ myId html e $ myId html foo unknown foo match /foo/ e $ myId html e unknown foo bar e $ myId html e unknown foo e $ myId html e | -| autogenerated/Xss/ExceptionXss/exception-xss.js:5:11:5:11 | x | enclosingFunctionName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:5:11:5:11 | x | fileImports | express fs | -| autogenerated/Xss/ExceptionXss/exception-xss.js:5:11:5:11 | x | receiverName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:5:11:5:11 | x | stringConcatenatedWith | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:9:11:9:13 | foo | CalleeFlexibleAccessPath | unknown | -| autogenerated/Xss/ExceptionXss/exception-xss.js:9:11:9:13 | foo | InputAccessPathFromCallee | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:9:11:9:13 | foo | InputArgumentIndex | 0 | -| autogenerated/Xss/ExceptionXss/exception-xss.js:9:11:9:13 | foo | assignedToPropName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:9:11:9:13 | foo | calleeImports | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:9:11:9:13 | foo | contextFunctionInterfaces | deep(x)\ndeep2(x)\ninner(tainted, resolve)\ninner(x)\nmyWeirdInner(x)\nsafe(x) | -| autogenerated/Xss/ExceptionXss/exception-xss.js:9:11:9:13 | foo | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/ExceptionXss/exception-xss.js:9:11:9:13 | foo | enclosingFunctionBody | foo document location inner x unknown x unknown foo e $ myId html e inner foo e $ myId html e unknown foo bar e $ myId html e unknown prop foo e $ myId html e unknown bar foo e $ myId html e deep x deep2 x deep2 x inner x deep bar foo e $ myId html e tmp bar foo e $ myId html e safe x foo x bar safe foo e $ myId html e safe call null foo e $ myId html e myWeirdInner myWeirdInner x inner x e $ myId html e myWeirdInner foo e $ myId html e $ myId html foo unknown foo match /foo/ e $ myId html e unknown foo bar e $ myId html e unknown foo e $ myId html e | -| autogenerated/Xss/ExceptionXss/exception-xss.js:9:11:9:13 | foo | enclosingFunctionName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:9:11:9:13 | foo | fileImports | express fs | -| autogenerated/Xss/ExceptionXss/exception-xss.js:9:11:9:13 | foo | receiverName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:9:11:9:13 | foo | stringConcatenatedWith | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:11:5:11:10 | 'myId' | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/ExceptionXss/exception-xss.js:11:5:11:10 | 'myId' | InputAccessPathFromCallee | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:11:5:11:10 | 'myId' | InputArgumentIndex | 0 | -| autogenerated/Xss/ExceptionXss/exception-xss.js:11:5:11:10 | 'myId' | assignedToPropName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:11:5:11:10 | 'myId' | calleeImports | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:11:5:11:10 | 'myId' | contextFunctionInterfaces | deep(x)\ndeep2(x)\ninner(tainted, resolve)\ninner(x)\nmyWeirdInner(x)\nsafe(x) | -| autogenerated/Xss/ExceptionXss/exception-xss.js:11:5:11:10 | 'myId' | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/ExceptionXss/exception-xss.js:11:5:11:10 | 'myId' | enclosingFunctionBody | foo document location inner x unknown x unknown foo e $ myId html e inner foo e $ myId html e unknown foo bar e $ myId html e unknown prop foo e $ myId html e unknown bar foo e $ myId html e deep x deep2 x deep2 x inner x deep bar foo e $ myId html e tmp bar foo e $ myId html e safe x foo x bar safe foo e $ myId html e safe call null foo e $ myId html e myWeirdInner myWeirdInner x inner x e $ myId html e myWeirdInner foo e $ myId html e $ myId html foo unknown foo match /foo/ e $ myId html e unknown foo bar e $ myId html e unknown foo e $ myId html e | -| autogenerated/Xss/ExceptionXss/exception-xss.js:11:5:11:10 | 'myId' | enclosingFunctionName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:11:5:11:10 | 'myId' | fileImports | express fs | -| autogenerated/Xss/ExceptionXss/exception-xss.js:11:5:11:10 | 'myId' | receiverName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:11:5:11:10 | 'myId' | stringConcatenatedWith | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:11:18:11:18 | e | CalleeFlexibleAccessPath | $().html | -| autogenerated/Xss/ExceptionXss/exception-xss.js:11:18:11:18 | e | InputAccessPathFromCallee | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:11:18:11:18 | e | InputArgumentIndex | 0 | -| autogenerated/Xss/ExceptionXss/exception-xss.js:11:18:11:18 | e | assignedToPropName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:11:18:11:18 | e | calleeImports | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:11:18:11:18 | e | contextFunctionInterfaces | deep(x)\ndeep2(x)\ninner(tainted, resolve)\ninner(x)\nmyWeirdInner(x)\nsafe(x) | -| autogenerated/Xss/ExceptionXss/exception-xss.js:11:18:11:18 | e | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/ExceptionXss/exception-xss.js:11:18:11:18 | e | enclosingFunctionBody | foo document location inner x unknown x unknown foo e $ myId html e inner foo e $ myId html e unknown foo bar e $ myId html e unknown prop foo e $ myId html e unknown bar foo e $ myId html e deep x deep2 x deep2 x inner x deep bar foo e $ myId html e tmp bar foo e $ myId html e safe x foo x bar safe foo e $ myId html e safe call null foo e $ myId html e myWeirdInner myWeirdInner x inner x e $ myId html e myWeirdInner foo e $ myId html e $ myId html foo unknown foo match /foo/ e $ myId html e unknown foo bar e $ myId html e unknown foo e $ myId html e | -| autogenerated/Xss/ExceptionXss/exception-xss.js:11:18:11:18 | e | enclosingFunctionName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:11:18:11:18 | e | fileImports | express fs | -| autogenerated/Xss/ExceptionXss/exception-xss.js:11:18:11:18 | e | receiverName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:11:18:11:18 | e | stringConcatenatedWith | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:17:5:17:10 | 'myId' | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/ExceptionXss/exception-xss.js:17:5:17:10 | 'myId' | InputAccessPathFromCallee | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:17:5:17:10 | 'myId' | InputArgumentIndex | 0 | -| autogenerated/Xss/ExceptionXss/exception-xss.js:17:5:17:10 | 'myId' | assignedToPropName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:17:5:17:10 | 'myId' | calleeImports | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:17:5:17:10 | 'myId' | contextFunctionInterfaces | deep(x)\ndeep2(x)\ninner(tainted, resolve)\ninner(x)\nmyWeirdInner(x)\nsafe(x) | -| autogenerated/Xss/ExceptionXss/exception-xss.js:17:5:17:10 | 'myId' | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/ExceptionXss/exception-xss.js:17:5:17:10 | 'myId' | enclosingFunctionBody | foo document location inner x unknown x unknown foo e $ myId html e inner foo e $ myId html e unknown foo bar e $ myId html e unknown prop foo e $ myId html e unknown bar foo e $ myId html e deep x deep2 x deep2 x inner x deep bar foo e $ myId html e tmp bar foo e $ myId html e safe x foo x bar safe foo e $ myId html e safe call null foo e $ myId html e myWeirdInner myWeirdInner x inner x e $ myId html e myWeirdInner foo e $ myId html e $ myId html foo unknown foo match /foo/ e $ myId html e unknown foo bar e $ myId html e unknown foo e $ myId html e | -| autogenerated/Xss/ExceptionXss/exception-xss.js:17:5:17:10 | 'myId' | enclosingFunctionName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:17:5:17:10 | 'myId' | fileImports | express fs | -| autogenerated/Xss/ExceptionXss/exception-xss.js:17:5:17:10 | 'myId' | receiverName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:17:5:17:10 | 'myId' | stringConcatenatedWith | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:17:18:17:18 | e | CalleeFlexibleAccessPath | $().html | -| autogenerated/Xss/ExceptionXss/exception-xss.js:17:18:17:18 | e | InputAccessPathFromCallee | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:17:18:17:18 | e | InputArgumentIndex | 0 | -| autogenerated/Xss/ExceptionXss/exception-xss.js:17:18:17:18 | e | assignedToPropName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:17:18:17:18 | e | calleeImports | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:17:18:17:18 | e | contextFunctionInterfaces | deep(x)\ndeep2(x)\ninner(tainted, resolve)\ninner(x)\nmyWeirdInner(x)\nsafe(x) | -| autogenerated/Xss/ExceptionXss/exception-xss.js:17:18:17:18 | e | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/ExceptionXss/exception-xss.js:17:18:17:18 | e | enclosingFunctionBody | foo document location inner x unknown x unknown foo e $ myId html e inner foo e $ myId html e unknown foo bar e $ myId html e unknown prop foo e $ myId html e unknown bar foo e $ myId html e deep x deep2 x deep2 x inner x deep bar foo e $ myId html e tmp bar foo e $ myId html e safe x foo x bar safe foo e $ myId html e safe call null foo e $ myId html e myWeirdInner myWeirdInner x inner x e $ myId html e myWeirdInner foo e $ myId html e $ myId html foo unknown foo match /foo/ e $ myId html e unknown foo bar e $ myId html e unknown foo e $ myId html e | -| autogenerated/Xss/ExceptionXss/exception-xss.js:17:18:17:18 | e | enclosingFunctionName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:17:18:17:18 | e | fileImports | express fs | -| autogenerated/Xss/ExceptionXss/exception-xss.js:17:18:17:18 | e | receiverName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:17:18:17:18 | e | stringConcatenatedWith | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:21:11:21:21 | foo + "bar" | CalleeFlexibleAccessPath | unknown | -| autogenerated/Xss/ExceptionXss/exception-xss.js:21:11:21:21 | foo + "bar" | InputAccessPathFromCallee | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:21:11:21:21 | foo + "bar" | InputArgumentIndex | 0 | -| autogenerated/Xss/ExceptionXss/exception-xss.js:21:11:21:21 | foo + "bar" | assignedToPropName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:21:11:21:21 | foo + "bar" | calleeImports | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:21:11:21:21 | foo + "bar" | contextFunctionInterfaces | deep(x)\ndeep2(x)\ninner(tainted, resolve)\ninner(x)\nmyWeirdInner(x)\nsafe(x) | -| autogenerated/Xss/ExceptionXss/exception-xss.js:21:11:21:21 | foo + "bar" | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/ExceptionXss/exception-xss.js:21:11:21:21 | foo + "bar" | enclosingFunctionBody | foo document location inner x unknown x unknown foo e $ myId html e inner foo e $ myId html e unknown foo bar e $ myId html e unknown prop foo e $ myId html e unknown bar foo e $ myId html e deep x deep2 x deep2 x inner x deep bar foo e $ myId html e tmp bar foo e $ myId html e safe x foo x bar safe foo e $ myId html e safe call null foo e $ myId html e myWeirdInner myWeirdInner x inner x e $ myId html e myWeirdInner foo e $ myId html e $ myId html foo unknown foo match /foo/ e $ myId html e unknown foo bar e $ myId html e unknown foo e $ myId html e | -| autogenerated/Xss/ExceptionXss/exception-xss.js:21:11:21:21 | foo + "bar" | enclosingFunctionName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:21:11:21:21 | foo + "bar" | fileImports | express fs | -| autogenerated/Xss/ExceptionXss/exception-xss.js:21:11:21:21 | foo + "bar" | receiverName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:21:11:21:21 | foo + "bar" | stringConcatenatedWith | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:23:5:23:10 | 'myId' | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/ExceptionXss/exception-xss.js:23:5:23:10 | 'myId' | InputAccessPathFromCallee | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:23:5:23:10 | 'myId' | InputArgumentIndex | 0 | -| autogenerated/Xss/ExceptionXss/exception-xss.js:23:5:23:10 | 'myId' | assignedToPropName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:23:5:23:10 | 'myId' | calleeImports | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:23:5:23:10 | 'myId' | contextFunctionInterfaces | deep(x)\ndeep2(x)\ninner(tainted, resolve)\ninner(x)\nmyWeirdInner(x)\nsafe(x) | -| autogenerated/Xss/ExceptionXss/exception-xss.js:23:5:23:10 | 'myId' | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/ExceptionXss/exception-xss.js:23:5:23:10 | 'myId' | enclosingFunctionBody | foo document location inner x unknown x unknown foo e $ myId html e inner foo e $ myId html e unknown foo bar e $ myId html e unknown prop foo e $ myId html e unknown bar foo e $ myId html e deep x deep2 x deep2 x inner x deep bar foo e $ myId html e tmp bar foo e $ myId html e safe x foo x bar safe foo e $ myId html e safe call null foo e $ myId html e myWeirdInner myWeirdInner x inner x e $ myId html e myWeirdInner foo e $ myId html e $ myId html foo unknown foo match /foo/ e $ myId html e unknown foo bar e $ myId html e unknown foo e $ myId html e | -| autogenerated/Xss/ExceptionXss/exception-xss.js:23:5:23:10 | 'myId' | enclosingFunctionName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:23:5:23:10 | 'myId' | fileImports | express fs | -| autogenerated/Xss/ExceptionXss/exception-xss.js:23:5:23:10 | 'myId' | receiverName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:23:5:23:10 | 'myId' | stringConcatenatedWith | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:23:18:23:18 | e | CalleeFlexibleAccessPath | $().html | -| autogenerated/Xss/ExceptionXss/exception-xss.js:23:18:23:18 | e | InputAccessPathFromCallee | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:23:18:23:18 | e | InputArgumentIndex | 0 | -| autogenerated/Xss/ExceptionXss/exception-xss.js:23:18:23:18 | e | assignedToPropName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:23:18:23:18 | e | calleeImports | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:23:18:23:18 | e | contextFunctionInterfaces | deep(x)\ndeep2(x)\ninner(tainted, resolve)\ninner(x)\nmyWeirdInner(x)\nsafe(x) | -| autogenerated/Xss/ExceptionXss/exception-xss.js:23:18:23:18 | e | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/ExceptionXss/exception-xss.js:23:18:23:18 | e | enclosingFunctionBody | foo document location inner x unknown x unknown foo e $ myId html e inner foo e $ myId html e unknown foo bar e $ myId html e unknown prop foo e $ myId html e unknown bar foo e $ myId html e deep x deep2 x deep2 x inner x deep bar foo e $ myId html e tmp bar foo e $ myId html e safe x foo x bar safe foo e $ myId html e safe call null foo e $ myId html e myWeirdInner myWeirdInner x inner x e $ myId html e myWeirdInner foo e $ myId html e $ myId html foo unknown foo match /foo/ e $ myId html e unknown foo bar e $ myId html e unknown foo e $ myId html e | -| autogenerated/Xss/ExceptionXss/exception-xss.js:23:18:23:18 | e | enclosingFunctionName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:23:18:23:18 | e | fileImports | express fs | -| autogenerated/Xss/ExceptionXss/exception-xss.js:23:18:23:18 | e | receiverName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:23:18:23:18 | e | stringConcatenatedWith | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:27:11:27:23 | { prop: foo } | CalleeFlexibleAccessPath | unknown | -| autogenerated/Xss/ExceptionXss/exception-xss.js:27:11:27:23 | { prop: foo } | InputAccessPathFromCallee | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:27:11:27:23 | { prop: foo } | InputArgumentIndex | 0 | -| autogenerated/Xss/ExceptionXss/exception-xss.js:27:11:27:23 | { prop: foo } | assignedToPropName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:27:11:27:23 | { prop: foo } | calleeImports | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:27:11:27:23 | { prop: foo } | contextFunctionInterfaces | deep(x)\ndeep2(x)\ninner(tainted, resolve)\ninner(x)\nmyWeirdInner(x)\nsafe(x) | -| autogenerated/Xss/ExceptionXss/exception-xss.js:27:11:27:23 | { prop: foo } | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/ExceptionXss/exception-xss.js:27:11:27:23 | { prop: foo } | enclosingFunctionBody | foo document location inner x unknown x unknown foo e $ myId html e inner foo e $ myId html e unknown foo bar e $ myId html e unknown prop foo e $ myId html e unknown bar foo e $ myId html e deep x deep2 x deep2 x inner x deep bar foo e $ myId html e tmp bar foo e $ myId html e safe x foo x bar safe foo e $ myId html e safe call null foo e $ myId html e myWeirdInner myWeirdInner x inner x e $ myId html e myWeirdInner foo e $ myId html e $ myId html foo unknown foo match /foo/ e $ myId html e unknown foo bar e $ myId html e unknown foo e $ myId html e | -| autogenerated/Xss/ExceptionXss/exception-xss.js:27:11:27:23 | { prop: foo } | enclosingFunctionName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:27:11:27:23 | { prop: foo } | fileImports | express fs | -| autogenerated/Xss/ExceptionXss/exception-xss.js:27:11:27:23 | { prop: foo } | receiverName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:27:11:27:23 | { prop: foo } | stringConcatenatedWith | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:27:19:27:21 | foo | CalleeFlexibleAccessPath | unknown | -| autogenerated/Xss/ExceptionXss/exception-xss.js:27:19:27:21 | foo | InputAccessPathFromCallee | 0.prop | -| autogenerated/Xss/ExceptionXss/exception-xss.js:27:19:27:21 | foo | InputArgumentIndex | 0 | -| autogenerated/Xss/ExceptionXss/exception-xss.js:27:19:27:21 | foo | assignedToPropName | prop | -| autogenerated/Xss/ExceptionXss/exception-xss.js:27:19:27:21 | foo | calleeImports | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:27:19:27:21 | foo | contextFunctionInterfaces | deep(x)\ndeep2(x)\ninner(tainted, resolve)\ninner(x)\nmyWeirdInner(x)\nsafe(x) | -| autogenerated/Xss/ExceptionXss/exception-xss.js:27:19:27:21 | foo | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/ExceptionXss/exception-xss.js:27:19:27:21 | foo | enclosingFunctionBody | foo document location inner x unknown x unknown foo e $ myId html e inner foo e $ myId html e unknown foo bar e $ myId html e unknown prop foo e $ myId html e unknown bar foo e $ myId html e deep x deep2 x deep2 x inner x deep bar foo e $ myId html e tmp bar foo e $ myId html e safe x foo x bar safe foo e $ myId html e safe call null foo e $ myId html e myWeirdInner myWeirdInner x inner x e $ myId html e myWeirdInner foo e $ myId html e $ myId html foo unknown foo match /foo/ e $ myId html e unknown foo bar e $ myId html e unknown foo e $ myId html e | -| autogenerated/Xss/ExceptionXss/exception-xss.js:27:19:27:21 | foo | enclosingFunctionName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:27:19:27:21 | foo | fileImports | express fs | -| autogenerated/Xss/ExceptionXss/exception-xss.js:27:19:27:21 | foo | receiverName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:27:19:27:21 | foo | stringConcatenatedWith | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:29:5:29:10 | 'myId' | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/ExceptionXss/exception-xss.js:29:5:29:10 | 'myId' | InputAccessPathFromCallee | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:29:5:29:10 | 'myId' | InputArgumentIndex | 0 | -| autogenerated/Xss/ExceptionXss/exception-xss.js:29:5:29:10 | 'myId' | assignedToPropName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:29:5:29:10 | 'myId' | calleeImports | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:29:5:29:10 | 'myId' | contextFunctionInterfaces | deep(x)\ndeep2(x)\ninner(tainted, resolve)\ninner(x)\nmyWeirdInner(x)\nsafe(x) | -| autogenerated/Xss/ExceptionXss/exception-xss.js:29:5:29:10 | 'myId' | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/ExceptionXss/exception-xss.js:29:5:29:10 | 'myId' | enclosingFunctionBody | foo document location inner x unknown x unknown foo e $ myId html e inner foo e $ myId html e unknown foo bar e $ myId html e unknown prop foo e $ myId html e unknown bar foo e $ myId html e deep x deep2 x deep2 x inner x deep bar foo e $ myId html e tmp bar foo e $ myId html e safe x foo x bar safe foo e $ myId html e safe call null foo e $ myId html e myWeirdInner myWeirdInner x inner x e $ myId html e myWeirdInner foo e $ myId html e $ myId html foo unknown foo match /foo/ e $ myId html e unknown foo bar e $ myId html e unknown foo e $ myId html e | -| autogenerated/Xss/ExceptionXss/exception-xss.js:29:5:29:10 | 'myId' | enclosingFunctionName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:29:5:29:10 | 'myId' | fileImports | express fs | -| autogenerated/Xss/ExceptionXss/exception-xss.js:29:5:29:10 | 'myId' | receiverName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:29:5:29:10 | 'myId' | stringConcatenatedWith | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:29:18:29:18 | e | CalleeFlexibleAccessPath | $().html | -| autogenerated/Xss/ExceptionXss/exception-xss.js:29:18:29:18 | e | InputAccessPathFromCallee | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:29:18:29:18 | e | InputArgumentIndex | 0 | -| autogenerated/Xss/ExceptionXss/exception-xss.js:29:18:29:18 | e | assignedToPropName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:29:18:29:18 | e | calleeImports | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:29:18:29:18 | e | contextFunctionInterfaces | deep(x)\ndeep2(x)\ninner(tainted, resolve)\ninner(x)\nmyWeirdInner(x)\nsafe(x) | -| autogenerated/Xss/ExceptionXss/exception-xss.js:29:18:29:18 | e | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/ExceptionXss/exception-xss.js:29:18:29:18 | e | enclosingFunctionBody | foo document location inner x unknown x unknown foo e $ myId html e inner foo e $ myId html e unknown foo bar e $ myId html e unknown prop foo e $ myId html e unknown bar foo e $ myId html e deep x deep2 x deep2 x inner x deep bar foo e $ myId html e tmp bar foo e $ myId html e safe x foo x bar safe foo e $ myId html e safe call null foo e $ myId html e myWeirdInner myWeirdInner x inner x e $ myId html e myWeirdInner foo e $ myId html e $ myId html foo unknown foo match /foo/ e $ myId html e unknown foo bar e $ myId html e unknown foo e $ myId html e | -| autogenerated/Xss/ExceptionXss/exception-xss.js:29:18:29:18 | e | enclosingFunctionName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:29:18:29:18 | e | fileImports | express fs | -| autogenerated/Xss/ExceptionXss/exception-xss.js:29:18:29:18 | e | receiverName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:29:18:29:18 | e | stringConcatenatedWith | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:33:11:33:22 | ["bar", foo] | CalleeFlexibleAccessPath | unknown | -| autogenerated/Xss/ExceptionXss/exception-xss.js:33:11:33:22 | ["bar", foo] | InputAccessPathFromCallee | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:33:11:33:22 | ["bar", foo] | InputArgumentIndex | 0 | -| autogenerated/Xss/ExceptionXss/exception-xss.js:33:11:33:22 | ["bar", foo] | assignedToPropName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:33:11:33:22 | ["bar", foo] | calleeImports | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:33:11:33:22 | ["bar", foo] | contextFunctionInterfaces | deep(x)\ndeep2(x)\ninner(tainted, resolve)\ninner(x)\nmyWeirdInner(x)\nsafe(x) | -| autogenerated/Xss/ExceptionXss/exception-xss.js:33:11:33:22 | ["bar", foo] | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/ExceptionXss/exception-xss.js:33:11:33:22 | ["bar", foo] | enclosingFunctionBody | foo document location inner x unknown x unknown foo e $ myId html e inner foo e $ myId html e unknown foo bar e $ myId html e unknown prop foo e $ myId html e unknown bar foo e $ myId html e deep x deep2 x deep2 x inner x deep bar foo e $ myId html e tmp bar foo e $ myId html e safe x foo x bar safe foo e $ myId html e safe call null foo e $ myId html e myWeirdInner myWeirdInner x inner x e $ myId html e myWeirdInner foo e $ myId html e $ myId html foo unknown foo match /foo/ e $ myId html e unknown foo bar e $ myId html e unknown foo e $ myId html e | -| autogenerated/Xss/ExceptionXss/exception-xss.js:33:11:33:22 | ["bar", foo] | enclosingFunctionName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:33:11:33:22 | ["bar", foo] | fileImports | express fs | -| autogenerated/Xss/ExceptionXss/exception-xss.js:33:11:33:22 | ["bar", foo] | receiverName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:33:11:33:22 | ["bar", foo] | stringConcatenatedWith | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:33:12:33:16 | "bar" | CalleeFlexibleAccessPath | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:33:12:33:16 | "bar" | InputAccessPathFromCallee | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:33:12:33:16 | "bar" | InputArgumentIndex | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:33:12:33:16 | "bar" | assignedToPropName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:33:12:33:16 | "bar" | calleeImports | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:33:12:33:16 | "bar" | contextFunctionInterfaces | deep(x)\ndeep2(x)\ninner(tainted, resolve)\ninner(x)\nmyWeirdInner(x)\nsafe(x) | -| autogenerated/Xss/ExceptionXss/exception-xss.js:33:12:33:16 | "bar" | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/ExceptionXss/exception-xss.js:33:12:33:16 | "bar" | enclosingFunctionBody | foo document location inner x unknown x unknown foo e $ myId html e inner foo e $ myId html e unknown foo bar e $ myId html e unknown prop foo e $ myId html e unknown bar foo e $ myId html e deep x deep2 x deep2 x inner x deep bar foo e $ myId html e tmp bar foo e $ myId html e safe x foo x bar safe foo e $ myId html e safe call null foo e $ myId html e myWeirdInner myWeirdInner x inner x e $ myId html e myWeirdInner foo e $ myId html e $ myId html foo unknown foo match /foo/ e $ myId html e unknown foo bar e $ myId html e unknown foo e $ myId html e | -| autogenerated/Xss/ExceptionXss/exception-xss.js:33:12:33:16 | "bar" | enclosingFunctionName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:33:12:33:16 | "bar" | fileImports | express fs | -| autogenerated/Xss/ExceptionXss/exception-xss.js:33:12:33:16 | "bar" | receiverName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:33:12:33:16 | "bar" | stringConcatenatedWith | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:33:19:33:21 | foo | CalleeFlexibleAccessPath | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:33:19:33:21 | foo | InputAccessPathFromCallee | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:33:19:33:21 | foo | InputArgumentIndex | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:33:19:33:21 | foo | assignedToPropName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:33:19:33:21 | foo | calleeImports | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:33:19:33:21 | foo | contextFunctionInterfaces | deep(x)\ndeep2(x)\ninner(tainted, resolve)\ninner(x)\nmyWeirdInner(x)\nsafe(x) | -| autogenerated/Xss/ExceptionXss/exception-xss.js:33:19:33:21 | foo | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/ExceptionXss/exception-xss.js:33:19:33:21 | foo | enclosingFunctionBody | foo document location inner x unknown x unknown foo e $ myId html e inner foo e $ myId html e unknown foo bar e $ myId html e unknown prop foo e $ myId html e unknown bar foo e $ myId html e deep x deep2 x deep2 x inner x deep bar foo e $ myId html e tmp bar foo e $ myId html e safe x foo x bar safe foo e $ myId html e safe call null foo e $ myId html e myWeirdInner myWeirdInner x inner x e $ myId html e myWeirdInner foo e $ myId html e $ myId html foo unknown foo match /foo/ e $ myId html e unknown foo bar e $ myId html e unknown foo e $ myId html e | -| autogenerated/Xss/ExceptionXss/exception-xss.js:33:19:33:21 | foo | enclosingFunctionName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:33:19:33:21 | foo | fileImports | express fs | -| autogenerated/Xss/ExceptionXss/exception-xss.js:33:19:33:21 | foo | receiverName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:33:19:33:21 | foo | stringConcatenatedWith | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:35:5:35:10 | 'myId' | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/ExceptionXss/exception-xss.js:35:5:35:10 | 'myId' | InputAccessPathFromCallee | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:35:5:35:10 | 'myId' | InputArgumentIndex | 0 | -| autogenerated/Xss/ExceptionXss/exception-xss.js:35:5:35:10 | 'myId' | assignedToPropName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:35:5:35:10 | 'myId' | calleeImports | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:35:5:35:10 | 'myId' | contextFunctionInterfaces | deep(x)\ndeep2(x)\ninner(tainted, resolve)\ninner(x)\nmyWeirdInner(x)\nsafe(x) | -| autogenerated/Xss/ExceptionXss/exception-xss.js:35:5:35:10 | 'myId' | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/ExceptionXss/exception-xss.js:35:5:35:10 | 'myId' | enclosingFunctionBody | foo document location inner x unknown x unknown foo e $ myId html e inner foo e $ myId html e unknown foo bar e $ myId html e unknown prop foo e $ myId html e unknown bar foo e $ myId html e deep x deep2 x deep2 x inner x deep bar foo e $ myId html e tmp bar foo e $ myId html e safe x foo x bar safe foo e $ myId html e safe call null foo e $ myId html e myWeirdInner myWeirdInner x inner x e $ myId html e myWeirdInner foo e $ myId html e $ myId html foo unknown foo match /foo/ e $ myId html e unknown foo bar e $ myId html e unknown foo e $ myId html e | -| autogenerated/Xss/ExceptionXss/exception-xss.js:35:5:35:10 | 'myId' | enclosingFunctionName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:35:5:35:10 | 'myId' | fileImports | express fs | -| autogenerated/Xss/ExceptionXss/exception-xss.js:35:5:35:10 | 'myId' | receiverName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:35:5:35:10 | 'myId' | stringConcatenatedWith | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:35:18:35:18 | e | CalleeFlexibleAccessPath | $().html | -| autogenerated/Xss/ExceptionXss/exception-xss.js:35:18:35:18 | e | InputAccessPathFromCallee | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:35:18:35:18 | e | InputArgumentIndex | 0 | -| autogenerated/Xss/ExceptionXss/exception-xss.js:35:18:35:18 | e | assignedToPropName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:35:18:35:18 | e | calleeImports | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:35:18:35:18 | e | contextFunctionInterfaces | deep(x)\ndeep2(x)\ninner(tainted, resolve)\ninner(x)\nmyWeirdInner(x)\nsafe(x) | -| autogenerated/Xss/ExceptionXss/exception-xss.js:35:18:35:18 | e | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/ExceptionXss/exception-xss.js:35:18:35:18 | e | enclosingFunctionBody | foo document location inner x unknown x unknown foo e $ myId html e inner foo e $ myId html e unknown foo bar e $ myId html e unknown prop foo e $ myId html e unknown bar foo e $ myId html e deep x deep2 x deep2 x inner x deep bar foo e $ myId html e tmp bar foo e $ myId html e safe x foo x bar safe foo e $ myId html e safe call null foo e $ myId html e myWeirdInner myWeirdInner x inner x e $ myId html e myWeirdInner foo e $ myId html e $ myId html foo unknown foo match /foo/ e $ myId html e unknown foo bar e $ myId html e unknown foo e $ myId html e | -| autogenerated/Xss/ExceptionXss/exception-xss.js:35:18:35:18 | e | enclosingFunctionName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:35:18:35:18 | e | fileImports | express fs | -| autogenerated/Xss/ExceptionXss/exception-xss.js:35:18:35:18 | e | receiverName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:35:18:35:18 | e | stringConcatenatedWith | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:48:5:48:10 | 'myId' | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/ExceptionXss/exception-xss.js:48:5:48:10 | 'myId' | InputAccessPathFromCallee | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:48:5:48:10 | 'myId' | InputArgumentIndex | 0 | -| autogenerated/Xss/ExceptionXss/exception-xss.js:48:5:48:10 | 'myId' | assignedToPropName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:48:5:48:10 | 'myId' | calleeImports | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:48:5:48:10 | 'myId' | contextFunctionInterfaces | deep(x)\ndeep2(x)\ninner(tainted, resolve)\ninner(x)\nmyWeirdInner(x)\nsafe(x) | -| autogenerated/Xss/ExceptionXss/exception-xss.js:48:5:48:10 | 'myId' | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/ExceptionXss/exception-xss.js:48:5:48:10 | 'myId' | enclosingFunctionBody | foo document location inner x unknown x unknown foo e $ myId html e inner foo e $ myId html e unknown foo bar e $ myId html e unknown prop foo e $ myId html e unknown bar foo e $ myId html e deep x deep2 x deep2 x inner x deep bar foo e $ myId html e tmp bar foo e $ myId html e safe x foo x bar safe foo e $ myId html e safe call null foo e $ myId html e myWeirdInner myWeirdInner x inner x e $ myId html e myWeirdInner foo e $ myId html e $ myId html foo unknown foo match /foo/ e $ myId html e unknown foo bar e $ myId html e unknown foo e $ myId html e | -| autogenerated/Xss/ExceptionXss/exception-xss.js:48:5:48:10 | 'myId' | enclosingFunctionName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:48:5:48:10 | 'myId' | fileImports | express fs | -| autogenerated/Xss/ExceptionXss/exception-xss.js:48:5:48:10 | 'myId' | receiverName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:48:5:48:10 | 'myId' | stringConcatenatedWith | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:48:18:48:18 | e | CalleeFlexibleAccessPath | $().html | -| autogenerated/Xss/ExceptionXss/exception-xss.js:48:18:48:18 | e | InputAccessPathFromCallee | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:48:18:48:18 | e | InputArgumentIndex | 0 | -| autogenerated/Xss/ExceptionXss/exception-xss.js:48:18:48:18 | e | assignedToPropName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:48:18:48:18 | e | calleeImports | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:48:18:48:18 | e | contextFunctionInterfaces | deep(x)\ndeep2(x)\ninner(tainted, resolve)\ninner(x)\nmyWeirdInner(x)\nsafe(x) | -| autogenerated/Xss/ExceptionXss/exception-xss.js:48:18:48:18 | e | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/ExceptionXss/exception-xss.js:48:18:48:18 | e | enclosingFunctionBody | foo document location inner x unknown x unknown foo e $ myId html e inner foo e $ myId html e unknown foo bar e $ myId html e unknown prop foo e $ myId html e unknown bar foo e $ myId html e deep x deep2 x deep2 x inner x deep bar foo e $ myId html e tmp bar foo e $ myId html e safe x foo x bar safe foo e $ myId html e safe call null foo e $ myId html e myWeirdInner myWeirdInner x inner x e $ myId html e myWeirdInner foo e $ myId html e $ myId html foo unknown foo match /foo/ e $ myId html e unknown foo bar e $ myId html e unknown foo e $ myId html e | -| autogenerated/Xss/ExceptionXss/exception-xss.js:48:18:48:18 | e | enclosingFunctionName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:48:18:48:18 | e | fileImports | express fs | -| autogenerated/Xss/ExceptionXss/exception-xss.js:48:18:48:18 | e | receiverName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:48:18:48:18 | e | stringConcatenatedWith | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:54:5:54:10 | 'myId' | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/ExceptionXss/exception-xss.js:54:5:54:10 | 'myId' | InputAccessPathFromCallee | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:54:5:54:10 | 'myId' | InputArgumentIndex | 0 | -| autogenerated/Xss/ExceptionXss/exception-xss.js:54:5:54:10 | 'myId' | assignedToPropName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:54:5:54:10 | 'myId' | calleeImports | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:54:5:54:10 | 'myId' | contextFunctionInterfaces | deep(x)\ndeep2(x)\ninner(tainted, resolve)\ninner(x)\nmyWeirdInner(x)\nsafe(x) | -| autogenerated/Xss/ExceptionXss/exception-xss.js:54:5:54:10 | 'myId' | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/ExceptionXss/exception-xss.js:54:5:54:10 | 'myId' | enclosingFunctionBody | foo document location inner x unknown x unknown foo e $ myId html e inner foo e $ myId html e unknown foo bar e $ myId html e unknown prop foo e $ myId html e unknown bar foo e $ myId html e deep x deep2 x deep2 x inner x deep bar foo e $ myId html e tmp bar foo e $ myId html e safe x foo x bar safe foo e $ myId html e safe call null foo e $ myId html e myWeirdInner myWeirdInner x inner x e $ myId html e myWeirdInner foo e $ myId html e $ myId html foo unknown foo match /foo/ e $ myId html e unknown foo bar e $ myId html e unknown foo e $ myId html e | -| autogenerated/Xss/ExceptionXss/exception-xss.js:54:5:54:10 | 'myId' | enclosingFunctionName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:54:5:54:10 | 'myId' | fileImports | express fs | -| autogenerated/Xss/ExceptionXss/exception-xss.js:54:5:54:10 | 'myId' | receiverName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:54:5:54:10 | 'myId' | stringConcatenatedWith | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:54:18:54:18 | e | CalleeFlexibleAccessPath | $().html | -| autogenerated/Xss/ExceptionXss/exception-xss.js:54:18:54:18 | e | InputAccessPathFromCallee | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:54:18:54:18 | e | InputArgumentIndex | 0 | -| autogenerated/Xss/ExceptionXss/exception-xss.js:54:18:54:18 | e | assignedToPropName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:54:18:54:18 | e | calleeImports | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:54:18:54:18 | e | contextFunctionInterfaces | deep(x)\ndeep2(x)\ninner(tainted, resolve)\ninner(x)\nmyWeirdInner(x)\nsafe(x) | -| autogenerated/Xss/ExceptionXss/exception-xss.js:54:18:54:18 | e | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/ExceptionXss/exception-xss.js:54:18:54:18 | e | enclosingFunctionBody | foo document location inner x unknown x unknown foo e $ myId html e inner foo e $ myId html e unknown foo bar e $ myId html e unknown prop foo e $ myId html e unknown bar foo e $ myId html e deep x deep2 x deep2 x inner x deep bar foo e $ myId html e tmp bar foo e $ myId html e safe x foo x bar safe foo e $ myId html e safe call null foo e $ myId html e myWeirdInner myWeirdInner x inner x e $ myId html e myWeirdInner foo e $ myId html e $ myId html foo unknown foo match /foo/ e $ myId html e unknown foo bar e $ myId html e unknown foo e $ myId html e | -| autogenerated/Xss/ExceptionXss/exception-xss.js:54:18:54:18 | e | enclosingFunctionName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:54:18:54:18 | e | fileImports | express fs | -| autogenerated/Xss/ExceptionXss/exception-xss.js:54:18:54:18 | e | receiverName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:54:18:54:18 | e | stringConcatenatedWith | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:64:5:64:10 | 'myId' | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/ExceptionXss/exception-xss.js:64:5:64:10 | 'myId' | InputAccessPathFromCallee | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:64:5:64:10 | 'myId' | InputArgumentIndex | 0 | -| autogenerated/Xss/ExceptionXss/exception-xss.js:64:5:64:10 | 'myId' | assignedToPropName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:64:5:64:10 | 'myId' | calleeImports | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:64:5:64:10 | 'myId' | contextFunctionInterfaces | deep(x)\ndeep2(x)\ninner(tainted, resolve)\ninner(x)\nmyWeirdInner(x)\nsafe(x) | -| autogenerated/Xss/ExceptionXss/exception-xss.js:64:5:64:10 | 'myId' | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/ExceptionXss/exception-xss.js:64:5:64:10 | 'myId' | enclosingFunctionBody | foo document location inner x unknown x unknown foo e $ myId html e inner foo e $ myId html e unknown foo bar e $ myId html e unknown prop foo e $ myId html e unknown bar foo e $ myId html e deep x deep2 x deep2 x inner x deep bar foo e $ myId html e tmp bar foo e $ myId html e safe x foo x bar safe foo e $ myId html e safe call null foo e $ myId html e myWeirdInner myWeirdInner x inner x e $ myId html e myWeirdInner foo e $ myId html e $ myId html foo unknown foo match /foo/ e $ myId html e unknown foo bar e $ myId html e unknown foo e $ myId html e | -| autogenerated/Xss/ExceptionXss/exception-xss.js:64:5:64:10 | 'myId' | enclosingFunctionName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:64:5:64:10 | 'myId' | fileImports | express fs | -| autogenerated/Xss/ExceptionXss/exception-xss.js:64:5:64:10 | 'myId' | receiverName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:64:5:64:10 | 'myId' | stringConcatenatedWith | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:64:18:64:18 | e | CalleeFlexibleAccessPath | $().html | -| autogenerated/Xss/ExceptionXss/exception-xss.js:64:18:64:18 | e | InputAccessPathFromCallee | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:64:18:64:18 | e | InputArgumentIndex | 0 | -| autogenerated/Xss/ExceptionXss/exception-xss.js:64:18:64:18 | e | assignedToPropName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:64:18:64:18 | e | calleeImports | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:64:18:64:18 | e | contextFunctionInterfaces | deep(x)\ndeep2(x)\ninner(tainted, resolve)\ninner(x)\nmyWeirdInner(x)\nsafe(x) | -| autogenerated/Xss/ExceptionXss/exception-xss.js:64:18:64:18 | e | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/ExceptionXss/exception-xss.js:64:18:64:18 | e | enclosingFunctionBody | foo document location inner x unknown x unknown foo e $ myId html e inner foo e $ myId html e unknown foo bar e $ myId html e unknown prop foo e $ myId html e unknown bar foo e $ myId html e deep x deep2 x deep2 x inner x deep bar foo e $ myId html e tmp bar foo e $ myId html e safe x foo x bar safe foo e $ myId html e safe call null foo e $ myId html e myWeirdInner myWeirdInner x inner x e $ myId html e myWeirdInner foo e $ myId html e $ myId html foo unknown foo match /foo/ e $ myId html e unknown foo bar e $ myId html e unknown foo e $ myId html e | -| autogenerated/Xss/ExceptionXss/exception-xss.js:64:18:64:18 | e | enclosingFunctionName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:64:18:64:18 | e | fileImports | express fs | -| autogenerated/Xss/ExceptionXss/exception-xss.js:64:18:64:18 | e | receiverName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:64:18:64:18 | e | stringConcatenatedWith | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:68:13:68:16 | null | CalleeFlexibleAccessPath | safe.call | -| autogenerated/Xss/ExceptionXss/exception-xss.js:68:13:68:16 | null | InputAccessPathFromCallee | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:68:13:68:16 | null | InputArgumentIndex | 0 | -| autogenerated/Xss/ExceptionXss/exception-xss.js:68:13:68:16 | null | assignedToPropName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:68:13:68:16 | null | calleeImports | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:68:13:68:16 | null | contextFunctionInterfaces | deep(x)\ndeep2(x)\ninner(tainted, resolve)\ninner(x)\nmyWeirdInner(x)\nsafe(x) | -| autogenerated/Xss/ExceptionXss/exception-xss.js:68:13:68:16 | null | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/ExceptionXss/exception-xss.js:68:13:68:16 | null | enclosingFunctionBody | foo document location inner x unknown x unknown foo e $ myId html e inner foo e $ myId html e unknown foo bar e $ myId html e unknown prop foo e $ myId html e unknown bar foo e $ myId html e deep x deep2 x deep2 x inner x deep bar foo e $ myId html e tmp bar foo e $ myId html e safe x foo x bar safe foo e $ myId html e safe call null foo e $ myId html e myWeirdInner myWeirdInner x inner x e $ myId html e myWeirdInner foo e $ myId html e $ myId html foo unknown foo match /foo/ e $ myId html e unknown foo bar e $ myId html e unknown foo e $ myId html e | -| autogenerated/Xss/ExceptionXss/exception-xss.js:68:13:68:16 | null | enclosingFunctionName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:68:13:68:16 | null | fileImports | express fs | -| autogenerated/Xss/ExceptionXss/exception-xss.js:68:13:68:16 | null | receiverName | safe | -| autogenerated/Xss/ExceptionXss/exception-xss.js:68:13:68:16 | null | stringConcatenatedWith | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:68:19:68:21 | foo | CalleeFlexibleAccessPath | safe | -| autogenerated/Xss/ExceptionXss/exception-xss.js:68:19:68:21 | foo | CalleeFlexibleAccessPath | safe.call | -| autogenerated/Xss/ExceptionXss/exception-xss.js:68:19:68:21 | foo | InputAccessPathFromCallee | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:68:19:68:21 | foo | InputArgumentIndex | 0 | -| autogenerated/Xss/ExceptionXss/exception-xss.js:68:19:68:21 | foo | InputArgumentIndex | 1 | -| autogenerated/Xss/ExceptionXss/exception-xss.js:68:19:68:21 | foo | assignedToPropName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:68:19:68:21 | foo | calleeImports | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:68:19:68:21 | foo | contextFunctionInterfaces | deep(x)\ndeep2(x)\ninner(tainted, resolve)\ninner(x)\nmyWeirdInner(x)\nsafe(x) | -| autogenerated/Xss/ExceptionXss/exception-xss.js:68:19:68:21 | foo | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/ExceptionXss/exception-xss.js:68:19:68:21 | foo | enclosingFunctionBody | foo document location inner x unknown x unknown foo e $ myId html e inner foo e $ myId html e unknown foo bar e $ myId html e unknown prop foo e $ myId html e unknown bar foo e $ myId html e deep x deep2 x deep2 x inner x deep bar foo e $ myId html e tmp bar foo e $ myId html e safe x foo x bar safe foo e $ myId html e safe call null foo e $ myId html e myWeirdInner myWeirdInner x inner x e $ myId html e myWeirdInner foo e $ myId html e $ myId html foo unknown foo match /foo/ e $ myId html e unknown foo bar e $ myId html e unknown foo e $ myId html e | -| autogenerated/Xss/ExceptionXss/exception-xss.js:68:19:68:21 | foo | enclosingFunctionName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:68:19:68:21 | foo | fileImports | express fs | -| autogenerated/Xss/ExceptionXss/exception-xss.js:68:19:68:21 | foo | receiverName | safe | -| autogenerated/Xss/ExceptionXss/exception-xss.js:68:19:68:21 | foo | stringConcatenatedWith | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:70:5:70:10 | 'myId' | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/ExceptionXss/exception-xss.js:70:5:70:10 | 'myId' | InputAccessPathFromCallee | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:70:5:70:10 | 'myId' | InputArgumentIndex | 0 | -| autogenerated/Xss/ExceptionXss/exception-xss.js:70:5:70:10 | 'myId' | assignedToPropName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:70:5:70:10 | 'myId' | calleeImports | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:70:5:70:10 | 'myId' | contextFunctionInterfaces | deep(x)\ndeep2(x)\ninner(tainted, resolve)\ninner(x)\nmyWeirdInner(x)\nsafe(x) | -| autogenerated/Xss/ExceptionXss/exception-xss.js:70:5:70:10 | 'myId' | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/ExceptionXss/exception-xss.js:70:5:70:10 | 'myId' | enclosingFunctionBody | foo document location inner x unknown x unknown foo e $ myId html e inner foo e $ myId html e unknown foo bar e $ myId html e unknown prop foo e $ myId html e unknown bar foo e $ myId html e deep x deep2 x deep2 x inner x deep bar foo e $ myId html e tmp bar foo e $ myId html e safe x foo x bar safe foo e $ myId html e safe call null foo e $ myId html e myWeirdInner myWeirdInner x inner x e $ myId html e myWeirdInner foo e $ myId html e $ myId html foo unknown foo match /foo/ e $ myId html e unknown foo bar e $ myId html e unknown foo e $ myId html e | -| autogenerated/Xss/ExceptionXss/exception-xss.js:70:5:70:10 | 'myId' | enclosingFunctionName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:70:5:70:10 | 'myId' | fileImports | express fs | -| autogenerated/Xss/ExceptionXss/exception-xss.js:70:5:70:10 | 'myId' | receiverName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:70:5:70:10 | 'myId' | stringConcatenatedWith | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:70:18:70:18 | e | CalleeFlexibleAccessPath | $().html | -| autogenerated/Xss/ExceptionXss/exception-xss.js:70:18:70:18 | e | InputAccessPathFromCallee | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:70:18:70:18 | e | InputArgumentIndex | 0 | -| autogenerated/Xss/ExceptionXss/exception-xss.js:70:18:70:18 | e | assignedToPropName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:70:18:70:18 | e | calleeImports | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:70:18:70:18 | e | contextFunctionInterfaces | deep(x)\ndeep2(x)\ninner(tainted, resolve)\ninner(x)\nmyWeirdInner(x)\nsafe(x) | -| autogenerated/Xss/ExceptionXss/exception-xss.js:70:18:70:18 | e | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/ExceptionXss/exception-xss.js:70:18:70:18 | e | enclosingFunctionBody | foo document location inner x unknown x unknown foo e $ myId html e inner foo e $ myId html e unknown foo bar e $ myId html e unknown prop foo e $ myId html e unknown bar foo e $ myId html e deep x deep2 x deep2 x inner x deep bar foo e $ myId html e tmp bar foo e $ myId html e safe x foo x bar safe foo e $ myId html e safe call null foo e $ myId html e myWeirdInner myWeirdInner x inner x e $ myId html e myWeirdInner foo e $ myId html e $ myId html foo unknown foo match /foo/ e $ myId html e unknown foo bar e $ myId html e unknown foo e $ myId html e | -| autogenerated/Xss/ExceptionXss/exception-xss.js:70:18:70:18 | e | enclosingFunctionName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:70:18:70:18 | e | fileImports | express fs | -| autogenerated/Xss/ExceptionXss/exception-xss.js:70:18:70:18 | e | receiverName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:70:18:70:18 | e | stringConcatenatedWith | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:78:5:78:10 | 'myId' | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/ExceptionXss/exception-xss.js:78:5:78:10 | 'myId' | InputAccessPathFromCallee | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:78:5:78:10 | 'myId' | InputArgumentIndex | 0 | -| autogenerated/Xss/ExceptionXss/exception-xss.js:78:5:78:10 | 'myId' | assignedToPropName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:78:5:78:10 | 'myId' | calleeImports | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:78:5:78:10 | 'myId' | contextFunctionInterfaces | deep(x)\ndeep2(x)\ninner(tainted, resolve)\ninner(x)\nmyWeirdInner(x)\nsafe(x) | -| autogenerated/Xss/ExceptionXss/exception-xss.js:78:5:78:10 | 'myId' | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/ExceptionXss/exception-xss.js:78:5:78:10 | 'myId' | enclosingFunctionBody | foo document location inner x unknown x unknown foo e $ myId html e inner foo e $ myId html e unknown foo bar e $ myId html e unknown prop foo e $ myId html e unknown bar foo e $ myId html e deep x deep2 x deep2 x inner x deep bar foo e $ myId html e tmp bar foo e $ myId html e safe x foo x bar safe foo e $ myId html e safe call null foo e $ myId html e myWeirdInner myWeirdInner x inner x e $ myId html e myWeirdInner foo e $ myId html e $ myId html foo unknown foo match /foo/ e $ myId html e unknown foo bar e $ myId html e unknown foo e $ myId html e | -| autogenerated/Xss/ExceptionXss/exception-xss.js:78:5:78:10 | 'myId' | enclosingFunctionName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:78:5:78:10 | 'myId' | fileImports | express fs | -| autogenerated/Xss/ExceptionXss/exception-xss.js:78:5:78:10 | 'myId' | receiverName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:78:5:78:10 | 'myId' | stringConcatenatedWith | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:78:18:78:18 | e | CalleeFlexibleAccessPath | $().html | -| autogenerated/Xss/ExceptionXss/exception-xss.js:78:18:78:18 | e | InputAccessPathFromCallee | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:78:18:78:18 | e | InputArgumentIndex | 0 | -| autogenerated/Xss/ExceptionXss/exception-xss.js:78:18:78:18 | e | assignedToPropName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:78:18:78:18 | e | calleeImports | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:78:18:78:18 | e | contextFunctionInterfaces | deep(x)\ndeep2(x)\ninner(tainted, resolve)\ninner(x)\nmyWeirdInner(x)\nsafe(x) | -| autogenerated/Xss/ExceptionXss/exception-xss.js:78:18:78:18 | e | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/ExceptionXss/exception-xss.js:78:18:78:18 | e | enclosingFunctionBody | foo document location inner x unknown x unknown foo e $ myId html e inner foo e $ myId html e unknown foo bar e $ myId html e unknown prop foo e $ myId html e unknown bar foo e $ myId html e deep x deep2 x deep2 x inner x deep bar foo e $ myId html e tmp bar foo e $ myId html e safe x foo x bar safe foo e $ myId html e safe call null foo e $ myId html e myWeirdInner myWeirdInner x inner x e $ myId html e myWeirdInner foo e $ myId html e $ myId html foo unknown foo match /foo/ e $ myId html e unknown foo bar e $ myId html e unknown foo e $ myId html e | -| autogenerated/Xss/ExceptionXss/exception-xss.js:78:18:78:18 | e | enclosingFunctionName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:78:18:78:18 | e | fileImports | express fs | -| autogenerated/Xss/ExceptionXss/exception-xss.js:78:18:78:18 | e | receiverName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:78:18:78:18 | e | stringConcatenatedWith | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:83:5:83:10 | 'myId' | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/ExceptionXss/exception-xss.js:83:5:83:10 | 'myId' | InputAccessPathFromCallee | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:83:5:83:10 | 'myId' | InputArgumentIndex | 0 | -| autogenerated/Xss/ExceptionXss/exception-xss.js:83:5:83:10 | 'myId' | assignedToPropName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:83:5:83:10 | 'myId' | calleeImports | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:83:5:83:10 | 'myId' | contextFunctionInterfaces | deep(x)\ndeep2(x)\ninner(tainted, resolve)\ninner(x)\nmyWeirdInner(x)\nsafe(x) | -| autogenerated/Xss/ExceptionXss/exception-xss.js:83:5:83:10 | 'myId' | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/ExceptionXss/exception-xss.js:83:5:83:10 | 'myId' | enclosingFunctionBody | foo document location inner x unknown x unknown foo e $ myId html e inner foo e $ myId html e unknown foo bar e $ myId html e unknown prop foo e $ myId html e unknown bar foo e $ myId html e deep x deep2 x deep2 x inner x deep bar foo e $ myId html e tmp bar foo e $ myId html e safe x foo x bar safe foo e $ myId html e safe call null foo e $ myId html e myWeirdInner myWeirdInner x inner x e $ myId html e myWeirdInner foo e $ myId html e $ myId html foo unknown foo match /foo/ e $ myId html e unknown foo bar e $ myId html e unknown foo e $ myId html e | -| autogenerated/Xss/ExceptionXss/exception-xss.js:83:5:83:10 | 'myId' | enclosingFunctionName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:83:5:83:10 | 'myId' | fileImports | express fs | -| autogenerated/Xss/ExceptionXss/exception-xss.js:83:5:83:10 | 'myId' | receiverName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:83:5:83:10 | 'myId' | stringConcatenatedWith | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:83:18:83:18 | e | CalleeFlexibleAccessPath | $().html | -| autogenerated/Xss/ExceptionXss/exception-xss.js:83:18:83:18 | e | InputAccessPathFromCallee | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:83:18:83:18 | e | InputArgumentIndex | 0 | -| autogenerated/Xss/ExceptionXss/exception-xss.js:83:18:83:18 | e | assignedToPropName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:83:18:83:18 | e | calleeImports | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:83:18:83:18 | e | contextFunctionInterfaces | deep(x)\ndeep2(x)\ninner(tainted, resolve)\ninner(x)\nmyWeirdInner(x)\nsafe(x) | -| autogenerated/Xss/ExceptionXss/exception-xss.js:83:18:83:18 | e | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/ExceptionXss/exception-xss.js:83:18:83:18 | e | enclosingFunctionBody | foo document location inner x unknown x unknown foo e $ myId html e inner foo e $ myId html e unknown foo bar e $ myId html e unknown prop foo e $ myId html e unknown bar foo e $ myId html e deep x deep2 x deep2 x inner x deep bar foo e $ myId html e tmp bar foo e $ myId html e safe x foo x bar safe foo e $ myId html e safe call null foo e $ myId html e myWeirdInner myWeirdInner x inner x e $ myId html e myWeirdInner foo e $ myId html e $ myId html foo unknown foo match /foo/ e $ myId html e unknown foo bar e $ myId html e unknown foo e $ myId html e | -| autogenerated/Xss/ExceptionXss/exception-xss.js:83:18:83:18 | e | enclosingFunctionName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:83:18:83:18 | e | fileImports | express fs | -| autogenerated/Xss/ExceptionXss/exception-xss.js:83:18:83:18 | e | receiverName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:83:18:83:18 | e | stringConcatenatedWith | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:86:4:86:9 | 'myId' | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/ExceptionXss/exception-xss.js:86:4:86:9 | 'myId' | InputAccessPathFromCallee | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:86:4:86:9 | 'myId' | InputArgumentIndex | 0 | -| autogenerated/Xss/ExceptionXss/exception-xss.js:86:4:86:9 | 'myId' | assignedToPropName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:86:4:86:9 | 'myId' | calleeImports | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:86:4:86:9 | 'myId' | contextFunctionInterfaces | deep(x)\ndeep2(x)\ninner(tainted, resolve)\ninner(x)\nmyWeirdInner(x)\nsafe(x) | -| autogenerated/Xss/ExceptionXss/exception-xss.js:86:4:86:9 | 'myId' | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/ExceptionXss/exception-xss.js:86:4:86:9 | 'myId' | enclosingFunctionBody | foo document location inner x unknown x unknown foo e $ myId html e inner foo e $ myId html e unknown foo bar e $ myId html e unknown prop foo e $ myId html e unknown bar foo e $ myId html e deep x deep2 x deep2 x inner x deep bar foo e $ myId html e tmp bar foo e $ myId html e safe x foo x bar safe foo e $ myId html e safe call null foo e $ myId html e myWeirdInner myWeirdInner x inner x e $ myId html e myWeirdInner foo e $ myId html e $ myId html foo unknown foo match /foo/ e $ myId html e unknown foo bar e $ myId html e unknown foo e $ myId html e | -| autogenerated/Xss/ExceptionXss/exception-xss.js:86:4:86:9 | 'myId' | enclosingFunctionName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:86:4:86:9 | 'myId' | fileImports | express fs | -| autogenerated/Xss/ExceptionXss/exception-xss.js:86:4:86:9 | 'myId' | receiverName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:86:4:86:9 | 'myId' | stringConcatenatedWith | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:86:17:86:19 | foo | CalleeFlexibleAccessPath | $().html | -| autogenerated/Xss/ExceptionXss/exception-xss.js:86:17:86:19 | foo | InputAccessPathFromCallee | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:86:17:86:19 | foo | InputArgumentIndex | 0 | -| autogenerated/Xss/ExceptionXss/exception-xss.js:86:17:86:19 | foo | assignedToPropName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:86:17:86:19 | foo | calleeImports | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:86:17:86:19 | foo | contextFunctionInterfaces | deep(x)\ndeep2(x)\ninner(tainted, resolve)\ninner(x)\nmyWeirdInner(x)\nsafe(x) | -| autogenerated/Xss/ExceptionXss/exception-xss.js:86:17:86:19 | foo | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/ExceptionXss/exception-xss.js:86:17:86:19 | foo | enclosingFunctionBody | foo document location inner x unknown x unknown foo e $ myId html e inner foo e $ myId html e unknown foo bar e $ myId html e unknown prop foo e $ myId html e unknown bar foo e $ myId html e deep x deep2 x deep2 x inner x deep bar foo e $ myId html e tmp bar foo e $ myId html e safe x foo x bar safe foo e $ myId html e safe call null foo e $ myId html e myWeirdInner myWeirdInner x inner x e $ myId html e myWeirdInner foo e $ myId html e $ myId html foo unknown foo match /foo/ e $ myId html e unknown foo bar e $ myId html e unknown foo e $ myId html e | -| autogenerated/Xss/ExceptionXss/exception-xss.js:86:17:86:19 | foo | enclosingFunctionName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:86:17:86:19 | foo | fileImports | express fs | -| autogenerated/Xss/ExceptionXss/exception-xss.js:86:17:86:19 | foo | receiverName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:86:17:86:19 | foo | stringConcatenatedWith | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:89:11:89:26 | foo.match(/foo/) | CalleeFlexibleAccessPath | unknown | -| autogenerated/Xss/ExceptionXss/exception-xss.js:89:11:89:26 | foo.match(/foo/) | InputAccessPathFromCallee | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:89:11:89:26 | foo.match(/foo/) | InputArgumentIndex | 0 | -| autogenerated/Xss/ExceptionXss/exception-xss.js:89:11:89:26 | foo.match(/foo/) | assignedToPropName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:89:11:89:26 | foo.match(/foo/) | calleeImports | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:89:11:89:26 | foo.match(/foo/) | contextFunctionInterfaces | deep(x)\ndeep2(x)\ninner(tainted, resolve)\ninner(x)\nmyWeirdInner(x)\nsafe(x) | -| autogenerated/Xss/ExceptionXss/exception-xss.js:89:11:89:26 | foo.match(/foo/) | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/ExceptionXss/exception-xss.js:89:11:89:26 | foo.match(/foo/) | enclosingFunctionBody | foo document location inner x unknown x unknown foo e $ myId html e inner foo e $ myId html e unknown foo bar e $ myId html e unknown prop foo e $ myId html e unknown bar foo e $ myId html e deep x deep2 x deep2 x inner x deep bar foo e $ myId html e tmp bar foo e $ myId html e safe x foo x bar safe foo e $ myId html e safe call null foo e $ myId html e myWeirdInner myWeirdInner x inner x e $ myId html e myWeirdInner foo e $ myId html e $ myId html foo unknown foo match /foo/ e $ myId html e unknown foo bar e $ myId html e unknown foo e $ myId html e | -| autogenerated/Xss/ExceptionXss/exception-xss.js:89:11:89:26 | foo.match(/foo/) | enclosingFunctionName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:89:11:89:26 | foo.match(/foo/) | fileImports | express fs | -| autogenerated/Xss/ExceptionXss/exception-xss.js:89:11:89:26 | foo.match(/foo/) | receiverName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:89:11:89:26 | foo.match(/foo/) | stringConcatenatedWith | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:89:21:89:25 | /foo/ | CalleeFlexibleAccessPath | foo.match | -| autogenerated/Xss/ExceptionXss/exception-xss.js:89:21:89:25 | /foo/ | InputAccessPathFromCallee | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:89:21:89:25 | /foo/ | InputArgumentIndex | 0 | -| autogenerated/Xss/ExceptionXss/exception-xss.js:89:21:89:25 | /foo/ | assignedToPropName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:89:21:89:25 | /foo/ | calleeImports | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:89:21:89:25 | /foo/ | contextFunctionInterfaces | deep(x)\ndeep2(x)\ninner(tainted, resolve)\ninner(x)\nmyWeirdInner(x)\nsafe(x) | -| autogenerated/Xss/ExceptionXss/exception-xss.js:89:21:89:25 | /foo/ | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/ExceptionXss/exception-xss.js:89:21:89:25 | /foo/ | enclosingFunctionBody | foo document location inner x unknown x unknown foo e $ myId html e inner foo e $ myId html e unknown foo bar e $ myId html e unknown prop foo e $ myId html e unknown bar foo e $ myId html e deep x deep2 x deep2 x inner x deep bar foo e $ myId html e tmp bar foo e $ myId html e safe x foo x bar safe foo e $ myId html e safe call null foo e $ myId html e myWeirdInner myWeirdInner x inner x e $ myId html e myWeirdInner foo e $ myId html e $ myId html foo unknown foo match /foo/ e $ myId html e unknown foo bar e $ myId html e unknown foo e $ myId html e | -| autogenerated/Xss/ExceptionXss/exception-xss.js:89:21:89:25 | /foo/ | enclosingFunctionName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:89:21:89:25 | /foo/ | fileImports | express fs | -| autogenerated/Xss/ExceptionXss/exception-xss.js:89:21:89:25 | /foo/ | receiverName | foo | -| autogenerated/Xss/ExceptionXss/exception-xss.js:89:21:89:25 | /foo/ | stringConcatenatedWith | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:91:5:91:10 | 'myId' | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/ExceptionXss/exception-xss.js:91:5:91:10 | 'myId' | InputAccessPathFromCallee | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:91:5:91:10 | 'myId' | InputArgumentIndex | 0 | -| autogenerated/Xss/ExceptionXss/exception-xss.js:91:5:91:10 | 'myId' | assignedToPropName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:91:5:91:10 | 'myId' | calleeImports | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:91:5:91:10 | 'myId' | contextFunctionInterfaces | deep(x)\ndeep2(x)\ninner(tainted, resolve)\ninner(x)\nmyWeirdInner(x)\nsafe(x) | -| autogenerated/Xss/ExceptionXss/exception-xss.js:91:5:91:10 | 'myId' | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/ExceptionXss/exception-xss.js:91:5:91:10 | 'myId' | enclosingFunctionBody | foo document location inner x unknown x unknown foo e $ myId html e inner foo e $ myId html e unknown foo bar e $ myId html e unknown prop foo e $ myId html e unknown bar foo e $ myId html e deep x deep2 x deep2 x inner x deep bar foo e $ myId html e tmp bar foo e $ myId html e safe x foo x bar safe foo e $ myId html e safe call null foo e $ myId html e myWeirdInner myWeirdInner x inner x e $ myId html e myWeirdInner foo e $ myId html e $ myId html foo unknown foo match /foo/ e $ myId html e unknown foo bar e $ myId html e unknown foo e $ myId html e | -| autogenerated/Xss/ExceptionXss/exception-xss.js:91:5:91:10 | 'myId' | enclosingFunctionName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:91:5:91:10 | 'myId' | fileImports | express fs | -| autogenerated/Xss/ExceptionXss/exception-xss.js:91:5:91:10 | 'myId' | receiverName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:91:5:91:10 | 'myId' | stringConcatenatedWith | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:91:18:91:18 | e | CalleeFlexibleAccessPath | $().html | -| autogenerated/Xss/ExceptionXss/exception-xss.js:91:18:91:18 | e | InputAccessPathFromCallee | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:91:18:91:18 | e | InputArgumentIndex | 0 | -| autogenerated/Xss/ExceptionXss/exception-xss.js:91:18:91:18 | e | assignedToPropName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:91:18:91:18 | e | calleeImports | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:91:18:91:18 | e | contextFunctionInterfaces | deep(x)\ndeep2(x)\ninner(tainted, resolve)\ninner(x)\nmyWeirdInner(x)\nsafe(x) | -| autogenerated/Xss/ExceptionXss/exception-xss.js:91:18:91:18 | e | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/ExceptionXss/exception-xss.js:91:18:91:18 | e | enclosingFunctionBody | foo document location inner x unknown x unknown foo e $ myId html e inner foo e $ myId html e unknown foo bar e $ myId html e unknown prop foo e $ myId html e unknown bar foo e $ myId html e deep x deep2 x deep2 x inner x deep bar foo e $ myId html e tmp bar foo e $ myId html e safe x foo x bar safe foo e $ myId html e safe call null foo e $ myId html e myWeirdInner myWeirdInner x inner x e $ myId html e myWeirdInner foo e $ myId html e $ myId html foo unknown foo match /foo/ e $ myId html e unknown foo bar e $ myId html e unknown foo e $ myId html e | -| autogenerated/Xss/ExceptionXss/exception-xss.js:91:18:91:18 | e | enclosingFunctionName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:91:18:91:18 | e | fileImports | express fs | -| autogenerated/Xss/ExceptionXss/exception-xss.js:91:18:91:18 | e | receiverName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:91:18:91:18 | e | stringConcatenatedWith | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:95:11:95:22 | [foo, "bar"] | CalleeFlexibleAccessPath | unknown | -| autogenerated/Xss/ExceptionXss/exception-xss.js:95:11:95:22 | [foo, "bar"] | InputAccessPathFromCallee | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:95:11:95:22 | [foo, "bar"] | InputArgumentIndex | 0 | -| autogenerated/Xss/ExceptionXss/exception-xss.js:95:11:95:22 | [foo, "bar"] | assignedToPropName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:95:11:95:22 | [foo, "bar"] | calleeImports | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:95:11:95:22 | [foo, "bar"] | contextFunctionInterfaces | deep(x)\ndeep2(x)\ninner(tainted, resolve)\ninner(x)\nmyWeirdInner(x)\nsafe(x) | -| autogenerated/Xss/ExceptionXss/exception-xss.js:95:11:95:22 | [foo, "bar"] | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/ExceptionXss/exception-xss.js:95:11:95:22 | [foo, "bar"] | enclosingFunctionBody | foo document location inner x unknown x unknown foo e $ myId html e inner foo e $ myId html e unknown foo bar e $ myId html e unknown prop foo e $ myId html e unknown bar foo e $ myId html e deep x deep2 x deep2 x inner x deep bar foo e $ myId html e tmp bar foo e $ myId html e safe x foo x bar safe foo e $ myId html e safe call null foo e $ myId html e myWeirdInner myWeirdInner x inner x e $ myId html e myWeirdInner foo e $ myId html e $ myId html foo unknown foo match /foo/ e $ myId html e unknown foo bar e $ myId html e unknown foo e $ myId html e | -| autogenerated/Xss/ExceptionXss/exception-xss.js:95:11:95:22 | [foo, "bar"] | enclosingFunctionName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:95:11:95:22 | [foo, "bar"] | fileImports | express fs | -| autogenerated/Xss/ExceptionXss/exception-xss.js:95:11:95:22 | [foo, "bar"] | receiverName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:95:11:95:22 | [foo, "bar"] | stringConcatenatedWith | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:95:12:95:14 | foo | CalleeFlexibleAccessPath | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:95:12:95:14 | foo | InputAccessPathFromCallee | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:95:12:95:14 | foo | InputArgumentIndex | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:95:12:95:14 | foo | assignedToPropName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:95:12:95:14 | foo | calleeImports | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:95:12:95:14 | foo | contextFunctionInterfaces | deep(x)\ndeep2(x)\ninner(tainted, resolve)\ninner(x)\nmyWeirdInner(x)\nsafe(x) | -| autogenerated/Xss/ExceptionXss/exception-xss.js:95:12:95:14 | foo | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/ExceptionXss/exception-xss.js:95:12:95:14 | foo | enclosingFunctionBody | foo document location inner x unknown x unknown foo e $ myId html e inner foo e $ myId html e unknown foo bar e $ myId html e unknown prop foo e $ myId html e unknown bar foo e $ myId html e deep x deep2 x deep2 x inner x deep bar foo e $ myId html e tmp bar foo e $ myId html e safe x foo x bar safe foo e $ myId html e safe call null foo e $ myId html e myWeirdInner myWeirdInner x inner x e $ myId html e myWeirdInner foo e $ myId html e $ myId html foo unknown foo match /foo/ e $ myId html e unknown foo bar e $ myId html e unknown foo e $ myId html e | -| autogenerated/Xss/ExceptionXss/exception-xss.js:95:12:95:14 | foo | enclosingFunctionName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:95:12:95:14 | foo | fileImports | express fs | -| autogenerated/Xss/ExceptionXss/exception-xss.js:95:12:95:14 | foo | receiverName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:95:12:95:14 | foo | stringConcatenatedWith | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:95:17:95:21 | "bar" | CalleeFlexibleAccessPath | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:95:17:95:21 | "bar" | InputAccessPathFromCallee | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:95:17:95:21 | "bar" | InputArgumentIndex | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:95:17:95:21 | "bar" | assignedToPropName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:95:17:95:21 | "bar" | calleeImports | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:95:17:95:21 | "bar" | contextFunctionInterfaces | deep(x)\ndeep2(x)\ninner(tainted, resolve)\ninner(x)\nmyWeirdInner(x)\nsafe(x) | -| autogenerated/Xss/ExceptionXss/exception-xss.js:95:17:95:21 | "bar" | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/ExceptionXss/exception-xss.js:95:17:95:21 | "bar" | enclosingFunctionBody | foo document location inner x unknown x unknown foo e $ myId html e inner foo e $ myId html e unknown foo bar e $ myId html e unknown prop foo e $ myId html e unknown bar foo e $ myId html e deep x deep2 x deep2 x inner x deep bar foo e $ myId html e tmp bar foo e $ myId html e safe x foo x bar safe foo e $ myId html e safe call null foo e $ myId html e myWeirdInner myWeirdInner x inner x e $ myId html e myWeirdInner foo e $ myId html e $ myId html foo unknown foo match /foo/ e $ myId html e unknown foo bar e $ myId html e unknown foo e $ myId html e | -| autogenerated/Xss/ExceptionXss/exception-xss.js:95:17:95:21 | "bar" | enclosingFunctionName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:95:17:95:21 | "bar" | fileImports | express fs | -| autogenerated/Xss/ExceptionXss/exception-xss.js:95:17:95:21 | "bar" | receiverName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:95:17:95:21 | "bar" | stringConcatenatedWith | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:97:5:97:10 | 'myId' | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/ExceptionXss/exception-xss.js:97:5:97:10 | 'myId' | InputAccessPathFromCallee | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:97:5:97:10 | 'myId' | InputArgumentIndex | 0 | -| autogenerated/Xss/ExceptionXss/exception-xss.js:97:5:97:10 | 'myId' | assignedToPropName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:97:5:97:10 | 'myId' | calleeImports | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:97:5:97:10 | 'myId' | contextFunctionInterfaces | deep(x)\ndeep2(x)\ninner(tainted, resolve)\ninner(x)\nmyWeirdInner(x)\nsafe(x) | -| autogenerated/Xss/ExceptionXss/exception-xss.js:97:5:97:10 | 'myId' | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/ExceptionXss/exception-xss.js:97:5:97:10 | 'myId' | enclosingFunctionBody | foo document location inner x unknown x unknown foo e $ myId html e inner foo e $ myId html e unknown foo bar e $ myId html e unknown prop foo e $ myId html e unknown bar foo e $ myId html e deep x deep2 x deep2 x inner x deep bar foo e $ myId html e tmp bar foo e $ myId html e safe x foo x bar safe foo e $ myId html e safe call null foo e $ myId html e myWeirdInner myWeirdInner x inner x e $ myId html e myWeirdInner foo e $ myId html e $ myId html foo unknown foo match /foo/ e $ myId html e unknown foo bar e $ myId html e unknown foo e $ myId html e | -| autogenerated/Xss/ExceptionXss/exception-xss.js:97:5:97:10 | 'myId' | enclosingFunctionName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:97:5:97:10 | 'myId' | fileImports | express fs | -| autogenerated/Xss/ExceptionXss/exception-xss.js:97:5:97:10 | 'myId' | receiverName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:97:5:97:10 | 'myId' | stringConcatenatedWith | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:97:18:97:18 | e | CalleeFlexibleAccessPath | $().html | -| autogenerated/Xss/ExceptionXss/exception-xss.js:97:18:97:18 | e | InputAccessPathFromCallee | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:97:18:97:18 | e | InputArgumentIndex | 0 | -| autogenerated/Xss/ExceptionXss/exception-xss.js:97:18:97:18 | e | assignedToPropName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:97:18:97:18 | e | calleeImports | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:97:18:97:18 | e | contextFunctionInterfaces | deep(x)\ndeep2(x)\ninner(tainted, resolve)\ninner(x)\nmyWeirdInner(x)\nsafe(x) | -| autogenerated/Xss/ExceptionXss/exception-xss.js:97:18:97:18 | e | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/ExceptionXss/exception-xss.js:97:18:97:18 | e | enclosingFunctionBody | foo document location inner x unknown x unknown foo e $ myId html e inner foo e $ myId html e unknown foo bar e $ myId html e unknown prop foo e $ myId html e unknown bar foo e $ myId html e deep x deep2 x deep2 x inner x deep bar foo e $ myId html e tmp bar foo e $ myId html e safe x foo x bar safe foo e $ myId html e safe call null foo e $ myId html e myWeirdInner myWeirdInner x inner x e $ myId html e myWeirdInner foo e $ myId html e $ myId html foo unknown foo match /foo/ e $ myId html e unknown foo bar e $ myId html e unknown foo e $ myId html e | -| autogenerated/Xss/ExceptionXss/exception-xss.js:97:18:97:18 | e | enclosingFunctionName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:97:18:97:18 | e | fileImports | express fs | -| autogenerated/Xss/ExceptionXss/exception-xss.js:97:18:97:18 | e | receiverName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:97:18:97:18 | e | stringConcatenatedWith | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:102:12:102:14 | foo | CalleeFlexibleAccessPath | unknown | -| autogenerated/Xss/ExceptionXss/exception-xss.js:102:12:102:14 | foo | InputAccessPathFromCallee | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:102:12:102:14 | foo | InputArgumentIndex | 0 | -| autogenerated/Xss/ExceptionXss/exception-xss.js:102:12:102:14 | foo | assignedToPropName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:102:12:102:14 | foo | calleeImports | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:102:12:102:14 | foo | contextFunctionInterfaces | deep(x)\ndeep2(x)\ninner(tainted, resolve)\ninner(x)\nmyWeirdInner(x)\nsafe(x) | -| autogenerated/Xss/ExceptionXss/exception-xss.js:102:12:102:14 | foo | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/ExceptionXss/exception-xss.js:102:12:102:14 | foo | enclosingFunctionBody | foo document location inner x unknown x unknown foo e $ myId html e inner foo e $ myId html e unknown foo bar e $ myId html e unknown prop foo e $ myId html e unknown bar foo e $ myId html e deep x deep2 x deep2 x inner x deep bar foo e $ myId html e tmp bar foo e $ myId html e safe x foo x bar safe foo e $ myId html e safe call null foo e $ myId html e myWeirdInner myWeirdInner x inner x e $ myId html e myWeirdInner foo e $ myId html e $ myId html foo unknown foo match /foo/ e $ myId html e unknown foo bar e $ myId html e unknown foo e $ myId html e | -| autogenerated/Xss/ExceptionXss/exception-xss.js:102:12:102:14 | foo | enclosingFunctionName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:102:12:102:14 | foo | fileImports | express fs | -| autogenerated/Xss/ExceptionXss/exception-xss.js:102:12:102:14 | foo | receiverName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:102:12:102:14 | foo | stringConcatenatedWith | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:107:5:107:10 | 'myId' | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/ExceptionXss/exception-xss.js:107:5:107:10 | 'myId' | InputAccessPathFromCallee | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:107:5:107:10 | 'myId' | InputArgumentIndex | 0 | -| autogenerated/Xss/ExceptionXss/exception-xss.js:107:5:107:10 | 'myId' | assignedToPropName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:107:5:107:10 | 'myId' | calleeImports | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:107:5:107:10 | 'myId' | contextFunctionInterfaces | deep(x)\ndeep2(x)\ninner(tainted, resolve)\ninner(x)\nmyWeirdInner(x)\nsafe(x) | -| autogenerated/Xss/ExceptionXss/exception-xss.js:107:5:107:10 | 'myId' | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/ExceptionXss/exception-xss.js:107:5:107:10 | 'myId' | enclosingFunctionBody | foo document location inner x unknown x unknown foo e $ myId html e inner foo e $ myId html e unknown foo bar e $ myId html e unknown prop foo e $ myId html e unknown bar foo e $ myId html e deep x deep2 x deep2 x inner x deep bar foo e $ myId html e tmp bar foo e $ myId html e safe x foo x bar safe foo e $ myId html e safe call null foo e $ myId html e myWeirdInner myWeirdInner x inner x e $ myId html e myWeirdInner foo e $ myId html e $ myId html foo unknown foo match /foo/ e $ myId html e unknown foo bar e $ myId html e unknown foo e $ myId html e | -| autogenerated/Xss/ExceptionXss/exception-xss.js:107:5:107:10 | 'myId' | enclosingFunctionName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:107:5:107:10 | 'myId' | fileImports | express fs | -| autogenerated/Xss/ExceptionXss/exception-xss.js:107:5:107:10 | 'myId' | receiverName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:107:5:107:10 | 'myId' | stringConcatenatedWith | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:107:18:107:18 | e | CalleeFlexibleAccessPath | $().html | -| autogenerated/Xss/ExceptionXss/exception-xss.js:107:18:107:18 | e | InputAccessPathFromCallee | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:107:18:107:18 | e | InputArgumentIndex | 0 | -| autogenerated/Xss/ExceptionXss/exception-xss.js:107:18:107:18 | e | assignedToPropName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:107:18:107:18 | e | calleeImports | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:107:18:107:18 | e | contextFunctionInterfaces | deep(x)\ndeep2(x)\ninner(tainted, resolve)\ninner(x)\nmyWeirdInner(x)\nsafe(x) | -| autogenerated/Xss/ExceptionXss/exception-xss.js:107:18:107:18 | e | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/ExceptionXss/exception-xss.js:107:18:107:18 | e | enclosingFunctionBody | foo document location inner x unknown x unknown foo e $ myId html e inner foo e $ myId html e unknown foo bar e $ myId html e unknown prop foo e $ myId html e unknown bar foo e $ myId html e deep x deep2 x deep2 x inner x deep bar foo e $ myId html e tmp bar foo e $ myId html e safe x foo x bar safe foo e $ myId html e safe call null foo e $ myId html e myWeirdInner myWeirdInner x inner x e $ myId html e myWeirdInner foo e $ myId html e $ myId html foo unknown foo match /foo/ e $ myId html e unknown foo bar e $ myId html e unknown foo e $ myId html e | -| autogenerated/Xss/ExceptionXss/exception-xss.js:107:18:107:18 | e | enclosingFunctionName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:107:18:107:18 | e | fileImports | express fs | -| autogenerated/Xss/ExceptionXss/exception-xss.js:107:18:107:18 | e | receiverName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:107:18:107:18 | e | stringConcatenatedWith | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:111:23:111:31 | 'express' | CalleeFlexibleAccessPath | require | -| autogenerated/Xss/ExceptionXss/exception-xss.js:111:23:111:31 | 'express' | InputAccessPathFromCallee | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:111:23:111:31 | 'express' | InputArgumentIndex | 0 | -| autogenerated/Xss/ExceptionXss/exception-xss.js:111:23:111:31 | 'express' | assignedToPropName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:111:23:111:31 | 'express' | calleeImports | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:111:23:111:31 | 'express' | contextFunctionInterfaces | deep(x)\ndeep2(x)\ninner(tainted, resolve)\ninner(x)\nmyWeirdInner(x)\nsafe(x) | -| autogenerated/Xss/ExceptionXss/exception-xss.js:111:23:111:31 | 'express' | contextSurroundingFunctionParameters | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:111:23:111:31 | 'express' | enclosingFunctionBody | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:111:23:111:31 | 'express' | enclosingFunctionName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:111:23:111:31 | 'express' | fileImports | express fs | -| autogenerated/Xss/ExceptionXss/exception-xss.js:111:23:111:31 | 'express' | receiverName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:111:23:111:31 | 'express' | stringConcatenatedWith | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:115:9:115:19 | '/user/:id' | CalleeFlexibleAccessPath | app.get | -| autogenerated/Xss/ExceptionXss/exception-xss.js:115:9:115:19 | '/user/:id' | InputAccessPathFromCallee | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:115:9:115:19 | '/user/:id' | InputArgumentIndex | 0 | -| autogenerated/Xss/ExceptionXss/exception-xss.js:115:9:115:19 | '/user/:id' | assignedToPropName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:115:9:115:19 | '/user/:id' | calleeImports | express | -| autogenerated/Xss/ExceptionXss/exception-xss.js:115:9:115:19 | '/user/:id' | contextFunctionInterfaces | deep(x)\ndeep2(x)\ninner(tainted, resolve)\ninner(x)\nmyWeirdInner(x)\nsafe(x) | -| autogenerated/Xss/ExceptionXss/exception-xss.js:115:9:115:19 | '/user/:id' | contextSurroundingFunctionParameters | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:115:9:115:19 | '/user/:id' | enclosingFunctionBody | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:115:9:115:19 | '/user/:id' | enclosingFunctionName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:115:9:115:19 | '/user/:id' | fileImports | express fs | -| autogenerated/Xss/ExceptionXss/exception-xss.js:115:9:115:19 | '/user/:id' | receiverName | app | -| autogenerated/Xss/ExceptionXss/exception-xss.js:115:9:115:19 | '/user/:id' | stringConcatenatedWith | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:115:22:121:1 | functio ... K!\\n\\t}\\n} | CalleeFlexibleAccessPath | app.get | -| autogenerated/Xss/ExceptionXss/exception-xss.js:115:22:121:1 | functio ... K!\\n\\t}\\n} | InputAccessPathFromCallee | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:115:22:121:1 | functio ... K!\\n\\t}\\n} | InputArgumentIndex | 1 | -| autogenerated/Xss/ExceptionXss/exception-xss.js:115:22:121:1 | functio ... K!\\n\\t}\\n} | assignedToPropName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:115:22:121:1 | functio ... K!\\n\\t}\\n} | calleeImports | express | -| autogenerated/Xss/ExceptionXss/exception-xss.js:115:22:121:1 | functio ... K!\\n\\t}\\n} | contextFunctionInterfaces | deep(x)\ndeep2(x)\ninner(tainted, resolve)\ninner(x)\nmyWeirdInner(x)\nsafe(x) | -| autogenerated/Xss/ExceptionXss/exception-xss.js:115:22:121:1 | functio ... K!\\n\\t}\\n} | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/Xss/ExceptionXss/exception-xss.js:115:22:121:1 | functio ... K!\\n\\t}\\n} | enclosingFunctionBody | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:115:22:121:1 | functio ... K!\\n\\t}\\n} | enclosingFunctionName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:115:22:121:1 | functio ... K!\\n\\t}\\n} | fileImports | express fs | -| autogenerated/Xss/ExceptionXss/exception-xss.js:115:22:121:1 | functio ... K!\\n\\t}\\n} | receiverName | app | -| autogenerated/Xss/ExceptionXss/exception-xss.js:115:22:121:1 | functio ... K!\\n\\t}\\n} | stringConcatenatedWith | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:117:11:117:23 | req.params.id | CalleeFlexibleAccessPath | unknown | -| autogenerated/Xss/ExceptionXss/exception-xss.js:117:11:117:23 | req.params.id | InputAccessPathFromCallee | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:117:11:117:23 | req.params.id | InputArgumentIndex | 0 | -| autogenerated/Xss/ExceptionXss/exception-xss.js:117:11:117:23 | req.params.id | assignedToPropName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:117:11:117:23 | req.params.id | calleeImports | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:117:11:117:23 | req.params.id | contextFunctionInterfaces | deep(x)\ndeep2(x)\ninner(tainted, resolve)\ninner(x)\nmyWeirdInner(x)\nsafe(x) | -| autogenerated/Xss/ExceptionXss/exception-xss.js:117:11:117:23 | req.params.id | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/Xss/ExceptionXss/exception-xss.js:117:11:117:23 | req.params.id | enclosingFunctionBody | req res unknown req params id e res send Exception: e | -| autogenerated/Xss/ExceptionXss/exception-xss.js:117:11:117:23 | req.params.id | enclosingFunctionName | app.get#functionalargument | -| autogenerated/Xss/ExceptionXss/exception-xss.js:117:11:117:23 | req.params.id | fileImports | express fs | -| autogenerated/Xss/ExceptionXss/exception-xss.js:117:11:117:23 | req.params.id | receiverName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:117:11:117:23 | req.params.id | stringConcatenatedWith | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:125:25:125:42 | 'exceptionSession' | CalleeFlexibleAccessPath | sessionStorage.setItem | -| autogenerated/Xss/ExceptionXss/exception-xss.js:125:25:125:42 | 'exceptionSession' | InputAccessPathFromCallee | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:125:25:125:42 | 'exceptionSession' | InputArgumentIndex | 0 | -| autogenerated/Xss/ExceptionXss/exception-xss.js:125:25:125:42 | 'exceptionSession' | assignedToPropName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:125:25:125:42 | 'exceptionSession' | calleeImports | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:125:25:125:42 | 'exceptionSession' | contextFunctionInterfaces | deep(x)\ndeep2(x)\ninner(tainted, resolve)\ninner(x)\nmyWeirdInner(x)\nsafe(x) | -| autogenerated/Xss/ExceptionXss/exception-xss.js:125:25:125:42 | 'exceptionSession' | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/ExceptionXss/exception-xss.js:125:25:125:42 | 'exceptionSession' | enclosingFunctionBody | sessionStorage setItem exceptionSession document location search unknown sessionStorage getItem exceptionSession e $ myId html e | -| autogenerated/Xss/ExceptionXss/exception-xss.js:125:25:125:42 | 'exceptionSession' | enclosingFunctionName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:125:25:125:42 | 'exceptionSession' | fileImports | express fs | -| autogenerated/Xss/ExceptionXss/exception-xss.js:125:25:125:42 | 'exceptionSession' | receiverName | sessionStorage | -| autogenerated/Xss/ExceptionXss/exception-xss.js:125:25:125:42 | 'exceptionSession' | stringConcatenatedWith | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:125:45:125:68 | documen ... .search | CalleeFlexibleAccessPath | sessionStorage.setItem | -| autogenerated/Xss/ExceptionXss/exception-xss.js:125:45:125:68 | documen ... .search | InputAccessPathFromCallee | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:125:45:125:68 | documen ... .search | InputArgumentIndex | 1 | -| autogenerated/Xss/ExceptionXss/exception-xss.js:125:45:125:68 | documen ... .search | assignedToPropName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:125:45:125:68 | documen ... .search | calleeImports | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:125:45:125:68 | documen ... .search | contextFunctionInterfaces | deep(x)\ndeep2(x)\ninner(tainted, resolve)\ninner(x)\nmyWeirdInner(x)\nsafe(x) | -| autogenerated/Xss/ExceptionXss/exception-xss.js:125:45:125:68 | documen ... .search | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/ExceptionXss/exception-xss.js:125:45:125:68 | documen ... .search | enclosingFunctionBody | sessionStorage setItem exceptionSession document location search unknown sessionStorage getItem exceptionSession e $ myId html e | -| autogenerated/Xss/ExceptionXss/exception-xss.js:125:45:125:68 | documen ... .search | enclosingFunctionName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:125:45:125:68 | documen ... .search | fileImports | express fs | -| autogenerated/Xss/ExceptionXss/exception-xss.js:125:45:125:68 | documen ... .search | receiverName | sessionStorage | -| autogenerated/Xss/ExceptionXss/exception-xss.js:125:45:125:68 | documen ... .search | stringConcatenatedWith | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:128:11:128:52 | session ... ssion') | CalleeFlexibleAccessPath | unknown | -| autogenerated/Xss/ExceptionXss/exception-xss.js:128:11:128:52 | session ... ssion') | InputAccessPathFromCallee | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:128:11:128:52 | session ... ssion') | InputArgumentIndex | 0 | -| autogenerated/Xss/ExceptionXss/exception-xss.js:128:11:128:52 | session ... ssion') | assignedToPropName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:128:11:128:52 | session ... ssion') | calleeImports | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:128:11:128:52 | session ... ssion') | contextFunctionInterfaces | deep(x)\ndeep2(x)\ninner(tainted, resolve)\ninner(x)\nmyWeirdInner(x)\nsafe(x) | -| autogenerated/Xss/ExceptionXss/exception-xss.js:128:11:128:52 | session ... ssion') | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/ExceptionXss/exception-xss.js:128:11:128:52 | session ... ssion') | enclosingFunctionBody | sessionStorage setItem exceptionSession document location search unknown sessionStorage getItem exceptionSession e $ myId html e | -| autogenerated/Xss/ExceptionXss/exception-xss.js:128:11:128:52 | session ... ssion') | enclosingFunctionName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:128:11:128:52 | session ... ssion') | fileImports | express fs | -| autogenerated/Xss/ExceptionXss/exception-xss.js:128:11:128:52 | session ... ssion') | receiverName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:128:11:128:52 | session ... ssion') | stringConcatenatedWith | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:128:34:128:51 | 'exceptionSession' | CalleeFlexibleAccessPath | sessionStorage.getItem | -| autogenerated/Xss/ExceptionXss/exception-xss.js:128:34:128:51 | 'exceptionSession' | InputAccessPathFromCallee | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:128:34:128:51 | 'exceptionSession' | InputArgumentIndex | 0 | -| autogenerated/Xss/ExceptionXss/exception-xss.js:128:34:128:51 | 'exceptionSession' | assignedToPropName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:128:34:128:51 | 'exceptionSession' | calleeImports | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:128:34:128:51 | 'exceptionSession' | contextFunctionInterfaces | deep(x)\ndeep2(x)\ninner(tainted, resolve)\ninner(x)\nmyWeirdInner(x)\nsafe(x) | -| autogenerated/Xss/ExceptionXss/exception-xss.js:128:34:128:51 | 'exceptionSession' | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/ExceptionXss/exception-xss.js:128:34:128:51 | 'exceptionSession' | enclosingFunctionBody | sessionStorage setItem exceptionSession document location search unknown sessionStorage getItem exceptionSession e $ myId html e | -| autogenerated/Xss/ExceptionXss/exception-xss.js:128:34:128:51 | 'exceptionSession' | enclosingFunctionName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:128:34:128:51 | 'exceptionSession' | fileImports | express fs | -| autogenerated/Xss/ExceptionXss/exception-xss.js:128:34:128:51 | 'exceptionSession' | receiverName | sessionStorage | -| autogenerated/Xss/ExceptionXss/exception-xss.js:128:34:128:51 | 'exceptionSession' | stringConcatenatedWith | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:130:5:130:10 | 'myId' | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/ExceptionXss/exception-xss.js:130:5:130:10 | 'myId' | InputAccessPathFromCallee | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:130:5:130:10 | 'myId' | InputArgumentIndex | 0 | -| autogenerated/Xss/ExceptionXss/exception-xss.js:130:5:130:10 | 'myId' | assignedToPropName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:130:5:130:10 | 'myId' | calleeImports | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:130:5:130:10 | 'myId' | contextFunctionInterfaces | deep(x)\ndeep2(x)\ninner(tainted, resolve)\ninner(x)\nmyWeirdInner(x)\nsafe(x) | -| autogenerated/Xss/ExceptionXss/exception-xss.js:130:5:130:10 | 'myId' | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/ExceptionXss/exception-xss.js:130:5:130:10 | 'myId' | enclosingFunctionBody | sessionStorage setItem exceptionSession document location search unknown sessionStorage getItem exceptionSession e $ myId html e | -| autogenerated/Xss/ExceptionXss/exception-xss.js:130:5:130:10 | 'myId' | enclosingFunctionName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:130:5:130:10 | 'myId' | fileImports | express fs | -| autogenerated/Xss/ExceptionXss/exception-xss.js:130:5:130:10 | 'myId' | receiverName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:130:5:130:10 | 'myId' | stringConcatenatedWith | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:130:18:130:18 | e | CalleeFlexibleAccessPath | $().html | -| autogenerated/Xss/ExceptionXss/exception-xss.js:130:18:130:18 | e | InputAccessPathFromCallee | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:130:18:130:18 | e | InputArgumentIndex | 0 | -| autogenerated/Xss/ExceptionXss/exception-xss.js:130:18:130:18 | e | assignedToPropName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:130:18:130:18 | e | calleeImports | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:130:18:130:18 | e | contextFunctionInterfaces | deep(x)\ndeep2(x)\ninner(tainted, resolve)\ninner(x)\nmyWeirdInner(x)\nsafe(x) | -| autogenerated/Xss/ExceptionXss/exception-xss.js:130:18:130:18 | e | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/ExceptionXss/exception-xss.js:130:18:130:18 | e | enclosingFunctionBody | sessionStorage setItem exceptionSession document location search unknown sessionStorage getItem exceptionSession e $ myId html e | -| autogenerated/Xss/ExceptionXss/exception-xss.js:130:18:130:18 | e | enclosingFunctionName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:130:18:130:18 | e | fileImports | express fs | -| autogenerated/Xss/ExceptionXss/exception-xss.js:130:18:130:18 | e | receiverName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:130:18:130:18 | e | stringConcatenatedWith | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:135:9:135:19 | '/user/:id' | CalleeFlexibleAccessPath | app.get | -| autogenerated/Xss/ExceptionXss/exception-xss.js:135:9:135:19 | '/user/:id' | InputAccessPathFromCallee | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:135:9:135:19 | '/user/:id' | InputArgumentIndex | 0 | -| autogenerated/Xss/ExceptionXss/exception-xss.js:135:9:135:19 | '/user/:id' | assignedToPropName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:135:9:135:19 | '/user/:id' | calleeImports | express | -| autogenerated/Xss/ExceptionXss/exception-xss.js:135:9:135:19 | '/user/:id' | contextFunctionInterfaces | deep(x)\ndeep2(x)\ninner(tainted, resolve)\ninner(x)\nmyWeirdInner(x)\nsafe(x) | -| autogenerated/Xss/ExceptionXss/exception-xss.js:135:9:135:19 | '/user/:id' | contextSurroundingFunctionParameters | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:135:9:135:19 | '/user/:id' | enclosingFunctionBody | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:135:9:135:19 | '/user/:id' | enclosingFunctionName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:135:9:135:19 | '/user/:id' | fileImports | express fs | -| autogenerated/Xss/ExceptionXss/exception-xss.js:135:9:135:19 | '/user/:id' | receiverName | app | -| autogenerated/Xss/ExceptionXss/exception-xss.js:135:9:135:19 | '/user/:id' | stringConcatenatedWith | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:135:22:143:1 | functio ... \\n\\t});\\n} | CalleeFlexibleAccessPath | app.get | -| autogenerated/Xss/ExceptionXss/exception-xss.js:135:22:143:1 | functio ... \\n\\t});\\n} | InputAccessPathFromCallee | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:135:22:143:1 | functio ... \\n\\t});\\n} | InputArgumentIndex | 1 | -| autogenerated/Xss/ExceptionXss/exception-xss.js:135:22:143:1 | functio ... \\n\\t});\\n} | assignedToPropName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:135:22:143:1 | functio ... \\n\\t});\\n} | calleeImports | express | -| autogenerated/Xss/ExceptionXss/exception-xss.js:135:22:143:1 | functio ... \\n\\t});\\n} | contextFunctionInterfaces | deep(x)\ndeep2(x)\ninner(tainted, resolve)\ninner(x)\nmyWeirdInner(x)\nsafe(x) | -| autogenerated/Xss/ExceptionXss/exception-xss.js:135:22:143:1 | functio ... \\n\\t});\\n} | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/Xss/ExceptionXss/exception-xss.js:135:22:143:1 | functio ... \\n\\t});\\n} | enclosingFunctionBody | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:135:22:143:1 | functio ... \\n\\t});\\n} | enclosingFunctionName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:135:22:143:1 | functio ... \\n\\t});\\n} | fileImports | express fs | -| autogenerated/Xss/ExceptionXss/exception-xss.js:135:22:143:1 | functio ... \\n\\t});\\n} | receiverName | app | -| autogenerated/Xss/ExceptionXss/exception-xss.js:135:22:143:1 | functio ... \\n\\t});\\n} | stringConcatenatedWith | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:136:10:136:22 | req.params.id | CalleeFlexibleAccessPath | unknown | -| autogenerated/Xss/ExceptionXss/exception-xss.js:136:10:136:22 | req.params.id | InputAccessPathFromCallee | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:136:10:136:22 | req.params.id | InputArgumentIndex | 0 | -| autogenerated/Xss/ExceptionXss/exception-xss.js:136:10:136:22 | req.params.id | assignedToPropName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:136:10:136:22 | req.params.id | calleeImports | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:136:10:136:22 | req.params.id | contextFunctionInterfaces | deep(x)\ndeep2(x)\ninner(tainted, resolve)\ninner(x)\nmyWeirdInner(x)\nsafe(x) | -| autogenerated/Xss/ExceptionXss/exception-xss.js:136:10:136:22 | req.params.id | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/Xss/ExceptionXss/exception-xss.js:136:10:136:22 | req.params.id | enclosingFunctionBody | req res unknown req params id error res error $ myId html error $ myId html res | -| autogenerated/Xss/ExceptionXss/exception-xss.js:136:10:136:22 | req.params.id | enclosingFunctionName | app.get#functionalargument | -| autogenerated/Xss/ExceptionXss/exception-xss.js:136:10:136:22 | req.params.id | fileImports | express fs | -| autogenerated/Xss/ExceptionXss/exception-xss.js:136:10:136:22 | req.params.id | receiverName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:136:10:136:22 | req.params.id | stringConcatenatedWith | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:136:25:142:2 | (error, ... ow?)\\n\\t} | CalleeFlexibleAccessPath | unknown | -| autogenerated/Xss/ExceptionXss/exception-xss.js:136:25:142:2 | (error, ... ow?)\\n\\t} | InputAccessPathFromCallee | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:136:25:142:2 | (error, ... ow?)\\n\\t} | InputArgumentIndex | 1 | -| autogenerated/Xss/ExceptionXss/exception-xss.js:136:25:142:2 | (error, ... ow?)\\n\\t} | assignedToPropName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:136:25:142:2 | (error, ... ow?)\\n\\t} | calleeImports | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:136:25:142:2 | (error, ... ow?)\\n\\t} | contextFunctionInterfaces | deep(x)\ndeep2(x)\ninner(tainted, resolve)\ninner(x)\nmyWeirdInner(x)\nsafe(x) | -| autogenerated/Xss/ExceptionXss/exception-xss.js:136:25:142:2 | (error, ... ow?)\\n\\t} | contextSurroundingFunctionParameters | (req, res)\n(error, res) | -| autogenerated/Xss/ExceptionXss/exception-xss.js:136:25:142:2 | (error, ... ow?)\\n\\t} | enclosingFunctionBody | req res unknown req params id error res error $ myId html error $ myId html res | -| autogenerated/Xss/ExceptionXss/exception-xss.js:136:25:142:2 | (error, ... ow?)\\n\\t} | enclosingFunctionName | app.get#functionalargument | -| autogenerated/Xss/ExceptionXss/exception-xss.js:136:25:142:2 | (error, ... ow?)\\n\\t} | fileImports | express fs | -| autogenerated/Xss/ExceptionXss/exception-xss.js:136:25:142:2 | (error, ... ow?)\\n\\t} | receiverName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:136:25:142:2 | (error, ... ow?)\\n\\t} | stringConcatenatedWith | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:138:6:138:11 | 'myId' | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/ExceptionXss/exception-xss.js:138:6:138:11 | 'myId' | InputAccessPathFromCallee | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:138:6:138:11 | 'myId' | InputArgumentIndex | 0 | -| autogenerated/Xss/ExceptionXss/exception-xss.js:138:6:138:11 | 'myId' | assignedToPropName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:138:6:138:11 | 'myId' | calleeImports | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:138:6:138:11 | 'myId' | contextFunctionInterfaces | deep(x)\ndeep2(x)\ninner(tainted, resolve)\ninner(x)\nmyWeirdInner(x)\nsafe(x) | -| autogenerated/Xss/ExceptionXss/exception-xss.js:138:6:138:11 | 'myId' | contextSurroundingFunctionParameters | (req, res)\n(error, res) | -| autogenerated/Xss/ExceptionXss/exception-xss.js:138:6:138:11 | 'myId' | enclosingFunctionBody | req res unknown req params id error res error $ myId html error $ myId html res | -| autogenerated/Xss/ExceptionXss/exception-xss.js:138:6:138:11 | 'myId' | enclosingFunctionName | app.get#functionalargument | -| autogenerated/Xss/ExceptionXss/exception-xss.js:138:6:138:11 | 'myId' | fileImports | express fs | -| autogenerated/Xss/ExceptionXss/exception-xss.js:138:6:138:11 | 'myId' | receiverName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:138:6:138:11 | 'myId' | stringConcatenatedWith | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:138:19:138:23 | error | CalleeFlexibleAccessPath | $().html | -| autogenerated/Xss/ExceptionXss/exception-xss.js:138:19:138:23 | error | InputAccessPathFromCallee | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:138:19:138:23 | error | InputArgumentIndex | 0 | -| autogenerated/Xss/ExceptionXss/exception-xss.js:138:19:138:23 | error | assignedToPropName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:138:19:138:23 | error | calleeImports | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:138:19:138:23 | error | contextFunctionInterfaces | deep(x)\ndeep2(x)\ninner(tainted, resolve)\ninner(x)\nmyWeirdInner(x)\nsafe(x) | -| autogenerated/Xss/ExceptionXss/exception-xss.js:138:19:138:23 | error | contextSurroundingFunctionParameters | (req, res)\n(error, res) | -| autogenerated/Xss/ExceptionXss/exception-xss.js:138:19:138:23 | error | enclosingFunctionBody | req res unknown req params id error res error $ myId html error $ myId html res | -| autogenerated/Xss/ExceptionXss/exception-xss.js:138:19:138:23 | error | enclosingFunctionName | app.get#functionalargument | -| autogenerated/Xss/ExceptionXss/exception-xss.js:138:19:138:23 | error | fileImports | express fs | -| autogenerated/Xss/ExceptionXss/exception-xss.js:138:19:138:23 | error | receiverName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:138:19:138:23 | error | stringConcatenatedWith | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:141:5:141:10 | 'myId' | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/ExceptionXss/exception-xss.js:141:5:141:10 | 'myId' | InputAccessPathFromCallee | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:141:5:141:10 | 'myId' | InputArgumentIndex | 0 | -| autogenerated/Xss/ExceptionXss/exception-xss.js:141:5:141:10 | 'myId' | assignedToPropName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:141:5:141:10 | 'myId' | calleeImports | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:141:5:141:10 | 'myId' | contextFunctionInterfaces | deep(x)\ndeep2(x)\ninner(tainted, resolve)\ninner(x)\nmyWeirdInner(x)\nsafe(x) | -| autogenerated/Xss/ExceptionXss/exception-xss.js:141:5:141:10 | 'myId' | contextSurroundingFunctionParameters | (req, res)\n(error, res) | -| autogenerated/Xss/ExceptionXss/exception-xss.js:141:5:141:10 | 'myId' | enclosingFunctionBody | req res unknown req params id error res error $ myId html error $ myId html res | -| autogenerated/Xss/ExceptionXss/exception-xss.js:141:5:141:10 | 'myId' | enclosingFunctionName | app.get#functionalargument | -| autogenerated/Xss/ExceptionXss/exception-xss.js:141:5:141:10 | 'myId' | fileImports | express fs | -| autogenerated/Xss/ExceptionXss/exception-xss.js:141:5:141:10 | 'myId' | receiverName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:141:5:141:10 | 'myId' | stringConcatenatedWith | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:141:18:141:20 | res | CalleeFlexibleAccessPath | $().html | -| autogenerated/Xss/ExceptionXss/exception-xss.js:141:18:141:20 | res | InputAccessPathFromCallee | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:141:18:141:20 | res | InputArgumentIndex | 0 | -| autogenerated/Xss/ExceptionXss/exception-xss.js:141:18:141:20 | res | assignedToPropName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:141:18:141:20 | res | calleeImports | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:141:18:141:20 | res | contextFunctionInterfaces | deep(x)\ndeep2(x)\ninner(tainted, resolve)\ninner(x)\nmyWeirdInner(x)\nsafe(x) | -| autogenerated/Xss/ExceptionXss/exception-xss.js:141:18:141:20 | res | contextSurroundingFunctionParameters | (req, res)\n(error, res) | -| autogenerated/Xss/ExceptionXss/exception-xss.js:141:18:141:20 | res | enclosingFunctionBody | req res unknown req params id error res error $ myId html error $ myId html res | -| autogenerated/Xss/ExceptionXss/exception-xss.js:141:18:141:20 | res | enclosingFunctionName | app.get#functionalargument | -| autogenerated/Xss/ExceptionXss/exception-xss.js:141:18:141:20 | res | fileImports | express fs | -| autogenerated/Xss/ExceptionXss/exception-xss.js:141:18:141:20 | res | receiverName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:141:18:141:20 | res | stringConcatenatedWith | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:148:33:148:35 | foo | CalleeFlexibleAccessPath | unknown | -| autogenerated/Xss/ExceptionXss/exception-xss.js:148:33:148:35 | foo | InputAccessPathFromCallee | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:148:33:148:35 | foo | InputArgumentIndex | 0 | -| autogenerated/Xss/ExceptionXss/exception-xss.js:148:33:148:35 | foo | assignedToPropName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:148:33:148:35 | foo | calleeImports | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:148:33:148:35 | foo | contextFunctionInterfaces | deep(x)\ndeep2(x)\ninner(tainted, resolve)\ninner(x)\nmyWeirdInner(x)\nsafe(x) | -| autogenerated/Xss/ExceptionXss/exception-xss.js:148:33:148:35 | foo | contextSurroundingFunctionParameters | ()\n(resolve) | -| autogenerated/Xss/ExceptionXss/exception-xss.js:148:33:148:35 | foo | enclosingFunctionBody | foo document location search Promise resolve unknown foo resolve catch e $ myId html e null foo e $ myId html e unknown foo e $ myId html e foo foo e $ myId html e inner tainted resolve unknown tainted resolve Promise resolve inner foo resolve catch e $ myId html e | -| autogenerated/Xss/ExceptionXss/exception-xss.js:148:33:148:35 | foo | enclosingFunctionName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:148:33:148:35 | foo | fileImports | express fs | -| autogenerated/Xss/ExceptionXss/exception-xss.js:148:33:148:35 | foo | receiverName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:148:33:148:35 | foo | stringConcatenatedWith | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:148:38:148:44 | resolve | CalleeFlexibleAccessPath | unknown | -| autogenerated/Xss/ExceptionXss/exception-xss.js:148:38:148:44 | resolve | InputAccessPathFromCallee | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:148:38:148:44 | resolve | InputArgumentIndex | 1 | -| autogenerated/Xss/ExceptionXss/exception-xss.js:148:38:148:44 | resolve | assignedToPropName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:148:38:148:44 | resolve | calleeImports | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:148:38:148:44 | resolve | contextFunctionInterfaces | deep(x)\ndeep2(x)\ninner(tainted, resolve)\ninner(x)\nmyWeirdInner(x)\nsafe(x) | -| autogenerated/Xss/ExceptionXss/exception-xss.js:148:38:148:44 | resolve | contextSurroundingFunctionParameters | ()\n(resolve) | -| autogenerated/Xss/ExceptionXss/exception-xss.js:148:38:148:44 | resolve | enclosingFunctionBody | foo document location search Promise resolve unknown foo resolve catch e $ myId html e null foo e $ myId html e unknown foo e $ myId html e foo foo e $ myId html e inner tainted resolve unknown tainted resolve Promise resolve inner foo resolve catch e $ myId html e | -| autogenerated/Xss/ExceptionXss/exception-xss.js:148:38:148:44 | resolve | enclosingFunctionName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:148:38:148:44 | resolve | fileImports | express fs | -| autogenerated/Xss/ExceptionXss/exception-xss.js:148:38:148:44 | resolve | receiverName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:148:38:148:44 | resolve | stringConcatenatedWith | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:148:54:150:2 | (e) => ... T OK\\n\\t} | CalleeFlexibleAccessPath | Promise().catch | -| autogenerated/Xss/ExceptionXss/exception-xss.js:148:54:150:2 | (e) => ... T OK\\n\\t} | InputAccessPathFromCallee | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:148:54:150:2 | (e) => ... T OK\\n\\t} | InputArgumentIndex | 0 | -| autogenerated/Xss/ExceptionXss/exception-xss.js:148:54:150:2 | (e) => ... T OK\\n\\t} | assignedToPropName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:148:54:150:2 | (e) => ... T OK\\n\\t} | calleeImports | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:148:54:150:2 | (e) => ... T OK\\n\\t} | contextFunctionInterfaces | deep(x)\ndeep2(x)\ninner(tainted, resolve)\ninner(x)\nmyWeirdInner(x)\nsafe(x) | -| autogenerated/Xss/ExceptionXss/exception-xss.js:148:54:150:2 | (e) => ... T OK\\n\\t} | contextSurroundingFunctionParameters | ()\n(e) | -| autogenerated/Xss/ExceptionXss/exception-xss.js:148:54:150:2 | (e) => ... T OK\\n\\t} | enclosingFunctionBody | foo document location search Promise resolve unknown foo resolve catch e $ myId html e null foo e $ myId html e unknown foo e $ myId html e foo foo e $ myId html e inner tainted resolve unknown tainted resolve Promise resolve inner foo resolve catch e $ myId html e | -| autogenerated/Xss/ExceptionXss/exception-xss.js:148:54:150:2 | (e) => ... T OK\\n\\t} | enclosingFunctionName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:148:54:150:2 | (e) => ... T OK\\n\\t} | fileImports | express fs | -| autogenerated/Xss/ExceptionXss/exception-xss.js:148:54:150:2 | (e) => ... T OK\\n\\t} | receiverName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:148:54:150:2 | (e) => ... T OK\\n\\t} | stringConcatenatedWith | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:149:5:149:10 | 'myId' | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/ExceptionXss/exception-xss.js:149:5:149:10 | 'myId' | InputAccessPathFromCallee | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:149:5:149:10 | 'myId' | InputArgumentIndex | 0 | -| autogenerated/Xss/ExceptionXss/exception-xss.js:149:5:149:10 | 'myId' | assignedToPropName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:149:5:149:10 | 'myId' | calleeImports | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:149:5:149:10 | 'myId' | contextFunctionInterfaces | deep(x)\ndeep2(x)\ninner(tainted, resolve)\ninner(x)\nmyWeirdInner(x)\nsafe(x) | -| autogenerated/Xss/ExceptionXss/exception-xss.js:149:5:149:10 | 'myId' | contextSurroundingFunctionParameters | ()\n(e) | -| autogenerated/Xss/ExceptionXss/exception-xss.js:149:5:149:10 | 'myId' | enclosingFunctionBody | foo document location search Promise resolve unknown foo resolve catch e $ myId html e null foo e $ myId html e unknown foo e $ myId html e foo foo e $ myId html e inner tainted resolve unknown tainted resolve Promise resolve inner foo resolve catch e $ myId html e | -| autogenerated/Xss/ExceptionXss/exception-xss.js:149:5:149:10 | 'myId' | enclosingFunctionName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:149:5:149:10 | 'myId' | fileImports | express fs | -| autogenerated/Xss/ExceptionXss/exception-xss.js:149:5:149:10 | 'myId' | receiverName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:149:5:149:10 | 'myId' | stringConcatenatedWith | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:149:18:149:18 | e | CalleeFlexibleAccessPath | $().html | -| autogenerated/Xss/ExceptionXss/exception-xss.js:149:18:149:18 | e | InputAccessPathFromCallee | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:149:18:149:18 | e | InputArgumentIndex | 0 | -| autogenerated/Xss/ExceptionXss/exception-xss.js:149:18:149:18 | e | assignedToPropName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:149:18:149:18 | e | calleeImports | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:149:18:149:18 | e | contextFunctionInterfaces | deep(x)\ndeep2(x)\ninner(tainted, resolve)\ninner(x)\nmyWeirdInner(x)\nsafe(x) | -| autogenerated/Xss/ExceptionXss/exception-xss.js:149:18:149:18 | e | contextSurroundingFunctionParameters | ()\n(e) | -| autogenerated/Xss/ExceptionXss/exception-xss.js:149:18:149:18 | e | enclosingFunctionBody | foo document location search Promise resolve unknown foo resolve catch e $ myId html e null foo e $ myId html e unknown foo e $ myId html e foo foo e $ myId html e inner tainted resolve unknown tainted resolve Promise resolve inner foo resolve catch e $ myId html e | -| autogenerated/Xss/ExceptionXss/exception-xss.js:149:18:149:18 | e | enclosingFunctionName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:149:18:149:18 | e | fileImports | express fs | -| autogenerated/Xss/ExceptionXss/exception-xss.js:149:18:149:18 | e | receiverName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:149:18:149:18 | e | stringConcatenatedWith | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:155:5:155:10 | 'myId' | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/ExceptionXss/exception-xss.js:155:5:155:10 | 'myId' | InputAccessPathFromCallee | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:155:5:155:10 | 'myId' | InputArgumentIndex | 0 | -| autogenerated/Xss/ExceptionXss/exception-xss.js:155:5:155:10 | 'myId' | assignedToPropName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:155:5:155:10 | 'myId' | calleeImports | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:155:5:155:10 | 'myId' | contextFunctionInterfaces | deep(x)\ndeep2(x)\ninner(tainted, resolve)\ninner(x)\nmyWeirdInner(x)\nsafe(x) | -| autogenerated/Xss/ExceptionXss/exception-xss.js:155:5:155:10 | 'myId' | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/ExceptionXss/exception-xss.js:155:5:155:10 | 'myId' | enclosingFunctionBody | foo document location search Promise resolve unknown foo resolve catch e $ myId html e null foo e $ myId html e unknown foo e $ myId html e foo foo e $ myId html e inner tainted resolve unknown tainted resolve Promise resolve inner foo resolve catch e $ myId html e | -| autogenerated/Xss/ExceptionXss/exception-xss.js:155:5:155:10 | 'myId' | enclosingFunctionName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:155:5:155:10 | 'myId' | fileImports | express fs | -| autogenerated/Xss/ExceptionXss/exception-xss.js:155:5:155:10 | 'myId' | receiverName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:155:5:155:10 | 'myId' | stringConcatenatedWith | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:155:18:155:18 | e | CalleeFlexibleAccessPath | $().html | -| autogenerated/Xss/ExceptionXss/exception-xss.js:155:18:155:18 | e | InputAccessPathFromCallee | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:155:18:155:18 | e | InputArgumentIndex | 0 | -| autogenerated/Xss/ExceptionXss/exception-xss.js:155:18:155:18 | e | assignedToPropName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:155:18:155:18 | e | calleeImports | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:155:18:155:18 | e | contextFunctionInterfaces | deep(x)\ndeep2(x)\ninner(tainted, resolve)\ninner(x)\nmyWeirdInner(x)\nsafe(x) | -| autogenerated/Xss/ExceptionXss/exception-xss.js:155:18:155:18 | e | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/ExceptionXss/exception-xss.js:155:18:155:18 | e | enclosingFunctionBody | foo document location search Promise resolve unknown foo resolve catch e $ myId html e null foo e $ myId html e unknown foo e $ myId html e foo foo e $ myId html e inner tainted resolve unknown tainted resolve Promise resolve inner foo resolve catch e $ myId html e | -| autogenerated/Xss/ExceptionXss/exception-xss.js:155:18:155:18 | e | enclosingFunctionName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:155:18:155:18 | e | fileImports | express fs | -| autogenerated/Xss/ExceptionXss/exception-xss.js:155:18:155:18 | e | receiverName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:155:18:155:18 | e | stringConcatenatedWith | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:161:5:161:10 | 'myId' | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/ExceptionXss/exception-xss.js:161:5:161:10 | 'myId' | InputAccessPathFromCallee | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:161:5:161:10 | 'myId' | InputArgumentIndex | 0 | -| autogenerated/Xss/ExceptionXss/exception-xss.js:161:5:161:10 | 'myId' | assignedToPropName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:161:5:161:10 | 'myId' | calleeImports | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:161:5:161:10 | 'myId' | contextFunctionInterfaces | deep(x)\ndeep2(x)\ninner(tainted, resolve)\ninner(x)\nmyWeirdInner(x)\nsafe(x) | -| autogenerated/Xss/ExceptionXss/exception-xss.js:161:5:161:10 | 'myId' | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/ExceptionXss/exception-xss.js:161:5:161:10 | 'myId' | enclosingFunctionBody | foo document location search Promise resolve unknown foo resolve catch e $ myId html e null foo e $ myId html e unknown foo e $ myId html e foo foo e $ myId html e inner tainted resolve unknown tainted resolve Promise resolve inner foo resolve catch e $ myId html e | -| autogenerated/Xss/ExceptionXss/exception-xss.js:161:5:161:10 | 'myId' | enclosingFunctionName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:161:5:161:10 | 'myId' | fileImports | express fs | -| autogenerated/Xss/ExceptionXss/exception-xss.js:161:5:161:10 | 'myId' | receiverName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:161:5:161:10 | 'myId' | stringConcatenatedWith | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:161:18:161:18 | e | CalleeFlexibleAccessPath | $().html | -| autogenerated/Xss/ExceptionXss/exception-xss.js:161:18:161:18 | e | InputAccessPathFromCallee | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:161:18:161:18 | e | InputArgumentIndex | 0 | -| autogenerated/Xss/ExceptionXss/exception-xss.js:161:18:161:18 | e | assignedToPropName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:161:18:161:18 | e | calleeImports | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:161:18:161:18 | e | contextFunctionInterfaces | deep(x)\ndeep2(x)\ninner(tainted, resolve)\ninner(x)\nmyWeirdInner(x)\nsafe(x) | -| autogenerated/Xss/ExceptionXss/exception-xss.js:161:18:161:18 | e | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/ExceptionXss/exception-xss.js:161:18:161:18 | e | enclosingFunctionBody | foo document location search Promise resolve unknown foo resolve catch e $ myId html e null foo e $ myId html e unknown foo e $ myId html e foo foo e $ myId html e inner tainted resolve unknown tainted resolve Promise resolve inner foo resolve catch e $ myId html e | -| autogenerated/Xss/ExceptionXss/exception-xss.js:161:18:161:18 | e | enclosingFunctionName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:161:18:161:18 | e | fileImports | express fs | -| autogenerated/Xss/ExceptionXss/exception-xss.js:161:18:161:18 | e | receiverName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:161:18:161:18 | e | stringConcatenatedWith | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:167:5:167:10 | 'myId' | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/ExceptionXss/exception-xss.js:167:5:167:10 | 'myId' | InputAccessPathFromCallee | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:167:5:167:10 | 'myId' | InputArgumentIndex | 0 | -| autogenerated/Xss/ExceptionXss/exception-xss.js:167:5:167:10 | 'myId' | assignedToPropName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:167:5:167:10 | 'myId' | calleeImports | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:167:5:167:10 | 'myId' | contextFunctionInterfaces | deep(x)\ndeep2(x)\ninner(tainted, resolve)\ninner(x)\nmyWeirdInner(x)\nsafe(x) | -| autogenerated/Xss/ExceptionXss/exception-xss.js:167:5:167:10 | 'myId' | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/ExceptionXss/exception-xss.js:167:5:167:10 | 'myId' | enclosingFunctionBody | foo document location search Promise resolve unknown foo resolve catch e $ myId html e null foo e $ myId html e unknown foo e $ myId html e foo foo e $ myId html e inner tainted resolve unknown tainted resolve Promise resolve inner foo resolve catch e $ myId html e | -| autogenerated/Xss/ExceptionXss/exception-xss.js:167:5:167:10 | 'myId' | enclosingFunctionName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:167:5:167:10 | 'myId' | fileImports | express fs | -| autogenerated/Xss/ExceptionXss/exception-xss.js:167:5:167:10 | 'myId' | receiverName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:167:5:167:10 | 'myId' | stringConcatenatedWith | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:167:18:167:18 | e | CalleeFlexibleAccessPath | $().html | -| autogenerated/Xss/ExceptionXss/exception-xss.js:167:18:167:18 | e | InputAccessPathFromCallee | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:167:18:167:18 | e | InputArgumentIndex | 0 | -| autogenerated/Xss/ExceptionXss/exception-xss.js:167:18:167:18 | e | assignedToPropName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:167:18:167:18 | e | calleeImports | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:167:18:167:18 | e | contextFunctionInterfaces | deep(x)\ndeep2(x)\ninner(tainted, resolve)\ninner(x)\nmyWeirdInner(x)\nsafe(x) | -| autogenerated/Xss/ExceptionXss/exception-xss.js:167:18:167:18 | e | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/ExceptionXss/exception-xss.js:167:18:167:18 | e | enclosingFunctionBody | foo document location search Promise resolve unknown foo resolve catch e $ myId html e null foo e $ myId html e unknown foo e $ myId html e foo foo e $ myId html e inner tainted resolve unknown tainted resolve Promise resolve inner foo resolve catch e $ myId html e | -| autogenerated/Xss/ExceptionXss/exception-xss.js:167:18:167:18 | e | enclosingFunctionName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:167:18:167:18 | e | fileImports | express fs | -| autogenerated/Xss/ExceptionXss/exception-xss.js:167:18:167:18 | e | receiverName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:167:18:167:18 | e | stringConcatenatedWith | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:171:11:171:17 | tainted | CalleeFlexibleAccessPath | unknown | -| autogenerated/Xss/ExceptionXss/exception-xss.js:171:11:171:17 | tainted | InputAccessPathFromCallee | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:171:11:171:17 | tainted | InputArgumentIndex | 0 | -| autogenerated/Xss/ExceptionXss/exception-xss.js:171:11:171:17 | tainted | assignedToPropName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:171:11:171:17 | tainted | calleeImports | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:171:11:171:17 | tainted | contextFunctionInterfaces | deep(x)\ndeep2(x)\ninner(tainted, resolve)\ninner(x)\nmyWeirdInner(x)\nsafe(x) | -| autogenerated/Xss/ExceptionXss/exception-xss.js:171:11:171:17 | tainted | contextSurroundingFunctionParameters | (tainted, resolve) | -| autogenerated/Xss/ExceptionXss/exception-xss.js:171:11:171:17 | tainted | enclosingFunctionBody | foo document location search Promise resolve unknown foo resolve catch e $ myId html e null foo e $ myId html e unknown foo e $ myId html e foo foo e $ myId html e inner tainted resolve unknown tainted resolve Promise resolve inner foo resolve catch e $ myId html e | -| autogenerated/Xss/ExceptionXss/exception-xss.js:171:11:171:17 | tainted | enclosingFunctionName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:171:11:171:17 | tainted | fileImports | express fs | -| autogenerated/Xss/ExceptionXss/exception-xss.js:171:11:171:17 | tainted | receiverName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:171:11:171:17 | tainted | stringConcatenatedWith | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:171:20:171:26 | resolve | CalleeFlexibleAccessPath | unknown | -| autogenerated/Xss/ExceptionXss/exception-xss.js:171:20:171:26 | resolve | InputAccessPathFromCallee | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:171:20:171:26 | resolve | InputArgumentIndex | 1 | -| autogenerated/Xss/ExceptionXss/exception-xss.js:171:20:171:26 | resolve | assignedToPropName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:171:20:171:26 | resolve | calleeImports | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:171:20:171:26 | resolve | contextFunctionInterfaces | deep(x)\ndeep2(x)\ninner(tainted, resolve)\ninner(x)\nmyWeirdInner(x)\nsafe(x) | -| autogenerated/Xss/ExceptionXss/exception-xss.js:171:20:171:26 | resolve | contextSurroundingFunctionParameters | (tainted, resolve) | -| autogenerated/Xss/ExceptionXss/exception-xss.js:171:20:171:26 | resolve | enclosingFunctionBody | foo document location search Promise resolve unknown foo resolve catch e $ myId html e null foo e $ myId html e unknown foo e $ myId html e foo foo e $ myId html e inner tainted resolve unknown tainted resolve Promise resolve inner foo resolve catch e $ myId html e | -| autogenerated/Xss/ExceptionXss/exception-xss.js:171:20:171:26 | resolve | enclosingFunctionName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:171:20:171:26 | resolve | fileImports | express fs | -| autogenerated/Xss/ExceptionXss/exception-xss.js:171:20:171:26 | resolve | receiverName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:171:20:171:26 | resolve | stringConcatenatedWith | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:174:52:176:2 | (e) => ... T OK\\n\\t} | CalleeFlexibleAccessPath | Promise().catch | -| autogenerated/Xss/ExceptionXss/exception-xss.js:174:52:176:2 | (e) => ... T OK\\n\\t} | InputAccessPathFromCallee | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:174:52:176:2 | (e) => ... T OK\\n\\t} | InputArgumentIndex | 0 | -| autogenerated/Xss/ExceptionXss/exception-xss.js:174:52:176:2 | (e) => ... T OK\\n\\t} | assignedToPropName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:174:52:176:2 | (e) => ... T OK\\n\\t} | calleeImports | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:174:52:176:2 | (e) => ... T OK\\n\\t} | contextFunctionInterfaces | deep(x)\ndeep2(x)\ninner(tainted, resolve)\ninner(x)\nmyWeirdInner(x)\nsafe(x) | -| autogenerated/Xss/ExceptionXss/exception-xss.js:174:52:176:2 | (e) => ... T OK\\n\\t} | contextSurroundingFunctionParameters | ()\n(e) | -| autogenerated/Xss/ExceptionXss/exception-xss.js:174:52:176:2 | (e) => ... T OK\\n\\t} | enclosingFunctionBody | foo document location search Promise resolve unknown foo resolve catch e $ myId html e null foo e $ myId html e unknown foo e $ myId html e foo foo e $ myId html e inner tainted resolve unknown tainted resolve Promise resolve inner foo resolve catch e $ myId html e | -| autogenerated/Xss/ExceptionXss/exception-xss.js:174:52:176:2 | (e) => ... T OK\\n\\t} | enclosingFunctionName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:174:52:176:2 | (e) => ... T OK\\n\\t} | fileImports | express fs | -| autogenerated/Xss/ExceptionXss/exception-xss.js:174:52:176:2 | (e) => ... T OK\\n\\t} | receiverName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:174:52:176:2 | (e) => ... T OK\\n\\t} | stringConcatenatedWith | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:175:5:175:10 | 'myId' | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/ExceptionXss/exception-xss.js:175:5:175:10 | 'myId' | InputAccessPathFromCallee | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:175:5:175:10 | 'myId' | InputArgumentIndex | 0 | -| autogenerated/Xss/ExceptionXss/exception-xss.js:175:5:175:10 | 'myId' | assignedToPropName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:175:5:175:10 | 'myId' | calleeImports | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:175:5:175:10 | 'myId' | contextFunctionInterfaces | deep(x)\ndeep2(x)\ninner(tainted, resolve)\ninner(x)\nmyWeirdInner(x)\nsafe(x) | -| autogenerated/Xss/ExceptionXss/exception-xss.js:175:5:175:10 | 'myId' | contextSurroundingFunctionParameters | ()\n(e) | -| autogenerated/Xss/ExceptionXss/exception-xss.js:175:5:175:10 | 'myId' | enclosingFunctionBody | foo document location search Promise resolve unknown foo resolve catch e $ myId html e null foo e $ myId html e unknown foo e $ myId html e foo foo e $ myId html e inner tainted resolve unknown tainted resolve Promise resolve inner foo resolve catch e $ myId html e | -| autogenerated/Xss/ExceptionXss/exception-xss.js:175:5:175:10 | 'myId' | enclosingFunctionName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:175:5:175:10 | 'myId' | fileImports | express fs | -| autogenerated/Xss/ExceptionXss/exception-xss.js:175:5:175:10 | 'myId' | receiverName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:175:5:175:10 | 'myId' | stringConcatenatedWith | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:175:18:175:18 | e | CalleeFlexibleAccessPath | $().html | -| autogenerated/Xss/ExceptionXss/exception-xss.js:175:18:175:18 | e | InputAccessPathFromCallee | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:175:18:175:18 | e | InputArgumentIndex | 0 | -| autogenerated/Xss/ExceptionXss/exception-xss.js:175:18:175:18 | e | assignedToPropName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:175:18:175:18 | e | calleeImports | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:175:18:175:18 | e | contextFunctionInterfaces | deep(x)\ndeep2(x)\ninner(tainted, resolve)\ninner(x)\nmyWeirdInner(x)\nsafe(x) | -| autogenerated/Xss/ExceptionXss/exception-xss.js:175:18:175:18 | e | contextSurroundingFunctionParameters | ()\n(e) | -| autogenerated/Xss/ExceptionXss/exception-xss.js:175:18:175:18 | e | enclosingFunctionBody | foo document location search Promise resolve unknown foo resolve catch e $ myId html e null foo e $ myId html e unknown foo e $ myId html e foo foo e $ myId html e inner tainted resolve unknown tainted resolve Promise resolve inner foo resolve catch e $ myId html e | -| autogenerated/Xss/ExceptionXss/exception-xss.js:175:18:175:18 | e | enclosingFunctionName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:175:18:175:18 | e | fileImports | express fs | -| autogenerated/Xss/ExceptionXss/exception-xss.js:175:18:175:18 | e | receiverName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:175:18:175:18 | e | stringConcatenatedWith | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:179:9:179:19 | '/user/:id' | CalleeFlexibleAccessPath | app.get | -| autogenerated/Xss/ExceptionXss/exception-xss.js:179:9:179:19 | '/user/:id' | InputAccessPathFromCallee | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:179:9:179:19 | '/user/:id' | InputArgumentIndex | 0 | -| autogenerated/Xss/ExceptionXss/exception-xss.js:179:9:179:19 | '/user/:id' | assignedToPropName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:179:9:179:19 | '/user/:id' | calleeImports | express | -| autogenerated/Xss/ExceptionXss/exception-xss.js:179:9:179:19 | '/user/:id' | contextFunctionInterfaces | deep(x)\ndeep2(x)\ninner(tainted, resolve)\ninner(x)\nmyWeirdInner(x)\nsafe(x) | -| autogenerated/Xss/ExceptionXss/exception-xss.js:179:9:179:19 | '/user/:id' | contextSurroundingFunctionParameters | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:179:9:179:19 | '/user/:id' | enclosingFunctionBody | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:179:9:179:19 | '/user/:id' | enclosingFunctionName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:179:9:179:19 | '/user/:id' | fileImports | express fs | -| autogenerated/Xss/ExceptionXss/exception-xss.js:179:9:179:19 | '/user/:id' | receiverName | app | -| autogenerated/Xss/ExceptionXss/exception-xss.js:179:9:179:19 | '/user/:id' | stringConcatenatedWith | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:179:22:186:1 | functio ... \\n\\t});\\n} | CalleeFlexibleAccessPath | app.get | -| autogenerated/Xss/ExceptionXss/exception-xss.js:179:22:186:1 | functio ... \\n\\t});\\n} | InputAccessPathFromCallee | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:179:22:186:1 | functio ... \\n\\t});\\n} | InputArgumentIndex | 1 | -| autogenerated/Xss/ExceptionXss/exception-xss.js:179:22:186:1 | functio ... \\n\\t});\\n} | assignedToPropName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:179:22:186:1 | functio ... \\n\\t});\\n} | calleeImports | express | -| autogenerated/Xss/ExceptionXss/exception-xss.js:179:22:186:1 | functio ... \\n\\t});\\n} | contextFunctionInterfaces | deep(x)\ndeep2(x)\ninner(tainted, resolve)\ninner(x)\nmyWeirdInner(x)\nsafe(x) | -| autogenerated/Xss/ExceptionXss/exception-xss.js:179:22:186:1 | functio ... \\n\\t});\\n} | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/Xss/ExceptionXss/exception-xss.js:179:22:186:1 | functio ... \\n\\t});\\n} | enclosingFunctionBody | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:179:22:186:1 | functio ... \\n\\t});\\n} | enclosingFunctionName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:179:22:186:1 | functio ... \\n\\t});\\n} | fileImports | express fs | -| autogenerated/Xss/ExceptionXss/exception-xss.js:179:22:186:1 | functio ... \\n\\t});\\n} | receiverName | app | -| autogenerated/Xss/ExceptionXss/exception-xss.js:179:22:186:1 | functio ... \\n\\t});\\n} | stringConcatenatedWith | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:180:10:180:22 | req.params.id | CalleeFlexibleAccessPath | unknown | -| autogenerated/Xss/ExceptionXss/exception-xss.js:180:10:180:22 | req.params.id | InputAccessPathFromCallee | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:180:10:180:22 | req.params.id | InputArgumentIndex | 0 | -| autogenerated/Xss/ExceptionXss/exception-xss.js:180:10:180:22 | req.params.id | assignedToPropName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:180:10:180:22 | req.params.id | calleeImports | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:180:10:180:22 | req.params.id | contextFunctionInterfaces | deep(x)\ndeep2(x)\ninner(tainted, resolve)\ninner(x)\nmyWeirdInner(x)\nsafe(x) | -| autogenerated/Xss/ExceptionXss/exception-xss.js:180:10:180:22 | req.params.id | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/Xss/ExceptionXss/exception-xss.js:180:10:180:22 | req.params.id | enclosingFunctionBody | req res unknown req params id error res error $ myId html error $ myId html res | -| autogenerated/Xss/ExceptionXss/exception-xss.js:180:10:180:22 | req.params.id | enclosingFunctionName | app.get#functionalargument | -| autogenerated/Xss/ExceptionXss/exception-xss.js:180:10:180:22 | req.params.id | fileImports | express fs | -| autogenerated/Xss/ExceptionXss/exception-xss.js:180:10:180:22 | req.params.id | receiverName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:180:10:180:22 | req.params.id | stringConcatenatedWith | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:180:25:185:2 | (error, ... wn. \\n\\t} | CalleeFlexibleAccessPath | unknown | -| autogenerated/Xss/ExceptionXss/exception-xss.js:180:25:185:2 | (error, ... wn. \\n\\t} | InputAccessPathFromCallee | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:180:25:185:2 | (error, ... wn. \\n\\t} | InputArgumentIndex | 1 | -| autogenerated/Xss/ExceptionXss/exception-xss.js:180:25:185:2 | (error, ... wn. \\n\\t} | assignedToPropName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:180:25:185:2 | (error, ... wn. \\n\\t} | calleeImports | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:180:25:185:2 | (error, ... wn. \\n\\t} | contextFunctionInterfaces | deep(x)\ndeep2(x)\ninner(tainted, resolve)\ninner(x)\nmyWeirdInner(x)\nsafe(x) | -| autogenerated/Xss/ExceptionXss/exception-xss.js:180:25:185:2 | (error, ... wn. \\n\\t} | contextSurroundingFunctionParameters | (req, res)\n(error, res) | -| autogenerated/Xss/ExceptionXss/exception-xss.js:180:25:185:2 | (error, ... wn. \\n\\t} | enclosingFunctionBody | req res unknown req params id error res error $ myId html error $ myId html res | -| autogenerated/Xss/ExceptionXss/exception-xss.js:180:25:185:2 | (error, ... wn. \\n\\t} | enclosingFunctionName | app.get#functionalargument | -| autogenerated/Xss/ExceptionXss/exception-xss.js:180:25:185:2 | (error, ... wn. \\n\\t} | fileImports | express fs | -| autogenerated/Xss/ExceptionXss/exception-xss.js:180:25:185:2 | (error, ... wn. \\n\\t} | receiverName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:180:25:185:2 | (error, ... wn. \\n\\t} | stringConcatenatedWith | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:182:6:182:11 | 'myId' | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/ExceptionXss/exception-xss.js:182:6:182:11 | 'myId' | InputAccessPathFromCallee | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:182:6:182:11 | 'myId' | InputArgumentIndex | 0 | -| autogenerated/Xss/ExceptionXss/exception-xss.js:182:6:182:11 | 'myId' | assignedToPropName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:182:6:182:11 | 'myId' | calleeImports | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:182:6:182:11 | 'myId' | contextFunctionInterfaces | deep(x)\ndeep2(x)\ninner(tainted, resolve)\ninner(x)\nmyWeirdInner(x)\nsafe(x) | -| autogenerated/Xss/ExceptionXss/exception-xss.js:182:6:182:11 | 'myId' | contextSurroundingFunctionParameters | (req, res)\n(error, res) | -| autogenerated/Xss/ExceptionXss/exception-xss.js:182:6:182:11 | 'myId' | enclosingFunctionBody | req res unknown req params id error res error $ myId html error $ myId html res | -| autogenerated/Xss/ExceptionXss/exception-xss.js:182:6:182:11 | 'myId' | enclosingFunctionName | app.get#functionalargument | -| autogenerated/Xss/ExceptionXss/exception-xss.js:182:6:182:11 | 'myId' | fileImports | express fs | -| autogenerated/Xss/ExceptionXss/exception-xss.js:182:6:182:11 | 'myId' | receiverName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:182:6:182:11 | 'myId' | stringConcatenatedWith | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:182:19:182:23 | error | CalleeFlexibleAccessPath | $().html | -| autogenerated/Xss/ExceptionXss/exception-xss.js:182:19:182:23 | error | InputAccessPathFromCallee | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:182:19:182:23 | error | InputArgumentIndex | 0 | -| autogenerated/Xss/ExceptionXss/exception-xss.js:182:19:182:23 | error | assignedToPropName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:182:19:182:23 | error | calleeImports | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:182:19:182:23 | error | contextFunctionInterfaces | deep(x)\ndeep2(x)\ninner(tainted, resolve)\ninner(x)\nmyWeirdInner(x)\nsafe(x) | -| autogenerated/Xss/ExceptionXss/exception-xss.js:182:19:182:23 | error | contextSurroundingFunctionParameters | (req, res)\n(error, res) | -| autogenerated/Xss/ExceptionXss/exception-xss.js:182:19:182:23 | error | enclosingFunctionBody | req res unknown req params id error res error $ myId html error $ myId html res | -| autogenerated/Xss/ExceptionXss/exception-xss.js:182:19:182:23 | error | enclosingFunctionName | app.get#functionalargument | -| autogenerated/Xss/ExceptionXss/exception-xss.js:182:19:182:23 | error | fileImports | express fs | -| autogenerated/Xss/ExceptionXss/exception-xss.js:182:19:182:23 | error | receiverName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:182:19:182:23 | error | stringConcatenatedWith | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:184:5:184:10 | 'myId' | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/ExceptionXss/exception-xss.js:184:5:184:10 | 'myId' | InputAccessPathFromCallee | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:184:5:184:10 | 'myId' | InputArgumentIndex | 0 | -| autogenerated/Xss/ExceptionXss/exception-xss.js:184:5:184:10 | 'myId' | assignedToPropName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:184:5:184:10 | 'myId' | calleeImports | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:184:5:184:10 | 'myId' | contextFunctionInterfaces | deep(x)\ndeep2(x)\ninner(tainted, resolve)\ninner(x)\nmyWeirdInner(x)\nsafe(x) | -| autogenerated/Xss/ExceptionXss/exception-xss.js:184:5:184:10 | 'myId' | contextSurroundingFunctionParameters | (req, res)\n(error, res) | -| autogenerated/Xss/ExceptionXss/exception-xss.js:184:5:184:10 | 'myId' | enclosingFunctionBody | req res unknown req params id error res error $ myId html error $ myId html res | -| autogenerated/Xss/ExceptionXss/exception-xss.js:184:5:184:10 | 'myId' | enclosingFunctionName | app.get#functionalargument | -| autogenerated/Xss/ExceptionXss/exception-xss.js:184:5:184:10 | 'myId' | fileImports | express fs | -| autogenerated/Xss/ExceptionXss/exception-xss.js:184:5:184:10 | 'myId' | receiverName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:184:5:184:10 | 'myId' | stringConcatenatedWith | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:184:18:184:20 | res | CalleeFlexibleAccessPath | $().html | -| autogenerated/Xss/ExceptionXss/exception-xss.js:184:18:184:20 | res | InputAccessPathFromCallee | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:184:18:184:20 | res | InputArgumentIndex | 0 | -| autogenerated/Xss/ExceptionXss/exception-xss.js:184:18:184:20 | res | assignedToPropName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:184:18:184:20 | res | calleeImports | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:184:18:184:20 | res | contextFunctionInterfaces | deep(x)\ndeep2(x)\ninner(tainted, resolve)\ninner(x)\nmyWeirdInner(x)\nsafe(x) | -| autogenerated/Xss/ExceptionXss/exception-xss.js:184:18:184:20 | res | contextSurroundingFunctionParameters | (req, res)\n(error, res) | -| autogenerated/Xss/ExceptionXss/exception-xss.js:184:18:184:20 | res | enclosingFunctionBody | req res unknown req params id error res error $ myId html error $ myId html res | -| autogenerated/Xss/ExceptionXss/exception-xss.js:184:18:184:20 | res | enclosingFunctionName | app.get#functionalargument | -| autogenerated/Xss/ExceptionXss/exception-xss.js:184:18:184:20 | res | fileImports | express fs | -| autogenerated/Xss/ExceptionXss/exception-xss.js:184:18:184:20 | res | receiverName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:184:18:184:20 | res | stringConcatenatedWith | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:188:9:188:19 | '/user/:id' | CalleeFlexibleAccessPath | app.get | -| autogenerated/Xss/ExceptionXss/exception-xss.js:188:9:188:19 | '/user/:id' | InputAccessPathFromCallee | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:188:9:188:19 | '/user/:id' | InputArgumentIndex | 0 | -| autogenerated/Xss/ExceptionXss/exception-xss.js:188:9:188:19 | '/user/:id' | assignedToPropName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:188:9:188:19 | '/user/:id' | calleeImports | express | -| autogenerated/Xss/ExceptionXss/exception-xss.js:188:9:188:19 | '/user/:id' | contextFunctionInterfaces | deep(x)\ndeep2(x)\ninner(tainted, resolve)\ninner(x)\nmyWeirdInner(x)\nsafe(x) | -| autogenerated/Xss/ExceptionXss/exception-xss.js:188:9:188:19 | '/user/:id' | contextSurroundingFunctionParameters | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:188:9:188:19 | '/user/:id' | enclosingFunctionBody | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:188:9:188:19 | '/user/:id' | enclosingFunctionName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:188:9:188:19 | '/user/:id' | fileImports | express fs | -| autogenerated/Xss/ExceptionXss/exception-xss.js:188:9:188:19 | '/user/:id' | receiverName | app | -| autogenerated/Xss/ExceptionXss/exception-xss.js:188:9:188:19 | '/user/:id' | stringConcatenatedWith | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:188:22:194:1 | functio ... s)\\n\\t}\\n} | CalleeFlexibleAccessPath | app.get | -| autogenerated/Xss/ExceptionXss/exception-xss.js:188:22:194:1 | functio ... s)\\n\\t}\\n} | InputAccessPathFromCallee | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:188:22:194:1 | functio ... s)\\n\\t}\\n} | InputArgumentIndex | 1 | -| autogenerated/Xss/ExceptionXss/exception-xss.js:188:22:194:1 | functio ... s)\\n\\t}\\n} | assignedToPropName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:188:22:194:1 | functio ... s)\\n\\t}\\n} | calleeImports | express | -| autogenerated/Xss/ExceptionXss/exception-xss.js:188:22:194:1 | functio ... s)\\n\\t}\\n} | contextFunctionInterfaces | deep(x)\ndeep2(x)\ninner(tainted, resolve)\ninner(x)\nmyWeirdInner(x)\nsafe(x) | -| autogenerated/Xss/ExceptionXss/exception-xss.js:188:22:194:1 | functio ... s)\\n\\t}\\n} | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/Xss/ExceptionXss/exception-xss.js:188:22:194:1 | functio ... s)\\n\\t}\\n} | enclosingFunctionBody | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:188:22:194:1 | functio ... s)\\n\\t}\\n} | enclosingFunctionName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:188:22:194:1 | functio ... s)\\n\\t}\\n} | fileImports | express fs | -| autogenerated/Xss/ExceptionXss/exception-xss.js:188:22:194:1 | functio ... s)\\n\\t}\\n} | receiverName | app | -| autogenerated/Xss/ExceptionXss/exception-xss.js:188:22:194:1 | functio ... s)\\n\\t}\\n} | stringConcatenatedWith | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:196:18:196:21 | "fs" | CalleeFlexibleAccessPath | require | -| autogenerated/Xss/ExceptionXss/exception-xss.js:196:18:196:21 | "fs" | InputAccessPathFromCallee | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:196:18:196:21 | "fs" | InputArgumentIndex | 0 | -| autogenerated/Xss/ExceptionXss/exception-xss.js:196:18:196:21 | "fs" | assignedToPropName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:196:18:196:21 | "fs" | calleeImports | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:196:18:196:21 | "fs" | contextFunctionInterfaces | deep(x)\ndeep2(x)\ninner(tainted, resolve)\ninner(x)\nmyWeirdInner(x)\nsafe(x) | -| autogenerated/Xss/ExceptionXss/exception-xss.js:196:18:196:21 | "fs" | contextSurroundingFunctionParameters | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:196:18:196:21 | "fs" | enclosingFunctionBody | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:196:18:196:21 | "fs" | enclosingFunctionName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:196:18:196:21 | "fs" | fileImports | express fs | -| autogenerated/Xss/ExceptionXss/exception-xss.js:196:18:196:21 | "fs" | receiverName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:196:18:196:21 | "fs" | stringConcatenatedWith | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:204:10:204:12 | foo | CalleeFlexibleAccessPath | _.pick | -| autogenerated/Xss/ExceptionXss/exception-xss.js:204:10:204:12 | foo | InputAccessPathFromCallee | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:204:10:204:12 | foo | InputArgumentIndex | 0 | -| autogenerated/Xss/ExceptionXss/exception-xss.js:204:10:204:12 | foo | assignedToPropName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:204:10:204:12 | foo | calleeImports | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:204:10:204:12 | foo | contextFunctionInterfaces | deep(x)\ndeep2(x)\ninner(tainted, resolve)\ninner(x)\nmyWeirdInner(x)\nsafe(x) | -| autogenerated/Xss/ExceptionXss/exception-xss.js:204:10:204:12 | foo | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/ExceptionXss/exception-xss.js:204:10:204:12 | foo | enclosingFunctionBody | foo document location search Object assign foo foo _ pick foo foo foo foo join join $ val foo JSON parse foo /bla/ test foo console log foo log info foo localStorage setItem foo e $ myId html e | -| autogenerated/Xss/ExceptionXss/exception-xss.js:204:10:204:12 | foo | enclosingFunctionName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:204:10:204:12 | foo | fileImports | express fs | -| autogenerated/Xss/ExceptionXss/exception-xss.js:204:10:204:12 | foo | receiverName | _ | -| autogenerated/Xss/ExceptionXss/exception-xss.js:204:10:204:12 | foo | stringConcatenatedWith | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:204:15:204:17 | foo | CalleeFlexibleAccessPath | _.pick | -| autogenerated/Xss/ExceptionXss/exception-xss.js:204:15:204:17 | foo | InputAccessPathFromCallee | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:204:15:204:17 | foo | InputArgumentIndex | 1 | -| autogenerated/Xss/ExceptionXss/exception-xss.js:204:15:204:17 | foo | assignedToPropName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:204:15:204:17 | foo | calleeImports | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:204:15:204:17 | foo | contextFunctionInterfaces | deep(x)\ndeep2(x)\ninner(tainted, resolve)\ninner(x)\nmyWeirdInner(x)\nsafe(x) | -| autogenerated/Xss/ExceptionXss/exception-xss.js:204:15:204:17 | foo | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/ExceptionXss/exception-xss.js:204:15:204:17 | foo | enclosingFunctionBody | foo document location search Object assign foo foo _ pick foo foo foo foo join join $ val foo JSON parse foo /bla/ test foo console log foo log info foo localStorage setItem foo e $ myId html e | -| autogenerated/Xss/ExceptionXss/exception-xss.js:204:15:204:17 | foo | enclosingFunctionName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:204:15:204:17 | foo | fileImports | express fs | -| autogenerated/Xss/ExceptionXss/exception-xss.js:204:15:204:17 | foo | receiverName | _ | -| autogenerated/Xss/ExceptionXss/exception-xss.js:204:15:204:17 | foo | stringConcatenatedWith | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:206:9:206:11 | foo | CalleeFlexibleAccessPath | $.val | -| autogenerated/Xss/ExceptionXss/exception-xss.js:206:9:206:11 | foo | InputAccessPathFromCallee | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:206:9:206:11 | foo | InputArgumentIndex | 0 | -| autogenerated/Xss/ExceptionXss/exception-xss.js:206:9:206:11 | foo | assignedToPropName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:206:9:206:11 | foo | calleeImports | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:206:9:206:11 | foo | contextFunctionInterfaces | deep(x)\ndeep2(x)\ninner(tainted, resolve)\ninner(x)\nmyWeirdInner(x)\nsafe(x) | -| autogenerated/Xss/ExceptionXss/exception-xss.js:206:9:206:11 | foo | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/ExceptionXss/exception-xss.js:206:9:206:11 | foo | enclosingFunctionBody | foo document location search Object assign foo foo _ pick foo foo foo foo join join $ val foo JSON parse foo /bla/ test foo console log foo log info foo localStorage setItem foo e $ myId html e | -| autogenerated/Xss/ExceptionXss/exception-xss.js:206:9:206:11 | foo | enclosingFunctionName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:206:9:206:11 | foo | fileImports | express fs | -| autogenerated/Xss/ExceptionXss/exception-xss.js:206:9:206:11 | foo | receiverName | $ | -| autogenerated/Xss/ExceptionXss/exception-xss.js:206:9:206:11 | foo | stringConcatenatedWith | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:208:14:208:16 | foo | CalleeFlexibleAccessPath | ?.test | -| autogenerated/Xss/ExceptionXss/exception-xss.js:208:14:208:16 | foo | InputAccessPathFromCallee | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:208:14:208:16 | foo | InputArgumentIndex | 0 | -| autogenerated/Xss/ExceptionXss/exception-xss.js:208:14:208:16 | foo | assignedToPropName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:208:14:208:16 | foo | calleeImports | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:208:14:208:16 | foo | contextFunctionInterfaces | deep(x)\ndeep2(x)\ninner(tainted, resolve)\ninner(x)\nmyWeirdInner(x)\nsafe(x) | -| autogenerated/Xss/ExceptionXss/exception-xss.js:208:14:208:16 | foo | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/ExceptionXss/exception-xss.js:208:14:208:16 | foo | enclosingFunctionBody | foo document location search Object assign foo foo _ pick foo foo foo foo join join $ val foo JSON parse foo /bla/ test foo console log foo log info foo localStorage setItem foo e $ myId html e | -| autogenerated/Xss/ExceptionXss/exception-xss.js:208:14:208:16 | foo | enclosingFunctionName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:208:14:208:16 | foo | fileImports | express fs | -| autogenerated/Xss/ExceptionXss/exception-xss.js:208:14:208:16 | foo | receiverName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:208:14:208:16 | foo | stringConcatenatedWith | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:209:15:209:17 | foo | CalleeFlexibleAccessPath | console.log | -| autogenerated/Xss/ExceptionXss/exception-xss.js:209:15:209:17 | foo | InputAccessPathFromCallee | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:209:15:209:17 | foo | InputArgumentIndex | 0 | -| autogenerated/Xss/ExceptionXss/exception-xss.js:209:15:209:17 | foo | assignedToPropName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:209:15:209:17 | foo | calleeImports | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:209:15:209:17 | foo | contextFunctionInterfaces | deep(x)\ndeep2(x)\ninner(tainted, resolve)\ninner(x)\nmyWeirdInner(x)\nsafe(x) | -| autogenerated/Xss/ExceptionXss/exception-xss.js:209:15:209:17 | foo | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/ExceptionXss/exception-xss.js:209:15:209:17 | foo | enclosingFunctionBody | foo document location search Object assign foo foo _ pick foo foo foo foo join join $ val foo JSON parse foo /bla/ test foo console log foo log info foo localStorage setItem foo e $ myId html e | -| autogenerated/Xss/ExceptionXss/exception-xss.js:209:15:209:17 | foo | enclosingFunctionName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:209:15:209:17 | foo | fileImports | express fs | -| autogenerated/Xss/ExceptionXss/exception-xss.js:209:15:209:17 | foo | receiverName | console | -| autogenerated/Xss/ExceptionXss/exception-xss.js:209:15:209:17 | foo | stringConcatenatedWith | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:210:12:210:14 | foo | CalleeFlexibleAccessPath | log.info | -| autogenerated/Xss/ExceptionXss/exception-xss.js:210:12:210:14 | foo | InputAccessPathFromCallee | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:210:12:210:14 | foo | InputArgumentIndex | 0 | -| autogenerated/Xss/ExceptionXss/exception-xss.js:210:12:210:14 | foo | assignedToPropName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:210:12:210:14 | foo | calleeImports | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:210:12:210:14 | foo | contextFunctionInterfaces | deep(x)\ndeep2(x)\ninner(tainted, resolve)\ninner(x)\nmyWeirdInner(x)\nsafe(x) | -| autogenerated/Xss/ExceptionXss/exception-xss.js:210:12:210:14 | foo | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/ExceptionXss/exception-xss.js:210:12:210:14 | foo | enclosingFunctionBody | foo document location search Object assign foo foo _ pick foo foo foo foo join join $ val foo JSON parse foo /bla/ test foo console log foo log info foo localStorage setItem foo e $ myId html e | -| autogenerated/Xss/ExceptionXss/exception-xss.js:210:12:210:14 | foo | enclosingFunctionName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:210:12:210:14 | foo | fileImports | express fs | -| autogenerated/Xss/ExceptionXss/exception-xss.js:210:12:210:14 | foo | receiverName | log | -| autogenerated/Xss/ExceptionXss/exception-xss.js:210:12:210:14 | foo | stringConcatenatedWith | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:211:24:211:26 | foo | CalleeFlexibleAccessPath | localStorage.setItem | -| autogenerated/Xss/ExceptionXss/exception-xss.js:211:24:211:26 | foo | InputAccessPathFromCallee | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:211:24:211:26 | foo | InputArgumentIndex | 0 | -| autogenerated/Xss/ExceptionXss/exception-xss.js:211:24:211:26 | foo | assignedToPropName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:211:24:211:26 | foo | calleeImports | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:211:24:211:26 | foo | contextFunctionInterfaces | deep(x)\ndeep2(x)\ninner(tainted, resolve)\ninner(x)\nmyWeirdInner(x)\nsafe(x) | -| autogenerated/Xss/ExceptionXss/exception-xss.js:211:24:211:26 | foo | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/ExceptionXss/exception-xss.js:211:24:211:26 | foo | enclosingFunctionBody | foo document location search Object assign foo foo _ pick foo foo foo foo join join $ val foo JSON parse foo /bla/ test foo console log foo log info foo localStorage setItem foo e $ myId html e | -| autogenerated/Xss/ExceptionXss/exception-xss.js:211:24:211:26 | foo | enclosingFunctionName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:211:24:211:26 | foo | fileImports | express fs | -| autogenerated/Xss/ExceptionXss/exception-xss.js:211:24:211:26 | foo | receiverName | localStorage | -| autogenerated/Xss/ExceptionXss/exception-xss.js:211:24:211:26 | foo | stringConcatenatedWith | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:213:5:213:10 | 'myId' | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/ExceptionXss/exception-xss.js:213:5:213:10 | 'myId' | InputAccessPathFromCallee | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:213:5:213:10 | 'myId' | InputArgumentIndex | 0 | -| autogenerated/Xss/ExceptionXss/exception-xss.js:213:5:213:10 | 'myId' | assignedToPropName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:213:5:213:10 | 'myId' | calleeImports | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:213:5:213:10 | 'myId' | contextFunctionInterfaces | deep(x)\ndeep2(x)\ninner(tainted, resolve)\ninner(x)\nmyWeirdInner(x)\nsafe(x) | -| autogenerated/Xss/ExceptionXss/exception-xss.js:213:5:213:10 | 'myId' | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/ExceptionXss/exception-xss.js:213:5:213:10 | 'myId' | enclosingFunctionBody | foo document location search Object assign foo foo _ pick foo foo foo foo join join $ val foo JSON parse foo /bla/ test foo console log foo log info foo localStorage setItem foo e $ myId html e | -| autogenerated/Xss/ExceptionXss/exception-xss.js:213:5:213:10 | 'myId' | enclosingFunctionName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:213:5:213:10 | 'myId' | fileImports | express fs | -| autogenerated/Xss/ExceptionXss/exception-xss.js:213:5:213:10 | 'myId' | receiverName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:213:5:213:10 | 'myId' | stringConcatenatedWith | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:213:18:213:18 | e | CalleeFlexibleAccessPath | $().html | -| autogenerated/Xss/ExceptionXss/exception-xss.js:213:18:213:18 | e | InputAccessPathFromCallee | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:213:18:213:18 | e | InputArgumentIndex | 0 | -| autogenerated/Xss/ExceptionXss/exception-xss.js:213:18:213:18 | e | assignedToPropName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:213:18:213:18 | e | calleeImports | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:213:18:213:18 | e | contextFunctionInterfaces | deep(x)\ndeep2(x)\ninner(tainted, resolve)\ninner(x)\nmyWeirdInner(x)\nsafe(x) | -| autogenerated/Xss/ExceptionXss/exception-xss.js:213:18:213:18 | e | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/ExceptionXss/exception-xss.js:213:18:213:18 | e | enclosingFunctionBody | foo document location search Object assign foo foo _ pick foo foo foo foo join join $ val foo JSON parse foo /bla/ test foo console log foo log info foo localStorage setItem foo e $ myId html e | -| autogenerated/Xss/ExceptionXss/exception-xss.js:213:18:213:18 | e | enclosingFunctionName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:213:18:213:18 | e | fileImports | express fs | -| autogenerated/Xss/ExceptionXss/exception-xss.js:213:18:213:18 | e | receiverName | | -| autogenerated/Xss/ExceptionXss/exception-xss.js:213:18:213:18 | e | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:1:23:1:31 | 'express' | CalleeFlexibleAccessPath | require | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:1:23:1:31 | 'express' | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:1:23:1:31 | 'express' | InputArgumentIndex | 0 | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:1:23:1:31 | 'express' | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:1:23:1:31 | 'express' | calleeImports | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:1:23:1:31 | 'express' | contextFunctionInterfaces | moreBadStuff(params, res) | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:1:23:1:31 | 'express' | contextSurroundingFunctionParameters | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:1:23:1:31 | 'express' | enclosingFunctionBody | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:1:23:1:31 | 'express' | enclosingFunctionName | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:1:23:1:31 | 'express' | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:1:23:1:31 | 'express' | receiverName | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:1:23:1:31 | 'express' | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:5:9:5:19 | '/user/:id' | CalleeFlexibleAccessPath | app.get | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:5:9:5:19 | '/user/:id' | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:5:9:5:19 | '/user/:id' | InputArgumentIndex | 0 | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:5:9:5:19 | '/user/:id' | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:5:9:5:19 | '/user/:id' | calleeImports | express | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:5:9:5:19 | '/user/:id' | contextFunctionInterfaces | moreBadStuff(params, res) | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:5:9:5:19 | '/user/:id' | contextSurroundingFunctionParameters | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:5:9:5:19 | '/user/:id' | enclosingFunctionBody | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:5:9:5:19 | '/user/:id' | enclosingFunctionName | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:5:9:5:19 | '/user/:id' | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:5:9:5:19 | '/user/:id' | receiverName | app | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:5:9:5:19 | '/user/:id' | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:5:22:14:1 | functio ... ;\\n }\\n} | CalleeFlexibleAccessPath | app.get | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:5:22:14:1 | functio ... ;\\n }\\n} | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:5:22:14:1 | functio ... ;\\n }\\n} | InputArgumentIndex | 1 | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:5:22:14:1 | functio ... ;\\n }\\n} | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:5:22:14:1 | functio ... ;\\n }\\n} | calleeImports | express | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:5:22:14:1 | functio ... ;\\n }\\n} | contextFunctionInterfaces | moreBadStuff(params, res) | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:5:22:14:1 | functio ... ;\\n }\\n} | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:5:22:14:1 | functio ... ;\\n }\\n} | enclosingFunctionBody | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:5:22:14:1 | functio ... ;\\n }\\n} | enclosingFunctionName | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:5:22:14:1 | functio ... ;\\n }\\n} | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:5:22:14:1 | functio ... ;\\n }\\n} | receiverName | app | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:5:22:14:1 | functio ... ;\\n }\\n} | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:20:22:20:29 | "marked" | CalleeFlexibleAccessPath | require | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:20:22:20:29 | "marked" | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:20:22:20:29 | "marked" | InputArgumentIndex | 0 | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:20:22:20:29 | "marked" | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:20:22:20:29 | "marked" | calleeImports | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:20:22:20:29 | "marked" | contextFunctionInterfaces | moreBadStuff(params, res) | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:20:22:20:29 | "marked" | contextSurroundingFunctionParameters | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:20:22:20:29 | "marked" | enclosingFunctionBody | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:20:22:20:29 | "marked" | enclosingFunctionName | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:20:22:20:29 | "marked" | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:20:22:20:29 | "marked" | receiverName | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:20:22:20:29 | "marked" | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:21:9:21:19 | '/user/:id' | CalleeFlexibleAccessPath | app.get | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:21:9:21:19 | '/user/:id' | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:21:9:21:19 | '/user/:id' | InputArgumentIndex | 0 | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:21:9:21:19 | '/user/:id' | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:21:9:21:19 | '/user/:id' | calleeImports | express | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:21:9:21:19 | '/user/:id' | contextFunctionInterfaces | moreBadStuff(params, res) | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:21:9:21:19 | '/user/:id' | contextSurroundingFunctionParameters | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:21:9:21:19 | '/user/:id' | enclosingFunctionBody | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:21:9:21:19 | '/user/:id' | enclosingFunctionName | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:21:9:21:19 | '/user/:id' | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:21:9:21:19 | '/user/:id' | receiverName | app | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:21:9:21:19 | '/user/:id' | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:21:22:24:1 | functio ... OT OK\\n} | CalleeFlexibleAccessPath | app.get | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:21:22:24:1 | functio ... OT OK\\n} | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:21:22:24:1 | functio ... OT OK\\n} | InputArgumentIndex | 1 | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:21:22:24:1 | functio ... OT OK\\n} | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:21:22:24:1 | functio ... OT OK\\n} | calleeImports | express | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:21:22:24:1 | functio ... OT OK\\n} | contextFunctionInterfaces | moreBadStuff(params, res) | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:21:22:24:1 | functio ... OT OK\\n} | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:21:22:24:1 | functio ... OT OK\\n} | enclosingFunctionBody | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:21:22:24:1 | functio ... OT OK\\n} | enclosingFunctionName | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:21:22:24:1 | functio ... OT OK\\n} | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:21:22:24:1 | functio ... OT OK\\n} | receiverName | app | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:21:22:24:1 | functio ... OT OK\\n} | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:27:21:27:36 | 'markdown-table' | CalleeFlexibleAccessPath | require | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:27:21:27:36 | 'markdown-table' | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:27:21:27:36 | 'markdown-table' | InputArgumentIndex | 0 | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:27:21:27:36 | 'markdown-table' | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:27:21:27:36 | 'markdown-table' | calleeImports | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:27:21:27:36 | 'markdown-table' | contextFunctionInterfaces | moreBadStuff(params, res) | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:27:21:27:36 | 'markdown-table' | contextSurroundingFunctionParameters | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:27:21:27:36 | 'markdown-table' | enclosingFunctionBody | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:27:21:27:36 | 'markdown-table' | enclosingFunctionName | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:27:21:27:36 | 'markdown-table' | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:27:21:27:36 | 'markdown-table' | receiverName | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:27:21:27:36 | 'markdown-table' | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:28:9:28:19 | '/user/:id' | CalleeFlexibleAccessPath | app.get | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:28:9:28:19 | '/user/:id' | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:28:9:28:19 | '/user/:id' | InputArgumentIndex | 0 | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:28:9:28:19 | '/user/:id' | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:28:9:28:19 | '/user/:id' | calleeImports | express | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:28:9:28:19 | '/user/:id' | contextFunctionInterfaces | moreBadStuff(params, res) | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:28:9:28:19 | '/user/:id' | contextSurroundingFunctionParameters | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:28:9:28:19 | '/user/:id' | enclosingFunctionBody | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:28:9:28:19 | '/user/:id' | enclosingFunctionName | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:28:9:28:19 | '/user/:id' | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:28:9:28:19 | '/user/:id' | receiverName | app | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:28:9:28:19 | '/user/:id' | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:28:22:35:1 | functio ... OT OK\\n} | CalleeFlexibleAccessPath | app.get | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:28:22:35:1 | functio ... OT OK\\n} | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:28:22:35:1 | functio ... OT OK\\n} | InputArgumentIndex | 1 | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:28:22:35:1 | functio ... OT OK\\n} | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:28:22:35:1 | functio ... OT OK\\n} | calleeImports | express | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:28:22:35:1 | functio ... OT OK\\n} | contextFunctionInterfaces | moreBadStuff(params, res) | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:28:22:35:1 | functio ... OT OK\\n} | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:28:22:35:1 | functio ... OT OK\\n} | enclosingFunctionBody | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:28:22:35:1 | functio ... OT OK\\n} | enclosingFunctionName | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:28:22:35:1 | functio ... OT OK\\n} | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:28:22:35:1 | functio ... OT OK\\n} | receiverName | app | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:28:22:35:1 | functio ... OT OK\\n} | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:31:5:31:23 | ['Name', 'Content'] | CalleeFlexibleAccessPath | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:31:5:31:23 | ['Name', 'Content'] | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:31:5:31:23 | ['Name', 'Content'] | InputArgumentIndex | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:31:5:31:23 | ['Name', 'Content'] | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:31:5:31:23 | ['Name', 'Content'] | calleeImports | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:31:5:31:23 | ['Name', 'Content'] | contextFunctionInterfaces | moreBadStuff(params, res) | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:31:5:31:23 | ['Name', 'Content'] | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:31:5:31:23 | ['Name', 'Content'] | enclosingFunctionBody | req res res send req body mytable table Name Content body req body res send mytable | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:31:5:31:23 | ['Name', 'Content'] | enclosingFunctionName | app.get#functionalargument | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:31:5:31:23 | ['Name', 'Content'] | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:31:5:31:23 | ['Name', 'Content'] | receiverName | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:31:5:31:23 | ['Name', 'Content'] | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:31:6:31:11 | 'Name' | CalleeFlexibleAccessPath | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:31:6:31:11 | 'Name' | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:31:6:31:11 | 'Name' | InputArgumentIndex | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:31:6:31:11 | 'Name' | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:31:6:31:11 | 'Name' | calleeImports | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:31:6:31:11 | 'Name' | contextFunctionInterfaces | moreBadStuff(params, res) | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:31:6:31:11 | 'Name' | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:31:6:31:11 | 'Name' | enclosingFunctionBody | req res res send req body mytable table Name Content body req body res send mytable | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:31:6:31:11 | 'Name' | enclosingFunctionName | app.get#functionalargument | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:31:6:31:11 | 'Name' | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:31:6:31:11 | 'Name' | receiverName | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:31:6:31:11 | 'Name' | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:31:14:31:22 | 'Content' | CalleeFlexibleAccessPath | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:31:14:31:22 | 'Content' | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:31:14:31:22 | 'Content' | InputArgumentIndex | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:31:14:31:22 | 'Content' | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:31:14:31:22 | 'Content' | calleeImports | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:31:14:31:22 | 'Content' | contextFunctionInterfaces | moreBadStuff(params, res) | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:31:14:31:22 | 'Content' | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:31:14:31:22 | 'Content' | enclosingFunctionBody | req res res send req body mytable table Name Content body req body res send mytable | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:31:14:31:22 | 'Content' | enclosingFunctionName | app.get#functionalargument | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:31:14:31:22 | 'Content' | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:31:14:31:22 | 'Content' | receiverName | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:31:14:31:22 | 'Content' | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:32:5:32:22 | ['body', req.body] | CalleeFlexibleAccessPath | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:32:5:32:22 | ['body', req.body] | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:32:5:32:22 | ['body', req.body] | InputArgumentIndex | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:32:5:32:22 | ['body', req.body] | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:32:5:32:22 | ['body', req.body] | calleeImports | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:32:5:32:22 | ['body', req.body] | contextFunctionInterfaces | moreBadStuff(params, res) | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:32:5:32:22 | ['body', req.body] | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:32:5:32:22 | ['body', req.body] | enclosingFunctionBody | req res res send req body mytable table Name Content body req body res send mytable | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:32:5:32:22 | ['body', req.body] | enclosingFunctionName | app.get#functionalargument | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:32:5:32:22 | ['body', req.body] | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:32:5:32:22 | ['body', req.body] | receiverName | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:32:5:32:22 | ['body', req.body] | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:32:6:32:11 | 'body' | CalleeFlexibleAccessPath | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:32:6:32:11 | 'body' | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:32:6:32:11 | 'body' | InputArgumentIndex | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:32:6:32:11 | 'body' | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:32:6:32:11 | 'body' | calleeImports | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:32:6:32:11 | 'body' | contextFunctionInterfaces | moreBadStuff(params, res) | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:32:6:32:11 | 'body' | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:32:6:32:11 | 'body' | enclosingFunctionBody | req res res send req body mytable table Name Content body req body res send mytable | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:32:6:32:11 | 'body' | enclosingFunctionName | app.get#functionalargument | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:32:6:32:11 | 'body' | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:32:6:32:11 | 'body' | receiverName | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:32:6:32:11 | 'body' | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:32:14:32:21 | req.body | CalleeFlexibleAccessPath | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:32:14:32:21 | req.body | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:32:14:32:21 | req.body | InputArgumentIndex | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:32:14:32:21 | req.body | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:32:14:32:21 | req.body | calleeImports | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:32:14:32:21 | req.body | contextFunctionInterfaces | moreBadStuff(params, res) | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:32:14:32:21 | req.body | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:32:14:32:21 | req.body | enclosingFunctionBody | req res res send req body mytable table Name Content body req body res send mytable | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:32:14:32:21 | req.body | enclosingFunctionName | app.get#functionalargument | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:32:14:32:21 | req.body | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:32:14:32:21 | req.body | receiverName | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:32:14:32:21 | req.body | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:37:25:37:34 | 'showdown' | CalleeFlexibleAccessPath | require | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:37:25:37:34 | 'showdown' | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:37:25:37:34 | 'showdown' | InputArgumentIndex | 0 | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:37:25:37:34 | 'showdown' | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:37:25:37:34 | 'showdown' | calleeImports | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:37:25:37:34 | 'showdown' | contextFunctionInterfaces | moreBadStuff(params, res) | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:37:25:37:34 | 'showdown' | contextSurroundingFunctionParameters | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:37:25:37:34 | 'showdown' | enclosingFunctionBody | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:37:25:37:34 | 'showdown' | enclosingFunctionName | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:37:25:37:34 | 'showdown' | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:37:25:37:34 | 'showdown' | receiverName | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:37:25:37:34 | 'showdown' | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:40:9:40:19 | '/user/:id' | CalleeFlexibleAccessPath | app.get | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:40:9:40:19 | '/user/:id' | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:40:9:40:19 | '/user/:id' | InputArgumentIndex | 0 | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:40:9:40:19 | '/user/:id' | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:40:9:40:19 | '/user/:id' | calleeImports | express | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:40:9:40:19 | '/user/:id' | contextFunctionInterfaces | moreBadStuff(params, res) | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:40:9:40:19 | '/user/:id' | contextSurroundingFunctionParameters | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:40:9:40:19 | '/user/:id' | enclosingFunctionBody | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:40:9:40:19 | '/user/:id' | enclosingFunctionName | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:40:9:40:19 | '/user/:id' | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:40:9:40:19 | '/user/:id' | receiverName | app | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:40:9:40:19 | '/user/:id' | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:40:22:43:1 | functio ... OT OK\\n} | CalleeFlexibleAccessPath | app.get | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:40:22:43:1 | functio ... OT OK\\n} | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:40:22:43:1 | functio ... OT OK\\n} | InputArgumentIndex | 1 | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:40:22:43:1 | functio ... OT OK\\n} | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:40:22:43:1 | functio ... OT OK\\n} | calleeImports | express | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:40:22:43:1 | functio ... OT OK\\n} | contextFunctionInterfaces | moreBadStuff(params, res) | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:40:22:43:1 | functio ... OT OK\\n} | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:40:22:43:1 | functio ... OT OK\\n} | enclosingFunctionBody | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:40:22:43:1 | functio ... OT OK\\n} | enclosingFunctionName | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:40:22:43:1 | functio ... OT OK\\n} | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:40:22:43:1 | functio ... OT OK\\n} | receiverName | app | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:40:22:43:1 | functio ... OT OK\\n} | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:45:23:45:31 | 'unified' | CalleeFlexibleAccessPath | require | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:45:23:45:31 | 'unified' | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:45:23:45:31 | 'unified' | InputArgumentIndex | 0 | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:45:23:45:31 | 'unified' | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:45:23:45:31 | 'unified' | calleeImports | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:45:23:45:31 | 'unified' | contextFunctionInterfaces | moreBadStuff(params, res) | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:45:23:45:31 | 'unified' | contextSurroundingFunctionParameters | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:45:23:45:31 | 'unified' | enclosingFunctionBody | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:45:23:45:31 | 'unified' | enclosingFunctionName | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:45:23:45:31 | 'unified' | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:45:23:45:31 | 'unified' | receiverName | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:45:23:45:31 | 'unified' | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:46:24:46:37 | 'remark-parse' | CalleeFlexibleAccessPath | require | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:46:24:46:37 | 'remark-parse' | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:46:24:46:37 | 'remark-parse' | InputArgumentIndex | 0 | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:46:24:46:37 | 'remark-parse' | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:46:24:46:37 | 'remark-parse' | calleeImports | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:46:24:46:37 | 'remark-parse' | contextFunctionInterfaces | moreBadStuff(params, res) | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:46:24:46:37 | 'remark-parse' | contextSurroundingFunctionParameters | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:46:24:46:37 | 'remark-parse' | enclosingFunctionBody | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:46:24:46:37 | 'remark-parse' | enclosingFunctionName | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:46:24:46:37 | 'remark-parse' | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:46:24:46:37 | 'remark-parse' | receiverName | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:46:24:46:37 | 'remark-parse' | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:47:29:47:43 | 'remark-rehype' | CalleeFlexibleAccessPath | require | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:47:29:47:43 | 'remark-rehype' | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:47:29:47:43 | 'remark-rehype' | InputArgumentIndex | 0 | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:47:29:47:43 | 'remark-rehype' | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:47:29:47:43 | 'remark-rehype' | calleeImports | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:47:29:47:43 | 'remark-rehype' | contextFunctionInterfaces | moreBadStuff(params, res) | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:47:29:47:43 | 'remark-rehype' | contextSurroundingFunctionParameters | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:47:29:47:43 | 'remark-rehype' | enclosingFunctionBody | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:47:29:47:43 | 'remark-rehype' | enclosingFunctionName | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:47:29:47:43 | 'remark-rehype' | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:47:29:47:43 | 'remark-rehype' | receiverName | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:47:29:47:43 | 'remark-rehype' | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:48:19:48:35 | 'rehype-document' | CalleeFlexibleAccessPath | require | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:48:19:48:35 | 'rehype-document' | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:48:19:48:35 | 'rehype-document' | InputArgumentIndex | 0 | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:48:19:48:35 | 'rehype-document' | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:48:19:48:35 | 'rehype-document' | calleeImports | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:48:19:48:35 | 'rehype-document' | contextFunctionInterfaces | moreBadStuff(params, res) | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:48:19:48:35 | 'rehype-document' | contextSurroundingFunctionParameters | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:48:19:48:35 | 'rehype-document' | enclosingFunctionBody | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:48:19:48:35 | 'rehype-document' | enclosingFunctionName | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:48:19:48:35 | 'rehype-document' | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:48:19:48:35 | 'rehype-document' | receiverName | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:48:19:48:35 | 'rehype-document' | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:49:22:49:36 | 'rehype-format' | CalleeFlexibleAccessPath | require | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:49:22:49:36 | 'rehype-format' | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:49:22:49:36 | 'rehype-format' | InputArgumentIndex | 0 | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:49:22:49:36 | 'rehype-format' | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:49:22:49:36 | 'rehype-format' | calleeImports | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:49:22:49:36 | 'rehype-format' | contextFunctionInterfaces | moreBadStuff(params, res) | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:49:22:49:36 | 'rehype-format' | contextSurroundingFunctionParameters | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:49:22:49:36 | 'rehype-format' | enclosingFunctionBody | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:49:22:49:36 | 'rehype-format' | enclosingFunctionName | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:49:22:49:36 | 'rehype-format' | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:49:22:49:36 | 'rehype-format' | receiverName | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:49:22:49:36 | 'rehype-format' | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:50:12:50:38 | require ... ngify') | CalleeFlexibleAccessPath | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:50:12:50:38 | require ... ngify') | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:50:12:50:38 | require ... ngify') | InputArgumentIndex | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:50:12:50:38 | require ... ngify') | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:50:12:50:38 | require ... ngify') | calleeImports | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:50:12:50:38 | require ... ngify') | contextFunctionInterfaces | moreBadStuff(params, res) | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:50:12:50:38 | require ... ngify') | contextSurroundingFunctionParameters | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:50:12:50:38 | require ... ngify') | enclosingFunctionBody | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:50:12:50:38 | require ... ngify') | enclosingFunctionName | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:50:12:50:38 | require ... ngify') | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:50:12:50:38 | require ... ngify') | receiverName | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:50:12:50:38 | require ... ngify') | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:50:20:50:37 | 'rehype-stringify' | CalleeFlexibleAccessPath | require | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:50:20:50:37 | 'rehype-stringify' | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:50:20:50:37 | 'rehype-stringify' | InputArgumentIndex | 0 | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:50:20:50:37 | 'rehype-stringify' | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:50:20:50:37 | 'rehype-stringify' | calleeImports | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:50:20:50:37 | 'rehype-stringify' | contextFunctionInterfaces | moreBadStuff(params, res) | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:50:20:50:37 | 'rehype-stringify' | contextSurroundingFunctionParameters | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:50:20:50:37 | 'rehype-stringify' | enclosingFunctionBody | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:50:20:50:37 | 'rehype-stringify' | enclosingFunctionName | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:50:20:50:37 | 'rehype-stringify' | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:50:20:50:37 | 'rehype-stringify' | receiverName | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:50:20:50:37 | 'rehype-stringify' | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:51:22:51:29 | "remark" | CalleeFlexibleAccessPath | require | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:51:22:51:29 | "remark" | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:51:22:51:29 | "remark" | InputArgumentIndex | 0 | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:51:22:51:29 | "remark" | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:51:22:51:29 | "remark" | calleeImports | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:51:22:51:29 | "remark" | contextFunctionInterfaces | moreBadStuff(params, res) | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:51:22:51:29 | "remark" | contextSurroundingFunctionParameters | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:51:22:51:29 | "remark" | enclosingFunctionBody | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:51:22:51:29 | "remark" | enclosingFunctionName | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:51:22:51:29 | "remark" | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:51:22:51:29 | "remark" | receiverName | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:51:22:51:29 | "remark" | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:52:24:52:40 | "rehype-sanitize" | CalleeFlexibleAccessPath | require | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:52:24:52:40 | "rehype-sanitize" | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:52:24:52:40 | "rehype-sanitize" | InputArgumentIndex | 0 | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:52:24:52:40 | "rehype-sanitize" | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:52:24:52:40 | "rehype-sanitize" | calleeImports | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:52:24:52:40 | "rehype-sanitize" | contextFunctionInterfaces | moreBadStuff(params, res) | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:52:24:52:40 | "rehype-sanitize" | contextSurroundingFunctionParameters | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:52:24:52:40 | "rehype-sanitize" | enclosingFunctionBody | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:52:24:52:40 | "rehype-sanitize" | enclosingFunctionName | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:52:24:52:40 | "rehype-sanitize" | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:52:24:52:40 | "rehype-sanitize" | receiverName | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:52:24:52:40 | "rehype-sanitize" | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:53:37:53:46 | 'showdown' | CalleeFlexibleAccessPath | require | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:53:37:53:46 | 'showdown' | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:53:37:53:46 | 'showdown' | InputArgumentIndex | 0 | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:53:37:53:46 | 'showdown' | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:53:37:53:46 | 'showdown' | calleeImports | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:53:37:53:46 | 'showdown' | contextFunctionInterfaces | moreBadStuff(params, res) | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:53:37:53:46 | 'showdown' | contextSurroundingFunctionParameters | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:53:37:53:46 | 'showdown' | enclosingFunctionBody | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:53:37:53:46 | 'showdown' | enclosingFunctionName | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:53:37:53:46 | 'showdown' | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:53:37:53:46 | 'showdown' | receiverName | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:53:37:53:46 | 'showdown' | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:55:9:55:19 | '/user/:id' | CalleeFlexibleAccessPath | app.get | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:55:9:55:19 | '/user/:id' | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:55:9:55:19 | '/user/:id' | InputArgumentIndex | 0 | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:55:9:55:19 | '/user/:id' | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:55:9:55:19 | '/user/:id' | calleeImports | express | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:55:9:55:19 | '/user/:id' | contextFunctionInterfaces | moreBadStuff(params, res) | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:55:9:55:19 | '/user/:id' | contextSurroundingFunctionParameters | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:55:9:55:19 | '/user/:id' | enclosingFunctionBody | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:55:9:55:19 | '/user/:id' | enclosingFunctionName | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:55:9:55:19 | '/user/:id' | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:55:9:55:19 | '/user/:id' | receiverName | app | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:55:9:55:19 | '/user/:id' | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:55:22:77:1 | functio ... \\n })\\n} | CalleeFlexibleAccessPath | app.get | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:55:22:77:1 | functio ... \\n })\\n} | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:55:22:77:1 | functio ... \\n })\\n} | InputArgumentIndex | 1 | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:55:22:77:1 | functio ... \\n })\\n} | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:55:22:77:1 | functio ... \\n })\\n} | calleeImports | express | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:55:22:77:1 | functio ... \\n })\\n} | contextFunctionInterfaces | moreBadStuff(params, res) | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:55:22:77:1 | functio ... \\n })\\n} | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:55:22:77:1 | functio ... \\n })\\n} | enclosingFunctionBody | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:55:22:77:1 | functio ... \\n })\\n} | enclosingFunctionName | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:55:22:77:1 | functio ... \\n })\\n} | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:55:22:77:1 | functio ... \\n })\\n} | receiverName | app | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:55:22:77:1 | functio ... \\n })\\n} | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:59:10:59:17 | markdown | CalleeFlexibleAccessPath | unified().use | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:59:10:59:17 | markdown | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:59:10:59:17 | markdown | InputArgumentIndex | 0 | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:59:10:59:17 | markdown | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:59:10:59:17 | markdown | calleeImports | unified | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:59:10:59:17 | markdown | contextFunctionInterfaces | moreBadStuff(params, res) | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:59:10:59:17 | markdown | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:59:10:59:17 | markdown | enclosingFunctionBody | req res res send req body unified use markdown use remark2rehype use doc title \ud83d\udc4b\ud83c\udf0d use format use html process req body err file res send file res send remark processSync req body toString res send remark use sanitize processSync req body toString res send unified use markdown processSync req body toString remark process req body e f res send f | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:59:10:59:17 | markdown | enclosingFunctionName | app.get#functionalargument | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:59:10:59:17 | markdown | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:59:10:59:17 | markdown | receiverName | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:59:10:59:17 | markdown | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:60:10:60:22 | remark2rehype | CalleeFlexibleAccessPath | unified().use().use | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:60:10:60:22 | remark2rehype | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:60:10:60:22 | remark2rehype | InputArgumentIndex | 0 | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:60:10:60:22 | remark2rehype | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:60:10:60:22 | remark2rehype | calleeImports | unified | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:60:10:60:22 | remark2rehype | contextFunctionInterfaces | moreBadStuff(params, res) | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:60:10:60:22 | remark2rehype | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:60:10:60:22 | remark2rehype | enclosingFunctionBody | req res res send req body unified use markdown use remark2rehype use doc title \ud83d\udc4b\ud83c\udf0d use format use html process req body err file res send file res send remark processSync req body toString res send remark use sanitize processSync req body toString res send unified use markdown processSync req body toString remark process req body e f res send f | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:60:10:60:22 | remark2rehype | enclosingFunctionName | app.get#functionalargument | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:60:10:60:22 | remark2rehype | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:60:10:60:22 | remark2rehype | receiverName | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:60:10:60:22 | remark2rehype | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:61:10:61:12 | doc | CalleeFlexibleAccessPath | unified().use().use().use | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:61:10:61:12 | doc | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:61:10:61:12 | doc | InputArgumentIndex | 0 | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:61:10:61:12 | doc | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:61:10:61:12 | doc | calleeImports | unified | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:61:10:61:12 | doc | contextFunctionInterfaces | moreBadStuff(params, res) | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:61:10:61:12 | doc | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:61:10:61:12 | doc | enclosingFunctionBody | req res res send req body unified use markdown use remark2rehype use doc title \ud83d\udc4b\ud83c\udf0d use format use html process req body err file res send file res send remark processSync req body toString res send remark use sanitize processSync req body toString res send unified use markdown processSync req body toString remark process req body e f res send f | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:61:10:61:12 | doc | enclosingFunctionName | app.get#functionalargument | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:61:10:61:12 | doc | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:61:10:61:12 | doc | receiverName | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:61:10:61:12 | doc | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:61:15:61:31 | { title: '\\u1f44b\\udc4b\\u1f30d\\udf0d' } | CalleeFlexibleAccessPath | unified().use().use().use | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:61:15:61:31 | { title: '\\u1f44b\\udc4b\\u1f30d\\udf0d' } | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:61:15:61:31 | { title: '\\u1f44b\\udc4b\\u1f30d\\udf0d' } | InputArgumentIndex | 1 | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:61:15:61:31 | { title: '\\u1f44b\\udc4b\\u1f30d\\udf0d' } | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:61:15:61:31 | { title: '\\u1f44b\\udc4b\\u1f30d\\udf0d' } | calleeImports | unified | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:61:15:61:31 | { title: '\\u1f44b\\udc4b\\u1f30d\\udf0d' } | contextFunctionInterfaces | moreBadStuff(params, res) | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:61:15:61:31 | { title: '\\u1f44b\\udc4b\\u1f30d\\udf0d' } | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:61:15:61:31 | { title: '\\u1f44b\\udc4b\\u1f30d\\udf0d' } | enclosingFunctionBody | req res res send req body unified use markdown use remark2rehype use doc title \ud83d\udc4b\ud83c\udf0d use format use html process req body err file res send file res send remark processSync req body toString res send remark use sanitize processSync req body toString res send unified use markdown processSync req body toString remark process req body e f res send f | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:61:15:61:31 | { title: '\\u1f44b\\udc4b\\u1f30d\\udf0d' } | enclosingFunctionName | app.get#functionalargument | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:61:15:61:31 | { title: '\\u1f44b\\udc4b\\u1f30d\\udf0d' } | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:61:15:61:31 | { title: '\\u1f44b\\udc4b\\u1f30d\\udf0d' } | receiverName | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:61:15:61:31 | { title: '\\u1f44b\\udc4b\\u1f30d\\udf0d' } | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:61:24:61:29 | '\\u1f44b\\udc4b\\u1f30d\\udf0d' | CalleeFlexibleAccessPath | unified().use().use().use | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:61:24:61:29 | '\\u1f44b\\udc4b\\u1f30d\\udf0d' | InputAccessPathFromCallee | 1.title | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:61:24:61:29 | '\\u1f44b\\udc4b\\u1f30d\\udf0d' | InputArgumentIndex | 1 | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:61:24:61:29 | '\\u1f44b\\udc4b\\u1f30d\\udf0d' | assignedToPropName | title | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:61:24:61:29 | '\\u1f44b\\udc4b\\u1f30d\\udf0d' | calleeImports | unified | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:61:24:61:29 | '\\u1f44b\\udc4b\\u1f30d\\udf0d' | contextFunctionInterfaces | moreBadStuff(params, res) | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:61:24:61:29 | '\\u1f44b\\udc4b\\u1f30d\\udf0d' | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:61:24:61:29 | '\\u1f44b\\udc4b\\u1f30d\\udf0d' | enclosingFunctionBody | req res res send req body unified use markdown use remark2rehype use doc title \ud83d\udc4b\ud83c\udf0d use format use html process req body err file res send file res send remark processSync req body toString res send remark use sanitize processSync req body toString res send unified use markdown processSync req body toString remark process req body e f res send f | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:61:24:61:29 | '\\u1f44b\\udc4b\\u1f30d\\udf0d' | enclosingFunctionName | app.get#functionalargument | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:61:24:61:29 | '\\u1f44b\\udc4b\\u1f30d\\udf0d' | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:61:24:61:29 | '\\u1f44b\\udc4b\\u1f30d\\udf0d' | receiverName | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:61:24:61:29 | '\\u1f44b\\udc4b\\u1f30d\\udf0d' | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:62:10:62:15 | format | CalleeFlexibleAccessPath | unified().use().use().use().use | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:62:10:62:15 | format | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:62:10:62:15 | format | InputArgumentIndex | 0 | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:62:10:62:15 | format | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:62:10:62:15 | format | calleeImports | unified | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:62:10:62:15 | format | contextFunctionInterfaces | moreBadStuff(params, res) | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:62:10:62:15 | format | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:62:10:62:15 | format | enclosingFunctionBody | req res res send req body unified use markdown use remark2rehype use doc title \ud83d\udc4b\ud83c\udf0d use format use html process req body err file res send file res send remark processSync req body toString res send remark use sanitize processSync req body toString res send unified use markdown processSync req body toString remark process req body e f res send f | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:62:10:62:15 | format | enclosingFunctionName | app.get#functionalargument | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:62:10:62:15 | format | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:62:10:62:15 | format | receiverName | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:62:10:62:15 | format | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:63:10:63:13 | html | CalleeFlexibleAccessPath | unified().use().use().use().use().use | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:63:10:63:13 | html | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:63:10:63:13 | html | InputArgumentIndex | 0 | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:63:10:63:13 | html | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:63:10:63:13 | html | calleeImports | unified | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:63:10:63:13 | html | contextFunctionInterfaces | moreBadStuff(params, res) | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:63:10:63:13 | html | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:63:10:63:13 | html | enclosingFunctionBody | req res res send req body unified use markdown use remark2rehype use doc title \ud83d\udc4b\ud83c\udf0d use format use html process req body err file res send file res send remark processSync req body toString res send remark use sanitize processSync req body toString res send unified use markdown processSync req body toString remark process req body e f res send f | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:63:10:63:13 | html | enclosingFunctionName | app.get#functionalargument | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:63:10:63:13 | html | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:63:10:63:13 | html | receiverName | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:63:10:63:13 | html | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:70:25:70:32 | sanitize | CalleeFlexibleAccessPath | remark().use | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:70:25:70:32 | sanitize | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:70:25:70:32 | sanitize | InputArgumentIndex | 0 | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:70:25:70:32 | sanitize | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:70:25:70:32 | sanitize | calleeImports | remark | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:70:25:70:32 | sanitize | contextFunctionInterfaces | moreBadStuff(params, res) | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:70:25:70:32 | sanitize | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:70:25:70:32 | sanitize | enclosingFunctionBody | req res res send req body unified use markdown use remark2rehype use doc title \ud83d\udc4b\ud83c\udf0d use format use html process req body err file res send file res send remark processSync req body toString res send remark use sanitize processSync req body toString res send unified use markdown processSync req body toString remark process req body e f res send f | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:70:25:70:32 | sanitize | enclosingFunctionName | app.get#functionalargument | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:70:25:70:32 | sanitize | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:70:25:70:32 | sanitize | receiverName | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:70:25:70:32 | sanitize | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:70:47:70:54 | req.body | CalleeFlexibleAccessPath | remark().use().processSync | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:70:47:70:54 | req.body | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:70:47:70:54 | req.body | InputArgumentIndex | 0 | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:70:47:70:54 | req.body | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:70:47:70:54 | req.body | calleeImports | remark | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:70:47:70:54 | req.body | contextFunctionInterfaces | moreBadStuff(params, res) | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:70:47:70:54 | req.body | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:70:47:70:54 | req.body | enclosingFunctionBody | req res res send req body unified use markdown use remark2rehype use doc title \ud83d\udc4b\ud83c\udf0d use format use html process req body err file res send file res send remark processSync req body toString res send remark use sanitize processSync req body toString res send unified use markdown processSync req body toString remark process req body e f res send f | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:70:47:70:54 | req.body | enclosingFunctionName | app.get#functionalargument | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:70:47:70:54 | req.body | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:70:47:70:54 | req.body | receiverName | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:70:47:70:54 | req.body | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:72:26:72:33 | markdown | CalleeFlexibleAccessPath | unified().use | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:72:26:72:33 | markdown | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:72:26:72:33 | markdown | InputArgumentIndex | 0 | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:72:26:72:33 | markdown | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:72:26:72:33 | markdown | calleeImports | unified | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:72:26:72:33 | markdown | contextFunctionInterfaces | moreBadStuff(params, res) | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:72:26:72:33 | markdown | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:72:26:72:33 | markdown | enclosingFunctionBody | req res res send req body unified use markdown use remark2rehype use doc title \ud83d\udc4b\ud83c\udf0d use format use html process req body err file res send file res send remark processSync req body toString res send remark use sanitize processSync req body toString res send unified use markdown processSync req body toString remark process req body e f res send f | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:72:26:72:33 | markdown | enclosingFunctionName | app.get#functionalargument | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:72:26:72:33 | markdown | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:72:26:72:33 | markdown | receiverName | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:72:26:72:33 | markdown | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:80:26:80:36 | "snarkdown" | CalleeFlexibleAccessPath | require | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:80:26:80:36 | "snarkdown" | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:80:26:80:36 | "snarkdown" | InputArgumentIndex | 0 | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:80:26:80:36 | "snarkdown" | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:80:26:80:36 | "snarkdown" | calleeImports | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:80:26:80:36 | "snarkdown" | contextFunctionInterfaces | moreBadStuff(params, res) | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:80:26:80:36 | "snarkdown" | contextSurroundingFunctionParameters | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:80:26:80:36 | "snarkdown" | enclosingFunctionBody | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:80:26:80:36 | "snarkdown" | enclosingFunctionName | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:80:26:80:36 | "snarkdown" | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:80:26:80:36 | "snarkdown" | receiverName | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:80:26:80:36 | "snarkdown" | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:82:9:82:19 | '/user/:id' | CalleeFlexibleAccessPath | app.get | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:82:9:82:19 | '/user/:id' | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:82:9:82:19 | '/user/:id' | InputArgumentIndex | 0 | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:82:9:82:19 | '/user/:id' | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:82:9:82:19 | '/user/:id' | calleeImports | express | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:82:9:82:19 | '/user/:id' | contextFunctionInterfaces | moreBadStuff(params, res) | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:82:9:82:19 | '/user/:id' | contextSurroundingFunctionParameters | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:82:9:82:19 | '/user/:id' | enclosingFunctionBody | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:82:9:82:19 | '/user/:id' | enclosingFunctionName | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:82:9:82:19 | '/user/:id' | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:82:9:82:19 | '/user/:id' | receiverName | app | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:82:9:82:19 | '/user/:id' | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:82:22:86:1 | functio ... OT OK\\n} | CalleeFlexibleAccessPath | app.get | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:82:22:86:1 | functio ... OT OK\\n} | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:82:22:86:1 | functio ... OT OK\\n} | InputArgumentIndex | 1 | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:82:22:86:1 | functio ... OT OK\\n} | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:82:22:86:1 | functio ... OT OK\\n} | calleeImports | express | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:82:22:86:1 | functio ... OT OK\\n} | contextFunctionInterfaces | moreBadStuff(params, res) | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:82:22:86:1 | functio ... OT OK\\n} | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:82:22:86:1 | functio ... OT OK\\n} | enclosingFunctionBody | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:82:22:86:1 | functio ... OT OK\\n} | enclosingFunctionName | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:82:22:86:1 | functio ... OT OK\\n} | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:82:22:86:1 | functio ... OT OK\\n} | receiverName | app | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:82:22:86:1 | functio ... OT OK\\n} | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:88:28:88:40 | 'markdown-it' | CalleeFlexibleAccessPath | require | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:88:28:88:40 | 'markdown-it' | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:88:28:88:40 | 'markdown-it' | InputArgumentIndex | 0 | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:88:28:88:40 | 'markdown-it' | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:88:28:88:40 | 'markdown-it' | calleeImports | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:88:28:88:40 | 'markdown-it' | contextFunctionInterfaces | moreBadStuff(params, res) | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:88:28:88:40 | 'markdown-it' | contextSurroundingFunctionParameters | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:88:28:88:40 | 'markdown-it' | enclosingFunctionBody | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:88:28:88:40 | 'markdown-it' | enclosingFunctionName | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:88:28:88:40 | 'markdown-it' | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:88:28:88:40 | 'markdown-it' | receiverName | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:88:28:88:40 | 'markdown-it' | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:88:43:90:1 | {\\n html: true\\n} | CalleeFlexibleAccessPath | import(!) | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:88:43:90:1 | {\\n html: true\\n} | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:88:43:90:1 | {\\n html: true\\n} | InputArgumentIndex | 0 | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:88:43:90:1 | {\\n html: true\\n} | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:88:43:90:1 | {\\n html: true\\n} | calleeImports | markdown-it | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:88:43:90:1 | {\\n html: true\\n} | contextFunctionInterfaces | moreBadStuff(params, res) | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:88:43:90:1 | {\\n html: true\\n} | contextSurroundingFunctionParameters | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:88:43:90:1 | {\\n html: true\\n} | enclosingFunctionBody | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:88:43:90:1 | {\\n html: true\\n} | enclosingFunctionName | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:88:43:90:1 | {\\n html: true\\n} | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:88:43:90:1 | {\\n html: true\\n} | receiverName | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:88:43:90:1 | {\\n html: true\\n} | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:89:9:89:12 | true | CalleeFlexibleAccessPath | import(!) | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:89:9:89:12 | true | InputAccessPathFromCallee | 0.html | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:89:9:89:12 | true | InputArgumentIndex | 0 | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:89:9:89:12 | true | assignedToPropName | html | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:89:9:89:12 | true | calleeImports | markdown-it | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:89:9:89:12 | true | contextFunctionInterfaces | moreBadStuff(params, res) | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:89:9:89:12 | true | contextSurroundingFunctionParameters | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:89:9:89:12 | true | enclosingFunctionBody | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:89:9:89:12 | true | enclosingFunctionName | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:89:9:89:12 | true | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:89:9:89:12 | true | receiverName | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:89:9:89:12 | true | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:91:29:91:41 | 'markdown-it' | CalleeFlexibleAccessPath | require | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:91:29:91:41 | 'markdown-it' | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:91:29:91:41 | 'markdown-it' | InputArgumentIndex | 0 | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:91:29:91:41 | 'markdown-it' | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:91:29:91:41 | 'markdown-it' | calleeImports | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:91:29:91:41 | 'markdown-it' | contextFunctionInterfaces | moreBadStuff(params, res) | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:91:29:91:41 | 'markdown-it' | contextSurroundingFunctionParameters | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:91:29:91:41 | 'markdown-it' | enclosingFunctionBody | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:91:29:91:41 | 'markdown-it' | enclosingFunctionName | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:91:29:91:41 | 'markdown-it' | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:91:29:91:41 | 'markdown-it' | receiverName | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:91:29:91:41 | 'markdown-it' | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:91:44:91:45 | {} | CalleeFlexibleAccessPath | import(!) | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:91:44:91:45 | {} | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:91:44:91:45 | {} | InputArgumentIndex | 0 | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:91:44:91:45 | {} | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:91:44:91:45 | {} | calleeImports | markdown-it | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:91:44:91:45 | {} | contextFunctionInterfaces | moreBadStuff(params, res) | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:91:44:91:45 | {} | contextSurroundingFunctionParameters | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:91:44:91:45 | {} | enclosingFunctionBody | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:91:44:91:45 | {} | enclosingFunctionName | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:91:44:91:45 | {} | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:91:44:91:45 | {} | receiverName | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:91:44:91:45 | {} | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:93:29:93:41 | 'markdown-it' | CalleeFlexibleAccessPath | require | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:93:29:93:41 | 'markdown-it' | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:93:29:93:41 | 'markdown-it' | InputArgumentIndex | 0 | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:93:29:93:41 | 'markdown-it' | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:93:29:93:41 | 'markdown-it' | calleeImports | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:93:29:93:41 | 'markdown-it' | contextFunctionInterfaces | moreBadStuff(params, res) | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:93:29:93:41 | 'markdown-it' | contextSurroundingFunctionParameters | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:93:29:93:41 | 'markdown-it' | enclosingFunctionBody | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:93:29:93:41 | 'markdown-it' | enclosingFunctionName | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:93:29:93:41 | 'markdown-it' | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:93:29:93:41 | 'markdown-it' | receiverName | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:93:29:93:41 | 'markdown-it' | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:93:44:93:55 | {html: true} | CalleeFlexibleAccessPath | import(!) | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:93:44:93:55 | {html: true} | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:93:44:93:55 | {html: true} | InputArgumentIndex | 0 | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:93:44:93:55 | {html: true} | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:93:44:93:55 | {html: true} | calleeImports | markdown-it | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:93:44:93:55 | {html: true} | contextFunctionInterfaces | moreBadStuff(params, res) | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:93:44:93:55 | {html: true} | contextSurroundingFunctionParameters | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:93:44:93:55 | {html: true} | enclosingFunctionBody | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:93:44:93:55 | {html: true} | enclosingFunctionName | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:93:44:93:55 | {html: true} | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:93:44:93:55 | {html: true} | receiverName | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:93:44:93:55 | {html: true} | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:93:51:93:54 | true | CalleeFlexibleAccessPath | import(!) | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:93:51:93:54 | true | InputAccessPathFromCallee | 0.html | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:93:51:93:54 | true | InputArgumentIndex | 0 | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:93:51:93:54 | true | assignedToPropName | html | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:93:51:93:54 | true | calleeImports | markdown-it | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:93:51:93:54 | true | contextFunctionInterfaces | moreBadStuff(params, res) | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:93:51:93:54 | true | contextSurroundingFunctionParameters | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:93:51:93:54 | true | enclosingFunctionBody | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:93:51:93:54 | true | enclosingFunctionName | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:93:51:93:54 | true | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:93:51:93:54 | true | receiverName | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:93:51:93:54 | true | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:94:8:94:41 | require ... ghtjs') | CalleeFlexibleAccessPath | import(!)().use | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:94:8:94:41 | require ... ghtjs') | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:94:8:94:41 | require ... ghtjs') | InputArgumentIndex | 0 | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:94:8:94:41 | require ... ghtjs') | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:94:8:94:41 | require ... ghtjs') | calleeImports | markdown-it | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:94:8:94:41 | require ... ghtjs') | contextFunctionInterfaces | moreBadStuff(params, res) | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:94:8:94:41 | require ... ghtjs') | contextSurroundingFunctionParameters | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:94:8:94:41 | require ... ghtjs') | enclosingFunctionBody | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:94:8:94:41 | require ... ghtjs') | enclosingFunctionName | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:94:8:94:41 | require ... ghtjs') | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:94:8:94:41 | require ... ghtjs') | receiverName | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:94:8:94:41 | require ... ghtjs') | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:94:16:94:40 | 'markdo ... ightjs' | CalleeFlexibleAccessPath | require | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:94:16:94:40 | 'markdo ... ightjs' | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:94:16:94:40 | 'markdo ... ightjs' | InputArgumentIndex | 0 | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:94:16:94:40 | 'markdo ... ightjs' | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:94:16:94:40 | 'markdo ... ightjs' | calleeImports | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:94:16:94:40 | 'markdo ... ightjs' | contextFunctionInterfaces | moreBadStuff(params, res) | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:94:16:94:40 | 'markdo ... ightjs' | contextSurroundingFunctionParameters | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:94:16:94:40 | 'markdo ... ightjs' | enclosingFunctionBody | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:94:16:94:40 | 'markdo ... ightjs' | enclosingFunctionName | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:94:16:94:40 | 'markdo ... ightjs' | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:94:16:94:40 | 'markdo ... ightjs' | receiverName | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:94:16:94:40 | 'markdo ... ightjs' | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:96:9:96:19 | '/user/:id' | CalleeFlexibleAccessPath | app.get | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:96:9:96:19 | '/user/:id' | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:96:9:96:19 | '/user/:id' | InputArgumentIndex | 0 | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:96:9:96:19 | '/user/:id' | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:96:9:96:19 | '/user/:id' | calleeImports | express | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:96:9:96:19 | '/user/:id' | contextFunctionInterfaces | moreBadStuff(params, res) | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:96:9:96:19 | '/user/:id' | contextSurroundingFunctionParameters | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:96:9:96:19 | '/user/:id' | enclosingFunctionBody | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:96:9:96:19 | '/user/:id' | enclosingFunctionName | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:96:9:96:19 | '/user/:id' | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:96:9:96:19 | '/user/:id' | receiverName | app | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:96:9:96:19 | '/user/:id' | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:96:22:104:1 | functio ... OT OK\\n} | CalleeFlexibleAccessPath | app.get | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:96:22:104:1 | functio ... OT OK\\n} | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:96:22:104:1 | functio ... OT OK\\n} | InputArgumentIndex | 1 | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:96:22:104:1 | functio ... OT OK\\n} | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:96:22:104:1 | functio ... OT OK\\n} | calleeImports | express | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:96:22:104:1 | functio ... OT OK\\n} | contextFunctionInterfaces | moreBadStuff(params, res) | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:96:22:104:1 | functio ... OT OK\\n} | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:96:22:104:1 | functio ... OT OK\\n} | enclosingFunctionBody | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:96:22:104:1 | functio ... OT OK\\n} | enclosingFunctionName | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:96:22:104:1 | functio ... OT OK\\n} | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:96:22:104:1 | functio ... OT OK\\n} | receiverName | app | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:96:22:104:1 | functio ... OT OK\\n} | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:99:31:99:38 | req.body | CalleeFlexibleAccessPath | markdownIt2.render | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:99:31:99:38 | req.body | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:99:31:99:38 | req.body | InputArgumentIndex | 0 | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:99:31:99:38 | req.body | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:99:31:99:38 | req.body | calleeImports | markdown-it | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:99:31:99:38 | req.body | contextFunctionInterfaces | moreBadStuff(params, res) | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:99:31:99:38 | req.body | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:99:31:99:38 | req.body | enclosingFunctionBody | req res res send req body res send markdownIt render req body res send markdownIt2 render req body res send markdownIt3 render req body res send markdownIt use require markdown-it-sanitizer render req body res send markdownIt use require markdown-it-abbr use unknown render req body | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:99:31:99:38 | req.body | enclosingFunctionName | app.get#functionalargument | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:99:31:99:38 | req.body | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:99:31:99:38 | req.body | receiverName | markdownIt2 | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:99:31:99:38 | req.body | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:102:27:102:58 | require ... tizer') | CalleeFlexibleAccessPath | markdownIt.use | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:102:27:102:58 | require ... tizer') | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:102:27:102:58 | require ... tizer') | InputArgumentIndex | 0 | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:102:27:102:58 | require ... tizer') | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:102:27:102:58 | require ... tizer') | calleeImports | markdown-it | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:102:27:102:58 | require ... tizer') | contextFunctionInterfaces | moreBadStuff(params, res) | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:102:27:102:58 | require ... tizer') | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:102:27:102:58 | require ... tizer') | enclosingFunctionBody | req res res send req body res send markdownIt render req body res send markdownIt2 render req body res send markdownIt3 render req body res send markdownIt use require markdown-it-sanitizer render req body res send markdownIt use require markdown-it-abbr use unknown render req body | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:102:27:102:58 | require ... tizer') | enclosingFunctionName | app.get#functionalargument | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:102:27:102:58 | require ... tizer') | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:102:27:102:58 | require ... tizer') | receiverName | markdownIt | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:102:27:102:58 | require ... tizer') | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:102:35:102:57 | 'markdo ... itizer' | CalleeFlexibleAccessPath | require | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:102:35:102:57 | 'markdo ... itizer' | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:102:35:102:57 | 'markdo ... itizer' | InputArgumentIndex | 0 | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:102:35:102:57 | 'markdo ... itizer' | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:102:35:102:57 | 'markdo ... itizer' | calleeImports | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:102:35:102:57 | 'markdo ... itizer' | contextFunctionInterfaces | moreBadStuff(params, res) | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:102:35:102:57 | 'markdo ... itizer' | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:102:35:102:57 | 'markdo ... itizer' | enclosingFunctionBody | req res res send req body res send markdownIt render req body res send markdownIt2 render req body res send markdownIt3 render req body res send markdownIt use require markdown-it-sanitizer render req body res send markdownIt use require markdown-it-abbr use unknown render req body | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:102:35:102:57 | 'markdo ... itizer' | enclosingFunctionName | app.get#functionalargument | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:102:35:102:57 | 'markdo ... itizer' | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:102:35:102:57 | 'markdo ... itizer' | receiverName | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:102:35:102:57 | 'markdo ... itizer' | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:102:68:102:75 | req.body | CalleeFlexibleAccessPath | markdownIt.use().render | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:102:68:102:75 | req.body | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:102:68:102:75 | req.body | InputArgumentIndex | 0 | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:102:68:102:75 | req.body | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:102:68:102:75 | req.body | calleeImports | markdown-it | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:102:68:102:75 | req.body | contextFunctionInterfaces | moreBadStuff(params, res) | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:102:68:102:75 | req.body | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:102:68:102:75 | req.body | enclosingFunctionBody | req res res send req body res send markdownIt render req body res send markdownIt2 render req body res send markdownIt3 render req body res send markdownIt use require markdown-it-sanitizer render req body res send markdownIt use require markdown-it-abbr use unknown render req body | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:102:68:102:75 | req.body | enclosingFunctionName | app.get#functionalargument | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:102:68:102:75 | req.body | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:102:68:102:75 | req.body | receiverName | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:102:68:102:75 | req.body | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:103:27:103:53 | require ... -abbr') | CalleeFlexibleAccessPath | markdownIt.use | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:103:27:103:53 | require ... -abbr') | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:103:27:103:53 | require ... -abbr') | InputArgumentIndex | 0 | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:103:27:103:53 | require ... -abbr') | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:103:27:103:53 | require ... -abbr') | calleeImports | markdown-it | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:103:27:103:53 | require ... -abbr') | contextFunctionInterfaces | moreBadStuff(params, res) | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:103:27:103:53 | require ... -abbr') | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:103:27:103:53 | require ... -abbr') | enclosingFunctionBody | req res res send req body res send markdownIt render req body res send markdownIt2 render req body res send markdownIt3 render req body res send markdownIt use require markdown-it-sanitizer render req body res send markdownIt use require markdown-it-abbr use unknown render req body | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:103:27:103:53 | require ... -abbr') | enclosingFunctionName | app.get#functionalargument | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:103:27:103:53 | require ... -abbr') | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:103:27:103:53 | require ... -abbr') | receiverName | markdownIt | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:103:27:103:53 | require ... -abbr') | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:103:35:103:52 | 'markdown-it-abbr' | CalleeFlexibleAccessPath | require | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:103:35:103:52 | 'markdown-it-abbr' | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:103:35:103:52 | 'markdown-it-abbr' | InputArgumentIndex | 0 | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:103:35:103:52 | 'markdown-it-abbr' | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:103:35:103:52 | 'markdown-it-abbr' | calleeImports | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:103:35:103:52 | 'markdown-it-abbr' | contextFunctionInterfaces | moreBadStuff(params, res) | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:103:35:103:52 | 'markdown-it-abbr' | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:103:35:103:52 | 'markdown-it-abbr' | enclosingFunctionBody | req res res send req body res send markdownIt render req body res send markdownIt2 render req body res send markdownIt3 render req body res send markdownIt use require markdown-it-sanitizer render req body res send markdownIt use require markdown-it-abbr use unknown render req body | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:103:35:103:52 | 'markdown-it-abbr' | enclosingFunctionName | app.get#functionalargument | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:103:35:103:52 | 'markdown-it-abbr' | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:103:35:103:52 | 'markdown-it-abbr' | receiverName | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:103:35:103:52 | 'markdown-it-abbr' | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:103:60:103:66 | unknown | CalleeFlexibleAccessPath | markdownIt.use().use | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:103:60:103:66 | unknown | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:103:60:103:66 | unknown | InputArgumentIndex | 0 | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:103:60:103:66 | unknown | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:103:60:103:66 | unknown | calleeImports | markdown-it | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:103:60:103:66 | unknown | contextFunctionInterfaces | moreBadStuff(params, res) | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:103:60:103:66 | unknown | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:103:60:103:66 | unknown | enclosingFunctionBody | req res res send req body res send markdownIt render req body res send markdownIt2 render req body res send markdownIt3 render req body res send markdownIt use require markdown-it-sanitizer render req body res send markdownIt use require markdown-it-abbr use unknown render req body | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:103:60:103:66 | unknown | enclosingFunctionName | app.get#functionalargument | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:103:60:103:66 | unknown | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:103:60:103:66 | unknown | receiverName | | -| autogenerated/Xss/ReflectedXss/ReflectedXss.js:103:60:103:66 | unknown | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:1:23:1:31 | 'express' | CalleeFlexibleAccessPath | require | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:1:23:1:31 | 'express' | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:1:23:1:31 | 'express' | InputArgumentIndex | 0 | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:1:23:1:31 | 'express' | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:1:23:1:31 | 'express' | calleeImports | | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:1:23:1:31 | 'express' | contextFunctionInterfaces | textContentType() | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:1:23:1:31 | 'express' | contextSurroundingFunctionParameters | | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:1:23:1:31 | 'express' | enclosingFunctionBody | | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:1:23:1:31 | 'express' | enclosingFunctionName | | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:1:23:1:31 | 'express' | fileImports | express | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:1:23:1:31 | 'express' | receiverName | | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:1:23:1:31 | 'express' | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:4:9:4:19 | '/user/:id' | CalleeFlexibleAccessPath | app.get | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:4:9:4:19 | '/user/:id' | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:4:9:4:19 | '/user/:id' | InputArgumentIndex | 0 | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:4:9:4:19 | '/user/:id' | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:4:9:4:19 | '/user/:id' | calleeImports | express | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:4:9:4:19 | '/user/:id' | contextFunctionInterfaces | textContentType() | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:4:9:4:19 | '/user/:id' | contextSurroundingFunctionParameters | | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:4:9:4:19 | '/user/:id' | enclosingFunctionBody | | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:4:9:4:19 | '/user/:id' | enclosingFunctionName | | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:4:9:4:19 | '/user/:id' | fileImports | express | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:4:9:4:19 | '/user/:id' | receiverName | app | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:4:9:4:19 | '/user/:id' | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:4:22:12:1 | functio ... .\\n }\\n} | CalleeFlexibleAccessPath | app.get | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:4:22:12:1 | functio ... .\\n }\\n} | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:4:22:12:1 | functio ... .\\n }\\n} | InputArgumentIndex | 1 | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:4:22:12:1 | functio ... .\\n }\\n} | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:4:22:12:1 | functio ... .\\n }\\n} | calleeImports | express | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:4:22:12:1 | functio ... .\\n }\\n} | contextFunctionInterfaces | textContentType() | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:4:22:12:1 | functio ... .\\n }\\n} | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:4:22:12:1 | functio ... .\\n }\\n} | enclosingFunctionBody | | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:4:22:12:1 | functio ... .\\n }\\n} | enclosingFunctionName | | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:4:22:12:1 | functio ... .\\n }\\n} | fileImports | express | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:4:22:12:1 | functio ... .\\n }\\n} | receiverName | app | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:4:22:12:1 | functio ... .\\n }\\n} | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:6:13:6:26 | 'Content-Type' | CalleeFlexibleAccessPath | res.set | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:6:13:6:26 | 'Content-Type' | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:6:13:6:26 | 'Content-Type' | InputArgumentIndex | 0 | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:6:13:6:26 | 'Content-Type' | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:6:13:6:26 | 'Content-Type' | calleeImports | | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:6:13:6:26 | 'Content-Type' | contextFunctionInterfaces | textContentType() | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:6:13:6:26 | 'Content-Type' | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:6:13:6:26 | 'Content-Type' | enclosingFunctionBody | req res whatever res set Content-Type text/plain res send FOO: req params id res set Content-Type text/html res send FOO: req params id | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:6:13:6:26 | 'Content-Type' | enclosingFunctionName | app.get#functionalargument | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:6:13:6:26 | 'Content-Type' | fileImports | express | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:6:13:6:26 | 'Content-Type' | receiverName | res | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:6:13:6:26 | 'Content-Type' | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:6:29:6:40 | 'text/plain' | CalleeFlexibleAccessPath | res.set | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:6:29:6:40 | 'text/plain' | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:6:29:6:40 | 'text/plain' | InputArgumentIndex | 1 | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:6:29:6:40 | 'text/plain' | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:6:29:6:40 | 'text/plain' | calleeImports | | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:6:29:6:40 | 'text/plain' | contextFunctionInterfaces | textContentType() | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:6:29:6:40 | 'text/plain' | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:6:29:6:40 | 'text/plain' | enclosingFunctionBody | req res whatever res set Content-Type text/plain res send FOO: req params id res set Content-Type text/html res send FOO: req params id | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:6:29:6:40 | 'text/plain' | enclosingFunctionName | app.get#functionalargument | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:6:29:6:40 | 'text/plain' | fileImports | express | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:6:29:6:40 | 'text/plain' | receiverName | res | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:6:29:6:40 | 'text/plain' | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:9:13:9:26 | 'Content-Type' | CalleeFlexibleAccessPath | res.set | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:9:13:9:26 | 'Content-Type' | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:9:13:9:26 | 'Content-Type' | InputArgumentIndex | 0 | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:9:13:9:26 | 'Content-Type' | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:9:13:9:26 | 'Content-Type' | calleeImports | | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:9:13:9:26 | 'Content-Type' | contextFunctionInterfaces | textContentType() | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:9:13:9:26 | 'Content-Type' | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:9:13:9:26 | 'Content-Type' | enclosingFunctionBody | req res whatever res set Content-Type text/plain res send FOO: req params id res set Content-Type text/html res send FOO: req params id | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:9:13:9:26 | 'Content-Type' | enclosingFunctionName | app.get#functionalargument | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:9:13:9:26 | 'Content-Type' | fileImports | express | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:9:13:9:26 | 'Content-Type' | receiverName | res | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:9:13:9:26 | 'Content-Type' | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:9:29:9:39 | 'text/html' | CalleeFlexibleAccessPath | res.set | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:9:29:9:39 | 'text/html' | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:9:29:9:39 | 'text/html' | InputArgumentIndex | 1 | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:9:29:9:39 | 'text/html' | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:9:29:9:39 | 'text/html' | calleeImports | | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:9:29:9:39 | 'text/html' | contextFunctionInterfaces | textContentType() | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:9:29:9:39 | 'text/html' | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:9:29:9:39 | 'text/html' | enclosingFunctionBody | req res whatever res set Content-Type text/plain res send FOO: req params id res set Content-Type text/html res send FOO: req params id | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:9:29:9:39 | 'text/html' | enclosingFunctionName | app.get#functionalargument | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:9:29:9:39 | 'text/html' | fileImports | express | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:9:29:9:39 | 'text/html' | receiverName | res | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:9:29:9:39 | 'text/html' | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:14:9:14:19 | '/user/:id' | CalleeFlexibleAccessPath | app.get | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:14:9:14:19 | '/user/:id' | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:14:9:14:19 | '/user/:id' | InputArgumentIndex | 0 | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:14:9:14:19 | '/user/:id' | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:14:9:14:19 | '/user/:id' | calleeImports | express | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:14:9:14:19 | '/user/:id' | contextFunctionInterfaces | textContentType() | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:14:9:14:19 | '/user/:id' | contextSurroundingFunctionParameters | | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:14:9:14:19 | '/user/:id' | enclosingFunctionBody | | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:14:9:14:19 | '/user/:id' | enclosingFunctionName | | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:14:9:14:19 | '/user/:id' | fileImports | express | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:14:9:14:19 | '/user/:id' | receiverName | app | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:14:9:14:19 | '/user/:id' | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:14:22:22:1 | functio ... .\\n }\\n} | CalleeFlexibleAccessPath | app.get | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:14:22:22:1 | functio ... .\\n }\\n} | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:14:22:22:1 | functio ... .\\n }\\n} | InputArgumentIndex | 1 | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:14:22:22:1 | functio ... .\\n }\\n} | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:14:22:22:1 | functio ... .\\n }\\n} | calleeImports | express | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:14:22:22:1 | functio ... .\\n }\\n} | contextFunctionInterfaces | textContentType() | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:14:22:22:1 | functio ... .\\n }\\n} | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:14:22:22:1 | functio ... .\\n }\\n} | enclosingFunctionBody | | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:14:22:22:1 | functio ... .\\n }\\n} | enclosingFunctionName | | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:14:22:22:1 | functio ... .\\n }\\n} | fileImports | express | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:14:22:22:1 | functio ... .\\n }\\n} | receiverName | app | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:14:22:22:1 | functio ... .\\n }\\n} | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:16:19:16:21 | 200 | CalleeFlexibleAccessPath | res.writeHead | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:16:19:16:21 | 200 | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:16:19:16:21 | 200 | InputArgumentIndex | 0 | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:16:19:16:21 | 200 | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:16:19:16:21 | 200 | calleeImports | | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:16:19:16:21 | 200 | contextFunctionInterfaces | textContentType() | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:16:19:16:21 | 200 | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:16:19:16:21 | 200 | enclosingFunctionBody | req res whatever res writeHead 200 Content-Type application/json res send FOO: req params id res writeHead 404 res send FOO: req params id | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:16:19:16:21 | 200 | enclosingFunctionName | app.get#functionalargument | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:16:19:16:21 | 200 | fileImports | express | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:16:19:16:21 | 200 | receiverName | res | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:16:19:16:21 | 200 | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:16:24:16:59 | {'Conte ... /json'} | CalleeFlexibleAccessPath | res.writeHead | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:16:24:16:59 | {'Conte ... /json'} | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:16:24:16:59 | {'Conte ... /json'} | InputArgumentIndex | 1 | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:16:24:16:59 | {'Conte ... /json'} | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:16:24:16:59 | {'Conte ... /json'} | calleeImports | | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:16:24:16:59 | {'Conte ... /json'} | contextFunctionInterfaces | textContentType() | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:16:24:16:59 | {'Conte ... /json'} | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:16:24:16:59 | {'Conte ... /json'} | enclosingFunctionBody | req res whatever res writeHead 200 Content-Type application/json res send FOO: req params id res writeHead 404 res send FOO: req params id | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:16:24:16:59 | {'Conte ... /json'} | enclosingFunctionName | app.get#functionalargument | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:16:24:16:59 | {'Conte ... /json'} | fileImports | express | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:16:24:16:59 | {'Conte ... /json'} | receiverName | res | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:16:24:16:59 | {'Conte ... /json'} | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:16:41:16:58 | 'application/json' | CalleeFlexibleAccessPath | res.writeHead | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:16:41:16:58 | 'application/json' | InputAccessPathFromCallee | 1.Content-Type | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:16:41:16:58 | 'application/json' | InputArgumentIndex | 1 | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:16:41:16:58 | 'application/json' | assignedToPropName | Content-Type | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:16:41:16:58 | 'application/json' | calleeImports | | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:16:41:16:58 | 'application/json' | contextFunctionInterfaces | textContentType() | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:16:41:16:58 | 'application/json' | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:16:41:16:58 | 'application/json' | enclosingFunctionBody | req res whatever res writeHead 200 Content-Type application/json res send FOO: req params id res writeHead 404 res send FOO: req params id | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:16:41:16:58 | 'application/json' | enclosingFunctionName | app.get#functionalargument | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:16:41:16:58 | 'application/json' | fileImports | express | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:16:41:16:58 | 'application/json' | receiverName | | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:16:41:16:58 | 'application/json' | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:19:19:19:21 | 404 | CalleeFlexibleAccessPath | res.writeHead | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:19:19:19:21 | 404 | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:19:19:19:21 | 404 | InputArgumentIndex | 0 | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:19:19:19:21 | 404 | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:19:19:19:21 | 404 | calleeImports | | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:19:19:19:21 | 404 | contextFunctionInterfaces | textContentType() | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:19:19:19:21 | 404 | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:19:19:19:21 | 404 | enclosingFunctionBody | req res whatever res writeHead 200 Content-Type application/json res send FOO: req params id res writeHead 404 res send FOO: req params id | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:19:19:19:21 | 404 | enclosingFunctionName | app.get#functionalargument | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:19:19:19:21 | 404 | fileImports | express | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:19:19:19:21 | 404 | receiverName | res | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:19:19:19:21 | 404 | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:25:9:25:19 | '/user/:id' | CalleeFlexibleAccessPath | app.get | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:25:9:25:19 | '/user/:id' | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:25:9:25:19 | '/user/:id' | InputArgumentIndex | 0 | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:25:9:25:19 | '/user/:id' | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:25:9:25:19 | '/user/:id' | calleeImports | express | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:25:9:25:19 | '/user/:id' | contextFunctionInterfaces | textContentType() | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:25:9:25:19 | '/user/:id' | contextSurroundingFunctionParameters | | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:25:9:25:19 | '/user/:id' | enclosingFunctionBody | | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:25:9:25:19 | '/user/:id' | enclosingFunctionName | | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:25:9:25:19 | '/user/:id' | fileImports | express | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:25:9:25:19 | '/user/:id' | receiverName | app | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:25:9:25:19 | '/user/:id' | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:25:22:33:1 | functio ... JSON\\n} | CalleeFlexibleAccessPath | app.get | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:25:22:33:1 | functio ... JSON\\n} | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:25:22:33:1 | functio ... JSON\\n} | InputArgumentIndex | 1 | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:25:22:33:1 | functio ... JSON\\n} | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:25:22:33:1 | functio ... JSON\\n} | calleeImports | express | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:25:22:33:1 | functio ... JSON\\n} | contextFunctionInterfaces | textContentType() | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:25:22:33:1 | functio ... JSON\\n} | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:25:22:33:1 | functio ... JSON\\n} | enclosingFunctionBody | | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:25:22:33:1 | functio ... JSON\\n} | enclosingFunctionName | | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:25:22:33:1 | functio ... JSON\\n} | fileImports | express | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:25:22:33:1 | functio ... JSON\\n} | receiverName | app | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:25:22:33:1 | functio ... JSON\\n} | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:26:17:26:19 | 200 | CalleeFlexibleAccessPath | res.writeHead | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:26:17:26:19 | 200 | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:26:17:26:19 | 200 | InputArgumentIndex | 0 | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:26:17:26:19 | 200 | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:26:17:26:19 | 200 | calleeImports | | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:26:17:26:19 | 200 | contextFunctionInterfaces | textContentType() | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:26:17:26:19 | 200 | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:26:17:26:19 | 200 | enclosingFunctionBody | req res res writeHead 200 Content-Type application/json whatever res send FOO: req params id res send FOO: req params id res send FOO: req params id | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:26:17:26:19 | 200 | enclosingFunctionName | app.get#functionalargument | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:26:17:26:19 | 200 | fileImports | express | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:26:17:26:19 | 200 | receiverName | res | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:26:17:26:19 | 200 | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:26:22:26:57 | {'Conte ... /json'} | CalleeFlexibleAccessPath | res.writeHead | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:26:22:26:57 | {'Conte ... /json'} | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:26:22:26:57 | {'Conte ... /json'} | InputArgumentIndex | 1 | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:26:22:26:57 | {'Conte ... /json'} | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:26:22:26:57 | {'Conte ... /json'} | calleeImports | | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:26:22:26:57 | {'Conte ... /json'} | contextFunctionInterfaces | textContentType() | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:26:22:26:57 | {'Conte ... /json'} | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:26:22:26:57 | {'Conte ... /json'} | enclosingFunctionBody | req res res writeHead 200 Content-Type application/json whatever res send FOO: req params id res send FOO: req params id res send FOO: req params id | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:26:22:26:57 | {'Conte ... /json'} | enclosingFunctionName | app.get#functionalargument | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:26:22:26:57 | {'Conte ... /json'} | fileImports | express | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:26:22:26:57 | {'Conte ... /json'} | receiverName | res | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:26:22:26:57 | {'Conte ... /json'} | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:26:39:26:56 | 'application/json' | CalleeFlexibleAccessPath | res.writeHead | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:26:39:26:56 | 'application/json' | InputAccessPathFromCallee | 1.Content-Type | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:26:39:26:56 | 'application/json' | InputArgumentIndex | 1 | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:26:39:26:56 | 'application/json' | assignedToPropName | Content-Type | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:26:39:26:56 | 'application/json' | calleeImports | | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:26:39:26:56 | 'application/json' | contextFunctionInterfaces | textContentType() | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:26:39:26:56 | 'application/json' | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:26:39:26:56 | 'application/json' | enclosingFunctionBody | req res res writeHead 200 Content-Type application/json whatever res send FOO: req params id res send FOO: req params id res send FOO: req params id | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:26:39:26:56 | 'application/json' | enclosingFunctionName | app.get#functionalargument | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:26:39:26:56 | 'application/json' | fileImports | express | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:26:39:26:56 | 'application/json' | receiverName | | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:26:39:26:56 | 'application/json' | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:36:9:36:19 | '/user/:id' | CalleeFlexibleAccessPath | app.get | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:36:9:36:19 | '/user/:id' | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:36:9:36:19 | '/user/:id' | InputArgumentIndex | 0 | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:36:9:36:19 | '/user/:id' | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:36:9:36:19 | '/user/:id' | calleeImports | express | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:36:9:36:19 | '/user/:id' | contextFunctionInterfaces | textContentType() | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:36:9:36:19 | '/user/:id' | contextSurroundingFunctionParameters | | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:36:9:36:19 | '/user/:id' | enclosingFunctionBody | | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:36:9:36:19 | '/user/:id' | enclosingFunctionName | | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:36:9:36:19 | '/user/:id' | fileImports | express | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:36:9:36:19 | '/user/:id' | receiverName | app | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:36:9:36:19 | '/user/:id' | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:36:22:44:1 | functio ... K\\n }\\n} | CalleeFlexibleAccessPath | app.get | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:36:22:44:1 | functio ... K\\n }\\n} | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:36:22:44:1 | functio ... K\\n }\\n} | InputArgumentIndex | 1 | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:36:22:44:1 | functio ... K\\n }\\n} | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:36:22:44:1 | functio ... K\\n }\\n} | calleeImports | express | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:36:22:44:1 | functio ... K\\n }\\n} | contextFunctionInterfaces | textContentType() | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:36:22:44:1 | functio ... K\\n }\\n} | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:36:22:44:1 | functio ... K\\n }\\n} | enclosingFunctionBody | | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:36:22:44:1 | functio ... K\\n }\\n} | enclosingFunctionName | | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:36:22:44:1 | functio ... K\\n }\\n} | fileImports | express | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:36:22:44:1 | functio ... K\\n }\\n} | receiverName | app | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:36:22:44:1 | functio ... K\\n }\\n} | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:41:19:41:32 | 'Content-Type' | CalleeFlexibleAccessPath | res.setHeader | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:41:19:41:32 | 'Content-Type' | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:41:19:41:32 | 'Content-Type' | InputArgumentIndex | 0 | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:41:19:41:32 | 'Content-Type' | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:41:19:41:32 | 'Content-Type' | calleeImports | | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:41:19:41:32 | 'Content-Type' | contextFunctionInterfaces | textContentType() | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:41:19:41:32 | 'Content-Type' | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:41:19:41:32 | 'Content-Type' | enclosingFunctionBody | req res err res statusCode 404 res end FOO: req params id res setHeader Content-Type text/plain;charset=utf8 res end FOO: req params id | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:41:19:41:32 | 'Content-Type' | enclosingFunctionName | app.get#functionalargument | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:41:19:41:32 | 'Content-Type' | fileImports | express | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:41:19:41:32 | 'Content-Type' | receiverName | res | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:41:19:41:32 | 'Content-Type' | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:41:35:41:59 | 'text/p ... t=utf8' | CalleeFlexibleAccessPath | res.setHeader | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:41:35:41:59 | 'text/p ... t=utf8' | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:41:35:41:59 | 'text/p ... t=utf8' | InputArgumentIndex | 1 | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:41:35:41:59 | 'text/p ... t=utf8' | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:41:35:41:59 | 'text/p ... t=utf8' | calleeImports | | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:41:35:41:59 | 'text/p ... t=utf8' | contextFunctionInterfaces | textContentType() | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:41:35:41:59 | 'text/p ... t=utf8' | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:41:35:41:59 | 'text/p ... t=utf8' | enclosingFunctionBody | req res err res statusCode 404 res end FOO: req params id res setHeader Content-Type text/plain;charset=utf8 res end FOO: req params id | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:41:35:41:59 | 'text/p ... t=utf8' | enclosingFunctionName | app.get#functionalargument | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:41:35:41:59 | 'text/p ... t=utf8' | fileImports | express | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:41:35:41:59 | 'text/p ... t=utf8' | receiverName | res | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:41:35:41:59 | 'text/p ... t=utf8' | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:50:9:50:19 | '/user/:id' | CalleeFlexibleAccessPath | app.get | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:50:9:50:19 | '/user/:id' | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:50:9:50:19 | '/user/:id' | InputArgumentIndex | 0 | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:50:9:50:19 | '/user/:id' | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:50:9:50:19 | '/user/:id' | calleeImports | express | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:50:9:50:19 | '/user/:id' | contextFunctionInterfaces | textContentType() | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:50:9:50:19 | '/user/:id' | contextSurroundingFunctionParameters | | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:50:9:50:19 | '/user/:id' | enclosingFunctionBody | | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:50:9:50:19 | '/user/:id' | enclosingFunctionName | | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:50:9:50:19 | '/user/:id' | fileImports | express | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:50:9:50:19 | '/user/:id' | receiverName | app | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:50:9:50:19 | '/user/:id' | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:50:22:58:1 | functio ... K\\n }\\n} | CalleeFlexibleAccessPath | app.get | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:50:22:58:1 | functio ... K\\n }\\n} | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:50:22:58:1 | functio ... K\\n }\\n} | InputArgumentIndex | 1 | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:50:22:58:1 | functio ... K\\n }\\n} | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:50:22:58:1 | functio ... K\\n }\\n} | calleeImports | express | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:50:22:58:1 | functio ... K\\n }\\n} | contextFunctionInterfaces | textContentType() | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:50:22:58:1 | functio ... K\\n }\\n} | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:50:22:58:1 | functio ... K\\n }\\n} | enclosingFunctionBody | | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:50:22:58:1 | functio ... K\\n }\\n} | enclosingFunctionName | | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:50:22:58:1 | functio ... K\\n }\\n} | fileImports | express | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:50:22:58:1 | functio ... K\\n }\\n} | receiverName | app | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:50:22:58:1 | functio ... K\\n }\\n} | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:52:16:52:50 | {'Conte ... Type()} | CalleeFlexibleAccessPath | res.header | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:52:16:52:50 | {'Conte ... Type()} | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:52:16:52:50 | {'Conte ... Type()} | InputArgumentIndex | 0 | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:52:16:52:50 | {'Conte ... Type()} | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:52:16:52:50 | {'Conte ... Type()} | calleeImports | | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:52:16:52:50 | {'Conte ... Type()} | contextFunctionInterfaces | textContentType() | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:52:16:52:50 | {'Conte ... Type()} | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:52:16:52:50 | {'Conte ... Type()} | enclosingFunctionBody | req res err res header Content-Type textContentType res end FOO: req params id res setHeader Content-Type text/plain;charset=utf8 res end FOO: req params id | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:52:16:52:50 | {'Conte ... Type()} | enclosingFunctionName | app.get#functionalargument | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:52:16:52:50 | {'Conte ... Type()} | fileImports | express | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:52:16:52:50 | {'Conte ... Type()} | receiverName | res | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:52:16:52:50 | {'Conte ... Type()} | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:52:33:52:49 | textContentType() | CalleeFlexibleAccessPath | res.header | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:52:33:52:49 | textContentType() | InputAccessPathFromCallee | 0.Content-Type | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:52:33:52:49 | textContentType() | InputArgumentIndex | 0 | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:52:33:52:49 | textContentType() | assignedToPropName | Content-Type | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:52:33:52:49 | textContentType() | calleeImports | | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:52:33:52:49 | textContentType() | contextFunctionInterfaces | textContentType() | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:52:33:52:49 | textContentType() | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:52:33:52:49 | textContentType() | enclosingFunctionBody | req res err res header Content-Type textContentType res end FOO: req params id res setHeader Content-Type text/plain;charset=utf8 res end FOO: req params id | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:52:33:52:49 | textContentType() | enclosingFunctionName | app.get#functionalargument | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:52:33:52:49 | textContentType() | fileImports | express | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:52:33:52:49 | textContentType() | receiverName | | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:52:33:52:49 | textContentType() | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:55:19:55:32 | 'Content-Type' | CalleeFlexibleAccessPath | res.setHeader | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:55:19:55:32 | 'Content-Type' | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:55:19:55:32 | 'Content-Type' | InputArgumentIndex | 0 | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:55:19:55:32 | 'Content-Type' | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:55:19:55:32 | 'Content-Type' | calleeImports | | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:55:19:55:32 | 'Content-Type' | contextFunctionInterfaces | textContentType() | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:55:19:55:32 | 'Content-Type' | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:55:19:55:32 | 'Content-Type' | enclosingFunctionBody | req res err res header Content-Type textContentType res end FOO: req params id res setHeader Content-Type text/plain;charset=utf8 res end FOO: req params id | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:55:19:55:32 | 'Content-Type' | enclosingFunctionName | app.get#functionalargument | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:55:19:55:32 | 'Content-Type' | fileImports | express | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:55:19:55:32 | 'Content-Type' | receiverName | res | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:55:19:55:32 | 'Content-Type' | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:55:35:55:59 | 'text/p ... t=utf8' | CalleeFlexibleAccessPath | res.setHeader | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:55:35:55:59 | 'text/p ... t=utf8' | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:55:35:55:59 | 'text/p ... t=utf8' | InputArgumentIndex | 1 | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:55:35:55:59 | 'text/p ... t=utf8' | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:55:35:55:59 | 'text/p ... t=utf8' | calleeImports | | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:55:35:55:59 | 'text/p ... t=utf8' | contextFunctionInterfaces | textContentType() | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:55:35:55:59 | 'text/p ... t=utf8' | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:55:35:55:59 | 'text/p ... t=utf8' | enclosingFunctionBody | req res err res header Content-Type textContentType res end FOO: req params id res setHeader Content-Type text/plain;charset=utf8 res end FOO: req params id | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:55:35:55:59 | 'text/p ... t=utf8' | enclosingFunctionName | app.get#functionalargument | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:55:35:55:59 | 'text/p ... t=utf8' | fileImports | express | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:55:35:55:59 | 'text/p ... t=utf8' | receiverName | res | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:55:35:55:59 | 'text/p ... t=utf8' | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:60:9:60:19 | '/user/:id' | CalleeFlexibleAccessPath | app.get | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:60:9:60:19 | '/user/:id' | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:60:9:60:19 | '/user/:id' | InputArgumentIndex | 0 | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:60:9:60:19 | '/user/:id' | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:60:9:60:19 | '/user/:id' | calleeImports | express | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:60:9:60:19 | '/user/:id' | contextFunctionInterfaces | textContentType() | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:60:9:60:19 | '/user/:id' | contextSurroundingFunctionParameters | | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:60:9:60:19 | '/user/:id' | enclosingFunctionBody | | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:60:9:60:19 | '/user/:id' | enclosingFunctionName | | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:60:9:60:19 | '/user/:id' | fileImports | express | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:60:9:60:19 | '/user/:id' | receiverName | app | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:60:9:60:19 | '/user/:id' | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:60:22:71:1 | functio ... set.\\n} | CalleeFlexibleAccessPath | app.get | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:60:22:71:1 | functio ... set.\\n} | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:60:22:71:1 | functio ... set.\\n} | InputArgumentIndex | 1 | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:60:22:71:1 | functio ... set.\\n} | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:60:22:71:1 | functio ... set.\\n} | calleeImports | express | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:60:22:71:1 | functio ... set.\\n} | contextFunctionInterfaces | textContentType() | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:60:22:71:1 | functio ... set.\\n} | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:60:22:71:1 | functio ... set.\\n} | enclosingFunctionBody | | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:60:22:71:1 | functio ... set.\\n} | enclosingFunctionName | | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:60:22:71:1 | functio ... set.\\n} | fileImports | express | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:60:22:71:1 | functio ... set.\\n} | receiverName | app | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:60:22:71:1 | functio ... set.\\n} | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:62:19:62:21 | 200 | CalleeFlexibleAccessPath | res.writeHead | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:62:19:62:21 | 200 | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:62:19:62:21 | 200 | InputArgumentIndex | 0 | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:62:19:62:21 | 200 | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:62:19:62:21 | 200 | calleeImports | | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:62:19:62:21 | 200 | contextFunctionInterfaces | textContentType() | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:62:19:62:21 | 200 | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:62:19:62:21 | 200 | enclosingFunctionBody | req res err res writeHead 200 Content-Type application/json res send FOO: req params id doSomething somethingMore Math random res writeHead 404 res send FOO: req params id | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:62:19:62:21 | 200 | enclosingFunctionName | app.get#functionalargument | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:62:19:62:21 | 200 | fileImports | express | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:62:19:62:21 | 200 | receiverName | res | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:62:19:62:21 | 200 | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:62:24:62:59 | {'Conte ... /json'} | CalleeFlexibleAccessPath | res.writeHead | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:62:24:62:59 | {'Conte ... /json'} | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:62:24:62:59 | {'Conte ... /json'} | InputArgumentIndex | 1 | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:62:24:62:59 | {'Conte ... /json'} | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:62:24:62:59 | {'Conte ... /json'} | calleeImports | | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:62:24:62:59 | {'Conte ... /json'} | contextFunctionInterfaces | textContentType() | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:62:24:62:59 | {'Conte ... /json'} | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:62:24:62:59 | {'Conte ... /json'} | enclosingFunctionBody | req res err res writeHead 200 Content-Type application/json res send FOO: req params id doSomething somethingMore Math random res writeHead 404 res send FOO: req params id | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:62:24:62:59 | {'Conte ... /json'} | enclosingFunctionName | app.get#functionalargument | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:62:24:62:59 | {'Conte ... /json'} | fileImports | express | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:62:24:62:59 | {'Conte ... /json'} | receiverName | res | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:62:24:62:59 | {'Conte ... /json'} | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:62:41:62:58 | 'application/json' | CalleeFlexibleAccessPath | res.writeHead | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:62:41:62:58 | 'application/json' | InputAccessPathFromCallee | 1.Content-Type | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:62:41:62:58 | 'application/json' | InputArgumentIndex | 1 | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:62:41:62:58 | 'application/json' | assignedToPropName | Content-Type | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:62:41:62:58 | 'application/json' | calleeImports | | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:62:41:62:58 | 'application/json' | contextFunctionInterfaces | textContentType() | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:62:41:62:58 | 'application/json' | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:62:41:62:58 | 'application/json' | enclosingFunctionBody | req res err res writeHead 200 Content-Type application/json res send FOO: req params id doSomething somethingMore Math random res writeHead 404 res send FOO: req params id | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:62:41:62:58 | 'application/json' | enclosingFunctionName | app.get#functionalargument | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:62:41:62:58 | 'application/json' | fileImports | express | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:62:41:62:58 | 'application/json' | receiverName | | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:62:41:62:58 | 'application/json' | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:69:17:69:19 | 404 | CalleeFlexibleAccessPath | res.writeHead | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:69:17:69:19 | 404 | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:69:17:69:19 | 404 | InputArgumentIndex | 0 | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:69:17:69:19 | 404 | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:69:17:69:19 | 404 | calleeImports | | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:69:17:69:19 | 404 | contextFunctionInterfaces | textContentType() | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:69:17:69:19 | 404 | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:69:17:69:19 | 404 | enclosingFunctionBody | req res err res writeHead 200 Content-Type application/json res send FOO: req params id doSomething somethingMore Math random res writeHead 404 res send FOO: req params id | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:69:17:69:19 | 404 | enclosingFunctionName | app.get#functionalargument | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:69:17:69:19 | 404 | fileImports | express | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:69:17:69:19 | 404 | receiverName | res | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:69:17:69:19 | 404 | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:73:9:73:19 | '/user/:id' | CalleeFlexibleAccessPath | app.get | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:73:9:73:19 | '/user/:id' | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:73:9:73:19 | '/user/:id' | InputArgumentIndex | 0 | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:73:9:73:19 | '/user/:id' | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:73:9:73:19 | '/user/:id' | calleeImports | express | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:73:9:73:19 | '/user/:id' | contextFunctionInterfaces | textContentType() | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:73:9:73:19 | '/user/:id' | contextSurroundingFunctionParameters | | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:73:9:73:19 | '/user/:id' | enclosingFunctionBody | | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:73:9:73:19 | '/user/:id' | enclosingFunctionName | | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:73:9:73:19 | '/user/:id' | fileImports | express | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:73:9:73:19 | '/user/:id' | receiverName | app | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:73:9:73:19 | '/user/:id' | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:73:22:79:1 | functio ... // OK\\n} | CalleeFlexibleAccessPath | app.get | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:73:22:79:1 | functio ... // OK\\n} | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:73:22:79:1 | functio ... // OK\\n} | InputArgumentIndex | 1 | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:73:22:79:1 | functio ... // OK\\n} | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:73:22:79:1 | functio ... // OK\\n} | calleeImports | express | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:73:22:79:1 | functio ... // OK\\n} | contextFunctionInterfaces | textContentType() | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:73:22:79:1 | functio ... // OK\\n} | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:73:22:79:1 | functio ... // OK\\n} | enclosingFunctionBody | | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:73:22:79:1 | functio ... // OK\\n} | enclosingFunctionName | | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:73:22:79:1 | functio ... // OK\\n} | fileImports | express | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:73:22:79:1 | functio ... // OK\\n} | receiverName | app | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:73:22:79:1 | functio ... // OK\\n} | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:74:14:74:48 | {'Conte ... Type()} | CalleeFlexibleAccessPath | res.header | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:74:14:74:48 | {'Conte ... Type()} | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:74:14:74:48 | {'Conte ... Type()} | InputArgumentIndex | 0 | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:74:14:74:48 | {'Conte ... Type()} | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:74:14:74:48 | {'Conte ... Type()} | calleeImports | | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:74:14:74:48 | {'Conte ... Type()} | contextFunctionInterfaces | textContentType() | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:74:14:74:48 | {'Conte ... Type()} | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:74:14:74:48 | {'Conte ... Type()} | enclosingFunctionBody | req res res header Content-Type textContentType myFancyFunction res send FOO: req params id res end FOO: req params id | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:74:14:74:48 | {'Conte ... Type()} | enclosingFunctionName | app.get#functionalargument | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:74:14:74:48 | {'Conte ... Type()} | fileImports | express | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:74:14:74:48 | {'Conte ... Type()} | receiverName | res | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:74:14:74:48 | {'Conte ... Type()} | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:74:31:74:47 | textContentType() | CalleeFlexibleAccessPath | res.header | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:74:31:74:47 | textContentType() | InputAccessPathFromCallee | 0.Content-Type | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:74:31:74:47 | textContentType() | InputArgumentIndex | 0 | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:74:31:74:47 | textContentType() | assignedToPropName | Content-Type | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:74:31:74:47 | textContentType() | calleeImports | | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:74:31:74:47 | textContentType() | contextFunctionInterfaces | textContentType() | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:74:31:74:47 | textContentType() | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:74:31:74:47 | textContentType() | enclosingFunctionBody | req res res header Content-Type textContentType myFancyFunction res send FOO: req params id res end FOO: req params id | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:74:31:74:47 | textContentType() | enclosingFunctionName | app.get#functionalargument | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:74:31:74:47 | textContentType() | fileImports | express | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:74:31:74:47 | textContentType() | receiverName | | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:74:31:74:47 | textContentType() | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:75:19:77:3 | () => { ... OK\\n } | CalleeFlexibleAccessPath | myFancyFunction | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:75:19:77:3 | () => { ... OK\\n } | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:75:19:77:3 | () => { ... OK\\n } | InputArgumentIndex | 0 | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:75:19:77:3 | () => { ... OK\\n } | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:75:19:77:3 | () => { ... OK\\n } | calleeImports | | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:75:19:77:3 | () => { ... OK\\n } | contextFunctionInterfaces | textContentType() | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:75:19:77:3 | () => { ... OK\\n } | contextSurroundingFunctionParameters | (req, res)\n() | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:75:19:77:3 | () => { ... OK\\n } | enclosingFunctionBody | req res res header Content-Type textContentType myFancyFunction res send FOO: req params id res end FOO: req params id | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:75:19:77:3 | () => { ... OK\\n } | enclosingFunctionName | app.get#functionalargument | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:75:19:77:3 | () => { ... OK\\n } | fileImports | express | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:75:19:77:3 | () => { ... OK\\n } | receiverName | | -| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:75:19:77:3 | () => { ... OK\\n } | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:1:21:1:25 | "url" | CalleeFlexibleAccessPath | require | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:1:21:1:25 | "url" | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:1:21:1:25 | "url" | InputArgumentIndex | 0 | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:1:21:1:25 | "url" | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:1:21:1:25 | "url" | calleeImports | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:1:21:1:25 | "url" | contextFunctionInterfaces | sendTextResponse(resp, text) | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:1:21:1:25 | "url" | contextSurroundingFunctionParameters | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:1:21:1:25 | "url" | enclosingFunctionBody | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:1:21:1:25 | "url" | enclosingFunctionName | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:1:21:1:25 | "url" | fileImports | http url | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:1:21:1:25 | "url" | receiverName | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:1:21:1:25 | "url" | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:3:9:3:14 | "http" | CalleeFlexibleAccessPath | require | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:3:9:3:14 | "http" | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:3:9:3:14 | "http" | InputArgumentIndex | 0 | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:3:9:3:14 | "http" | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:3:9:3:14 | "http" | calleeImports | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:3:9:3:14 | "http" | contextFunctionInterfaces | sendTextResponse(resp, text) | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:3:9:3:14 | "http" | contextSurroundingFunctionParameters | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:3:9:3:14 | "http" | enclosingFunctionBody | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:3:9:3:14 | "http" | enclosingFunctionName | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:3:9:3:14 | "http" | fileImports | http url | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:3:9:3:14 | "http" | receiverName | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:3:9:3:14 | "http" | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:3:30:6:1 | functio ... name)\\n} | CalleeFlexibleAccessPath | import(!).createServer | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:3:30:6:1 | functio ... name)\\n} | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:3:30:6:1 | functio ... name)\\n} | InputArgumentIndex | 0 | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:3:30:6:1 | functio ... name)\\n} | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:3:30:6:1 | functio ... name)\\n} | calleeImports | http | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:3:30:6:1 | functio ... name)\\n} | contextFunctionInterfaces | sendTextResponse(resp, text) | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:3:30:6:1 | functio ... name)\\n} | contextSurroundingFunctionParameters | (req, resp) | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:3:30:6:1 | functio ... name)\\n} | enclosingFunctionBody | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:3:30:6:1 | functio ... name)\\n} | enclosingFunctionName | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:3:30:6:1 | functio ... name)\\n} | fileImports | http url | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:3:30:6:1 | functio ... name)\\n} | receiverName | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:3:30:6:1 | functio ... name)\\n} | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:9:18:9:20 | 200 | CalleeFlexibleAccessPath | resp.writeHead | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:9:18:9:20 | 200 | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:9:18:9:20 | 200 | InputArgumentIndex | 0 | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:9:18:9:20 | 200 | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:9:18:9:20 | 200 | calleeImports | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:9:18:9:20 | 200 | contextFunctionInterfaces | sendTextResponse(resp, text) | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:9:18:9:20 | 200 | contextSurroundingFunctionParameters | (resp, text) | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:9:18:9:20 | 200 | enclosingFunctionBody | resp text resp writeHead 200 content-type text/plain; charset=utf-8 resp end text | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:9:18:9:20 | 200 | enclosingFunctionName | sendTextResponse | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:9:18:9:20 | 200 | fileImports | http url | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:9:18:9:20 | 200 | receiverName | resp | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:9:18:9:20 | 200 | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:9:23:9:67 | {"conte ... utf-8"} | CalleeFlexibleAccessPath | resp.writeHead | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:9:23:9:67 | {"conte ... utf-8"} | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:9:23:9:67 | {"conte ... utf-8"} | InputArgumentIndex | 1 | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:9:23:9:67 | {"conte ... utf-8"} | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:9:23:9:67 | {"conte ... utf-8"} | calleeImports | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:9:23:9:67 | {"conte ... utf-8"} | contextFunctionInterfaces | sendTextResponse(resp, text) | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:9:23:9:67 | {"conte ... utf-8"} | contextSurroundingFunctionParameters | (resp, text) | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:9:23:9:67 | {"conte ... utf-8"} | enclosingFunctionBody | resp text resp writeHead 200 content-type text/plain; charset=utf-8 resp end text | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:9:23:9:67 | {"conte ... utf-8"} | enclosingFunctionName | sendTextResponse | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:9:23:9:67 | {"conte ... utf-8"} | fileImports | http url | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:9:23:9:67 | {"conte ... utf-8"} | receiverName | resp | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:9:23:9:67 | {"conte ... utf-8"} | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:9:40:9:66 | "text/p ... =utf-8" | CalleeFlexibleAccessPath | resp.writeHead | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:9:40:9:66 | "text/p ... =utf-8" | InputAccessPathFromCallee | 1.content-type | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:9:40:9:66 | "text/p ... =utf-8" | InputArgumentIndex | 1 | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:9:40:9:66 | "text/p ... =utf-8" | assignedToPropName | content-type | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:9:40:9:66 | "text/p ... =utf-8" | calleeImports | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:9:40:9:66 | "text/p ... =utf-8" | contextFunctionInterfaces | sendTextResponse(resp, text) | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:9:40:9:66 | "text/p ... =utf-8" | contextSurroundingFunctionParameters | (resp, text) | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:9:40:9:66 | "text/p ... =utf-8" | enclosingFunctionBody | resp text resp writeHead 200 content-type text/plain; charset=utf-8 resp end text | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:9:40:9:66 | "text/p ... =utf-8" | enclosingFunctionName | sendTextResponse | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:9:40:9:66 | "text/p ... =utf-8" | fileImports | http url | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:9:40:9:66 | "text/p ... =utf-8" | receiverName | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:9:40:9:66 | "text/p ... =utf-8" | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:1:23:1:31 | 'express' | CalleeFlexibleAccessPath | require | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:1:23:1:31 | 'express' | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:1:23:1:31 | 'express' | InputArgumentIndex | 0 | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:1:23:1:31 | 'express' | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:1:23:1:31 | 'express' | calleeImports | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:1:23:1:31 | 'express' | contextFunctionInterfaces | escapeHtml1(string)\nescapeHtml2(s)\nescapeHtml3(value)\nescapeHtml4(s) | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:1:23:1:31 | 'express' | contextSurroundingFunctionParameters | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:1:23:1:31 | 'express' | enclosingFunctionBody | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:1:23:1:31 | 'express' | enclosingFunctionName | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:1:23:1:31 | 'express' | fileImports | express | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:1:23:1:31 | 'express' | receiverName | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:1:23:1:31 | 'express' | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:8:14:8:15 | '' | CalleeFlexibleAccessPath | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:8:14:8:15 | '' | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:8:14:8:15 | '' | InputArgumentIndex | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:8:14:8:15 | '' | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:8:14:8:15 | '' | calleeImports | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:8:14:8:15 | '' | contextFunctionInterfaces | escapeHtml1(string)\nescapeHtml2(s)\nescapeHtml3(value)\nescapeHtml4(s) | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:8:14:8:15 | '' | contextSurroundingFunctionParameters | (string) | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:8:14:8:15 | '' | enclosingFunctionBody | string str string escape html lastIndex 0 index 0 index str length index str charCodeAt index 34 escape " 38 escape & 39 escape ' 60 escape < 62 escape > lastIndex index html str substring lastIndex index lastIndex index 1 html escape lastIndex index html str substring lastIndex index html | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:8:14:8:15 | '' | enclosingFunctionName | escapeHtml1 | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:8:14:8:15 | '' | fileImports | express | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:8:14:8:15 | '' | receiverName | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:8:14:8:15 | '' | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:7:33:45 | html | CalleeFlexibleAccessPath | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:7:33:45 | html | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:7:33:45 | html | InputArgumentIndex | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:7:33:45 | html | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:7:33:45 | html | calleeImports | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:7:33:45 | html | contextFunctionInterfaces | escapeHtml1(string)\nescapeHtml2(s)\nescapeHtml3(value)\nescapeHtml4(s) | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:7:33:45 | html | contextSurroundingFunctionParameters | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:7:33:45 | html | enclosingFunctionBody | string str string escape html lastIndex 0 index 0 index str length index str charCodeAt index 34 escape " 38 escape & 39 escape ' 60 escape < 62 escape > lastIndex index html str substring lastIndex index lastIndex index 1 html escape lastIndex index html str substring lastIndex index html | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:7:33:45 | html | enclosingFunctionName | escapeHtml1 | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:7:33:45 | html | fileImports | express | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:7:33:45 | html | receiverName | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:7:33:45 | html | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:7:33:45 | html += ... index) | CalleeFlexibleAccessPath | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:7:33:45 | html += ... index) | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:7:33:45 | html += ... index) | InputArgumentIndex | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:7:33:45 | html += ... index) | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:7:33:45 | html += ... index) | calleeImports | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:7:33:45 | html += ... index) | contextFunctionInterfaces | escapeHtml1(string)\nescapeHtml2(s)\nescapeHtml3(value)\nescapeHtml4(s) | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:7:33:45 | html += ... index) | contextSurroundingFunctionParameters | (string) | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:7:33:45 | html += ... index) | enclosingFunctionBody | string str string escape html lastIndex 0 index 0 index str length index str charCodeAt index 34 escape " 38 escape & 39 escape ' 60 escape < 62 escape > lastIndex index html str substring lastIndex index lastIndex index 1 html escape lastIndex index html str substring lastIndex index html | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:7:33:45 | html += ... index) | enclosingFunctionName | escapeHtml1 | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:7:33:45 | html += ... index) | fileImports | express | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:7:33:45 | html += ... index) | receiverName | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:7:33:45 | html += ... index) | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:15:33:45 | str.sub ... index) | CalleeFlexibleAccessPath | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:15:33:45 | str.sub ... index) | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:15:33:45 | str.sub ... index) | InputArgumentIndex | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:15:33:45 | str.sub ... index) | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:15:33:45 | str.sub ... index) | calleeImports | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:15:33:45 | str.sub ... index) | contextFunctionInterfaces | escapeHtml1(string)\nescapeHtml2(s)\nescapeHtml3(value)\nescapeHtml4(s) | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:15:33:45 | str.sub ... index) | contextSurroundingFunctionParameters | (string) | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:15:33:45 | str.sub ... index) | enclosingFunctionBody | string str string escape html lastIndex 0 index 0 index str length index str charCodeAt index 34 escape " 38 escape & 39 escape ' 60 escape < 62 escape > lastIndex index html str substring lastIndex index lastIndex index 1 html escape lastIndex index html str substring lastIndex index html | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:15:33:45 | str.sub ... index) | enclosingFunctionName | escapeHtml1 | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:15:33:45 | str.sub ... index) | fileImports | express | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:15:33:45 | str.sub ... index) | receiverName | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:15:33:45 | str.sub ... index) | stringConcatenatedWith | '' -endpoint- | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:29:33:37 | lastIndex | CalleeFlexibleAccessPath | str.substring | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:29:33:37 | lastIndex | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:29:33:37 | lastIndex | InputArgumentIndex | 0 | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:29:33:37 | lastIndex | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:29:33:37 | lastIndex | calleeImports | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:29:33:37 | lastIndex | contextFunctionInterfaces | escapeHtml1(string)\nescapeHtml2(s)\nescapeHtml3(value)\nescapeHtml4(s) | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:29:33:37 | lastIndex | contextSurroundingFunctionParameters | (string) | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:29:33:37 | lastIndex | enclosingFunctionBody | string str string escape html lastIndex 0 index 0 index str length index str charCodeAt index 34 escape " 38 escape & 39 escape ' 60 escape < 62 escape > lastIndex index html str substring lastIndex index lastIndex index 1 html escape lastIndex index html str substring lastIndex index html | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:29:33:37 | lastIndex | enclosingFunctionName | escapeHtml1 | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:29:33:37 | lastIndex | fileImports | express | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:29:33:37 | lastIndex | receiverName | str | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:29:33:37 | lastIndex | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:40:33:44 | index | CalleeFlexibleAccessPath | str.substring | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:40:33:44 | index | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:40:33:44 | index | InputArgumentIndex | 1 | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:40:33:44 | index | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:40:33:44 | index | calleeImports | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:40:33:44 | index | contextFunctionInterfaces | escapeHtml1(string)\nescapeHtml2(s)\nescapeHtml3(value)\nescapeHtml4(s) | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:40:33:44 | index | contextSurroundingFunctionParameters | (string) | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:40:33:44 | index | enclosingFunctionBody | string str string escape html lastIndex 0 index 0 index str length index str charCodeAt index 34 escape " 38 escape & 39 escape ' 60 escape < 62 escape > lastIndex index html str substring lastIndex index lastIndex index 1 html escape lastIndex index html str substring lastIndex index html | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:40:33:44 | index | enclosingFunctionName | escapeHtml1 | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:40:33:44 | index | fileImports | express | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:40:33:44 | index | receiverName | str | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:40:33:44 | index | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:37:5:37:18 | html | CalleeFlexibleAccessPath | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:37:5:37:18 | html | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:37:5:37:18 | html | InputArgumentIndex | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:37:5:37:18 | html | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:37:5:37:18 | html | calleeImports | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:37:5:37:18 | html | contextFunctionInterfaces | escapeHtml1(string)\nescapeHtml2(s)\nescapeHtml3(value)\nescapeHtml4(s) | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:37:5:37:18 | html | contextSurroundingFunctionParameters | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:37:5:37:18 | html | enclosingFunctionBody | string str string escape html lastIndex 0 index 0 index str length index str charCodeAt index 34 escape " 38 escape & 39 escape ' 60 escape < 62 escape > lastIndex index html str substring lastIndex index lastIndex index 1 html escape lastIndex index html str substring lastIndex index html | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:37:5:37:18 | html | enclosingFunctionName | escapeHtml1 | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:37:5:37:18 | html | fileImports | express | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:37:5:37:18 | html | receiverName | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:37:5:37:18 | html | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:37:5:37:18 | html += escape | CalleeFlexibleAccessPath | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:37:5:37:18 | html += escape | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:37:5:37:18 | html += escape | InputArgumentIndex | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:37:5:37:18 | html += escape | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:37:5:37:18 | html += escape | calleeImports | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:37:5:37:18 | html += escape | contextFunctionInterfaces | escapeHtml1(string)\nescapeHtml2(s)\nescapeHtml3(value)\nescapeHtml4(s) | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:37:5:37:18 | html += escape | contextSurroundingFunctionParameters | (string) | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:37:5:37:18 | html += escape | enclosingFunctionBody | string str string escape html lastIndex 0 index 0 index str length index str charCodeAt index 34 escape " 38 escape & 39 escape ' 60 escape < 62 escape > lastIndex index html str substring lastIndex index lastIndex index 1 html escape lastIndex index html str substring lastIndex index html | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:37:5:37:18 | html += escape | enclosingFunctionName | escapeHtml1 | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:37:5:37:18 | html += escape | fileImports | express | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:37:5:37:18 | html += escape | receiverName | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:37:5:37:18 | html += escape | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:37:13:37:18 | escape | CalleeFlexibleAccessPath | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:37:13:37:18 | escape | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:37:13:37:18 | escape | InputArgumentIndex | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:37:13:37:18 | escape | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:37:13:37:18 | escape | calleeImports | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:37:13:37:18 | escape | contextFunctionInterfaces | escapeHtml1(string)\nescapeHtml2(s)\nescapeHtml3(value)\nescapeHtml4(s) | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:37:13:37:18 | escape | contextSurroundingFunctionParameters | (string) | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:37:13:37:18 | escape | enclosingFunctionBody | string str string escape html lastIndex 0 index 0 index str length index str charCodeAt index 34 escape " 38 escape & 39 escape ' 60 escape < 62 escape > lastIndex index html str substring lastIndex index lastIndex index 1 html escape lastIndex index html str substring lastIndex index html | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:37:13:37:18 | escape | enclosingFunctionName | escapeHtml1 | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:37:13:37:18 | escape | fileImports | express | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:37:13:37:18 | escape | receiverName | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:37:13:37:18 | escape | stringConcatenatedWith | '' -endpoint- | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:41:7:41:44 | html + ... index) | CalleeFlexibleAccessPath | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:41:7:41:44 | html + ... index) | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:41:7:41:44 | html + ... index) | InputArgumentIndex | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:41:7:41:44 | html + ... index) | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:41:7:41:44 | html + ... index) | calleeImports | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:41:7:41:44 | html + ... index) | contextFunctionInterfaces | escapeHtml1(string)\nescapeHtml2(s)\nescapeHtml3(value)\nescapeHtml4(s) | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:41:7:41:44 | html + ... index) | contextSurroundingFunctionParameters | (string) | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:41:7:41:44 | html + ... index) | enclosingFunctionBody | string str string escape html lastIndex 0 index 0 index str length index str charCodeAt index 34 escape " 38 escape & 39 escape ' 60 escape < 62 escape > lastIndex index html str substring lastIndex index lastIndex index 1 html escape lastIndex index html str substring lastIndex index html | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:41:7:41:44 | html + ... index) | enclosingFunctionName | escapeHtml1 | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:41:7:41:44 | html + ... index) | fileImports | express | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:41:7:41:44 | html + ... index) | receiverName | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:41:7:41:44 | html + ... index) | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:41:28:41:36 | lastIndex | CalleeFlexibleAccessPath | str.substring | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:41:28:41:36 | lastIndex | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:41:28:41:36 | lastIndex | InputArgumentIndex | 0 | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:41:28:41:36 | lastIndex | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:41:28:41:36 | lastIndex | calleeImports | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:41:28:41:36 | lastIndex | contextFunctionInterfaces | escapeHtml1(string)\nescapeHtml2(s)\nescapeHtml3(value)\nescapeHtml4(s) | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:41:28:41:36 | lastIndex | contextSurroundingFunctionParameters | (string) | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:41:28:41:36 | lastIndex | enclosingFunctionBody | string str string escape html lastIndex 0 index 0 index str length index str charCodeAt index 34 escape " 38 escape & 39 escape ' 60 escape < 62 escape > lastIndex index html str substring lastIndex index lastIndex index 1 html escape lastIndex index html str substring lastIndex index html | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:41:28:41:36 | lastIndex | enclosingFunctionName | escapeHtml1 | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:41:28:41:36 | lastIndex | fileImports | express | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:41:28:41:36 | lastIndex | receiverName | str | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:41:28:41:36 | lastIndex | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:41:39:41:43 | index | CalleeFlexibleAccessPath | str.substring | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:41:39:41:43 | index | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:41:39:41:43 | index | InputArgumentIndex | 1 | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:41:39:41:43 | index | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:41:39:41:43 | index | calleeImports | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:41:39:41:43 | index | contextFunctionInterfaces | escapeHtml1(string)\nescapeHtml2(s)\nescapeHtml3(value)\nescapeHtml4(s) | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:41:39:41:43 | index | contextSurroundingFunctionParameters | (string) | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:41:39:41:43 | index | enclosingFunctionBody | string str string escape html lastIndex 0 index 0 index str length index str charCodeAt index 34 escape " 38 escape & 39 escape ' 60 escape < 62 escape > lastIndex index html str substring lastIndex index lastIndex index 1 html escape lastIndex index html str substring lastIndex index html | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:41:39:41:43 | index | enclosingFunctionName | escapeHtml1 | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:41:39:41:43 | index | fileImports | express | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:41:39:41:43 | index | receiverName | str | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:41:39:41:43 | index | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:77:32:77:32 | 0 | CalleeFlexibleAccessPath | value.substring | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:77:32:77:32 | 0 | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:77:32:77:32 | 0 | InputArgumentIndex | 0 | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:77:32:77:32 | 0 | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:77:32:77:32 | 0 | calleeImports | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:77:32:77:32 | 0 | contextFunctionInterfaces | escapeHtml1(string)\nescapeHtml2(s)\nescapeHtml3(value)\nescapeHtml4(s) | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:77:32:77:32 | 0 | contextSurroundingFunctionParameters | (value) | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:77:32:77:32 | 0 | enclosingFunctionBody | value i 0 XMLChars AMP 38 QUOT 34 LT 60 GT 62 parts value substring 0 i i length ch XMLChars AMP parts push & XMLChars QUOT parts push " XMLChars LT parts push < XMLChars GT parts push > i j i i length ch value charCodeAt i ch XMLChars AMP ch XMLChars QUOT ch XMLChars LT ch XMLChars GT i j i parts push value substring j i parts join | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:77:32:77:32 | 0 | enclosingFunctionName | escapeHtml3 | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:77:32:77:32 | 0 | fileImports | express | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:77:32:77:32 | 0 | receiverName | value | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:77:32:77:32 | 0 | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:77:35:77:35 | i | CalleeFlexibleAccessPath | value.substring | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:77:35:77:35 | i | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:77:35:77:35 | i | InputArgumentIndex | 1 | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:77:35:77:35 | i | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:77:35:77:35 | i | calleeImports | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:77:35:77:35 | i | contextFunctionInterfaces | escapeHtml1(string)\nescapeHtml2(s)\nescapeHtml3(value)\nescapeHtml4(s) | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:77:35:77:35 | i | contextSurroundingFunctionParameters | (value) | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:77:35:77:35 | i | enclosingFunctionBody | value i 0 XMLChars AMP 38 QUOT 34 LT 60 GT 62 parts value substring 0 i i length ch XMLChars AMP parts push & XMLChars QUOT parts push " XMLChars LT parts push < XMLChars GT parts push > i j i i length ch value charCodeAt i ch XMLChars AMP ch XMLChars QUOT ch XMLChars LT ch XMLChars GT i j i parts push value substring j i parts join | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:77:35:77:35 | i | enclosingFunctionName | escapeHtml3 | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:77:35:77:35 | i | fileImports | express | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:77:35:77:35 | i | receiverName | value | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:77:35:77:35 | i | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:96:29:96:29 | i | CalleeFlexibleAccessPath | value.charCodeAt | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:96:29:96:29 | i | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:96:29:96:29 | i | InputArgumentIndex | 0 | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:96:29:96:29 | i | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:96:29:96:29 | i | calleeImports | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:96:29:96:29 | i | contextFunctionInterfaces | escapeHtml1(string)\nescapeHtml2(s)\nescapeHtml3(value)\nescapeHtml4(s) | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:96:29:96:29 | i | contextSurroundingFunctionParameters | (value) | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:96:29:96:29 | i | enclosingFunctionBody | value i 0 XMLChars AMP 38 QUOT 34 LT 60 GT 62 parts value substring 0 i i length ch XMLChars AMP parts push & XMLChars QUOT parts push " XMLChars LT parts push < XMLChars GT parts push > i j i i length ch value charCodeAt i ch XMLChars AMP ch XMLChars QUOT ch XMLChars LT ch XMLChars GT i j i parts push value substring j i parts join | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:96:29:96:29 | i | enclosingFunctionName | escapeHtml3 | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:96:29:96:29 | i | fileImports | express | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:96:29:96:29 | i | receiverName | value | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:96:29:96:29 | i | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:105:34:105:34 | j | CalleeFlexibleAccessPath | value.substring | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:105:34:105:34 | j | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:105:34:105:34 | j | InputArgumentIndex | 0 | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:105:34:105:34 | j | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:105:34:105:34 | j | calleeImports | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:105:34:105:34 | j | contextFunctionInterfaces | escapeHtml1(string)\nescapeHtml2(s)\nescapeHtml3(value)\nescapeHtml4(s) | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:105:34:105:34 | j | contextSurroundingFunctionParameters | (value) | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:105:34:105:34 | j | enclosingFunctionBody | value i 0 XMLChars AMP 38 QUOT 34 LT 60 GT 62 parts value substring 0 i i length ch XMLChars AMP parts push & XMLChars QUOT parts push " XMLChars LT parts push < XMLChars GT parts push > i j i i length ch value charCodeAt i ch XMLChars AMP ch XMLChars QUOT ch XMLChars LT ch XMLChars GT i j i parts push value substring j i parts join | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:105:34:105:34 | j | enclosingFunctionName | escapeHtml3 | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:105:34:105:34 | j | fileImports | express | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:105:34:105:34 | j | receiverName | value | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:105:34:105:34 | j | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:105:37:105:37 | i | CalleeFlexibleAccessPath | value.substring | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:105:37:105:37 | i | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:105:37:105:37 | i | InputArgumentIndex | 1 | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:105:37:105:37 | i | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:105:37:105:37 | i | calleeImports | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:105:37:105:37 | i | contextFunctionInterfaces | escapeHtml1(string)\nescapeHtml2(s)\nescapeHtml3(value)\nescapeHtml4(s) | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:105:37:105:37 | i | contextSurroundingFunctionParameters | (value) | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:105:37:105:37 | i | enclosingFunctionBody | value i 0 XMLChars AMP 38 QUOT 34 LT 60 GT 62 parts value substring 0 i i length ch XMLChars AMP parts push & XMLChars QUOT parts push " XMLChars LT parts push < XMLChars GT parts push > i j i i length ch value charCodeAt i ch XMLChars AMP ch XMLChars QUOT ch XMLChars LT ch XMLChars GT i j i parts push value substring j i parts join | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:105:37:105:37 | i | enclosingFunctionName | escapeHtml3 | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:105:37:105:37 | i | fileImports | express | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:105:37:105:37 | i | receiverName | value | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:105:37:105:37 | i | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:115:23:115:25 | i++ | CalleeFlexibleAccessPath | s.chatAt | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:115:23:115:25 | i++ | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:115:23:115:25 | i++ | InputArgumentIndex | 0 | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:115:23:115:25 | i++ | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:115:23:115:25 | i++ | calleeImports | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:115:23:115:25 | i++ | contextFunctionInterfaces | escapeHtml1(string)\nescapeHtml2(s)\nescapeHtml3(value)\nescapeHtml4(s) | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:115:23:115:25 | i++ | contextSurroundingFunctionParameters | (s) | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:115:23:115:25 | i++ | enclosingFunctionBody | s buf i s length ch s chatAt i ch & buf & < buf < " buf " buf ch buf | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:115:23:115:25 | i++ | enclosingFunctionName | escapeHtml4 | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:115:23:115:25 | i++ | fileImports | express | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:115:23:115:25 | i++ | receiverName | s | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:115:23:115:25 | i++ | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:134:9:134:19 | '/user/:id' | CalleeFlexibleAccessPath | app.get | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:134:9:134:19 | '/user/:id' | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:134:9:134:19 | '/user/:id' | InputArgumentIndex | 0 | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:134:9:134:19 | '/user/:id' | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:134:9:134:19 | '/user/:id' | calleeImports | express | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:134:9:134:19 | '/user/:id' | contextFunctionInterfaces | escapeHtml1(string)\nescapeHtml2(s)\nescapeHtml3(value)\nescapeHtml4(s) | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:134:9:134:19 | '/user/:id' | contextSurroundingFunctionParameters | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:134:9:134:19 | '/user/:id' | enclosingFunctionBody | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:134:9:134:19 | '/user/:id' | enclosingFunctionName | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:134:9:134:19 | '/user/:id' | fileImports | express | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:134:9:134:19 | '/user/:id' | receiverName | app | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:134:9:134:19 | '/user/:id' | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:134:22:141:1 | functio ... // OK\\n} | CalleeFlexibleAccessPath | app.get | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:134:22:141:1 | functio ... // OK\\n} | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:134:22:141:1 | functio ... // OK\\n} | InputArgumentIndex | 1 | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:134:22:141:1 | functio ... // OK\\n} | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:134:22:141:1 | functio ... // OK\\n} | calleeImports | express | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:134:22:141:1 | functio ... // OK\\n} | contextFunctionInterfaces | escapeHtml1(string)\nescapeHtml2(s)\nescapeHtml3(value)\nescapeHtml4(s) | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:134:22:141:1 | functio ... // OK\\n} | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:134:22:141:1 | functio ... // OK\\n} | enclosingFunctionBody | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:134:22:141:1 | functio ... // OK\\n} | enclosingFunctionName | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:134:22:141:1 | functio ... // OK\\n} | fileImports | express | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:134:22:141:1 | functio ... // OK\\n} | receiverName | app | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:134:22:141:1 | functio ... // OK\\n} | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:1:22:1:34 | 'escape-html' | CalleeFlexibleAccessPath | require | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:1:22:1:34 | 'escape-html' | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:1:22:1:34 | 'escape-html' | InputArgumentIndex | 0 | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:1:22:1:34 | 'escape-html' | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:1:22:1:34 | 'escape-html' | calleeImports | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:1:22:1:34 | 'escape-html' | contextFunctionInterfaces | escapeHtml1(str)\nescapeHtml2(string)\ntextContentType() | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:1:22:1:34 | 'escape-html' | contextSurroundingFunctionParameters | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:1:22:1:34 | 'escape-html' | enclosingFunctionBody | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:1:22:1:34 | 'escape-html' | enclosingFunctionName | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:1:22:1:34 | 'escape-html' | fileImports | escape-html express | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:1:22:1:34 | 'escape-html' | receiverName | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:1:22:1:34 | 'escape-html' | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:2:23:2:31 | 'express' | CalleeFlexibleAccessPath | require | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:2:23:2:31 | 'express' | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:2:23:2:31 | 'express' | InputArgumentIndex | 0 | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:2:23:2:31 | 'express' | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:2:23:2:31 | 'express' | calleeImports | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:2:23:2:31 | 'express' | contextFunctionInterfaces | escapeHtml1(str)\nescapeHtml2(string)\ntextContentType() | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:2:23:2:31 | 'express' | contextSurroundingFunctionParameters | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:2:23:2:31 | 'express' | enclosingFunctionBody | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:2:23:2:31 | 'express' | enclosingFunctionName | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:2:23:2:31 | 'express' | fileImports | escape-html express | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:2:23:2:31 | 'express' | receiverName | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:2:23:2:31 | 'express' | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:6:9:6:19 | '/user/:id' | CalleeFlexibleAccessPath | app.get | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:6:9:6:19 | '/user/:id' | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:6:9:6:19 | '/user/:id' | InputArgumentIndex | 0 | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:6:9:6:19 | '/user/:id' | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:6:9:6:19 | '/user/:id' | calleeImports | express | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:6:9:6:19 | '/user/:id' | contextFunctionInterfaces | escapeHtml1(str)\nescapeHtml2(string)\ntextContentType() | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:6:9:6:19 | '/user/:id' | contextSurroundingFunctionParameters | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:6:9:6:19 | '/user/:id' | enclosingFunctionBody | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:6:9:6:19 | '/user/:id' | enclosingFunctionName | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:6:9:6:19 | '/user/:id' | fileImports | escape-html express | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:6:9:6:19 | '/user/:id' | receiverName | app | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:6:9:6:19 | '/user/:id' | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:6:22:13:1 | functio ... ;\\n} | CalleeFlexibleAccessPath | app.get | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:6:22:13:1 | functio ... ;\\n} | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:6:22:13:1 | functio ... ;\\n} | InputArgumentIndex | 1 | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:6:22:13:1 | functio ... ;\\n} | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:6:22:13:1 | functio ... ;\\n} | calleeImports | express | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:6:22:13:1 | functio ... ;\\n} | contextFunctionInterfaces | escapeHtml1(str)\nescapeHtml2(string)\ntextContentType() | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:6:22:13:1 | functio ... ;\\n} | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:6:22:13:1 | functio ... ;\\n} | enclosingFunctionBody | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:6:22:13:1 | functio ... ;\\n} | enclosingFunctionName | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:6:22:13:1 | functio ... ;\\n} | fileImports | escape-html express | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:6:22:13:1 | functio ... ;\\n} | receiverName | app | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:6:22:13:1 | functio ... ;\\n} | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:16:9:16:19 | '/user/:id' | CalleeFlexibleAccessPath | app.get | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:16:9:16:19 | '/user/:id' | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:16:9:16:19 | '/user/:id' | InputArgumentIndex | 0 | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:16:9:16:19 | '/user/:id' | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:16:9:16:19 | '/user/:id' | calleeImports | express | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:16:9:16:19 | '/user/:id' | contextFunctionInterfaces | escapeHtml1(str)\nescapeHtml2(string)\ntextContentType() | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:16:9:16:19 | '/user/:id' | contextSurroundingFunctionParameters | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:16:9:16:19 | '/user/:id' | enclosingFunctionBody | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:16:9:16:19 | '/user/:id' | enclosingFunctionName | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:16:9:16:19 | '/user/:id' | fileImports | escape-html express | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:16:9:16:19 | '/user/:id' | receiverName | app | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:16:9:16:19 | '/user/:id' | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:16:22:20:1 | functio ... d });\\n} | CalleeFlexibleAccessPath | app.get | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:16:22:20:1 | functio ... d });\\n} | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:16:22:20:1 | functio ... d });\\n} | InputArgumentIndex | 1 | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:16:22:20:1 | functio ... d });\\n} | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:16:22:20:1 | functio ... d });\\n} | calleeImports | express | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:16:22:20:1 | functio ... d });\\n} | contextFunctionInterfaces | escapeHtml1(str)\nescapeHtml2(string)\ntextContentType() | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:16:22:20:1 | functio ... d });\\n} | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:16:22:20:1 | functio ... d });\\n} | enclosingFunctionBody | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:16:22:20:1 | functio ... d });\\n} | enclosingFunctionName | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:16:22:20:1 | functio ... d });\\n} | fileImports | escape-html express | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:16:22:20:1 | functio ... d });\\n} | receiverName | app | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:16:22:20:1 | functio ... d });\\n} | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:19:16:19:36 | invalid ... emplate | CalleeFlexibleAccessPath | res.render | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:19:16:19:36 | invalid ... emplate | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:19:16:19:36 | invalid ... emplate | InputArgumentIndex | 0 | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:19:16:19:36 | invalid ... emplate | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:19:16:19:36 | invalid ... emplate | calleeImports | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:19:16:19:36 | invalid ... emplate | contextFunctionInterfaces | escapeHtml1(str)\nescapeHtml2(string)\ntextContentType() | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:19:16:19:36 | invalid ... emplate | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:19:16:19:36 | invalid ... emplate | enclosingFunctionBody | req res isValidUserId req params id res render invalidUserIdTemplate id req params id | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:19:16:19:36 | invalid ... emplate | enclosingFunctionName | app.get#functionalargument | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:19:16:19:36 | invalid ... emplate | fileImports | escape-html express | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:19:16:19:36 | invalid ... emplate | receiverName | res | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:19:16:19:36 | invalid ... emplate | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:19:45:19:57 | req.params.id | CalleeFlexibleAccessPath | res.render | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:19:45:19:57 | req.params.id | InputAccessPathFromCallee | 1.id | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:19:45:19:57 | req.params.id | InputArgumentIndex | 1 | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:19:45:19:57 | req.params.id | assignedToPropName | id | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:19:45:19:57 | req.params.id | calleeImports | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:19:45:19:57 | req.params.id | contextFunctionInterfaces | escapeHtml1(str)\nescapeHtml2(string)\ntextContentType() | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:19:45:19:57 | req.params.id | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:19:45:19:57 | req.params.id | enclosingFunctionBody | req res isValidUserId req params id res render invalidUserIdTemplate id req params id | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:19:45:19:57 | req.params.id | enclosingFunctionName | app.get#functionalargument | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:19:45:19:57 | req.params.id | fileImports | escape-html express | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:19:45:19:57 | req.params.id | receiverName | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:19:45:19:57 | req.params.id | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:22:9:22:19 | '/user/:id' | CalleeFlexibleAccessPath | app.get | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:22:9:22:19 | '/user/:id' | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:22:9:22:19 | '/user/:id' | InputArgumentIndex | 0 | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:22:9:22:19 | '/user/:id' | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:22:9:22:19 | '/user/:id' | calleeImports | express | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:22:9:22:19 | '/user/:id' | contextFunctionInterfaces | escapeHtml1(str)\nescapeHtml2(string)\ntextContentType() | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:22:9:22:19 | '/user/:id' | contextSurroundingFunctionParameters | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:22:9:22:19 | '/user/:id' | enclosingFunctionBody | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:22:9:22:19 | '/user/:id' | enclosingFunctionName | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:22:9:22:19 | '/user/:id' | fileImports | escape-html express | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:22:9:22:19 | '/user/:id' | receiverName | app | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:22:9:22:19 | '/user/:id' | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:22:22:30:1 | functio ... ;\\n} | CalleeFlexibleAccessPath | app.get | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:22:22:30:1 | functio ... ;\\n} | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:22:22:30:1 | functio ... ;\\n} | InputArgumentIndex | 1 | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:22:22:30:1 | functio ... ;\\n} | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:22:22:30:1 | functio ... ;\\n} | calleeImports | express | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:22:22:30:1 | functio ... ;\\n} | contextFunctionInterfaces | escapeHtml1(str)\nescapeHtml2(string)\ntextContentType() | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:22:22:30:1 | functio ... ;\\n} | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:22:22:30:1 | functio ... ;\\n} | enclosingFunctionBody | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:22:22:30:1 | functio ... ;\\n} | enclosingFunctionName | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:22:22:30:1 | functio ... ;\\n} | fileImports | escape-html express | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:22:22:30:1 | functio ... ;\\n} | receiverName | app | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:22:22:30:1 | functio ... ;\\n} | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:25:13:25:26 | 'Content-Type' | CalleeFlexibleAccessPath | res.set | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:25:13:25:26 | 'Content-Type' | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:25:13:25:26 | 'Content-Type' | InputArgumentIndex | 0 | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:25:13:25:26 | 'Content-Type' | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:25:13:25:26 | 'Content-Type' | calleeImports | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:25:13:25:26 | 'Content-Type' | contextFunctionInterfaces | escapeHtml1(str)\nescapeHtml2(string)\ntextContentType() | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:25:13:25:26 | 'Content-Type' | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:25:13:25:26 | 'Content-Type' | enclosingFunctionBody | req res isValidUserId req params id res set Content-Type text/plain res send Unknown user: req params id | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:25:13:25:26 | 'Content-Type' | enclosingFunctionName | app.get#functionalargument | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:25:13:25:26 | 'Content-Type' | fileImports | escape-html express | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:25:13:25:26 | 'Content-Type' | receiverName | res | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:25:13:25:26 | 'Content-Type' | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:25:29:25:40 | 'text/plain' | CalleeFlexibleAccessPath | res.set | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:25:29:25:40 | 'text/plain' | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:25:29:25:40 | 'text/plain' | InputArgumentIndex | 1 | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:25:29:25:40 | 'text/plain' | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:25:29:25:40 | 'text/plain' | calleeImports | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:25:29:25:40 | 'text/plain' | contextFunctionInterfaces | escapeHtml1(str)\nescapeHtml2(string)\ntextContentType() | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:25:29:25:40 | 'text/plain' | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:25:29:25:40 | 'text/plain' | enclosingFunctionBody | req res isValidUserId req params id res set Content-Type text/plain res send Unknown user: req params id | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:25:29:25:40 | 'text/plain' | enclosingFunctionName | app.get#functionalargument | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:25:29:25:40 | 'text/plain' | fileImports | escape-html express | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:25:29:25:40 | 'text/plain' | receiverName | res | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:25:29:25:40 | 'text/plain' | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:36:9:36:19 | '/user/:id' | CalleeFlexibleAccessPath | app.get | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:36:9:36:19 | '/user/:id' | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:36:9:36:19 | '/user/:id' | InputArgumentIndex | 0 | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:36:9:36:19 | '/user/:id' | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:36:9:36:19 | '/user/:id' | calleeImports | express | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:36:9:36:19 | '/user/:id' | contextFunctionInterfaces | escapeHtml1(str)\nescapeHtml2(string)\ntextContentType() | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:36:9:36:19 | '/user/:id' | contextSurroundingFunctionParameters | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:36:9:36:19 | '/user/:id' | enclosingFunctionBody | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:36:9:36:19 | '/user/:id' | enclosingFunctionName | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:36:9:36:19 | '/user/:id' | fileImports | escape-html express | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:36:9:36:19 | '/user/:id' | receiverName | app | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:36:9:36:19 | '/user/:id' | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:36:22:44:1 | functio ... ;\\n} | CalleeFlexibleAccessPath | app.get | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:36:22:44:1 | functio ... ;\\n} | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:36:22:44:1 | functio ... ;\\n} | InputArgumentIndex | 1 | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:36:22:44:1 | functio ... ;\\n} | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:36:22:44:1 | functio ... ;\\n} | calleeImports | express | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:36:22:44:1 | functio ... ;\\n} | contextFunctionInterfaces | escapeHtml1(str)\nescapeHtml2(string)\ntextContentType() | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:36:22:44:1 | functio ... ;\\n} | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:36:22:44:1 | functio ... ;\\n} | enclosingFunctionBody | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:36:22:44:1 | functio ... ;\\n} | enclosingFunctionName | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:36:22:44:1 | functio ... ;\\n} | fileImports | escape-html express | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:36:22:44:1 | functio ... ;\\n} | receiverName | app | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:36:22:44:1 | functio ... ;\\n} | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:39:13:39:26 | 'Content-Type' | CalleeFlexibleAccessPath | res.set | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:39:13:39:26 | 'Content-Type' | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:39:13:39:26 | 'Content-Type' | InputArgumentIndex | 0 | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:39:13:39:26 | 'Content-Type' | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:39:13:39:26 | 'Content-Type' | calleeImports | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:39:13:39:26 | 'Content-Type' | contextFunctionInterfaces | escapeHtml1(str)\nescapeHtml2(string)\ntextContentType() | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:39:13:39:26 | 'Content-Type' | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:39:13:39:26 | 'Content-Type' | enclosingFunctionBody | req res isValidUserId req params id res set Content-Type textContentType res send Unknown user: req params id | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:39:13:39:26 | 'Content-Type' | enclosingFunctionName | app.get#functionalargument | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:39:13:39:26 | 'Content-Type' | fileImports | escape-html express | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:39:13:39:26 | 'Content-Type' | receiverName | res | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:39:13:39:26 | 'Content-Type' | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:39:29:39:45 | textContentType() | CalleeFlexibleAccessPath | res.set | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:39:29:39:45 | textContentType() | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:39:29:39:45 | textContentType() | InputArgumentIndex | 1 | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:39:29:39:45 | textContentType() | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:39:29:39:45 | textContentType() | calleeImports | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:39:29:39:45 | textContentType() | contextFunctionInterfaces | escapeHtml1(str)\nescapeHtml2(string)\ntextContentType() | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:39:29:39:45 | textContentType() | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:39:29:39:45 | textContentType() | enclosingFunctionBody | req res isValidUserId req params id res set Content-Type textContentType res send Unknown user: req params id | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:39:29:39:45 | textContentType() | enclosingFunctionName | app.get#functionalargument | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:39:29:39:45 | textContentType() | fileImports | escape-html express | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:39:29:39:45 | textContentType() | receiverName | res | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:39:29:39:45 | textContentType() | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:46:9:46:15 | '/echo' | CalleeFlexibleAccessPath | app.get | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:46:9:46:15 | '/echo' | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:46:9:46:15 | '/echo' | InputArgumentIndex | 0 | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:46:9:46:15 | '/echo' | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:46:9:46:15 | '/echo' | calleeImports | express | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:46:9:46:15 | '/echo' | contextFunctionInterfaces | escapeHtml1(str)\nescapeHtml2(string)\ntextContentType() | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:46:9:46:15 | '/echo' | contextSurroundingFunctionParameters | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:46:9:46:15 | '/echo' | enclosingFunctionBody | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:46:9:46:15 | '/echo' | enclosingFunctionName | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:46:9:46:15 | '/echo' | fileImports | escape-html express | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:46:9:46:15 | '/echo' | receiverName | app | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:46:9:46:15 | '/echo' | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:46:18:51:1 | functio ... msg);\\n} | CalleeFlexibleAccessPath | app.get | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:46:18:51:1 | functio ... msg);\\n} | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:46:18:51:1 | functio ... msg);\\n} | InputArgumentIndex | 1 | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:46:18:51:1 | functio ... msg);\\n} | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:46:18:51:1 | functio ... msg);\\n} | calleeImports | express | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:46:18:51:1 | functio ... msg);\\n} | contextFunctionInterfaces | escapeHtml1(str)\nescapeHtml2(string)\ntextContentType() | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:46:18:51:1 | functio ... msg);\\n} | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:46:18:51:1 | functio ... msg);\\n} | enclosingFunctionBody | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:46:18:51:1 | functio ... msg);\\n} | enclosingFunctionName | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:46:18:51:1 | functio ... msg);\\n} | fileImports | escape-html express | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:46:18:51:1 | functio ... msg);\\n} | receiverName | app | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:46:18:51:1 | functio ... msg);\\n} | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:48:16:48:29 | 'Content-Type' | CalleeFlexibleAccessPath | res.setHeader | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:48:16:48:29 | 'Content-Type' | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:48:16:48:29 | 'Content-Type' | InputArgumentIndex | 0 | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:48:16:48:29 | 'Content-Type' | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:48:16:48:29 | 'Content-Type' | calleeImports | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:48:16:48:29 | 'Content-Type' | contextFunctionInterfaces | escapeHtml1(str)\nescapeHtml2(string)\ntextContentType() | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:48:16:48:29 | 'Content-Type' | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:48:16:48:29 | 'Content-Type' | enclosingFunctionBody | req res msg req params msg res setHeader Content-Type application/json res setHeader Content-Length msg length res end msg | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:48:16:48:29 | 'Content-Type' | enclosingFunctionName | app.get#functionalargument | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:48:16:48:29 | 'Content-Type' | fileImports | escape-html express | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:48:16:48:29 | 'Content-Type' | receiverName | res | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:48:16:48:29 | 'Content-Type' | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:48:32:48:49 | 'application/json' | CalleeFlexibleAccessPath | res.setHeader | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:48:32:48:49 | 'application/json' | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:48:32:48:49 | 'application/json' | InputArgumentIndex | 1 | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:48:32:48:49 | 'application/json' | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:48:32:48:49 | 'application/json' | calleeImports | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:48:32:48:49 | 'application/json' | contextFunctionInterfaces | escapeHtml1(str)\nescapeHtml2(string)\ntextContentType() | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:48:32:48:49 | 'application/json' | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:48:32:48:49 | 'application/json' | enclosingFunctionBody | req res msg req params msg res setHeader Content-Type application/json res setHeader Content-Length msg length res end msg | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:48:32:48:49 | 'application/json' | enclosingFunctionName | app.get#functionalargument | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:48:32:48:49 | 'application/json' | fileImports | escape-html express | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:48:32:48:49 | 'application/json' | receiverName | res | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:48:32:48:49 | 'application/json' | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:49:16:49:31 | 'Content-Length' | CalleeFlexibleAccessPath | res.setHeader | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:49:16:49:31 | 'Content-Length' | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:49:16:49:31 | 'Content-Length' | InputArgumentIndex | 0 | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:49:16:49:31 | 'Content-Length' | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:49:16:49:31 | 'Content-Length' | calleeImports | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:49:16:49:31 | 'Content-Length' | contextFunctionInterfaces | escapeHtml1(str)\nescapeHtml2(string)\ntextContentType() | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:49:16:49:31 | 'Content-Length' | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:49:16:49:31 | 'Content-Length' | enclosingFunctionBody | req res msg req params msg res setHeader Content-Type application/json res setHeader Content-Length msg length res end msg | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:49:16:49:31 | 'Content-Length' | enclosingFunctionName | app.get#functionalargument | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:49:16:49:31 | 'Content-Length' | fileImports | escape-html express | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:49:16:49:31 | 'Content-Length' | receiverName | res | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:49:16:49:31 | 'Content-Length' | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:49:34:49:43 | msg.length | CalleeFlexibleAccessPath | res.setHeader | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:49:34:49:43 | msg.length | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:49:34:49:43 | msg.length | InputArgumentIndex | 1 | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:49:34:49:43 | msg.length | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:49:34:49:43 | msg.length | calleeImports | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:49:34:49:43 | msg.length | contextFunctionInterfaces | escapeHtml1(str)\nescapeHtml2(string)\ntextContentType() | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:49:34:49:43 | msg.length | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:49:34:49:43 | msg.length | enclosingFunctionBody | req res msg req params msg res setHeader Content-Type application/json res setHeader Content-Length msg length res end msg | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:49:34:49:43 | msg.length | enclosingFunctionName | app.get#functionalargument | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:49:34:49:43 | msg.length | fileImports | escape-html express | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:49:34:49:43 | msg.length | receiverName | res | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:49:34:49:43 | msg.length | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:53:9:53:19 | '/user/:id' | CalleeFlexibleAccessPath | app.get | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:53:9:53:19 | '/user/:id' | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:53:9:53:19 | '/user/:id' | InputArgumentIndex | 0 | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:53:9:53:19 | '/user/:id' | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:53:9:53:19 | '/user/:id' | calleeImports | express | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:53:9:53:19 | '/user/:id' | contextFunctionInterfaces | escapeHtml1(str)\nescapeHtml2(string)\ntextContentType() | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:53:9:53:19 | '/user/:id' | contextSurroundingFunctionParameters | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:53:9:53:19 | '/user/:id' | enclosingFunctionBody | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:53:9:53:19 | '/user/:id' | enclosingFunctionName | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:53:9:53:19 | '/user/:id' | fileImports | escape-html express | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:53:9:53:19 | '/user/:id' | receiverName | app | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:53:9:53:19 | '/user/:id' | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:53:22:58:1 | functio ... K\\n }\\n} | CalleeFlexibleAccessPath | app.get | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:53:22:58:1 | functio ... K\\n }\\n} | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:53:22:58:1 | functio ... K\\n }\\n} | InputArgumentIndex | 1 | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:53:22:58:1 | functio ... K\\n }\\n} | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:53:22:58:1 | functio ... K\\n }\\n} | calleeImports | express | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:53:22:58:1 | functio ... K\\n }\\n} | contextFunctionInterfaces | escapeHtml1(str)\nescapeHtml2(string)\ntextContentType() | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:53:22:58:1 | functio ... K\\n }\\n} | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:53:22:58:1 | functio ... K\\n }\\n} | enclosingFunctionBody | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:53:22:58:1 | functio ... K\\n }\\n} | enclosingFunctionName | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:53:22:58:1 | functio ... K\\n }\\n} | fileImports | escape-html express | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:53:22:58:1 | functio ... K\\n }\\n} | receiverName | app | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:53:22:58:1 | functio ... K\\n }\\n} | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:55:23:55:25 | url | CalleeFlexibleAccessPath | ?.exec | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:55:23:55:25 | url | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:55:23:55:25 | url | InputArgumentIndex | 0 | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:55:23:55:25 | url | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:55:23:55:25 | url | calleeImports | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:55:23:55:25 | url | contextFunctionInterfaces | escapeHtml1(str)\nescapeHtml2(string)\ntextContentType() | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:55:23:55:25 | url | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:55:23:55:25 | url | enclosingFunctionBody | req res url req params id /["'&<>]/ exec url res send url | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:55:23:55:25 | url | enclosingFunctionName | app.get#functionalargument | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:55:23:55:25 | url | fileImports | escape-html express | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:55:23:55:25 | url | receiverName | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:55:23:55:25 | url | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:61:23:61:25 | str | CalleeFlexibleAccessPath | ?.exec | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:61:23:61:25 | str | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:61:23:61:25 | str | InputArgumentIndex | 0 | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:61:23:61:25 | str | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:61:23:61:25 | str | calleeImports | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:61:23:61:25 | str | contextFunctionInterfaces | escapeHtml1(str)\nescapeHtml2(string)\ntextContentType() | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:61:23:61:25 | str | contextSurroundingFunctionParameters | (str) | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:61:23:61:25 | str | enclosingFunctionBody | str /["'&<>]/ exec str str | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:61:23:61:25 | str | enclosingFunctionName | escapeHtml1 | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:61:23:61:25 | str | fileImports | escape-html express | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:61:23:61:25 | str | receiverName | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:61:23:61:25 | str | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:66:9:66:19 | '/user/:id' | CalleeFlexibleAccessPath | app.get | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:66:9:66:19 | '/user/:id' | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:66:9:66:19 | '/user/:id' | InputArgumentIndex | 0 | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:66:9:66:19 | '/user/:id' | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:66:9:66:19 | '/user/:id' | calleeImports | express | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:66:9:66:19 | '/user/:id' | contextFunctionInterfaces | escapeHtml1(str)\nescapeHtml2(string)\ntextContentType() | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:66:9:66:19 | '/user/:id' | contextSurroundingFunctionParameters | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:66:9:66:19 | '/user/:id' | enclosingFunctionBody | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:66:9:66:19 | '/user/:id' | enclosingFunctionName | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:66:9:66:19 | '/user/:id' | fileImports | escape-html express | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:66:9:66:19 | '/user/:id' | receiverName | app | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:66:9:66:19 | '/user/:id' | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:66:22:70:1 | functio ... // OK\\n} | CalleeFlexibleAccessPath | app.get | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:66:22:70:1 | functio ... // OK\\n} | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:66:22:70:1 | functio ... // OK\\n} | InputArgumentIndex | 1 | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:66:22:70:1 | functio ... // OK\\n} | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:66:22:70:1 | functio ... // OK\\n} | calleeImports | express | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:66:22:70:1 | functio ... // OK\\n} | contextFunctionInterfaces | escapeHtml1(str)\nescapeHtml2(string)\ntextContentType() | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:66:22:70:1 | functio ... // OK\\n} | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:66:22:70:1 | functio ... // OK\\n} | enclosingFunctionBody | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:66:22:70:1 | functio ... // OK\\n} | enclosingFunctionName | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:66:22:70:1 | functio ... // OK\\n} | fileImports | escape-html express | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:66:22:70:1 | functio ... // OK\\n} | receiverName | app | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:66:22:70:1 | functio ... // OK\\n} | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:82:9:82:19 | '/user/:id' | CalleeFlexibleAccessPath | app.get | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:82:9:82:19 | '/user/:id' | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:82:9:82:19 | '/user/:id' | InputArgumentIndex | 0 | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:82:9:82:19 | '/user/:id' | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:82:9:82:19 | '/user/:id' | calleeImports | express | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:82:9:82:19 | '/user/:id' | contextFunctionInterfaces | escapeHtml1(str)\nescapeHtml2(string)\ntextContentType() | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:82:9:82:19 | '/user/:id' | contextSurroundingFunctionParameters | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:82:9:82:19 | '/user/:id' | enclosingFunctionBody | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:82:9:82:19 | '/user/:id' | enclosingFunctionName | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:82:9:82:19 | '/user/:id' | fileImports | escape-html express | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:82:9:82:19 | '/user/:id' | receiverName | app | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:82:9:82:19 | '/user/:id' | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:82:22:86:1 | functio ... // OK\\n} | CalleeFlexibleAccessPath | app.get | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:82:22:86:1 | functio ... // OK\\n} | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:82:22:86:1 | functio ... // OK\\n} | InputArgumentIndex | 1 | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:82:22:86:1 | functio ... // OK\\n} | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:82:22:86:1 | functio ... // OK\\n} | calleeImports | express | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:82:22:86:1 | functio ... // OK\\n} | contextFunctionInterfaces | escapeHtml1(str)\nescapeHtml2(string)\ntextContentType() | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:82:22:86:1 | functio ... // OK\\n} | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:82:22:86:1 | functio ... // OK\\n} | enclosingFunctionBody | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:82:22:86:1 | functio ... // OK\\n} | enclosingFunctionName | | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:82:22:86:1 | functio ... // OK\\n} | fileImports | escape-html express | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:82:22:86:1 | functio ... // OK\\n} | receiverName | app | -| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:82:22:86:1 | functio ... // OK\\n} | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/cookies.js:1:23:1:31 | 'express' | CalleeFlexibleAccessPath | require | -| autogenerated/Xss/ReflectedXss/cookies.js:1:23:1:31 | 'express' | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/cookies.js:1:23:1:31 | 'express' | InputArgumentIndex | 0 | -| autogenerated/Xss/ReflectedXss/cookies.js:1:23:1:31 | 'express' | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/cookies.js:1:23:1:31 | 'express' | calleeImports | | -| autogenerated/Xss/ReflectedXss/cookies.js:1:23:1:31 | 'express' | contextFunctionInterfaces | | -| autogenerated/Xss/ReflectedXss/cookies.js:1:23:1:31 | 'express' | contextSurroundingFunctionParameters | | -| autogenerated/Xss/ReflectedXss/cookies.js:1:23:1:31 | 'express' | enclosingFunctionBody | | -| autogenerated/Xss/ReflectedXss/cookies.js:1:23:1:31 | 'express' | enclosingFunctionName | | -| autogenerated/Xss/ReflectedXss/cookies.js:1:23:1:31 | 'express' | fileImports | cookie-parser express | -| autogenerated/Xss/ReflectedXss/cookies.js:1:23:1:31 | 'express' | receiverName | | -| autogenerated/Xss/ReflectedXss/cookies.js:1:23:1:31 | 'express' | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/cookies.js:2:28:2:42 | 'cookie-parser' | CalleeFlexibleAccessPath | require | -| autogenerated/Xss/ReflectedXss/cookies.js:2:28:2:42 | 'cookie-parser' | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/cookies.js:2:28:2:42 | 'cookie-parser' | InputArgumentIndex | 0 | -| autogenerated/Xss/ReflectedXss/cookies.js:2:28:2:42 | 'cookie-parser' | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/cookies.js:2:28:2:42 | 'cookie-parser' | calleeImports | | -| autogenerated/Xss/ReflectedXss/cookies.js:2:28:2:42 | 'cookie-parser' | contextFunctionInterfaces | | -| autogenerated/Xss/ReflectedXss/cookies.js:2:28:2:42 | 'cookie-parser' | contextSurroundingFunctionParameters | | -| autogenerated/Xss/ReflectedXss/cookies.js:2:28:2:42 | 'cookie-parser' | enclosingFunctionBody | | -| autogenerated/Xss/ReflectedXss/cookies.js:2:28:2:42 | 'cookie-parser' | enclosingFunctionName | | -| autogenerated/Xss/ReflectedXss/cookies.js:2:28:2:42 | 'cookie-parser' | fileImports | cookie-parser express | -| autogenerated/Xss/ReflectedXss/cookies.js:2:28:2:42 | 'cookie-parser' | receiverName | | -| autogenerated/Xss/ReflectedXss/cookies.js:2:28:2:42 | 'cookie-parser' | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/cookies.js:5:9:5:22 | cookieParser() | CalleeFlexibleAccessPath | app.use | -| autogenerated/Xss/ReflectedXss/cookies.js:5:9:5:22 | cookieParser() | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/cookies.js:5:9:5:22 | cookieParser() | InputArgumentIndex | 0 | -| autogenerated/Xss/ReflectedXss/cookies.js:5:9:5:22 | cookieParser() | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/cookies.js:5:9:5:22 | cookieParser() | calleeImports | express | -| autogenerated/Xss/ReflectedXss/cookies.js:5:9:5:22 | cookieParser() | contextFunctionInterfaces | | -| autogenerated/Xss/ReflectedXss/cookies.js:5:9:5:22 | cookieParser() | contextSurroundingFunctionParameters | | -| autogenerated/Xss/ReflectedXss/cookies.js:5:9:5:22 | cookieParser() | enclosingFunctionBody | | -| autogenerated/Xss/ReflectedXss/cookies.js:5:9:5:22 | cookieParser() | enclosingFunctionName | | -| autogenerated/Xss/ReflectedXss/cookies.js:5:9:5:22 | cookieParser() | fileImports | cookie-parser express | -| autogenerated/Xss/ReflectedXss/cookies.js:5:9:5:22 | cookieParser() | receiverName | app | -| autogenerated/Xss/ReflectedXss/cookies.js:5:9:5:22 | cookieParser() | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/cookies.js:7:9:7:23 | '/cookie/:name' | CalleeFlexibleAccessPath | app.get | -| autogenerated/Xss/ReflectedXss/cookies.js:7:9:7:23 | '/cookie/:name' | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/cookies.js:7:9:7:23 | '/cookie/:name' | InputArgumentIndex | 0 | -| autogenerated/Xss/ReflectedXss/cookies.js:7:9:7:23 | '/cookie/:name' | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/cookies.js:7:9:7:23 | '/cookie/:name' | calleeImports | express | -| autogenerated/Xss/ReflectedXss/cookies.js:7:9:7:23 | '/cookie/:name' | contextFunctionInterfaces | | -| autogenerated/Xss/ReflectedXss/cookies.js:7:9:7:23 | '/cookie/:name' | contextSurroundingFunctionParameters | | -| autogenerated/Xss/ReflectedXss/cookies.js:7:9:7:23 | '/cookie/:name' | enclosingFunctionBody | | -| autogenerated/Xss/ReflectedXss/cookies.js:7:9:7:23 | '/cookie/:name' | enclosingFunctionName | | -| autogenerated/Xss/ReflectedXss/cookies.js:7:9:7:23 | '/cookie/:name' | fileImports | cookie-parser express | -| autogenerated/Xss/ReflectedXss/cookies.js:7:9:7:23 | '/cookie/:name' | receiverName | app | -| autogenerated/Xss/ReflectedXss/cookies.js:7:9:7:23 | '/cookie/:name' | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/cookies.js:7:26:10:1 | functio ... me]);\\n} | CalleeFlexibleAccessPath | app.get | -| autogenerated/Xss/ReflectedXss/cookies.js:7:26:10:1 | functio ... me]);\\n} | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/cookies.js:7:26:10:1 | functio ... me]);\\n} | InputArgumentIndex | 1 | -| autogenerated/Xss/ReflectedXss/cookies.js:7:26:10:1 | functio ... me]);\\n} | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/cookies.js:7:26:10:1 | functio ... me]);\\n} | calleeImports | express | -| autogenerated/Xss/ReflectedXss/cookies.js:7:26:10:1 | functio ... me]);\\n} | contextFunctionInterfaces | | -| autogenerated/Xss/ReflectedXss/cookies.js:7:26:10:1 | functio ... me]);\\n} | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/Xss/ReflectedXss/cookies.js:7:26:10:1 | functio ... me]);\\n} | enclosingFunctionBody | | -| autogenerated/Xss/ReflectedXss/cookies.js:7:26:10:1 | functio ... me]);\\n} | enclosingFunctionName | | -| autogenerated/Xss/ReflectedXss/cookies.js:7:26:10:1 | functio ... me]);\\n} | fileImports | cookie-parser express | -| autogenerated/Xss/ReflectedXss/cookies.js:7:26:10:1 | functio ... me]);\\n} | receiverName | app | -| autogenerated/Xss/ReflectedXss/cookies.js:7:26:10:1 | functio ... me]);\\n} | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/etherpad.js:1:23:1:31 | 'express' | CalleeFlexibleAccessPath | require | -| autogenerated/Xss/ReflectedXss/etherpad.js:1:23:1:31 | 'express' | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/etherpad.js:1:23:1:31 | 'express' | InputArgumentIndex | 0 | -| autogenerated/Xss/ReflectedXss/etherpad.js:1:23:1:31 | 'express' | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/etherpad.js:1:23:1:31 | 'express' | calleeImports | | -| autogenerated/Xss/ReflectedXss/etherpad.js:1:23:1:31 | 'express' | contextFunctionInterfaces | | -| autogenerated/Xss/ReflectedXss/etherpad.js:1:23:1:31 | 'express' | contextSurroundingFunctionParameters | | -| autogenerated/Xss/ReflectedXss/etherpad.js:1:23:1:31 | 'express' | enclosingFunctionBody | | -| autogenerated/Xss/ReflectedXss/etherpad.js:1:23:1:31 | 'express' | enclosingFunctionName | | -| autogenerated/Xss/ReflectedXss/etherpad.js:1:23:1:31 | 'express' | fileImports | express is-var-name | -| autogenerated/Xss/ReflectedXss/etherpad.js:1:23:1:31 | 'express' | receiverName | | -| autogenerated/Xss/ReflectedXss/etherpad.js:1:23:1:31 | 'express' | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/etherpad.js:2:25:2:37 | 'is-var-name' | CalleeFlexibleAccessPath | require | -| autogenerated/Xss/ReflectedXss/etherpad.js:2:25:2:37 | 'is-var-name' | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/etherpad.js:2:25:2:37 | 'is-var-name' | InputArgumentIndex | 0 | -| autogenerated/Xss/ReflectedXss/etherpad.js:2:25:2:37 | 'is-var-name' | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/etherpad.js:2:25:2:37 | 'is-var-name' | calleeImports | | -| autogenerated/Xss/ReflectedXss/etherpad.js:2:25:2:37 | 'is-var-name' | contextFunctionInterfaces | | -| autogenerated/Xss/ReflectedXss/etherpad.js:2:25:2:37 | 'is-var-name' | contextSurroundingFunctionParameters | | -| autogenerated/Xss/ReflectedXss/etherpad.js:2:25:2:37 | 'is-var-name' | enclosingFunctionBody | | -| autogenerated/Xss/ReflectedXss/etherpad.js:2:25:2:37 | 'is-var-name' | enclosingFunctionName | | -| autogenerated/Xss/ReflectedXss/etherpad.js:2:25:2:37 | 'is-var-name' | fileImports | express is-var-name | -| autogenerated/Xss/ReflectedXss/etherpad.js:2:25:2:37 | 'is-var-name' | receiverName | | -| autogenerated/Xss/ReflectedXss/etherpad.js:2:25:2:37 | 'is-var-name' | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/etherpad.js:5:9:5:20 | "/some/path" | CalleeFlexibleAccessPath | app.get | -| autogenerated/Xss/ReflectedXss/etherpad.js:5:9:5:20 | "/some/path" | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/etherpad.js:5:9:5:20 | "/some/path" | InputArgumentIndex | 0 | -| autogenerated/Xss/ReflectedXss/etherpad.js:5:9:5:20 | "/some/path" | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/etherpad.js:5:9:5:20 | "/some/path" | calleeImports | express | -| autogenerated/Xss/ReflectedXss/etherpad.js:5:9:5:20 | "/some/path" | contextFunctionInterfaces | | -| autogenerated/Xss/ReflectedXss/etherpad.js:5:9:5:20 | "/some/path" | contextSurroundingFunctionParameters | | -| autogenerated/Xss/ReflectedXss/etherpad.js:5:9:5:20 | "/some/path" | enclosingFunctionBody | | -| autogenerated/Xss/ReflectedXss/etherpad.js:5:9:5:20 | "/some/path" | enclosingFunctionName | | -| autogenerated/Xss/ReflectedXss/etherpad.js:5:9:5:20 | "/some/path" | fileImports | express is-var-name | -| autogenerated/Xss/ReflectedXss/etherpad.js:5:9:5:20 | "/some/path" | receiverName | app | -| autogenerated/Xss/ReflectedXss/etherpad.js:5:9:5:20 | "/some/path" | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/etherpad.js:5:23:12:1 | (req, r ... nse);\\n} | CalleeFlexibleAccessPath | app.get | -| autogenerated/Xss/ReflectedXss/etherpad.js:5:23:12:1 | (req, r ... nse);\\n} | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/etherpad.js:5:23:12:1 | (req, r ... nse);\\n} | InputArgumentIndex | 1 | -| autogenerated/Xss/ReflectedXss/etherpad.js:5:23:12:1 | (req, r ... nse);\\n} | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/etherpad.js:5:23:12:1 | (req, r ... nse);\\n} | calleeImports | express | -| autogenerated/Xss/ReflectedXss/etherpad.js:5:23:12:1 | (req, r ... nse);\\n} | contextFunctionInterfaces | | -| autogenerated/Xss/ReflectedXss/etherpad.js:5:23:12:1 | (req, r ... nse);\\n} | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/Xss/ReflectedXss/etherpad.js:5:23:12:1 | (req, r ... nse);\\n} | enclosingFunctionBody | | -| autogenerated/Xss/ReflectedXss/etherpad.js:5:23:12:1 | (req, r ... nse);\\n} | enclosingFunctionName | | -| autogenerated/Xss/ReflectedXss/etherpad.js:5:23:12:1 | (req, r ... nse);\\n} | fileImports | express is-var-name | -| autogenerated/Xss/ReflectedXss/etherpad.js:5:23:12:1 | (req, r ... nse);\\n} | receiverName | app | -| autogenerated/Xss/ReflectedXss/etherpad.js:5:23:12:1 | (req, r ... nse);\\n} | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/formatting.js:1:23:1:31 | 'express' | CalleeFlexibleAccessPath | require | -| autogenerated/Xss/ReflectedXss/formatting.js:1:23:1:31 | 'express' | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/formatting.js:1:23:1:31 | 'express' | InputArgumentIndex | 0 | -| autogenerated/Xss/ReflectedXss/formatting.js:1:23:1:31 | 'express' | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/formatting.js:1:23:1:31 | 'express' | calleeImports | | -| autogenerated/Xss/ReflectedXss/formatting.js:1:23:1:31 | 'express' | contextFunctionInterfaces | | -| autogenerated/Xss/ReflectedXss/formatting.js:1:23:1:31 | 'express' | contextSurroundingFunctionParameters | | -| autogenerated/Xss/ReflectedXss/formatting.js:1:23:1:31 | 'express' | enclosingFunctionBody | | -| autogenerated/Xss/ReflectedXss/formatting.js:1:23:1:31 | 'express' | enclosingFunctionName | | -| autogenerated/Xss/ReflectedXss/formatting.js:1:23:1:31 | 'express' | fileImports | express printf | -| autogenerated/Xss/ReflectedXss/formatting.js:1:23:1:31 | 'express' | receiverName | | -| autogenerated/Xss/ReflectedXss/formatting.js:1:23:1:31 | 'express' | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/formatting.js:3:15:3:22 | '/user/' | CalleeFlexibleAccessPath | express().get | -| autogenerated/Xss/ReflectedXss/formatting.js:3:15:3:22 | '/user/' | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/formatting.js:3:15:3:22 | '/user/' | InputArgumentIndex | 0 | -| autogenerated/Xss/ReflectedXss/formatting.js:3:15:3:22 | '/user/' | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/formatting.js:3:15:3:22 | '/user/' | calleeImports | express | -| autogenerated/Xss/ReflectedXss/formatting.js:3:15:3:22 | '/user/' | contextFunctionInterfaces | | -| autogenerated/Xss/ReflectedXss/formatting.js:3:15:3:22 | '/user/' | contextSurroundingFunctionParameters | | -| autogenerated/Xss/ReflectedXss/formatting.js:3:15:3:22 | '/user/' | enclosingFunctionBody | | -| autogenerated/Xss/ReflectedXss/formatting.js:3:15:3:22 | '/user/' | enclosingFunctionName | | -| autogenerated/Xss/ReflectedXss/formatting.js:3:15:3:22 | '/user/' | fileImports | express printf | -| autogenerated/Xss/ReflectedXss/formatting.js:3:15:3:22 | '/user/' | receiverName | | -| autogenerated/Xss/ReflectedXss/formatting.js:3:15:3:22 | '/user/' | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/formatting.js:3:25:8:1 | functio ... OT OK\\n} | CalleeFlexibleAccessPath | express().get | -| autogenerated/Xss/ReflectedXss/formatting.js:3:25:8:1 | functio ... OT OK\\n} | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/formatting.js:3:25:8:1 | functio ... OT OK\\n} | InputArgumentIndex | 1 | -| autogenerated/Xss/ReflectedXss/formatting.js:3:25:8:1 | functio ... OT OK\\n} | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/formatting.js:3:25:8:1 | functio ... OT OK\\n} | calleeImports | express | -| autogenerated/Xss/ReflectedXss/formatting.js:3:25:8:1 | functio ... OT OK\\n} | contextFunctionInterfaces | | -| autogenerated/Xss/ReflectedXss/formatting.js:3:25:8:1 | functio ... OT OK\\n} | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/Xss/ReflectedXss/formatting.js:3:25:8:1 | functio ... OT OK\\n} | enclosingFunctionBody | | -| autogenerated/Xss/ReflectedXss/formatting.js:3:25:8:1 | functio ... OT OK\\n} | enclosingFunctionName | | -| autogenerated/Xss/ReflectedXss/formatting.js:3:25:8:1 | functio ... OT OK\\n} | fileImports | express printf | -| autogenerated/Xss/ReflectedXss/formatting.js:3:25:8:1 | functio ... OT OK\\n} | receiverName | | -| autogenerated/Xss/ReflectedXss/formatting.js:3:25:8:1 | functio ... OT OK\\n} | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/formatting.js:5:26:5:40 | "
    %s
    " | CalleeFlexibleAccessPath | console.log | -| autogenerated/Xss/ReflectedXss/formatting.js:5:26:5:40 | "
    %s
    " | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/formatting.js:5:26:5:40 | "
    %s
    " | InputArgumentIndex | 0 | -| autogenerated/Xss/ReflectedXss/formatting.js:5:26:5:40 | "
    %s
    " | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/formatting.js:5:26:5:40 | "
    %s
    " | calleeImports | | -| autogenerated/Xss/ReflectedXss/formatting.js:5:26:5:40 | "
    %s
    " | contextFunctionInterfaces | | -| autogenerated/Xss/ReflectedXss/formatting.js:5:26:5:40 | "
    %s
    " | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/Xss/ReflectedXss/formatting.js:5:26:5:40 | "
    %s
    " | enclosingFunctionBody | req res evil req query evil res send console log
    %s
    evil res send util format
    %s
    evil res send require printf
    %s
    evil | -| autogenerated/Xss/ReflectedXss/formatting.js:5:26:5:40 | "
    %s
    " | enclosingFunctionName | get#functionalargument | -| autogenerated/Xss/ReflectedXss/formatting.js:5:26:5:40 | "
    %s
    " | fileImports | express printf | -| autogenerated/Xss/ReflectedXss/formatting.js:5:26:5:40 | "
    %s
    " | receiverName | console | -| autogenerated/Xss/ReflectedXss/formatting.js:5:26:5:40 | "
    %s
    " | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/formatting.js:5:43:5:46 | evil | CalleeFlexibleAccessPath | console.log | -| autogenerated/Xss/ReflectedXss/formatting.js:5:43:5:46 | evil | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/formatting.js:5:43:5:46 | evil | InputArgumentIndex | 1 | -| autogenerated/Xss/ReflectedXss/formatting.js:5:43:5:46 | evil | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/formatting.js:5:43:5:46 | evil | calleeImports | | -| autogenerated/Xss/ReflectedXss/formatting.js:5:43:5:46 | evil | contextFunctionInterfaces | | -| autogenerated/Xss/ReflectedXss/formatting.js:5:43:5:46 | evil | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/Xss/ReflectedXss/formatting.js:5:43:5:46 | evil | enclosingFunctionBody | req res evil req query evil res send console log
    %s
    evil res send util format
    %s
    evil res send require printf
    %s
    evil | -| autogenerated/Xss/ReflectedXss/formatting.js:5:43:5:46 | evil | enclosingFunctionName | get#functionalargument | -| autogenerated/Xss/ReflectedXss/formatting.js:5:43:5:46 | evil | fileImports | express printf | -| autogenerated/Xss/ReflectedXss/formatting.js:5:43:5:46 | evil | receiverName | console | -| autogenerated/Xss/ReflectedXss/formatting.js:5:43:5:46 | evil | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/formatting.js:7:22:7:29 | "printf" | CalleeFlexibleAccessPath | require | -| autogenerated/Xss/ReflectedXss/formatting.js:7:22:7:29 | "printf" | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/formatting.js:7:22:7:29 | "printf" | InputArgumentIndex | 0 | -| autogenerated/Xss/ReflectedXss/formatting.js:7:22:7:29 | "printf" | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/formatting.js:7:22:7:29 | "printf" | calleeImports | | -| autogenerated/Xss/ReflectedXss/formatting.js:7:22:7:29 | "printf" | contextFunctionInterfaces | | -| autogenerated/Xss/ReflectedXss/formatting.js:7:22:7:29 | "printf" | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/Xss/ReflectedXss/formatting.js:7:22:7:29 | "printf" | enclosingFunctionBody | req res evil req query evil res send console log
    %s
    evil res send util format
    %s
    evil res send require printf
    %s
    evil | -| autogenerated/Xss/ReflectedXss/formatting.js:7:22:7:29 | "printf" | enclosingFunctionName | get#functionalargument | -| autogenerated/Xss/ReflectedXss/formatting.js:7:22:7:29 | "printf" | fileImports | express printf | -| autogenerated/Xss/ReflectedXss/formatting.js:7:22:7:29 | "printf" | receiverName | | -| autogenerated/Xss/ReflectedXss/formatting.js:7:22:7:29 | "printf" | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/pages/api/myapi.js:2:14:2:20 | req.url | CalleeFlexibleAccessPath | res.send | -| autogenerated/Xss/ReflectedXss/pages/api/myapi.js:2:14:2:20 | req.url | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/pages/api/myapi.js:2:14:2:20 | req.url | InputArgumentIndex | 0 | -| autogenerated/Xss/ReflectedXss/pages/api/myapi.js:2:14:2:20 | req.url | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/pages/api/myapi.js:2:14:2:20 | req.url | calleeImports | | -| autogenerated/Xss/ReflectedXss/pages/api/myapi.js:2:14:2:20 | req.url | contextFunctionInterfaces | handler(req, res) | -| autogenerated/Xss/ReflectedXss/pages/api/myapi.js:2:14:2:20 | req.url | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/Xss/ReflectedXss/pages/api/myapi.js:2:14:2:20 | req.url | enclosingFunctionBody | req res res send req url | -| autogenerated/Xss/ReflectedXss/pages/api/myapi.js:2:14:2:20 | req.url | enclosingFunctionName | handler | -| autogenerated/Xss/ReflectedXss/pages/api/myapi.js:2:14:2:20 | req.url | fileImports | | -| autogenerated/Xss/ReflectedXss/pages/api/myapi.js:2:14:2:20 | req.url | receiverName | res | -| autogenerated/Xss/ReflectedXss/pages/api/myapi.js:2:14:2:20 | req.url | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/partial.js:1:23:1:31 | 'express' | CalleeFlexibleAccessPath | require | -| autogenerated/Xss/ReflectedXss/partial.js:1:23:1:31 | 'express' | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/partial.js:1:23:1:31 | 'express' | InputArgumentIndex | 0 | -| autogenerated/Xss/ReflectedXss/partial.js:1:23:1:31 | 'express' | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/partial.js:1:23:1:31 | 'express' | calleeImports | | -| autogenerated/Xss/ReflectedXss/partial.js:1:23:1:31 | 'express' | contextFunctionInterfaces | getFirst(x, y)\nsendResponse(x, y)\nsendResponse(x, y)\nsendResponse(x, y)\nsendResponse(x, y) | -| autogenerated/Xss/ReflectedXss/partial.js:1:23:1:31 | 'express' | contextSurroundingFunctionParameters | | -| autogenerated/Xss/ReflectedXss/partial.js:1:23:1:31 | 'express' | enclosingFunctionBody | | -| autogenerated/Xss/ReflectedXss/partial.js:1:23:1:31 | 'express' | enclosingFunctionName | | -| autogenerated/Xss/ReflectedXss/partial.js:1:23:1:31 | 'express' | fileImports | express lodash ramda underscore | -| autogenerated/Xss/ReflectedXss/partial.js:1:23:1:31 | 'express' | receiverName | | -| autogenerated/Xss/ReflectedXss/partial.js:1:23:1:31 | 'express' | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/partial.js:2:26:2:37 | 'underscore' | CalleeFlexibleAccessPath | require | -| autogenerated/Xss/ReflectedXss/partial.js:2:26:2:37 | 'underscore' | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/partial.js:2:26:2:37 | 'underscore' | InputArgumentIndex | 0 | -| autogenerated/Xss/ReflectedXss/partial.js:2:26:2:37 | 'underscore' | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/partial.js:2:26:2:37 | 'underscore' | calleeImports | | -| autogenerated/Xss/ReflectedXss/partial.js:2:26:2:37 | 'underscore' | contextFunctionInterfaces | getFirst(x, y)\nsendResponse(x, y)\nsendResponse(x, y)\nsendResponse(x, y)\nsendResponse(x, y) | -| autogenerated/Xss/ReflectedXss/partial.js:2:26:2:37 | 'underscore' | contextSurroundingFunctionParameters | | -| autogenerated/Xss/ReflectedXss/partial.js:2:26:2:37 | 'underscore' | enclosingFunctionBody | | -| autogenerated/Xss/ReflectedXss/partial.js:2:26:2:37 | 'underscore' | enclosingFunctionName | | -| autogenerated/Xss/ReflectedXss/partial.js:2:26:2:37 | 'underscore' | fileImports | express lodash ramda underscore | -| autogenerated/Xss/ReflectedXss/partial.js:2:26:2:37 | 'underscore' | receiverName | | -| autogenerated/Xss/ReflectedXss/partial.js:2:26:2:37 | 'underscore' | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/partial.js:3:22:3:29 | 'lodash' | CalleeFlexibleAccessPath | require | -| autogenerated/Xss/ReflectedXss/partial.js:3:22:3:29 | 'lodash' | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/partial.js:3:22:3:29 | 'lodash' | InputArgumentIndex | 0 | -| autogenerated/Xss/ReflectedXss/partial.js:3:22:3:29 | 'lodash' | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/partial.js:3:22:3:29 | 'lodash' | calleeImports | | -| autogenerated/Xss/ReflectedXss/partial.js:3:22:3:29 | 'lodash' | contextFunctionInterfaces | getFirst(x, y)\nsendResponse(x, y)\nsendResponse(x, y)\nsendResponse(x, y)\nsendResponse(x, y) | -| autogenerated/Xss/ReflectedXss/partial.js:3:22:3:29 | 'lodash' | contextSurroundingFunctionParameters | | -| autogenerated/Xss/ReflectedXss/partial.js:3:22:3:29 | 'lodash' | enclosingFunctionBody | | -| autogenerated/Xss/ReflectedXss/partial.js:3:22:3:29 | 'lodash' | enclosingFunctionName | | -| autogenerated/Xss/ReflectedXss/partial.js:3:22:3:29 | 'lodash' | fileImports | express lodash ramda underscore | -| autogenerated/Xss/ReflectedXss/partial.js:3:22:3:29 | 'lodash' | receiverName | | -| autogenerated/Xss/ReflectedXss/partial.js:3:22:3:29 | 'lodash' | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/partial.js:4:17:4:23 | 'ramda' | CalleeFlexibleAccessPath | require | -| autogenerated/Xss/ReflectedXss/partial.js:4:17:4:23 | 'ramda' | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/partial.js:4:17:4:23 | 'ramda' | InputArgumentIndex | 0 | -| autogenerated/Xss/ReflectedXss/partial.js:4:17:4:23 | 'ramda' | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/partial.js:4:17:4:23 | 'ramda' | calleeImports | | -| autogenerated/Xss/ReflectedXss/partial.js:4:17:4:23 | 'ramda' | contextFunctionInterfaces | getFirst(x, y)\nsendResponse(x, y)\nsendResponse(x, y)\nsendResponse(x, y)\nsendResponse(x, y) | -| autogenerated/Xss/ReflectedXss/partial.js:4:17:4:23 | 'ramda' | contextSurroundingFunctionParameters | | -| autogenerated/Xss/ReflectedXss/partial.js:4:17:4:23 | 'ramda' | enclosingFunctionBody | | -| autogenerated/Xss/ReflectedXss/partial.js:4:17:4:23 | 'ramda' | enclosingFunctionName | | -| autogenerated/Xss/ReflectedXss/partial.js:4:17:4:23 | 'ramda' | fileImports | express lodash ramda underscore | -| autogenerated/Xss/ReflectedXss/partial.js:4:17:4:23 | 'ramda' | receiverName | | -| autogenerated/Xss/ReflectedXss/partial.js:4:17:4:23 | 'ramda' | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/partial.js:8:9:8:20 | "/some/path" | CalleeFlexibleAccessPath | app.get | -| autogenerated/Xss/ReflectedXss/partial.js:8:9:8:20 | "/some/path" | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/partial.js:8:9:8:20 | "/some/path" | InputArgumentIndex | 0 | -| autogenerated/Xss/ReflectedXss/partial.js:8:9:8:20 | "/some/path" | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/partial.js:8:9:8:20 | "/some/path" | calleeImports | express | -| autogenerated/Xss/ReflectedXss/partial.js:8:9:8:20 | "/some/path" | contextFunctionInterfaces | getFirst(x, y)\nsendResponse(x, y)\nsendResponse(x, y)\nsendResponse(x, y)\nsendResponse(x, y) | -| autogenerated/Xss/ReflectedXss/partial.js:8:9:8:20 | "/some/path" | contextSurroundingFunctionParameters | | -| autogenerated/Xss/ReflectedXss/partial.js:8:9:8:20 | "/some/path" | enclosingFunctionBody | | -| autogenerated/Xss/ReflectedXss/partial.js:8:9:8:20 | "/some/path" | enclosingFunctionName | | -| autogenerated/Xss/ReflectedXss/partial.js:8:9:8:20 | "/some/path" | fileImports | express lodash ramda underscore | -| autogenerated/Xss/ReflectedXss/partial.js:8:9:8:20 | "/some/path" | receiverName | app | -| autogenerated/Xss/ReflectedXss/partial.js:8:9:8:20 | "/some/path" | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/partial.js:8:23:15:1 | (req, r ... ack);\\n} | CalleeFlexibleAccessPath | app.get | -| autogenerated/Xss/ReflectedXss/partial.js:8:23:15:1 | (req, r ... ack);\\n} | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/partial.js:8:23:15:1 | (req, r ... ack);\\n} | InputArgumentIndex | 1 | -| autogenerated/Xss/ReflectedXss/partial.js:8:23:15:1 | (req, r ... ack);\\n} | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/partial.js:8:23:15:1 | (req, r ... ack);\\n} | calleeImports | express | -| autogenerated/Xss/ReflectedXss/partial.js:8:23:15:1 | (req, r ... ack);\\n} | contextFunctionInterfaces | getFirst(x, y)\nsendResponse(x, y)\nsendResponse(x, y)\nsendResponse(x, y)\nsendResponse(x, y) | -| autogenerated/Xss/ReflectedXss/partial.js:8:23:15:1 | (req, r ... ack);\\n} | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/Xss/ReflectedXss/partial.js:8:23:15:1 | (req, r ... ack);\\n} | enclosingFunctionBody | | -| autogenerated/Xss/ReflectedXss/partial.js:8:23:15:1 | (req, r ... ack);\\n} | enclosingFunctionName | | -| autogenerated/Xss/ReflectedXss/partial.js:8:23:15:1 | (req, r ... ack);\\n} | fileImports | express lodash ramda underscore | -| autogenerated/Xss/ReflectedXss/partial.js:8:23:15:1 | (req, r ... ack);\\n} | receiverName | app | -| autogenerated/Xss/ReflectedXss/partial.js:8:23:15:1 | (req, r ... ack);\\n} | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/partial.js:13:36:13:39 | null | CalleeFlexibleAccessPath | sendResponse.bind | -| autogenerated/Xss/ReflectedXss/partial.js:13:36:13:39 | null | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/partial.js:13:36:13:39 | null | InputArgumentIndex | 0 | -| autogenerated/Xss/ReflectedXss/partial.js:13:36:13:39 | null | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/partial.js:13:36:13:39 | null | calleeImports | | -| autogenerated/Xss/ReflectedXss/partial.js:13:36:13:39 | null | contextFunctionInterfaces | getFirst(x, y)\nsendResponse(x, y)\nsendResponse(x, y)\nsendResponse(x, y)\nsendResponse(x, y) | -| autogenerated/Xss/ReflectedXss/partial.js:13:36:13:39 | null | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/Xss/ReflectedXss/partial.js:13:36:13:39 | null | enclosingFunctionBody | req res sendResponse x y res send x y callback sendResponse bind null req url 1 2 3 forEach callback | -| autogenerated/Xss/ReflectedXss/partial.js:13:36:13:39 | null | enclosingFunctionName | app.get#functionalargument | -| autogenerated/Xss/ReflectedXss/partial.js:13:36:13:39 | null | fileImports | express lodash ramda underscore | -| autogenerated/Xss/ReflectedXss/partial.js:13:36:13:39 | null | receiverName | sendResponse | -| autogenerated/Xss/ReflectedXss/partial.js:13:36:13:39 | null | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/partial.js:13:42:13:48 | req.url | CalleeFlexibleAccessPath | sendResponse.bind | -| autogenerated/Xss/ReflectedXss/partial.js:13:42:13:48 | req.url | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/partial.js:13:42:13:48 | req.url | InputArgumentIndex | 1 | -| autogenerated/Xss/ReflectedXss/partial.js:13:42:13:48 | req.url | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/partial.js:13:42:13:48 | req.url | calleeImports | | -| autogenerated/Xss/ReflectedXss/partial.js:13:42:13:48 | req.url | contextFunctionInterfaces | getFirst(x, y)\nsendResponse(x, y)\nsendResponse(x, y)\nsendResponse(x, y)\nsendResponse(x, y) | -| autogenerated/Xss/ReflectedXss/partial.js:13:42:13:48 | req.url | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/Xss/ReflectedXss/partial.js:13:42:13:48 | req.url | enclosingFunctionBody | req res sendResponse x y res send x y callback sendResponse bind null req url 1 2 3 forEach callback | -| autogenerated/Xss/ReflectedXss/partial.js:13:42:13:48 | req.url | enclosingFunctionName | app.get#functionalargument | -| autogenerated/Xss/ReflectedXss/partial.js:13:42:13:48 | req.url | fileImports | express lodash ramda underscore | -| autogenerated/Xss/ReflectedXss/partial.js:13:42:13:48 | req.url | receiverName | sendResponse | -| autogenerated/Xss/ReflectedXss/partial.js:13:42:13:48 | req.url | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/partial.js:17:9:17:21 | "/underscore" | CalleeFlexibleAccessPath | app.get | -| autogenerated/Xss/ReflectedXss/partial.js:17:9:17:21 | "/underscore" | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/partial.js:17:9:17:21 | "/underscore" | InputArgumentIndex | 0 | -| autogenerated/Xss/ReflectedXss/partial.js:17:9:17:21 | "/underscore" | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/partial.js:17:9:17:21 | "/underscore" | calleeImports | express | -| autogenerated/Xss/ReflectedXss/partial.js:17:9:17:21 | "/underscore" | contextFunctionInterfaces | getFirst(x, y)\nsendResponse(x, y)\nsendResponse(x, y)\nsendResponse(x, y)\nsendResponse(x, y) | -| autogenerated/Xss/ReflectedXss/partial.js:17:9:17:21 | "/underscore" | contextSurroundingFunctionParameters | | -| autogenerated/Xss/ReflectedXss/partial.js:17:9:17:21 | "/underscore" | enclosingFunctionBody | | -| autogenerated/Xss/ReflectedXss/partial.js:17:9:17:21 | "/underscore" | enclosingFunctionName | | -| autogenerated/Xss/ReflectedXss/partial.js:17:9:17:21 | "/underscore" | fileImports | express lodash ramda underscore | -| autogenerated/Xss/ReflectedXss/partial.js:17:9:17:21 | "/underscore" | receiverName | app | -| autogenerated/Xss/ReflectedXss/partial.js:17:9:17:21 | "/underscore" | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/partial.js:17:24:24:1 | (req, r ... ack);\\n} | CalleeFlexibleAccessPath | app.get | -| autogenerated/Xss/ReflectedXss/partial.js:17:24:24:1 | (req, r ... ack);\\n} | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/partial.js:17:24:24:1 | (req, r ... ack);\\n} | InputArgumentIndex | 1 | -| autogenerated/Xss/ReflectedXss/partial.js:17:24:24:1 | (req, r ... ack);\\n} | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/partial.js:17:24:24:1 | (req, r ... ack);\\n} | calleeImports | express | -| autogenerated/Xss/ReflectedXss/partial.js:17:24:24:1 | (req, r ... ack);\\n} | contextFunctionInterfaces | getFirst(x, y)\nsendResponse(x, y)\nsendResponse(x, y)\nsendResponse(x, y)\nsendResponse(x, y) | -| autogenerated/Xss/ReflectedXss/partial.js:17:24:24:1 | (req, r ... ack);\\n} | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/Xss/ReflectedXss/partial.js:17:24:24:1 | (req, r ... ack);\\n} | enclosingFunctionBody | | -| autogenerated/Xss/ReflectedXss/partial.js:17:24:24:1 | (req, r ... ack);\\n} | enclosingFunctionName | | -| autogenerated/Xss/ReflectedXss/partial.js:17:24:24:1 | (req, r ... ack);\\n} | fileImports | express lodash ramda underscore | -| autogenerated/Xss/ReflectedXss/partial.js:17:24:24:1 | (req, r ... ack);\\n} | receiverName | app | -| autogenerated/Xss/ReflectedXss/partial.js:17:24:24:1 | (req, r ... ack);\\n} | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/partial.js:22:37:22:48 | sendResponse | CalleeFlexibleAccessPath | underscore.partial | -| autogenerated/Xss/ReflectedXss/partial.js:22:37:22:48 | sendResponse | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/partial.js:22:37:22:48 | sendResponse | InputArgumentIndex | 0 | -| autogenerated/Xss/ReflectedXss/partial.js:22:37:22:48 | sendResponse | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/partial.js:22:37:22:48 | sendResponse | calleeImports | underscore | -| autogenerated/Xss/ReflectedXss/partial.js:22:37:22:48 | sendResponse | contextFunctionInterfaces | getFirst(x, y)\nsendResponse(x, y)\nsendResponse(x, y)\nsendResponse(x, y)\nsendResponse(x, y) | -| autogenerated/Xss/ReflectedXss/partial.js:22:37:22:48 | sendResponse | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/Xss/ReflectedXss/partial.js:22:37:22:48 | sendResponse | enclosingFunctionBody | req res sendResponse x y res send x y callback underscore partial sendResponse req url 1 2 3 forEach callback | -| autogenerated/Xss/ReflectedXss/partial.js:22:37:22:48 | sendResponse | enclosingFunctionName | app.get#functionalargument | -| autogenerated/Xss/ReflectedXss/partial.js:22:37:22:48 | sendResponse | fileImports | express lodash ramda underscore | -| autogenerated/Xss/ReflectedXss/partial.js:22:37:22:48 | sendResponse | receiverName | underscore | -| autogenerated/Xss/ReflectedXss/partial.js:22:37:22:48 | sendResponse | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/partial.js:22:51:22:57 | req.url | CalleeFlexibleAccessPath | underscore.partial | -| autogenerated/Xss/ReflectedXss/partial.js:22:51:22:57 | req.url | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/partial.js:22:51:22:57 | req.url | InputArgumentIndex | 1 | -| autogenerated/Xss/ReflectedXss/partial.js:22:51:22:57 | req.url | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/partial.js:22:51:22:57 | req.url | calleeImports | underscore | -| autogenerated/Xss/ReflectedXss/partial.js:22:51:22:57 | req.url | contextFunctionInterfaces | getFirst(x, y)\nsendResponse(x, y)\nsendResponse(x, y)\nsendResponse(x, y)\nsendResponse(x, y) | -| autogenerated/Xss/ReflectedXss/partial.js:22:51:22:57 | req.url | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/Xss/ReflectedXss/partial.js:22:51:22:57 | req.url | enclosingFunctionBody | req res sendResponse x y res send x y callback underscore partial sendResponse req url 1 2 3 forEach callback | -| autogenerated/Xss/ReflectedXss/partial.js:22:51:22:57 | req.url | enclosingFunctionName | app.get#functionalargument | -| autogenerated/Xss/ReflectedXss/partial.js:22:51:22:57 | req.url | fileImports | express lodash ramda underscore | -| autogenerated/Xss/ReflectedXss/partial.js:22:51:22:57 | req.url | receiverName | underscore | -| autogenerated/Xss/ReflectedXss/partial.js:22:51:22:57 | req.url | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/partial.js:26:9:26:17 | "/lodash" | CalleeFlexibleAccessPath | app.get | -| autogenerated/Xss/ReflectedXss/partial.js:26:9:26:17 | "/lodash" | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/partial.js:26:9:26:17 | "/lodash" | InputArgumentIndex | 0 | -| autogenerated/Xss/ReflectedXss/partial.js:26:9:26:17 | "/lodash" | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/partial.js:26:9:26:17 | "/lodash" | calleeImports | express | -| autogenerated/Xss/ReflectedXss/partial.js:26:9:26:17 | "/lodash" | contextFunctionInterfaces | getFirst(x, y)\nsendResponse(x, y)\nsendResponse(x, y)\nsendResponse(x, y)\nsendResponse(x, y) | -| autogenerated/Xss/ReflectedXss/partial.js:26:9:26:17 | "/lodash" | contextSurroundingFunctionParameters | | -| autogenerated/Xss/ReflectedXss/partial.js:26:9:26:17 | "/lodash" | enclosingFunctionBody | | -| autogenerated/Xss/ReflectedXss/partial.js:26:9:26:17 | "/lodash" | enclosingFunctionName | | -| autogenerated/Xss/ReflectedXss/partial.js:26:9:26:17 | "/lodash" | fileImports | express lodash ramda underscore | -| autogenerated/Xss/ReflectedXss/partial.js:26:9:26:17 | "/lodash" | receiverName | app | -| autogenerated/Xss/ReflectedXss/partial.js:26:9:26:17 | "/lodash" | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/partial.js:26:20:33:1 | (req, r ... ack);\\n} | CalleeFlexibleAccessPath | app.get | -| autogenerated/Xss/ReflectedXss/partial.js:26:20:33:1 | (req, r ... ack);\\n} | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/partial.js:26:20:33:1 | (req, r ... ack);\\n} | InputArgumentIndex | 1 | -| autogenerated/Xss/ReflectedXss/partial.js:26:20:33:1 | (req, r ... ack);\\n} | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/partial.js:26:20:33:1 | (req, r ... ack);\\n} | calleeImports | express | -| autogenerated/Xss/ReflectedXss/partial.js:26:20:33:1 | (req, r ... ack);\\n} | contextFunctionInterfaces | getFirst(x, y)\nsendResponse(x, y)\nsendResponse(x, y)\nsendResponse(x, y)\nsendResponse(x, y) | -| autogenerated/Xss/ReflectedXss/partial.js:26:20:33:1 | (req, r ... ack);\\n} | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/Xss/ReflectedXss/partial.js:26:20:33:1 | (req, r ... ack);\\n} | enclosingFunctionBody | | -| autogenerated/Xss/ReflectedXss/partial.js:26:20:33:1 | (req, r ... ack);\\n} | enclosingFunctionName | | -| autogenerated/Xss/ReflectedXss/partial.js:26:20:33:1 | (req, r ... ack);\\n} | fileImports | express lodash ramda underscore | -| autogenerated/Xss/ReflectedXss/partial.js:26:20:33:1 | (req, r ... ack);\\n} | receiverName | app | -| autogenerated/Xss/ReflectedXss/partial.js:26:20:33:1 | (req, r ... ack);\\n} | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/partial.js:31:33:31:44 | sendResponse | CalleeFlexibleAccessPath | lodash.partial | -| autogenerated/Xss/ReflectedXss/partial.js:31:33:31:44 | sendResponse | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/partial.js:31:33:31:44 | sendResponse | InputArgumentIndex | 0 | -| autogenerated/Xss/ReflectedXss/partial.js:31:33:31:44 | sendResponse | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/partial.js:31:33:31:44 | sendResponse | calleeImports | lodash | -| autogenerated/Xss/ReflectedXss/partial.js:31:33:31:44 | sendResponse | contextFunctionInterfaces | getFirst(x, y)\nsendResponse(x, y)\nsendResponse(x, y)\nsendResponse(x, y)\nsendResponse(x, y) | -| autogenerated/Xss/ReflectedXss/partial.js:31:33:31:44 | sendResponse | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/Xss/ReflectedXss/partial.js:31:33:31:44 | sendResponse | enclosingFunctionBody | req res sendResponse x y res send x y callback lodash partial sendResponse req url 1 2 3 forEach callback | -| autogenerated/Xss/ReflectedXss/partial.js:31:33:31:44 | sendResponse | enclosingFunctionName | app.get#functionalargument | -| autogenerated/Xss/ReflectedXss/partial.js:31:33:31:44 | sendResponse | fileImports | express lodash ramda underscore | -| autogenerated/Xss/ReflectedXss/partial.js:31:33:31:44 | sendResponse | receiverName | lodash | -| autogenerated/Xss/ReflectedXss/partial.js:31:33:31:44 | sendResponse | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/partial.js:31:47:31:53 | req.url | CalleeFlexibleAccessPath | lodash.partial | -| autogenerated/Xss/ReflectedXss/partial.js:31:47:31:53 | req.url | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/partial.js:31:47:31:53 | req.url | InputArgumentIndex | 1 | -| autogenerated/Xss/ReflectedXss/partial.js:31:47:31:53 | req.url | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/partial.js:31:47:31:53 | req.url | calleeImports | lodash | -| autogenerated/Xss/ReflectedXss/partial.js:31:47:31:53 | req.url | contextFunctionInterfaces | getFirst(x, y)\nsendResponse(x, y)\nsendResponse(x, y)\nsendResponse(x, y)\nsendResponse(x, y) | -| autogenerated/Xss/ReflectedXss/partial.js:31:47:31:53 | req.url | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/Xss/ReflectedXss/partial.js:31:47:31:53 | req.url | enclosingFunctionBody | req res sendResponse x y res send x y callback lodash partial sendResponse req url 1 2 3 forEach callback | -| autogenerated/Xss/ReflectedXss/partial.js:31:47:31:53 | req.url | enclosingFunctionName | app.get#functionalargument | -| autogenerated/Xss/ReflectedXss/partial.js:31:47:31:53 | req.url | fileImports | express lodash ramda underscore | -| autogenerated/Xss/ReflectedXss/partial.js:31:47:31:53 | req.url | receiverName | lodash | -| autogenerated/Xss/ReflectedXss/partial.js:31:47:31:53 | req.url | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/partial.js:35:9:35:16 | "/ramda" | CalleeFlexibleAccessPath | app.get | -| autogenerated/Xss/ReflectedXss/partial.js:35:9:35:16 | "/ramda" | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/partial.js:35:9:35:16 | "/ramda" | InputArgumentIndex | 0 | -| autogenerated/Xss/ReflectedXss/partial.js:35:9:35:16 | "/ramda" | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/partial.js:35:9:35:16 | "/ramda" | calleeImports | express | -| autogenerated/Xss/ReflectedXss/partial.js:35:9:35:16 | "/ramda" | contextFunctionInterfaces | getFirst(x, y)\nsendResponse(x, y)\nsendResponse(x, y)\nsendResponse(x, y)\nsendResponse(x, y) | -| autogenerated/Xss/ReflectedXss/partial.js:35:9:35:16 | "/ramda" | contextSurroundingFunctionParameters | | -| autogenerated/Xss/ReflectedXss/partial.js:35:9:35:16 | "/ramda" | enclosingFunctionBody | | -| autogenerated/Xss/ReflectedXss/partial.js:35:9:35:16 | "/ramda" | enclosingFunctionName | | -| autogenerated/Xss/ReflectedXss/partial.js:35:9:35:16 | "/ramda" | fileImports | express lodash ramda underscore | -| autogenerated/Xss/ReflectedXss/partial.js:35:9:35:16 | "/ramda" | receiverName | app | -| autogenerated/Xss/ReflectedXss/partial.js:35:9:35:16 | "/ramda" | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/partial.js:35:19:42:1 | (req, r ... ack);\\n} | CalleeFlexibleAccessPath | app.get | -| autogenerated/Xss/ReflectedXss/partial.js:35:19:42:1 | (req, r ... ack);\\n} | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/partial.js:35:19:42:1 | (req, r ... ack);\\n} | InputArgumentIndex | 1 | -| autogenerated/Xss/ReflectedXss/partial.js:35:19:42:1 | (req, r ... ack);\\n} | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/partial.js:35:19:42:1 | (req, r ... ack);\\n} | calleeImports | express | -| autogenerated/Xss/ReflectedXss/partial.js:35:19:42:1 | (req, r ... ack);\\n} | contextFunctionInterfaces | getFirst(x, y)\nsendResponse(x, y)\nsendResponse(x, y)\nsendResponse(x, y)\nsendResponse(x, y) | -| autogenerated/Xss/ReflectedXss/partial.js:35:19:42:1 | (req, r ... ack);\\n} | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/Xss/ReflectedXss/partial.js:35:19:42:1 | (req, r ... ack);\\n} | enclosingFunctionBody | | -| autogenerated/Xss/ReflectedXss/partial.js:35:19:42:1 | (req, r ... ack);\\n} | enclosingFunctionName | | -| autogenerated/Xss/ReflectedXss/partial.js:35:19:42:1 | (req, r ... ack);\\n} | fileImports | express lodash ramda underscore | -| autogenerated/Xss/ReflectedXss/partial.js:35:19:42:1 | (req, r ... ack);\\n} | receiverName | app | -| autogenerated/Xss/ReflectedXss/partial.js:35:19:42:1 | (req, r ... ack);\\n} | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/partial.js:40:28:40:39 | sendResponse | CalleeFlexibleAccessPath | R.partial | -| autogenerated/Xss/ReflectedXss/partial.js:40:28:40:39 | sendResponse | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/partial.js:40:28:40:39 | sendResponse | InputArgumentIndex | 0 | -| autogenerated/Xss/ReflectedXss/partial.js:40:28:40:39 | sendResponse | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/partial.js:40:28:40:39 | sendResponse | calleeImports | ramda | -| autogenerated/Xss/ReflectedXss/partial.js:40:28:40:39 | sendResponse | contextFunctionInterfaces | getFirst(x, y)\nsendResponse(x, y)\nsendResponse(x, y)\nsendResponse(x, y)\nsendResponse(x, y) | -| autogenerated/Xss/ReflectedXss/partial.js:40:28:40:39 | sendResponse | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/Xss/ReflectedXss/partial.js:40:28:40:39 | sendResponse | enclosingFunctionBody | req res sendResponse x y res send x y callback R partial sendResponse req url 1 2 3 forEach callback | -| autogenerated/Xss/ReflectedXss/partial.js:40:28:40:39 | sendResponse | enclosingFunctionName | app.get#functionalargument | -| autogenerated/Xss/ReflectedXss/partial.js:40:28:40:39 | sendResponse | fileImports | express lodash ramda underscore | -| autogenerated/Xss/ReflectedXss/partial.js:40:28:40:39 | sendResponse | receiverName | R | -| autogenerated/Xss/ReflectedXss/partial.js:40:28:40:39 | sendResponse | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/partial.js:40:42:40:50 | [req.url] | CalleeFlexibleAccessPath | R.partial | -| autogenerated/Xss/ReflectedXss/partial.js:40:42:40:50 | [req.url] | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/partial.js:40:42:40:50 | [req.url] | InputArgumentIndex | 1 | -| autogenerated/Xss/ReflectedXss/partial.js:40:42:40:50 | [req.url] | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/partial.js:40:42:40:50 | [req.url] | calleeImports | ramda | -| autogenerated/Xss/ReflectedXss/partial.js:40:42:40:50 | [req.url] | contextFunctionInterfaces | getFirst(x, y)\nsendResponse(x, y)\nsendResponse(x, y)\nsendResponse(x, y)\nsendResponse(x, y) | -| autogenerated/Xss/ReflectedXss/partial.js:40:42:40:50 | [req.url] | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/Xss/ReflectedXss/partial.js:40:42:40:50 | [req.url] | enclosingFunctionBody | req res sendResponse x y res send x y callback R partial sendResponse req url 1 2 3 forEach callback | -| autogenerated/Xss/ReflectedXss/partial.js:40:42:40:50 | [req.url] | enclosingFunctionName | app.get#functionalargument | -| autogenerated/Xss/ReflectedXss/partial.js:40:42:40:50 | [req.url] | fileImports | express lodash ramda underscore | -| autogenerated/Xss/ReflectedXss/partial.js:40:42:40:50 | [req.url] | receiverName | R | -| autogenerated/Xss/ReflectedXss/partial.js:40:42:40:50 | [req.url] | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/partial.js:40:43:40:49 | req.url | CalleeFlexibleAccessPath | | -| autogenerated/Xss/ReflectedXss/partial.js:40:43:40:49 | req.url | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/partial.js:40:43:40:49 | req.url | InputArgumentIndex | | -| autogenerated/Xss/ReflectedXss/partial.js:40:43:40:49 | req.url | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/partial.js:40:43:40:49 | req.url | calleeImports | | -| autogenerated/Xss/ReflectedXss/partial.js:40:43:40:49 | req.url | contextFunctionInterfaces | getFirst(x, y)\nsendResponse(x, y)\nsendResponse(x, y)\nsendResponse(x, y)\nsendResponse(x, y) | -| autogenerated/Xss/ReflectedXss/partial.js:40:43:40:49 | req.url | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/Xss/ReflectedXss/partial.js:40:43:40:49 | req.url | enclosingFunctionBody | req res sendResponse x y res send x y callback R partial sendResponse req url 1 2 3 forEach callback | -| autogenerated/Xss/ReflectedXss/partial.js:40:43:40:49 | req.url | enclosingFunctionName | app.get#functionalargument | -| autogenerated/Xss/ReflectedXss/partial.js:40:43:40:49 | req.url | fileImports | express lodash ramda underscore | -| autogenerated/Xss/ReflectedXss/partial.js:40:43:40:49 | req.url | receiverName | | -| autogenerated/Xss/ReflectedXss/partial.js:40:43:40:49 | req.url | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/partial.js:44:9:44:17 | "/return" | CalleeFlexibleAccessPath | app.get | -| autogenerated/Xss/ReflectedXss/partial.js:44:9:44:17 | "/return" | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/partial.js:44:9:44:17 | "/return" | InputArgumentIndex | 0 | -| autogenerated/Xss/ReflectedXss/partial.js:44:9:44:17 | "/return" | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/partial.js:44:9:44:17 | "/return" | calleeImports | express | -| autogenerated/Xss/ReflectedXss/partial.js:44:9:44:17 | "/return" | contextFunctionInterfaces | getFirst(x, y)\nsendResponse(x, y)\nsendResponse(x, y)\nsendResponse(x, y)\nsendResponse(x, y) | -| autogenerated/Xss/ReflectedXss/partial.js:44:9:44:17 | "/return" | contextSurroundingFunctionParameters | | -| autogenerated/Xss/ReflectedXss/partial.js:44:9:44:17 | "/return" | enclosingFunctionBody | | -| autogenerated/Xss/ReflectedXss/partial.js:44:9:44:17 | "/return" | enclosingFunctionName | | -| autogenerated/Xss/ReflectedXss/partial.js:44:9:44:17 | "/return" | fileImports | express lodash ramda underscore | -| autogenerated/Xss/ReflectedXss/partial.js:44:9:44:17 | "/return" | receiverName | app | -| autogenerated/Xss/ReflectedXss/partial.js:44:9:44:17 | "/return" | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/partial.js:44:20:55:1 | (req, r ... site\\n} | CalleeFlexibleAccessPath | app.get | -| autogenerated/Xss/ReflectedXss/partial.js:44:20:55:1 | (req, r ... site\\n} | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/partial.js:44:20:55:1 | (req, r ... site\\n} | InputArgumentIndex | 1 | -| autogenerated/Xss/ReflectedXss/partial.js:44:20:55:1 | (req, r ... site\\n} | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/partial.js:44:20:55:1 | (req, r ... site\\n} | calleeImports | express | -| autogenerated/Xss/ReflectedXss/partial.js:44:20:55:1 | (req, r ... site\\n} | contextFunctionInterfaces | getFirst(x, y)\nsendResponse(x, y)\nsendResponse(x, y)\nsendResponse(x, y)\nsendResponse(x, y) | -| autogenerated/Xss/ReflectedXss/partial.js:44:20:55:1 | (req, r ... site\\n} | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/Xss/ReflectedXss/partial.js:44:20:55:1 | (req, r ... site\\n} | enclosingFunctionBody | | -| autogenerated/Xss/ReflectedXss/partial.js:44:20:55:1 | (req, r ... site\\n} | enclosingFunctionName | | -| autogenerated/Xss/ReflectedXss/partial.js:44:20:55:1 | (req, r ... site\\n} | fileImports | express lodash ramda underscore | -| autogenerated/Xss/ReflectedXss/partial.js:44:20:55:1 | (req, r ... site\\n} | receiverName | app | -| autogenerated/Xss/ReflectedXss/partial.js:44:20:55:1 | (req, r ... site\\n} | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/partial.js:49:32:49:35 | null | CalleeFlexibleAccessPath | getFirst.bind | -| autogenerated/Xss/ReflectedXss/partial.js:49:32:49:35 | null | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/partial.js:49:32:49:35 | null | InputArgumentIndex | 0 | -| autogenerated/Xss/ReflectedXss/partial.js:49:32:49:35 | null | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/partial.js:49:32:49:35 | null | calleeImports | | -| autogenerated/Xss/ReflectedXss/partial.js:49:32:49:35 | null | contextFunctionInterfaces | getFirst(x, y)\nsendResponse(x, y)\nsendResponse(x, y)\nsendResponse(x, y)\nsendResponse(x, y) | -| autogenerated/Xss/ReflectedXss/partial.js:49:32:49:35 | null | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/Xss/ReflectedXss/partial.js:49:32:49:35 | null | enclosingFunctionBody | req res getFirst x y x callback getFirst bind null req url res send callback res send callback res send getFirst Hello | -| autogenerated/Xss/ReflectedXss/partial.js:49:32:49:35 | null | enclosingFunctionName | app.get#functionalargument | -| autogenerated/Xss/ReflectedXss/partial.js:49:32:49:35 | null | fileImports | express lodash ramda underscore | -| autogenerated/Xss/ReflectedXss/partial.js:49:32:49:35 | null | receiverName | getFirst | -| autogenerated/Xss/ReflectedXss/partial.js:49:32:49:35 | null | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/partial.js:49:38:49:44 | req.url | CalleeFlexibleAccessPath | getFirst.bind | -| autogenerated/Xss/ReflectedXss/partial.js:49:38:49:44 | req.url | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/partial.js:49:38:49:44 | req.url | InputArgumentIndex | 1 | -| autogenerated/Xss/ReflectedXss/partial.js:49:38:49:44 | req.url | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/partial.js:49:38:49:44 | req.url | calleeImports | | -| autogenerated/Xss/ReflectedXss/partial.js:49:38:49:44 | req.url | contextFunctionInterfaces | getFirst(x, y)\nsendResponse(x, y)\nsendResponse(x, y)\nsendResponse(x, y)\nsendResponse(x, y) | -| autogenerated/Xss/ReflectedXss/partial.js:49:38:49:44 | req.url | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/Xss/ReflectedXss/partial.js:49:38:49:44 | req.url | enclosingFunctionBody | req res getFirst x y x callback getFirst bind null req url res send callback res send callback res send getFirst Hello | -| autogenerated/Xss/ReflectedXss/partial.js:49:38:49:44 | req.url | enclosingFunctionName | app.get#functionalargument | -| autogenerated/Xss/ReflectedXss/partial.js:49:38:49:44 | req.url | fileImports | express lodash ramda underscore | -| autogenerated/Xss/ReflectedXss/partial.js:49:38:49:44 | req.url | receiverName | getFirst | -| autogenerated/Xss/ReflectedXss/partial.js:49:38:49:44 | req.url | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/promises.js:1:23:1:31 | 'express' | CalleeFlexibleAccessPath | require | -| autogenerated/Xss/ReflectedXss/promises.js:1:23:1:31 | 'express' | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/promises.js:1:23:1:31 | 'express' | InputArgumentIndex | 0 | -| autogenerated/Xss/ReflectedXss/promises.js:1:23:1:31 | 'express' | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/promises.js:1:23:1:31 | 'express' | calleeImports | | -| autogenerated/Xss/ReflectedXss/promises.js:1:23:1:31 | 'express' | contextFunctionInterfaces | | -| autogenerated/Xss/ReflectedXss/promises.js:1:23:1:31 | 'express' | contextSurroundingFunctionParameters | | -| autogenerated/Xss/ReflectedXss/promises.js:1:23:1:31 | 'express' | enclosingFunctionBody | | -| autogenerated/Xss/ReflectedXss/promises.js:1:23:1:31 | 'express' | enclosingFunctionName | | -| autogenerated/Xss/ReflectedXss/promises.js:1:23:1:31 | 'express' | fileImports | express | -| autogenerated/Xss/ReflectedXss/promises.js:1:23:1:31 | 'express' | receiverName | | -| autogenerated/Xss/ReflectedXss/promises.js:1:23:1:31 | 'express' | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/promises.js:4:9:4:20 | "/some/path" | CalleeFlexibleAccessPath | app.get | -| autogenerated/Xss/ReflectedXss/promises.js:4:9:4:20 | "/some/path" | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/promises.js:4:9:4:20 | "/some/path" | InputArgumentIndex | 0 | -| autogenerated/Xss/ReflectedXss/promises.js:4:9:4:20 | "/some/path" | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/promises.js:4:9:4:20 | "/some/path" | calleeImports | express | -| autogenerated/Xss/ReflectedXss/promises.js:4:9:4:20 | "/some/path" | contextFunctionInterfaces | | -| autogenerated/Xss/ReflectedXss/promises.js:4:9:4:20 | "/some/path" | contextSurroundingFunctionParameters | | -| autogenerated/Xss/ReflectedXss/promises.js:4:9:4:20 | "/some/path" | enclosingFunctionBody | | -| autogenerated/Xss/ReflectedXss/promises.js:4:9:4:20 | "/some/path" | enclosingFunctionName | | -| autogenerated/Xss/ReflectedXss/promises.js:4:9:4:20 | "/some/path" | fileImports | express | -| autogenerated/Xss/ReflectedXss/promises.js:4:9:4:20 | "/some/path" | receiverName | app | -| autogenerated/Xss/ReflectedXss/promises.js:4:9:4:20 | "/some/path" | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/promises.js:4:23:11:1 | (req, r ... // OK\\n} | CalleeFlexibleAccessPath | app.get | -| autogenerated/Xss/ReflectedXss/promises.js:4:23:11:1 | (req, r ... // OK\\n} | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/promises.js:4:23:11:1 | (req, r ... // OK\\n} | InputArgumentIndex | 1 | -| autogenerated/Xss/ReflectedXss/promises.js:4:23:11:1 | (req, r ... // OK\\n} | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/promises.js:4:23:11:1 | (req, r ... // OK\\n} | calleeImports | express | -| autogenerated/Xss/ReflectedXss/promises.js:4:23:11:1 | (req, r ... // OK\\n} | contextFunctionInterfaces | | -| autogenerated/Xss/ReflectedXss/promises.js:4:23:11:1 | (req, r ... // OK\\n} | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/Xss/ReflectedXss/promises.js:4:23:11:1 | (req, r ... // OK\\n} | enclosingFunctionBody | | -| autogenerated/Xss/ReflectedXss/promises.js:4:23:11:1 | (req, r ... // OK\\n} | enclosingFunctionName | | -| autogenerated/Xss/ReflectedXss/promises.js:4:23:11:1 | (req, r ... // OK\\n} | fileImports | express | -| autogenerated/Xss/ReflectedXss/promises.js:4:23:11:1 | (req, r ... // OK\\n} | receiverName | app | -| autogenerated/Xss/ReflectedXss/promises.js:4:23:11:1 | (req, r ... // OK\\n} | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/promises.js:5:44:5:57 | req.query.data | CalleeFlexibleAccessPath | resolve | -| autogenerated/Xss/ReflectedXss/promises.js:5:44:5:57 | req.query.data | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/promises.js:5:44:5:57 | req.query.data | InputArgumentIndex | 0 | -| autogenerated/Xss/ReflectedXss/promises.js:5:44:5:57 | req.query.data | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/promises.js:5:44:5:57 | req.query.data | calleeImports | | -| autogenerated/Xss/ReflectedXss/promises.js:5:44:5:57 | req.query.data | contextFunctionInterfaces | | -| autogenerated/Xss/ReflectedXss/promises.js:5:44:5:57 | req.query.data | contextSurroundingFunctionParameters | (req, res)\n(resolve, reject) | -| autogenerated/Xss/ReflectedXss/promises.js:5:44:5:57 | req.query.data | enclosingFunctionBody | req res Promise resolve reject resolve req query data then x res send x Promise resolve reject resolve req query data then x escapeHtml x then x res send x | -| autogenerated/Xss/ReflectedXss/promises.js:5:44:5:57 | req.query.data | enclosingFunctionName | app.get#functionalargument | -| autogenerated/Xss/ReflectedXss/promises.js:5:44:5:57 | req.query.data | fileImports | express | -| autogenerated/Xss/ReflectedXss/promises.js:5:44:5:57 | req.query.data | receiverName | | -| autogenerated/Xss/ReflectedXss/promises.js:5:44:5:57 | req.query.data | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/promises.js:6:11:6:26 | x => res.send(x) | CalleeFlexibleAccessPath | Promise().then | -| autogenerated/Xss/ReflectedXss/promises.js:6:11:6:26 | x => res.send(x) | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/promises.js:6:11:6:26 | x => res.send(x) | InputArgumentIndex | 0 | -| autogenerated/Xss/ReflectedXss/promises.js:6:11:6:26 | x => res.send(x) | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/promises.js:6:11:6:26 | x => res.send(x) | calleeImports | | -| autogenerated/Xss/ReflectedXss/promises.js:6:11:6:26 | x => res.send(x) | contextFunctionInterfaces | | -| autogenerated/Xss/ReflectedXss/promises.js:6:11:6:26 | x => res.send(x) | contextSurroundingFunctionParameters | (req, res)\n(x) | -| autogenerated/Xss/ReflectedXss/promises.js:6:11:6:26 | x => res.send(x) | enclosingFunctionBody | req res Promise resolve reject resolve req query data then x res send x Promise resolve reject resolve req query data then x escapeHtml x then x res send x | -| autogenerated/Xss/ReflectedXss/promises.js:6:11:6:26 | x => res.send(x) | enclosingFunctionName | app.get#functionalargument | -| autogenerated/Xss/ReflectedXss/promises.js:6:11:6:26 | x => res.send(x) | fileImports | express | -| autogenerated/Xss/ReflectedXss/promises.js:6:11:6:26 | x => res.send(x) | receiverName | | -| autogenerated/Xss/ReflectedXss/promises.js:6:11:6:26 | x => res.send(x) | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/promises.js:8:44:8:57 | req.query.data | CalleeFlexibleAccessPath | resolve | -| autogenerated/Xss/ReflectedXss/promises.js:8:44:8:57 | req.query.data | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/promises.js:8:44:8:57 | req.query.data | InputArgumentIndex | 0 | -| autogenerated/Xss/ReflectedXss/promises.js:8:44:8:57 | req.query.data | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/promises.js:8:44:8:57 | req.query.data | calleeImports | | -| autogenerated/Xss/ReflectedXss/promises.js:8:44:8:57 | req.query.data | contextFunctionInterfaces | | -| autogenerated/Xss/ReflectedXss/promises.js:8:44:8:57 | req.query.data | contextSurroundingFunctionParameters | (req, res)\n(resolve, reject) | -| autogenerated/Xss/ReflectedXss/promises.js:8:44:8:57 | req.query.data | enclosingFunctionBody | req res Promise resolve reject resolve req query data then x res send x Promise resolve reject resolve req query data then x escapeHtml x then x res send x | -| autogenerated/Xss/ReflectedXss/promises.js:8:44:8:57 | req.query.data | enclosingFunctionName | app.get#functionalargument | -| autogenerated/Xss/ReflectedXss/promises.js:8:44:8:57 | req.query.data | fileImports | express | -| autogenerated/Xss/ReflectedXss/promises.js:8:44:8:57 | req.query.data | receiverName | | -| autogenerated/Xss/ReflectedXss/promises.js:8:44:8:57 | req.query.data | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/promises.js:9:11:9:28 | x => escapeHtml(x) | CalleeFlexibleAccessPath | Promise().then | -| autogenerated/Xss/ReflectedXss/promises.js:9:11:9:28 | x => escapeHtml(x) | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/promises.js:9:11:9:28 | x => escapeHtml(x) | InputArgumentIndex | 0 | -| autogenerated/Xss/ReflectedXss/promises.js:9:11:9:28 | x => escapeHtml(x) | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/promises.js:9:11:9:28 | x => escapeHtml(x) | calleeImports | | -| autogenerated/Xss/ReflectedXss/promises.js:9:11:9:28 | x => escapeHtml(x) | contextFunctionInterfaces | | -| autogenerated/Xss/ReflectedXss/promises.js:9:11:9:28 | x => escapeHtml(x) | contextSurroundingFunctionParameters | (req, res)\n(x) | -| autogenerated/Xss/ReflectedXss/promises.js:9:11:9:28 | x => escapeHtml(x) | enclosingFunctionBody | req res Promise resolve reject resolve req query data then x res send x Promise resolve reject resolve req query data then x escapeHtml x then x res send x | -| autogenerated/Xss/ReflectedXss/promises.js:9:11:9:28 | x => escapeHtml(x) | enclosingFunctionName | app.get#functionalargument | -| autogenerated/Xss/ReflectedXss/promises.js:9:11:9:28 | x => escapeHtml(x) | fileImports | express | -| autogenerated/Xss/ReflectedXss/promises.js:9:11:9:28 | x => escapeHtml(x) | receiverName | | -| autogenerated/Xss/ReflectedXss/promises.js:9:11:9:28 | x => escapeHtml(x) | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/promises.js:10:11:10:26 | x => res.send(x) | CalleeFlexibleAccessPath | Promise().then().then | -| autogenerated/Xss/ReflectedXss/promises.js:10:11:10:26 | x => res.send(x) | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/promises.js:10:11:10:26 | x => res.send(x) | InputArgumentIndex | 0 | -| autogenerated/Xss/ReflectedXss/promises.js:10:11:10:26 | x => res.send(x) | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/promises.js:10:11:10:26 | x => res.send(x) | calleeImports | | -| autogenerated/Xss/ReflectedXss/promises.js:10:11:10:26 | x => res.send(x) | contextFunctionInterfaces | | -| autogenerated/Xss/ReflectedXss/promises.js:10:11:10:26 | x => res.send(x) | contextSurroundingFunctionParameters | (req, res)\n(x) | -| autogenerated/Xss/ReflectedXss/promises.js:10:11:10:26 | x => res.send(x) | enclosingFunctionBody | req res Promise resolve reject resolve req query data then x res send x Promise resolve reject resolve req query data then x escapeHtml x then x res send x | -| autogenerated/Xss/ReflectedXss/promises.js:10:11:10:26 | x => res.send(x) | enclosingFunctionName | app.get#functionalargument | -| autogenerated/Xss/ReflectedXss/promises.js:10:11:10:26 | x => res.send(x) | fileImports | express | -| autogenerated/Xss/ReflectedXss/promises.js:10:11:10:26 | x => res.send(x) | receiverName | | -| autogenerated/Xss/ReflectedXss/promises.js:10:11:10:26 | x => res.send(x) | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/tst2.js:1:23:1:31 | 'express' | CalleeFlexibleAccessPath | require | -| autogenerated/Xss/ReflectedXss/tst2.js:1:23:1:31 | 'express' | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/tst2.js:1:23:1:31 | 'express' | InputArgumentIndex | 0 | -| autogenerated/Xss/ReflectedXss/tst2.js:1:23:1:31 | 'express' | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/tst2.js:1:23:1:31 | 'express' | calleeImports | | -| autogenerated/Xss/ReflectedXss/tst2.js:1:23:1:31 | 'express' | contextFunctionInterfaces | | -| autogenerated/Xss/ReflectedXss/tst2.js:1:23:1:31 | 'express' | contextSurroundingFunctionParameters | | -| autogenerated/Xss/ReflectedXss/tst2.js:1:23:1:31 | 'express' | enclosingFunctionBody | | -| autogenerated/Xss/ReflectedXss/tst2.js:1:23:1:31 | 'express' | enclosingFunctionName | | -| autogenerated/Xss/ReflectedXss/tst2.js:1:23:1:31 | 'express' | fileImports | express | -| autogenerated/Xss/ReflectedXss/tst2.js:1:23:1:31 | 'express' | receiverName | | -| autogenerated/Xss/ReflectedXss/tst2.js:1:23:1:31 | 'express' | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/tst2.js:5:9:5:19 | '/user/:id' | CalleeFlexibleAccessPath | app.get | -| autogenerated/Xss/ReflectedXss/tst2.js:5:9:5:19 | '/user/:id' | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/tst2.js:5:9:5:19 | '/user/:id' | InputArgumentIndex | 0 | -| autogenerated/Xss/ReflectedXss/tst2.js:5:9:5:19 | '/user/:id' | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/tst2.js:5:9:5:19 | '/user/:id' | calleeImports | express | -| autogenerated/Xss/ReflectedXss/tst2.js:5:9:5:19 | '/user/:id' | contextFunctionInterfaces | | -| autogenerated/Xss/ReflectedXss/tst2.js:5:9:5:19 | '/user/:id' | contextSurroundingFunctionParameters | | -| autogenerated/Xss/ReflectedXss/tst2.js:5:9:5:19 | '/user/:id' | enclosingFunctionBody | | -| autogenerated/Xss/ReflectedXss/tst2.js:5:9:5:19 | '/user/:id' | enclosingFunctionName | | -| autogenerated/Xss/ReflectedXss/tst2.js:5:9:5:19 | '/user/:id' | fileImports | express | -| autogenerated/Xss/ReflectedXss/tst2.js:5:9:5:19 | '/user/:id' | receiverName | app | -| autogenerated/Xss/ReflectedXss/tst2.js:5:9:5:19 | '/user/:id' | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/tst2.js:5:22:9:1 | functio ... OT OK\\n} | CalleeFlexibleAccessPath | app.get | -| autogenerated/Xss/ReflectedXss/tst2.js:5:22:9:1 | functio ... OT OK\\n} | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/tst2.js:5:22:9:1 | functio ... OT OK\\n} | InputArgumentIndex | 1 | -| autogenerated/Xss/ReflectedXss/tst2.js:5:22:9:1 | functio ... OT OK\\n} | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/tst2.js:5:22:9:1 | functio ... OT OK\\n} | calleeImports | express | -| autogenerated/Xss/ReflectedXss/tst2.js:5:22:9:1 | functio ... OT OK\\n} | contextFunctionInterfaces | | -| autogenerated/Xss/ReflectedXss/tst2.js:5:22:9:1 | functio ... OT OK\\n} | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/Xss/ReflectedXss/tst2.js:5:22:9:1 | functio ... OT OK\\n} | enclosingFunctionBody | | -| autogenerated/Xss/ReflectedXss/tst2.js:5:22:9:1 | functio ... OT OK\\n} | enclosingFunctionName | | -| autogenerated/Xss/ReflectedXss/tst2.js:5:22:9:1 | functio ... OT OK\\n} | fileImports | express | -| autogenerated/Xss/ReflectedXss/tst2.js:5:22:9:1 | functio ... OT OK\\n} | receiverName | app | -| autogenerated/Xss/ReflectedXss/tst2.js:5:22:9:1 | functio ... OT OK\\n} | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/tst2.js:13:9:13:14 | '/bar' | CalleeFlexibleAccessPath | app.get | -| autogenerated/Xss/ReflectedXss/tst2.js:13:9:13:14 | '/bar' | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/tst2.js:13:9:13:14 | '/bar' | InputArgumentIndex | 0 | -| autogenerated/Xss/ReflectedXss/tst2.js:13:9:13:14 | '/bar' | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/tst2.js:13:9:13:14 | '/bar' | calleeImports | express | -| autogenerated/Xss/ReflectedXss/tst2.js:13:9:13:14 | '/bar' | contextFunctionInterfaces | | -| autogenerated/Xss/ReflectedXss/tst2.js:13:9:13:14 | '/bar' | contextSurroundingFunctionParameters | | -| autogenerated/Xss/ReflectedXss/tst2.js:13:9:13:14 | '/bar' | enclosingFunctionBody | | -| autogenerated/Xss/ReflectedXss/tst2.js:13:9:13:14 | '/bar' | enclosingFunctionName | | -| autogenerated/Xss/ReflectedXss/tst2.js:13:9:13:14 | '/bar' | fileImports | express | -| autogenerated/Xss/ReflectedXss/tst2.js:13:9:13:14 | '/bar' | receiverName | app | -| autogenerated/Xss/ReflectedXss/tst2.js:13:9:13:14 | '/bar' | stringConcatenatedWith | | -| autogenerated/Xss/ReflectedXss/tst2.js:13:17:24:1 | functio ... // OK\\n} | CalleeFlexibleAccessPath | app.get | -| autogenerated/Xss/ReflectedXss/tst2.js:13:17:24:1 | functio ... // OK\\n} | InputAccessPathFromCallee | | -| autogenerated/Xss/ReflectedXss/tst2.js:13:17:24:1 | functio ... // OK\\n} | InputArgumentIndex | 1 | -| autogenerated/Xss/ReflectedXss/tst2.js:13:17:24:1 | functio ... // OK\\n} | assignedToPropName | | -| autogenerated/Xss/ReflectedXss/tst2.js:13:17:24:1 | functio ... // OK\\n} | calleeImports | express | -| autogenerated/Xss/ReflectedXss/tst2.js:13:17:24:1 | functio ... // OK\\n} | contextFunctionInterfaces | | -| autogenerated/Xss/ReflectedXss/tst2.js:13:17:24:1 | functio ... // OK\\n} | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/Xss/ReflectedXss/tst2.js:13:17:24:1 | functio ... // OK\\n} | enclosingFunctionBody | | -| autogenerated/Xss/ReflectedXss/tst2.js:13:17:24:1 | functio ... // OK\\n} | enclosingFunctionName | | -| autogenerated/Xss/ReflectedXss/tst2.js:13:17:24:1 | functio ... // OK\\n} | fileImports | express | -| autogenerated/Xss/ReflectedXss/tst2.js:13:17:24:1 | functio ... // OK\\n} | receiverName | app | -| autogenerated/Xss/ReflectedXss/tst2.js:13:17:24:1 | functio ... // OK\\n} | stringConcatenatedWith | | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:1:20:1:25 | 'http' | CalleeFlexibleAccessPath | require | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:1:20:1:25 | 'http' | InputAccessPathFromCallee | | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:1:20:1:25 | 'http' | InputArgumentIndex | 0 | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:1:20:1:25 | 'http' | assignedToPropName | | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:1:20:1:25 | 'http' | calleeImports | | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:1:20:1:25 | 'http' | contextFunctionInterfaces | format(files2) | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:1:20:1:25 | 'http' | contextSurroundingFunctionParameters | | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:1:20:1:25 | 'http' | enclosingFunctionBody | | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:1:20:1:25 | 'http' | enclosingFunctionName | | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:1:20:1:25 | 'http' | fileImports | express fs http | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:1:20:1:25 | 'http' | receiverName | | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:1:20:1:25 | 'http' | stringConcatenatedWith | | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:2:18:2:21 | 'fs' | CalleeFlexibleAccessPath | require | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:2:18:2:21 | 'fs' | InputAccessPathFromCallee | | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:2:18:2:21 | 'fs' | InputArgumentIndex | 0 | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:2:18:2:21 | 'fs' | assignedToPropName | | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:2:18:2:21 | 'fs' | calleeImports | | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:2:18:2:21 | 'fs' | contextFunctionInterfaces | format(files2) | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:2:18:2:21 | 'fs' | contextSurroundingFunctionParameters | | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:2:18:2:21 | 'fs' | enclosingFunctionBody | | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:2:18:2:21 | 'fs' | enclosingFunctionName | | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:2:18:2:21 | 'fs' | fileImports | express fs http | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:2:18:2:21 | 'fs' | receiverName | | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:2:18:2:21 | 'fs' | stringConcatenatedWith | | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:4:23:4:31 | 'express' | CalleeFlexibleAccessPath | require | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:4:23:4:31 | 'express' | InputAccessPathFromCallee | | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:4:23:4:31 | 'express' | InputArgumentIndex | 0 | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:4:23:4:31 | 'express' | assignedToPropName | | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:4:23:4:31 | 'express' | calleeImports | | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:4:23:4:31 | 'express' | contextFunctionInterfaces | format(files2) | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:4:23:4:31 | 'express' | contextSurroundingFunctionParameters | | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:4:23:4:31 | 'express' | enclosingFunctionBody | | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:4:23:4:31 | 'express' | enclosingFunctionName | | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:4:23:4:31 | 'express' | fileImports | express fs http | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:4:23:4:31 | 'express' | receiverName | | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:4:23:4:31 | 'express' | stringConcatenatedWith | | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:6:15:6:17 | '/' | CalleeFlexibleAccessPath | express().get | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:6:15:6:17 | '/' | InputAccessPathFromCallee | | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:6:15:6:17 | '/' | InputArgumentIndex | 0 | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:6:15:6:17 | '/' | assignedToPropName | | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:6:15:6:17 | '/' | calleeImports | express | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:6:15:6:17 | '/' | contextFunctionInterfaces | format(files2) | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:6:15:6:17 | '/' | contextSurroundingFunctionParameters | | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:6:15:6:17 | '/' | enclosingFunctionBody | | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:6:15:6:17 | '/' | enclosingFunctionName | | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:6:15:6:17 | '/' | fileImports | express fs http | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:6:15:6:17 | '/' | receiverName | | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:6:15:6:17 | '/' | stringConcatenatedWith | | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:6:20:10:1 | functio ... });\\n} | CalleeFlexibleAccessPath | express().get | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:6:20:10:1 | functio ... });\\n} | InputAccessPathFromCallee | | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:6:20:10:1 | functio ... });\\n} | InputArgumentIndex | 1 | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:6:20:10:1 | functio ... });\\n} | assignedToPropName | | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:6:20:10:1 | functio ... });\\n} | calleeImports | express | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:6:20:10:1 | functio ... });\\n} | contextFunctionInterfaces | format(files2) | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:6:20:10:1 | functio ... });\\n} | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:6:20:10:1 | functio ... });\\n} | enclosingFunctionBody | | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:6:20:10:1 | functio ... });\\n} | enclosingFunctionName | | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:6:20:10:1 | functio ... });\\n} | fileImports | express fs http | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:6:20:10:1 | functio ... });\\n} | receiverName | | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:6:20:10:1 | functio ... });\\n} | stringConcatenatedWith | | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:7:16:7:23 | "/myDir" | CalleeFlexibleAccessPath | fs.readdir | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:7:16:7:23 | "/myDir" | InputAccessPathFromCallee | | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:7:16:7:23 | "/myDir" | InputArgumentIndex | 0 | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:7:16:7:23 | "/myDir" | assignedToPropName | | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:7:16:7:23 | "/myDir" | calleeImports | fs | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:7:16:7:23 | "/myDir" | contextFunctionInterfaces | format(files2) | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:7:16:7:23 | "/myDir" | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:7:16:7:23 | "/myDir" | enclosingFunctionBody | req res fs readdir /myDir error files1 res send files1 | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:7:16:7:23 | "/myDir" | enclosingFunctionName | get#functionalargument | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:7:16:7:23 | "/myDir" | fileImports | express fs http | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:7:16:7:23 | "/myDir" | receiverName | fs | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:7:16:7:23 | "/myDir" | stringConcatenatedWith | | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:7:26:9:5 | functio ... K\\n } | CalleeFlexibleAccessPath | fs.readdir | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:7:26:9:5 | functio ... K\\n } | InputAccessPathFromCallee | | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:7:26:9:5 | functio ... K\\n } | InputArgumentIndex | 1 | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:7:26:9:5 | functio ... K\\n } | assignedToPropName | | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:7:26:9:5 | functio ... K\\n } | calleeImports | fs | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:7:26:9:5 | functio ... K\\n } | contextFunctionInterfaces | format(files2) | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:7:26:9:5 | functio ... K\\n } | contextSurroundingFunctionParameters | (req, res)\n(error, files1) | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:7:26:9:5 | functio ... K\\n } | enclosingFunctionBody | req res fs readdir /myDir error files1 res send files1 | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:7:26:9:5 | functio ... K\\n } | enclosingFunctionName | get#functionalargument | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:7:26:9:5 | functio ... K\\n } | fileImports | express fs http | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:7:26:9:5 | functio ... K\\n } | receiverName | fs | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:7:26:9:5 | functio ... K\\n } | stringConcatenatedWith | | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:15:19:40:1 | functio ... });\\n} | CalleeFlexibleAccessPath | http.createServer | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:15:19:40:1 | functio ... });\\n} | InputAccessPathFromCallee | | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:15:19:40:1 | functio ... });\\n} | InputArgumentIndex | 0 | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:15:19:40:1 | functio ... });\\n} | assignedToPropName | | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:15:19:40:1 | functio ... });\\n} | calleeImports | http | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:15:19:40:1 | functio ... });\\n} | contextFunctionInterfaces | format(files2) | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:15:19:40:1 | functio ... });\\n} | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:15:19:40:1 | functio ... });\\n} | enclosingFunctionBody | | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:15:19:40:1 | functio ... });\\n} | enclosingFunctionName | | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:15:19:40:1 | functio ... });\\n} | fileImports | express fs http | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:15:19:40:1 | functio ... });\\n} | receiverName | http | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:15:19:40:1 | functio ... });\\n} | stringConcatenatedWith | | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:19:21:19:24 | sort | CalleeFlexibleAccessPath | files2.sort | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:19:21:19:24 | sort | InputAccessPathFromCallee | | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:19:21:19:24 | sort | InputArgumentIndex | 0 | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:19:21:19:24 | sort | assignedToPropName | | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:19:21:19:24 | sort | calleeImports | | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:19:21:19:24 | sort | contextFunctionInterfaces | format(files2) | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:19:21:19:24 | sort | contextSurroundingFunctionParameters | (files2) | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:19:21:19:24 | sort | enclosingFunctionBody | req res format files2 files3 files2 sort sort forEach file files3 push
  • file
    • files3 join fs readdir /myDir error files1 res write files1 dirs files2 files1 forEach file files2 push file res write files2 files3 format files2 res write files3 | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:19:21:19:24 | sort | enclosingFunctionName | http.createServer#functionalargument | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:19:21:19:24 | sort | fileImports | express fs http | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:19:21:19:24 | sort | receiverName | files2 | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:19:21:19:24 | sort | stringConcatenatedWith | | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:19:35:21:9 | functio ... } | CalleeFlexibleAccessPath | files2.sort().forEach | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:19:35:21:9 | functio ... } | InputAccessPathFromCallee | | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:19:35:21:9 | functio ... } | InputArgumentIndex | 0 | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:19:35:21:9 | functio ... } | assignedToPropName | | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:19:35:21:9 | functio ... } | calleeImports | | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:19:35:21:9 | functio ... } | contextFunctionInterfaces | format(files2) | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:19:35:21:9 | functio ... } | contextSurroundingFunctionParameters | (files2)\n(file) | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:19:35:21:9 | functio ... } | enclosingFunctionBody | req res format files2 files3 files2 sort sort forEach file files3 push
  • file
    • files3 join fs readdir /myDir error files1 res write files1 dirs files2 files1 forEach file files2 push file res write files2 files3 format files2 res write files3 | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:19:35:21:9 | functio ... } | enclosingFunctionName | http.createServer#functionalargument | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:19:35:21:9 | functio ... } | fileImports | express fs http | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:19:35:21:9 | functio ... } | receiverName | | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:19:35:21:9 | functio ... } | stringConcatenatedWith | | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:20:25:20:30 | '
  • ' | CalleeFlexibleAccessPath | | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:20:25:20:30 | '
  • ' | InputAccessPathFromCallee | | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:20:25:20:30 | '
  • ' | InputArgumentIndex | | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:20:25:20:30 | '
  • ' | assignedToPropName | | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:20:25:20:30 | '
  • ' | calleeImports | | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:20:25:20:30 | '
  • ' | contextFunctionInterfaces | format(files2) | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:20:25:20:30 | '
  • ' | contextSurroundingFunctionParameters | (files2)\n(file) | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:20:25:20:30 | '
  • ' | enclosingFunctionBody | req res format files2 files3 files2 sort sort forEach file files3 push
  • file
    • files3 join fs readdir /myDir error files1 res write files1 dirs files2 files1 forEach file files2 push file res write files2 files3 format files2 res write files3 | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:20:25:20:30 | '
  • ' | enclosingFunctionName | http.createServer#functionalargument | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:20:25:20:30 | '
  • ' | fileImports | express fs http | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:20:25:20:30 | '
  • ' | receiverName | | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:20:25:20:30 | '
  • ' | stringConcatenatedWith | -endpoint- file + '
    • ' | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:20:25:20:37 | '
  • ' + file | CalleeFlexibleAccessPath | | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:20:25:20:37 | '
  • ' + file | InputAccessPathFromCallee | | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:20:25:20:37 | '
  • ' + file | InputArgumentIndex | | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:20:25:20:37 | '
  • ' + file | assignedToPropName | | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:20:25:20:37 | '
  • ' + file | calleeImports | | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:20:25:20:37 | '
  • ' + file | contextFunctionInterfaces | format(files2) | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:20:25:20:37 | '
  • ' + file | contextSurroundingFunctionParameters | (files2)\n(file) | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:20:25:20:37 | '
  • ' + file | enclosingFunctionBody | req res format files2 files3 files2 sort sort forEach file files3 push
  • file
    • files3 join fs readdir /myDir error files1 res write files1 dirs files2 files1 forEach file files2 push file res write files2 files3 format files2 res write files3 | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:20:25:20:37 | '
  • ' + file | enclosingFunctionName | http.createServer#functionalargument | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:20:25:20:37 | '
  • ' + file | fileImports | express fs http | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:20:25:20:37 | '
  • ' + file | receiverName | | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:20:25:20:37 | '
  • ' + file | stringConcatenatedWith | | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:20:34:20:37 | file | CalleeFlexibleAccessPath | | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:20:34:20:37 | file | InputAccessPathFromCallee | | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:20:34:20:37 | file | InputArgumentIndex | | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:20:34:20:37 | file | assignedToPropName | | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:20:34:20:37 | file | calleeImports | | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:20:34:20:37 | file | contextFunctionInterfaces | format(files2) | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:20:34:20:37 | file | contextSurroundingFunctionParameters | (files2)\n(file) | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:20:34:20:37 | file | enclosingFunctionBody | req res format files2 files3 files2 sort sort forEach file files3 push
  • file
    • files3 join fs readdir /myDir error files1 res write files1 dirs files2 files1 forEach file files2 push file res write files2 files3 format files2 res write files3 | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:20:34:20:37 | file | enclosingFunctionName | http.createServer#functionalargument | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:20:34:20:37 | file | fileImports | express fs http | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:20:34:20:37 | file | receiverName | | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:20:34:20:37 | file | stringConcatenatedWith | '
  • ' -endpoint- '
    • ' | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:20:41:20:47 | '' | CalleeFlexibleAccessPath | | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:20:41:20:47 | '' | InputAccessPathFromCallee | | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:20:41:20:47 | '' | InputArgumentIndex | | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:20:41:20:47 | '' | assignedToPropName | | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:20:41:20:47 | '' | calleeImports | | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:20:41:20:47 | '' | contextFunctionInterfaces | format(files2) | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:20:41:20:47 | '' | contextSurroundingFunctionParameters | (files2)\n(file) | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:20:41:20:47 | '' | enclosingFunctionBody | req res format files2 files3 files2 sort sort forEach file files3 push
  • file
    • files3 join fs readdir /myDir error files1 res write files1 dirs files2 files1 forEach file files2 push file res write files2 files3 format files2 res write files3 | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:20:41:20:47 | '' | enclosingFunctionName | http.createServer#functionalargument | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:20:41:20:47 | '' | fileImports | express fs http | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:20:41:20:47 | '' | receiverName | | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:20:41:20:47 | '' | stringConcatenatedWith | '
  • ' + file -endpoint- | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:25:16:25:23 | "/myDir" | CalleeFlexibleAccessPath | fs.readdir | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:25:16:25:23 | "/myDir" | InputAccessPathFromCallee | | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:25:16:25:23 | "/myDir" | InputArgumentIndex | 0 | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:25:16:25:23 | "/myDir" | assignedToPropName | | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:25:16:25:23 | "/myDir" | calleeImports | fs | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:25:16:25:23 | "/myDir" | contextFunctionInterfaces | format(files2) | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:25:16:25:23 | "/myDir" | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:25:16:25:23 | "/myDir" | enclosingFunctionBody | req res format files2 files3 files2 sort sort forEach file files3 push
  • file
    • files3 join fs readdir /myDir error files1 res write files1 dirs files2 files1 forEach file files2 push file res write files2 files3 format files2 res write files3 | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:25:16:25:23 | "/myDir" | enclosingFunctionName | http.createServer#functionalargument | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:25:16:25:23 | "/myDir" | fileImports | express fs http | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:25:16:25:23 | "/myDir" | receiverName | fs | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:25:16:25:23 | "/myDir" | stringConcatenatedWith | | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:25:26:39:5 | functio ... \\n\\n } | CalleeFlexibleAccessPath | fs.readdir | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:25:26:39:5 | functio ... \\n\\n } | InputAccessPathFromCallee | | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:25:26:39:5 | functio ... \\n\\n } | InputArgumentIndex | 1 | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:25:26:39:5 | functio ... \\n\\n } | assignedToPropName | | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:25:26:39:5 | functio ... \\n\\n } | calleeImports | fs | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:25:26:39:5 | functio ... \\n\\n } | contextFunctionInterfaces | format(files2) | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:25:26:39:5 | functio ... \\n\\n } | contextSurroundingFunctionParameters | (req, res)\n(error, files1) | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:25:26:39:5 | functio ... \\n\\n } | enclosingFunctionBody | req res format files2 files3 files2 sort sort forEach file files3 push
  • file
    • files3 join fs readdir /myDir error files1 res write files1 dirs files2 files1 forEach file files2 push file res write files2 files3 format files2 res write files3 | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:25:26:39:5 | functio ... \\n\\n } | enclosingFunctionName | http.createServer#functionalargument | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:25:26:39:5 | functio ... \\n\\n } | fileImports | express fs http | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:25:26:39:5 | functio ... \\n\\n } | receiverName | fs | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:25:26:39:5 | functio ... \\n\\n } | stringConcatenatedWith | | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:30:24:32:9 | functio ... } | CalleeFlexibleAccessPath | files1.forEach | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:30:24:32:9 | functio ... } | InputAccessPathFromCallee | | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:30:24:32:9 | functio ... } | InputArgumentIndex | 0 | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:30:24:32:9 | functio ... } | assignedToPropName | | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:30:24:32:9 | functio ... } | calleeImports | | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:30:24:32:9 | functio ... } | contextFunctionInterfaces | format(files2) | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:30:24:32:9 | functio ... } | contextSurroundingFunctionParameters | (req, res)\n(error, files1)\n(file) | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:30:24:32:9 | functio ... } | enclosingFunctionBody | req res format files2 files3 files2 sort sort forEach file files3 push
  • file
    • files3 join fs readdir /myDir error files1 res write files1 dirs files2 files1 forEach file files2 push file res write files2 files3 format files2 res write files3 | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:30:24:32:9 | functio ... } | enclosingFunctionName | http.createServer#functionalargument | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:30:24:32:9 | functio ... } | fileImports | express fs http | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:30:24:32:9 | functio ... } | receiverName | files1 | -| autogenerated/Xss/StoredXss/xss-through-filenames.js:30:24:32:9 | functio ... } | stringConcatenatedWith | | -| autogenerated/Xss/StoredXss/xss-through-torrent.js:1:30:1:44 | 'parse-torrent' | CalleeFlexibleAccessPath | require | -| autogenerated/Xss/StoredXss/xss-through-torrent.js:1:30:1:44 | 'parse-torrent' | InputAccessPathFromCallee | | -| autogenerated/Xss/StoredXss/xss-through-torrent.js:1:30:1:44 | 'parse-torrent' | InputArgumentIndex | 0 | -| autogenerated/Xss/StoredXss/xss-through-torrent.js:1:30:1:44 | 'parse-torrent' | assignedToPropName | | -| autogenerated/Xss/StoredXss/xss-through-torrent.js:1:30:1:44 | 'parse-torrent' | calleeImports | | -| autogenerated/Xss/StoredXss/xss-through-torrent.js:1:30:1:44 | 'parse-torrent' | contextFunctionInterfaces | | -| autogenerated/Xss/StoredXss/xss-through-torrent.js:1:30:1:44 | 'parse-torrent' | contextSurroundingFunctionParameters | | -| autogenerated/Xss/StoredXss/xss-through-torrent.js:1:30:1:44 | 'parse-torrent' | enclosingFunctionBody | | -| autogenerated/Xss/StoredXss/xss-through-torrent.js:1:30:1:44 | 'parse-torrent' | enclosingFunctionName | | -| autogenerated/Xss/StoredXss/xss-through-torrent.js:1:30:1:44 | 'parse-torrent' | fileImports | express parse-torrent | -| autogenerated/Xss/StoredXss/xss-through-torrent.js:1:30:1:44 | 'parse-torrent' | receiverName | | -| autogenerated/Xss/StoredXss/xss-through-torrent.js:1:30:1:44 | 'parse-torrent' | stringConcatenatedWith | | -| autogenerated/Xss/StoredXss/xss-through-torrent.js:2:25:2:33 | 'express' | CalleeFlexibleAccessPath | require | -| autogenerated/Xss/StoredXss/xss-through-torrent.js:2:25:2:33 | 'express' | InputAccessPathFromCallee | | -| autogenerated/Xss/StoredXss/xss-through-torrent.js:2:25:2:33 | 'express' | InputArgumentIndex | 0 | -| autogenerated/Xss/StoredXss/xss-through-torrent.js:2:25:2:33 | 'express' | assignedToPropName | | -| autogenerated/Xss/StoredXss/xss-through-torrent.js:2:25:2:33 | 'express' | calleeImports | | -| autogenerated/Xss/StoredXss/xss-through-torrent.js:2:25:2:33 | 'express' | contextFunctionInterfaces | | -| autogenerated/Xss/StoredXss/xss-through-torrent.js:2:25:2:33 | 'express' | contextSurroundingFunctionParameters | | -| autogenerated/Xss/StoredXss/xss-through-torrent.js:2:25:2:33 | 'express' | enclosingFunctionBody | | -| autogenerated/Xss/StoredXss/xss-through-torrent.js:2:25:2:33 | 'express' | enclosingFunctionName | | -| autogenerated/Xss/StoredXss/xss-through-torrent.js:2:25:2:33 | 'express' | fileImports | express parse-torrent | -| autogenerated/Xss/StoredXss/xss-through-torrent.js:2:25:2:33 | 'express' | receiverName | | -| autogenerated/Xss/StoredXss/xss-through-torrent.js:2:25:2:33 | 'express' | stringConcatenatedWith | | -| autogenerated/Xss/StoredXss/xss-through-torrent.js:4:15:4:25 | '/user/:id' | CalleeFlexibleAccessPath | express().get | -| autogenerated/Xss/StoredXss/xss-through-torrent.js:4:15:4:25 | '/user/:id' | InputAccessPathFromCallee | | -| autogenerated/Xss/StoredXss/xss-through-torrent.js:4:15:4:25 | '/user/:id' | InputArgumentIndex | 0 | -| autogenerated/Xss/StoredXss/xss-through-torrent.js:4:15:4:25 | '/user/:id' | assignedToPropName | | -| autogenerated/Xss/StoredXss/xss-through-torrent.js:4:15:4:25 | '/user/:id' | calleeImports | express | -| autogenerated/Xss/StoredXss/xss-through-torrent.js:4:15:4:25 | '/user/:id' | contextFunctionInterfaces | | -| autogenerated/Xss/StoredXss/xss-through-torrent.js:4:15:4:25 | '/user/:id' | contextSurroundingFunctionParameters | | -| autogenerated/Xss/StoredXss/xss-through-torrent.js:4:15:4:25 | '/user/:id' | enclosingFunctionBody | | -| autogenerated/Xss/StoredXss/xss-through-torrent.js:4:15:4:25 | '/user/:id' | enclosingFunctionName | | -| autogenerated/Xss/StoredXss/xss-through-torrent.js:4:15:4:25 | '/user/:id' | fileImports | express parse-torrent | -| autogenerated/Xss/StoredXss/xss-through-torrent.js:4:15:4:25 | '/user/:id' | receiverName | | -| autogenerated/Xss/StoredXss/xss-through-torrent.js:4:15:4:25 | '/user/:id' | stringConcatenatedWith | | -| autogenerated/Xss/StoredXss/xss-through-torrent.js:4:28:8:1 | functio ... OT OK\\n} | CalleeFlexibleAccessPath | express().get | -| autogenerated/Xss/StoredXss/xss-through-torrent.js:4:28:8:1 | functio ... OT OK\\n} | InputAccessPathFromCallee | | -| autogenerated/Xss/StoredXss/xss-through-torrent.js:4:28:8:1 | functio ... OT OK\\n} | InputArgumentIndex | 1 | -| autogenerated/Xss/StoredXss/xss-through-torrent.js:4:28:8:1 | functio ... OT OK\\n} | assignedToPropName | | -| autogenerated/Xss/StoredXss/xss-through-torrent.js:4:28:8:1 | functio ... OT OK\\n} | calleeImports | express | -| autogenerated/Xss/StoredXss/xss-through-torrent.js:4:28:8:1 | functio ... OT OK\\n} | contextFunctionInterfaces | | -| autogenerated/Xss/StoredXss/xss-through-torrent.js:4:28:8:1 | functio ... OT OK\\n} | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/Xss/StoredXss/xss-through-torrent.js:4:28:8:1 | functio ... OT OK\\n} | enclosingFunctionBody | | -| autogenerated/Xss/StoredXss/xss-through-torrent.js:4:28:8:1 | functio ... OT OK\\n} | enclosingFunctionName | | -| autogenerated/Xss/StoredXss/xss-through-torrent.js:4:28:8:1 | functio ... OT OK\\n} | fileImports | express parse-torrent | -| autogenerated/Xss/StoredXss/xss-through-torrent.js:4:28:8:1 | functio ... OT OK\\n} | receiverName | | -| autogenerated/Xss/StoredXss/xss-through-torrent.js:4:28:8:1 | functio ... OT OK\\n} | stringConcatenatedWith | | -| autogenerated/Xss/StoredXss/xss-through-torrent.js:5:29:5:35 | unknown | CalleeFlexibleAccessPath | parseTorrent | -| autogenerated/Xss/StoredXss/xss-through-torrent.js:5:29:5:35 | unknown | InputAccessPathFromCallee | | -| autogenerated/Xss/StoredXss/xss-through-torrent.js:5:29:5:35 | unknown | InputArgumentIndex | 0 | -| autogenerated/Xss/StoredXss/xss-through-torrent.js:5:29:5:35 | unknown | assignedToPropName | | -| autogenerated/Xss/StoredXss/xss-through-torrent.js:5:29:5:35 | unknown | calleeImports | parse-torrent | -| autogenerated/Xss/StoredXss/xss-through-torrent.js:5:29:5:35 | unknown | contextFunctionInterfaces | | -| autogenerated/Xss/StoredXss/xss-through-torrent.js:5:29:5:35 | unknown | contextSurroundingFunctionParameters | (req, res) | -| autogenerated/Xss/StoredXss/xss-through-torrent.js:5:29:5:35 | unknown | enclosingFunctionBody | req res torrent parseTorrent unknown name torrent name res send name | -| autogenerated/Xss/StoredXss/xss-through-torrent.js:5:29:5:35 | unknown | enclosingFunctionName | get#functionalargument | -| autogenerated/Xss/StoredXss/xss-through-torrent.js:5:29:5:35 | unknown | fileImports | express parse-torrent | -| autogenerated/Xss/StoredXss/xss-through-torrent.js:5:29:5:35 | unknown | receiverName | | -| autogenerated/Xss/StoredXss/xss-through-torrent.js:5:29:5:35 | unknown | stringConcatenatedWith | | -| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:3:10:3:32 | ['jquer ... ry-ui'] | CalleeFlexibleAccessPath | define | -| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:3:10:3:32 | ['jquer ... ry-ui'] | InputAccessPathFromCallee | | -| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:3:10:3:32 | ['jquer ... ry-ui'] | InputArgumentIndex | 0 | -| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:3:10:3:32 | ['jquer ... ry-ui'] | assignedToPropName | | -| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:3:10:3:32 | ['jquer ... ry-ui'] | calleeImports | | -| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:3:10:3:32 | ['jquer ... ry-ui'] | contextFunctionInterfaces | | -| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:3:10:3:32 | ['jquer ... ry-ui'] | contextSurroundingFunctionParameters | (factory) | -| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:3:10:3:32 | ['jquer ... ry-ui'] | enclosingFunctionBody | factory define function define amd define jquery jquery-ui factory factory jQuery | -| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:3:10:3:32 | ['jquer ... ry-ui'] | enclosingFunctionName | | -| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:3:10:3:32 | ['jquer ... ry-ui'] | fileImports | jquery jquery-ui | -| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:3:10:3:32 | ['jquer ... ry-ui'] | receiverName | | -| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:3:10:3:32 | ['jquer ... ry-ui'] | stringConcatenatedWith | | -| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:3:11:3:18 | 'jquery' | CalleeFlexibleAccessPath | | -| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:3:11:3:18 | 'jquery' | InputAccessPathFromCallee | | -| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:3:11:3:18 | 'jquery' | InputArgumentIndex | | -| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:3:11:3:18 | 'jquery' | assignedToPropName | | -| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:3:11:3:18 | 'jquery' | calleeImports | | -| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:3:11:3:18 | 'jquery' | contextFunctionInterfaces | | -| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:3:11:3:18 | 'jquery' | contextSurroundingFunctionParameters | (factory) | -| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:3:11:3:18 | 'jquery' | enclosingFunctionBody | factory define function define amd define jquery jquery-ui factory factory jQuery | -| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:3:11:3:18 | 'jquery' | enclosingFunctionName | | -| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:3:11:3:18 | 'jquery' | fileImports | jquery jquery-ui | -| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:3:11:3:18 | 'jquery' | receiverName | | -| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:3:11:3:18 | 'jquery' | stringConcatenatedWith | | -| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:3:21:3:31 | 'jquery-ui' | CalleeFlexibleAccessPath | | -| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:3:21:3:31 | 'jquery-ui' | InputAccessPathFromCallee | | -| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:3:21:3:31 | 'jquery-ui' | InputArgumentIndex | | -| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:3:21:3:31 | 'jquery-ui' | assignedToPropName | | -| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:3:21:3:31 | 'jquery-ui' | calleeImports | | -| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:3:21:3:31 | 'jquery-ui' | contextFunctionInterfaces | | -| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:3:21:3:31 | 'jquery-ui' | contextSurroundingFunctionParameters | (factory) | -| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:3:21:3:31 | 'jquery-ui' | enclosingFunctionBody | factory define function define amd define jquery jquery-ui factory factory jQuery | -| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:3:21:3:31 | 'jquery-ui' | enclosingFunctionName | | -| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:3:21:3:31 | 'jquery-ui' | fileImports | jquery jquery-ui | -| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:3:21:3:31 | 'jquery-ui' | receiverName | | -| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:3:21:3:31 | 'jquery-ui' | stringConcatenatedWith | | -| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:7:8:14 | "" | CalleeFlexibleAccessPath | | -| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:7:8:14 | "" | InputAccessPathFromCallee | | -| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:7:8:14 | "" | InputArgumentIndex | | -| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:7:8:14 | "" | assignedToPropName | | -| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:7:8:14 | "" | calleeImports | | -| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:7:8:14 | "" | contextFunctionInterfaces | | -| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:7:8:14 | "" | contextSurroundingFunctionParameters | ($) | -| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:7:8:14 | "" | enclosingFunctionBody | $ $ $ trim foo | -| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:7:8:14 | "" | enclosingFunctionName | | -| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:7:8:14 | "" | fileImports | jquery jquery-ui | -| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:7:8:14 | "" | receiverName | | -| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:7:8:14 | "" | stringConcatenatedWith | -endpoint- $.trim() + '' | -| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:7:8:42 | " ... /span>" | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:7:8:42 | " ... /span>" | InputAccessPathFromCallee | | -| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:7:8:42 | " ... /span>" | InputArgumentIndex | 0 | -| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:7:8:42 | " ... /span>" | assignedToPropName | | -| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:7:8:42 | " ... /span>" | calleeImports | jquery | -| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:7:8:42 | " ... /span>" | contextFunctionInterfaces | | -| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:7:8:42 | " ... /span>" | contextSurroundingFunctionParameters | ($) | -| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:7:8:42 | " ... /span>" | enclosingFunctionBody | $ $ $ trim foo | -| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:7:8:42 | " ... /span>" | enclosingFunctionName | | -| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:7:8:42 | " ... /span>" | fileImports | jquery jquery-ui | -| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:7:8:42 | " ... /span>" | receiverName | | -| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:7:8:42 | " ... /span>" | stringConcatenatedWith | | -| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:18:8:30 | $.trim("foo") | CalleeFlexibleAccessPath | | -| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:18:8:30 | $.trim("foo") | InputAccessPathFromCallee | | -| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:18:8:30 | $.trim("foo") | InputArgumentIndex | | -| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:18:8:30 | $.trim("foo") | assignedToPropName | | -| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:18:8:30 | $.trim("foo") | calleeImports | | -| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:18:8:30 | $.trim("foo") | contextFunctionInterfaces | | -| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:18:8:30 | $.trim("foo") | contextSurroundingFunctionParameters | ($) | -| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:18:8:30 | $.trim("foo") | enclosingFunctionBody | $ $ $ trim foo | -| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:18:8:30 | $.trim("foo") | enclosingFunctionName | | -| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:18:8:30 | $.trim("foo") | fileImports | jquery jquery-ui | -| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:18:8:30 | $.trim("foo") | receiverName | | -| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:18:8:30 | $.trim("foo") | stringConcatenatedWith | '' -endpoint- '' | -| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:25:8:29 | "foo" | CalleeFlexibleAccessPath | $.trim | -| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:25:8:29 | "foo" | InputAccessPathFromCallee | | -| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:25:8:29 | "foo" | InputArgumentIndex | 0 | -| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:25:8:29 | "foo" | assignedToPropName | | -| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:25:8:29 | "foo" | calleeImports | jquery | -| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:25:8:29 | "foo" | contextFunctionInterfaces | | -| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:25:8:29 | "foo" | contextSurroundingFunctionParameters | ($) | -| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:25:8:29 | "foo" | enclosingFunctionBody | $ $ $ trim foo | -| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:25:8:29 | "foo" | enclosingFunctionName | | -| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:25:8:29 | "foo" | fileImports | jquery jquery-ui | -| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:25:8:29 | "foo" | receiverName | $ | -| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:25:8:29 | "foo" | stringConcatenatedWith | | -| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:34:8:42 | "" | CalleeFlexibleAccessPath | | -| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:34:8:42 | "" | InputAccessPathFromCallee | | -| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:34:8:42 | "" | InputArgumentIndex | | -| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:34:8:42 | "" | assignedToPropName | | -| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:34:8:42 | "" | calleeImports | | -| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:34:8:42 | "" | contextFunctionInterfaces | | -| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:34:8:42 | "" | contextSurroundingFunctionParameters | ($) | -| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:34:8:42 | "" | enclosingFunctionBody | $ $ $ trim foo | -| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:34:8:42 | "" | enclosingFunctionName | | -| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:34:8:42 | "" | fileImports | jquery jquery-ui | -| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:34:8:42 | "" | receiverName | | -| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:34:8:42 | "" | stringConcatenatedWith | '' + $.trim() -endpoint- | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:2:18:2:25 | "" | CalleeFlexibleAccessPath | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:2:18:2:25 | "" | InputAccessPathFromCallee | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:2:18:2:25 | "" | InputArgumentIndex | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:2:18:2:25 | "" | assignedToPropName | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:2:18:2:25 | "" | calleeImports | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:2:18:2:25 | "" | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:2:18:2:25 | "" | contextSurroundingFunctionParameters | (s) | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:2:18:2:25 | "" | enclosingFunctionBody | s html s document querySelector #html innerHTML html | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:2:18:2:25 | "" | enclosingFunctionName | xssThroughHTMLConstruction | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:2:18:2:25 | "" | fileImports | ./jquery-plugin ./typed markdown-it striptags | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:2:18:2:25 | "" | receiverName | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:2:18:2:25 | "" | stringConcatenatedWith | -endpoint- s + '' | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:2:18:2:41 | " ... /span>" | CalleeFlexibleAccessPath | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:2:18:2:41 | " ... /span>" | InputAccessPathFromCallee | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:2:18:2:41 | " ... /span>" | InputArgumentIndex | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:2:18:2:41 | " ... /span>" | assignedToPropName | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:2:18:2:41 | " ... /span>" | calleeImports | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:2:18:2:41 | " ... /span>" | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:2:18:2:41 | " ... /span>" | contextSurroundingFunctionParameters | (s) | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:2:18:2:41 | " ... /span>" | enclosingFunctionBody | s html s document querySelector #html innerHTML html | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:2:18:2:41 | " ... /span>" | enclosingFunctionName | xssThroughHTMLConstruction | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:2:18:2:41 | " ... /span>" | fileImports | ./jquery-plugin ./typed markdown-it striptags | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:2:18:2:41 | " ... /span>" | receiverName | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:2:18:2:41 | " ... /span>" | stringConcatenatedWith | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:2:29:2:29 | s | CalleeFlexibleAccessPath | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:2:29:2:29 | s | InputAccessPathFromCallee | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:2:29:2:29 | s | InputArgumentIndex | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:2:29:2:29 | s | assignedToPropName | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:2:29:2:29 | s | calleeImports | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:2:29:2:29 | s | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:2:29:2:29 | s | contextSurroundingFunctionParameters | (s) | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:2:29:2:29 | s | enclosingFunctionBody | s html s document querySelector #html innerHTML html | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:2:29:2:29 | s | enclosingFunctionName | xssThroughHTMLConstruction | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:2:29:2:29 | s | fileImports | ./jquery-plugin ./typed markdown-it striptags | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:2:29:2:29 | s | receiverName | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:2:29:2:29 | s | stringConcatenatedWith | '' -endpoint- '' | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:2:33:2:41 | "" | CalleeFlexibleAccessPath | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:2:33:2:41 | "" | InputAccessPathFromCallee | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:2:33:2:41 | "" | InputArgumentIndex | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:2:33:2:41 | "" | assignedToPropName | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:2:33:2:41 | "" | calleeImports | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:2:33:2:41 | "" | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:2:33:2:41 | "" | contextSurroundingFunctionParameters | (s) | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:2:33:2:41 | "" | enclosingFunctionBody | s html s document querySelector #html innerHTML html | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:2:33:2:41 | "" | enclosingFunctionName | xssThroughHTMLConstruction | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:2:33:2:41 | "" | fileImports | ./jquery-plugin ./typed markdown-it striptags | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:2:33:2:41 | "" | receiverName | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:2:33:2:41 | "" | stringConcatenatedWith | '' + s -endpoint- | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:3:28:3:34 | "#html" | CalleeFlexibleAccessPath | document.querySelector | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:3:28:3:34 | "#html" | InputAccessPathFromCallee | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:3:28:3:34 | "#html" | InputArgumentIndex | 0 | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:3:28:3:34 | "#html" | assignedToPropName | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:3:28:3:34 | "#html" | calleeImports | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:3:28:3:34 | "#html" | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:3:28:3:34 | "#html" | contextSurroundingFunctionParameters | (s) | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:3:28:3:34 | "#html" | enclosingFunctionBody | s html s document querySelector #html innerHTML html | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:3:28:3:34 | "#html" | enclosingFunctionName | xssThroughHTMLConstruction | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:3:28:3:34 | "#html" | fileImports | ./jquery-plugin ./typed markdown-it striptags | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:3:28:3:34 | "#html" | receiverName | document | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:3:28:3:34 | "#html" | stringConcatenatedWith | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:3:49:3:52 | html | CalleeFlexibleAccessPath | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:3:49:3:52 | html | InputAccessPathFromCallee | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:3:49:3:52 | html | InputArgumentIndex | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:3:49:3:52 | html | assignedToPropName | innerHTML | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:3:49:3:52 | html | calleeImports | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:3:49:3:52 | html | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:3:49:3:52 | html | contextSurroundingFunctionParameters | (s) | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:3:49:3:52 | html | enclosingFunctionBody | s html s document querySelector #html innerHTML html | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:3:49:3:52 | html | enclosingFunctionName | xssThroughHTMLConstruction | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:3:49:3:52 | html | fileImports | ./jquery-plugin ./typed markdown-it striptags | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:3:49:3:52 | html | receiverName | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:3:49:3:52 | html | stringConcatenatedWith | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:7:49:7:49 | s | CalleeFlexibleAccessPath | DOMParser().parseFromString | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:7:49:7:49 | s | InputAccessPathFromCallee | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:7:49:7:49 | s | InputArgumentIndex | 0 | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:7:49:7:49 | s | assignedToPropName | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:7:49:7:49 | s | calleeImports | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:7:49:7:49 | s | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:7:49:7:49 | s | contextSurroundingFunctionParameters | (s) | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:7:49:7:49 | s | enclosingFunctionBody | s doc DOMParser parseFromString s text/xml document querySelector #xml appendChild doc documentElement | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:7:49:7:49 | s | enclosingFunctionName | xssThroughXMLParsing | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:7:49:7:49 | s | fileImports | ./jquery-plugin ./typed markdown-it striptags | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:7:49:7:49 | s | receiverName | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:7:49:7:49 | s | stringConcatenatedWith | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:8:28:8:33 | "#xml" | CalleeFlexibleAccessPath | document.querySelector | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:8:28:8:33 | "#xml" | InputAccessPathFromCallee | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:8:28:8:33 | "#xml" | InputArgumentIndex | 0 | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:8:28:8:33 | "#xml" | assignedToPropName | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:8:28:8:33 | "#xml" | calleeImports | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:8:28:8:33 | "#xml" | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:8:28:8:33 | "#xml" | contextSurroundingFunctionParameters | (s) | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:8:28:8:33 | "#xml" | enclosingFunctionBody | s doc DOMParser parseFromString s text/xml document querySelector #xml appendChild doc documentElement | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:8:28:8:33 | "#xml" | enclosingFunctionName | xssThroughXMLParsing | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:8:28:8:33 | "#xml" | fileImports | ./jquery-plugin ./typed markdown-it striptags | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:8:28:8:33 | "#xml" | receiverName | document | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:8:28:8:33 | "#xml" | stringConcatenatedWith | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:8:48:8:66 | doc.documentElement | CalleeFlexibleAccessPath | document.querySelector().appendChild | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:8:48:8:66 | doc.documentElement | InputAccessPathFromCallee | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:8:48:8:66 | doc.documentElement | InputArgumentIndex | 0 | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:8:48:8:66 | doc.documentElement | assignedToPropName | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:8:48:8:66 | doc.documentElement | calleeImports | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:8:48:8:66 | doc.documentElement | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:8:48:8:66 | doc.documentElement | contextSurroundingFunctionParameters | (s) | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:8:48:8:66 | doc.documentElement | enclosingFunctionBody | s doc DOMParser parseFromString s text/xml document querySelector #xml appendChild doc documentElement | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:8:48:8:66 | doc.documentElement | enclosingFunctionName | xssThroughXMLParsing | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:8:48:8:66 | doc.documentElement | fileImports | ./jquery-plugin ./typed markdown-it striptags | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:8:48:8:66 | doc.documentElement | receiverName | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:8:48:8:66 | doc.documentElement | stringConcatenatedWith | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:12:49:12:49 | s | CalleeFlexibleAccessPath | DOMParser().parseFromString | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:12:49:12:49 | s | InputAccessPathFromCallee | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:12:49:12:49 | s | InputArgumentIndex | 0 | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:12:49:12:49 | s | assignedToPropName | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:12:49:12:49 | s | calleeImports | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:12:49:12:49 | s | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:12:49:12:49 | s | contextSurroundingFunctionParameters | (s) | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:12:49:12:49 | s | enclosingFunctionBody | s doc DOMParser parseFromString s text/xml xml doc documentElement tmp document createElement span tmp appendChild xml cloneNode document querySelector #xml appendChild tmp | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:12:49:12:49 | s | enclosingFunctionName | xssThroughMoreComplexXMLParsing | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:12:49:12:49 | s | fileImports | ./jquery-plugin ./typed markdown-it striptags | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:12:49:12:49 | s | receiverName | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:12:49:12:49 | s | stringConcatenatedWith | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:15:40:15:45 | 'span' | CalleeFlexibleAccessPath | document.createElement | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:15:40:15:45 | 'span' | InputAccessPathFromCallee | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:15:40:15:45 | 'span' | InputArgumentIndex | 0 | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:15:40:15:45 | 'span' | assignedToPropName | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:15:40:15:45 | 'span' | calleeImports | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:15:40:15:45 | 'span' | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:15:40:15:45 | 'span' | contextSurroundingFunctionParameters | (s) | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:15:40:15:45 | 'span' | enclosingFunctionBody | s doc DOMParser parseFromString s text/xml xml doc documentElement tmp document createElement span tmp appendChild xml cloneNode document querySelector #xml appendChild tmp | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:15:40:15:45 | 'span' | enclosingFunctionName | xssThroughMoreComplexXMLParsing | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:15:40:15:45 | 'span' | fileImports | ./jquery-plugin ./typed markdown-it striptags | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:15:40:15:45 | 'span' | receiverName | document | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:15:40:15:45 | 'span' | stringConcatenatedWith | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:16:21:16:35 | xml.cloneNode() | CalleeFlexibleAccessPath | tmp.appendChild | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:16:21:16:35 | xml.cloneNode() | InputAccessPathFromCallee | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:16:21:16:35 | xml.cloneNode() | InputArgumentIndex | 0 | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:16:21:16:35 | xml.cloneNode() | assignedToPropName | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:16:21:16:35 | xml.cloneNode() | calleeImports | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:16:21:16:35 | xml.cloneNode() | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:16:21:16:35 | xml.cloneNode() | contextSurroundingFunctionParameters | (s) | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:16:21:16:35 | xml.cloneNode() | enclosingFunctionBody | s doc DOMParser parseFromString s text/xml xml doc documentElement tmp document createElement span tmp appendChild xml cloneNode document querySelector #xml appendChild tmp | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:16:21:16:35 | xml.cloneNode() | enclosingFunctionName | xssThroughMoreComplexXMLParsing | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:16:21:16:35 | xml.cloneNode() | fileImports | ./jquery-plugin ./typed markdown-it striptags | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:16:21:16:35 | xml.cloneNode() | receiverName | tmp | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:16:21:16:35 | xml.cloneNode() | stringConcatenatedWith | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:17:28:17:33 | "#xml" | CalleeFlexibleAccessPath | document.querySelector | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:17:28:17:33 | "#xml" | InputAccessPathFromCallee | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:17:28:17:33 | "#xml" | InputArgumentIndex | 0 | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:17:28:17:33 | "#xml" | assignedToPropName | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:17:28:17:33 | "#xml" | calleeImports | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:17:28:17:33 | "#xml" | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:17:28:17:33 | "#xml" | contextSurroundingFunctionParameters | (s) | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:17:28:17:33 | "#xml" | enclosingFunctionBody | s doc DOMParser parseFromString s text/xml xml doc documentElement tmp document createElement span tmp appendChild xml cloneNode document querySelector #xml appendChild tmp | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:17:28:17:33 | "#xml" | enclosingFunctionName | xssThroughMoreComplexXMLParsing | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:17:28:17:33 | "#xml" | fileImports | ./jquery-plugin ./typed markdown-it striptags | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:17:28:17:33 | "#xml" | receiverName | document | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:17:28:17:33 | "#xml" | stringConcatenatedWith | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:17:48:17:50 | tmp | CalleeFlexibleAccessPath | document.querySelector().appendChild | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:17:48:17:50 | tmp | InputAccessPathFromCallee | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:17:48:17:50 | tmp | InputArgumentIndex | 0 | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:17:48:17:50 | tmp | assignedToPropName | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:17:48:17:50 | tmp | calleeImports | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:17:48:17:50 | tmp | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:17:48:17:50 | tmp | contextSurroundingFunctionParameters | (s) | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:17:48:17:50 | tmp | enclosingFunctionBody | s doc DOMParser parseFromString s text/xml xml doc documentElement tmp document createElement span tmp appendChild xml cloneNode document querySelector #xml appendChild tmp | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:17:48:17:50 | tmp | enclosingFunctionName | xssThroughMoreComplexXMLParsing | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:17:48:17:50 | tmp | fileImports | ./jquery-plugin ./typed markdown-it striptags | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:17:48:17:50 | tmp | receiverName | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:17:48:17:50 | tmp | stringConcatenatedWith | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:20:26:20:38 | 'markdown-it' | CalleeFlexibleAccessPath | require | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:20:26:20:38 | 'markdown-it' | InputAccessPathFromCallee | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:20:26:20:38 | 'markdown-it' | InputArgumentIndex | 0 | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:20:26:20:38 | 'markdown-it' | assignedToPropName | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:20:26:20:38 | 'markdown-it' | calleeImports | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:20:26:20:38 | 'markdown-it' | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:20:26:20:38 | 'markdown-it' | contextSurroundingFunctionParameters | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:20:26:20:38 | 'markdown-it' | enclosingFunctionBody | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:20:26:20:38 | 'markdown-it' | enclosingFunctionName | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:20:26:20:38 | 'markdown-it' | fileImports | ./jquery-plugin ./typed markdown-it striptags | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:20:26:20:38 | 'markdown-it' | receiverName | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:20:26:20:38 | 'markdown-it' | stringConcatenatedWith | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:20:41:20:52 | {html: true} | CalleeFlexibleAccessPath | import(!) | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:20:41:20:52 | {html: true} | InputAccessPathFromCallee | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:20:41:20:52 | {html: true} | InputArgumentIndex | 0 | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:20:41:20:52 | {html: true} | assignedToPropName | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:20:41:20:52 | {html: true} | calleeImports | markdown-it | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:20:41:20:52 | {html: true} | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:20:41:20:52 | {html: true} | contextSurroundingFunctionParameters | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:20:41:20:52 | {html: true} | enclosingFunctionBody | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:20:41:20:52 | {html: true} | enclosingFunctionName | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:20:41:20:52 | {html: true} | fileImports | ./jquery-plugin ./typed markdown-it striptags | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:20:41:20:52 | {html: true} | receiverName | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:20:41:20:52 | {html: true} | stringConcatenatedWith | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:20:48:20:51 | true | CalleeFlexibleAccessPath | import(!) | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:20:48:20:51 | true | InputAccessPathFromCallee | 0.html | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:20:48:20:51 | true | InputArgumentIndex | 0 | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:20:48:20:51 | true | assignedToPropName | html | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:20:48:20:51 | true | calleeImports | markdown-it | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:20:48:20:51 | true | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:20:48:20:51 | true | contextSurroundingFunctionParameters | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:20:48:20:51 | true | enclosingFunctionBody | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:20:48:20:51 | true | enclosingFunctionName | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:20:48:20:51 | true | fileImports | ./jquery-plugin ./typed markdown-it striptags | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:20:48:20:51 | true | receiverName | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:20:48:20:51 | true | stringConcatenatedWith | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:22:18:22:35 | markdown.render(s) | CalleeFlexibleAccessPath | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:22:18:22:35 | markdown.render(s) | InputAccessPathFromCallee | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:22:18:22:35 | markdown.render(s) | InputArgumentIndex | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:22:18:22:35 | markdown.render(s) | assignedToPropName | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:22:18:22:35 | markdown.render(s) | calleeImports | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:22:18:22:35 | markdown.render(s) | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:22:18:22:35 | markdown.render(s) | contextSurroundingFunctionParameters | (s) | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:22:18:22:35 | markdown.render(s) | enclosingFunctionBody | s html markdown render s document querySelector #markdown innerHTML html | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:22:18:22:35 | markdown.render(s) | enclosingFunctionName | xssThroughMarkdown | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:22:18:22:35 | markdown.render(s) | fileImports | ./jquery-plugin ./typed markdown-it striptags | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:22:18:22:35 | markdown.render(s) | receiverName | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:22:18:22:35 | markdown.render(s) | stringConcatenatedWith | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:23:28:23:38 | "#markdown" | CalleeFlexibleAccessPath | document.querySelector | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:23:28:23:38 | "#markdown" | InputAccessPathFromCallee | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:23:28:23:38 | "#markdown" | InputArgumentIndex | 0 | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:23:28:23:38 | "#markdown" | assignedToPropName | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:23:28:23:38 | "#markdown" | calleeImports | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:23:28:23:38 | "#markdown" | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:23:28:23:38 | "#markdown" | contextSurroundingFunctionParameters | (s) | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:23:28:23:38 | "#markdown" | enclosingFunctionBody | s html markdown render s document querySelector #markdown innerHTML html | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:23:28:23:38 | "#markdown" | enclosingFunctionName | xssThroughMarkdown | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:23:28:23:38 | "#markdown" | fileImports | ./jquery-plugin ./typed markdown-it striptags | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:23:28:23:38 | "#markdown" | receiverName | document | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:23:28:23:38 | "#markdown" | stringConcatenatedWith | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:23:53:23:56 | html | CalleeFlexibleAccessPath | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:23:53:23:56 | html | InputAccessPathFromCallee | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:23:53:23:56 | html | InputArgumentIndex | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:23:53:23:56 | html | assignedToPropName | innerHTML | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:23:53:23:56 | html | calleeImports | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:23:53:23:56 | html | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:23:53:23:56 | html | contextSurroundingFunctionParameters | (s) | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:23:53:23:56 | html | enclosingFunctionBody | s html markdown render s document querySelector #markdown innerHTML html | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:23:53:23:56 | html | enclosingFunctionName | xssThroughMarkdown | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:23:53:23:56 | html | fileImports | ./jquery-plugin ./typed markdown-it striptags | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:23:53:23:56 | html | receiverName | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:23:53:23:56 | html | stringConcatenatedWith | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:26:27:26:37 | 'striptags' | CalleeFlexibleAccessPath | require | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:26:27:26:37 | 'striptags' | InputAccessPathFromCallee | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:26:27:26:37 | 'striptags' | InputArgumentIndex | 0 | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:26:27:26:37 | 'striptags' | assignedToPropName | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:26:27:26:37 | 'striptags' | calleeImports | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:26:27:26:37 | 'striptags' | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:26:27:26:37 | 'striptags' | contextSurroundingFunctionParameters | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:26:27:26:37 | 'striptags' | enclosingFunctionBody | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:26:27:26:37 | 'striptags' | enclosingFunctionName | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:26:27:26:37 | 'striptags' | fileImports | ./jquery-plugin ./typed markdown-it striptags | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:26:27:26:37 | 'striptags' | receiverName | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:26:27:26:37 | 'striptags' | stringConcatenatedWith | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:27:32:30:1 | functio ... html;\\n} | CalleeFlexibleAccessPath | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:27:32:30:1 | functio ... html;\\n} | InputAccessPathFromCallee | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:27:32:30:1 | functio ... html;\\n} | InputArgumentIndex | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:27:32:30:1 | functio ... html;\\n} | assignedToPropName | sanitizedHTML | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:27:32:30:1 | functio ... html;\\n} | calleeImports | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:27:32:30:1 | functio ... html;\\n} | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:27:32:30:1 | functio ... html;\\n} | contextSurroundingFunctionParameters | (s) | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:27:32:30:1 | functio ... html;\\n} | enclosingFunctionBody | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:27:32:30:1 | functio ... html;\\n} | enclosingFunctionName | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:27:32:30:1 | functio ... html;\\n} | fileImports | ./jquery-plugin ./typed markdown-it striptags | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:27:32:30:1 | functio ... html;\\n} | receiverName | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:27:32:30:1 | functio ... html;\\n} | stringConcatenatedWith | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:28:18:28:52 | stripta ... span>") | CalleeFlexibleAccessPath | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:28:18:28:52 | stripta ... span>") | InputAccessPathFromCallee | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:28:18:28:52 | stripta ... span>") | InputArgumentIndex | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:28:18:28:52 | stripta ... span>") | assignedToPropName | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:28:18:28:52 | stripta ... span>") | calleeImports | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:28:18:28:52 | stripta ... span>") | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:28:18:28:52 | stripta ... span>") | contextSurroundingFunctionParameters | (s) | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:28:18:28:52 | stripta ... span>") | enclosingFunctionBody | s html striptags s document querySelector #sanitized innerHTML html | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:28:18:28:52 | stripta ... span>") | enclosingFunctionName | sanitizedHTML | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:28:18:28:52 | stripta ... span>") | fileImports | ./jquery-plugin ./typed markdown-it striptags | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:28:18:28:52 | stripta ... span>") | receiverName | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:28:18:28:52 | stripta ... span>") | stringConcatenatedWith | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:28:28:28:35 | "" | CalleeFlexibleAccessPath | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:28:28:28:35 | "" | InputAccessPathFromCallee | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:28:28:28:35 | "" | InputArgumentIndex | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:28:28:28:35 | "" | assignedToPropName | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:28:28:28:35 | "" | calleeImports | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:28:28:28:35 | "" | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:28:28:28:35 | "" | contextSurroundingFunctionParameters | (s) | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:28:28:28:35 | "" | enclosingFunctionBody | s html striptags s document querySelector #sanitized innerHTML html | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:28:28:28:35 | "" | enclosingFunctionName | sanitizedHTML | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:28:28:28:35 | "" | fileImports | ./jquery-plugin ./typed markdown-it striptags | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:28:28:28:35 | "" | receiverName | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:28:28:28:35 | "" | stringConcatenatedWith | -endpoint- s + '' | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:28:39:28:39 | s | CalleeFlexibleAccessPath | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:28:39:28:39 | s | InputAccessPathFromCallee | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:28:39:28:39 | s | InputArgumentIndex | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:28:39:28:39 | s | assignedToPropName | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:28:39:28:39 | s | calleeImports | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:28:39:28:39 | s | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:28:39:28:39 | s | contextSurroundingFunctionParameters | (s) | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:28:39:28:39 | s | enclosingFunctionBody | s html striptags s document querySelector #sanitized innerHTML html | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:28:39:28:39 | s | enclosingFunctionName | sanitizedHTML | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:28:39:28:39 | s | fileImports | ./jquery-plugin ./typed markdown-it striptags | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:28:39:28:39 | s | receiverName | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:28:39:28:39 | s | stringConcatenatedWith | '' -endpoint- '' | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:28:43:28:51 | "" | CalleeFlexibleAccessPath | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:28:43:28:51 | "" | InputAccessPathFromCallee | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:28:43:28:51 | "" | InputArgumentIndex | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:28:43:28:51 | "" | assignedToPropName | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:28:43:28:51 | "" | calleeImports | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:28:43:28:51 | "" | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:28:43:28:51 | "" | contextSurroundingFunctionParameters | (s) | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:28:43:28:51 | "" | enclosingFunctionBody | s html striptags s document querySelector #sanitized innerHTML html | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:28:43:28:51 | "" | enclosingFunctionName | sanitizedHTML | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:28:43:28:51 | "" | fileImports | ./jquery-plugin ./typed markdown-it striptags | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:28:43:28:51 | "" | receiverName | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:28:43:28:51 | "" | stringConcatenatedWith | '' + s -endpoint- | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:29:28:29:39 | "#sanitized" | CalleeFlexibleAccessPath | document.querySelector | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:29:28:29:39 | "#sanitized" | InputAccessPathFromCallee | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:29:28:29:39 | "#sanitized" | InputArgumentIndex | 0 | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:29:28:29:39 | "#sanitized" | assignedToPropName | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:29:28:29:39 | "#sanitized" | calleeImports | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:29:28:29:39 | "#sanitized" | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:29:28:29:39 | "#sanitized" | contextSurroundingFunctionParameters | (s) | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:29:28:29:39 | "#sanitized" | enclosingFunctionBody | s html striptags s document querySelector #sanitized innerHTML html | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:29:28:29:39 | "#sanitized" | enclosingFunctionName | sanitizedHTML | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:29:28:29:39 | "#sanitized" | fileImports | ./jquery-plugin ./typed markdown-it striptags | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:29:28:29:39 | "#sanitized" | receiverName | document | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:29:28:29:39 | "#sanitized" | stringConcatenatedWith | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:29:54:29:57 | html | CalleeFlexibleAccessPath | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:29:54:29:57 | html | InputAccessPathFromCallee | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:29:54:29:57 | html | InputArgumentIndex | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:29:54:29:57 | html | assignedToPropName | innerHTML | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:29:54:29:57 | html | calleeImports | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:29:54:29:57 | html | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:29:54:29:57 | html | contextSurroundingFunctionParameters | (s) | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:29:54:29:57 | html | enclosingFunctionBody | s html striptags s document querySelector #sanitized innerHTML html | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:29:54:29:57 | html | enclosingFunctionName | sanitizedHTML | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:29:54:29:57 | html | fileImports | ./jquery-plugin ./typed markdown-it striptags | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:29:54:29:57 | html | receiverName | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:29:54:29:57 | html | stringConcatenatedWith | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:32:29:32:37 | "./typed" | CalleeFlexibleAccessPath | require | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:32:29:32:37 | "./typed" | InputAccessPathFromCallee | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:32:29:32:37 | "./typed" | InputArgumentIndex | 0 | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:32:29:32:37 | "./typed" | assignedToPropName | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:32:29:32:37 | "./typed" | calleeImports | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:32:29:32:37 | "./typed" | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:32:29:32:37 | "./typed" | contextSurroundingFunctionParameters | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:32:29:32:37 | "./typed" | enclosingFunctionBody | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:32:29:32:37 | "./typed" | enclosingFunctionName | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:32:29:32:37 | "./typed" | fileImports | ./jquery-plugin ./typed markdown-it striptags | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:32:29:32:37 | "./typed" | receiverName | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:32:29:32:37 | "./typed" | stringConcatenatedWith | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:34:33:34:49 | "./jquery-plugin" | CalleeFlexibleAccessPath | require | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:34:33:34:49 | "./jquery-plugin" | InputAccessPathFromCallee | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:34:33:34:49 | "./jquery-plugin" | InputArgumentIndex | 0 | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:34:33:34:49 | "./jquery-plugin" | assignedToPropName | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:34:33:34:49 | "./jquery-plugin" | calleeImports | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:34:33:34:49 | "./jquery-plugin" | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:34:33:34:49 | "./jquery-plugin" | contextSurroundingFunctionParameters | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:34:33:34:49 | "./jquery-plugin" | enclosingFunctionBody | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:34:33:34:49 | "./jquery-plugin" | enclosingFunctionName | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:34:33:34:49 | "./jquery-plugin" | fileImports | ./jquery-plugin ./typed markdown-it striptags | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:34:33:34:49 | "./jquery-plugin" | receiverName | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:34:33:34:49 | "./jquery-plugin" | stringConcatenatedWith | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:37:49:37:49 | s | CalleeFlexibleAccessPath | DOMParser().parseFromString | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:37:49:37:49 | s | InputAccessPathFromCallee | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:37:49:37:49 | s | InputArgumentIndex | 0 | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:37:49:37:49 | s | assignedToPropName | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:37:49:37:49 | s | calleeImports | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:37:49:37:49 | s | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:37:49:37:49 | s | contextSurroundingFunctionParameters | (s) | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:37:49:37:49 | s | enclosingFunctionBody | s doc DOMParser parseFromString s text/xml | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:37:49:37:49 | s | enclosingFunctionName | plainDOMXMLParsing | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:37:49:37:49 | s | fileImports | ./jquery-plugin ./typed markdown-it striptags | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:37:49:37:49 | s | receiverName | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:37:49:37:49 | s | stringConcatenatedWith | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:32:47:39 | "#class" | CalleeFlexibleAccessPath | document.querySelector | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:32:47:39 | "#class" | InputAccessPathFromCallee | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:32:47:39 | "#class" | InputArgumentIndex | 0 | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:32:47:39 | "#class" | assignedToPropName | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:32:47:39 | "#class" | calleeImports | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:32:47:39 | "#class" | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:32:47:39 | "#class" | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:32:47:39 | "#class" | enclosingFunctionBody | document querySelector #class innerHTML step | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:32:47:39 | "#class" | enclosingFunctionName | doXss | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:32:47:39 | "#class" | fileImports | ./jquery-plugin ./typed markdown-it striptags | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:32:47:39 | "#class" | receiverName | document | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:32:47:39 | "#class" | stringConcatenatedWith | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:54:47:61 | "" | CalleeFlexibleAccessPath | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:54:47:61 | "" | InputAccessPathFromCallee | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:54:47:61 | "" | InputArgumentIndex | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:54:47:61 | "" | assignedToPropName | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:54:47:61 | "" | calleeImports | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:54:47:61 | "" | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:54:47:61 | "" | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:54:47:61 | "" | enclosingFunctionBody | document querySelector #class innerHTML step | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:54:47:61 | "" | enclosingFunctionName | doXss | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:54:47:61 | "" | fileImports | ./jquery-plugin ./typed markdown-it striptags | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:54:47:61 | "" | receiverName | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:54:47:61 | "" | stringConcatenatedWith | -endpoint- this.step + '' | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:54:47:85 | " ... /span>" | CalleeFlexibleAccessPath | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:54:47:85 | " ... /span>" | InputAccessPathFromCallee | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:54:47:85 | " ... /span>" | InputArgumentIndex | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:54:47:85 | " ... /span>" | assignedToPropName | innerHTML | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:54:47:85 | " ... /span>" | calleeImports | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:54:47:85 | " ... /span>" | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:54:47:85 | " ... /span>" | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:54:47:85 | " ... /span>" | enclosingFunctionBody | document querySelector #class innerHTML step | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:54:47:85 | " ... /span>" | enclosingFunctionName | doXss | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:54:47:85 | " ... /span>" | fileImports | ./jquery-plugin ./typed markdown-it striptags | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:54:47:85 | " ... /span>" | receiverName | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:54:47:85 | " ... /span>" | stringConcatenatedWith | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:65:47:73 | this.step | CalleeFlexibleAccessPath | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:65:47:73 | this.step | InputAccessPathFromCallee | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:65:47:73 | this.step | InputArgumentIndex | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:65:47:73 | this.step | assignedToPropName | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:65:47:73 | this.step | calleeImports | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:65:47:73 | this.step | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:65:47:73 | this.step | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:65:47:73 | this.step | enclosingFunctionBody | document querySelector #class innerHTML step | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:65:47:73 | this.step | enclosingFunctionName | doXss | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:65:47:73 | this.step | fileImports | ./jquery-plugin ./typed markdown-it striptags | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:65:47:73 | this.step | receiverName | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:65:47:73 | this.step | stringConcatenatedWith | '' -endpoint- '' | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:77:47:85 | "" | CalleeFlexibleAccessPath | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:77:47:85 | "" | InputAccessPathFromCallee | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:77:47:85 | "" | InputArgumentIndex | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:77:47:85 | "" | assignedToPropName | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:77:47:85 | "" | calleeImports | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:77:47:85 | "" | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:77:47:85 | "" | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:77:47:85 | "" | enclosingFunctionBody | document querySelector #class innerHTML step | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:77:47:85 | "" | enclosingFunctionName | doXss | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:77:47:85 | "" | fileImports | ./jquery-plugin ./typed markdown-it striptags | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:77:47:85 | "" | receiverName | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:77:47:85 | "" | stringConcatenatedWith | '' + this.step -endpoint- | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:60:31:60:38 | defaults | CalleeFlexibleAccessPath | $.extend | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:60:31:60:38 | defaults | InputAccessPathFromCallee | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:60:31:60:38 | defaults | InputArgumentIndex | 0 | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:60:31:60:38 | defaults | assignedToPropName | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:60:31:60:38 | defaults | calleeImports | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:60:31:60:38 | defaults | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:60:31:60:38 | defaults | contextSurroundingFunctionParameters | (options) | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:60:31:60:38 | defaults | enclosingFunctionBody | options defaults name name settings $ extend defaults options each $ settings name appendTo | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:60:31:60:38 | defaults | enclosingFunctionName | xssPlugin | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:60:31:60:38 | defaults | fileImports | ./jquery-plugin ./typed markdown-it striptags | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:60:31:60:38 | defaults | receiverName | $ | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:60:31:60:38 | defaults | stringConcatenatedWith | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:60:41:60:47 | options | CalleeFlexibleAccessPath | $.extend | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:60:41:60:47 | options | InputAccessPathFromCallee | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:60:41:60:47 | options | InputArgumentIndex | 1 | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:60:41:60:47 | options | assignedToPropName | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:60:41:60:47 | options | calleeImports | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:60:41:60:47 | options | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:60:41:60:47 | options | contextSurroundingFunctionParameters | (options) | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:60:41:60:47 | options | enclosingFunctionBody | options defaults name name settings $ extend defaults options each $ settings name appendTo | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:60:41:60:47 | options | enclosingFunctionName | xssPlugin | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:60:41:60:47 | options | fileImports | ./jquery-plugin ./typed markdown-it striptags | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:60:41:60:47 | options | receiverName | $ | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:60:41:60:47 | options | stringConcatenatedWith | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:61:22:63:5 | functio ... K\\n } | CalleeFlexibleAccessPath | this.each | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:61:22:63:5 | functio ... K\\n } | InputAccessPathFromCallee | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:61:22:63:5 | functio ... K\\n } | InputArgumentIndex | 0 | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:61:22:63:5 | functio ... K\\n } | assignedToPropName | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:61:22:63:5 | functio ... K\\n } | calleeImports | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:61:22:63:5 | functio ... K\\n } | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:61:22:63:5 | functio ... K\\n } | contextSurroundingFunctionParameters | (options)\n() | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:61:22:63:5 | functio ... K\\n } | enclosingFunctionBody | options defaults name name settings $ extend defaults options each $ settings name appendTo | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:61:22:63:5 | functio ... K\\n } | enclosingFunctionName | xssPlugin | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:61:22:63:5 | functio ... K\\n } | fileImports | ./jquery-plugin ./typed markdown-it striptags | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:61:22:63:5 | functio ... K\\n } | receiverName | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:61:22:63:5 | functio ... K\\n } | stringConcatenatedWith | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:11:62:15 | "" | CalleeFlexibleAccessPath | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:11:62:15 | "" | InputAccessPathFromCallee | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:11:62:15 | "" | InputArgumentIndex | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:11:62:15 | "" | assignedToPropName | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:11:62:15 | "" | calleeImports | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:11:62:15 | "" | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:11:62:15 | "" | contextSurroundingFunctionParameters | (options)\n() | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:11:62:15 | "" | enclosingFunctionBody | options defaults name name settings $ extend defaults options each $ settings name appendTo | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:11:62:15 | "" | enclosingFunctionName | xssPlugin | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:11:62:15 | "" | fileImports | ./jquery-plugin ./typed markdown-it striptags | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:11:62:15 | "" | receiverName | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:11:62:15 | "" | stringConcatenatedWith | -endpoint- settings.name + '' | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:11:62:40 | "" + ... "" | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:11:62:40 | "" + ... "" | InputAccessPathFromCallee | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:11:62:40 | "" + ... "" | InputArgumentIndex | 0 | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:11:62:40 | "" + ... "" | assignedToPropName | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:11:62:40 | "" + ... "" | calleeImports | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:11:62:40 | "" + ... "" | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:11:62:40 | "" + ... "" | contextSurroundingFunctionParameters | (options)\n() | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:11:62:40 | "" + ... "" | enclosingFunctionBody | options defaults name name settings $ extend defaults options each $ settings name appendTo | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:11:62:40 | "" + ... "" | enclosingFunctionName | xssPlugin | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:11:62:40 | "" + ... "" | fileImports | ./jquery-plugin ./typed markdown-it striptags | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:11:62:40 | "" + ... "" | receiverName | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:11:62:40 | "" + ... "" | stringConcatenatedWith | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:19:62:31 | settings.name | CalleeFlexibleAccessPath | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:19:62:31 | settings.name | InputAccessPathFromCallee | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:19:62:31 | settings.name | InputArgumentIndex | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:19:62:31 | settings.name | assignedToPropName | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:19:62:31 | settings.name | calleeImports | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:19:62:31 | settings.name | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:19:62:31 | settings.name | contextSurroundingFunctionParameters | (options)\n() | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:19:62:31 | settings.name | enclosingFunctionBody | options defaults name name settings $ extend defaults options each $ settings name appendTo | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:19:62:31 | settings.name | enclosingFunctionName | xssPlugin | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:19:62:31 | settings.name | fileImports | ./jquery-plugin ./typed markdown-it striptags | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:19:62:31 | settings.name | receiverName | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:19:62:31 | settings.name | stringConcatenatedWith | '' -endpoint- '' | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:35:62:40 | "" | CalleeFlexibleAccessPath | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:35:62:40 | "" | InputAccessPathFromCallee | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:35:62:40 | "" | InputArgumentIndex | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:35:62:40 | "" | assignedToPropName | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:35:62:40 | "" | calleeImports | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:35:62:40 | "" | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:35:62:40 | "" | contextSurroundingFunctionParameters | (options)\n() | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:35:62:40 | "" | enclosingFunctionBody | options defaults name name settings $ extend defaults options each $ settings name appendTo | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:35:62:40 | "" | enclosingFunctionName | xssPlugin | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:35:62:40 | "" | fileImports | ./jquery-plugin ./typed markdown-it striptags | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:35:62:40 | "" | receiverName | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:35:62:40 | "" | stringConcatenatedWith | '' + settings.name -endpoint- | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:52:62:55 | this | CalleeFlexibleAccessPath | $().appendTo | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:52:62:55 | this | InputAccessPathFromCallee | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:52:62:55 | this | InputArgumentIndex | 0 | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:52:62:55 | this | assignedToPropName | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:52:62:55 | this | calleeImports | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:52:62:55 | this | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:52:62:55 | this | contextSurroundingFunctionParameters | (options)\n() | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:52:62:55 | this | enclosingFunctionBody | options defaults name name settings $ extend defaults options each $ settings name appendTo | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:52:62:55 | this | enclosingFunctionName | xssPlugin | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:52:62:55 | this | fileImports | ./jquery-plugin ./typed markdown-it striptags | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:52:62:55 | this | receiverName | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:52:62:55 | this | stringConcatenatedWith | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:28:67:32 | "#id" | CalleeFlexibleAccessPath | document.querySelector | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:28:67:32 | "#id" | InputAccessPathFromCallee | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:28:67:32 | "#id" | InputArgumentIndex | 0 | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:28:67:32 | "#id" | assignedToPropName | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:28:67:32 | "#id" | calleeImports | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:28:67:32 | "#id" | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:28:67:32 | "#id" | contextSurroundingFunctionParameters | (attrVal) | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:28:67:32 | "#id" | enclosingFunctionBody | attrVal document querySelector #id innerHTML attrVal document querySelector #id innerHTML attrVal replace / attrVal indexOf " 1 attrVal indexOf ' 1 document querySelector #id innerHTML attrVal | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:28:67:32 | "#id" | enclosingFunctionName | guards | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:28:67:32 | "#id" | fileImports | ./jquery-plugin ./typed markdown-it striptags | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:28:67:32 | "#id" | receiverName | document | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:28:67:32 | "#id" | stringConcatenatedWith | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:47:67:59 | "\\"" document querySelector #id innerHTML attrVal replace / attrVal indexOf " 1 attrVal indexOf ' 1 document querySelector #id innerHTML attrVal | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:47:67:59 | "\\""' | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:47:67:78 | "" | CalleeFlexibleAccessPath | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:47:67:78 | "" | InputAccessPathFromCallee | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:47:67:78 | "" | InputArgumentIndex | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:47:67:78 | "" | assignedToPropName | innerHTML | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:47:67:78 | "" | calleeImports | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:47:67:78 | "" | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:47:67:78 | "" | contextSurroundingFunctionParameters | (attrVal) | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:47:67:78 | "" | enclosingFunctionBody | attrVal document querySelector #id innerHTML attrVal document querySelector #id innerHTML attrVal replace / attrVal indexOf " 1 attrVal indexOf ' 1 document querySelector #id innerHTML attrVal | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:47:67:78 | "" | enclosingFunctionName | guards | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:47:67:78 | "" | fileImports | ./jquery-plugin ./typed markdown-it striptags | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:47:67:78 | "" | receiverName | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:47:67:78 | "" | stringConcatenatedWith | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:63:67:69 | attrVal | CalleeFlexibleAccessPath | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:63:67:69 | attrVal | InputAccessPathFromCallee | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:63:67:69 | attrVal | InputArgumentIndex | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:63:67:69 | attrVal | assignedToPropName | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:63:67:69 | attrVal | calleeImports | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:63:67:69 | attrVal | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:63:67:69 | attrVal | contextSurroundingFunctionParameters | (attrVal) | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:63:67:69 | attrVal | enclosingFunctionBody | attrVal document querySelector #id innerHTML attrVal document querySelector #id innerHTML attrVal replace / attrVal indexOf " 1 attrVal indexOf ' 1 document querySelector #id innerHTML attrVal | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:63:67:69 | attrVal | enclosingFunctionName | guards | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:63:67:69 | attrVal | fileImports | ./jquery-plugin ./typed markdown-it striptags | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:63:67:69 | attrVal | receiverName | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:63:67:69 | attrVal | stringConcatenatedWith | '' -endpoint- '' | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:73:67:78 | "\\"/>" | CalleeFlexibleAccessPath | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:73:67:78 | "\\"/>" | InputAccessPathFromCallee | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:73:67:78 | "\\"/>" | InputArgumentIndex | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:73:67:78 | "\\"/>" | assignedToPropName | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:73:67:78 | "\\"/>" | calleeImports | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:73:67:78 | "\\"/>" | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:73:67:78 | "\\"/>" | contextSurroundingFunctionParameters | (attrVal) | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:73:67:78 | "\\"/>" | enclosingFunctionBody | attrVal document querySelector #id innerHTML attrVal document querySelector #id innerHTML attrVal replace / attrVal indexOf " 1 attrVal indexOf ' 1 document querySelector #id innerHTML attrVal | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:73:67:78 | "\\"/>" | enclosingFunctionName | guards | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:73:67:78 | "\\"/>" | fileImports | ./jquery-plugin ./typed markdown-it striptags | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:73:67:78 | "\\"/>" | receiverName | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:73:67:78 | "\\"/>" | stringConcatenatedWith | '' + attrVal -endpoint- | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:28:68:32 | document querySelector #id innerHTML attrVal replace / attrVal indexOf " 1 attrVal indexOf ' 1 document querySelector #id innerHTML attrVal | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:28:68:32 | "#id" | enclosingFunctionName | guards | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:28:68:32 | "#id" | fileImports | ./jquery-plugin ./typed markdown-it striptags | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:28:68:32 | "#id" | receiverName | document | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:28:68:32 | "#id" | stringConcatenatedWith | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:47:68:59 | "\\"" document querySelector #id innerHTML attrVal replace / attrVal indexOf " 1 attrVal indexOf ' 1 document querySelector #id innerHTML attrVal | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:47:68:59 | "\\""' | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:47:68:98 | "" | CalleeFlexibleAccessPath | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:47:68:98 | "" | InputAccessPathFromCallee | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:47:68:98 | "" | InputArgumentIndex | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:47:68:98 | "" | assignedToPropName | innerHTML | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:47:68:98 | "" | calleeImports | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:47:68:98 | "" | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:47:68:98 | "" | contextSurroundingFunctionParameters | (attrVal) | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:47:68:98 | "" | enclosingFunctionBody | attrVal document querySelector #id innerHTML attrVal document querySelector #id innerHTML attrVal replace / attrVal indexOf " 1 attrVal indexOf ' 1 document querySelector #id innerHTML attrVal | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:47:68:98 | "" | enclosingFunctionName | guards | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:47:68:98 | "" | fileImports | ./jquery-plugin ./typed markdown-it striptags | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:47:68:98 | "" | receiverName | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:47:68:98 | "" | stringConcatenatedWith | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:63:68:89 | attrVal ... /g, "") | CalleeFlexibleAccessPath | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:63:68:89 | attrVal ... /g, "") | InputAccessPathFromCallee | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:63:68:89 | attrVal ... /g, "") | InputArgumentIndex | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:63:68:89 | attrVal ... /g, "") | assignedToPropName | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:63:68:89 | attrVal ... /g, "") | calleeImports | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:63:68:89 | attrVal ... /g, "") | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:63:68:89 | attrVal ... /g, "") | contextSurroundingFunctionParameters | (attrVal) | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:63:68:89 | attrVal ... /g, "") | enclosingFunctionBody | attrVal document querySelector #id innerHTML attrVal document querySelector #id innerHTML attrVal replace / attrVal indexOf " 1 attrVal indexOf ' 1 document querySelector #id innerHTML attrVal | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:63:68:89 | attrVal ... /g, "") | enclosingFunctionName | guards | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:63:68:89 | attrVal ... /g, "") | fileImports | ./jquery-plugin ./typed markdown-it striptags | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:63:68:89 | attrVal ... /g, "") | receiverName | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:63:68:89 | attrVal ... /g, "") | stringConcatenatedWith | '' -endpoint- '' | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:93:68:98 | "\\"/>" | CalleeFlexibleAccessPath | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:93:68:98 | "\\"/>" | InputAccessPathFromCallee | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:93:68:98 | "\\"/>" | InputArgumentIndex | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:93:68:98 | "\\"/>" | assignedToPropName | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:93:68:98 | "\\"/>" | calleeImports | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:93:68:98 | "\\"/>" | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:93:68:98 | "\\"/>" | contextSurroundingFunctionParameters | (attrVal) | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:93:68:98 | "\\"/>" | enclosingFunctionBody | attrVal document querySelector #id innerHTML attrVal document querySelector #id innerHTML attrVal replace / attrVal indexOf " 1 attrVal indexOf ' 1 document querySelector #id innerHTML attrVal | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:93:68:98 | "\\"/>" | enclosingFunctionName | guards | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:93:68:98 | "\\"/>" | fileImports | ./jquery-plugin ./typed markdown-it striptags | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:93:68:98 | "\\"/>" | receiverName | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:93:68:98 | "\\"/>" | stringConcatenatedWith | '' + attrVal.replace() -endpoint- | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:69:25:69:28 | document querySelector #id innerHTML attrVal replace / attrVal indexOf " 1 attrVal indexOf ' 1 document querySelector #id innerHTML attrVal | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:69:25:69:28 | "\\"" | enclosingFunctionName | guards | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:69:25:69:28 | "\\"" | fileImports | ./jquery-plugin ./typed markdown-it striptags | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:69:25:69:28 | "\\"" | receiverName | attrVal | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:69:25:69:28 | "\\"" | stringConcatenatedWith | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:69:57:69:59 | "'" | CalleeFlexibleAccessPath | attrVal.indexOf | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:69:57:69:59 | "'" | InputAccessPathFromCallee | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:69:57:69:59 | "'" | InputArgumentIndex | 0 | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:69:57:69:59 | "'" | assignedToPropName | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:69:57:69:59 | "'" | calleeImports | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:69:57:69:59 | "'" | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:69:57:69:59 | "'" | contextSurroundingFunctionParameters | (attrVal) | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:69:57:69:59 | "'" | enclosingFunctionBody | attrVal document querySelector #id innerHTML attrVal document querySelector #id innerHTML attrVal replace / attrVal indexOf " 1 attrVal indexOf ' 1 document querySelector #id innerHTML attrVal | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:69:57:69:59 | "'" | enclosingFunctionName | guards | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:69:57:69:59 | "'" | fileImports | ./jquery-plugin ./typed markdown-it striptags | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:69:57:69:59 | "'" | receiverName | attrVal | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:69:57:69:59 | "'" | stringConcatenatedWith | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:32:70:36 | "#id" | CalleeFlexibleAccessPath | document.querySelector | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:32:70:36 | "#id" | InputAccessPathFromCallee | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:32:70:36 | "#id" | InputArgumentIndex | 0 | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:32:70:36 | "#id" | assignedToPropName | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:32:70:36 | "#id" | calleeImports | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:32:70:36 | "#id" | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:32:70:36 | "#id" | contextSurroundingFunctionParameters | (attrVal) | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:32:70:36 | "#id" | enclosingFunctionBody | attrVal document querySelector #id innerHTML attrVal document querySelector #id innerHTML attrVal replace / attrVal indexOf " 1 attrVal indexOf ' 1 document querySelector #id innerHTML attrVal | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:32:70:36 | "#id" | enclosingFunctionName | guards | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:32:70:36 | "#id" | fileImports | ./jquery-plugin ./typed markdown-it striptags | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:32:70:36 | "#id" | receiverName | document | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:32:70:36 | "#id" | stringConcatenatedWith | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:51:70:63 | "\\"" document querySelector #id innerHTML attrVal replace / attrVal indexOf " 1 attrVal indexOf ' 1 document querySelector #id innerHTML attrVal | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:51:70:63 | "\\""' | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:51:70:82 | "" | CalleeFlexibleAccessPath | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:51:70:82 | "" | InputAccessPathFromCallee | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:51:70:82 | "" | InputArgumentIndex | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:51:70:82 | "" | assignedToPropName | innerHTML | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:51:70:82 | "" | calleeImports | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:51:70:82 | "" | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:51:70:82 | "" | contextSurroundingFunctionParameters | (attrVal) | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:51:70:82 | "" | enclosingFunctionBody | attrVal document querySelector #id innerHTML attrVal document querySelector #id innerHTML attrVal replace / attrVal indexOf " 1 attrVal indexOf ' 1 document querySelector #id innerHTML attrVal | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:51:70:82 | "" | enclosingFunctionName | guards | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:51:70:82 | "" | fileImports | ./jquery-plugin ./typed markdown-it striptags | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:51:70:82 | "" | receiverName | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:51:70:82 | "" | stringConcatenatedWith | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:67:70:73 | attrVal | CalleeFlexibleAccessPath | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:67:70:73 | attrVal | InputAccessPathFromCallee | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:67:70:73 | attrVal | InputArgumentIndex | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:67:70:73 | attrVal | assignedToPropName | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:67:70:73 | attrVal | calleeImports | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:67:70:73 | attrVal | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:67:70:73 | attrVal | contextSurroundingFunctionParameters | (attrVal) | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:67:70:73 | attrVal | enclosingFunctionBody | attrVal document querySelector #id innerHTML attrVal document querySelector #id innerHTML attrVal replace / attrVal indexOf " 1 attrVal indexOf ' 1 document querySelector #id innerHTML attrVal | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:67:70:73 | attrVal | enclosingFunctionName | guards | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:67:70:73 | attrVal | fileImports | ./jquery-plugin ./typed markdown-it striptags | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:67:70:73 | attrVal | receiverName | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:67:70:73 | attrVal | stringConcatenatedWith | '' -endpoint- '' | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:77:70:82 | "\\"/>" | CalleeFlexibleAccessPath | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:77:70:82 | "\\"/>" | InputAccessPathFromCallee | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:77:70:82 | "\\"/>" | InputArgumentIndex | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:77:70:82 | "\\"/>" | assignedToPropName | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:77:70:82 | "\\"/>" | calleeImports | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:77:70:82 | "\\"/>" | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:77:70:82 | "\\"/>" | contextSurroundingFunctionParameters | (attrVal) | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:77:70:82 | "\\"/>" | enclosingFunctionBody | attrVal document querySelector #id innerHTML attrVal document querySelector #id innerHTML attrVal replace / attrVal indexOf " 1 attrVal indexOf ' 1 document querySelector #id innerHTML attrVal | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:77:70:82 | "\\"/>" | enclosingFunctionName | guards | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:77:70:82 | "\\"/>" | fileImports | ./jquery-plugin ./typed markdown-it striptags | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:77:70:82 | "\\"/>" | receiverName | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:77:70:82 | "\\"/>" | stringConcatenatedWith | '' + attrVal -endpoint- | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:75:18:75:25 | " | CalleeFlexibleAccessPath | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:75:18:75:25 | "" | InputAccessPathFromCallee | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:75:18:75:25 | "" | InputArgumentIndex | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:75:18:75:25 | "" | assignedToPropName | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:75:18:75:25 | "" | calleeImports | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:75:18:75:25 | "" | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:75:18:75:25 | "" | contextSurroundingFunctionParameters | (obj) | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:75:18:75:25 | "" | enclosingFunctionBody | obj html obj spanTemplate document querySelector #template innerHTML html | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:75:18:75:25 | "" | enclosingFunctionName | intentionalTemplate | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:75:18:75:25 | "" | fileImports | ./jquery-plugin ./typed markdown-it striptags | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:75:18:75:25 | "" | receiverName | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:75:18:75:25 | "" | stringConcatenatedWith | -endpoint- obj.spanTemplate + '' | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:75:18:75:56 | " ... /span>" | CalleeFlexibleAccessPath | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:75:18:75:56 | " ... /span>" | InputAccessPathFromCallee | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:75:18:75:56 | " ... /span>" | InputArgumentIndex | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:75:18:75:56 | " ... /span>" | assignedToPropName | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:75:18:75:56 | " ... /span>" | calleeImports | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:75:18:75:56 | " ... /span>" | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:75:18:75:56 | " ... /span>" | contextSurroundingFunctionParameters | (obj) | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:75:18:75:56 | " ... /span>" | enclosingFunctionBody | obj html obj spanTemplate document querySelector #template innerHTML html | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:75:18:75:56 | " ... /span>" | enclosingFunctionName | intentionalTemplate | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:75:18:75:56 | " ... /span>" | fileImports | ./jquery-plugin ./typed markdown-it striptags | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:75:18:75:56 | " ... /span>" | receiverName | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:75:18:75:56 | " ... /span>" | stringConcatenatedWith | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:75:29:75:44 | obj.spanTemplate | CalleeFlexibleAccessPath | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:75:29:75:44 | obj.spanTemplate | InputAccessPathFromCallee | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:75:29:75:44 | obj.spanTemplate | InputArgumentIndex | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:75:29:75:44 | obj.spanTemplate | assignedToPropName | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:75:29:75:44 | obj.spanTemplate | calleeImports | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:75:29:75:44 | obj.spanTemplate | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:75:29:75:44 | obj.spanTemplate | contextSurroundingFunctionParameters | (obj) | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:75:29:75:44 | obj.spanTemplate | enclosingFunctionBody | obj html obj spanTemplate document querySelector #template innerHTML html | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:75:29:75:44 | obj.spanTemplate | enclosingFunctionName | intentionalTemplate | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:75:29:75:44 | obj.spanTemplate | fileImports | ./jquery-plugin ./typed markdown-it striptags | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:75:29:75:44 | obj.spanTemplate | receiverName | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:75:29:75:44 | obj.spanTemplate | stringConcatenatedWith | '' -endpoint- '' | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:75:48:75:56 | "" | CalleeFlexibleAccessPath | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:75:48:75:56 | "" | InputAccessPathFromCallee | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:75:48:75:56 | "" | InputArgumentIndex | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:75:48:75:56 | "" | assignedToPropName | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:75:48:75:56 | "" | calleeImports | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:75:48:75:56 | "" | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:75:48:75:56 | "" | contextSurroundingFunctionParameters | (obj) | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:75:48:75:56 | "" | enclosingFunctionBody | obj html obj spanTemplate document querySelector #template innerHTML html | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:75:48:75:56 | "" | enclosingFunctionName | intentionalTemplate | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:75:48:75:56 | "" | fileImports | ./jquery-plugin ./typed markdown-it striptags | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:75:48:75:56 | "" | receiverName | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:75:48:75:56 | "" | stringConcatenatedWith | '' + obj.spanTemplate -endpoint- | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:76:28:76:38 | "#template" | CalleeFlexibleAccessPath | document.querySelector | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:76:28:76:38 | "#template" | InputAccessPathFromCallee | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:76:28:76:38 | "#template" | InputArgumentIndex | 0 | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:76:28:76:38 | "#template" | assignedToPropName | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:76:28:76:38 | "#template" | calleeImports | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:76:28:76:38 | "#template" | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:76:28:76:38 | "#template" | contextSurroundingFunctionParameters | (obj) | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:76:28:76:38 | "#template" | enclosingFunctionBody | obj html obj spanTemplate document querySelector #template innerHTML html | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:76:28:76:38 | "#template" | enclosingFunctionName | intentionalTemplate | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:76:28:76:38 | "#template" | fileImports | ./jquery-plugin ./typed markdown-it striptags | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:76:28:76:38 | "#template" | receiverName | document | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:76:28:76:38 | "#template" | stringConcatenatedWith | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:76:53:76:56 | html | CalleeFlexibleAccessPath | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:76:53:76:56 | html | InputAccessPathFromCallee | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:76:53:76:56 | html | InputArgumentIndex | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:76:53:76:56 | html | assignedToPropName | innerHTML | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:76:53:76:56 | html | calleeImports | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:76:53:76:56 | html | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:76:53:76:56 | html | contextSurroundingFunctionParameters | (obj) | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:76:53:76:56 | html | enclosingFunctionBody | obj html obj spanTemplate document querySelector #template innerHTML html | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:76:53:76:56 | html | enclosingFunctionName | intentionalTemplate | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:76:53:76:56 | html | fileImports | ./jquery-plugin ./typed markdown-it striptags | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:76:53:76:56 | html | receiverName | | -| autogenerated/Xss/UnsafeHtmlConstruction/main.js:76:53:76:56 | html | stringConcatenatedWith | | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:2:18:2:25 | "" | CalleeFlexibleAccessPath | | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:2:18:2:25 | "" | InputAccessPathFromCallee | | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:2:18:2:25 | "" | InputArgumentIndex | | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:2:18:2:25 | "" | assignedToPropName | | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:2:18:2:25 | "" | calleeImports | | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:2:18:2:25 | "" | contextFunctionInterfaces | basicHtmlConstruction(s)\nid(s)\ninsertIntoCreatedDocument(s)\nnotVulnerable() | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:2:18:2:25 | "" | contextSurroundingFunctionParameters | (s) | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:2:18:2:25 | "" | enclosingFunctionBody | s html s document body innerHTML html | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:2:18:2:25 | "" | enclosingFunctionName | basicHtmlConstruction | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:2:18:2:25 | "" | fileImports | | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:2:18:2:25 | "" | receiverName | | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:2:18:2:25 | "" | stringConcatenatedWith | -endpoint- s + '' | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:2:18:2:41 | " ... /span>" | CalleeFlexibleAccessPath | | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:2:18:2:41 | " ... /span>" | InputAccessPathFromCallee | | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:2:18:2:41 | " ... /span>" | InputArgumentIndex | | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:2:18:2:41 | " ... /span>" | assignedToPropName | | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:2:18:2:41 | " ... /span>" | calleeImports | | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:2:18:2:41 | " ... /span>" | contextFunctionInterfaces | basicHtmlConstruction(s)\nid(s)\ninsertIntoCreatedDocument(s)\nnotVulnerable() | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:2:18:2:41 | " ... /span>" | contextSurroundingFunctionParameters | (s) | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:2:18:2:41 | " ... /span>" | enclosingFunctionBody | s html s document body innerHTML html | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:2:18:2:41 | " ... /span>" | enclosingFunctionName | basicHtmlConstruction | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:2:18:2:41 | " ... /span>" | fileImports | | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:2:18:2:41 | " ... /span>" | receiverName | | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:2:18:2:41 | " ... /span>" | stringConcatenatedWith | | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:2:29:2:29 | s | CalleeFlexibleAccessPath | | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:2:29:2:29 | s | InputAccessPathFromCallee | | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:2:29:2:29 | s | InputArgumentIndex | | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:2:29:2:29 | s | assignedToPropName | | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:2:29:2:29 | s | calleeImports | | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:2:29:2:29 | s | contextFunctionInterfaces | basicHtmlConstruction(s)\nid(s)\ninsertIntoCreatedDocument(s)\nnotVulnerable() | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:2:29:2:29 | s | contextSurroundingFunctionParameters | (s) | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:2:29:2:29 | s | enclosingFunctionBody | s html s document body innerHTML html | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:2:29:2:29 | s | enclosingFunctionName | basicHtmlConstruction | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:2:29:2:29 | s | fileImports | | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:2:29:2:29 | s | receiverName | | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:2:29:2:29 | s | stringConcatenatedWith | '' -endpoint- '' | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:2:33:2:41 | "" | CalleeFlexibleAccessPath | | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:2:33:2:41 | "" | InputAccessPathFromCallee | | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:2:33:2:41 | "" | InputArgumentIndex | | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:2:33:2:41 | "" | assignedToPropName | | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:2:33:2:41 | "" | calleeImports | | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:2:33:2:41 | "" | contextFunctionInterfaces | basicHtmlConstruction(s)\nid(s)\ninsertIntoCreatedDocument(s)\nnotVulnerable() | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:2:33:2:41 | "" | contextSurroundingFunctionParameters | (s) | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:2:33:2:41 | "" | enclosingFunctionBody | s html s document body innerHTML html | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:2:33:2:41 | "" | enclosingFunctionName | basicHtmlConstruction | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:2:33:2:41 | "" | fileImports | | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:2:33:2:41 | "" | receiverName | | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:2:33:2:41 | "" | stringConcatenatedWith | '' + s -endpoint- | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:3:31:3:34 | html | CalleeFlexibleAccessPath | | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:3:31:3:34 | html | InputAccessPathFromCallee | | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:3:31:3:34 | html | InputArgumentIndex | | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:3:31:3:34 | html | assignedToPropName | innerHTML | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:3:31:3:34 | html | calleeImports | | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:3:31:3:34 | html | contextFunctionInterfaces | basicHtmlConstruction(s)\nid(s)\ninsertIntoCreatedDocument(s)\nnotVulnerable() | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:3:31:3:34 | html | contextSurroundingFunctionParameters | (s) | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:3:31:3:34 | html | enclosingFunctionBody | s html s document body innerHTML html | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:3:31:3:34 | html | enclosingFunctionName | basicHtmlConstruction | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:3:31:3:34 | html | fileImports | | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:3:31:3:34 | html | receiverName | | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:3:31:3:34 | html | stringConcatenatedWith | | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:7:63:7:64 | "" | CalleeFlexibleAccessPath | document.implementation.createHTMLDocument | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:7:63:7:64 | "" | InputAccessPathFromCallee | | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:7:63:7:64 | "" | InputArgumentIndex | 0 | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:7:63:7:64 | "" | assignedToPropName | | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:7:63:7:64 | "" | calleeImports | | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:7:63:7:64 | "" | contextFunctionInterfaces | basicHtmlConstruction(s)\nid(s)\ninsertIntoCreatedDocument(s)\nnotVulnerable() | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:7:63:7:64 | "" | contextSurroundingFunctionParameters | (s) | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:7:63:7:64 | "" | enclosingFunctionBody | s newDoc document implementation createHTMLDocument newDoc body innerHTML s | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:7:63:7:64 | "" | enclosingFunctionName | insertIntoCreatedDocument | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:7:63:7:64 | "" | fileImports | | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:7:63:7:64 | "" | receiverName | | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:7:63:7:64 | "" | stringConcatenatedWith | | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:8:29:8:36 | "" | CalleeFlexibleAccessPath | | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:8:29:8:36 | "" | InputAccessPathFromCallee | | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:8:29:8:36 | "" | InputArgumentIndex | | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:8:29:8:36 | "" | assignedToPropName | | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:8:29:8:36 | "" | calleeImports | | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:8:29:8:36 | "" | contextFunctionInterfaces | basicHtmlConstruction(s)\nid(s)\ninsertIntoCreatedDocument(s)\nnotVulnerable() | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:8:29:8:36 | "" | contextSurroundingFunctionParameters | (s) | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:8:29:8:36 | "" | enclosingFunctionBody | s newDoc document implementation createHTMLDocument newDoc body innerHTML s | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:8:29:8:36 | "" | enclosingFunctionName | insertIntoCreatedDocument | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:8:29:8:36 | "" | fileImports | | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:8:29:8:36 | "" | receiverName | | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:8:29:8:36 | "" | stringConcatenatedWith | -endpoint- s + '' | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:8:29:8:52 | " ... /span>" | CalleeFlexibleAccessPath | | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:8:29:8:52 | " ... /span>" | InputAccessPathFromCallee | | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:8:29:8:52 | " ... /span>" | InputArgumentIndex | | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:8:29:8:52 | " ... /span>" | assignedToPropName | innerHTML | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:8:29:8:52 | " ... /span>" | calleeImports | | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:8:29:8:52 | " ... /span>" | contextFunctionInterfaces | basicHtmlConstruction(s)\nid(s)\ninsertIntoCreatedDocument(s)\nnotVulnerable() | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:8:29:8:52 | " ... /span>" | contextSurroundingFunctionParameters | (s) | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:8:29:8:52 | " ... /span>" | enclosingFunctionBody | s newDoc document implementation createHTMLDocument newDoc body innerHTML s | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:8:29:8:52 | " ... /span>" | enclosingFunctionName | insertIntoCreatedDocument | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:8:29:8:52 | " ... /span>" | fileImports | | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:8:29:8:52 | " ... /span>" | receiverName | | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:8:29:8:52 | " ... /span>" | stringConcatenatedWith | | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:8:40:8:40 | s | CalleeFlexibleAccessPath | | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:8:40:8:40 | s | InputAccessPathFromCallee | | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:8:40:8:40 | s | InputArgumentIndex | | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:8:40:8:40 | s | assignedToPropName | | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:8:40:8:40 | s | calleeImports | | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:8:40:8:40 | s | contextFunctionInterfaces | basicHtmlConstruction(s)\nid(s)\ninsertIntoCreatedDocument(s)\nnotVulnerable() | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:8:40:8:40 | s | contextSurroundingFunctionParameters | (s) | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:8:40:8:40 | s | enclosingFunctionBody | s newDoc document implementation createHTMLDocument newDoc body innerHTML s | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:8:40:8:40 | s | enclosingFunctionName | insertIntoCreatedDocument | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:8:40:8:40 | s | fileImports | | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:8:40:8:40 | s | receiverName | | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:8:40:8:40 | s | stringConcatenatedWith | '' -endpoint- '' | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:8:44:8:52 | "" | CalleeFlexibleAccessPath | | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:8:44:8:52 | "" | InputAccessPathFromCallee | | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:8:44:8:52 | "" | InputArgumentIndex | | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:8:44:8:52 | "" | assignedToPropName | | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:8:44:8:52 | "" | calleeImports | | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:8:44:8:52 | "" | contextFunctionInterfaces | basicHtmlConstruction(s)\nid(s)\ninsertIntoCreatedDocument(s)\nnotVulnerable() | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:8:44:8:52 | "" | contextSurroundingFunctionParameters | (s) | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:8:44:8:52 | "" | enclosingFunctionBody | s newDoc document implementation createHTMLDocument newDoc body innerHTML s | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:8:44:8:52 | "" | enclosingFunctionName | insertIntoCreatedDocument | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:8:44:8:52 | "" | fileImports | | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:8:44:8:52 | "" | receiverName | | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:8:44:8:52 | "" | stringConcatenatedWith | '' + s -endpoint- | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:17:18:17:25 | "" | CalleeFlexibleAccessPath | | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:17:18:17:25 | "" | InputAccessPathFromCallee | | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:17:18:17:25 | "" | InputArgumentIndex | | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:17:18:17:25 | "" | assignedToPropName | | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:17:18:17:25 | "" | calleeImports | | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:17:18:17:25 | "" | contextFunctionInterfaces | basicHtmlConstruction(s)\nid(s)\ninsertIntoCreatedDocument(s)\nnotVulnerable() | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:17:18:17:25 | "" | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:17:18:17:25 | "" | enclosingFunctionBody | s id x html s document body innerHTML html | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:17:18:17:25 | "" | enclosingFunctionName | notVulnerable | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:17:18:17:25 | "" | fileImports | | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:17:18:17:25 | "" | receiverName | | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:17:18:17:25 | "" | stringConcatenatedWith | -endpoint- s + '' | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:17:18:17:41 | " ... /span>" | CalleeFlexibleAccessPath | | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:17:18:17:41 | " ... /span>" | InputAccessPathFromCallee | | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:17:18:17:41 | " ... /span>" | InputArgumentIndex | | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:17:18:17:41 | " ... /span>" | assignedToPropName | | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:17:18:17:41 | " ... /span>" | calleeImports | | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:17:18:17:41 | " ... /span>" | contextFunctionInterfaces | basicHtmlConstruction(s)\nid(s)\ninsertIntoCreatedDocument(s)\nnotVulnerable() | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:17:18:17:41 | " ... /span>" | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:17:18:17:41 | " ... /span>" | enclosingFunctionBody | s id x html s document body innerHTML html | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:17:18:17:41 | " ... /span>" | enclosingFunctionName | notVulnerable | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:17:18:17:41 | " ... /span>" | fileImports | | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:17:18:17:41 | " ... /span>" | receiverName | | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:17:18:17:41 | " ... /span>" | stringConcatenatedWith | | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:17:29:17:29 | s | CalleeFlexibleAccessPath | | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:17:29:17:29 | s | InputAccessPathFromCallee | | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:17:29:17:29 | s | InputArgumentIndex | | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:17:29:17:29 | s | assignedToPropName | | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:17:29:17:29 | s | calleeImports | | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:17:29:17:29 | s | contextFunctionInterfaces | basicHtmlConstruction(s)\nid(s)\ninsertIntoCreatedDocument(s)\nnotVulnerable() | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:17:29:17:29 | s | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:17:29:17:29 | s | enclosingFunctionBody | s id x html s document body innerHTML html | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:17:29:17:29 | s | enclosingFunctionName | notVulnerable | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:17:29:17:29 | s | fileImports | | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:17:29:17:29 | s | receiverName | | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:17:29:17:29 | s | stringConcatenatedWith | '' -endpoint- '' | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:17:33:17:41 | "" | CalleeFlexibleAccessPath | | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:17:33:17:41 | "" | InputAccessPathFromCallee | | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:17:33:17:41 | "" | InputArgumentIndex | | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:17:33:17:41 | "" | assignedToPropName | | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:17:33:17:41 | "" | calleeImports | | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:17:33:17:41 | "" | contextFunctionInterfaces | basicHtmlConstruction(s)\nid(s)\ninsertIntoCreatedDocument(s)\nnotVulnerable() | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:17:33:17:41 | "" | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:17:33:17:41 | "" | enclosingFunctionBody | s id x html s document body innerHTML html | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:17:33:17:41 | "" | enclosingFunctionName | notVulnerable | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:17:33:17:41 | "" | fileImports | | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:17:33:17:41 | "" | receiverName | | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:17:33:17:41 | "" | stringConcatenatedWith | '' + s -endpoint- | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:18:31:18:34 | html | CalleeFlexibleAccessPath | | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:18:31:18:34 | html | InputAccessPathFromCallee | | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:18:31:18:34 | html | InputArgumentIndex | | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:18:31:18:34 | html | assignedToPropName | innerHTML | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:18:31:18:34 | html | calleeImports | | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:18:31:18:34 | html | contextFunctionInterfaces | basicHtmlConstruction(s)\nid(s)\ninsertIntoCreatedDocument(s)\nnotVulnerable() | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:18:31:18:34 | html | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:18:31:18:34 | html | enclosingFunctionBody | s id x html s document body innerHTML html | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:18:31:18:34 | html | enclosingFunctionName | notVulnerable | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:18:31:18:34 | html | fileImports | | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:18:31:18:34 | html | receiverName | | -| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:18:31:18:34 | html | stringConcatenatedWith | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:3:5:3:11 | options | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:3:5:3:11 | options | InputAccessPathFromCallee | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:3:5:3:11 | options | InputArgumentIndex | 0 | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:3:5:3:11 | options | assignedToPropName | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:3:5:3:11 | options | calleeImports | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:3:5:3:11 | options | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:3:5:3:11 | options | contextSurroundingFunctionParameters | ()\n(options) | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:3:5:3:11 | options | enclosingFunctionBody | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:3:5:3:11 | options | enclosingFunctionName | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:3:5:3:11 | options | fileImports | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:3:5:3:11 | options | receiverName | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:3:5:3:11 | options | stringConcatenatedWith | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:5:5:5:18 | options.target | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:5:5:5:18 | options.target | InputAccessPathFromCallee | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:5:5:5:18 | options.target | InputArgumentIndex | 0 | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:5:5:5:18 | options.target | assignedToPropName | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:5:5:5:18 | options.target | calleeImports | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:5:5:5:18 | options.target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:5:5:5:18 | options.target | contextSurroundingFunctionParameters | ()\n(options) | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:5:5:5:18 | options.target | enclosingFunctionBody | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:5:5:5:18 | options.target | enclosingFunctionName | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:5:5:5:18 | options.target | fileImports | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:5:5:5:18 | options.target | receiverName | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:5:5:5:18 | options.target | stringConcatenatedWith | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:8:6:8:19 | options.target | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:8:6:8:19 | options.target | InputAccessPathFromCallee | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:8:6:8:19 | options.target | InputArgumentIndex | 0 | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:8:6:8:19 | options.target | assignedToPropName | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:8:6:8:19 | options.target | calleeImports | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:8:6:8:19 | options.target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:8:6:8:19 | options.target | contextSurroundingFunctionParameters | ()\n(options) | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:8:6:8:19 | options.target | enclosingFunctionBody | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:8:6:8:19 | options.target | enclosingFunctionName | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:8:6:8:19 | options.target | fileImports | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:8:6:8:19 | options.target | receiverName | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:8:6:8:19 | options.target | stringConcatenatedWith | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:14:6:14:11 | target | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:14:6:14:11 | target | InputAccessPathFromCallee | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:14:6:14:11 | target | InputArgumentIndex | 0 | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:14:6:14:11 | target | assignedToPropName | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:14:6:14:11 | target | calleeImports | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:14:6:14:11 | target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:14:6:14:11 | target | contextSurroundingFunctionParameters | ()\n(options) | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:14:6:14:11 | target | enclosingFunctionBody | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:14:6:14:11 | target | enclosingFunctionName | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:14:6:14:11 | target | fileImports | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:14:6:14:11 | target | receiverName | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:14:6:14:11 | target | stringConcatenatedWith | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:18:6:18:11 | target | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:18:6:18:11 | target | InputAccessPathFromCallee | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:18:6:18:11 | target | InputArgumentIndex | 0 | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:18:6:18:11 | target | assignedToPropName | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:18:6:18:11 | target | calleeImports | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:18:6:18:11 | target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:18:6:18:11 | target | contextSurroundingFunctionParameters | ()\n(options) | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:18:6:18:11 | target | enclosingFunctionBody | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:18:6:18:11 | target | enclosingFunctionName | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:18:6:18:11 | target | fileImports | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:18:6:18:11 | target | receiverName | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:18:6:18:11 | target | stringConcatenatedWith | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:22:6:22:11 | target | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:22:6:22:11 | target | InputAccessPathFromCallee | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:22:6:22:11 | target | InputArgumentIndex | 0 | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:22:6:22:11 | target | assignedToPropName | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:22:6:22:11 | target | calleeImports | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:22:6:22:11 | target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:22:6:22:11 | target | contextSurroundingFunctionParameters | ()\n(options) | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:22:6:22:11 | target | enclosingFunctionBody | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:22:6:22:11 | target | enclosingFunctionName | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:22:6:22:11 | target | fileImports | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:22:6:22:11 | target | receiverName | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:22:6:22:11 | target | stringConcatenatedWith | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:24:6:24:11 | target | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:24:6:24:11 | target | InputAccessPathFromCallee | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:24:6:24:11 | target | InputArgumentIndex | 0 | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:24:6:24:11 | target | assignedToPropName | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:24:6:24:11 | target | calleeImports | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:24:6:24:11 | target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:24:6:24:11 | target | contextSurroundingFunctionParameters | ()\n(options) | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:24:6:24:11 | target | enclosingFunctionBody | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:24:6:24:11 | target | enclosingFunctionName | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:24:6:24:11 | target | fileImports | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:24:6:24:11 | target | receiverName | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:24:6:24:11 | target | stringConcatenatedWith | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:28:6:28:11 | target | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:28:6:28:11 | target | InputAccessPathFromCallee | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:28:6:28:11 | target | InputArgumentIndex | 0 | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:28:6:28:11 | target | assignedToPropName | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:28:6:28:11 | target | calleeImports | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:28:6:28:11 | target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:28:6:28:11 | target | contextSurroundingFunctionParameters | ()\n(options) | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:28:6:28:11 | target | enclosingFunctionBody | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:28:6:28:11 | target | enclosingFunctionName | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:28:6:28:11 | target | fileImports | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:28:6:28:11 | target | receiverName | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:28:6:28:11 | target | stringConcatenatedWith | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:30:6:30:11 | target | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:30:6:30:11 | target | InputAccessPathFromCallee | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:30:6:30:11 | target | InputArgumentIndex | 0 | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:30:6:30:11 | target | assignedToPropName | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:30:6:30:11 | target | calleeImports | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:30:6:30:11 | target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:30:6:30:11 | target | contextSurroundingFunctionParameters | ()\n(options) | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:30:6:30:11 | target | enclosingFunctionBody | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:30:6:30:11 | target | enclosingFunctionName | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:30:6:30:11 | target | fileImports | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:30:6:30:11 | target | receiverName | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:30:6:30:11 | target | stringConcatenatedWith | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:34:6:34:11 | target | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:34:6:34:11 | target | InputAccessPathFromCallee | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:34:6:34:11 | target | InputArgumentIndex | 0 | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:34:6:34:11 | target | assignedToPropName | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:34:6:34:11 | target | calleeImports | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:34:6:34:11 | target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:34:6:34:11 | target | contextSurroundingFunctionParameters | ()\n(options) | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:34:6:34:11 | target | enclosingFunctionBody | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:34:6:34:11 | target | enclosingFunctionName | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:34:6:34:11 | target | fileImports | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:34:6:34:11 | target | receiverName | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:34:6:34:11 | target | stringConcatenatedWith | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:36:6:36:11 | target | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:36:6:36:11 | target | InputAccessPathFromCallee | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:36:6:36:11 | target | InputArgumentIndex | 0 | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:36:6:36:11 | target | assignedToPropName | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:36:6:36:11 | target | calleeImports | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:36:6:36:11 | target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:36:6:36:11 | target | contextSurroundingFunctionParameters | ()\n(options) | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:36:6:36:11 | target | enclosingFunctionBody | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:36:6:36:11 | target | enclosingFunctionName | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:36:6:36:11 | target | fileImports | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:36:6:36:11 | target | receiverName | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:36:6:36:11 | target | stringConcatenatedWith | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:40:6:40:11 | target | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:40:6:40:11 | target | InputAccessPathFromCallee | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:40:6:40:11 | target | InputArgumentIndex | 0 | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:40:6:40:11 | target | assignedToPropName | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:40:6:40:11 | target | calleeImports | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:40:6:40:11 | target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:40:6:40:11 | target | contextSurroundingFunctionParameters | ()\n(options) | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:40:6:40:11 | target | enclosingFunctionBody | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:40:6:40:11 | target | enclosingFunctionName | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:40:6:40:11 | target | fileImports | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:40:6:40:11 | target | receiverName | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:40:6:40:11 | target | stringConcatenatedWith | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:42:6:42:11 | target | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:42:6:42:11 | target | InputAccessPathFromCallee | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:42:6:42:11 | target | InputArgumentIndex | 0 | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:42:6:42:11 | target | assignedToPropName | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:42:6:42:11 | target | calleeImports | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:42:6:42:11 | target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:42:6:42:11 | target | contextSurroundingFunctionParameters | ()\n(options) | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:42:6:42:11 | target | enclosingFunctionBody | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:42:6:42:11 | target | enclosingFunctionName | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:42:6:42:11 | target | fileImports | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:42:6:42:11 | target | receiverName | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:42:6:42:11 | target | stringConcatenatedWith | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:46:6:46:11 | target | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:46:6:46:11 | target | InputAccessPathFromCallee | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:46:6:46:11 | target | InputArgumentIndex | 0 | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:46:6:46:11 | target | assignedToPropName | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:46:6:46:11 | target | calleeImports | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:46:6:46:11 | target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:46:6:46:11 | target | contextSurroundingFunctionParameters | ()\n(options) | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:46:6:46:11 | target | enclosingFunctionBody | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:46:6:46:11 | target | enclosingFunctionName | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:46:6:46:11 | target | fileImports | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:46:6:46:11 | target | receiverName | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:46:6:46:11 | target | stringConcatenatedWith | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:48:6:48:11 | target | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:48:6:48:11 | target | InputAccessPathFromCallee | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:48:6:48:11 | target | InputArgumentIndex | 0 | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:48:6:48:11 | target | assignedToPropName | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:48:6:48:11 | target | calleeImports | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:48:6:48:11 | target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:48:6:48:11 | target | contextSurroundingFunctionParameters | ()\n(options) | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:48:6:48:11 | target | enclosingFunctionBody | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:48:6:48:11 | target | enclosingFunctionName | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:48:6:48:11 | target | fileImports | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:48:6:48:11 | target | receiverName | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:48:6:48:11 | target | stringConcatenatedWith | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:52:6:52:11 | target | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:52:6:52:11 | target | InputAccessPathFromCallee | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:52:6:52:11 | target | InputArgumentIndex | 0 | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:52:6:52:11 | target | assignedToPropName | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:52:6:52:11 | target | calleeImports | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:52:6:52:11 | target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:52:6:52:11 | target | contextSurroundingFunctionParameters | ()\n(options) | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:52:6:52:11 | target | enclosingFunctionBody | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:52:6:52:11 | target | enclosingFunctionName | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:52:6:52:11 | target | fileImports | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:52:6:52:11 | target | receiverName | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:52:6:52:11 | target | stringConcatenatedWith | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:54:6:54:11 | target | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:54:6:54:11 | target | InputAccessPathFromCallee | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:54:6:54:11 | target | InputArgumentIndex | 0 | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:54:6:54:11 | target | assignedToPropName | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:54:6:54:11 | target | calleeImports | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:54:6:54:11 | target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:54:6:54:11 | target | contextSurroundingFunctionParameters | ()\n(options) | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:54:6:54:11 | target | enclosingFunctionBody | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:54:6:54:11 | target | enclosingFunctionName | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:54:6:54:11 | target | fileImports | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:54:6:54:11 | target | receiverName | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:54:6:54:11 | target | stringConcatenatedWith | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:58:6:58:11 | target | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:58:6:58:11 | target | InputAccessPathFromCallee | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:58:6:58:11 | target | InputArgumentIndex | 0 | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:58:6:58:11 | target | assignedToPropName | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:58:6:58:11 | target | calleeImports | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:58:6:58:11 | target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:58:6:58:11 | target | contextSurroundingFunctionParameters | ()\n(options) | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:58:6:58:11 | target | enclosingFunctionBody | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:58:6:58:11 | target | enclosingFunctionName | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:58:6:58:11 | target | fileImports | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:58:6:58:11 | target | receiverName | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:58:6:58:11 | target | stringConcatenatedWith | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:60:6:60:11 | target | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:60:6:60:11 | target | InputAccessPathFromCallee | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:60:6:60:11 | target | InputArgumentIndex | 0 | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:60:6:60:11 | target | assignedToPropName | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:60:6:60:11 | target | calleeImports | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:60:6:60:11 | target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:60:6:60:11 | target | contextSurroundingFunctionParameters | ()\n(options) | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:60:6:60:11 | target | enclosingFunctionBody | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:60:6:60:11 | target | enclosingFunctionName | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:60:6:60:11 | target | fileImports | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:60:6:60:11 | target | receiverName | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:60:6:60:11 | target | stringConcatenatedWith | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:66:26:66:32 | element | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:66:26:66:32 | element | InputAccessPathFromCallee | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:66:26:66:32 | element | InputArgumentIndex | 0 | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:66:26:66:32 | element | assignedToPropName | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:66:26:66:32 | element | calleeImports | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:66:26:66:32 | element | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:66:26:66:32 | element | contextSurroundingFunctionParameters | ()\n(element, options) | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:66:26:66:32 | element | enclosingFunctionBody | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:66:26:66:32 | element | enclosingFunctionName | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:66:26:66:32 | element | fileImports | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:66:26:66:32 | element | receiverName | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:66:26:66:32 | element | stringConcatenatedWith | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:67:33:67:34 | {} | CalleeFlexibleAccessPath | $.extend | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:67:33:67:34 | {} | InputAccessPathFromCallee | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:67:33:67:34 | {} | InputArgumentIndex | 0 | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:67:33:67:34 | {} | assignedToPropName | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:67:33:67:34 | {} | calleeImports | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:67:33:67:34 | {} | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:67:33:67:34 | {} | contextSurroundingFunctionParameters | ()\n(element, options) | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:67:33:67:34 | {} | enclosingFunctionBody | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:67:33:67:34 | {} | enclosingFunctionName | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:67:33:67:34 | {} | fileImports | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:67:33:67:34 | {} | receiverName | $ | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:67:33:67:34 | {} | stringConcatenatedWith | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:67:37:67:43 | options | CalleeFlexibleAccessPath | $.extend | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:67:37:67:43 | options | InputAccessPathFromCallee | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:67:37:67:43 | options | InputArgumentIndex | 1 | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:67:37:67:43 | options | assignedToPropName | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:67:37:67:43 | options | calleeImports | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:67:37:67:43 | options | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:67:37:67:43 | options | contextSurroundingFunctionParameters | ()\n(element, options) | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:67:37:67:43 | options | enclosingFunctionBody | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:67:37:67:43 | options | enclosingFunctionName | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:67:37:67:43 | options | fileImports | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:67:37:67:43 | options | receiverName | $ | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:67:37:67:43 | options | stringConcatenatedWith | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:68:45:68:63 | this.options.parent | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:68:45:68:63 | this.options.parent | InputAccessPathFromCallee | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:68:45:68:63 | this.options.parent | InputArgumentIndex | 0 | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:68:45:68:63 | this.options.parent | assignedToPropName | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:68:45:68:63 | this.options.parent | calleeImports | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:68:45:68:63 | this.options.parent | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:68:45:68:63 | this.options.parent | contextSurroundingFunctionParameters | ()\n(element, options) | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:68:45:68:63 | this.options.parent | enclosingFunctionBody | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:68:45:68:63 | this.options.parent | enclosingFunctionName | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:68:45:68:63 | this.options.parent | fileImports | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:68:45:68:63 | this.options.parent | receiverName | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:68:45:68:63 | this.options.parent | stringConcatenatedWith | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:72:5:72:23 | options.foo.bar.baz | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:72:5:72:23 | options.foo.bar.baz | InputAccessPathFromCallee | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:72:5:72:23 | options.foo.bar.baz | InputArgumentIndex | 0 | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:72:5:72:23 | options.foo.bar.baz | assignedToPropName | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:72:5:72:23 | options.foo.bar.baz | calleeImports | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:72:5:72:23 | options.foo.bar.baz | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:72:5:72:23 | options.foo.bar.baz | contextSurroundingFunctionParameters | ()\n(options) | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:72:5:72:23 | options.foo.bar.baz | enclosingFunctionBody | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:72:5:72:23 | options.foo.bar.baz | enclosingFunctionName | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:72:5:72:23 | options.foo.bar.baz | fileImports | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:72:5:72:23 | options.foo.bar.baz | receiverName | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:72:5:72:23 | options.foo.bar.baz | stringConcatenatedWith | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:73:5:73:16 | options.html | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:73:5:73:16 | options.html | InputAccessPathFromCallee | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:73:5:73:16 | options.html | InputArgumentIndex | 0 | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:73:5:73:16 | options.html | assignedToPropName | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:73:5:73:16 | options.html | calleeImports | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:73:5:73:16 | options.html | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:73:5:73:16 | options.html | contextSurroundingFunctionParameters | ()\n(options) | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:73:5:73:16 | options.html | enclosingFunctionBody | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:73:5:73:16 | options.html | enclosingFunctionName | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:73:5:73:16 | options.html | fileImports | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:73:5:73:16 | options.html | receiverName | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:73:5:73:16 | options.html | stringConcatenatedWith | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:77:5:77:5 | x | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:77:5:77:5 | x | InputAccessPathFromCallee | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:77:5:77:5 | x | InputArgumentIndex | 0 | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:77:5:77:5 | x | assignedToPropName | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:77:5:77:5 | x | calleeImports | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:77:5:77:5 | x | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:77:5:77:5 | x | contextSurroundingFunctionParameters | ()\n(options) | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:77:5:77:5 | x | enclosingFunctionBody | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:77:5:77:5 | x | enclosingFunctionName | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:77:5:77:5 | x | fileImports | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:77:5:77:5 | x | receiverName | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:77:5:77:5 | x | stringConcatenatedWith | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:77:17:77:35 | options.foo.bar.baz | CalleeFlexibleAccessPath | $().appendTo | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:77:17:77:35 | options.foo.bar.baz | InputAccessPathFromCallee | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:77:17:77:35 | options.foo.bar.baz | InputArgumentIndex | 0 | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:77:17:77:35 | options.foo.bar.baz | assignedToPropName | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:77:17:77:35 | options.foo.bar.baz | calleeImports | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:77:17:77:35 | options.foo.bar.baz | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:77:17:77:35 | options.foo.bar.baz | contextSurroundingFunctionParameters | ()\n(options) | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:77:17:77:35 | options.foo.bar.baz | enclosingFunctionBody | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:77:17:77:35 | options.foo.bar.baz | enclosingFunctionName | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:77:17:77:35 | options.foo.bar.baz | fileImports | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:77:17:77:35 | options.foo.bar.baz | receiverName | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:77:17:77:35 | options.foo.bar.baz | stringConcatenatedWith | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:81:5:81:24 | "#" + options.target | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:81:5:81:24 | "#" + options.target | InputAccessPathFromCallee | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:81:5:81:24 | "#" + options.target | InputArgumentIndex | 0 | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:81:5:81:24 | "#" + options.target | assignedToPropName | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:81:5:81:24 | "#" + options.target | calleeImports | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:81:5:81:24 | "#" + options.target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:81:5:81:24 | "#" + options.target | contextSurroundingFunctionParameters | ()\n(options) | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:81:5:81:24 | "#" + options.target | enclosingFunctionBody | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:81:5:81:24 | "#" + options.target | enclosingFunctionName | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:81:5:81:24 | "#" + options.target | fileImports | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:81:5:81:24 | "#" + options.target | receiverName | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:81:5:81:24 | "#" + options.target | stringConcatenatedWith | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:86:22:86:23 | {} | CalleeFlexibleAccessPath | $.extend | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:86:22:86:23 | {} | InputAccessPathFromCallee | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:86:22:86:23 | {} | InputArgumentIndex | 0 | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:86:22:86:23 | {} | assignedToPropName | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:86:22:86:23 | {} | calleeImports | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:86:22:86:23 | {} | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:86:22:86:23 | {} | contextSurroundingFunctionParameters | (o) | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:86:22:86:23 | {} | enclosingFunctionBody | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:86:22:86:23 | {} | enclosingFunctionName | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:86:22:86:23 | {} | fileImports | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:86:22:86:23 | {} | receiverName | $ | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:86:22:86:23 | {} | stringConcatenatedWith | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:86:26:86:26 | o | CalleeFlexibleAccessPath | $.extend | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:86:26:86:26 | o | InputAccessPathFromCallee | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:86:26:86:26 | o | InputArgumentIndex | 1 | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:86:26:86:26 | o | assignedToPropName | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:86:26:86:26 | o | calleeImports | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:86:26:86:26 | o | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:86:26:86:26 | o | contextSurroundingFunctionParameters | (o) | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:86:26:86:26 | o | enclosingFunctionBody | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:86:26:86:26 | o | enclosingFunctionName | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:86:26:86:26 | o | fileImports | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:86:26:86:26 | o | receiverName | $ | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:86:26:86:26 | o | stringConcatenatedWith | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:89:16:89:16 | t | CalleeFlexibleAccessPath | console.log | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:89:16:89:16 | t | InputAccessPathFromCallee | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:89:16:89:16 | t | InputArgumentIndex | 0 | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:89:16:89:16 | t | assignedToPropName | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:89:16:89:16 | t | calleeImports | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:89:16:89:16 | t | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:89:16:89:16 | t | contextSurroundingFunctionParameters | (o) | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:89:16:89:16 | t | enclosingFunctionBody | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:89:16:89:16 | t | enclosingFunctionName | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:89:16:89:16 | t | fileImports | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:89:16:89:16 | t | receiverName | console | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:89:16:89:16 | t | stringConcatenatedWith | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:90:6:90:6 | t | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:90:6:90:6 | t | InputAccessPathFromCallee | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:90:6:90:6 | t | InputArgumentIndex | 0 | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:90:6:90:6 | t | assignedToPropName | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:90:6:90:6 | t | calleeImports | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:90:6:90:6 | t | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:90:6:90:6 | t | contextSurroundingFunctionParameters | (o) | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:90:6:90:6 | t | enclosingFunctionBody | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:90:6:90:6 | t | enclosingFunctionName | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:90:6:90:6 | t | fileImports | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:90:6:90:6 | t | receiverName | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:90:6:90:6 | t | stringConcatenatedWith | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:97:16:97:21 | target | CalleeFlexibleAccessPath | safe.has | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:97:16:97:21 | target | InputAccessPathFromCallee | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:97:16:97:21 | target | InputArgumentIndex | 0 | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:97:16:97:21 | target | assignedToPropName | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:97:16:97:21 | target | calleeImports | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:97:16:97:21 | target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:97:16:97:21 | target | contextSurroundingFunctionParameters | ()\n(options) | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:97:16:97:21 | target | enclosingFunctionBody | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:97:16:97:21 | target | enclosingFunctionName | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:97:16:97:21 | target | fileImports | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:97:16:97:21 | target | receiverName | safe | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:97:16:97:21 | target | stringConcatenatedWith | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:98:6:98:11 | target | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:98:6:98:11 | target | InputAccessPathFromCallee | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:98:6:98:11 | target | InputArgumentIndex | 0 | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:98:6:98:11 | target | assignedToPropName | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:98:6:98:11 | target | calleeImports | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:98:6:98:11 | target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:98:6:98:11 | target | contextSurroundingFunctionParameters | ()\n(options) | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:98:6:98:11 | target | enclosingFunctionBody | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:98:6:98:11 | target | enclosingFunctionName | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:98:6:98:11 | target | fileImports | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:98:6:98:11 | target | receiverName | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:98:6:98:11 | target | stringConcatenatedWith | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:102:22:105:3 | {\\n\\t\\t\\tme ... in'\\n\\t\\t} | CalleeFlexibleAccessPath | $.extend | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:102:22:105:3 | {\\n\\t\\t\\tme ... in'\\n\\t\\t} | InputAccessPathFromCallee | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:102:22:105:3 | {\\n\\t\\t\\tme ... in'\\n\\t\\t} | InputArgumentIndex | 0 | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:102:22:105:3 | {\\n\\t\\t\\tme ... in'\\n\\t\\t} | assignedToPropName | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:102:22:105:3 | {\\n\\t\\t\\tme ... in'\\n\\t\\t} | calleeImports | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:102:22:105:3 | {\\n\\t\\t\\tme ... in'\\n\\t\\t} | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:102:22:105:3 | {\\n\\t\\t\\tme ... in'\\n\\t\\t} | contextSurroundingFunctionParameters | ()\n(options) | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:102:22:105:3 | {\\n\\t\\t\\tme ... in'\\n\\t\\t} | enclosingFunctionBody | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:102:22:105:3 | {\\n\\t\\t\\tme ... in'\\n\\t\\t} | enclosingFunctionName | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:102:22:105:3 | {\\n\\t\\t\\tme ... in'\\n\\t\\t} | fileImports | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:102:22:105:3 | {\\n\\t\\t\\tme ... in'\\n\\t\\t} | receiverName | $ | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:102:22:105:3 | {\\n\\t\\t\\tme ... in'\\n\\t\\t} | stringConcatenatedWith | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:103:10:103:22 | '
    ' | CalleeFlexibleAccessPath | $.extend | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:103:10:103:22 | '
    ' | InputAccessPathFromCallee | 0.menu | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:103:10:103:22 | '
    ' | InputArgumentIndex | 0 | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:103:10:103:22 | '
    ' | assignedToPropName | menu | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:103:10:103:22 | '
    ' | calleeImports | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:103:10:103:22 | '
    ' | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:103:10:103:22 | '
    ' | contextSurroundingFunctionParameters | ()\n(options) | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:103:10:103:22 | '
    ' | enclosingFunctionBody | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:103:10:103:22 | '
    ' | enclosingFunctionName | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:103:10:103:22 | '
    ' | fileImports | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:103:10:103:22 | '
    ' | receiverName | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:103:10:103:22 | '
    ' | stringConcatenatedWith | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:104:12:104:23 | '.my_plugin' | CalleeFlexibleAccessPath | $.extend | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:104:12:104:23 | '.my_plugin' | InputAccessPathFromCallee | 0.target | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:104:12:104:23 | '.my_plugin' | InputArgumentIndex | 0 | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:104:12:104:23 | '.my_plugin' | assignedToPropName | target | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:104:12:104:23 | '.my_plugin' | calleeImports | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:104:12:104:23 | '.my_plugin' | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:104:12:104:23 | '.my_plugin' | contextSurroundingFunctionParameters | ()\n(options) | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:104:12:104:23 | '.my_plugin' | enclosingFunctionBody | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:104:12:104:23 | '.my_plugin' | enclosingFunctionName | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:104:12:104:23 | '.my_plugin' | fileImports | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:104:12:104:23 | '.my_plugin' | receiverName | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:104:12:104:23 | '.my_plugin' | stringConcatenatedWith | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:105:6:105:12 | options | CalleeFlexibleAccessPath | $.extend | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:105:6:105:12 | options | InputAccessPathFromCallee | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:105:6:105:12 | options | InputArgumentIndex | 1 | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:105:6:105:12 | options | assignedToPropName | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:105:6:105:12 | options | calleeImports | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:105:6:105:12 | options | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:105:6:105:12 | options | contextSurroundingFunctionParameters | ()\n(options) | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:105:6:105:12 | options | enclosingFunctionBody | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:105:6:105:12 | options | enclosingFunctionName | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:105:6:105:12 | options | fileImports | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:105:6:105:12 | options | receiverName | $ | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:105:6:105:12 | options | stringConcatenatedWith | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:106:5:106:16 | options.menu | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:106:5:106:16 | options.menu | InputAccessPathFromCallee | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:106:5:106:16 | options.menu | InputArgumentIndex | 0 | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:106:5:106:16 | options.menu | assignedToPropName | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:106:5:106:16 | options.menu | calleeImports | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:106:5:106:16 | options.menu | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:106:5:106:16 | options.menu | contextSurroundingFunctionParameters | ()\n(options) | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:106:5:106:16 | options.menu | enclosingFunctionBody | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:106:5:106:16 | options.menu | enclosingFunctionName | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:106:5:106:16 | options.menu | fileImports | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:106:5:106:16 | options.menu | receiverName | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:106:5:106:16 | options.menu | stringConcatenatedWith | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:107:5:107:18 | options.target | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:107:5:107:18 | options.target | InputAccessPathFromCallee | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:107:5:107:18 | options.target | InputArgumentIndex | 0 | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:107:5:107:18 | options.target | assignedToPropName | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:107:5:107:18 | options.target | calleeImports | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:107:5:107:18 | options.target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:107:5:107:18 | options.target | contextSurroundingFunctionParameters | ()\n(options) | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:107:5:107:18 | options.target | enclosingFunctionBody | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:107:5:107:18 | options.target | enclosingFunctionName | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:107:5:107:18 | options.target | fileImports | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:107:5:107:18 | options.target | receiverName | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:107:5:107:18 | options.target | stringConcatenatedWith | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:22:115:23 | {} | CalleeFlexibleAccessPath | $.extend | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:22:115:23 | {} | InputAccessPathFromCallee | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:22:115:23 | {} | InputArgumentIndex | 0 | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:22:115:23 | {} | assignedToPropName | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:22:115:23 | {} | calleeImports | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:22:115:23 | {} | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:22:115:23 | {} | contextSurroundingFunctionParameters | ()\n(options) | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:22:115:23 | {} | enclosingFunctionBody | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:22:115:23 | {} | enclosingFunctionName | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:22:115:23 | {} | fileImports | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:22:115:23 | {} | receiverName | $ | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:22:115:23 | {} | stringConcatenatedWith | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:26:115:48 | $.fn.my ... efaults | CalleeFlexibleAccessPath | $.extend | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:26:115:48 | $.fn.my ... efaults | InputAccessPathFromCallee | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:26:115:48 | $.fn.my ... efaults | InputArgumentIndex | 1 | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:26:115:48 | $.fn.my ... efaults | assignedToPropName | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:26:115:48 | $.fn.my ... efaults | calleeImports | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:26:115:48 | $.fn.my ... efaults | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:26:115:48 | $.fn.my ... efaults | contextSurroundingFunctionParameters | ()\n(options) | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:26:115:48 | $.fn.my ... efaults | enclosingFunctionBody | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:26:115:48 | $.fn.my ... efaults | enclosingFunctionName | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:26:115:48 | $.fn.my ... efaults | fileImports | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:26:115:48 | $.fn.my ... efaults | receiverName | $ | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:26:115:48 | $.fn.my ... efaults | stringConcatenatedWith | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:51:115:57 | options | CalleeFlexibleAccessPath | $.extend | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:51:115:57 | options | InputAccessPathFromCallee | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:51:115:57 | options | InputArgumentIndex | 2 | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:51:115:57 | options | assignedToPropName | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:51:115:57 | options | calleeImports | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:51:115:57 | options | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:51:115:57 | options | contextSurroundingFunctionParameters | ()\n(options) | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:51:115:57 | options | enclosingFunctionBody | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:51:115:57 | options | enclosingFunctionName | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:51:115:57 | options | fileImports | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:51:115:57 | options | receiverName | $ | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:51:115:57 | options | stringConcatenatedWith | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:116:5:116:16 | options.menu | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:116:5:116:16 | options.menu | InputAccessPathFromCallee | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:116:5:116:16 | options.menu | InputArgumentIndex | 0 | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:116:5:116:16 | options.menu | assignedToPropName | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:116:5:116:16 | options.menu | calleeImports | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:116:5:116:16 | options.menu | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:116:5:116:16 | options.menu | contextSurroundingFunctionParameters | ()\n(options) | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:116:5:116:16 | options.menu | enclosingFunctionBody | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:116:5:116:16 | options.menu | enclosingFunctionName | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:116:5:116:16 | options.menu | fileImports | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:116:5:116:16 | options.menu | receiverName | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:116:5:116:16 | options.menu | stringConcatenatedWith | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:117:5:117:18 | options.target | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:117:5:117:18 | options.target | InputAccessPathFromCallee | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:117:5:117:18 | options.target | InputArgumentIndex | 0 | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:117:5:117:18 | options.target | assignedToPropName | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:117:5:117:18 | options.target | calleeImports | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:117:5:117:18 | options.target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:117:5:117:18 | options.target | contextSurroundingFunctionParameters | ()\n(options) | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:117:5:117:18 | options.target | enclosingFunctionBody | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:117:5:117:18 | options.target | enclosingFunctionName | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:117:5:117:18 | options.target | fileImports | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:117:5:117:18 | options.target | receiverName | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:117:5:117:18 | options.target | stringConcatenatedWith | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:122:5:122:18 | options.target | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:122:5:122:18 | options.target | InputAccessPathFromCallee | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:122:5:122:18 | options.target | InputArgumentIndex | 0 | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:122:5:122:18 | options.target | assignedToPropName | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:122:5:122:18 | options.target | calleeImports | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:122:5:122:18 | options.target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:122:5:122:18 | options.target | contextSurroundingFunctionParameters | ()\n(options) | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:122:5:122:18 | options.target | enclosingFunctionBody | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:122:5:122:18 | options.target | enclosingFunctionName | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:122:5:122:18 | options.target | fileImports | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:122:5:122:18 | options.target | receiverName | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:122:5:122:18 | options.target | stringConcatenatedWith | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:125:11:125:14 | $.fn | CalleeFlexibleAccessPath | $.extend | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:125:11:125:14 | $.fn | InputAccessPathFromCallee | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:125:11:125:14 | $.fn | InputArgumentIndex | 0 | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:125:11:125:14 | $.fn | assignedToPropName | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:125:11:125:14 | $.fn | calleeImports | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:125:11:125:14 | $.fn | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:125:11:125:14 | $.fn | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:125:11:125:14 | $.fn | enclosingFunctionBody | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:125:11:125:14 | $.fn | enclosingFunctionName | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:125:11:125:14 | $.fn | fileImports | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:125:11:125:14 | $.fn | receiverName | $ | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:125:11:125:14 | $.fn | stringConcatenatedWith | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:125:17:129:2 | {\\n\\t\\tmy_ ... \\n\\t\\t}\\n\\t} | CalleeFlexibleAccessPath | $.extend | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:125:17:129:2 | {\\n\\t\\tmy_ ... \\n\\t\\t}\\n\\t} | InputAccessPathFromCallee | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:125:17:129:2 | {\\n\\t\\tmy_ ... \\n\\t\\t}\\n\\t} | InputArgumentIndex | 1 | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:125:17:129:2 | {\\n\\t\\tmy_ ... \\n\\t\\t}\\n\\t} | assignedToPropName | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:125:17:129:2 | {\\n\\t\\tmy_ ... \\n\\t\\t}\\n\\t} | calleeImports | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:125:17:129:2 | {\\n\\t\\tmy_ ... \\n\\t\\t}\\n\\t} | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:125:17:129:2 | {\\n\\t\\tmy_ ... \\n\\t\\t}\\n\\t} | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:125:17:129:2 | {\\n\\t\\tmy_ ... \\n\\t\\t}\\n\\t} | enclosingFunctionBody | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:125:17:129:2 | {\\n\\t\\tmy_ ... \\n\\t\\t}\\n\\t} | enclosingFunctionName | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:125:17:129:2 | {\\n\\t\\tmy_ ... \\n\\t\\t}\\n\\t} | fileImports | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:125:17:129:2 | {\\n\\t\\tmy_ ... \\n\\t\\t}\\n\\t} | receiverName | $ | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:125:17:129:2 | {\\n\\t\\tmy_ ... \\n\\t\\t}\\n\\t} | stringConcatenatedWith | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:126:14:128:3 | functio ... OK\\n\\t\\t} | CalleeFlexibleAccessPath | $.extend | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:126:14:128:3 | functio ... OK\\n\\t\\t} | InputAccessPathFromCallee | 1.my_plugin | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:126:14:128:3 | functio ... OK\\n\\t\\t} | InputArgumentIndex | 1 | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:126:14:128:3 | functio ... OK\\n\\t\\t} | assignedToPropName | my_plugin | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:126:14:128:3 | functio ... OK\\n\\t\\t} | calleeImports | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:126:14:128:3 | functio ... OK\\n\\t\\t} | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:126:14:128:3 | functio ... OK\\n\\t\\t} | contextSurroundingFunctionParameters | ()\n(options) | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:126:14:128:3 | functio ... OK\\n\\t\\t} | enclosingFunctionBody | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:126:14:128:3 | functio ... OK\\n\\t\\t} | enclosingFunctionName | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:126:14:128:3 | functio ... OK\\n\\t\\t} | fileImports | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:126:14:128:3 | functio ... OK\\n\\t\\t} | receiverName | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:126:14:128:3 | functio ... OK\\n\\t\\t} | stringConcatenatedWith | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:127:6:127:19 | options.target | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:127:6:127:19 | options.target | InputAccessPathFromCallee | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:127:6:127:19 | options.target | InputArgumentIndex | 0 | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:127:6:127:19 | options.target | assignedToPropName | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:127:6:127:19 | options.target | calleeImports | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:127:6:127:19 | options.target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:127:6:127:19 | options.target | contextSurroundingFunctionParameters | ()\n(options) | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:127:6:127:19 | options.target | enclosingFunctionBody | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:127:6:127:19 | options.target | enclosingFunctionName | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:127:6:127:19 | options.target | fileImports | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:127:6:127:19 | options.target | receiverName | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:127:6:127:19 | options.target | stringConcatenatedWith | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:132:5:132:18 | options.target | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:132:5:132:18 | options.target | InputAccessPathFromCallee | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:132:5:132:18 | options.target | InputArgumentIndex | 0 | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:132:5:132:18 | options.target | assignedToPropName | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:132:5:132:18 | options.target | calleeImports | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:132:5:132:18 | options.target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:132:5:132:18 | options.target | contextSurroundingFunctionParameters | ()\n(options) | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:132:5:132:18 | options.target | enclosingFunctionBody | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:132:5:132:18 | options.target | enclosingFunctionName | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:132:5:132:18 | options.target | fileImports | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:132:5:132:18 | options.target | receiverName | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:132:5:132:18 | options.target | stringConcatenatedWith | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:136:5:136:29 | options ... elector | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:136:5:136:29 | options ... elector | InputAccessPathFromCallee | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:136:5:136:29 | options ... elector | InputArgumentIndex | 0 | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:136:5:136:29 | options ... elector | assignedToPropName | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:136:5:136:29 | options ... elector | calleeImports | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:136:5:136:29 | options ... elector | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:136:5:136:29 | options ... elector | contextSurroundingFunctionParameters | ()\n(options) | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:136:5:136:29 | options ... elector | enclosingFunctionBody | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:136:5:136:29 | options ... elector | enclosingFunctionName | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:136:5:136:29 | options ... elector | fileImports | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:136:5:136:29 | options ... elector | receiverName | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:136:5:136:29 | options ... elector | stringConcatenatedWith | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:140:41:140:56 |
    hello
    | CalleeFlexibleAccessPath | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:140:41:140:56 |
    hello
    | InputAccessPathFromCallee | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:140:41:140:56 |
    hello
    | InputArgumentIndex | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:140:41:140:56 |
    hello
    | assignedToPropName | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:140:41:140:56 |
    hello
    | calleeImports | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:140:41:140:56 |
    hello
    | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:140:41:140:56 |
    hello
    | contextSurroundingFunctionParameters | ()\n(options) | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:140:41:140:56 |
    hello
    | enclosingFunctionBody | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:140:41:140:56 |
    hello
    | enclosingFunctionName | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:140:41:140:56 |
    hello
    | fileImports | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:140:41:140:56 |
    hello
    | receiverName | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:140:41:140:56 |
    hello
    | stringConcatenatedWith | -endpoint- | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:141:5:141:16 | intentional1 | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:141:5:141:16 | intentional1 | InputAccessPathFromCallee | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:141:5:141:16 | intentional1 | InputArgumentIndex | 0 | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:141:5:141:16 | intentional1 | assignedToPropName | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:141:5:141:16 | intentional1 | calleeImports | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:141:5:141:16 | intentional1 | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:141:5:141:16 | intentional1 | contextSurroundingFunctionParameters | ()\n(options) | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:141:5:141:16 | intentional1 | enclosingFunctionBody | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:141:5:141:16 | intentional1 | enclosingFunctionName | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:141:5:141:16 | intentional1 | fileImports | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:141:5:141:16 | intentional1 | receiverName | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:141:5:141:16 | intentional1 | stringConcatenatedWith | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:143:23:143:27 |
    | CalleeFlexibleAccessPath | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:143:23:143:27 |
    | InputAccessPathFromCallee | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:143:23:143:27 |
    | InputArgumentIndex | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:143:23:143:27 |
    | assignedToPropName | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:143:23:143:27 |
    | calleeImports | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:143:23:143:27 |
    | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:143:23:143:27 |
    | contextSurroundingFunctionParameters | ()\n(options) | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:143:23:143:27 |
    | enclosingFunctionBody | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:143:23:143:27 |
    | enclosingFunctionName | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:143:23:143:27 |
    | fileImports | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:143:23:143:27 |
    | receiverName | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:143:23:143:27 |
    | stringConcatenatedWith | -endpoint- options.target + '
    ' | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:143:30:143:43 | options.target | CalleeFlexibleAccessPath | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:143:30:143:43 | options.target | InputAccessPathFromCallee | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:143:30:143:43 | options.target | InputArgumentIndex | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:143:30:143:43 | options.target | assignedToPropName | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:143:30:143:43 | options.target | calleeImports | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:143:30:143:43 | options.target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:143:30:143:43 | options.target | contextSurroundingFunctionParameters | ()\n(options) | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:143:30:143:43 | options.target | enclosingFunctionBody | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:143:30:143:43 | options.target | enclosingFunctionName | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:143:30:143:43 | options.target | fileImports | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:143:30:143:43 | options.target | receiverName | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:143:30:143:43 | options.target | stringConcatenatedWith | '
    ' -endpoint- '
    ' | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:143:45:143:50 |
    | CalleeFlexibleAccessPath | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:143:45:143:50 |
    | InputAccessPathFromCallee | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:143:45:143:50 |
    | InputArgumentIndex | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:143:45:143:50 |
    | assignedToPropName | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:143:45:143:50 |
    | calleeImports | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:143:45:143:50 |
    | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:143:45:143:50 |
    | contextSurroundingFunctionParameters | ()\n(options) | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:143:45:143:50 |
    | enclosingFunctionBody | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:143:45:143:50 |
    | enclosingFunctionName | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:143:45:143:50 |
    | fileImports | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:143:45:143:50 |
    | receiverName | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:143:45:143:50 |
    | stringConcatenatedWith | '
    ' + options.target -endpoint- | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:144:5:144:16 | intentional2 | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:144:5:144:16 | intentional2 | InputAccessPathFromCallee | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:144:5:144:16 | intentional2 | InputArgumentIndex | 0 | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:144:5:144:16 | intentional2 | assignedToPropName | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:144:5:144:16 | intentional2 | calleeImports | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:144:5:144:16 | intentional2 | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:144:5:144:16 | intentional2 | contextSurroundingFunctionParameters | ()\n(options) | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:144:5:144:16 | intentional2 | enclosingFunctionBody | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:144:5:144:16 | intentional2 | enclosingFunctionName | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:144:5:144:16 | intentional2 | fileImports | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:144:5:144:16 | intentional2 | receiverName | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:144:5:144:16 | intentional2 | stringConcatenatedWith | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:146:23:146:27 |
    | CalleeFlexibleAccessPath | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:146:23:146:27 |
    | InputAccessPathFromCallee | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:146:23:146:27 |
    | InputArgumentIndex | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:146:23:146:27 |
    | assignedToPropName | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:146:23:146:27 |
    | calleeImports | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:146:23:146:27 |
    | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:146:23:146:27 |
    | contextSurroundingFunctionParameters | ()\n(options) | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:146:23:146:27 |
    | enclosingFunctionBody | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:146:23:146:27 |
    | enclosingFunctionName | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:146:23:146:27 |
    | fileImports | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:146:23:146:27 |
    | receiverName | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:146:23:146:27 |
    | stringConcatenatedWith | -endpoint- ? | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:146:32:146:54 | options ...
    ` | CalleeFlexibleAccessPath | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:146:32:146:54 | options ...
    ` | InputAccessPathFromCallee | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:146:32:146:54 | options ...
    ` | InputArgumentIndex | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:146:32:146:54 | options ...
    ` | assignedToPropName | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:146:32:146:54 | options ...
    ` | calleeImports | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:146:32:146:54 | options ...
    ` | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:146:32:146:54 | options ...
    ` | contextSurroundingFunctionParameters | ()\n(options) | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:146:32:146:54 | options ...
    ` | enclosingFunctionBody | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:146:32:146:54 | options ...
    ` | enclosingFunctionName | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:146:32:146:54 | options ...
    ` | fileImports | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:146:32:146:54 | options ...
    ` | receiverName | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:146:32:146:54 | options ...
    ` | stringConcatenatedWith | '
    ' -endpoint- | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:147:5:147:16 | intentional3 | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:147:5:147:16 | intentional3 | InputAccessPathFromCallee | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:147:5:147:16 | intentional3 | InputArgumentIndex | 0 | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:147:5:147:16 | intentional3 | assignedToPropName | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:147:5:147:16 | intentional3 | calleeImports | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:147:5:147:16 | intentional3 | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:147:5:147:16 | intentional3 | contextSurroundingFunctionParameters | ()\n(options) | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:147:5:147:16 | intentional3 | enclosingFunctionBody | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:147:5:147:16 | intentional3 | enclosingFunctionName | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:147:5:147:16 | intentional3 | fileImports | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:147:5:147:16 | intentional3 | receiverName | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:147:5:147:16 | intentional3 | stringConcatenatedWith | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:149:24:149:35 |
    ' | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:149:38:149:51 | options.target | CalleeFlexibleAccessPath | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:149:38:149:51 | options.target | InputAccessPathFromCallee | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:149:38:149:51 | options.target | InputArgumentIndex | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:149:38:149:51 | options.target | assignedToPropName | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:149:38:149:51 | options.target | calleeImports | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:149:38:149:51 | options.target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:149:38:149:51 | options.target | contextSurroundingFunctionParameters | ()\n(options) | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:149:38:149:51 | options.target | enclosingFunctionBody | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:149:38:149:51 | options.target | enclosingFunctionName | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:149:38:149:51 | options.target | fileImports | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:149:38:149:51 | options.target | receiverName | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:149:38:149:51 | options.target | stringConcatenatedWith | '
    ' | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:149:53:149:60 | ">
    | CalleeFlexibleAccessPath | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:149:53:149:60 | ">
    | InputAccessPathFromCallee | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:149:53:149:60 | ">
    | InputArgumentIndex | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:149:53:149:60 | ">
    | assignedToPropName | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:149:53:149:60 | ">
    | calleeImports | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:149:53:149:60 | ">
    | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:149:53:149:60 | ">
    | contextSurroundingFunctionParameters | ()\n(options) | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:149:53:149:60 | ">
    | enclosingFunctionBody | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:149:53:149:60 | ">
    | enclosingFunctionName | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:149:53:149:60 | ">
    | fileImports | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:149:53:149:60 | ">
    | receiverName | | -| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:149:53:149:60 | ">
    | stringConcatenatedWith | '
    ({ name: '' }) | CalleeFlexibleAccessPath | withFormik | -| autogenerated/Xss/XssThroughDom/forms.js:23:23:23:42 | () => ({ name: '' }) | InputAccessPathFromCallee | 0.mapPropsToValues | -| autogenerated/Xss/XssThroughDom/forms.js:23:23:23:42 | () => ({ name: '' }) | InputArgumentIndex | 0 | -| autogenerated/Xss/XssThroughDom/forms.js:23:23:23:42 | () => ({ name: '' }) | assignedToPropName | mapPropsToValues | -| autogenerated/Xss/XssThroughDom/forms.js:23:23:23:42 | () => ({ name: '' }) | calleeImports | formik | -| autogenerated/Xss/XssThroughDom/forms.js:23:23:23:42 | () => ({ name: '' }) | contextFunctionInterfaces | App()\nFormikBasic()\nHookForm()\nHookForm2()\nhandleSubmit(values, ?)\nmapPropsToValues()\nonSubmit(data)\nonsubmit(e)\nplainReact()\nplainSubmit(e)\nvalidate(values)\nvanillaJS() | -| autogenerated/Xss/XssThroughDom/forms.js:23:23:23:42 | () => ({ name: '' }) | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/XssThroughDom/forms.js:23:23:23:42 | () => ({ name: '' }) | enclosingFunctionBody | | -| autogenerated/Xss/XssThroughDom/forms.js:23:23:23:42 | () => ({ name: '' }) | enclosingFunctionName | | -| autogenerated/Xss/XssThroughDom/forms.js:23:23:23:42 | () => ({ name: '' }) | fileImports | formik react react-final-form react-hook-form | -| autogenerated/Xss/XssThroughDom/forms.js:23:23:23:42 | () => ({ name: '' }) | receiverName | | -| autogenerated/Xss/XssThroughDom/forms.js:23:23:23:42 | () => ({ name: '' }) | stringConcatenatedWith | | -| autogenerated/Xss/XssThroughDom/forms.js:24:15:26:5 | values ... K\\n } | CalleeFlexibleAccessPath | withFormik | -| autogenerated/Xss/XssThroughDom/forms.js:24:15:26:5 | values ... K\\n } | InputAccessPathFromCallee | 0.validate | -| autogenerated/Xss/XssThroughDom/forms.js:24:15:26:5 | values ... K\\n } | InputArgumentIndex | 0 | -| autogenerated/Xss/XssThroughDom/forms.js:24:15:26:5 | values ... K\\n } | assignedToPropName | validate | -| autogenerated/Xss/XssThroughDom/forms.js:24:15:26:5 | values ... K\\n } | calleeImports | formik | -| autogenerated/Xss/XssThroughDom/forms.js:24:15:26:5 | values ... K\\n } | contextFunctionInterfaces | App()\nFormikBasic()\nHookForm()\nHookForm2()\nhandleSubmit(values, ?)\nmapPropsToValues()\nonSubmit(data)\nonsubmit(e)\nplainReact()\nplainSubmit(e)\nvalidate(values)\nvanillaJS() | -| autogenerated/Xss/XssThroughDom/forms.js:24:15:26:5 | values ... K\\n } | contextSurroundingFunctionParameters | (values) | -| autogenerated/Xss/XssThroughDom/forms.js:24:15:26:5 | values ... K\\n } | enclosingFunctionBody | | -| autogenerated/Xss/XssThroughDom/forms.js:24:15:26:5 | values ... K\\n } | enclosingFunctionName | | -| autogenerated/Xss/XssThroughDom/forms.js:24:15:26:5 | values ... K\\n } | fileImports | formik react react-final-form react-hook-form | -| autogenerated/Xss/XssThroughDom/forms.js:24:15:26:5 | values ... K\\n } | receiverName | | -| autogenerated/Xss/XssThroughDom/forms.js:24:15:26:5 | values ... K\\n } | stringConcatenatedWith | | -| autogenerated/Xss/XssThroughDom/forms.js:25:11:25:15 | "#id" | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/XssThroughDom/forms.js:25:11:25:15 | "#id" | InputAccessPathFromCallee | | -| autogenerated/Xss/XssThroughDom/forms.js:25:11:25:15 | "#id" | InputArgumentIndex | 0 | -| autogenerated/Xss/XssThroughDom/forms.js:25:11:25:15 | "#id" | assignedToPropName | | -| autogenerated/Xss/XssThroughDom/forms.js:25:11:25:15 | "#id" | calleeImports | | -| autogenerated/Xss/XssThroughDom/forms.js:25:11:25:15 | "#id" | contextFunctionInterfaces | App()\nFormikBasic()\nHookForm()\nHookForm2()\nhandleSubmit(values, ?)\nmapPropsToValues()\nonSubmit(data)\nonsubmit(e)\nplainReact()\nplainSubmit(e)\nvalidate(values)\nvanillaJS() | -| autogenerated/Xss/XssThroughDom/forms.js:25:11:25:15 | "#id" | contextSurroundingFunctionParameters | (values) | -| autogenerated/Xss/XssThroughDom/forms.js:25:11:25:15 | "#id" | enclosingFunctionBody | values $ #id html values email | -| autogenerated/Xss/XssThroughDom/forms.js:25:11:25:15 | "#id" | enclosingFunctionName | validate | -| autogenerated/Xss/XssThroughDom/forms.js:25:11:25:15 | "#id" | fileImports | formik react react-final-form react-hook-form | -| autogenerated/Xss/XssThroughDom/forms.js:25:11:25:15 | "#id" | receiverName | | -| autogenerated/Xss/XssThroughDom/forms.js:25:11:25:15 | "#id" | stringConcatenatedWith | | -| autogenerated/Xss/XssThroughDom/forms.js:25:23:25:34 | values.email | CalleeFlexibleAccessPath | $().html | -| autogenerated/Xss/XssThroughDom/forms.js:25:23:25:34 | values.email | InputAccessPathFromCallee | | -| autogenerated/Xss/XssThroughDom/forms.js:25:23:25:34 | values.email | InputArgumentIndex | 0 | -| autogenerated/Xss/XssThroughDom/forms.js:25:23:25:34 | values.email | assignedToPropName | | -| autogenerated/Xss/XssThroughDom/forms.js:25:23:25:34 | values.email | calleeImports | | -| autogenerated/Xss/XssThroughDom/forms.js:25:23:25:34 | values.email | contextFunctionInterfaces | App()\nFormikBasic()\nHookForm()\nHookForm2()\nhandleSubmit(values, ?)\nmapPropsToValues()\nonSubmit(data)\nonsubmit(e)\nplainReact()\nplainSubmit(e)\nvalidate(values)\nvanillaJS() | -| autogenerated/Xss/XssThroughDom/forms.js:25:23:25:34 | values.email | contextSurroundingFunctionParameters | (values) | -| autogenerated/Xss/XssThroughDom/forms.js:25:23:25:34 | values.email | enclosingFunctionBody | values $ #id html values email | -| autogenerated/Xss/XssThroughDom/forms.js:25:23:25:34 | values.email | enclosingFunctionName | validate | -| autogenerated/Xss/XssThroughDom/forms.js:25:23:25:34 | values.email | fileImports | formik react react-final-form react-hook-form | -| autogenerated/Xss/XssThroughDom/forms.js:25:23:25:34 | values.email | receiverName | | -| autogenerated/Xss/XssThroughDom/forms.js:25:23:25:34 | values.email | stringConcatenatedWith | | -| autogenerated/Xss/XssThroughDom/forms.js:28:19:30:5 | (values ... K\\n } | CalleeFlexibleAccessPath | withFormik | -| autogenerated/Xss/XssThroughDom/forms.js:28:19:30:5 | (values ... K\\n } | InputAccessPathFromCallee | 0.handleSubmit | -| autogenerated/Xss/XssThroughDom/forms.js:28:19:30:5 | (values ... K\\n } | InputArgumentIndex | 0 | -| autogenerated/Xss/XssThroughDom/forms.js:28:19:30:5 | (values ... K\\n } | assignedToPropName | handleSubmit | -| autogenerated/Xss/XssThroughDom/forms.js:28:19:30:5 | (values ... K\\n } | calleeImports | formik | -| autogenerated/Xss/XssThroughDom/forms.js:28:19:30:5 | (values ... K\\n } | contextFunctionInterfaces | App()\nFormikBasic()\nHookForm()\nHookForm2()\nhandleSubmit(values, ?)\nmapPropsToValues()\nonSubmit(data)\nonsubmit(e)\nplainReact()\nplainSubmit(e)\nvalidate(values)\nvanillaJS() | -| autogenerated/Xss/XssThroughDom/forms.js:28:19:30:5 | (values ... K\\n } | contextSurroundingFunctionParameters | (values, ?) | -| autogenerated/Xss/XssThroughDom/forms.js:28:19:30:5 | (values ... K\\n } | enclosingFunctionBody | | -| autogenerated/Xss/XssThroughDom/forms.js:28:19:30:5 | (values ... K\\n } | enclosingFunctionName | | -| autogenerated/Xss/XssThroughDom/forms.js:28:19:30:5 | (values ... K\\n } | fileImports | formik react react-final-form react-hook-form | -| autogenerated/Xss/XssThroughDom/forms.js:28:19:30:5 | (values ... K\\n } | receiverName | | -| autogenerated/Xss/XssThroughDom/forms.js:28:19:30:5 | (values ... K\\n } | stringConcatenatedWith | | -| autogenerated/Xss/XssThroughDom/forms.js:29:11:29:15 | "#id" | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/XssThroughDom/forms.js:29:11:29:15 | "#id" | InputAccessPathFromCallee | | -| autogenerated/Xss/XssThroughDom/forms.js:29:11:29:15 | "#id" | InputArgumentIndex | 0 | -| autogenerated/Xss/XssThroughDom/forms.js:29:11:29:15 | "#id" | assignedToPropName | | -| autogenerated/Xss/XssThroughDom/forms.js:29:11:29:15 | "#id" | calleeImports | | -| autogenerated/Xss/XssThroughDom/forms.js:29:11:29:15 | "#id" | contextFunctionInterfaces | App()\nFormikBasic()\nHookForm()\nHookForm2()\nhandleSubmit(values, ?)\nmapPropsToValues()\nonSubmit(data)\nonsubmit(e)\nplainReact()\nplainSubmit(e)\nvalidate(values)\nvanillaJS() | -| autogenerated/Xss/XssThroughDom/forms.js:29:11:29:15 | "#id" | contextSurroundingFunctionParameters | (values, ?) | -| autogenerated/Xss/XssThroughDom/forms.js:29:11:29:15 | "#id" | enclosingFunctionBody | values setSubmitting $ #id html values email | -| autogenerated/Xss/XssThroughDom/forms.js:29:11:29:15 | "#id" | enclosingFunctionName | handleSubmit | -| autogenerated/Xss/XssThroughDom/forms.js:29:11:29:15 | "#id" | fileImports | formik react react-final-form react-hook-form | -| autogenerated/Xss/XssThroughDom/forms.js:29:11:29:15 | "#id" | receiverName | | -| autogenerated/Xss/XssThroughDom/forms.js:29:11:29:15 | "#id" | stringConcatenatedWith | | -| autogenerated/Xss/XssThroughDom/forms.js:29:23:29:34 | values.email | CalleeFlexibleAccessPath | $().html | -| autogenerated/Xss/XssThroughDom/forms.js:29:23:29:34 | values.email | InputAccessPathFromCallee | | -| autogenerated/Xss/XssThroughDom/forms.js:29:23:29:34 | values.email | InputArgumentIndex | 0 | -| autogenerated/Xss/XssThroughDom/forms.js:29:23:29:34 | values.email | assignedToPropName | | -| autogenerated/Xss/XssThroughDom/forms.js:29:23:29:34 | values.email | calleeImports | | -| autogenerated/Xss/XssThroughDom/forms.js:29:23:29:34 | values.email | contextFunctionInterfaces | App()\nFormikBasic()\nHookForm()\nHookForm2()\nhandleSubmit(values, ?)\nmapPropsToValues()\nonSubmit(data)\nonsubmit(e)\nplainReact()\nplainSubmit(e)\nvalidate(values)\nvanillaJS() | -| autogenerated/Xss/XssThroughDom/forms.js:29:23:29:34 | values.email | contextSurroundingFunctionParameters | (values, ?) | -| autogenerated/Xss/XssThroughDom/forms.js:29:23:29:34 | values.email | enclosingFunctionBody | values setSubmitting $ #id html values email | -| autogenerated/Xss/XssThroughDom/forms.js:29:23:29:34 | values.email | enclosingFunctionName | handleSubmit | -| autogenerated/Xss/XssThroughDom/forms.js:29:23:29:34 | values.email | fileImports | formik react react-final-form react-hook-form | -| autogenerated/Xss/XssThroughDom/forms.js:29:23:29:34 | values.email | receiverName | | -| autogenerated/Xss/XssThroughDom/forms.js:29:23:29:34 | values.email | stringConcatenatedWith | | -| autogenerated/Xss/XssThroughDom/forms.js:31:4:31:9 | MyForm | CalleeFlexibleAccessPath | withFormik() | -| autogenerated/Xss/XssThroughDom/forms.js:31:4:31:9 | MyForm | InputAccessPathFromCallee | | -| autogenerated/Xss/XssThroughDom/forms.js:31:4:31:9 | MyForm | InputArgumentIndex | 0 | -| autogenerated/Xss/XssThroughDom/forms.js:31:4:31:9 | MyForm | assignedToPropName | | -| autogenerated/Xss/XssThroughDom/forms.js:31:4:31:9 | MyForm | calleeImports | formik | -| autogenerated/Xss/XssThroughDom/forms.js:31:4:31:9 | MyForm | contextFunctionInterfaces | App()\nFormikBasic()\nHookForm()\nHookForm2()\nhandleSubmit(values, ?)\nmapPropsToValues()\nonSubmit(data)\nonsubmit(e)\nplainReact()\nplainSubmit(e)\nvalidate(values)\nvanillaJS() | -| autogenerated/Xss/XssThroughDom/forms.js:31:4:31:9 | MyForm | contextSurroundingFunctionParameters | | -| autogenerated/Xss/XssThroughDom/forms.js:31:4:31:9 | MyForm | enclosingFunctionBody | | -| autogenerated/Xss/XssThroughDom/forms.js:31:4:31:9 | MyForm | enclosingFunctionName | | -| autogenerated/Xss/XssThroughDom/forms.js:31:4:31:9 | MyForm | fileImports | formik react react-final-form react-hook-form | -| autogenerated/Xss/XssThroughDom/forms.js:31:4:31:9 | MyForm | receiverName | | -| autogenerated/Xss/XssThroughDom/forms.js:31:4:31:9 | MyForm | stringConcatenatedWith | | -| autogenerated/Xss/XssThroughDom/forms.js:35:7:35:11 | "#id" | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/XssThroughDom/forms.js:35:7:35:11 | "#id" | InputAccessPathFromCallee | | -| autogenerated/Xss/XssThroughDom/forms.js:35:7:35:11 | "#id" | InputArgumentIndex | 0 | -| autogenerated/Xss/XssThroughDom/forms.js:35:7:35:11 | "#id" | assignedToPropName | | -| autogenerated/Xss/XssThroughDom/forms.js:35:7:35:11 | "#id" | calleeImports | | -| autogenerated/Xss/XssThroughDom/forms.js:35:7:35:11 | "#id" | contextFunctionInterfaces | App()\nFormikBasic()\nHookForm()\nHookForm2()\nhandleSubmit(values, ?)\nmapPropsToValues()\nonSubmit(data)\nonsubmit(e)\nplainReact()\nplainSubmit(e)\nvalidate(values)\nvanillaJS() | -| autogenerated/Xss/XssThroughDom/forms.js:35:7:35:11 | "#id" | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/XssThroughDom/forms.js:35:7:35:11 | "#id" | enclosingFunctionBody | values submitForm useFormikContext $ #id html values email $ #id html submitForm email | -| autogenerated/Xss/XssThroughDom/forms.js:35:7:35:11 | "#id" | enclosingFunctionName | | -| autogenerated/Xss/XssThroughDom/forms.js:35:7:35:11 | "#id" | fileImports | formik react react-final-form react-hook-form | -| autogenerated/Xss/XssThroughDom/forms.js:35:7:35:11 | "#id" | receiverName | | -| autogenerated/Xss/XssThroughDom/forms.js:35:7:35:11 | "#id" | stringConcatenatedWith | | -| autogenerated/Xss/XssThroughDom/forms.js:35:19:35:30 | values.email | CalleeFlexibleAccessPath | $().html | -| autogenerated/Xss/XssThroughDom/forms.js:35:19:35:30 | values.email | InputAccessPathFromCallee | | -| autogenerated/Xss/XssThroughDom/forms.js:35:19:35:30 | values.email | InputArgumentIndex | 0 | -| autogenerated/Xss/XssThroughDom/forms.js:35:19:35:30 | values.email | assignedToPropName | | -| autogenerated/Xss/XssThroughDom/forms.js:35:19:35:30 | values.email | calleeImports | | -| autogenerated/Xss/XssThroughDom/forms.js:35:19:35:30 | values.email | contextFunctionInterfaces | App()\nFormikBasic()\nHookForm()\nHookForm2()\nhandleSubmit(values, ?)\nmapPropsToValues()\nonSubmit(data)\nonsubmit(e)\nplainReact()\nplainSubmit(e)\nvalidate(values)\nvanillaJS() | -| autogenerated/Xss/XssThroughDom/forms.js:35:19:35:30 | values.email | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/XssThroughDom/forms.js:35:19:35:30 | values.email | enclosingFunctionBody | values submitForm useFormikContext $ #id html values email $ #id html submitForm email | -| autogenerated/Xss/XssThroughDom/forms.js:35:19:35:30 | values.email | enclosingFunctionName | | -| autogenerated/Xss/XssThroughDom/forms.js:35:19:35:30 | values.email | fileImports | formik react react-final-form react-hook-form | -| autogenerated/Xss/XssThroughDom/forms.js:35:19:35:30 | values.email | receiverName | | -| autogenerated/Xss/XssThroughDom/forms.js:35:19:35:30 | values.email | stringConcatenatedWith | | -| autogenerated/Xss/XssThroughDom/forms.js:37:7:37:11 | "#id" | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/XssThroughDom/forms.js:37:7:37:11 | "#id" | InputAccessPathFromCallee | | -| autogenerated/Xss/XssThroughDom/forms.js:37:7:37:11 | "#id" | InputArgumentIndex | 0 | -| autogenerated/Xss/XssThroughDom/forms.js:37:7:37:11 | "#id" | assignedToPropName | | -| autogenerated/Xss/XssThroughDom/forms.js:37:7:37:11 | "#id" | calleeImports | | -| autogenerated/Xss/XssThroughDom/forms.js:37:7:37:11 | "#id" | contextFunctionInterfaces | App()\nFormikBasic()\nHookForm()\nHookForm2()\nhandleSubmit(values, ?)\nmapPropsToValues()\nonSubmit(data)\nonsubmit(e)\nplainReact()\nplainSubmit(e)\nvalidate(values)\nvanillaJS() | -| autogenerated/Xss/XssThroughDom/forms.js:37:7:37:11 | "#id" | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/XssThroughDom/forms.js:37:7:37:11 | "#id" | enclosingFunctionBody | values submitForm useFormikContext $ #id html values email $ #id html submitForm email | -| autogenerated/Xss/XssThroughDom/forms.js:37:7:37:11 | "#id" | enclosingFunctionName | | -| autogenerated/Xss/XssThroughDom/forms.js:37:7:37:11 | "#id" | fileImports | formik react react-final-form react-hook-form | -| autogenerated/Xss/XssThroughDom/forms.js:37:7:37:11 | "#id" | receiverName | | -| autogenerated/Xss/XssThroughDom/forms.js:37:7:37:11 | "#id" | stringConcatenatedWith | | -| autogenerated/Xss/XssThroughDom/forms.js:37:19:37:34 | submitForm.email | CalleeFlexibleAccessPath | $().html | -| autogenerated/Xss/XssThroughDom/forms.js:37:19:37:34 | submitForm.email | InputAccessPathFromCallee | | -| autogenerated/Xss/XssThroughDom/forms.js:37:19:37:34 | submitForm.email | InputArgumentIndex | 0 | -| autogenerated/Xss/XssThroughDom/forms.js:37:19:37:34 | submitForm.email | assignedToPropName | | -| autogenerated/Xss/XssThroughDom/forms.js:37:19:37:34 | submitForm.email | calleeImports | | -| autogenerated/Xss/XssThroughDom/forms.js:37:19:37:34 | submitForm.email | contextFunctionInterfaces | App()\nFormikBasic()\nHookForm()\nHookForm2()\nhandleSubmit(values, ?)\nmapPropsToValues()\nonSubmit(data)\nonsubmit(e)\nplainReact()\nplainSubmit(e)\nvalidate(values)\nvanillaJS() | -| autogenerated/Xss/XssThroughDom/forms.js:37:19:37:34 | submitForm.email | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/XssThroughDom/forms.js:37:19:37:34 | submitForm.email | enclosingFunctionBody | values submitForm useFormikContext $ #id html values email $ #id html submitForm email | -| autogenerated/Xss/XssThroughDom/forms.js:37:19:37:34 | submitForm.email | enclosingFunctionName | | -| autogenerated/Xss/XssThroughDom/forms.js:37:19:37:34 | submitForm.email | fileImports | formik react react-final-form react-hook-form | -| autogenerated/Xss/XssThroughDom/forms.js:37:19:37:34 | submitForm.email | receiverName | | -| autogenerated/Xss/XssThroughDom/forms.js:37:19:37:34 | submitForm.email | stringConcatenatedWith | | -| autogenerated/Xss/XssThroughDom/forms.js:45:9:45:13 | "#id" | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/XssThroughDom/forms.js:45:9:45:13 | "#id" | InputAccessPathFromCallee | | -| autogenerated/Xss/XssThroughDom/forms.js:45:9:45:13 | "#id" | InputArgumentIndex | 0 | -| autogenerated/Xss/XssThroughDom/forms.js:45:9:45:13 | "#id" | assignedToPropName | | -| autogenerated/Xss/XssThroughDom/forms.js:45:9:45:13 | "#id" | calleeImports | | -| autogenerated/Xss/XssThroughDom/forms.js:45:9:45:13 | "#id" | contextFunctionInterfaces | App()\nFormikBasic()\nHookForm()\nHookForm2()\nhandleSubmit(values, ?)\nmapPropsToValues()\nonSubmit(data)\nonsubmit(e)\nplainReact()\nplainSubmit(e)\nvalidate(values)\nvanillaJS() | -| autogenerated/Xss/XssThroughDom/forms.js:45:9:45:13 | "#id" | contextSurroundingFunctionParameters | ()\n(values) | -| autogenerated/Xss/XssThroughDom/forms.js:45:9:45:13 | "#id" | enclosingFunctionBody | Form onSubmit values $ #id html values stooge initialValues stooge larry employed false render handleSubmit form submitting pristine values form onSubmit handleSubmit \n input type text name stooge \n | -| autogenerated/Xss/XssThroughDom/forms.js:45:9:45:13 | "#id" | enclosingFunctionName | App | -| autogenerated/Xss/XssThroughDom/forms.js:45:9:45:13 | "#id" | fileImports | formik react react-final-form react-hook-form | -| autogenerated/Xss/XssThroughDom/forms.js:45:9:45:13 | "#id" | receiverName | | -| autogenerated/Xss/XssThroughDom/forms.js:45:9:45:13 | "#id" | stringConcatenatedWith | | -| autogenerated/Xss/XssThroughDom/forms.js:45:21:45:33 | values.stooge | CalleeFlexibleAccessPath | $().html | -| autogenerated/Xss/XssThroughDom/forms.js:45:21:45:33 | values.stooge | InputAccessPathFromCallee | | -| autogenerated/Xss/XssThroughDom/forms.js:45:21:45:33 | values.stooge | InputArgumentIndex | 0 | -| autogenerated/Xss/XssThroughDom/forms.js:45:21:45:33 | values.stooge | assignedToPropName | | -| autogenerated/Xss/XssThroughDom/forms.js:45:21:45:33 | values.stooge | calleeImports | | -| autogenerated/Xss/XssThroughDom/forms.js:45:21:45:33 | values.stooge | contextFunctionInterfaces | App()\nFormikBasic()\nHookForm()\nHookForm2()\nhandleSubmit(values, ?)\nmapPropsToValues()\nonSubmit(data)\nonsubmit(e)\nplainReact()\nplainSubmit(e)\nvalidate(values)\nvanillaJS() | -| autogenerated/Xss/XssThroughDom/forms.js:45:21:45:33 | values.stooge | contextSurroundingFunctionParameters | ()\n(values) | -| autogenerated/Xss/XssThroughDom/forms.js:45:21:45:33 | values.stooge | enclosingFunctionBody | Form onSubmit values $ #id html values stooge initialValues stooge larry employed false render handleSubmit form submitting pristine values form onSubmit handleSubmit \n input type text name stooge \n | -| autogenerated/Xss/XssThroughDom/forms.js:45:21:45:33 | values.stooge | enclosingFunctionName | App | -| autogenerated/Xss/XssThroughDom/forms.js:45:21:45:33 | values.stooge | fileImports | formik react react-final-form react-hook-form | -| autogenerated/Xss/XssThroughDom/forms.js:45:21:45:33 | values.stooge | receiverName | | -| autogenerated/Xss/XssThroughDom/forms.js:45:21:45:33 | values.stooge | stringConcatenatedWith | | -| autogenerated/Xss/XssThroughDom/forms.js:57:7:57:11 | "#id" | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/XssThroughDom/forms.js:57:7:57:11 | "#id" | InputAccessPathFromCallee | | -| autogenerated/Xss/XssThroughDom/forms.js:57:7:57:11 | "#id" | InputArgumentIndex | 0 | -| autogenerated/Xss/XssThroughDom/forms.js:57:7:57:11 | "#id" | assignedToPropName | | -| autogenerated/Xss/XssThroughDom/forms.js:57:7:57:11 | "#id" | calleeImports | | -| autogenerated/Xss/XssThroughDom/forms.js:57:7:57:11 | "#id" | contextFunctionInterfaces | App()\nFormikBasic()\nHookForm()\nHookForm2()\nhandleSubmit(values, ?)\nmapPropsToValues()\nonSubmit(data)\nonsubmit(e)\nplainReact()\nplainSubmit(e)\nvalidate(values)\nvanillaJS() | -| autogenerated/Xss/XssThroughDom/forms.js:57:7:57:11 | "#id" | contextSurroundingFunctionParameters | (e) | -| autogenerated/Xss/XssThroughDom/forms.js:57:7:57:11 | "#id" | enclosingFunctionBody | e $ #id html e target value | -| autogenerated/Xss/XssThroughDom/forms.js:57:7:57:11 | "#id" | enclosingFunctionName | plainSubmit | -| autogenerated/Xss/XssThroughDom/forms.js:57:7:57:11 | "#id" | fileImports | formik react react-final-form react-hook-form | -| autogenerated/Xss/XssThroughDom/forms.js:57:7:57:11 | "#id" | receiverName | | -| autogenerated/Xss/XssThroughDom/forms.js:57:7:57:11 | "#id" | stringConcatenatedWith | | -| autogenerated/Xss/XssThroughDom/forms.js:57:19:57:32 | e.target.value | CalleeFlexibleAccessPath | $().html | -| autogenerated/Xss/XssThroughDom/forms.js:57:19:57:32 | e.target.value | InputAccessPathFromCallee | | -| autogenerated/Xss/XssThroughDom/forms.js:57:19:57:32 | e.target.value | InputArgumentIndex | 0 | -| autogenerated/Xss/XssThroughDom/forms.js:57:19:57:32 | e.target.value | assignedToPropName | | -| autogenerated/Xss/XssThroughDom/forms.js:57:19:57:32 | e.target.value | calleeImports | | -| autogenerated/Xss/XssThroughDom/forms.js:57:19:57:32 | e.target.value | contextFunctionInterfaces | App()\nFormikBasic()\nHookForm()\nHookForm2()\nhandleSubmit(values, ?)\nmapPropsToValues()\nonSubmit(data)\nonsubmit(e)\nplainReact()\nplainSubmit(e)\nvalidate(values)\nvanillaJS() | -| autogenerated/Xss/XssThroughDom/forms.js:57:19:57:32 | e.target.value | contextSurroundingFunctionParameters | (e) | -| autogenerated/Xss/XssThroughDom/forms.js:57:19:57:32 | e.target.value | enclosingFunctionBody | e $ #id html e target value | -| autogenerated/Xss/XssThroughDom/forms.js:57:19:57:32 | e.target.value | enclosingFunctionName | plainSubmit | -| autogenerated/Xss/XssThroughDom/forms.js:57:19:57:32 | e.target.value | fileImports | formik react react-final-form react-hook-form | -| autogenerated/Xss/XssThroughDom/forms.js:57:19:57:32 | e.target.value | receiverName | | -| autogenerated/Xss/XssThroughDom/forms.js:57:19:57:32 | e.target.value | stringConcatenatedWith | | -| autogenerated/Xss/XssThroughDom/forms.js:72:7:72:11 | "#id" | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/XssThroughDom/forms.js:72:7:72:11 | "#id" | InputAccessPathFromCallee | | -| autogenerated/Xss/XssThroughDom/forms.js:72:7:72:11 | "#id" | InputArgumentIndex | 0 | -| autogenerated/Xss/XssThroughDom/forms.js:72:7:72:11 | "#id" | assignedToPropName | | -| autogenerated/Xss/XssThroughDom/forms.js:72:7:72:11 | "#id" | calleeImports | | -| autogenerated/Xss/XssThroughDom/forms.js:72:7:72:11 | "#id" | contextFunctionInterfaces | App()\nFormikBasic()\nHookForm()\nHookForm2()\nhandleSubmit(values, ?)\nmapPropsToValues()\nonSubmit(data)\nonsubmit(e)\nplainReact()\nplainSubmit(e)\nvalidate(values)\nvanillaJS() | -| autogenerated/Xss/XssThroughDom/forms.js:72:7:72:11 | "#id" | contextSurroundingFunctionParameters | ()\n(data) | -| autogenerated/Xss/XssThroughDom/forms.js:72:7:72:11 | "#id" | enclosingFunctionBody | register handleSubmit errors useForm onSubmit data $ #id html data name form onSubmit handleSubmit onSubmit \n input name name ref register required true \n input type submit \n | -| autogenerated/Xss/XssThroughDom/forms.js:72:7:72:11 | "#id" | enclosingFunctionName | HookForm | -| autogenerated/Xss/XssThroughDom/forms.js:72:7:72:11 | "#id" | fileImports | formik react react-final-form react-hook-form | -| autogenerated/Xss/XssThroughDom/forms.js:72:7:72:11 | "#id" | receiverName | | -| autogenerated/Xss/XssThroughDom/forms.js:72:7:72:11 | "#id" | stringConcatenatedWith | | -| autogenerated/Xss/XssThroughDom/forms.js:72:19:72:27 | data.name | CalleeFlexibleAccessPath | $().html | -| autogenerated/Xss/XssThroughDom/forms.js:72:19:72:27 | data.name | InputAccessPathFromCallee | | -| autogenerated/Xss/XssThroughDom/forms.js:72:19:72:27 | data.name | InputArgumentIndex | 0 | -| autogenerated/Xss/XssThroughDom/forms.js:72:19:72:27 | data.name | assignedToPropName | | -| autogenerated/Xss/XssThroughDom/forms.js:72:19:72:27 | data.name | calleeImports | | -| autogenerated/Xss/XssThroughDom/forms.js:72:19:72:27 | data.name | contextFunctionInterfaces | App()\nFormikBasic()\nHookForm()\nHookForm2()\nhandleSubmit(values, ?)\nmapPropsToValues()\nonSubmit(data)\nonsubmit(e)\nplainReact()\nplainSubmit(e)\nvalidate(values)\nvanillaJS() | -| autogenerated/Xss/XssThroughDom/forms.js:72:19:72:27 | data.name | contextSurroundingFunctionParameters | ()\n(data) | -| autogenerated/Xss/XssThroughDom/forms.js:72:19:72:27 | data.name | enclosingFunctionBody | register handleSubmit errors useForm onSubmit data $ #id html data name form onSubmit handleSubmit onSubmit \n input name name ref register required true \n input type submit \n | -| autogenerated/Xss/XssThroughDom/forms.js:72:19:72:27 | data.name | enclosingFunctionName | HookForm | -| autogenerated/Xss/XssThroughDom/forms.js:72:19:72:27 | data.name | fileImports | formik react react-final-form react-hook-form | -| autogenerated/Xss/XssThroughDom/forms.js:72:19:72:27 | data.name | receiverName | | -| autogenerated/Xss/XssThroughDom/forms.js:72:19:72:27 | data.name | stringConcatenatedWith | | -| autogenerated/Xss/XssThroughDom/forms.js:76:34:76:41 | onSubmit | CalleeFlexibleAccessPath | handleSubmit | -| autogenerated/Xss/XssThroughDom/forms.js:76:34:76:41 | onSubmit | InputAccessPathFromCallee | | -| autogenerated/Xss/XssThroughDom/forms.js:76:34:76:41 | onSubmit | InputArgumentIndex | 0 | -| autogenerated/Xss/XssThroughDom/forms.js:76:34:76:41 | onSubmit | assignedToPropName | | -| autogenerated/Xss/XssThroughDom/forms.js:76:34:76:41 | onSubmit | calleeImports | react-hook-form | -| autogenerated/Xss/XssThroughDom/forms.js:76:34:76:41 | onSubmit | contextFunctionInterfaces | App()\nFormikBasic()\nHookForm()\nHookForm2()\nhandleSubmit(values, ?)\nmapPropsToValues()\nonSubmit(data)\nonsubmit(e)\nplainReact()\nplainSubmit(e)\nvalidate(values)\nvanillaJS() | -| autogenerated/Xss/XssThroughDom/forms.js:76:34:76:41 | onSubmit | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/XssThroughDom/forms.js:76:34:76:41 | onSubmit | enclosingFunctionBody | register handleSubmit errors useForm onSubmit data $ #id html data name form onSubmit handleSubmit onSubmit \n input name name ref register required true \n input type submit \n | -| autogenerated/Xss/XssThroughDom/forms.js:76:34:76:41 | onSubmit | enclosingFunctionName | HookForm | -| autogenerated/Xss/XssThroughDom/forms.js:76:34:76:41 | onSubmit | fileImports | formik react react-final-form react-hook-form | -| autogenerated/Xss/XssThroughDom/forms.js:76:34:76:41 | onSubmit | receiverName | | -| autogenerated/Xss/XssThroughDom/forms.js:76:34:76:41 | onSubmit | stringConcatenatedWith | | -| autogenerated/Xss/XssThroughDom/forms.js:77:42:77:59 | { required: true } | CalleeFlexibleAccessPath | register | -| autogenerated/Xss/XssThroughDom/forms.js:77:42:77:59 | { required: true } | InputAccessPathFromCallee | | -| autogenerated/Xss/XssThroughDom/forms.js:77:42:77:59 | { required: true } | InputArgumentIndex | 0 | -| autogenerated/Xss/XssThroughDom/forms.js:77:42:77:59 | { required: true } | assignedToPropName | | -| autogenerated/Xss/XssThroughDom/forms.js:77:42:77:59 | { required: true } | calleeImports | react-hook-form | -| autogenerated/Xss/XssThroughDom/forms.js:77:42:77:59 | { required: true } | contextFunctionInterfaces | App()\nFormikBasic()\nHookForm()\nHookForm2()\nhandleSubmit(values, ?)\nmapPropsToValues()\nonSubmit(data)\nonsubmit(e)\nplainReact()\nplainSubmit(e)\nvalidate(values)\nvanillaJS() | -| autogenerated/Xss/XssThroughDom/forms.js:77:42:77:59 | { required: true } | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/XssThroughDom/forms.js:77:42:77:59 | { required: true } | enclosingFunctionBody | register handleSubmit errors useForm onSubmit data $ #id html data name form onSubmit handleSubmit onSubmit \n input name name ref register required true \n input type submit \n | -| autogenerated/Xss/XssThroughDom/forms.js:77:42:77:59 | { required: true } | enclosingFunctionName | HookForm | -| autogenerated/Xss/XssThroughDom/forms.js:77:42:77:59 | { required: true } | fileImports | formik react react-final-form react-hook-form | -| autogenerated/Xss/XssThroughDom/forms.js:77:42:77:59 | { required: true } | receiverName | | -| autogenerated/Xss/XssThroughDom/forms.js:77:42:77:59 | { required: true } | stringConcatenatedWith | | -| autogenerated/Xss/XssThroughDom/forms.js:77:54:77:57 | true | CalleeFlexibleAccessPath | register | -| autogenerated/Xss/XssThroughDom/forms.js:77:54:77:57 | true | InputAccessPathFromCallee | 0.required | -| autogenerated/Xss/XssThroughDom/forms.js:77:54:77:57 | true | InputArgumentIndex | 0 | -| autogenerated/Xss/XssThroughDom/forms.js:77:54:77:57 | true | assignedToPropName | required | -| autogenerated/Xss/XssThroughDom/forms.js:77:54:77:57 | true | calleeImports | react-hook-form | -| autogenerated/Xss/XssThroughDom/forms.js:77:54:77:57 | true | contextFunctionInterfaces | App()\nFormikBasic()\nHookForm()\nHookForm2()\nhandleSubmit(values, ?)\nmapPropsToValues()\nonSubmit(data)\nonsubmit(e)\nplainReact()\nplainSubmit(e)\nvalidate(values)\nvanillaJS() | -| autogenerated/Xss/XssThroughDom/forms.js:77:54:77:57 | true | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/XssThroughDom/forms.js:77:54:77:57 | true | enclosingFunctionBody | register handleSubmit errors useForm onSubmit data $ #id html data name form onSubmit handleSubmit onSubmit \n input name name ref register required true \n input type submit \n | -| autogenerated/Xss/XssThroughDom/forms.js:77:54:77:57 | true | enclosingFunctionName | HookForm | -| autogenerated/Xss/XssThroughDom/forms.js:77:54:77:57 | true | fileImports | formik react react-final-form react-hook-form | -| autogenerated/Xss/XssThroughDom/forms.js:77:54:77:57 | true | receiverName | | -| autogenerated/Xss/XssThroughDom/forms.js:77:54:77:57 | true | stringConcatenatedWith | | -| autogenerated/Xss/XssThroughDom/forms.js:93:13:93:17 | "#id" | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/XssThroughDom/forms.js:93:13:93:17 | "#id" | InputAccessPathFromCallee | | -| autogenerated/Xss/XssThroughDom/forms.js:93:13:93:17 | "#id" | InputArgumentIndex | 0 | -| autogenerated/Xss/XssThroughDom/forms.js:93:13:93:17 | "#id" | assignedToPropName | | -| autogenerated/Xss/XssThroughDom/forms.js:93:13:93:17 | "#id" | calleeImports | | -| autogenerated/Xss/XssThroughDom/forms.js:93:13:93:17 | "#id" | contextFunctionInterfaces | App()\nFormikBasic()\nHookForm()\nHookForm2()\nhandleSubmit(values, ?)\nmapPropsToValues()\nonSubmit(data)\nonsubmit(e)\nplainReact()\nplainSubmit(e)\nvalidate(values)\nvanillaJS() | -| autogenerated/Xss/XssThroughDom/forms.js:93:13:93:17 | "#id" | contextSurroundingFunctionParameters | ()\n() | -| autogenerated/Xss/XssThroughDom/forms.js:93:13:93:17 | "#id" | enclosingFunctionBody | register getValues useForm form \n input name name ref register \n button type button onClick values getValues $ #id html values name \n \n | -| autogenerated/Xss/XssThroughDom/forms.js:93:13:93:17 | "#id" | enclosingFunctionName | HookForm2 | -| autogenerated/Xss/XssThroughDom/forms.js:93:13:93:17 | "#id" | fileImports | formik react react-final-form react-hook-form | -| autogenerated/Xss/XssThroughDom/forms.js:93:13:93:17 | "#id" | receiverName | | -| autogenerated/Xss/XssThroughDom/forms.js:93:13:93:17 | "#id" | stringConcatenatedWith | | -| autogenerated/Xss/XssThroughDom/forms.js:93:25:93:35 | values.name | CalleeFlexibleAccessPath | $().html | -| autogenerated/Xss/XssThroughDom/forms.js:93:25:93:35 | values.name | InputAccessPathFromCallee | | -| autogenerated/Xss/XssThroughDom/forms.js:93:25:93:35 | values.name | InputArgumentIndex | 0 | -| autogenerated/Xss/XssThroughDom/forms.js:93:25:93:35 | values.name | assignedToPropName | | -| autogenerated/Xss/XssThroughDom/forms.js:93:25:93:35 | values.name | calleeImports | | -| autogenerated/Xss/XssThroughDom/forms.js:93:25:93:35 | values.name | contextFunctionInterfaces | App()\nFormikBasic()\nHookForm()\nHookForm2()\nhandleSubmit(values, ?)\nmapPropsToValues()\nonSubmit(data)\nonsubmit(e)\nplainReact()\nplainSubmit(e)\nvalidate(values)\nvanillaJS() | -| autogenerated/Xss/XssThroughDom/forms.js:93:25:93:35 | values.name | contextSurroundingFunctionParameters | ()\n() | -| autogenerated/Xss/XssThroughDom/forms.js:93:25:93:35 | values.name | enclosingFunctionBody | register getValues useForm form \n input name name ref register \n button type button onClick values getValues $ #id html values name \n \n | -| autogenerated/Xss/XssThroughDom/forms.js:93:25:93:35 | values.name | enclosingFunctionName | HookForm2 | -| autogenerated/Xss/XssThroughDom/forms.js:93:25:93:35 | values.name | fileImports | formik react react-final-form react-hook-form | -| autogenerated/Xss/XssThroughDom/forms.js:93:25:93:35 | values.name | receiverName | | -| autogenerated/Xss/XssThroughDom/forms.js:93:25:93:35 | values.name | stringConcatenatedWith | | -| autogenerated/Xss/XssThroughDom/forms.js:102:28:102:40 | "form.myform" | CalleeFlexibleAccessPath | document.querySelector | -| autogenerated/Xss/XssThroughDom/forms.js:102:28:102:40 | "form.myform" | InputAccessPathFromCallee | | -| autogenerated/Xss/XssThroughDom/forms.js:102:28:102:40 | "form.myform" | InputArgumentIndex | 0 | -| autogenerated/Xss/XssThroughDom/forms.js:102:28:102:40 | "form.myform" | assignedToPropName | | -| autogenerated/Xss/XssThroughDom/forms.js:102:28:102:40 | "form.myform" | calleeImports | | -| autogenerated/Xss/XssThroughDom/forms.js:102:28:102:40 | "form.myform" | contextFunctionInterfaces | App()\nFormikBasic()\nHookForm()\nHookForm2()\nhandleSubmit(values, ?)\nmapPropsToValues()\nonSubmit(data)\nonsubmit(e)\nplainReact()\nplainSubmit(e)\nvalidate(values)\nvanillaJS() | -| autogenerated/Xss/XssThroughDom/forms.js:102:28:102:40 | "form.myform" | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/XssThroughDom/forms.js:102:28:102:40 | "form.myform" | enclosingFunctionBody | document querySelector form.myform addEventListener submit e $ #id html e target value document querySelector form.myform onsubmit e $ #id html e target value | -| autogenerated/Xss/XssThroughDom/forms.js:102:28:102:40 | "form.myform" | enclosingFunctionName | vanillaJS | -| autogenerated/Xss/XssThroughDom/forms.js:102:28:102:40 | "form.myform" | fileImports | formik react react-final-form react-hook-form | -| autogenerated/Xss/XssThroughDom/forms.js:102:28:102:40 | "form.myform" | receiverName | document | -| autogenerated/Xss/XssThroughDom/forms.js:102:28:102:40 | "form.myform" | stringConcatenatedWith | | -| autogenerated/Xss/XssThroughDom/forms.js:102:60:102:67 | "submit" | CalleeFlexibleAccessPath | document.querySelector().addEventListener | -| autogenerated/Xss/XssThroughDom/forms.js:102:60:102:67 | "submit" | InputAccessPathFromCallee | | -| autogenerated/Xss/XssThroughDom/forms.js:102:60:102:67 | "submit" | InputArgumentIndex | 0 | -| autogenerated/Xss/XssThroughDom/forms.js:102:60:102:67 | "submit" | assignedToPropName | | -| autogenerated/Xss/XssThroughDom/forms.js:102:60:102:67 | "submit" | calleeImports | | -| autogenerated/Xss/XssThroughDom/forms.js:102:60:102:67 | "submit" | contextFunctionInterfaces | App()\nFormikBasic()\nHookForm()\nHookForm2()\nhandleSubmit(values, ?)\nmapPropsToValues()\nonSubmit(data)\nonsubmit(e)\nplainReact()\nplainSubmit(e)\nvalidate(values)\nvanillaJS() | -| autogenerated/Xss/XssThroughDom/forms.js:102:60:102:67 | "submit" | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/XssThroughDom/forms.js:102:60:102:67 | "submit" | enclosingFunctionBody | document querySelector form.myform addEventListener submit e $ #id html e target value document querySelector form.myform onsubmit e $ #id html e target value | -| autogenerated/Xss/XssThroughDom/forms.js:102:60:102:67 | "submit" | enclosingFunctionName | vanillaJS | -| autogenerated/Xss/XssThroughDom/forms.js:102:60:102:67 | "submit" | fileImports | formik react react-final-form react-hook-form | -| autogenerated/Xss/XssThroughDom/forms.js:102:60:102:67 | "submit" | receiverName | | -| autogenerated/Xss/XssThroughDom/forms.js:102:60:102:67 | "submit" | stringConcatenatedWith | | -| autogenerated/Xss/XssThroughDom/forms.js:102:70:104:5 | e => {\\n ... K\\n } | CalleeFlexibleAccessPath | document.querySelector().addEventListener | -| autogenerated/Xss/XssThroughDom/forms.js:102:70:104:5 | e => {\\n ... K\\n } | InputAccessPathFromCallee | | -| autogenerated/Xss/XssThroughDom/forms.js:102:70:104:5 | e => {\\n ... K\\n } | InputArgumentIndex | 1 | -| autogenerated/Xss/XssThroughDom/forms.js:102:70:104:5 | e => {\\n ... K\\n } | assignedToPropName | | -| autogenerated/Xss/XssThroughDom/forms.js:102:70:104:5 | e => {\\n ... K\\n } | calleeImports | | -| autogenerated/Xss/XssThroughDom/forms.js:102:70:104:5 | e => {\\n ... K\\n } | contextFunctionInterfaces | App()\nFormikBasic()\nHookForm()\nHookForm2()\nhandleSubmit(values, ?)\nmapPropsToValues()\nonSubmit(data)\nonsubmit(e)\nplainReact()\nplainSubmit(e)\nvalidate(values)\nvanillaJS() | -| autogenerated/Xss/XssThroughDom/forms.js:102:70:104:5 | e => {\\n ... K\\n } | contextSurroundingFunctionParameters | ()\n(e) | -| autogenerated/Xss/XssThroughDom/forms.js:102:70:104:5 | e => {\\n ... K\\n } | enclosingFunctionBody | document querySelector form.myform addEventListener submit e $ #id html e target value document querySelector form.myform onsubmit e $ #id html e target value | -| autogenerated/Xss/XssThroughDom/forms.js:102:70:104:5 | e => {\\n ... K\\n } | enclosingFunctionName | vanillaJS | -| autogenerated/Xss/XssThroughDom/forms.js:102:70:104:5 | e => {\\n ... K\\n } | fileImports | formik react react-final-form react-hook-form | -| autogenerated/Xss/XssThroughDom/forms.js:102:70:104:5 | e => {\\n ... K\\n } | receiverName | | -| autogenerated/Xss/XssThroughDom/forms.js:102:70:104:5 | e => {\\n ... K\\n } | stringConcatenatedWith | | -| autogenerated/Xss/XssThroughDom/forms.js:103:11:103:15 | "#id" | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/XssThroughDom/forms.js:103:11:103:15 | "#id" | InputAccessPathFromCallee | | -| autogenerated/Xss/XssThroughDom/forms.js:103:11:103:15 | "#id" | InputArgumentIndex | 0 | -| autogenerated/Xss/XssThroughDom/forms.js:103:11:103:15 | "#id" | assignedToPropName | | -| autogenerated/Xss/XssThroughDom/forms.js:103:11:103:15 | "#id" | calleeImports | | -| autogenerated/Xss/XssThroughDom/forms.js:103:11:103:15 | "#id" | contextFunctionInterfaces | App()\nFormikBasic()\nHookForm()\nHookForm2()\nhandleSubmit(values, ?)\nmapPropsToValues()\nonSubmit(data)\nonsubmit(e)\nplainReact()\nplainSubmit(e)\nvalidate(values)\nvanillaJS() | -| autogenerated/Xss/XssThroughDom/forms.js:103:11:103:15 | "#id" | contextSurroundingFunctionParameters | ()\n(e) | -| autogenerated/Xss/XssThroughDom/forms.js:103:11:103:15 | "#id" | enclosingFunctionBody | document querySelector form.myform addEventListener submit e $ #id html e target value document querySelector form.myform onsubmit e $ #id html e target value | -| autogenerated/Xss/XssThroughDom/forms.js:103:11:103:15 | "#id" | enclosingFunctionName | vanillaJS | -| autogenerated/Xss/XssThroughDom/forms.js:103:11:103:15 | "#id" | fileImports | formik react react-final-form react-hook-form | -| autogenerated/Xss/XssThroughDom/forms.js:103:11:103:15 | "#id" | receiverName | | -| autogenerated/Xss/XssThroughDom/forms.js:103:11:103:15 | "#id" | stringConcatenatedWith | | -| autogenerated/Xss/XssThroughDom/forms.js:103:23:103:36 | e.target.value | CalleeFlexibleAccessPath | $().html | -| autogenerated/Xss/XssThroughDom/forms.js:103:23:103:36 | e.target.value | InputAccessPathFromCallee | | -| autogenerated/Xss/XssThroughDom/forms.js:103:23:103:36 | e.target.value | InputArgumentIndex | 0 | -| autogenerated/Xss/XssThroughDom/forms.js:103:23:103:36 | e.target.value | assignedToPropName | | -| autogenerated/Xss/XssThroughDom/forms.js:103:23:103:36 | e.target.value | calleeImports | | -| autogenerated/Xss/XssThroughDom/forms.js:103:23:103:36 | e.target.value | contextFunctionInterfaces | App()\nFormikBasic()\nHookForm()\nHookForm2()\nhandleSubmit(values, ?)\nmapPropsToValues()\nonSubmit(data)\nonsubmit(e)\nplainReact()\nplainSubmit(e)\nvalidate(values)\nvanillaJS() | -| autogenerated/Xss/XssThroughDom/forms.js:103:23:103:36 | e.target.value | contextSurroundingFunctionParameters | ()\n(e) | -| autogenerated/Xss/XssThroughDom/forms.js:103:23:103:36 | e.target.value | enclosingFunctionBody | document querySelector form.myform addEventListener submit e $ #id html e target value document querySelector form.myform onsubmit e $ #id html e target value | -| autogenerated/Xss/XssThroughDom/forms.js:103:23:103:36 | e.target.value | enclosingFunctionName | vanillaJS | -| autogenerated/Xss/XssThroughDom/forms.js:103:23:103:36 | e.target.value | fileImports | formik react react-final-form react-hook-form | -| autogenerated/Xss/XssThroughDom/forms.js:103:23:103:36 | e.target.value | receiverName | | -| autogenerated/Xss/XssThroughDom/forms.js:103:23:103:36 | e.target.value | stringConcatenatedWith | | -| autogenerated/Xss/XssThroughDom/forms.js:106:28:106:40 | "form.myform" | CalleeFlexibleAccessPath | document.querySelector | -| autogenerated/Xss/XssThroughDom/forms.js:106:28:106:40 | "form.myform" | InputAccessPathFromCallee | | -| autogenerated/Xss/XssThroughDom/forms.js:106:28:106:40 | "form.myform" | InputArgumentIndex | 0 | -| autogenerated/Xss/XssThroughDom/forms.js:106:28:106:40 | "form.myform" | assignedToPropName | | -| autogenerated/Xss/XssThroughDom/forms.js:106:28:106:40 | "form.myform" | calleeImports | | -| autogenerated/Xss/XssThroughDom/forms.js:106:28:106:40 | "form.myform" | contextFunctionInterfaces | App()\nFormikBasic()\nHookForm()\nHookForm2()\nhandleSubmit(values, ?)\nmapPropsToValues()\nonSubmit(data)\nonsubmit(e)\nplainReact()\nplainSubmit(e)\nvalidate(values)\nvanillaJS() | -| autogenerated/Xss/XssThroughDom/forms.js:106:28:106:40 | "form.myform" | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/XssThroughDom/forms.js:106:28:106:40 | "form.myform" | enclosingFunctionBody | document querySelector form.myform addEventListener submit e $ #id html e target value document querySelector form.myform onsubmit e $ #id html e target value | -| autogenerated/Xss/XssThroughDom/forms.js:106:28:106:40 | "form.myform" | enclosingFunctionName | vanillaJS | -| autogenerated/Xss/XssThroughDom/forms.js:106:28:106:40 | "form.myform" | fileImports | formik react react-final-form react-hook-form | -| autogenerated/Xss/XssThroughDom/forms.js:106:28:106:40 | "form.myform" | receiverName | document | -| autogenerated/Xss/XssThroughDom/forms.js:106:28:106:40 | "form.myform" | stringConcatenatedWith | | -| autogenerated/Xss/XssThroughDom/forms.js:107:11:107:15 | "#id" | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/XssThroughDom/forms.js:107:11:107:15 | "#id" | InputAccessPathFromCallee | | -| autogenerated/Xss/XssThroughDom/forms.js:107:11:107:15 | "#id" | InputArgumentIndex | 0 | -| autogenerated/Xss/XssThroughDom/forms.js:107:11:107:15 | "#id" | assignedToPropName | | -| autogenerated/Xss/XssThroughDom/forms.js:107:11:107:15 | "#id" | calleeImports | | -| autogenerated/Xss/XssThroughDom/forms.js:107:11:107:15 | "#id" | contextFunctionInterfaces | App()\nFormikBasic()\nHookForm()\nHookForm2()\nhandleSubmit(values, ?)\nmapPropsToValues()\nonSubmit(data)\nonsubmit(e)\nplainReact()\nplainSubmit(e)\nvalidate(values)\nvanillaJS() | -| autogenerated/Xss/XssThroughDom/forms.js:107:11:107:15 | "#id" | contextSurroundingFunctionParameters | ()\n(e) | -| autogenerated/Xss/XssThroughDom/forms.js:107:11:107:15 | "#id" | enclosingFunctionBody | document querySelector form.myform addEventListener submit e $ #id html e target value document querySelector form.myform onsubmit e $ #id html e target value | -| autogenerated/Xss/XssThroughDom/forms.js:107:11:107:15 | "#id" | enclosingFunctionName | vanillaJS | -| autogenerated/Xss/XssThroughDom/forms.js:107:11:107:15 | "#id" | fileImports | formik react react-final-form react-hook-form | -| autogenerated/Xss/XssThroughDom/forms.js:107:11:107:15 | "#id" | receiverName | | -| autogenerated/Xss/XssThroughDom/forms.js:107:11:107:15 | "#id" | stringConcatenatedWith | | -| autogenerated/Xss/XssThroughDom/forms.js:107:23:107:36 | e.target.value | CalleeFlexibleAccessPath | $().html | -| autogenerated/Xss/XssThroughDom/forms.js:107:23:107:36 | e.target.value | InputAccessPathFromCallee | | -| autogenerated/Xss/XssThroughDom/forms.js:107:23:107:36 | e.target.value | InputArgumentIndex | 0 | -| autogenerated/Xss/XssThroughDom/forms.js:107:23:107:36 | e.target.value | assignedToPropName | | -| autogenerated/Xss/XssThroughDom/forms.js:107:23:107:36 | e.target.value | calleeImports | | -| autogenerated/Xss/XssThroughDom/forms.js:107:23:107:36 | e.target.value | contextFunctionInterfaces | App()\nFormikBasic()\nHookForm()\nHookForm2()\nhandleSubmit(values, ?)\nmapPropsToValues()\nonSubmit(data)\nonsubmit(e)\nplainReact()\nplainSubmit(e)\nvalidate(values)\nvanillaJS() | -| autogenerated/Xss/XssThroughDom/forms.js:107:23:107:36 | e.target.value | contextSurroundingFunctionParameters | ()\n(e) | -| autogenerated/Xss/XssThroughDom/forms.js:107:23:107:36 | e.target.value | enclosingFunctionBody | document querySelector form.myform addEventListener submit e $ #id html e target value document querySelector form.myform onsubmit e $ #id html e target value | -| autogenerated/Xss/XssThroughDom/forms.js:107:23:107:36 | e.target.value | enclosingFunctionName | vanillaJS | -| autogenerated/Xss/XssThroughDom/forms.js:107:23:107:36 | e.target.value | fileImports | formik react react-final-form react-hook-form | -| autogenerated/Xss/XssThroughDom/forms.js:107:23:107:36 | e.target.value | receiverName | | -| autogenerated/Xss/XssThroughDom/forms.js:107:23:107:36 | e.target.value | stringConcatenatedWith | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:2:4:2:8 | "#id" | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:2:4:2:8 | "#id" | InputAccessPathFromCallee | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:2:4:2:8 | "#id" | InputArgumentIndex | 0 | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:2:4:2:8 | "#id" | assignedToPropName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:2:4:2:8 | "#id" | calleeImports | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:2:4:2:8 | "#id" | contextFunctionInterfaces | safe1(x)\nsafe2(x) | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:2:4:2:8 | "#id" | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:2:4:2:8 | "#id" | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $

    something

    text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append Section | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:2:4:2:8 | "#id" | enclosingFunctionName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:2:4:2:8 | "#id" | fileImports | anser | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:2:4:2:8 | "#id" | receiverName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:2:4:2:8 | "#id" | stringConcatenatedWith | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:2:16:2:34 | $("textarea").val() | CalleeFlexibleAccessPath | $().html | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:2:16:2:34 | $("textarea").val() | InputAccessPathFromCallee | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:2:16:2:34 | $("textarea").val() | InputArgumentIndex | 0 | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:2:16:2:34 | $("textarea").val() | assignedToPropName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:2:16:2:34 | $("textarea").val() | calleeImports | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:2:16:2:34 | $("textarea").val() | contextFunctionInterfaces | safe1(x)\nsafe2(x) | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:2:16:2:34 | $("textarea").val() | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:2:16:2:34 | $("textarea").val() | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $

    something

    text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append Section | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:2:16:2:34 | $("textarea").val() | enclosingFunctionName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:2:16:2:34 | $("textarea").val() | fileImports | anser | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:2:16:2:34 | $("textarea").val() | receiverName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:2:16:2:34 | $("textarea").val() | stringConcatenatedWith | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:2:18:2:27 | "textarea" | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:2:18:2:27 | "textarea" | InputAccessPathFromCallee | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:2:18:2:27 | "textarea" | InputArgumentIndex | 0 | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:2:18:2:27 | "textarea" | assignedToPropName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:2:18:2:27 | "textarea" | calleeImports | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:2:18:2:27 | "textarea" | contextFunctionInterfaces | safe1(x)\nsafe2(x) | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:2:18:2:27 | "textarea" | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:2:18:2:27 | "textarea" | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $

    something

    text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append Section | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:2:18:2:27 | "textarea" | enclosingFunctionName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:2:18:2:27 | "textarea" | fileImports | anser | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:2:18:2:27 | "textarea" | receiverName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:2:18:2:27 | "textarea" | stringConcatenatedWith | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:4:4:4:8 | "#id" | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:4:4:4:8 | "#id" | InputAccessPathFromCallee | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:4:4:4:8 | "#id" | InputArgumentIndex | 0 | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:4:4:4:8 | "#id" | assignedToPropName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:4:4:4:8 | "#id" | calleeImports | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:4:4:4:8 | "#id" | contextFunctionInterfaces | safe1(x)\nsafe2(x) | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:4:4:4:8 | "#id" | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:4:4:4:8 | "#id" | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $

    something

    text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append Section | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:4:4:4:8 | "#id" | enclosingFunctionName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:4:4:4:8 | "#id" | fileImports | anser | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:4:4:4:8 | "#id" | receiverName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:4:4:4:8 | "#id" | stringConcatenatedWith | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:4:16:4:40 | $(".som ... .text() | CalleeFlexibleAccessPath | $().html | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:4:16:4:40 | $(".som ... .text() | InputAccessPathFromCallee | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:4:16:4:40 | $(".som ... .text() | InputArgumentIndex | 0 | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:4:16:4:40 | $(".som ... .text() | assignedToPropName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:4:16:4:40 | $(".som ... .text() | calleeImports | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:4:16:4:40 | $(".som ... .text() | contextFunctionInterfaces | safe1(x)\nsafe2(x) | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:4:16:4:40 | $(".som ... .text() | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:4:16:4:40 | $(".som ... .text() | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $

    something

    text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append Section | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:4:16:4:40 | $(".som ... .text() | enclosingFunctionName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:4:16:4:40 | $(".som ... .text() | fileImports | anser | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:4:16:4:40 | $(".som ... .text() | receiverName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:4:16:4:40 | $(".som ... .text() | stringConcatenatedWith | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:4:18:4:32 | ".some-element" | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:4:18:4:32 | ".some-element" | InputAccessPathFromCallee | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:4:18:4:32 | ".some-element" | InputArgumentIndex | 0 | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:4:18:4:32 | ".some-element" | assignedToPropName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:4:18:4:32 | ".some-element" | calleeImports | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:4:18:4:32 | ".some-element" | contextFunctionInterfaces | safe1(x)\nsafe2(x) | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:4:18:4:32 | ".some-element" | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:4:18:4:32 | ".some-element" | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $

    something

    text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append Section | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:4:18:4:32 | ".some-element" | enclosingFunctionName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:4:18:4:32 | ".some-element" | fileImports | anser | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:4:18:4:32 | ".some-element" | receiverName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:4:18:4:32 | ".some-element" | stringConcatenatedWith | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:4:6:8 | "#id" | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:4:6:8 | "#id" | InputAccessPathFromCallee | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:4:6:8 | "#id" | InputArgumentIndex | 0 | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:4:6:8 | "#id" | assignedToPropName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:4:6:8 | "#id" | calleeImports | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:4:6:8 | "#id" | contextFunctionInterfaces | safe1(x)\nsafe2(x) | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:4:6:8 | "#id" | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:4:6:8 | "#id" | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $

    something

    text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append Section | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:4:6:8 | "#id" | enclosingFunctionName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:4:6:8 | "#id" | fileImports | anser | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:4:6:8 | "#id" | receiverName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:4:6:8 | "#id" | stringConcatenatedWith | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:16:6:52 | $(".som ... "bar") | CalleeFlexibleAccessPath | $().html | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:16:6:52 | $(".som ... "bar") | InputAccessPathFromCallee | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:16:6:52 | $(".som ... "bar") | InputArgumentIndex | 0 | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:16:6:52 | $(".som ... "bar") | assignedToPropName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:16:6:52 | $(".som ... "bar") | calleeImports | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:16:6:52 | $(".som ... "bar") | contextFunctionInterfaces | safe1(x)\nsafe2(x) | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:16:6:52 | $(".som ... "bar") | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:16:6:52 | $(".som ... "bar") | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $

    something

    text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append Section | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:16:6:52 | $(".som ... "bar") | enclosingFunctionName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:16:6:52 | $(".som ... "bar") | fileImports | anser | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:16:6:52 | $(".som ... "bar") | receiverName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:16:6:52 | $(".som ... "bar") | stringConcatenatedWith | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:18:6:32 | ".some-element" | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:18:6:32 | ".some-element" | InputAccessPathFromCallee | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:18:6:32 | ".some-element" | InputArgumentIndex | 0 | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:18:6:32 | ".some-element" | assignedToPropName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:18:6:32 | ".some-element" | calleeImports | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:18:6:32 | ".some-element" | contextFunctionInterfaces | safe1(x)\nsafe2(x) | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:18:6:32 | ".some-element" | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:18:6:32 | ".some-element" | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $

    something

    text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append Section | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:18:6:32 | ".some-element" | enclosingFunctionName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:18:6:32 | ".some-element" | fileImports | anser | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:18:6:32 | ".some-element" | receiverName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:18:6:32 | ".some-element" | stringConcatenatedWith | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:40:6:44 | "foo" | CalleeFlexibleAccessPath | $().attr | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:40:6:44 | "foo" | InputAccessPathFromCallee | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:40:6:44 | "foo" | InputArgumentIndex | 0 | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:40:6:44 | "foo" | assignedToPropName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:40:6:44 | "foo" | calleeImports | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:40:6:44 | "foo" | contextFunctionInterfaces | safe1(x)\nsafe2(x) | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:40:6:44 | "foo" | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:40:6:44 | "foo" | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $

    something

    text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append Section | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:40:6:44 | "foo" | enclosingFunctionName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:40:6:44 | "foo" | fileImports | anser | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:40:6:44 | "foo" | receiverName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:40:6:44 | "foo" | stringConcatenatedWith | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:47:6:51 | "bar" | CalleeFlexibleAccessPath | $().attr | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:47:6:51 | "bar" | InputAccessPathFromCallee | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:47:6:51 | "bar" | InputArgumentIndex | 1 | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:47:6:51 | "bar" | assignedToPropName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:47:6:51 | "bar" | calleeImports | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:47:6:51 | "bar" | contextFunctionInterfaces | safe1(x)\nsafe2(x) | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:47:6:51 | "bar" | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:47:6:51 | "bar" | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $

    something

    text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append Section | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:47:6:51 | "bar" | enclosingFunctionName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:47:6:51 | "bar" | fileImports | anser | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:47:6:51 | "bar" | receiverName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:47:6:51 | "bar" | stringConcatenatedWith | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:4:7:8 | "#id" | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:4:7:8 | "#id" | InputAccessPathFromCallee | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:4:7:8 | "#id" | InputArgumentIndex | 0 | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:4:7:8 | "#id" | assignedToPropName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:4:7:8 | "#id" | calleeImports | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:4:7:8 | "#id" | contextFunctionInterfaces | safe1(x)\nsafe2(x) | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:4:7:8 | "#id" | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:4:7:8 | "#id" | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $

    something

    text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append Section | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:4:7:8 | "#id" | enclosingFunctionName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:4:7:8 | "#id" | fileImports | anser | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:4:7:8 | "#id" | receiverName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:4:7:8 | "#id" | stringConcatenatedWith | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:16:7:54 | $(".som ... "bar"}) | CalleeFlexibleAccessPath | $().html | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:16:7:54 | $(".som ... "bar"}) | InputAccessPathFromCallee | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:16:7:54 | $(".som ... "bar"}) | InputArgumentIndex | 0 | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:16:7:54 | $(".som ... "bar"}) | assignedToPropName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:16:7:54 | $(".som ... "bar"}) | calleeImports | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:16:7:54 | $(".som ... "bar"}) | contextFunctionInterfaces | safe1(x)\nsafe2(x) | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:16:7:54 | $(".som ... "bar"}) | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:16:7:54 | $(".som ... "bar"}) | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $

    something

    text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append Section | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:16:7:54 | $(".som ... "bar"}) | enclosingFunctionName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:16:7:54 | $(".som ... "bar"}) | fileImports | anser | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:16:7:54 | $(".som ... "bar"}) | receiverName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:16:7:54 | $(".som ... "bar"}) | stringConcatenatedWith | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:18:7:32 | ".some-element" | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:18:7:32 | ".some-element" | InputAccessPathFromCallee | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:18:7:32 | ".some-element" | InputArgumentIndex | 0 | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:18:7:32 | ".some-element" | assignedToPropName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:18:7:32 | ".some-element" | calleeImports | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:18:7:32 | ".some-element" | contextFunctionInterfaces | safe1(x)\nsafe2(x) | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:18:7:32 | ".some-element" | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:18:7:32 | ".some-element" | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $

    something

    text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append Section | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:18:7:32 | ".some-element" | enclosingFunctionName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:18:7:32 | ".some-element" | fileImports | anser | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:18:7:32 | ".some-element" | receiverName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:18:7:32 | ".some-element" | stringConcatenatedWith | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:40:7:53 | {"foo": "bar"} | CalleeFlexibleAccessPath | $().attr | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:40:7:53 | {"foo": "bar"} | InputAccessPathFromCallee | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:40:7:53 | {"foo": "bar"} | InputArgumentIndex | 0 | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:40:7:53 | {"foo": "bar"} | assignedToPropName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:40:7:53 | {"foo": "bar"} | calleeImports | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:40:7:53 | {"foo": "bar"} | contextFunctionInterfaces | safe1(x)\nsafe2(x) | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:40:7:53 | {"foo": "bar"} | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:40:7:53 | {"foo": "bar"} | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $

    something

    text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append Section | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:40:7:53 | {"foo": "bar"} | enclosingFunctionName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:40:7:53 | {"foo": "bar"} | fileImports | anser | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:40:7:53 | {"foo": "bar"} | receiverName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:40:7:53 | {"foo": "bar"} | stringConcatenatedWith | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:48:7:52 | "bar" | CalleeFlexibleAccessPath | $().attr | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:48:7:52 | "bar" | InputAccessPathFromCallee | 0.foo | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:48:7:52 | "bar" | InputArgumentIndex | 0 | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:48:7:52 | "bar" | assignedToPropName | foo | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:48:7:52 | "bar" | calleeImports | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:48:7:52 | "bar" | contextFunctionInterfaces | safe1(x)\nsafe2(x) | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:48:7:52 | "bar" | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:48:7:52 | "bar" | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $

    something

    text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append Section | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:48:7:52 | "bar" | enclosingFunctionName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:48:7:52 | "bar" | fileImports | anser | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:48:7:52 | "bar" | receiverName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:48:7:52 | "bar" | stringConcatenatedWith | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:4:8:8 | "#id" | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:4:8:8 | "#id" | InputAccessPathFromCallee | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:4:8:8 | "#id" | InputArgumentIndex | 0 | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:4:8:8 | "#id" | assignedToPropName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:4:8:8 | "#id" | calleeImports | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:4:8:8 | "#id" | contextFunctionInterfaces | safe1(x)\nsafe2(x) | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:4:8:8 | "#id" | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:4:8:8 | "#id" | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $

    something

    text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append Section | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:4:8:8 | "#id" | enclosingFunctionName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:4:8:8 | "#id" | fileImports | anser | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:4:8:8 | "#id" | receiverName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:4:8:8 | "#id" | stringConcatenatedWith | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:16:8:53 | $(".som ... arget") | CalleeFlexibleAccessPath | $().html | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:16:8:53 | $(".som ... arget") | InputAccessPathFromCallee | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:16:8:53 | $(".som ... arget") | InputArgumentIndex | 0 | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:16:8:53 | $(".som ... arget") | assignedToPropName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:16:8:53 | $(".som ... arget") | calleeImports | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:16:8:53 | $(".som ... arget") | contextFunctionInterfaces | safe1(x)\nsafe2(x) | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:16:8:53 | $(".som ... arget") | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:16:8:53 | $(".som ... arget") | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $

    something

    text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append Section | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:16:8:53 | $(".som ... arget") | enclosingFunctionName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:16:8:53 | $(".som ... arget") | fileImports | anser | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:16:8:53 | $(".som ... arget") | receiverName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:16:8:53 | $(".som ... arget") | stringConcatenatedWith | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:18:8:32 | ".some-element" | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:18:8:32 | ".some-element" | InputAccessPathFromCallee | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:18:8:32 | ".some-element" | InputArgumentIndex | 0 | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:18:8:32 | ".some-element" | assignedToPropName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:18:8:32 | ".some-element" | calleeImports | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:18:8:32 | ".some-element" | contextFunctionInterfaces | safe1(x)\nsafe2(x) | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:18:8:32 | ".some-element" | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:18:8:32 | ".some-element" | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $

    something

    text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append Section | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:18:8:32 | ".some-element" | enclosingFunctionName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:18:8:32 | ".some-element" | fileImports | anser | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:18:8:32 | ".some-element" | receiverName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:18:8:32 | ".some-element" | stringConcatenatedWith | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:40:8:52 | "data-target" | CalleeFlexibleAccessPath | $().attr | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:40:8:52 | "data-target" | InputAccessPathFromCallee | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:40:8:52 | "data-target" | InputArgumentIndex | 0 | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:40:8:52 | "data-target" | assignedToPropName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:40:8:52 | "data-target" | calleeImports | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:40:8:52 | "data-target" | contextFunctionInterfaces | safe1(x)\nsafe2(x) | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:40:8:52 | "data-target" | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:40:8:52 | "data-target" | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $

    something

    text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append Section | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:40:8:52 | "data-target" | enclosingFunctionName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:40:8:52 | "data-target" | fileImports | anser | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:40:8:52 | "data-target" | receiverName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:40:8:52 | "data-target" | stringConcatenatedWith | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:10:4:10:8 | "#id" | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:10:4:10:8 | "#id" | InputAccessPathFromCallee | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:10:4:10:8 | "#id" | InputArgumentIndex | 0 | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:10:4:10:8 | "#id" | assignedToPropName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:10:4:10:8 | "#id" | calleeImports | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:10:4:10:8 | "#id" | contextFunctionInterfaces | safe1(x)\nsafe2(x) | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:10:4:10:8 | "#id" | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:10:4:10:8 | "#id" | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $

    something

    text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append Section | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:10:4:10:8 | "#id" | enclosingFunctionName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:10:4:10:8 | "#id" | fileImports | anser | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:10:4:10:8 | "#id" | receiverName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:10:4:10:8 | "#id" | stringConcatenatedWith | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:11:3:11:42 | documen ... nerText | CalleeFlexibleAccessPath | $().html | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:11:3:11:42 | documen ... nerText | InputAccessPathFromCallee | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:11:3:11:42 | documen ... nerText | InputArgumentIndex | 0 | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:11:3:11:42 | documen ... nerText | assignedToPropName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:11:3:11:42 | documen ... nerText | calleeImports | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:11:3:11:42 | documen ... nerText | contextFunctionInterfaces | safe1(x)\nsafe2(x) | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:11:3:11:42 | documen ... nerText | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:11:3:11:42 | documen ... nerText | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $

    something

    text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append Section | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:11:3:11:42 | documen ... nerText | enclosingFunctionName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:11:3:11:42 | documen ... nerText | fileImports | anser | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:11:3:11:42 | documen ... nerText | receiverName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:11:3:11:42 | documen ... nerText | stringConcatenatedWith | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:11:27:11:31 | "foo" | CalleeFlexibleAccessPath | document.getElementById | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:11:27:11:31 | "foo" | InputAccessPathFromCallee | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:11:27:11:31 | "foo" | InputArgumentIndex | 0 | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:11:27:11:31 | "foo" | assignedToPropName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:11:27:11:31 | "foo" | calleeImports | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:11:27:11:31 | "foo" | contextFunctionInterfaces | safe1(x)\nsafe2(x) | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:11:27:11:31 | "foo" | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:11:27:11:31 | "foo" | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $

    something

    text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append Section | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:11:27:11:31 | "foo" | enclosingFunctionName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:11:27:11:31 | "foo" | fileImports | anser | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:11:27:11:31 | "foo" | receiverName | document | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:11:27:11:31 | "foo" | stringConcatenatedWith | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:14:4:14:8 | "#id" | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:14:4:14:8 | "#id" | InputAccessPathFromCallee | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:14:4:14:8 | "#id" | InputArgumentIndex | 0 | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:14:4:14:8 | "#id" | assignedToPropName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:14:4:14:8 | "#id" | calleeImports | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:14:4:14:8 | "#id" | contextFunctionInterfaces | safe1(x)\nsafe2(x) | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:14:4:14:8 | "#id" | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:14:4:14:8 | "#id" | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $

    something

    text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append Section | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:14:4:14:8 | "#id" | enclosingFunctionName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:14:4:14:8 | "#id" | fileImports | anser | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:14:4:14:8 | "#id" | receiverName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:14:4:14:8 | "#id" | stringConcatenatedWith | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:15:3:15:42 | documen ... nerHTML | CalleeFlexibleAccessPath | $().html | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:15:3:15:42 | documen ... nerHTML | InputAccessPathFromCallee | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:15:3:15:42 | documen ... nerHTML | InputArgumentIndex | 0 | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:15:3:15:42 | documen ... nerHTML | assignedToPropName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:15:3:15:42 | documen ... nerHTML | calleeImports | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:15:3:15:42 | documen ... nerHTML | contextFunctionInterfaces | safe1(x)\nsafe2(x) | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:15:3:15:42 | documen ... nerHTML | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:15:3:15:42 | documen ... nerHTML | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $

    something

    text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append Section | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:15:3:15:42 | documen ... nerHTML | enclosingFunctionName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:15:3:15:42 | documen ... nerHTML | fileImports | anser | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:15:3:15:42 | documen ... nerHTML | receiverName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:15:3:15:42 | documen ... nerHTML | stringConcatenatedWith | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:15:27:15:31 | "foo" | CalleeFlexibleAccessPath | document.getElementById | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:15:27:15:31 | "foo" | InputAccessPathFromCallee | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:15:27:15:31 | "foo" | InputArgumentIndex | 0 | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:15:27:15:31 | "foo" | assignedToPropName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:15:27:15:31 | "foo" | calleeImports | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:15:27:15:31 | "foo" | contextFunctionInterfaces | safe1(x)\nsafe2(x) | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:15:27:15:31 | "foo" | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:15:27:15:31 | "foo" | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $

    something

    text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append Section | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:15:27:15:31 | "foo" | enclosingFunctionName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:15:27:15:31 | "foo" | fileImports | anser | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:15:27:15:31 | "foo" | receiverName | document | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:15:27:15:31 | "foo" | stringConcatenatedWith | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:18:4:18:8 | "#id" | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:18:4:18:8 | "#id" | InputAccessPathFromCallee | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:18:4:18:8 | "#id" | InputArgumentIndex | 0 | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:18:4:18:8 | "#id" | assignedToPropName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:18:4:18:8 | "#id" | calleeImports | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:18:4:18:8 | "#id" | contextFunctionInterfaces | safe1(x)\nsafe2(x) | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:18:4:18:8 | "#id" | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:18:4:18:8 | "#id" | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $

    something

    text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append Section | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:18:4:18:8 | "#id" | enclosingFunctionName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:18:4:18:8 | "#id" | fileImports | anser | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:18:4:18:8 | "#id" | receiverName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:18:4:18:8 | "#id" | stringConcatenatedWith | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:19:3:19:44 | documen ... Content | CalleeFlexibleAccessPath | $().html | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:19:3:19:44 | documen ... Content | InputAccessPathFromCallee | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:19:3:19:44 | documen ... Content | InputArgumentIndex | 0 | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:19:3:19:44 | documen ... Content | assignedToPropName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:19:3:19:44 | documen ... Content | calleeImports | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:19:3:19:44 | documen ... Content | contextFunctionInterfaces | safe1(x)\nsafe2(x) | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:19:3:19:44 | documen ... Content | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:19:3:19:44 | documen ... Content | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $

    something

    text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append Section | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:19:3:19:44 | documen ... Content | enclosingFunctionName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:19:3:19:44 | documen ... Content | fileImports | anser | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:19:3:19:44 | documen ... Content | receiverName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:19:3:19:44 | documen ... Content | stringConcatenatedWith | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:19:27:19:31 | "foo" | CalleeFlexibleAccessPath | document.getElementById | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:19:27:19:31 | "foo" | InputAccessPathFromCallee | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:19:27:19:31 | "foo" | InputArgumentIndex | 0 | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:19:27:19:31 | "foo" | assignedToPropName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:19:27:19:31 | "foo" | calleeImports | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:19:27:19:31 | "foo" | contextFunctionInterfaces | safe1(x)\nsafe2(x) | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:19:27:19:31 | "foo" | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:19:27:19:31 | "foo" | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $

    something

    text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append Section | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:19:27:19:31 | "foo" | enclosingFunctionName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:19:27:19:31 | "foo" | fileImports | anser | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:19:27:19:31 | "foo" | receiverName | document | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:19:27:19:31 | "foo" | stringConcatenatedWith | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:22:4:22:8 | "#id" | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:22:4:22:8 | "#id" | InputAccessPathFromCallee | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:22:4:22:8 | "#id" | InputArgumentIndex | 0 | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:22:4:22:8 | "#id" | assignedToPropName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:22:4:22:8 | "#id" | calleeImports | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:22:4:22:8 | "#id" | contextFunctionInterfaces | safe1(x)\nsafe2(x) | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:22:4:22:8 | "#id" | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:22:4:22:8 | "#id" | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $

    something

    text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append Section | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:22:4:22:8 | "#id" | enclosingFunctionName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:22:4:22:8 | "#id" | fileImports | anser | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:22:4:22:8 | "#id" | receiverName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:22:4:22:8 | "#id" | stringConcatenatedWith | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:23:3:23:48 | documen ... ].value | CalleeFlexibleAccessPath | $().html | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:23:3:23:48 | documen ... ].value | InputAccessPathFromCallee | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:23:3:23:48 | documen ... ].value | InputArgumentIndex | 0 | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:23:3:23:48 | documen ... ].value | assignedToPropName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:23:3:23:48 | documen ... ].value | calleeImports | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:23:3:23:48 | documen ... ].value | contextFunctionInterfaces | safe1(x)\nsafe2(x) | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:23:3:23:48 | documen ... ].value | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:23:3:23:48 | documen ... ].value | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $

    something

    text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append Section | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:23:3:23:48 | documen ... ].value | enclosingFunctionName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:23:3:23:48 | documen ... ].value | fileImports | anser | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:23:3:23:48 | documen ... ].value | receiverName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:23:3:23:48 | documen ... ].value | stringConcatenatedWith | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:23:29:23:38 | "textarea" | CalleeFlexibleAccessPath | document.querySelectorAll | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:23:29:23:38 | "textarea" | InputAccessPathFromCallee | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:23:29:23:38 | "textarea" | InputArgumentIndex | 0 | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:23:29:23:38 | "textarea" | assignedToPropName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:23:29:23:38 | "textarea" | calleeImports | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:23:29:23:38 | "textarea" | contextFunctionInterfaces | safe1(x)\nsafe2(x) | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:23:29:23:38 | "textarea" | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:23:29:23:38 | "textarea" | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $

    something

    text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append Section | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:23:29:23:38 | "textarea" | enclosingFunctionName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:23:29:23:38 | "textarea" | fileImports | anser | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:23:29:23:38 | "textarea" | receiverName | document | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:23:29:23:38 | "textarea" | stringConcatenatedWith | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:26:4:26:8 | "#id" | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:26:4:26:8 | "#id" | InputAccessPathFromCallee | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:26:4:26:8 | "#id" | InputArgumentIndex | 0 | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:26:4:26:8 | "#id" | assignedToPropName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:26:4:26:8 | "#id" | calleeImports | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:26:4:26:8 | "#id" | contextFunctionInterfaces | safe1(x)\nsafe2(x) | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:26:4:26:8 | "#id" | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:26:4:26:8 | "#id" | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $

    something

    text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append Section | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:26:4:26:8 | "#id" | enclosingFunctionName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:26:4:26:8 | "#id" | fileImports | anser | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:26:4:26:8 | "#id" | receiverName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:26:4:26:8 | "#id" | stringConcatenatedWith | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:27:3:27:61 | documen ... arget') | CalleeFlexibleAccessPath | $().html | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:27:3:27:61 | documen ... arget') | InputAccessPathFromCallee | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:27:3:27:61 | documen ... arget') | InputArgumentIndex | 0 | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:27:3:27:61 | documen ... arget') | assignedToPropName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:27:3:27:61 | documen ... arget') | calleeImports | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:27:3:27:61 | documen ... arget') | contextFunctionInterfaces | safe1(x)\nsafe2(x) | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:27:3:27:61 | documen ... arget') | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:27:3:27:61 | documen ... arget') | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $

    something

    text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append Section | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:27:3:27:61 | documen ... arget') | enclosingFunctionName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:27:3:27:61 | documen ... arget') | fileImports | anser | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:27:3:27:61 | documen ... arget') | receiverName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:27:3:27:61 | documen ... arget') | stringConcatenatedWith | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:27:27:27:32 | 'div1' | CalleeFlexibleAccessPath | document.getElementById | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:27:27:27:32 | 'div1' | InputAccessPathFromCallee | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:27:27:27:32 | 'div1' | InputArgumentIndex | 0 | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:27:27:27:32 | 'div1' | assignedToPropName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:27:27:27:32 | 'div1' | calleeImports | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:27:27:27:32 | 'div1' | contextFunctionInterfaces | safe1(x)\nsafe2(x) | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:27:27:27:32 | 'div1' | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:27:27:27:32 | 'div1' | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $

    something

    text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append Section | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:27:27:27:32 | 'div1' | enclosingFunctionName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:27:27:27:32 | 'div1' | fileImports | anser | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:27:27:27:32 | 'div1' | receiverName | document | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:27:27:27:32 | 'div1' | stringConcatenatedWith | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:27:48:27:60 | 'data-target' | CalleeFlexibleAccessPath | document.getElementById().getAttribute | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:27:48:27:60 | 'data-target' | InputAccessPathFromCallee | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:27:48:27:60 | 'data-target' | InputArgumentIndex | 0 | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:27:48:27:60 | 'data-target' | assignedToPropName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:27:48:27:60 | 'data-target' | calleeImports | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:27:48:27:60 | 'data-target' | contextFunctionInterfaces | safe1(x)\nsafe2(x) | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:27:48:27:60 | 'data-target' | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:27:48:27:60 | 'data-target' | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $

    something

    text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append Section | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:27:48:27:60 | 'data-target' | enclosingFunctionName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:27:48:27:60 | 'data-target' | fileImports | anser | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:27:48:27:60 | 'data-target' | receiverName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:27:48:27:60 | 'data-target' | stringConcatenatedWith | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:32:16:32:16 | x | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:32:16:32:16 | x | InputAccessPathFromCallee | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:32:16:32:16 | x | InputArgumentIndex | 0 | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:32:16:32:16 | x | assignedToPropName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:32:16:32:16 | x | calleeImports | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:32:16:32:16 | x | contextFunctionInterfaces | safe1(x)\nsafe2(x) | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:32:16:32:16 | x | contextSurroundingFunctionParameters | (x) | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:32:16:32:16 | x | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $

    something

    text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append Section | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:32:16:32:16 | x | enclosingFunctionName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:32:16:32:16 | x | fileImports | anser | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:32:16:32:16 | x | receiverName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:32:16:32:16 | x | stringConcatenatedWith | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:36:10:36:19 | "textarea" | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:36:10:36:19 | "textarea" | InputAccessPathFromCallee | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:36:10:36:19 | "textarea" | InputArgumentIndex | 0 | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:36:10:36:19 | "textarea" | assignedToPropName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:36:10:36:19 | "textarea" | calleeImports | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:36:10:36:19 | "textarea" | contextFunctionInterfaces | safe1(x)\nsafe2(x) | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:36:10:36:19 | "textarea" | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:36:10:36:19 | "textarea" | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $

    something

    text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append Section | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:36:10:36:19 | "textarea" | enclosingFunctionName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:36:10:36:19 | "textarea" | fileImports | anser | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:36:10:36:19 | "textarea" | receiverName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:36:10:36:19 | "textarea" | stringConcatenatedWith | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:40:16:40:16 | x | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:40:16:40:16 | x | InputAccessPathFromCallee | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:40:16:40:16 | x | InputArgumentIndex | 0 | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:40:16:40:16 | x | assignedToPropName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:40:16:40:16 | x | calleeImports | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:40:16:40:16 | x | contextFunctionInterfaces | safe1(x)\nsafe2(x) | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:40:16:40:16 | x | contextSurroundingFunctionParameters | (x) | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:40:16:40:16 | x | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $

    something

    text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append Section | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:40:16:40:16 | x | enclosingFunctionName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:40:16:40:16 | x | fileImports | anser | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:40:16:40:16 | x | receiverName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:40:16:40:16 | x | stringConcatenatedWith | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:43:10:43:19 | "textarea" | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:43:10:43:19 | "textarea" | InputAccessPathFromCallee | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:43:10:43:19 | "textarea" | InputArgumentIndex | 0 | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:43:10:43:19 | "textarea" | assignedToPropName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:43:10:43:19 | "textarea" | calleeImports | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:43:10:43:19 | "textarea" | contextFunctionInterfaces | safe1(x)\nsafe2(x) | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:43:10:43:19 | "textarea" | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:43:10:43:19 | "textarea" | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $

    something

    text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append Section | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:43:10:43:19 | "textarea" | enclosingFunctionName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:43:10:43:19 | "textarea" | fileImports | anser | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:43:10:43:19 | "textarea" | receiverName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:43:10:43:19 | "textarea" | stringConcatenatedWith | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:46:4:46:8 | "#id" | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:46:4:46:8 | "#id" | InputAccessPathFromCallee | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:46:4:46:8 | "#id" | InputArgumentIndex | 0 | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:46:4:46:8 | "#id" | assignedToPropName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:46:4:46:8 | "#id" | calleeImports | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:46:4:46:8 | "#id" | contextFunctionInterfaces | safe1(x)\nsafe2(x) | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:46:4:46:8 | "#id" | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:46:4:46:8 | "#id" | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $

    something

    text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append Section | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:46:4:46:8 | "#id" | enclosingFunctionName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:46:4:46:8 | "#id" | fileImports | anser | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:46:4:46:8 | "#id" | receiverName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:46:4:46:8 | "#id" | stringConcatenatedWith | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:3:47:40 | $("

    " ... .text() | CalleeFlexibleAccessPath | $().html | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:3:47:40 | $("

    " ... .text() | InputAccessPathFromCallee | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:3:47:40 | $("

    " ... .text() | InputArgumentIndex | 0 | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:3:47:40 | $("

    " ... .text() | assignedToPropName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:3:47:40 | $("

    " ... .text() | calleeImports | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:3:47:40 | $("

    " ... .text() | contextFunctionInterfaces | safe1(x)\nsafe2(x) | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:3:47:40 | $("

    " ... .text() | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:3:47:40 | $("

    " ... .text() | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $

    something

    text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append Section | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:3:47:40 | $("

    " ... .text() | enclosingFunctionName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:3:47:40 | $("

    " ... .text() | fileImports | anser | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:3:47:40 | $("

    " ... .text() | receiverName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:3:47:40 | $("

    " ... .text() | stringConcatenatedWith | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:5:47:9 | "

    " | CalleeFlexibleAccessPath | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:5:47:9 | "

    " | InputAccessPathFromCallee | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:5:47:9 | "

    " | InputArgumentIndex | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:5:47:9 | "

    " | assignedToPropName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:5:47:9 | "

    " | calleeImports | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:5:47:9 | "

    " | contextFunctionInterfaces | safe1(x)\nsafe2(x) | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:5:47:9 | "

    " | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:5:47:9 | "

    " | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $

    something

    text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append Section | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:5:47:9 | "

    " | enclosingFunctionName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:5:47:9 | "

    " | fileImports | anser | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:5:47:9 | "

    " | receiverName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:5:47:9 | "

    " | stringConcatenatedWith | -endpoint- something() + '

    ' | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:5:47:32 | "

    " + ... "

    " | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:5:47:32 | "

    " + ... "

    " | InputAccessPathFromCallee | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:5:47:32 | "

    " + ... "

    " | InputArgumentIndex | 0 | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:5:47:32 | "

    " + ... "

    " | assignedToPropName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:5:47:32 | "

    " + ... "

    " | calleeImports | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:5:47:32 | "

    " + ... "

    " | contextFunctionInterfaces | safe1(x)\nsafe2(x) | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:5:47:32 | "

    " + ... "

    " | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:5:47:32 | "

    " + ... "

    " | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $

    something

    text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append Section | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:5:47:32 | "

    " + ... "

    " | enclosingFunctionName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:5:47:32 | "

    " + ... "

    " | fileImports | anser | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:5:47:32 | "

    " + ... "

    " | receiverName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:5:47:32 | "

    " + ... "

    " | stringConcatenatedWith | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:13:47:23 | something() | CalleeFlexibleAccessPath | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:13:47:23 | something() | InputAccessPathFromCallee | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:13:47:23 | something() | InputArgumentIndex | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:13:47:23 | something() | assignedToPropName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:13:47:23 | something() | calleeImports | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:13:47:23 | something() | contextFunctionInterfaces | safe1(x)\nsafe2(x) | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:13:47:23 | something() | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:13:47:23 | something() | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $

    something

    text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append Section | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:13:47:23 | something() | enclosingFunctionName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:13:47:23 | something() | fileImports | anser | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:13:47:23 | something() | receiverName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:13:47:23 | something() | stringConcatenatedWith | '

    ' -endpoint- '

    ' | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:27:47:32 | "

    " | CalleeFlexibleAccessPath | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:27:47:32 | "

    " | InputAccessPathFromCallee | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:27:47:32 | "

    " | InputArgumentIndex | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:27:47:32 | "

    " | assignedToPropName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:27:47:32 | "

    " | calleeImports | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:27:47:32 | "

    " | contextFunctionInterfaces | safe1(x)\nsafe2(x) | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:27:47:32 | "

    " | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:27:47:32 | "

    " | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $

    something

    text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append Section | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:27:47:32 | "

    " | enclosingFunctionName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:27:47:32 | "

    " | fileImports | anser | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:27:47:32 | "

    " | receiverName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:27:47:32 | "

    " | stringConcatenatedWith | '

    ' + something() -endpoint- | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:4:51:8 | "#id" | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:4:51:8 | "#id" | InputAccessPathFromCallee | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:4:51:8 | "#id" | InputArgumentIndex | 0 | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:4:51:8 | "#id" | assignedToPropName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:4:51:8 | "#id" | calleeImports | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:4:51:8 | "#id" | contextFunctionInterfaces | safe1(x)\nsafe2(x) | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:4:51:8 | "#id" | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:4:51:8 | "#id" | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $

    something

    text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append Section | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:4:51:8 | "#id" | enclosingFunctionName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:4:51:8 | "#id" | fileImports | anser | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:4:51:8 | "#id" | receiverName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:4:51:8 | "#id" | stringConcatenatedWith | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:15:51:15 | 0 | CalleeFlexibleAccessPath | $().get | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:15:51:15 | 0 | InputAccessPathFromCallee | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:15:51:15 | 0 | InputArgumentIndex | 0 | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:15:51:15 | 0 | assignedToPropName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:15:51:15 | 0 | calleeImports | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:15:51:15 | 0 | contextFunctionInterfaces | safe1(x)\nsafe2(x) | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:15:51:15 | 0 | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:15:51:15 | 0 | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $

    something

    text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append Section | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:15:51:15 | 0 | enclosingFunctionName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:15:51:15 | 0 | fileImports | anser | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:15:51:15 | 0 | receiverName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:15:51:15 | 0 | stringConcatenatedWith | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:30:51:48 | $("textarea").val() | CalleeFlexibleAccessPath | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:30:51:48 | $("textarea").val() | InputAccessPathFromCallee | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:30:51:48 | $("textarea").val() | InputArgumentIndex | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:30:51:48 | $("textarea").val() | assignedToPropName | innerHTML | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:30:51:48 | $("textarea").val() | calleeImports | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:30:51:48 | $("textarea").val() | contextFunctionInterfaces | safe1(x)\nsafe2(x) | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:30:51:48 | $("textarea").val() | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:30:51:48 | $("textarea").val() | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $

    something

    text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append Section | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:30:51:48 | $("textarea").val() | enclosingFunctionName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:30:51:48 | $("textarea").val() | fileImports | anser | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:30:51:48 | $("textarea").val() | receiverName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:30:51:48 | $("textarea").val() | stringConcatenatedWith | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:32:51:41 | "textarea" | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:32:51:41 | "textarea" | InputAccessPathFromCallee | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:32:51:41 | "textarea" | InputArgumentIndex | 0 | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:32:51:41 | "textarea" | assignedToPropName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:32:51:41 | "textarea" | calleeImports | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:32:51:41 | "textarea" | contextFunctionInterfaces | safe1(x)\nsafe2(x) | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:32:51:41 | "textarea" | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:32:51:41 | "textarea" | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $

    something

    text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append Section | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:32:51:41 | "textarea" | enclosingFunctionName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:32:51:41 | "textarea" | fileImports | anser | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:32:51:41 | "textarea" | receiverName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:32:51:41 | "textarea" | stringConcatenatedWith | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:53:15:53:19 | "#id" | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:53:15:53:19 | "#id" | InputAccessPathFromCallee | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:53:15:53:19 | "#id" | InputArgumentIndex | 0 | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:53:15:53:19 | "#id" | assignedToPropName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:53:15:53:19 | "#id" | calleeImports | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:53:15:53:19 | "#id" | contextFunctionInterfaces | safe1(x)\nsafe2(x) | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:53:15:53:19 | "#id" | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:53:15:53:19 | "#id" | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $

    something

    text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append Section | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:53:15:53:19 | "#id" | enclosingFunctionName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:53:15:53:19 | "#id" | fileImports | anser | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:53:15:53:19 | "#id" | receiverName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:53:15:53:19 | "#id" | stringConcatenatedWith | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:54:31:54:49 | $("textarea").val() | CalleeFlexibleAccessPath | base.? | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:54:31:54:49 | $("textarea").val() | InputAccessPathFromCallee | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:54:31:54:49 | $("textarea").val() | InputArgumentIndex | 0 | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:54:31:54:49 | $("textarea").val() | assignedToPropName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:54:31:54:49 | $("textarea").val() | calleeImports | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:54:31:54:49 | $("textarea").val() | contextFunctionInterfaces | safe1(x)\nsafe2(x) | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:54:31:54:49 | $("textarea").val() | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:54:31:54:49 | $("textarea").val() | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $

    something

    text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append Section | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:54:31:54:49 | $("textarea").val() | enclosingFunctionName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:54:31:54:49 | $("textarea").val() | fileImports | anser | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:54:31:54:49 | $("textarea").val() | receiverName | base | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:54:31:54:49 | $("textarea").val() | stringConcatenatedWith | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:54:33:54:42 | "textarea" | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:54:33:54:42 | "textarea" | InputAccessPathFromCallee | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:54:33:54:42 | "textarea" | InputArgumentIndex | 0 | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:54:33:54:42 | "textarea" | assignedToPropName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:54:33:54:42 | "textarea" | calleeImports | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:54:33:54:42 | "textarea" | contextFunctionInterfaces | safe1(x)\nsafe2(x) | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:54:33:54:42 | "textarea" | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:54:33:54:42 | "textarea" | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $

    something

    text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append Section | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:54:33:54:42 | "textarea" | enclosingFunctionName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:54:33:54:42 | "textarea" | fileImports | anser | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:54:33:54:42 | "textarea" | receiverName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:54:33:54:42 | "textarea" | stringConcatenatedWith | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:4:56:8 | "#id" | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:4:56:8 | "#id" | InputAccessPathFromCallee | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:4:56:8 | "#id" | InputArgumentIndex | 0 | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:4:56:8 | "#id" | assignedToPropName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:4:56:8 | "#id" | calleeImports | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:4:56:8 | "#id" | contextFunctionInterfaces | safe1(x)\nsafe2(x) | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:4:56:8 | "#id" | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:4:56:8 | "#id" | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $

    something

    text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append Section | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:4:56:8 | "#id" | enclosingFunctionName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:4:56:8 | "#id" | fileImports | anser | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:4:56:8 | "#id" | receiverName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:4:56:8 | "#id" | stringConcatenatedWith | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:15:56:15 | 0 | CalleeFlexibleAccessPath | $().get | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:15:56:15 | 0 | InputAccessPathFromCallee | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:15:56:15 | 0 | InputArgumentIndex | 0 | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:15:56:15 | 0 | assignedToPropName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:15:56:15 | 0 | calleeImports | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:15:56:15 | 0 | contextFunctionInterfaces | safe1(x)\nsafe2(x) | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:15:56:15 | 0 | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:15:56:15 | 0 | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $

    something

    text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append Section | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:15:56:15 | 0 | enclosingFunctionName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:15:56:15 | 0 | fileImports | anser | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:15:56:15 | 0 | receiverName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:15:56:15 | 0 | stringConcatenatedWith | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:30:56:51 | $("inpu ... 0).name | CalleeFlexibleAccessPath | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:30:56:51 | $("inpu ... 0).name | InputAccessPathFromCallee | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:30:56:51 | $("inpu ... 0).name | InputArgumentIndex | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:30:56:51 | $("inpu ... 0).name | assignedToPropName | innerHTML | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:30:56:51 | $("inpu ... 0).name | calleeImports | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:30:56:51 | $("inpu ... 0).name | contextFunctionInterfaces | safe1(x)\nsafe2(x) | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:30:56:51 | $("inpu ... 0).name | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:30:56:51 | $("inpu ... 0).name | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $

    something

    text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append Section | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:30:56:51 | $("inpu ... 0).name | enclosingFunctionName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:30:56:51 | $("inpu ... 0).name | fileImports | anser | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:30:56:51 | $("inpu ... 0).name | receiverName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:30:56:51 | $("inpu ... 0).name | stringConcatenatedWith | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:32:56:38 | "input" | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:32:56:38 | "input" | InputAccessPathFromCallee | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:32:56:38 | "input" | InputArgumentIndex | 0 | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:32:56:38 | "input" | assignedToPropName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:32:56:38 | "input" | calleeImports | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:32:56:38 | "input" | contextFunctionInterfaces | safe1(x)\nsafe2(x) | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:32:56:38 | "input" | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:32:56:38 | "input" | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $

    something

    text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append Section | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:32:56:38 | "input" | enclosingFunctionName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:32:56:38 | "input" | fileImports | anser | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:32:56:38 | "input" | receiverName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:32:56:38 | "input" | stringConcatenatedWith | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:45:56:45 | 0 | CalleeFlexibleAccessPath | $().get | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:45:56:45 | 0 | InputAccessPathFromCallee | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:45:56:45 | 0 | InputArgumentIndex | 0 | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:45:56:45 | 0 | assignedToPropName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:45:56:45 | 0 | calleeImports | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:45:56:45 | 0 | contextFunctionInterfaces | safe1(x)\nsafe2(x) | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:45:56:45 | 0 | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:45:56:45 | 0 | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $

    something

    text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append Section | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:45:56:45 | 0 | enclosingFunctionName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:45:56:45 | 0 | fileImports | anser | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:45:56:45 | 0 | receiverName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:45:56:45 | 0 | stringConcatenatedWith | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:4:57:8 | "#id" | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:4:57:8 | "#id" | InputAccessPathFromCallee | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:4:57:8 | "#id" | InputArgumentIndex | 0 | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:4:57:8 | "#id" | assignedToPropName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:4:57:8 | "#id" | calleeImports | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:4:57:8 | "#id" | contextFunctionInterfaces | safe1(x)\nsafe2(x) | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:4:57:8 | "#id" | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:4:57:8 | "#id" | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $

    something

    text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append Section | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:4:57:8 | "#id" | enclosingFunctionName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:4:57:8 | "#id" | fileImports | anser | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:4:57:8 | "#id" | receiverName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:4:57:8 | "#id" | stringConcatenatedWith | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:15:57:15 | 0 | CalleeFlexibleAccessPath | $().get | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:15:57:15 | 0 | InputAccessPathFromCallee | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:15:57:15 | 0 | InputArgumentIndex | 0 | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:15:57:15 | 0 | assignedToPropName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:15:57:15 | 0 | calleeImports | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:15:57:15 | 0 | contextFunctionInterfaces | safe1(x)\nsafe2(x) | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:15:57:15 | 0 | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:15:57:15 | 0 | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $

    something

    text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append Section | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:15:57:15 | 0 | enclosingFunctionName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:15:57:15 | 0 | fileImports | anser | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:15:57:15 | 0 | receiverName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:15:57:15 | 0 | stringConcatenatedWith | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:30:57:67 | $("inpu ... "name") | CalleeFlexibleAccessPath | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:30:57:67 | $("inpu ... "name") | InputAccessPathFromCallee | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:30:57:67 | $("inpu ... "name") | InputArgumentIndex | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:30:57:67 | $("inpu ... "name") | assignedToPropName | innerHTML | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:30:57:67 | $("inpu ... "name") | calleeImports | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:30:57:67 | $("inpu ... "name") | contextFunctionInterfaces | safe1(x)\nsafe2(x) | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:30:57:67 | $("inpu ... "name") | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:30:57:67 | $("inpu ... "name") | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $

    something

    text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append Section | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:30:57:67 | $("inpu ... "name") | enclosingFunctionName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:30:57:67 | $("inpu ... "name") | fileImports | anser | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:30:57:67 | $("inpu ... "name") | receiverName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:30:57:67 | $("inpu ... "name") | stringConcatenatedWith | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:32:57:38 | "input" | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:32:57:38 | "input" | InputAccessPathFromCallee | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:32:57:38 | "input" | InputArgumentIndex | 0 | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:32:57:38 | "input" | assignedToPropName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:32:57:38 | "input" | calleeImports | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:32:57:38 | "input" | contextFunctionInterfaces | safe1(x)\nsafe2(x) | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:32:57:38 | "input" | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:32:57:38 | "input" | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $

    something

    text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append Section | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:32:57:38 | "input" | enclosingFunctionName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:32:57:38 | "input" | fileImports | anser | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:32:57:38 | "input" | receiverName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:32:57:38 | "input" | stringConcatenatedWith | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:45:57:45 | 0 | CalleeFlexibleAccessPath | $().get | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:45:57:45 | 0 | InputAccessPathFromCallee | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:45:57:45 | 0 | InputArgumentIndex | 0 | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:45:57:45 | 0 | assignedToPropName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:45:57:45 | 0 | calleeImports | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:45:57:45 | 0 | contextFunctionInterfaces | safe1(x)\nsafe2(x) | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:45:57:45 | 0 | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:45:57:45 | 0 | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $

    something

    text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append Section | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:45:57:45 | 0 | enclosingFunctionName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:45:57:45 | 0 | fileImports | anser | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:45:57:45 | 0 | receiverName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:45:57:45 | 0 | stringConcatenatedWith | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:61:57:66 | "name" | CalleeFlexibleAccessPath | $().get().getAttribute | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:61:57:66 | "name" | InputAccessPathFromCallee | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:61:57:66 | "name" | InputArgumentIndex | 0 | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:61:57:66 | "name" | assignedToPropName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:61:57:66 | "name" | calleeImports | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:61:57:66 | "name" | contextFunctionInterfaces | safe1(x)\nsafe2(x) | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:61:57:66 | "name" | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:61:57:66 | "name" | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $

    something

    text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append Section | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:61:57:66 | "name" | enclosingFunctionName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:61:57:66 | "name" | fileImports | anser | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:61:57:66 | "name" | receiverName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:61:57:66 | "name" | stringConcatenatedWith | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:4:59:8 | "#id" | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:4:59:8 | "#id" | InputAccessPathFromCallee | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:4:59:8 | "#id" | InputArgumentIndex | 0 | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:4:59:8 | "#id" | assignedToPropName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:4:59:8 | "#id" | calleeImports | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:4:59:8 | "#id" | contextFunctionInterfaces | safe1(x)\nsafe2(x) | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:4:59:8 | "#id" | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:4:59:8 | "#id" | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $

    something

    text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append Section | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:4:59:8 | "#id" | enclosingFunctionName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:4:59:8 | "#id" | fileImports | anser | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:4:59:8 | "#id" | receiverName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:4:59:8 | "#id" | stringConcatenatedWith | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:15:59:15 | 0 | CalleeFlexibleAccessPath | $().get | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:15:59:15 | 0 | InputAccessPathFromCallee | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:15:59:15 | 0 | InputArgumentIndex | 0 | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:15:59:15 | 0 | assignedToPropName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:15:59:15 | 0 | calleeImports | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:15:59:15 | 0 | contextFunctionInterfaces | safe1(x)\nsafe2(x) | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:15:59:15 | 0 | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:15:59:15 | 0 | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $

    something

    text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append     Section | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:15:59:15 | 0 | enclosingFunctionName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:15:59:15 | 0 | fileImports | anser | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:15:59:15 | 0 | receiverName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:15:59:15 | 0 | stringConcatenatedWith | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:30:59:58 | $("inpu ... e("id") | CalleeFlexibleAccessPath | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:30:59:58 | $("inpu ... e("id") | InputAccessPathFromCallee | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:30:59:58 | $("inpu ... e("id") | InputArgumentIndex | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:30:59:58 | $("inpu ... e("id") | assignedToPropName | innerHTML | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:30:59:58 | $("inpu ... e("id") | calleeImports | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:30:59:58 | $("inpu ... e("id") | contextFunctionInterfaces | safe1(x)\nsafe2(x) | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:30:59:58 | $("inpu ... e("id") | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:30:59:58 | $("inpu ... e("id") | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $

    something

    text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append Section | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:30:59:58 | $("inpu ... e("id") | enclosingFunctionName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:30:59:58 | $("inpu ... e("id") | fileImports | anser | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:30:59:58 | $("inpu ... e("id") | receiverName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:30:59:58 | $("inpu ... e("id") | stringConcatenatedWith | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:32:59:38 | "input" | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:32:59:38 | "input" | InputAccessPathFromCallee | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:32:59:38 | "input" | InputArgumentIndex | 0 | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:32:59:38 | "input" | assignedToPropName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:32:59:38 | "input" | calleeImports | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:32:59:38 | "input" | contextFunctionInterfaces | safe1(x)\nsafe2(x) | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:32:59:38 | "input" | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:32:59:38 | "input" | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $

    something

    text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append Section | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:32:59:38 | "input" | enclosingFunctionName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:32:59:38 | "input" | fileImports | anser | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:32:59:38 | "input" | receiverName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:32:59:38 | "input" | stringConcatenatedWith | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:54:59:57 | "id" | CalleeFlexibleAccessPath | $().getAttribute | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:54:59:57 | "id" | InputAccessPathFromCallee | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:54:59:57 | "id" | InputArgumentIndex | 0 | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:54:59:57 | "id" | assignedToPropName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:54:59:57 | "id" | calleeImports | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:54:59:57 | "id" | contextFunctionInterfaces | safe1(x)\nsafe2(x) | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:54:59:57 | "id" | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:54:59:57 | "id" | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $

    something

    text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append Section | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:54:59:57 | "id" | enclosingFunctionName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:54:59:57 | "id" | fileImports | anser | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:54:59:57 | "id" | receiverName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:54:59:57 | "id" | stringConcatenatedWith | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:4:61:8 | "#id" | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:4:61:8 | "#id" | InputAccessPathFromCallee | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:4:61:8 | "#id" | InputArgumentIndex | 0 | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:4:61:8 | "#id" | assignedToPropName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:4:61:8 | "#id" | calleeImports | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:4:61:8 | "#id" | contextFunctionInterfaces | safe1(x)\nsafe2(x) | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:4:61:8 | "#id" | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:4:61:8 | "#id" | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $

    something

    text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append Section | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:4:61:8 | "#id" | enclosingFunctionName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:4:61:8 | "#id" | fileImports | anser | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:4:61:8 | "#id" | receiverName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:4:61:8 | "#id" | stringConcatenatedWith | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:15:61:15 | 0 | CalleeFlexibleAccessPath | $().get | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:15:61:15 | 0 | InputAccessPathFromCallee | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:15:61:15 | 0 | InputArgumentIndex | 0 | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:15:61:15 | 0 | assignedToPropName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:15:61:15 | 0 | calleeImports | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:15:61:15 | 0 | contextFunctionInterfaces | safe1(x)\nsafe2(x) | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:15:61:15 | 0 | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:15:61:15 | 0 | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $

    something

    text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append Section | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:15:61:15 | 0 | enclosingFunctionName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:15:61:15 | 0 | fileImports | anser | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:15:61:15 | 0 | receiverName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:15:61:15 | 0 | stringConcatenatedWith | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:30:61:69 | $(docum ... value") | CalleeFlexibleAccessPath | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:30:61:69 | $(docum ... value") | InputAccessPathFromCallee | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:30:61:69 | $(docum ... value") | InputArgumentIndex | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:30:61:69 | $(docum ... value") | assignedToPropName | innerHTML | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:30:61:69 | $(docum ... value") | calleeImports | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:30:61:69 | $(docum ... value") | contextFunctionInterfaces | safe1(x)\nsafe2(x) | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:30:61:69 | $(docum ... value") | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:30:61:69 | $(docum ... value") | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $

    something

    text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append Section | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:30:61:69 | $(docum ... value") | enclosingFunctionName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:30:61:69 | $(docum ... value") | fileImports | anser | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:30:61:69 | $(docum ... value") | receiverName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:30:61:69 | $(docum ... value") | stringConcatenatedWith | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:32:61:39 | document | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:32:61:39 | document | InputAccessPathFromCallee | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:32:61:39 | document | InputArgumentIndex | 0 | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:32:61:39 | document | assignedToPropName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:32:61:39 | document | calleeImports | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:32:61:39 | document | contextFunctionInterfaces | safe1(x)\nsafe2(x) | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:32:61:39 | document | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:32:61:39 | document | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $

    something

    text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append Section | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:32:61:39 | document | enclosingFunctionName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:32:61:39 | document | fileImports | anser | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:32:61:39 | document | receiverName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:32:61:39 | document | stringConcatenatedWith | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:47:61:54 | "option" | CalleeFlexibleAccessPath | $().find | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:47:61:54 | "option" | InputAccessPathFromCallee | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:47:61:54 | "option" | InputArgumentIndex | 0 | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:47:61:54 | "option" | assignedToPropName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:47:61:54 | "option" | calleeImports | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:47:61:54 | "option" | contextFunctionInterfaces | safe1(x)\nsafe2(x) | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:47:61:54 | "option" | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:47:61:54 | "option" | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $

    something

    text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append Section | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:47:61:54 | "option" | enclosingFunctionName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:47:61:54 | "option" | fileImports | anser | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:47:61:54 | "option" | receiverName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:47:61:54 | "option" | stringConcatenatedWith | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:62:61:68 | "value" | CalleeFlexibleAccessPath | $().find().attr | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:62:61:68 | "value" | InputAccessPathFromCallee | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:62:61:68 | "value" | InputArgumentIndex | 0 | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:62:61:68 | "value" | assignedToPropName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:62:61:68 | "value" | calleeImports | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:62:61:68 | "value" | contextFunctionInterfaces | safe1(x)\nsafe2(x) | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:62:61:68 | "value" | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:62:61:68 | "value" | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $

    something

    text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append Section | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:62:61:68 | "value" | enclosingFunctionName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:62:61:68 | "value" | fileImports | anser | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:62:61:68 | "value" | receiverName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:62:61:68 | "value" | stringConcatenatedWith | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:63:20:63:29 | "textarea" | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:63:20:63:29 | "textarea" | InputAccessPathFromCallee | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:63:20:63:29 | "textarea" | InputArgumentIndex | 0 | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:63:20:63:29 | "textarea" | assignedToPropName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:63:20:63:29 | "textarea" | calleeImports | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:63:20:63:29 | "textarea" | contextFunctionInterfaces | safe1(x)\nsafe2(x) | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:63:20:63:29 | "textarea" | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:63:20:63:29 | "textarea" | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $

    something

    text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append Section | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:63:20:63:29 | "textarea" | enclosingFunctionName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:63:20:63:29 | "textarea" | fileImports | anser | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:63:20:63:29 | "textarea" | receiverName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:63:20:63:29 | "textarea" | stringConcatenatedWith | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:64:4:64:8 | "#id" | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:64:4:64:8 | "#id" | InputAccessPathFromCallee | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:64:4:64:8 | "#id" | InputArgumentIndex | 0 | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:64:4:64:8 | "#id" | assignedToPropName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:64:4:64:8 | "#id" | calleeImports | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:64:4:64:8 | "#id" | contextFunctionInterfaces | safe1(x)\nsafe2(x) | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:64:4:64:8 | "#id" | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:64:4:64:8 | "#id" | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $

    something

    text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append Section | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:64:4:64:8 | "#id" | enclosingFunctionName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:64:4:64:8 | "#id" | fileImports | anser | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:64:4:64:8 | "#id" | receiverName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:64:4:64:8 | "#id" | stringConcatenatedWith | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:64:15:64:15 | 0 | CalleeFlexibleAccessPath | $().get | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:64:15:64:15 | 0 | InputAccessPathFromCallee | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:64:15:64:15 | 0 | InputArgumentIndex | 0 | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:64:15:64:15 | 0 | assignedToPropName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:64:15:64:15 | 0 | calleeImports | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:64:15:64:15 | 0 | contextFunctionInterfaces | safe1(x)\nsafe2(x) | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:64:15:64:15 | 0 | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:64:15:64:15 | 0 | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $

    something

    text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append Section | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:64:15:64:15 | 0 | enclosingFunctionName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:64:15:64:15 | 0 | fileImports | anser | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:64:15:64:15 | 0 | receiverName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:64:15:64:15 | 0 | stringConcatenatedWith | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:64:30:64:40 | valMethod() | CalleeFlexibleAccessPath | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:64:30:64:40 | valMethod() | InputAccessPathFromCallee | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:64:30:64:40 | valMethod() | InputArgumentIndex | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:64:30:64:40 | valMethod() | assignedToPropName | innerHTML | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:64:30:64:40 | valMethod() | calleeImports | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:64:30:64:40 | valMethod() | contextFunctionInterfaces | safe1(x)\nsafe2(x) | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:64:30:64:40 | valMethod() | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:64:30:64:40 | valMethod() | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $

    something

    text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append Section | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:64:30:64:40 | valMethod() | enclosingFunctionName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:64:30:64:40 | valMethod() | fileImports | anser | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:64:30:64:40 | valMethod() | receiverName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:64:30:64:40 | valMethod() | stringConcatenatedWith | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:66:18:66:25 | document | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:66:18:66:25 | document | InputAccessPathFromCallee | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:66:18:66:25 | document | InputArgumentIndex | 0 | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:66:18:66:25 | document | assignedToPropName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:66:18:66:25 | document | calleeImports | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:66:18:66:25 | document | contextFunctionInterfaces | safe1(x)\nsafe2(x) | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:66:18:66:25 | document | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:66:18:66:25 | document | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $

    something

    text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append Section | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:66:18:66:25 | document | enclosingFunctionName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:66:18:66:25 | document | fileImports | anser | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:66:18:66:25 | document | receiverName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:66:18:66:25 | document | stringConcatenatedWith | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:66:33:66:40 | "option" | CalleeFlexibleAccessPath | $().find | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:66:33:66:40 | "option" | InputAccessPathFromCallee | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:66:33:66:40 | "option" | InputArgumentIndex | 0 | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:66:33:66:40 | "option" | assignedToPropName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:66:33:66:40 | "option" | calleeImports | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:66:33:66:40 | "option" | contextFunctionInterfaces | safe1(x)\nsafe2(x) | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:66:33:66:40 | "option" | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:66:33:66:40 | "option" | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $

    something

    text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append Section | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:66:33:66:40 | "option" | enclosingFunctionName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:66:33:66:40 | "option" | fileImports | anser | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:66:33:66:40 | "option" | receiverName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:66:33:66:40 | "option" | stringConcatenatedWith | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:66:48:66:54 | "value" | CalleeFlexibleAccessPath | $().find().attr | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:66:48:66:54 | "value" | InputAccessPathFromCallee | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:66:48:66:54 | "value" | InputArgumentIndex | 0 | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:66:48:66:54 | "value" | assignedToPropName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:66:48:66:54 | "value" | calleeImports | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:66:48:66:54 | "value" | contextFunctionInterfaces | safe1(x)\nsafe2(x) | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:66:48:66:54 | "value" | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:66:48:66:54 | "value" | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $

    something

    text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append Section | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:66:48:66:54 | "value" | enclosingFunctionName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:66:48:66:54 | "value" | fileImports | anser | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:66:48:66:54 | "value" | receiverName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:66:48:66:54 | "value" | stringConcatenatedWith | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:68:5:68:9 | "#id" | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:68:5:68:9 | "#id" | InputAccessPathFromCallee | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:68:5:68:9 | "#id" | InputArgumentIndex | 0 | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:68:5:68:9 | "#id" | assignedToPropName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:68:5:68:9 | "#id" | calleeImports | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:68:5:68:9 | "#id" | contextFunctionInterfaces | safe1(x)\nsafe2(x) | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:68:5:68:9 | "#id" | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:68:5:68:9 | "#id" | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $

    something

    text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append Section | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:68:5:68:9 | "#id" | enclosingFunctionName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:68:5:68:9 | "#id" | fileImports | anser | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:68:5:68:9 | "#id" | receiverName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:68:5:68:9 | "#id" | stringConcatenatedWith | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:68:16:68:16 | 0 | CalleeFlexibleAccessPath | $().get | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:68:16:68:16 | 0 | InputAccessPathFromCallee | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:68:16:68:16 | 0 | InputArgumentIndex | 0 | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:68:16:68:16 | 0 | assignedToPropName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:68:16:68:16 | 0 | calleeImports | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:68:16:68:16 | 0 | contextFunctionInterfaces | safe1(x)\nsafe2(x) | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:68:16:68:16 | 0 | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:68:16:68:16 | 0 | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $

    something

    text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append Section | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:68:16:68:16 | 0 | enclosingFunctionName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:68:16:68:16 | 0 | fileImports | anser | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:68:16:68:16 | 0 | receiverName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:68:16:68:16 | 0 | stringConcatenatedWith | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:68:31:68:37 | myValue | CalleeFlexibleAccessPath | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:68:31:68:37 | myValue | InputAccessPathFromCallee | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:68:31:68:37 | myValue | InputArgumentIndex | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:68:31:68:37 | myValue | assignedToPropName | innerHTML | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:68:31:68:37 | myValue | calleeImports | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:68:31:68:37 | myValue | contextFunctionInterfaces | safe1(x)\nsafe2(x) | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:68:31:68:37 | myValue | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:68:31:68:37 | myValue | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $

    something

    text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append Section | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:68:31:68:37 | myValue | enclosingFunctionName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:68:31:68:37 | myValue | fileImports | anser | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:68:31:68:37 | myValue | receiverName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:68:31:68:37 | myValue | stringConcatenatedWith | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:71:11:71:32 | $("inpu ... 0).name | CalleeFlexibleAccessPath | $.jGrowl | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:71:11:71:32 | $("inpu ... 0).name | InputAccessPathFromCallee | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:71:11:71:32 | $("inpu ... 0).name | InputArgumentIndex | 0 | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:71:11:71:32 | $("inpu ... 0).name | assignedToPropName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:71:11:71:32 | $("inpu ... 0).name | calleeImports | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:71:11:71:32 | $("inpu ... 0).name | contextFunctionInterfaces | safe1(x)\nsafe2(x) | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:71:11:71:32 | $("inpu ... 0).name | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:71:11:71:32 | $("inpu ... 0).name | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $

    something

    text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append Section | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:71:11:71:32 | $("inpu ... 0).name | enclosingFunctionName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:71:11:71:32 | $("inpu ... 0).name | fileImports | anser | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:71:11:71:32 | $("inpu ... 0).name | receiverName | $ | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:71:11:71:32 | $("inpu ... 0).name | stringConcatenatedWith | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:71:13:71:19 | "input" | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:71:13:71:19 | "input" | InputAccessPathFromCallee | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:71:13:71:19 | "input" | InputArgumentIndex | 0 | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:71:13:71:19 | "input" | assignedToPropName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:71:13:71:19 | "input" | calleeImports | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:71:13:71:19 | "input" | contextFunctionInterfaces | safe1(x)\nsafe2(x) | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:71:13:71:19 | "input" | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:71:13:71:19 | "input" | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $

    something

    text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append Section | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:71:13:71:19 | "input" | enclosingFunctionName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:71:13:71:19 | "input" | fileImports | anser | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:71:13:71:19 | "input" | receiverName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:71:13:71:19 | "input" | stringConcatenatedWith | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:71:26:71:26 | 0 | CalleeFlexibleAccessPath | $().get | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:71:26:71:26 | 0 | InputAccessPathFromCallee | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:71:26:71:26 | 0 | InputArgumentIndex | 0 | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:71:26:71:26 | 0 | assignedToPropName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:71:26:71:26 | 0 | calleeImports | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:71:26:71:26 | 0 | contextFunctionInterfaces | safe1(x)\nsafe2(x) | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:71:26:71:26 | 0 | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:71:26:71:26 | 0 | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $

    something

    text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append Section | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:71:26:71:26 | 0 | enclosingFunctionName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:71:26:71:26 | 0 | fileImports | anser | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:71:26:71:26 | 0 | receiverName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:71:26:71:26 | 0 | stringConcatenatedWith | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:73:22:73:28 | "input" | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:73:22:73:28 | "input" | InputAccessPathFromCallee | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:73:22:73:28 | "input" | InputArgumentIndex | 0 | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:73:22:73:28 | "input" | assignedToPropName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:73:22:73:28 | "input" | calleeImports | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:73:22:73:28 | "input" | contextFunctionInterfaces | safe1(x)\nsafe2(x) | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:73:22:73:28 | "input" | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:73:22:73:28 | "input" | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $

    something

    text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append Section | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:73:22:73:28 | "input" | enclosingFunctionName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:73:22:73:28 | "input" | fileImports | anser | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:73:22:73:28 | "input" | receiverName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:73:22:73:28 | "input" | stringConcatenatedWith | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:73:35:73:35 | 0 | CalleeFlexibleAccessPath | $().get | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:73:35:73:35 | 0 | InputAccessPathFromCallee | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:73:35:73:35 | 0 | InputArgumentIndex | 0 | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:73:35:73:35 | 0 | assignedToPropName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:73:35:73:35 | 0 | calleeImports | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:73:35:73:35 | 0 | contextFunctionInterfaces | safe1(x)\nsafe2(x) | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:73:35:73:35 | 0 | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:73:35:73:35 | 0 | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $

    something

    text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append Section | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:73:35:73:35 | 0 | enclosingFunctionName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:73:35:73:35 | 0 | fileImports | anser | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:73:35:73:35 | 0 | receiverName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:73:35:73:35 | 0 | stringConcatenatedWith | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:75:22:75:31 | "textarea" | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:75:22:75:31 | "textarea" | InputAccessPathFromCallee | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:75:22:75:31 | "textarea" | InputArgumentIndex | 0 | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:75:22:75:31 | "textarea" | assignedToPropName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:75:22:75:31 | "textarea" | calleeImports | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:75:22:75:31 | "textarea" | contextFunctionInterfaces | safe1(x)\nsafe2(x) | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:75:22:75:31 | "textarea" | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:75:22:75:31 | "textarea" | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $

    something

    text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append Section | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:75:22:75:31 | "textarea" | enclosingFunctionName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:75:22:75:31 | "textarea" | fileImports | anser | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:75:22:75:31 | "textarea" | receiverName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:75:22:75:31 | "textarea" | stringConcatenatedWith | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:77:4:77:11 | selector | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:77:4:77:11 | selector | InputAccessPathFromCallee | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:77:4:77:11 | selector | InputArgumentIndex | 0 | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:77:4:77:11 | selector | assignedToPropName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:77:4:77:11 | selector | calleeImports | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:77:4:77:11 | selector | contextFunctionInterfaces | safe1(x)\nsafe2(x) | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:77:4:77:11 | selector | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:77:4:77:11 | selector | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $

    something

    text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append Section | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:77:4:77:11 | selector | enclosingFunctionName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:77:4:77:11 | selector | fileImports | anser | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:77:4:77:11 | selector | receiverName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:77:4:77:11 | selector | stringConcatenatedWith | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:79:4:79:34 | documen ... t.value | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:79:4:79:34 | documen ... t.value | InputAccessPathFromCallee | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:79:4:79:34 | documen ... t.value | InputArgumentIndex | 0 | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:79:4:79:34 | documen ... t.value | assignedToPropName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:79:4:79:34 | documen ... t.value | calleeImports | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:79:4:79:34 | documen ... t.value | contextFunctionInterfaces | safe1(x)\nsafe2(x) | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:79:4:79:34 | documen ... t.value | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:79:4:79:34 | documen ... t.value | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $

    something

    text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append Section | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:79:4:79:34 | documen ... t.value | enclosingFunctionName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:79:4:79:34 | documen ... t.value | fileImports | anser | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:79:4:79:34 | documen ... t.value | receiverName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:79:4:79:34 | documen ... t.value | stringConcatenatedWith | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:4:81:8 | "#id" | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:4:81:8 | "#id" | InputAccessPathFromCallee | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:4:81:8 | "#id" | InputArgumentIndex | 0 | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:4:81:8 | "#id" | assignedToPropName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:4:81:8 | "#id" | calleeImports | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:4:81:8 | "#id" | contextFunctionInterfaces | safe1(x)\nsafe2(x) | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:4:81:8 | "#id" | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:4:81:8 | "#id" | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $

    something

    text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append Section | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:4:81:8 | "#id" | enclosingFunctionName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:4:81:8 | "#id" | fileImports | anser | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:4:81:8 | "#id" | receiverName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:4:81:8 | "#id" | stringConcatenatedWith | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:17:81:43 | $('#foo ... rText') | CalleeFlexibleAccessPath | $().html | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:17:81:43 | $('#foo ... rText') | InputAccessPathFromCallee | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:17:81:43 | $('#foo ... rText') | InputArgumentIndex | 0 | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:17:81:43 | $('#foo ... rText') | assignedToPropName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:17:81:43 | $('#foo ... rText') | calleeImports | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:17:81:43 | $('#foo ... rText') | contextFunctionInterfaces | safe1(x)\nsafe2(x) | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:17:81:43 | $('#foo ... rText') | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:17:81:43 | $('#foo ... rText') | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $

    something

    text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append Section | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:17:81:43 | $('#foo ... rText') | enclosingFunctionName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:17:81:43 | $('#foo ... rText') | fileImports | anser | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:17:81:43 | $('#foo ... rText') | receiverName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:17:81:43 | $('#foo ... rText') | stringConcatenatedWith | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:19:81:24 | '#foo' | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:19:81:24 | '#foo' | InputAccessPathFromCallee | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:19:81:24 | '#foo' | InputArgumentIndex | 0 | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:19:81:24 | '#foo' | assignedToPropName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:19:81:24 | '#foo' | calleeImports | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:19:81:24 | '#foo' | contextFunctionInterfaces | safe1(x)\nsafe2(x) | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:19:81:24 | '#foo' | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:19:81:24 | '#foo' | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $

    something

    text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append Section | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:19:81:24 | '#foo' | enclosingFunctionName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:19:81:24 | '#foo' | fileImports | anser | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:19:81:24 | '#foo' | receiverName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:19:81:24 | '#foo' | stringConcatenatedWith | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:32:81:42 | 'innerText' | CalleeFlexibleAccessPath | $().prop | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:32:81:42 | 'innerText' | InputAccessPathFromCallee | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:32:81:42 | 'innerText' | InputArgumentIndex | 0 | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:32:81:42 | 'innerText' | assignedToPropName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:32:81:42 | 'innerText' | calleeImports | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:32:81:42 | 'innerText' | contextFunctionInterfaces | safe1(x)\nsafe2(x) | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:32:81:42 | 'innerText' | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:32:81:42 | 'innerText' | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $

    something

    text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append Section | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:32:81:42 | 'innerText' | enclosingFunctionName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:32:81:42 | 'innerText' | fileImports | anser | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:32:81:42 | 'innerText' | receiverName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:32:81:42 | 'innerText' | stringConcatenatedWith | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:83:24:83:30 | "anser" | CalleeFlexibleAccessPath | require | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:83:24:83:30 | "anser" | InputAccessPathFromCallee | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:83:24:83:30 | "anser" | InputArgumentIndex | 0 | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:83:24:83:30 | "anser" | assignedToPropName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:83:24:83:30 | "anser" | calleeImports | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:83:24:83:30 | "anser" | contextFunctionInterfaces | safe1(x)\nsafe2(x) | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:83:24:83:30 | "anser" | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:83:24:83:30 | "anser" | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $

    something

    text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append Section | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:83:24:83:30 | "anser" | enclosingFunctionName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:83:24:83:30 | "anser" | fileImports | anser | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:83:24:83:30 | "anser" | receiverName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:83:24:83:30 | "anser" | stringConcatenatedWith | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:84:17:84:22 | "text" | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:84:17:84:22 | "text" | InputAccessPathFromCallee | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:84:17:84:22 | "text" | InputArgumentIndex | 0 | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:84:17:84:22 | "text" | assignedToPropName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:84:17:84:22 | "text" | calleeImports | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:84:17:84:22 | "text" | contextFunctionInterfaces | safe1(x)\nsafe2(x) | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:84:17:84:22 | "text" | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:84:17:84:22 | "text" | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $

    something

    text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append Section | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:84:17:84:22 | "text" | enclosingFunctionName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:84:17:84:22 | "text" | fileImports | anser | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:84:17:84:22 | "text" | receiverName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:84:17:84:22 | "text" | stringConcatenatedWith | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:86:4:86:8 | "#id" | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:86:4:86:8 | "#id" | InputAccessPathFromCallee | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:86:4:86:8 | "#id" | InputArgumentIndex | 0 | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:86:4:86:8 | "#id" | assignedToPropName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:86:4:86:8 | "#id" | calleeImports | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:86:4:86:8 | "#id" | contextFunctionInterfaces | safe1(x)\nsafe2(x) | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:86:4:86:8 | "#id" | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:86:4:86:8 | "#id" | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $

    something

    text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append Section | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:86:4:86:8 | "#id" | enclosingFunctionName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:86:4:86:8 | "#id" | fileImports | anser | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:86:4:86:8 | "#id" | receiverName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:86:4:86:8 | "#id" | stringConcatenatedWith | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:86:16:86:37 | anser.a ... l(text) | CalleeFlexibleAccessPath | $().html | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:86:16:86:37 | anser.a ... l(text) | InputAccessPathFromCallee | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:86:16:86:37 | anser.a ... l(text) | InputArgumentIndex | 0 | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:86:16:86:37 | anser.a ... l(text) | assignedToPropName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:86:16:86:37 | anser.a ... l(text) | calleeImports | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:86:16:86:37 | anser.a ... l(text) | contextFunctionInterfaces | safe1(x)\nsafe2(x) | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:86:16:86:37 | anser.a ... l(text) | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:86:16:86:37 | anser.a ... l(text) | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $

    something

    text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append Section | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:86:16:86:37 | anser.a ... l(text) | enclosingFunctionName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:86:16:86:37 | anser.a ... l(text) | fileImports | anser | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:86:16:86:37 | anser.a ... l(text) | receiverName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:86:16:86:37 | anser.a ... l(text) | stringConcatenatedWith | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:87:4:87:8 | "#id" | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:87:4:87:8 | "#id" | InputAccessPathFromCallee | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:87:4:87:8 | "#id" | InputArgumentIndex | 0 | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:87:4:87:8 | "#id" | assignedToPropName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:87:4:87:8 | "#id" | calleeImports | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:87:4:87:8 | "#id" | contextFunctionInterfaces | safe1(x)\nsafe2(x) | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:87:4:87:8 | "#id" | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:87:4:87:8 | "#id" | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $

    something

    text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append Section | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:87:4:87:8 | "#id" | enclosingFunctionName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:87:4:87:8 | "#id" | fileImports | anser | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:87:4:87:8 | "#id" | receiverName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:87:4:87:8 | "#id" | stringConcatenatedWith | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:87:16:87:40 | new ans ... s(text) | CalleeFlexibleAccessPath | $().html | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:87:16:87:40 | new ans ... s(text) | InputAccessPathFromCallee | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:87:16:87:40 | new ans ... s(text) | InputArgumentIndex | 0 | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:87:16:87:40 | new ans ... s(text) | assignedToPropName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:87:16:87:40 | new ans ... s(text) | calleeImports | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:87:16:87:40 | new ans ... s(text) | contextFunctionInterfaces | safe1(x)\nsafe2(x) | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:87:16:87:40 | new ans ... s(text) | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:87:16:87:40 | new ans ... s(text) | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $

    something

    text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append Section | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:87:16:87:40 | new ans ... s(text) | enclosingFunctionName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:87:16:87:40 | new ans ... s(text) | fileImports | anser | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:87:16:87:40 | new ans ... s(text) | receiverName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:87:16:87:40 | new ans ... s(text) | stringConcatenatedWith | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:89:4:89:15 | "section h1" | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:89:4:89:15 | "section h1" | InputAccessPathFromCallee | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:89:4:89:15 | "section h1" | InputArgumentIndex | 0 | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:89:4:89:15 | "section h1" | assignedToPropName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:89:4:89:15 | "section h1" | calleeImports | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:89:4:89:15 | "section h1" | contextFunctionInterfaces | safe1(x)\nsafe2(x) | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:89:4:89:15 | "section h1" | contextSurroundingFunctionParameters | () | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:89:4:89:15 | "section h1" | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $

    something

    text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append Section | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:89:4:89:15 | "section h1" | enclosingFunctionName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:89:4:89:15 | "section h1" | fileImports | anser | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:89:4:89:15 | "section h1" | receiverName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:89:4:89:15 | "section h1" | stringConcatenatedWith | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:89:23:91:2 | functio ... / OK\\n\\t} | CalleeFlexibleAccessPath | $().each | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:89:23:91:2 | functio ... / OK\\n\\t} | InputAccessPathFromCallee | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:89:23:91:2 | functio ... / OK\\n\\t} | InputArgumentIndex | 0 | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:89:23:91:2 | functio ... / OK\\n\\t} | assignedToPropName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:89:23:91:2 | functio ... / OK\\n\\t} | calleeImports | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:89:23:91:2 | functio ... / OK\\n\\t} | contextFunctionInterfaces | safe1(x)\nsafe2(x) | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:89:23:91:2 | functio ... / OK\\n\\t} | contextSurroundingFunctionParameters | ()\n() | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:89:23:91:2 | functio ... / OK\\n\\t} | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $

    something

    text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append Section | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:89:23:91:2 | functio ... / OK\\n\\t} | enclosingFunctionName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:89:23:91:2 | functio ... / OK\\n\\t} | fileImports | anser | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:89:23:91:2 | functio ... / OK\\n\\t} | receiverName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:89:23:91:2 | functio ... / OK\\n\\t} | stringConcatenatedWith | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:5:90:12 | "nav ul" | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:5:90:12 | "nav ul" | InputAccessPathFromCallee | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:5:90:12 | "nav ul" | InputArgumentIndex | 0 | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:5:90:12 | "nav ul" | assignedToPropName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:5:90:12 | "nav ul" | calleeImports | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:5:90:12 | "nav ul" | contextFunctionInterfaces | safe1(x)\nsafe2(x) | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:5:90:12 | "nav ul" | contextSurroundingFunctionParameters | ()\n() | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:5:90:12 | "nav ul" | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $

    something

    text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append Section | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:5:90:12 | "nav ul" | enclosingFunctionName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:5:90:12 | "nav ul" | fileImports | anser | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:5:90:12 | "nav ul" | receiverName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:5:90:12 | "nav ul" | stringConcatenatedWith | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:22:90:33 | " something

    text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append     Section | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:22:90:33 | "Section' | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:22:90:124 | "" | CalleeFlexibleAccessPath | $().append | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:22:90:124 | "" | InputAccessPathFromCallee | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:22:90:124 | "" | InputArgumentIndex | 0 | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:22:90:124 | "" | assignedToPropName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:22:90:124 | "" | calleeImports | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:22:90:124 | "" | contextFunctionInterfaces | safe1(x)\nsafe2(x) | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:22:90:124 | "" | contextSurroundingFunctionParameters | ()\n() | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:22:90:124 | "" | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $

    something

    text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append     Section | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:22:90:124 | "" | enclosingFunctionName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:22:90:124 | "" | fileImports | anser | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:22:90:124 | "" | receiverName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:22:90:124 | "" | stringConcatenatedWith | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:37:90:106 | $(this) ... +/g,'') | CalleeFlexibleAccessPath | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:37:90:106 | $(this) ... +/g,'') | InputAccessPathFromCallee | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:37:90:106 | $(this) ... +/g,'') | InputArgumentIndex | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:37:90:106 | $(this) ... +/g,'') | assignedToPropName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:37:90:106 | $(this) ... +/g,'') | calleeImports | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:37:90:106 | $(this) ... +/g,'') | contextFunctionInterfaces | safe1(x)\nsafe2(x) | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:37:90:106 | $(this) ... +/g,'') | contextSurroundingFunctionParameters | ()\n() | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:37:90:106 | $(this) ... +/g,'') | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $

    something

    text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append     Section | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:37:90:106 | $(this) ... +/g,'') | enclosingFunctionName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:37:90:106 | $(this) ... +/g,'') | fileImports | anser | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:37:90:106 | $(this) ... +/g,'') | receiverName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:37:90:106 | $(this) ... +/g,'') | stringConcatenatedWith | 'Section' | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:39:90:42 | this | CalleeFlexibleAccessPath | $ | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:39:90:42 | this | InputAccessPathFromCallee | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:39:90:42 | this | InputArgumentIndex | 0 | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:39:90:42 | this | assignedToPropName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:39:90:42 | this | calleeImports | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:39:90:42 | this | contextFunctionInterfaces | safe1(x)\nsafe2(x) | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:39:90:42 | this | contextSurroundingFunctionParameters | ()\n() | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:39:90:42 | this | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $

    something

    text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append Section | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:39:90:42 | this | enclosingFunctionName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:39:90:42 | this | fileImports | anser | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:39:90:42 | this | receiverName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:39:90:42 | this | stringConcatenatedWith | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:110:90:124 | "'>Section" | CalleeFlexibleAccessPath | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:110:90:124 | "'>Section" | InputAccessPathFromCallee | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:110:90:124 | "'>Section" | InputArgumentIndex | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:110:90:124 | "'>Section" | assignedToPropName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:110:90:124 | "'>Section" | calleeImports | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:110:90:124 | "'>Section" | contextFunctionInterfaces | safe1(x)\nsafe2(x) | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:110:90:124 | "'>Section" | contextSurroundingFunctionParameters | ()\n() | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:110:90:124 | "'>Section" | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $

    something

    text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append Section | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:110:90:124 | "'>Section" | enclosingFunctionName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:110:90:124 | "'>Section" | fileImports | anser | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:110:90:124 | "'>Section" | receiverName | | -| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:110:90:124 | "'>Section" | stringConcatenatedWith | ' 100 ... ENERAL' | CalleeFlexibleAccessPath | o.error | -| index.js:46:35:46:69 | c > 100 ... ENERAL' | CalleeFlexibleAccessPath | o.error.call | -| index.js:46:35:46:69 | c > 100 ... ENERAL' | InputAccessPathFromCallee | | -| index.js:46:35:46:69 | c > 100 ... ENERAL' | InputArgumentIndex | 0 | -| index.js:46:35:46:69 | c > 100 ... ENERAL' | InputArgumentIndex | 1 | -| index.js:46:35:46:69 | c > 100 ... ENERAL' | assignedToPropName | | -| index.js:46:35:46:69 | c > 100 ... ENERAL' | calleeImports | | -| index.js:46:35:46:69 | c > 100 ... ENERAL' | contextFunctionInterfaces | c()\nf(cb)\nmain()\nready()\nwithCallback(cb) | -| index.js:46:35:46:69 | c > 100 ... ENERAL' | contextSurroundingFunctionParameters | () | -| index.js:46:35:46:69 | c > 100 ... ENERAL' | enclosingFunctionBody | o async x readyState 4 c 10000 o success c 10000 x status 200 o success call o success_scope x responseText x o o error o error call o error_scope c 10000 TIMED_OUT GENERAL x o x null w setTimeout ready 10 | -| index.js:46:35:46:69 | c > 100 ... ENERAL' | enclosingFunctionName | ready | -| index.js:46:35:46:69 | c > 100 ... ENERAL' | fileImports | child_process fs mongoose underscore | -| index.js:46:35:46:69 | c > 100 ... ENERAL' | receiverName | | -| index.js:46:35:46:69 | c > 100 ... ENERAL' | stringConcatenatedWith | | -| index.js:46:72:46:72 | x | CalleeFlexibleAccessPath | o.error | -| index.js:46:72:46:72 | x | CalleeFlexibleAccessPath | o.error.call | -| index.js:46:72:46:72 | x | InputAccessPathFromCallee | | -| index.js:46:72:46:72 | x | InputArgumentIndex | 1 | -| index.js:46:72:46:72 | x | InputArgumentIndex | 2 | -| index.js:46:72:46:72 | x | assignedToPropName | | -| index.js:46:72:46:72 | x | calleeImports | | -| index.js:46:72:46:72 | x | contextFunctionInterfaces | c()\nf(cb)\nmain()\nready()\nwithCallback(cb) | -| index.js:46:72:46:72 | x | contextSurroundingFunctionParameters | () | -| index.js:46:72:46:72 | x | enclosingFunctionBody | o async x readyState 4 c 10000 o success c 10000 x status 200 o success call o success_scope x responseText x o o error o error call o error_scope c 10000 TIMED_OUT GENERAL x o x null w setTimeout ready 10 | -| index.js:46:72:46:72 | x | enclosingFunctionName | ready | -| index.js:46:72:46:72 | x | fileImports | child_process fs mongoose underscore | -| index.js:46:72:46:72 | x | receiverName | | -| index.js:46:72:46:72 | x | stringConcatenatedWith | | -| index.js:46:75:46:75 | o | CalleeFlexibleAccessPath | o.error | -| index.js:46:75:46:75 | o | CalleeFlexibleAccessPath | o.error.call | -| index.js:46:75:46:75 | o | InputAccessPathFromCallee | | -| index.js:46:75:46:75 | o | InputArgumentIndex | 2 | -| index.js:46:75:46:75 | o | InputArgumentIndex | 3 | -| index.js:46:75:46:75 | o | assignedToPropName | | -| index.js:46:75:46:75 | o | calleeImports | | -| index.js:46:75:46:75 | o | contextFunctionInterfaces | c()\nf(cb)\nmain()\nready()\nwithCallback(cb) | -| index.js:46:75:46:75 | o | contextSurroundingFunctionParameters | () | -| index.js:46:75:46:75 | o | enclosingFunctionBody | o async x readyState 4 c 10000 o success c 10000 x status 200 o success call o success_scope x responseText x o o error o error call o error_scope c 10000 TIMED_OUT GENERAL x o x null w setTimeout ready 10 | -| index.js:46:75:46:75 | o | enclosingFunctionName | ready | -| index.js:46:75:46:75 | o | fileImports | child_process fs mongoose underscore | -| index.js:46:75:46:75 | o | receiverName | | -| index.js:46:75:46:75 | o | stringConcatenatedWith | | -| index.js:50:15:50:19 | ready | CalleeFlexibleAccessPath | w.setTimeout | -| index.js:50:15:50:19 | ready | InputAccessPathFromCallee | | -| index.js:50:15:50:19 | ready | InputArgumentIndex | 0 | -| index.js:50:15:50:19 | ready | assignedToPropName | | -| index.js:50:15:50:19 | ready | calleeImports | | -| index.js:50:15:50:19 | ready | contextFunctionInterfaces | c()\nf(cb)\nmain()\nready()\nwithCallback(cb) | -| index.js:50:15:50:19 | ready | contextSurroundingFunctionParameters | () | -| index.js:50:15:50:19 | ready | enclosingFunctionBody | o async x readyState 4 c 10000 o success c 10000 x status 200 o success call o success_scope x responseText x o o error o error call o error_scope c 10000 TIMED_OUT GENERAL x o x null w setTimeout ready 10 | -| index.js:50:15:50:19 | ready | enclosingFunctionName | ready | -| index.js:50:15:50:19 | ready | fileImports | child_process fs mongoose underscore | -| index.js:50:15:50:19 | ready | receiverName | w | -| index.js:50:15:50:19 | ready | stringConcatenatedWith | | -| index.js:50:22:50:23 | 10 | CalleeFlexibleAccessPath | w.setTimeout | -| index.js:50:22:50:23 | 10 | InputAccessPathFromCallee | | -| index.js:50:22:50:23 | 10 | InputArgumentIndex | 1 | -| index.js:50:22:50:23 | 10 | assignedToPropName | | -| index.js:50:22:50:23 | 10 | calleeImports | | -| index.js:50:22:50:23 | 10 | contextFunctionInterfaces | c()\nf(cb)\nmain()\nready()\nwithCallback(cb) | -| index.js:50:22:50:23 | 10 | contextSurroundingFunctionParameters | () | -| index.js:50:22:50:23 | 10 | enclosingFunctionBody | o async x readyState 4 c 10000 o success c 10000 x status 200 o success call o success_scope x responseText x o o error o error call o error_scope c 10000 TIMED_OUT GENERAL x o x null w setTimeout ready 10 | -| index.js:50:22:50:23 | 10 | enclosingFunctionName | ready | -| index.js:50:22:50:23 | 10 | fileImports | child_process fs mongoose underscore | -| index.js:50:22:50:23 | 10 | receiverName | w | -| index.js:50:22:50:23 | 10 | stringConcatenatedWith | | diff --git a/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/ExtractEndpointDataEvaluation.qlref b/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/ExtractEndpointDataEvaluation.qlref deleted file mode 100644 index 546ff7249d3..00000000000 --- a/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/ExtractEndpointDataEvaluation.qlref +++ /dev/null @@ -1 +0,0 @@ -extraction/ExtractEndpointDataEvaluation.ql diff --git a/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_unit_tests/ExtractEndpointDataEvaluation.expected b/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_unit_tests/ExtractEndpointDataEvaluation.expected deleted file mode 100644 index 23dece7ac94..00000000000 --- a/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_unit_tests/ExtractEndpointDataEvaluation.expected +++ /dev/null @@ -1,530 +0,0 @@ -endpoints -| index.js:1:25:1:33 | "express" | TaintedPath | hasFlowFromSource | false | boolean | -| index.js:1:25:1:33 | "express" | TaintedPath | isConstantExpression | true | boolean | -| index.js:1:25:1:33 | "express" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| index.js:1:25:1:33 | "express" | TaintedPath | sinkLabel | Sink | string | -| index.js:2:26:2:35 | 'mongoose' | TaintedPath | hasFlowFromSource | false | boolean | -| index.js:2:26:2:35 | 'mongoose' | TaintedPath | isConstantExpression | true | boolean | -| index.js:2:26:2:35 | 'mongoose' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| index.js:2:26:2:35 | 'mongoose' | TaintedPath | sinkLabel | Sink | string | -| index.js:3:29:3:34 | 'User' | NosqlInjection | hasFlowFromSource | false | boolean | -| index.js:3:29:3:34 | 'User' | NosqlInjection | isConstantExpression | true | boolean | -| index.js:3:29:3:34 | 'User' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| index.js:3:29:3:34 | 'User' | NosqlInjection | sinkLabel | Unknown | string | -| index.js:3:29:3:34 | 'User' | SqlInjection | hasFlowFromSource | false | boolean | -| index.js:3:29:3:34 | 'User' | SqlInjection | isConstantExpression | true | boolean | -| index.js:3:29:3:34 | 'User' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| index.js:3:29:3:34 | 'User' | SqlInjection | sinkLabel | Unknown | string | -| index.js:3:29:3:34 | 'User' | TaintedPath | hasFlowFromSource | false | boolean | -| index.js:3:29:3:34 | 'User' | TaintedPath | isConstantExpression | true | boolean | -| index.js:3:29:3:34 | 'User' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| index.js:3:29:3:34 | 'User' | TaintedPath | sinkLabel | Unknown | string | -| index.js:3:29:3:34 | 'User' | Xss | hasFlowFromSource | false | boolean | -| index.js:3:29:3:34 | 'User' | Xss | isConstantExpression | true | boolean | -| index.js:3:29:3:34 | 'User' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| index.js:3:29:3:34 | 'User' | Xss | sinkLabel | Unknown | string | -| index.js:3:37:3:40 | null | NosqlInjection | hasFlowFromSource | false | boolean | -| index.js:3:37:3:40 | null | NosqlInjection | isConstantExpression | true | boolean | -| index.js:3:37:3:40 | null | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| index.js:3:37:3:40 | null | NosqlInjection | sinkLabel | Unknown | string | -| index.js:3:37:3:40 | null | SqlInjection | hasFlowFromSource | false | boolean | -| index.js:3:37:3:40 | null | SqlInjection | isConstantExpression | true | boolean | -| index.js:3:37:3:40 | null | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| index.js:3:37:3:40 | null | SqlInjection | sinkLabel | Unknown | string | -| index.js:3:37:3:40 | null | TaintedPath | hasFlowFromSource | false | boolean | -| index.js:3:37:3:40 | null | TaintedPath | isConstantExpression | true | boolean | -| index.js:3:37:3:40 | null | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| index.js:3:37:3:40 | null | TaintedPath | sinkLabel | Unknown | string | -| index.js:3:37:3:40 | null | Xss | hasFlowFromSource | false | boolean | -| index.js:3:37:3:40 | null | Xss | isConstantExpression | true | boolean | -| index.js:3:37:3:40 | null | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| index.js:3:37:3:40 | null | Xss | sinkLabel | Unknown | string | -| index.js:8:12:8:21 | '/isAdmin' | NosqlInjection | hasFlowFromSource | false | boolean | -| index.js:8:12:8:21 | '/isAdmin' | NosqlInjection | isConstantExpression | true | boolean | -| index.js:8:12:8:21 | '/isAdmin' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| index.js:8:12:8:21 | '/isAdmin' | NosqlInjection | sinkLabel | Unknown | string | -| index.js:8:12:8:21 | '/isAdmin' | SqlInjection | hasFlowFromSource | false | boolean | -| index.js:8:12:8:21 | '/isAdmin' | SqlInjection | isConstantExpression | true | boolean | -| index.js:8:12:8:21 | '/isAdmin' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| index.js:8:12:8:21 | '/isAdmin' | SqlInjection | sinkLabel | Unknown | string | -| index.js:8:12:8:21 | '/isAdmin' | TaintedPath | hasFlowFromSource | false | boolean | -| index.js:8:12:8:21 | '/isAdmin' | TaintedPath | isConstantExpression | true | boolean | -| index.js:8:12:8:21 | '/isAdmin' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| index.js:8:12:8:21 | '/isAdmin' | TaintedPath | sinkLabel | Unknown | string | -| index.js:8:12:8:21 | '/isAdmin' | Xss | hasFlowFromSource | false | boolean | -| index.js:8:12:8:21 | '/isAdmin' | Xss | isConstantExpression | true | boolean | -| index.js:8:12:8:21 | '/isAdmin' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| index.js:8:12:8:21 | '/isAdmin' | Xss | sinkLabel | Unknown | string | -| index.js:8:24:10:3 | (req, r ... });\\n } | NosqlInjection | hasFlowFromSource | false | boolean | -| index.js:8:24:10:3 | (req, r ... });\\n } | NosqlInjection | isConstantExpression | false | boolean | -| index.js:8:24:10:3 | (req, r ... });\\n } | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| index.js:8:24:10:3 | (req, r ... });\\n } | NosqlInjection | sinkLabel | Unknown | string | -| index.js:8:24:10:3 | (req, r ... });\\n } | SqlInjection | hasFlowFromSource | false | boolean | -| index.js:8:24:10:3 | (req, r ... });\\n } | SqlInjection | isConstantExpression | false | boolean | -| index.js:8:24:10:3 | (req, r ... });\\n } | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| index.js:8:24:10:3 | (req, r ... });\\n } | SqlInjection | sinkLabel | Unknown | string | -| index.js:8:24:10:3 | (req, r ... });\\n } | TaintedPath | hasFlowFromSource | false | boolean | -| index.js:8:24:10:3 | (req, r ... });\\n } | TaintedPath | isConstantExpression | false | boolean | -| index.js:8:24:10:3 | (req, r ... });\\n } | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| index.js:8:24:10:3 | (req, r ... });\\n } | TaintedPath | sinkLabel | Unknown | string | -| index.js:8:24:10:3 | (req, r ... });\\n } | Xss | hasFlowFromSource | false | boolean | -| index.js:8:24:10:3 | (req, r ... });\\n } | Xss | isConstantExpression | false | boolean | -| index.js:8:24:10:3 | (req, r ... });\\n } | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| index.js:8:24:10:3 | (req, r ... });\\n } | Xss | sinkLabel | Unknown | string | -| index.js:9:15:9:45 | { 'isAd ... Admin } | NosqlInjection | hasFlowFromSource | true | boolean | -| index.js:9:15:9:45 | { 'isAd ... Admin } | NosqlInjection | isConstantExpression | false | boolean | -| index.js:9:15:9:45 | { 'isAd ... Admin } | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| index.js:9:15:9:45 | { 'isAd ... Admin } | NosqlInjection | sinkLabel | Sink | string | -| index.js:9:28:9:43 | req.body.isAdmin | SqlInjection | hasFlowFromSource | true | boolean | -| index.js:9:28:9:43 | req.body.isAdmin | SqlInjection | isConstantExpression | false | boolean | -| index.js:9:28:9:43 | req.body.isAdmin | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| index.js:9:28:9:43 | req.body.isAdmin | SqlInjection | sinkLabel | Unknown | string | -| index.js:9:28:9:43 | req.body.isAdmin | TaintedPath | hasFlowFromSource | true | boolean | -| index.js:9:28:9:43 | req.body.isAdmin | TaintedPath | isConstantExpression | false | boolean | -| index.js:9:28:9:43 | req.body.isAdmin | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| index.js:9:28:9:43 | req.body.isAdmin | TaintedPath | sinkLabel | Unknown | string | -| index.js:9:28:9:43 | req.body.isAdmin | Xss | hasFlowFromSource | true | boolean | -| index.js:9:28:9:43 | req.body.isAdmin | Xss | isConstantExpression | false | boolean | -| index.js:9:28:9:43 | req.body.isAdmin | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| index.js:9:28:9:43 | req.body.isAdmin | Xss | sinkLabel | Unknown | string | -| index.js:14:12:14:21 | '/isAdmin' | NosqlInjection | hasFlowFromSource | false | boolean | -| index.js:14:12:14:21 | '/isAdmin' | NosqlInjection | isConstantExpression | true | boolean | -| index.js:14:12:14:21 | '/isAdmin' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| index.js:14:12:14:21 | '/isAdmin' | NosqlInjection | sinkLabel | Unknown | string | -| index.js:14:12:14:21 | '/isAdmin' | SqlInjection | hasFlowFromSource | false | boolean | -| index.js:14:12:14:21 | '/isAdmin' | SqlInjection | isConstantExpression | true | boolean | -| index.js:14:12:14:21 | '/isAdmin' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| index.js:14:12:14:21 | '/isAdmin' | SqlInjection | sinkLabel | Unknown | string | -| index.js:14:12:14:21 | '/isAdmin' | TaintedPath | hasFlowFromSource | false | boolean | -| index.js:14:12:14:21 | '/isAdmin' | TaintedPath | isConstantExpression | true | boolean | -| index.js:14:12:14:21 | '/isAdmin' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| index.js:14:12:14:21 | '/isAdmin' | TaintedPath | sinkLabel | Unknown | string | -| index.js:14:12:14:21 | '/isAdmin' | Xss | hasFlowFromSource | false | boolean | -| index.js:14:12:14:21 | '/isAdmin' | Xss | isConstantExpression | true | boolean | -| index.js:14:12:14:21 | '/isAdmin' | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| index.js:14:12:14:21 | '/isAdmin' | Xss | sinkLabel | Unknown | string | -| index.js:14:24:16:3 | (req, r ... n);\\n } | NosqlInjection | hasFlowFromSource | false | boolean | -| index.js:14:24:16:3 | (req, r ... n);\\n } | NosqlInjection | isConstantExpression | false | boolean | -| index.js:14:24:16:3 | (req, r ... n);\\n } | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| index.js:14:24:16:3 | (req, r ... n);\\n } | NosqlInjection | sinkLabel | Unknown | string | -| index.js:14:24:16:3 | (req, r ... n);\\n } | SqlInjection | hasFlowFromSource | false | boolean | -| index.js:14:24:16:3 | (req, r ... n);\\n } | SqlInjection | isConstantExpression | false | boolean | -| index.js:14:24:16:3 | (req, r ... n);\\n } | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| index.js:14:24:16:3 | (req, r ... n);\\n } | SqlInjection | sinkLabel | Unknown | string | -| index.js:14:24:16:3 | (req, r ... n);\\n } | TaintedPath | hasFlowFromSource | false | boolean | -| index.js:14:24:16:3 | (req, r ... n);\\n } | TaintedPath | isConstantExpression | false | boolean | -| index.js:14:24:16:3 | (req, r ... n);\\n } | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| index.js:14:24:16:3 | (req, r ... n);\\n } | TaintedPath | sinkLabel | Unknown | string | -| index.js:14:24:16:3 | (req, r ... n);\\n } | Xss | hasFlowFromSource | false | boolean | -| index.js:14:24:16:3 | (req, r ... n);\\n } | Xss | isConstantExpression | false | boolean | -| index.js:14:24:16:3 | (req, r ... n);\\n } | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| index.js:14:24:16:3 | (req, r ... n);\\n } | Xss | sinkLabel | Unknown | string | -| index.js:15:17:15:32 | req.body.isAdmin | NosqlInjection | hasFlowFromSource | true | boolean | -| index.js:15:17:15:32 | req.body.isAdmin | NosqlInjection | isConstantExpression | false | boolean | -| index.js:15:17:15:32 | req.body.isAdmin | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| index.js:15:17:15:32 | req.body.isAdmin | NosqlInjection | notASinkReason | LoggerMethod | string | -| index.js:15:17:15:32 | req.body.isAdmin | NosqlInjection | sinkLabel | NotASink | string | -| index.js:15:17:15:32 | req.body.isAdmin | SqlInjection | hasFlowFromSource | true | boolean | -| index.js:15:17:15:32 | req.body.isAdmin | SqlInjection | isConstantExpression | false | boolean | -| index.js:15:17:15:32 | req.body.isAdmin | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| index.js:15:17:15:32 | req.body.isAdmin | SqlInjection | notASinkReason | LoggerMethod | string | -| index.js:15:17:15:32 | req.body.isAdmin | SqlInjection | sinkLabel | NotASink | string | -| index.js:15:17:15:32 | req.body.isAdmin | TaintedPath | hasFlowFromSource | true | boolean | -| index.js:15:17:15:32 | req.body.isAdmin | TaintedPath | isConstantExpression | false | boolean | -| index.js:15:17:15:32 | req.body.isAdmin | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| index.js:15:17:15:32 | req.body.isAdmin | TaintedPath | notASinkReason | LoggerMethod | string | -| index.js:15:17:15:32 | req.body.isAdmin | TaintedPath | sinkLabel | NotASink | string | -| index.js:15:17:15:32 | req.body.isAdmin | Xss | hasFlowFromSource | true | boolean | -| index.js:15:17:15:32 | req.body.isAdmin | Xss | isConstantExpression | false | boolean | -| index.js:15:17:15:32 | req.body.isAdmin | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| index.js:15:17:15:32 | req.body.isAdmin | Xss | notASinkReason | LoggerMethod | string | -| index.js:15:17:15:32 | req.body.isAdmin | Xss | sinkLabel | NotASink | string | -| index.js:20:13:20:31 | { 'isAdmin': true } | NosqlInjection | hasFlowFromSource | false | boolean | -| index.js:20:13:20:31 | { 'isAdmin': true } | NosqlInjection | isConstantExpression | false | boolean | -| index.js:20:13:20:31 | { 'isAdmin': true } | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| index.js:20:13:20:31 | { 'isAdmin': true } | NosqlInjection | sinkLabel | Sink | string | -| index.js:20:26:20:29 | true | SqlInjection | hasFlowFromSource | false | boolean | -| index.js:20:26:20:29 | true | SqlInjection | isConstantExpression | true | boolean | -| index.js:20:26:20:29 | true | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| index.js:20:26:20:29 | true | SqlInjection | sinkLabel | Unknown | string | -| index.js:20:26:20:29 | true | TaintedPath | hasFlowFromSource | false | boolean | -| index.js:20:26:20:29 | true | TaintedPath | isConstantExpression | true | boolean | -| index.js:20:26:20:29 | true | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| index.js:20:26:20:29 | true | TaintedPath | sinkLabel | Unknown | string | -| index.js:20:26:20:29 | true | Xss | hasFlowFromSource | false | boolean | -| index.js:20:26:20:29 | true | Xss | isConstantExpression | true | boolean | -| index.js:20:26:20:29 | true | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| index.js:20:26:20:29 | true | Xss | sinkLabel | Unknown | string | -| index.js:24:13:24:22 | "constant" | NosqlInjection | hasFlowFromSource | false | boolean | -| index.js:24:13:24:22 | "constant" | NosqlInjection | isConstantExpression | true | boolean | -| index.js:24:13:24:22 | "constant" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| index.js:24:13:24:22 | "constant" | NosqlInjection | sinkLabel | Sink | string | -| index.js:28:13:28:28 | UNDEFINED_GLOBAL | NosqlInjection | hasFlowFromSource | false | boolean | -| index.js:28:13:28:28 | UNDEFINED_GLOBAL | NosqlInjection | isConstantExpression | false | boolean | -| index.js:28:13:28:28 | UNDEFINED_GLOBAL | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| index.js:28:13:28:28 | UNDEFINED_GLOBAL | NosqlInjection | sinkLabel | Sink | string | -| index.js:32:15:32:24 | "someData" | NosqlInjection | hasFlowFromSource | false | boolean | -| index.js:32:15:32:24 | "someData" | NosqlInjection | isConstantExpression | true | boolean | -| index.js:32:15:32:24 | "someData" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| index.js:32:15:32:24 | "someData" | NosqlInjection | notASinkReason | LoggerMethod | string | -| index.js:32:15:32:24 | "someData" | NosqlInjection | sinkLabel | NotASink | string | -| index.js:32:15:32:24 | "someData" | SqlInjection | hasFlowFromSource | false | boolean | -| index.js:32:15:32:24 | "someData" | SqlInjection | isConstantExpression | true | boolean | -| index.js:32:15:32:24 | "someData" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| index.js:32:15:32:24 | "someData" | SqlInjection | notASinkReason | LoggerMethod | string | -| index.js:32:15:32:24 | "someData" | SqlInjection | sinkLabel | NotASink | string | -| index.js:32:15:32:24 | "someData" | TaintedPath | hasFlowFromSource | false | boolean | -| index.js:32:15:32:24 | "someData" | TaintedPath | isConstantExpression | true | boolean | -| index.js:32:15:32:24 | "someData" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| index.js:32:15:32:24 | "someData" | TaintedPath | notASinkReason | LoggerMethod | string | -| index.js:32:15:32:24 | "someData" | TaintedPath | sinkLabel | NotASink | string | -| index.js:32:15:32:24 | "someData" | Xss | hasFlowFromSource | false | boolean | -| index.js:32:15:32:24 | "someData" | Xss | isConstantExpression | true | boolean | -| index.js:32:15:32:24 | "someData" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| index.js:32:15:32:24 | "someData" | Xss | notASinkReason | LoggerMethod | string | -| index.js:32:15:32:24 | "someData" | Xss | sinkLabel | NotASink | string | -| index.js:36:20:36:22 | "a" | NosqlInjection | hasFlowFromSource | false | boolean | -| index.js:36:20:36:22 | "a" | NosqlInjection | isConstantExpression | true | boolean | -| index.js:36:20:36:22 | "a" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| index.js:36:20:36:22 | "a" | NosqlInjection | notASinkReason | ConstantReceiver | string | -| index.js:36:20:36:22 | "a" | NosqlInjection | notASinkReason | StringStartsWith | string | -| index.js:36:20:36:22 | "a" | NosqlInjection | sinkLabel | NotASink | string | -| index.js:36:20:36:22 | "a" | SqlInjection | hasFlowFromSource | false | boolean | -| index.js:36:20:36:22 | "a" | SqlInjection | isConstantExpression | true | boolean | -| index.js:36:20:36:22 | "a" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| index.js:36:20:36:22 | "a" | SqlInjection | notASinkReason | ConstantReceiver | string | -| index.js:36:20:36:22 | "a" | SqlInjection | notASinkReason | StringStartsWith | string | -| index.js:36:20:36:22 | "a" | SqlInjection | sinkLabel | NotASink | string | -| index.js:36:20:36:22 | "a" | TaintedPath | hasFlowFromSource | false | boolean | -| index.js:36:20:36:22 | "a" | TaintedPath | isConstantExpression | true | boolean | -| index.js:36:20:36:22 | "a" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| index.js:36:20:36:22 | "a" | TaintedPath | notASinkReason | ConstantReceiver | string | -| index.js:36:20:36:22 | "a" | TaintedPath | notASinkReason | StringStartsWith | string | -| index.js:36:20:36:22 | "a" | TaintedPath | sinkLabel | NotASink | string | -| index.js:36:20:36:22 | "a" | Xss | hasFlowFromSource | false | boolean | -| index.js:36:20:36:22 | "a" | Xss | isConstantExpression | true | boolean | -| index.js:36:20:36:22 | "a" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| index.js:36:20:36:22 | "a" | Xss | notASinkReason | ConstantReceiver | string | -| index.js:36:20:36:22 | "a" | Xss | notASinkReason | StringStartsWith | string | -| index.js:36:20:36:22 | "a" | Xss | sinkLabel | NotASink | string | -| index.js:41:13:68:61 | "a" + " ... " + "a" | NosqlInjection | hasFlowFromSource | false | boolean | -| index.js:41:13:68:61 | "a" + " ... " + "a" | NosqlInjection | isConstantExpression | true | boolean | -| index.js:41:13:68:61 | "a" + " ... " + "a" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| index.js:41:13:68:61 | "a" + " ... " + "a" | NosqlInjection | sinkLabel | Sink | string | -| index.js:78:30:78:39 | "someData" | NosqlInjection | hasFlowFromSource | false | boolean | -| index.js:78:30:78:39 | "someData" | NosqlInjection | isConstantExpression | true | boolean | -| index.js:78:30:78:39 | "someData" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| index.js:78:30:78:39 | "someData" | NosqlInjection | notASinkReason | LoggerMethod | string | -| index.js:78:30:78:39 | "someData" | NosqlInjection | sinkLabel | NotASink | string | -| index.js:78:30:78:39 | "someData" | SqlInjection | hasFlowFromSource | false | boolean | -| index.js:78:30:78:39 | "someData" | SqlInjection | isConstantExpression | true | boolean | -| index.js:78:30:78:39 | "someData" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| index.js:78:30:78:39 | "someData" | SqlInjection | notASinkReason | LoggerMethod | string | -| index.js:78:30:78:39 | "someData" | SqlInjection | sinkLabel | NotASink | string | -| index.js:78:30:78:39 | "someData" | TaintedPath | hasFlowFromSource | false | boolean | -| index.js:78:30:78:39 | "someData" | TaintedPath | isConstantExpression | true | boolean | -| index.js:78:30:78:39 | "someData" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| index.js:78:30:78:39 | "someData" | TaintedPath | notASinkReason | LoggerMethod | string | -| index.js:78:30:78:39 | "someData" | TaintedPath | sinkLabel | NotASink | string | -| index.js:78:30:78:39 | "someData" | Xss | hasFlowFromSource | false | boolean | -| index.js:78:30:78:39 | "someData" | Xss | isConstantExpression | true | boolean | -| index.js:78:30:78:39 | "someData" | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| index.js:78:30:78:39 | "someData" | Xss | notASinkReason | LoggerMethod | string | -| index.js:78:30:78:39 | "someData" | Xss | sinkLabel | NotASink | string | -| index.js:83:10:85:3 | {\\n " ... ar,\\n } | NosqlInjection | hasFlowFromSource | false | boolean | -| index.js:83:10:85:3 | {\\n " ... ar,\\n } | NosqlInjection | isConstantExpression | false | boolean | -| index.js:83:10:85:3 | {\\n " ... ar,\\n } | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| index.js:83:10:85:3 | {\\n " ... ar,\\n } | NosqlInjection | notASinkReason | ClientRequest | string | -| index.js:83:10:85:3 | {\\n " ... ar,\\n } | NosqlInjection | notASinkReason | JQueryArgument | string | -| index.js:83:10:85:3 | {\\n " ... ar,\\n } | NosqlInjection | sinkLabel | NotASink | string | -| index.js:83:10:85:3 | {\\n " ... ar,\\n } | SqlInjection | hasFlowFromSource | false | boolean | -| index.js:83:10:85:3 | {\\n " ... ar,\\n } | SqlInjection | isConstantExpression | false | boolean | -| index.js:83:10:85:3 | {\\n " ... ar,\\n } | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| index.js:83:10:85:3 | {\\n " ... ar,\\n } | SqlInjection | notASinkReason | ClientRequest | string | -| index.js:83:10:85:3 | {\\n " ... ar,\\n } | SqlInjection | notASinkReason | JQueryArgument | string | -| index.js:83:10:85:3 | {\\n " ... ar,\\n } | SqlInjection | sinkLabel | NotASink | string | -| index.js:83:10:85:3 | {\\n " ... ar,\\n } | TaintedPath | hasFlowFromSource | false | boolean | -| index.js:83:10:85:3 | {\\n " ... ar,\\n } | TaintedPath | isConstantExpression | false | boolean | -| index.js:83:10:85:3 | {\\n " ... ar,\\n } | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| index.js:83:10:85:3 | {\\n " ... ar,\\n } | TaintedPath | notASinkReason | ClientRequest | string | -| index.js:83:10:85:3 | {\\n " ... ar,\\n } | TaintedPath | notASinkReason | JQueryArgument | string | -| index.js:83:10:85:3 | {\\n " ... ar,\\n } | TaintedPath | sinkLabel | NotASink | string | -| index.js:83:10:85:3 | {\\n " ... ar,\\n } | Xss | hasFlowFromSource | false | boolean | -| index.js:83:10:85:3 | {\\n " ... ar,\\n } | Xss | isConstantExpression | false | boolean | -| index.js:83:10:85:3 | {\\n " ... ar,\\n } | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| index.js:83:10:85:3 | {\\n " ... ar,\\n } | Xss | notASinkReason | ClientRequest | string | -| index.js:83:10:85:3 | {\\n " ... ar,\\n } | Xss | notASinkReason | JQueryArgument | string | -| index.js:83:10:85:3 | {\\n " ... ar,\\n } | Xss | sinkLabel | NotASink | string | -| index.js:84:12:84:18 | foo.bar | NosqlInjection | hasFlowFromSource | false | boolean | -| index.js:84:12:84:18 | foo.bar | NosqlInjection | isConstantExpression | false | boolean | -| index.js:84:12:84:18 | foo.bar | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| index.js:84:12:84:18 | foo.bar | NosqlInjection | notASinkReason | ClientRequest | string | -| index.js:84:12:84:18 | foo.bar | NosqlInjection | sinkLabel | NotASink | string | -| index.js:84:12:84:18 | foo.bar | SqlInjection | hasFlowFromSource | false | boolean | -| index.js:84:12:84:18 | foo.bar | SqlInjection | isConstantExpression | false | boolean | -| index.js:84:12:84:18 | foo.bar | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean | -| index.js:84:12:84:18 | foo.bar | SqlInjection | notASinkReason | ClientRequest | string | -| index.js:84:12:84:18 | foo.bar | SqlInjection | sinkLabel | NotASink | string | -| index.js:84:12:84:18 | foo.bar | TaintedPath | hasFlowFromSource | false | boolean | -| index.js:84:12:84:18 | foo.bar | TaintedPath | isConstantExpression | false | boolean | -| index.js:84:12:84:18 | foo.bar | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean | -| index.js:84:12:84:18 | foo.bar | TaintedPath | notASinkReason | ClientRequest | string | -| index.js:84:12:84:18 | foo.bar | TaintedPath | sinkLabel | NotASink | string | -| index.js:84:12:84:18 | foo.bar | Xss | hasFlowFromSource | false | boolean | -| index.js:84:12:84:18 | foo.bar | Xss | isConstantExpression | false | boolean | -| index.js:84:12:84:18 | foo.bar | Xss | isExcludedFromEndToEndEvaluation | false | boolean | -| index.js:84:12:84:18 | foo.bar | Xss | notASinkReason | ClientRequest | string | -| index.js:84:12:84:18 | foo.bar | Xss | sinkLabel | NotASink | string | -tokenFeatures -| index.js:1:25:1:33 | "express" | CalleeFlexibleAccessPath | require | -| index.js:1:25:1:33 | "express" | InputAccessPathFromCallee | | -| index.js:1:25:1:33 | "express" | InputArgumentIndex | 0 | -| index.js:1:25:1:33 | "express" | assignedToPropName | | -| index.js:1:25:1:33 | "express" | calleeImports | | -| index.js:1:25:1:33 | "express" | contextFunctionInterfaces | constantExpression()\neffectiveSinkAndNotASink(foo)\nflowFromSourceToNotASink()\nflowFromSourceToSink()\nidentity(x)\nnotASink()\nnotASinkMultipleReasons()\nnotConstantExpression()\nnotFlowFromSource()\nveryLongFunctionBody() | -| index.js:1:25:1:33 | "express" | contextSurroundingFunctionParameters | | -| index.js:1:25:1:33 | "express" | enclosingFunctionBody | | -| index.js:1:25:1:33 | "express" | enclosingFunctionName | | -| index.js:1:25:1:33 | "express" | fileImports | express mongoose | -| index.js:1:25:1:33 | "express" | receiverName | | -| index.js:1:25:1:33 | "express" | stringConcatenatedWith | | -| index.js:2:26:2:35 | 'mongoose' | CalleeFlexibleAccessPath | require | -| index.js:2:26:2:35 | 'mongoose' | InputAccessPathFromCallee | | -| index.js:2:26:2:35 | 'mongoose' | InputArgumentIndex | 0 | -| index.js:2:26:2:35 | 'mongoose' | assignedToPropName | | -| index.js:2:26:2:35 | 'mongoose' | calleeImports | | -| index.js:2:26:2:35 | 'mongoose' | contextFunctionInterfaces | constantExpression()\neffectiveSinkAndNotASink(foo)\nflowFromSourceToNotASink()\nflowFromSourceToSink()\nidentity(x)\nnotASink()\nnotASinkMultipleReasons()\nnotConstantExpression()\nnotFlowFromSource()\nveryLongFunctionBody() | -| index.js:2:26:2:35 | 'mongoose' | contextSurroundingFunctionParameters | | -| index.js:2:26:2:35 | 'mongoose' | enclosingFunctionBody | | -| index.js:2:26:2:35 | 'mongoose' | enclosingFunctionName | | -| index.js:2:26:2:35 | 'mongoose' | fileImports | express mongoose | -| index.js:2:26:2:35 | 'mongoose' | receiverName | | -| index.js:2:26:2:35 | 'mongoose' | stringConcatenatedWith | | -| index.js:3:29:3:34 | 'User' | CalleeFlexibleAccessPath | mongoose.model | -| index.js:3:29:3:34 | 'User' | InputAccessPathFromCallee | | -| index.js:3:29:3:34 | 'User' | InputArgumentIndex | 0 | -| index.js:3:29:3:34 | 'User' | assignedToPropName | | -| index.js:3:29:3:34 | 'User' | calleeImports | mongoose | -| index.js:3:29:3:34 | 'User' | contextFunctionInterfaces | constantExpression()\neffectiveSinkAndNotASink(foo)\nflowFromSourceToNotASink()\nflowFromSourceToSink()\nidentity(x)\nnotASink()\nnotASinkMultipleReasons()\nnotConstantExpression()\nnotFlowFromSource()\nveryLongFunctionBody() | -| index.js:3:29:3:34 | 'User' | contextSurroundingFunctionParameters | | -| index.js:3:29:3:34 | 'User' | enclosingFunctionBody | | -| index.js:3:29:3:34 | 'User' | enclosingFunctionName | | -| index.js:3:29:3:34 | 'User' | fileImports | express mongoose | -| index.js:3:29:3:34 | 'User' | receiverName | mongoose | -| index.js:3:29:3:34 | 'User' | stringConcatenatedWith | | -| index.js:3:37:3:40 | null | CalleeFlexibleAccessPath | mongoose.model | -| index.js:3:37:3:40 | null | InputAccessPathFromCallee | | -| index.js:3:37:3:40 | null | InputArgumentIndex | 1 | -| index.js:3:37:3:40 | null | assignedToPropName | | -| index.js:3:37:3:40 | null | calleeImports | mongoose | -| index.js:3:37:3:40 | null | contextFunctionInterfaces | constantExpression()\neffectiveSinkAndNotASink(foo)\nflowFromSourceToNotASink()\nflowFromSourceToSink()\nidentity(x)\nnotASink()\nnotASinkMultipleReasons()\nnotConstantExpression()\nnotFlowFromSource()\nveryLongFunctionBody() | -| index.js:3:37:3:40 | null | contextSurroundingFunctionParameters | | -| index.js:3:37:3:40 | null | enclosingFunctionBody | | -| index.js:3:37:3:40 | null | enclosingFunctionName | | -| index.js:3:37:3:40 | null | fileImports | express mongoose | -| index.js:3:37:3:40 | null | receiverName | mongoose | -| index.js:3:37:3:40 | null | stringConcatenatedWith | | -| index.js:8:12:8:21 | '/isAdmin' | CalleeFlexibleAccessPath | app.post | -| index.js:8:12:8:21 | '/isAdmin' | InputAccessPathFromCallee | | -| index.js:8:12:8:21 | '/isAdmin' | InputArgumentIndex | 0 | -| index.js:8:12:8:21 | '/isAdmin' | assignedToPropName | | -| index.js:8:12:8:21 | '/isAdmin' | calleeImports | express | -| index.js:8:12:8:21 | '/isAdmin' | contextFunctionInterfaces | constantExpression()\neffectiveSinkAndNotASink(foo)\nflowFromSourceToNotASink()\nflowFromSourceToSink()\nidentity(x)\nnotASink()\nnotASinkMultipleReasons()\nnotConstantExpression()\nnotFlowFromSource()\nveryLongFunctionBody() | -| index.js:8:12:8:21 | '/isAdmin' | contextSurroundingFunctionParameters | () | -| index.js:8:12:8:21 | '/isAdmin' | enclosingFunctionBody | app post /isAdmin req res User find isAdmin req body isAdmin | -| index.js:8:12:8:21 | '/isAdmin' | enclosingFunctionName | flowFromSourceToSink | -| index.js:8:12:8:21 | '/isAdmin' | fileImports | express mongoose | -| index.js:8:12:8:21 | '/isAdmin' | receiverName | app | -| index.js:8:12:8:21 | '/isAdmin' | stringConcatenatedWith | | -| index.js:8:24:10:3 | (req, r ... });\\n } | CalleeFlexibleAccessPath | app.post | -| index.js:8:24:10:3 | (req, r ... });\\n } | InputAccessPathFromCallee | | -| index.js:8:24:10:3 | (req, r ... });\\n } | InputArgumentIndex | 1 | -| index.js:8:24:10:3 | (req, r ... });\\n } | assignedToPropName | | -| index.js:8:24:10:3 | (req, r ... });\\n } | calleeImports | express | -| index.js:8:24:10:3 | (req, r ... });\\n } | contextFunctionInterfaces | constantExpression()\neffectiveSinkAndNotASink(foo)\nflowFromSourceToNotASink()\nflowFromSourceToSink()\nidentity(x)\nnotASink()\nnotASinkMultipleReasons()\nnotConstantExpression()\nnotFlowFromSource()\nveryLongFunctionBody() | -| index.js:8:24:10:3 | (req, r ... });\\n } | contextSurroundingFunctionParameters | ()\n(req, res) | -| index.js:8:24:10:3 | (req, r ... });\\n } | enclosingFunctionBody | app post /isAdmin req res User find isAdmin req body isAdmin | -| index.js:8:24:10:3 | (req, r ... });\\n } | enclosingFunctionName | flowFromSourceToSink | -| index.js:8:24:10:3 | (req, r ... });\\n } | fileImports | express mongoose | -| index.js:8:24:10:3 | (req, r ... });\\n } | receiverName | app | -| index.js:8:24:10:3 | (req, r ... });\\n } | stringConcatenatedWith | | -| index.js:9:15:9:45 | { 'isAd ... Admin } | CalleeFlexibleAccessPath | User.find | -| index.js:9:15:9:45 | { 'isAd ... Admin } | InputAccessPathFromCallee | | -| index.js:9:15:9:45 | { 'isAd ... Admin } | InputArgumentIndex | 0 | -| index.js:9:15:9:45 | { 'isAd ... Admin } | assignedToPropName | | -| index.js:9:15:9:45 | { 'isAd ... Admin } | calleeImports | mongoose | -| index.js:9:15:9:45 | { 'isAd ... Admin } | contextFunctionInterfaces | constantExpression()\neffectiveSinkAndNotASink(foo)\nflowFromSourceToNotASink()\nflowFromSourceToSink()\nidentity(x)\nnotASink()\nnotASinkMultipleReasons()\nnotConstantExpression()\nnotFlowFromSource()\nveryLongFunctionBody() | -| index.js:9:15:9:45 | { 'isAd ... Admin } | contextSurroundingFunctionParameters | ()\n(req, res) | -| index.js:9:15:9:45 | { 'isAd ... Admin } | enclosingFunctionBody | app post /isAdmin req res User find isAdmin req body isAdmin | -| index.js:9:15:9:45 | { 'isAd ... Admin } | enclosingFunctionName | flowFromSourceToSink | -| index.js:9:15:9:45 | { 'isAd ... Admin } | fileImports | express mongoose | -| index.js:9:15:9:45 | { 'isAd ... Admin } | receiverName | User | -| index.js:9:15:9:45 | { 'isAd ... Admin } | stringConcatenatedWith | | -| index.js:9:28:9:43 | req.body.isAdmin | CalleeFlexibleAccessPath | User.find | -| index.js:9:28:9:43 | req.body.isAdmin | InputAccessPathFromCallee | 0.isAdmin | -| index.js:9:28:9:43 | req.body.isAdmin | InputArgumentIndex | 0 | -| index.js:9:28:9:43 | req.body.isAdmin | assignedToPropName | isAdmin | -| index.js:9:28:9:43 | req.body.isAdmin | calleeImports | mongoose | -| index.js:9:28:9:43 | req.body.isAdmin | contextFunctionInterfaces | constantExpression()\neffectiveSinkAndNotASink(foo)\nflowFromSourceToNotASink()\nflowFromSourceToSink()\nidentity(x)\nnotASink()\nnotASinkMultipleReasons()\nnotConstantExpression()\nnotFlowFromSource()\nveryLongFunctionBody() | -| index.js:9:28:9:43 | req.body.isAdmin | contextSurroundingFunctionParameters | ()\n(req, res) | -| index.js:9:28:9:43 | req.body.isAdmin | enclosingFunctionBody | app post /isAdmin req res User find isAdmin req body isAdmin | -| index.js:9:28:9:43 | req.body.isAdmin | enclosingFunctionName | flowFromSourceToSink | -| index.js:9:28:9:43 | req.body.isAdmin | fileImports | express mongoose | -| index.js:9:28:9:43 | req.body.isAdmin | receiverName | | -| index.js:9:28:9:43 | req.body.isAdmin | stringConcatenatedWith | | -| index.js:14:12:14:21 | '/isAdmin' | CalleeFlexibleAccessPath | app.post | -| index.js:14:12:14:21 | '/isAdmin' | InputAccessPathFromCallee | | -| index.js:14:12:14:21 | '/isAdmin' | InputArgumentIndex | 0 | -| index.js:14:12:14:21 | '/isAdmin' | assignedToPropName | | -| index.js:14:12:14:21 | '/isAdmin' | calleeImports | express | -| index.js:14:12:14:21 | '/isAdmin' | contextFunctionInterfaces | constantExpression()\neffectiveSinkAndNotASink(foo)\nflowFromSourceToNotASink()\nflowFromSourceToSink()\nidentity(x)\nnotASink()\nnotASinkMultipleReasons()\nnotConstantExpression()\nnotFlowFromSource()\nveryLongFunctionBody() | -| index.js:14:12:14:21 | '/isAdmin' | contextSurroundingFunctionParameters | () | -| index.js:14:12:14:21 | '/isAdmin' | enclosingFunctionBody | app post /isAdmin req res console log req body isAdmin | -| index.js:14:12:14:21 | '/isAdmin' | enclosingFunctionName | flowFromSourceToNotASink | -| index.js:14:12:14:21 | '/isAdmin' | fileImports | express mongoose | -| index.js:14:12:14:21 | '/isAdmin' | receiverName | app | -| index.js:14:12:14:21 | '/isAdmin' | stringConcatenatedWith | | -| index.js:14:24:16:3 | (req, r ... n);\\n } | CalleeFlexibleAccessPath | app.post | -| index.js:14:24:16:3 | (req, r ... n);\\n } | InputAccessPathFromCallee | | -| index.js:14:24:16:3 | (req, r ... n);\\n } | InputArgumentIndex | 1 | -| index.js:14:24:16:3 | (req, r ... n);\\n } | assignedToPropName | | -| index.js:14:24:16:3 | (req, r ... n);\\n } | calleeImports | express | -| index.js:14:24:16:3 | (req, r ... n);\\n } | contextFunctionInterfaces | constantExpression()\neffectiveSinkAndNotASink(foo)\nflowFromSourceToNotASink()\nflowFromSourceToSink()\nidentity(x)\nnotASink()\nnotASinkMultipleReasons()\nnotConstantExpression()\nnotFlowFromSource()\nveryLongFunctionBody() | -| index.js:14:24:16:3 | (req, r ... n);\\n } | contextSurroundingFunctionParameters | ()\n(req, res) | -| index.js:14:24:16:3 | (req, r ... n);\\n } | enclosingFunctionBody | app post /isAdmin req res console log req body isAdmin | -| index.js:14:24:16:3 | (req, r ... n);\\n } | enclosingFunctionName | flowFromSourceToNotASink | -| index.js:14:24:16:3 | (req, r ... n);\\n } | fileImports | express mongoose | -| index.js:14:24:16:3 | (req, r ... n);\\n } | receiverName | app | -| index.js:14:24:16:3 | (req, r ... n);\\n } | stringConcatenatedWith | | -| index.js:15:17:15:32 | req.body.isAdmin | CalleeFlexibleAccessPath | console.log | -| index.js:15:17:15:32 | req.body.isAdmin | InputAccessPathFromCallee | | -| index.js:15:17:15:32 | req.body.isAdmin | InputArgumentIndex | 0 | -| index.js:15:17:15:32 | req.body.isAdmin | assignedToPropName | | -| index.js:15:17:15:32 | req.body.isAdmin | calleeImports | | -| index.js:15:17:15:32 | req.body.isAdmin | contextFunctionInterfaces | constantExpression()\neffectiveSinkAndNotASink(foo)\nflowFromSourceToNotASink()\nflowFromSourceToSink()\nidentity(x)\nnotASink()\nnotASinkMultipleReasons()\nnotConstantExpression()\nnotFlowFromSource()\nveryLongFunctionBody() | -| index.js:15:17:15:32 | req.body.isAdmin | contextSurroundingFunctionParameters | ()\n(req, res) | -| index.js:15:17:15:32 | req.body.isAdmin | enclosingFunctionBody | app post /isAdmin req res console log req body isAdmin | -| index.js:15:17:15:32 | req.body.isAdmin | enclosingFunctionName | flowFromSourceToNotASink | -| index.js:15:17:15:32 | req.body.isAdmin | fileImports | express mongoose | -| index.js:15:17:15:32 | req.body.isAdmin | receiverName | console | -| index.js:15:17:15:32 | req.body.isAdmin | stringConcatenatedWith | | -| index.js:20:13:20:31 | { 'isAdmin': true } | CalleeFlexibleAccessPath | User.find | -| index.js:20:13:20:31 | { 'isAdmin': true } | InputAccessPathFromCallee | | -| index.js:20:13:20:31 | { 'isAdmin': true } | InputArgumentIndex | 0 | -| index.js:20:13:20:31 | { 'isAdmin': true } | assignedToPropName | | -| index.js:20:13:20:31 | { 'isAdmin': true } | calleeImports | mongoose | -| index.js:20:13:20:31 | { 'isAdmin': true } | contextFunctionInterfaces | constantExpression()\neffectiveSinkAndNotASink(foo)\nflowFromSourceToNotASink()\nflowFromSourceToSink()\nidentity(x)\nnotASink()\nnotASinkMultipleReasons()\nnotConstantExpression()\nnotFlowFromSource()\nveryLongFunctionBody() | -| index.js:20:13:20:31 | { 'isAdmin': true } | contextSurroundingFunctionParameters | () | -| index.js:20:13:20:31 | { 'isAdmin': true } | enclosingFunctionBody | User find isAdmin true | -| index.js:20:13:20:31 | { 'isAdmin': true } | enclosingFunctionName | notFlowFromSource | -| index.js:20:13:20:31 | { 'isAdmin': true } | fileImports | express mongoose | -| index.js:20:13:20:31 | { 'isAdmin': true } | receiverName | User | -| index.js:20:13:20:31 | { 'isAdmin': true } | stringConcatenatedWith | | -| index.js:20:26:20:29 | true | CalleeFlexibleAccessPath | User.find | -| index.js:20:26:20:29 | true | InputAccessPathFromCallee | 0.isAdmin | -| index.js:20:26:20:29 | true | InputArgumentIndex | 0 | -| index.js:20:26:20:29 | true | assignedToPropName | isAdmin | -| index.js:20:26:20:29 | true | calleeImports | mongoose | -| index.js:20:26:20:29 | true | contextFunctionInterfaces | constantExpression()\neffectiveSinkAndNotASink(foo)\nflowFromSourceToNotASink()\nflowFromSourceToSink()\nidentity(x)\nnotASink()\nnotASinkMultipleReasons()\nnotConstantExpression()\nnotFlowFromSource()\nveryLongFunctionBody() | -| index.js:20:26:20:29 | true | contextSurroundingFunctionParameters | () | -| index.js:20:26:20:29 | true | enclosingFunctionBody | User find isAdmin true | -| index.js:20:26:20:29 | true | enclosingFunctionName | notFlowFromSource | -| index.js:20:26:20:29 | true | fileImports | express mongoose | -| index.js:20:26:20:29 | true | receiverName | | -| index.js:20:26:20:29 | true | stringConcatenatedWith | | -| index.js:24:13:24:22 | "constant" | CalleeFlexibleAccessPath | User.find | -| index.js:24:13:24:22 | "constant" | InputAccessPathFromCallee | | -| index.js:24:13:24:22 | "constant" | InputArgumentIndex | 0 | -| index.js:24:13:24:22 | "constant" | assignedToPropName | | -| index.js:24:13:24:22 | "constant" | calleeImports | mongoose | -| index.js:24:13:24:22 | "constant" | contextFunctionInterfaces | constantExpression()\neffectiveSinkAndNotASink(foo)\nflowFromSourceToNotASink()\nflowFromSourceToSink()\nidentity(x)\nnotASink()\nnotASinkMultipleReasons()\nnotConstantExpression()\nnotFlowFromSource()\nveryLongFunctionBody() | -| index.js:24:13:24:22 | "constant" | contextSurroundingFunctionParameters | () | -| index.js:24:13:24:22 | "constant" | enclosingFunctionBody | User find constant | -| index.js:24:13:24:22 | "constant" | enclosingFunctionName | constantExpression | -| index.js:24:13:24:22 | "constant" | fileImports | express mongoose | -| index.js:24:13:24:22 | "constant" | receiverName | User | -| index.js:24:13:24:22 | "constant" | stringConcatenatedWith | | -| index.js:28:13:28:28 | UNDEFINED_GLOBAL | CalleeFlexibleAccessPath | User.find | -| index.js:28:13:28:28 | UNDEFINED_GLOBAL | InputAccessPathFromCallee | | -| index.js:28:13:28:28 | UNDEFINED_GLOBAL | InputArgumentIndex | 0 | -| index.js:28:13:28:28 | UNDEFINED_GLOBAL | assignedToPropName | | -| index.js:28:13:28:28 | UNDEFINED_GLOBAL | calleeImports | mongoose | -| index.js:28:13:28:28 | UNDEFINED_GLOBAL | contextFunctionInterfaces | constantExpression()\neffectiveSinkAndNotASink(foo)\nflowFromSourceToNotASink()\nflowFromSourceToSink()\nidentity(x)\nnotASink()\nnotASinkMultipleReasons()\nnotConstantExpression()\nnotFlowFromSource()\nveryLongFunctionBody() | -| index.js:28:13:28:28 | UNDEFINED_GLOBAL | contextSurroundingFunctionParameters | () | -| index.js:28:13:28:28 | UNDEFINED_GLOBAL | enclosingFunctionBody | User find UNDEFINED_GLOBAL | -| index.js:28:13:28:28 | UNDEFINED_GLOBAL | enclosingFunctionName | notConstantExpression | -| index.js:28:13:28:28 | UNDEFINED_GLOBAL | fileImports | express mongoose | -| index.js:28:13:28:28 | UNDEFINED_GLOBAL | receiverName | User | -| index.js:28:13:28:28 | UNDEFINED_GLOBAL | stringConcatenatedWith | | -| index.js:32:15:32:24 | "someData" | CalleeFlexibleAccessPath | console.log | -| index.js:32:15:32:24 | "someData" | InputAccessPathFromCallee | | -| index.js:32:15:32:24 | "someData" | InputArgumentIndex | 0 | -| index.js:32:15:32:24 | "someData" | assignedToPropName | | -| index.js:32:15:32:24 | "someData" | calleeImports | | -| index.js:32:15:32:24 | "someData" | contextFunctionInterfaces | constantExpression()\neffectiveSinkAndNotASink(foo)\nflowFromSourceToNotASink()\nflowFromSourceToSink()\nidentity(x)\nnotASink()\nnotASinkMultipleReasons()\nnotConstantExpression()\nnotFlowFromSource()\nveryLongFunctionBody() | -| index.js:32:15:32:24 | "someData" | contextSurroundingFunctionParameters | () | -| index.js:32:15:32:24 | "someData" | enclosingFunctionBody | console log someData | -| index.js:32:15:32:24 | "someData" | enclosingFunctionName | notASink | -| index.js:32:15:32:24 | "someData" | fileImports | express mongoose | -| index.js:32:15:32:24 | "someData" | receiverName | console | -| index.js:32:15:32:24 | "someData" | stringConcatenatedWith | | -| index.js:36:20:36:22 | "a" | CalleeFlexibleAccessPath | ?.startsWith | -| index.js:36:20:36:22 | "a" | InputAccessPathFromCallee | | -| index.js:36:20:36:22 | "a" | InputArgumentIndex | 0 | -| index.js:36:20:36:22 | "a" | assignedToPropName | | -| index.js:36:20:36:22 | "a" | calleeImports | | -| index.js:36:20:36:22 | "a" | contextFunctionInterfaces | constantExpression()\neffectiveSinkAndNotASink(foo)\nflowFromSourceToNotASink()\nflowFromSourceToSink()\nidentity(x)\nnotASink()\nnotASinkMultipleReasons()\nnotConstantExpression()\nnotFlowFromSource()\nveryLongFunctionBody() | -| index.js:36:20:36:22 | "a" | contextSurroundingFunctionParameters | () | -| index.js:36:20:36:22 | "a" | enclosingFunctionBody | abc startsWith a | -| index.js:36:20:36:22 | "a" | enclosingFunctionName | notASinkMultipleReasons | -| index.js:36:20:36:22 | "a" | fileImports | express mongoose | -| index.js:36:20:36:22 | "a" | receiverName | | -| index.js:36:20:36:22 | "a" | stringConcatenatedWith | | -| index.js:41:13:68:61 | "a" + " ... " + "a" | CalleeFlexibleAccessPath | User.find | -| index.js:41:13:68:61 | "a" + " ... " + "a" | InputAccessPathFromCallee | | -| index.js:41:13:68:61 | "a" + " ... " + "a" | InputArgumentIndex | 0 | -| index.js:41:13:68:61 | "a" + " ... " + "a" | assignedToPropName | | -| index.js:41:13:68:61 | "a" + " ... " + "a" | calleeImports | mongoose | -| index.js:41:13:68:61 | "a" + " ... " + "a" | contextFunctionInterfaces | constantExpression()\neffectiveSinkAndNotASink(foo)\nflowFromSourceToNotASink()\nflowFromSourceToSink()\nidentity(x)\nnotASink()\nnotASinkMultipleReasons()\nnotConstantExpression()\nnotFlowFromSource()\nveryLongFunctionBody() | -| index.js:41:13:68:61 | "a" + " ... " + "a" | contextSurroundingFunctionParameters | () | -| index.js:41:13:68:61 | "a" + " ... " + "a" | enclosingFunctionBody | | -| index.js:41:13:68:61 | "a" + " ... " + "a" | enclosingFunctionName | veryLongFunctionBody | -| index.js:41:13:68:61 | "a" + " ... " + "a" | fileImports | express mongoose | -| index.js:41:13:68:61 | "a" + " ... " + "a" | receiverName | User | -| index.js:41:13:68:61 | "a" + " ... " + "a" | stringConcatenatedWith | | -| index.js:78:30:78:39 | "someData" | CalleeFlexibleAccessPath | console.log | -| index.js:78:30:78:39 | "someData" | InputAccessPathFromCallee | | -| index.js:78:30:78:39 | "someData" | InputArgumentIndex | 0 | -| index.js:78:30:78:39 | "someData" | assignedToPropName | | -| index.js:78:30:78:39 | "someData" | calleeImports | | -| index.js:78:30:78:39 | "someData" | contextFunctionInterfaces | constantExpression()\neffectiveSinkAndNotASink(foo)\nflowFromSourceToNotASink()\nflowFromSourceToSink()\nidentity(x)\nnotASink()\nnotASinkMultipleReasons()\nnotConstantExpression()\nnotFlowFromSource()\nveryLongFunctionBody() | -| index.js:78:30:78:39 | "someData" | contextSurroundingFunctionParameters | () | -| index.js:78:30:78:39 | "someData" | enclosingFunctionBody | console log someData | -| index.js:78:30:78:39 | "someData" | enclosingFunctionName | identity#functionalargument | -| index.js:78:30:78:39 | "someData" | fileImports | express mongoose | -| index.js:78:30:78:39 | "someData" | receiverName | console | -| index.js:78:30:78:39 | "someData" | stringConcatenatedWith | | -| index.js:83:10:85:3 | {\\n " ... ar,\\n } | CalleeFlexibleAccessPath | $.ajax | -| index.js:83:10:85:3 | {\\n " ... ar,\\n } | InputAccessPathFromCallee | | -| index.js:83:10:85:3 | {\\n " ... ar,\\n } | InputArgumentIndex | 0 | -| index.js:83:10:85:3 | {\\n " ... ar,\\n } | assignedToPropName | | -| index.js:83:10:85:3 | {\\n " ... ar,\\n } | calleeImports | | -| index.js:83:10:85:3 | {\\n " ... ar,\\n } | contextFunctionInterfaces | constantExpression()\neffectiveSinkAndNotASink(foo)\nflowFromSourceToNotASink()\nflowFromSourceToSink()\nidentity(x)\nnotASink()\nnotASinkMultipleReasons()\nnotConstantExpression()\nnotFlowFromSource()\nveryLongFunctionBody() | -| index.js:83:10:85:3 | {\\n " ... ar,\\n } | contextSurroundingFunctionParameters | (foo) | -| index.js:83:10:85:3 | {\\n " ... ar,\\n } | enclosingFunctionBody | foo $ ajax url foo bar | -| index.js:83:10:85:3 | {\\n " ... ar,\\n } | enclosingFunctionName | effectiveSinkAndNotASink | -| index.js:83:10:85:3 | {\\n " ... ar,\\n } | fileImports | express mongoose | -| index.js:83:10:85:3 | {\\n " ... ar,\\n } | receiverName | $ | -| index.js:83:10:85:3 | {\\n " ... ar,\\n } | stringConcatenatedWith | | -| index.js:84:12:84:18 | foo.bar | CalleeFlexibleAccessPath | $.ajax | -| index.js:84:12:84:18 | foo.bar | InputAccessPathFromCallee | 0.url | -| index.js:84:12:84:18 | foo.bar | InputArgumentIndex | 0 | -| index.js:84:12:84:18 | foo.bar | assignedToPropName | url | -| index.js:84:12:84:18 | foo.bar | calleeImports | | -| index.js:84:12:84:18 | foo.bar | contextFunctionInterfaces | constantExpression()\neffectiveSinkAndNotASink(foo)\nflowFromSourceToNotASink()\nflowFromSourceToSink()\nidentity(x)\nnotASink()\nnotASinkMultipleReasons()\nnotConstantExpression()\nnotFlowFromSource()\nveryLongFunctionBody() | -| index.js:84:12:84:18 | foo.bar | contextSurroundingFunctionParameters | (foo) | -| index.js:84:12:84:18 | foo.bar | enclosingFunctionBody | foo $ ajax url foo bar | -| index.js:84:12:84:18 | foo.bar | enclosingFunctionName | effectiveSinkAndNotASink | -| index.js:84:12:84:18 | foo.bar | fileImports | express mongoose | -| index.js:84:12:84:18 | foo.bar | receiverName | | -| index.js:84:12:84:18 | foo.bar | stringConcatenatedWith | | diff --git a/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_unit_tests/ExtractEndpointDataEvaluation.qlref b/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_unit_tests/ExtractEndpointDataEvaluation.qlref deleted file mode 100644 index 546ff7249d3..00000000000 --- a/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_unit_tests/ExtractEndpointDataEvaluation.qlref +++ /dev/null @@ -1 +0,0 @@ -extraction/ExtractEndpointDataEvaluation.ql diff --git a/javascript/ql/lib/semmle/javascript/PrintAst.qll b/javascript/ql/lib/semmle/javascript/PrintAst.qll index 29b1d619016..a4d71362818 100644 --- a/javascript/ql/lib/semmle/javascript/PrintAst.qll +++ b/javascript/ql/lib/semmle/javascript/PrintAst.qll @@ -161,7 +161,7 @@ private module PrintJavaScript { /** * A print node representing an `ASTNode`. * - * Provides a default implemention that works for some (but not all) ASTNode's. + * Provides a default implementation that works for some (but not all) ASTNode's. * More specific subclasses can override this class to get more specific behavior. * * The more specific subclasses are mostly used aggregate the children of the `ASTNode`. diff --git a/javascript/ql/lib/semmle/javascript/frameworks/ClientRequests.qll b/javascript/ql/lib/semmle/javascript/frameworks/ClientRequests.qll index f570c9d3a38..1453f995433 100644 --- a/javascript/ql/lib/semmle/javascript/frameworks/ClientRequests.qll +++ b/javascript/ql/lib/semmle/javascript/frameworks/ClientRequests.qll @@ -671,7 +671,7 @@ module ClientRequest { } /** - * Gets the response type corresponding to `getReponse()` but not + * Gets the response type corresponding to `getResponse()` but not * for explicitly typed calls like `getResponseJson()`. */ string getAssignedResponseType() { diff --git a/javascript/ql/lib/semmle/javascript/frameworks/Immutable.qll b/javascript/ql/lib/semmle/javascript/frameworks/Immutable.qll index 3a5ef400801..1adaed5b439 100644 --- a/javascript/ql/lib/semmle/javascript/frameworks/Immutable.qll +++ b/javascript/ql/lib/semmle/javascript/frameworks/Immutable.qll @@ -7,7 +7,7 @@ import javascript /** * Provides classes implementing data-flow for Immutable. * - * The implemention rely on the flowsteps implemented in `Collections.qll`. + * The implementation rely on the flowsteps implemented in `Collections.qll`. */ private module Immutable { /** diff --git a/javascript/ql/lib/semmle/javascript/security/BadTagFilterQuery.qll b/javascript/ql/lib/semmle/javascript/security/BadTagFilterQuery.qll index ed06bfbe798..95bfbeeeb5d 100644 --- a/javascript/ql/lib/semmle/javascript/security/BadTagFilterQuery.qll +++ b/javascript/ql/lib/semmle/javascript/security/BadTagFilterQuery.qll @@ -1,5 +1,5 @@ /** - * Provides precicates for reasoning about bad tag filter vulnerabilities. + * Provides predicates for reasoning about bad tag filter vulnerabilities. */ import regexp.RegexpMatching @@ -65,7 +65,7 @@ predicate isBadRegexpFilter(HtmlMatchingRegExp regexp, string msg) { regexp.matches("") and exists(int a, int b | a != b | regexp.fillsCaptureGroup("", a) and - // might be ambigously parsed (matching both capture groups), and that is ok here. + // might be ambiguously parsed (matching both capture groups), and that is ok here. regexp.fillsCaptureGroup("", b) and not regexp.fillsCaptureGroup("", a) and msg = diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/ReflectedXssCustomizations.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/ReflectedXssCustomizations.qll index 2b8f9112dd2..8343da9f5a5 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/ReflectedXssCustomizations.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/ReflectedXssCustomizations.qll @@ -25,13 +25,13 @@ module ReflectedXss { * is to prevent us from flagging plain-text or JSON responses as vulnerable. */ class HttpResponseSink extends Sink instanceof Http::ResponseSendArgument { - HttpResponseSink() { not exists(getANonHtmlHeaderDefinition(this)) } + HttpResponseSink() { not exists(getAXssSafeHeaderDefinition(this)) } } /** - * Gets a HeaderDefinition that defines a non-html content-type for `send`. + * DEPRECATED: Gets a HeaderDefinition that defines a non-html content-type for `send`. */ - Http::HeaderDefinition getANonHtmlHeaderDefinition(Http::ResponseSendArgument send) { + deprecated Http::HeaderDefinition getANonHtmlHeaderDefinition(Http::ResponseSendArgument send) { exists(Http::RouteHandler h | send.getRouteHandler() = h and result = nonHtmlContentTypeHeader(h) @@ -42,13 +42,49 @@ module ReflectedXss { } /** - * Holds if `h` may send a response with a content type other than HTML. + * DEPRECATED: Holds if `h` may send a response with a content type other than HTML. */ - Http::HeaderDefinition nonHtmlContentTypeHeader(Http::RouteHandler h) { + deprecated Http::HeaderDefinition nonHtmlContentTypeHeader(Http::RouteHandler h) { result = h.getAResponseHeader("content-type") and not exists(string tp | result.defines("content-type", tp) | tp.regexpMatch("(?i).*html.*")) } + /** + * Gets a HeaderDefinition that defines a XSS safe content-type for `send`. + */ + Http::HeaderDefinition getAXssSafeHeaderDefinition(Http::ResponseSendArgument send) { + exists(Http::RouteHandler h | + send.getRouteHandler() = h and + result = xssSafeContentTypeHeader(h) + | + // The HeaderDefinition affects a response sent at `send`. + headerAffects(result, send) + ) + } + + /** + * Gets a content-type that may lead to javascript code being executed in the browser. + * ref: https://portswigger.net/web-security/cross-site-scripting/cheat-sheet#content-types + */ + string xssUnsafeContentType() { + result = + [ + "text/html", "application/xhtml+xml", "application/xml", "text/xml", "image/svg+xml", + "text/xsl", "application/vnd.wap.xhtml+xml", "text/rdf", "application/rdf+xml", + "application/mathml+xml", "text/vtt", "text/cache-manifest" + ] + } + + /** + * Holds if `h` may send a response with a content type that is safe for XSS. + */ + Http::HeaderDefinition xssSafeContentTypeHeader(Http::RouteHandler h) { + result = h.getAResponseHeader("content-type") and + not exists(string tp | result.defines("content-type", tp) | + tp.toLowerCase().matches(xssUnsafeContentType() + "%") + ) + } + /** * Holds if a header set in `header` is likely to affect a response sent at `sender`. */ @@ -61,6 +97,7 @@ module ReflectedXss { // There is no dominating header, and `header` is non-local. not isLocalHeaderDefinition(header) and not exists(Http::HeaderDefinition dominatingHeader | + dominatingHeader.getAHeaderName() = "content-type" and dominatingHeader.getBasicBlock().(ReachableBasicBlock).dominates(sender.getBasicBlock()) ) ) diff --git a/javascript/ql/lib/semmle/javascript/security/regexp/ExponentialBackTracking.qll b/javascript/ql/lib/semmle/javascript/security/regexp/ExponentialBackTracking.qll index d006837466b..4a608890249 100644 --- a/javascript/ql/lib/semmle/javascript/security/regexp/ExponentialBackTracking.qll +++ b/javascript/ql/lib/semmle/javascript/security/regexp/ExponentialBackTracking.qll @@ -202,7 +202,7 @@ private predicate isFork(State q, InputSymbol s1, InputSymbol s2, State r1, Stat // // We additionally require that the there exists another InfiniteRepetitionQuantifier `mid` on the path from `q` to itself. // This is done to avoid flagging regular expressions such as `/(a?)*b/` - that only has polynomial runtime, and is detected by `js/polynomial-redos`. - // The below code is therefore a heuritic, that only flags regular expressions such as `/(a*)*b/`, + // The below code is therefore a heuristic, that only flags regular expressions such as `/(a*)*b/`, // and does not flag regular expressions such as `/(a?b?)c/`, but the latter pattern is not used frequently. r1 = r2 and q1 = q2 and diff --git a/javascript/ql/lib/semmle/javascript/security/regexp/NfaUtils.qll b/javascript/ql/lib/semmle/javascript/security/regexp/NfaUtils.qll index 5112bdad11e..a6e4db6764e 100644 --- a/javascript/ql/lib/semmle/javascript/security/regexp/NfaUtils.qll +++ b/javascript/ql/lib/semmle/javascript/security/regexp/NfaUtils.qll @@ -59,8 +59,8 @@ predicate matchesEpsilon(RegExpTerm t) { /** * A lookahead/lookbehind that matches the empty string. */ -class EmptyPositiveSubPatttern extends RegExpSubPattern { - EmptyPositiveSubPatttern() { +class EmptyPositiveSubPattern extends RegExpSubPattern { + EmptyPositiveSubPattern() { ( this instanceof RegExpPositiveLookahead or @@ -70,6 +70,9 @@ class EmptyPositiveSubPatttern extends RegExpSubPattern { } } +/** DEPRECATED: Use `EmptyPositiveSubPattern` instead. */ +deprecated class EmptyPositiveSubPatttern = EmptyPositiveSubPattern; + /** * A branch in a disjunction that is the root node in a literal, or a literal * whose root node is not a disjunction. @@ -133,7 +136,7 @@ private predicate isCanonicalTerm(RelevantRegExpTerm term, string str) { } /** - * Gets a string reperesentation of the flags used with the regular expression. + * Gets a string representation of the flags used with the regular expression. * Only the flags that are relevant for the canonicalization are included. */ string getCanonicalizationFlags(RegExpTerm root) { @@ -334,7 +337,7 @@ private module CharacterClasses { ) } - private string lowercaseLetter() { result = "abdcefghijklmnopqrstuvwxyz".charAt(_) } + private string lowercaseLetter() { result = "abcdefghijklmnopqrstuvwxyz".charAt(_) } private string upperCaseLetter() { result = "ABCDEFGHIJKLMNOPQRSTUVWXYZ".charAt(_) } @@ -697,9 +700,7 @@ predicate delta(State q1, EdgeLabel lbl, State q2) { lbl = Epsilon() and q2 = Accept(getRoot(dollar)) ) or - exists(EmptyPositiveSubPatttern empty | q1 = before(empty) | - lbl = Epsilon() and q2 = after(empty) - ) + exists(EmptyPositiveSubPattern empty | q1 = before(empty) | lbl = Epsilon() and q2 = after(empty)) } /** @@ -1028,7 +1029,7 @@ module ReDoSPruning { * as the suffix "X" will cause both the regular expressions to be rejected. * * The string `w` is repeated any number of times because it needs to be - * infinitely repeatedable for the attack to work. + * infinitely repeatable for the attack to work. * For the regular expression `/((ab)+)*abab/` the accepting state is not reachable from the fork * using epsilon transitions. But any attempt at repeating `w` will end in a state that accepts all suffixes. */ diff --git a/javascript/ql/lib/semmle/javascript/security/regexp/NfaUtilsSpecific.qll b/javascript/ql/lib/semmle/javascript/security/regexp/NfaUtilsSpecific.qll index 33441bfaba3..b5abec6667a 100644 --- a/javascript/ql/lib/semmle/javascript/security/regexp/NfaUtilsSpecific.qll +++ b/javascript/ql/lib/semmle/javascript/security/regexp/NfaUtilsSpecific.qll @@ -5,7 +5,7 @@ import javascript /** - * Holds if `term` is an ecape class representing e.g. `\d`. + * Holds if `term` is an escape class representing e.g. `\d`. * `clazz` is which character class it represents, e.g. "d" for `\d`. */ predicate isEscapeClass(RegExpTerm term, string clazz) { @@ -20,13 +20,13 @@ predicate isPossessive(RegExpQuantifier term) { none() } /** * Holds if the regex that `term` is part of is used in a way that ignores any leading prefix of the input it's matched against. - * Not yet implemented for Javascript. + * Not yet implemented for JavaScript. */ predicate matchesAnyPrefix(RegExpTerm term) { any() } /** * Holds if the regex that `term` is part of is used in a way that ignores any trailing suffix of the input it's matched against. - * Not yet implemented for Javascript. + * Not yet implemented for JavaScript. */ predicate matchesAnySuffix(RegExpTerm term) { any() } diff --git a/javascript/ql/lib/semmle/javascript/security/regexp/RegexpMatching.qll b/javascript/ql/lib/semmle/javascript/security/regexp/RegexpMatching.qll index 07dbc41957f..e2c75ff980b 100644 --- a/javascript/ql/lib/semmle/javascript/security/regexp/RegexpMatching.qll +++ b/javascript/ql/lib/semmle/javascript/security/regexp/RegexpMatching.qll @@ -1,5 +1,5 @@ /** - * Provides precicates for reasoning about which strings are matched by a regular expression, + * Provides predicates for reasoning about which strings are matched by a regular expression, * and for testing which capture groups are filled when a particular regexp matches a string. */ diff --git a/javascript/ql/lib/semmle/javascript/security/regexp/SuperlinearBackTracking.qll b/javascript/ql/lib/semmle/javascript/security/regexp/SuperlinearBackTracking.qll index c818e89ffa6..14a69dc0644 100644 --- a/javascript/ql/lib/semmle/javascript/security/regexp/SuperlinearBackTracking.qll +++ b/javascript/ql/lib/semmle/javascript/security/regexp/SuperlinearBackTracking.qll @@ -76,7 +76,7 @@ class StateTuple extends TStateTuple { StateTuple() { this = MkStateTuple(q1, q2, q3) } /** - * Gest a string repesentation of this tuple. + * Gest a string representation of this tuple. */ string toString() { result = "(" + q1 + ", " + q2 + ", " + q3 + ")" } diff --git a/javascript/ql/src/CHANGELOG.md b/javascript/ql/src/CHANGELOG.md index b166176b56f..be49d069c0c 100644 --- a/javascript/ql/src/CHANGELOG.md +++ b/javascript/ql/src/CHANGELOG.md @@ -123,7 +123,7 @@ No user-facing changes. ### New Queries -* A new query, `js/unsafe-code-construction`, has been added to the query suite, highlighting libraries that may leave clients vulnerable to arbitary code execution. +* A new query, `js/unsafe-code-construction`, has been added to the query suite, highlighting libraries that may leave clients vulnerable to arbitrary code execution. The query is not run by default. * A new query `js/file-system-race` has been added. The query detects when there is time between a file being checked and used. The query is not run by default. * A new query `js/jwt-missing-verification` has been added. The query detects applications that don't verify JWT tokens. diff --git a/javascript/ql/src/LanguageFeatures/NonLinearPattern.qhelp b/javascript/ql/src/LanguageFeatures/NonLinearPattern.qhelp index 7690d9df1ce..3013551354a 100644 --- a/javascript/ql/src/LanguageFeatures/NonLinearPattern.qhelp +++ b/javascript/ql/src/LanguageFeatures/NonLinearPattern.qhelp @@ -40,7 +40,7 @@ From context, it appears that the second binding should have been for variable <

    -This can sometimes happen in TypeScript, due to the apparant similarity between property patterns +This can sometimes happen in TypeScript, due to the apparent similarity between property patterns and type annotations. In the following example, the function uses a pattern parameter with properties x and y. These appear to have type number, but are in fact untyped properties both stored in a variable named number.

    diff --git a/javascript/ql/src/Security/CWE-079/XssThroughDom.qhelp b/javascript/ql/src/Security/CWE-079/XssThroughDom.qhelp index 5aa2fe63253..f3c6d27c5de 100644 --- a/javascript/ql/src/Security/CWE-079/XssThroughDom.qhelp +++ b/javascript/ql/src/Security/CWE-079/XssThroughDom.qhelp @@ -33,7 +33,7 @@ selector to determine which element should be manipulated.

    However, if an attacker can control the data-target attribute, then the value of target can be used to cause the $ function -to execute arbitary JavaScript. +to execute arbitrary JavaScript.

    The above vulnerability can be fixed by using $.find instead of $. diff --git a/javascript/ql/src/Security/CWE-094/ExpressionInjection.qhelp b/javascript/ql/src/Security/CWE-094/ExpressionInjection.qhelp index f355ef0aa6e..4424fe363a2 100644 --- a/javascript/ql/src/Security/CWE-094/ExpressionInjection.qhelp +++ b/javascript/ql/src/Security/CWE-094/ExpressionInjection.qhelp @@ -23,7 +23,7 @@

    It is also recommended to limit the permissions of any tokens used - by a workflow such as the the GITHUB_TOKEN. + by a workflow such as the GITHUB_TOKEN.

    diff --git a/javascript/ql/src/Security/CWE-367/FileSystemRace.ql b/javascript/ql/src/Security/CWE-367/FileSystemRace.ql index b3fb4c04ac1..9b3fb1299ae 100644 --- a/javascript/ql/src/Security/CWE-367/FileSystemRace.ql +++ b/javascript/ql/src/Security/CWE-367/FileSystemRace.ql @@ -106,7 +106,7 @@ predicate useAfterCheck(FileCheck check, FileUse use) { ) ) or - check.getBasicBlock().getASuccessor+() = use.getBasicBlock() + check.getBasicBlock().(ReachableBasicBlock).strictlyDominates(use.getBasicBlock()) } from FileCheck check, FileUse use diff --git a/javascript/ql/src/Security/CWE-829/InsecureDownload.qhelp b/javascript/ql/src/Security/CWE-829/InsecureDownload.qhelp index 807f6be401e..56585485a4f 100644 --- a/javascript/ql/src/Security/CWE-829/InsecureDownload.qhelp +++ b/javascript/ql/src/Security/CWE-829/InsecureDownload.qhelp @@ -4,7 +4,7 @@

    - Downloading executeables or other sensitive files over an unencrypted connection + Downloading executables or other sensitive files over an unencrypted connection can leave a server open to man-in-the-middle attacks (MITM). Such an attack can allow an attacker to insert arbitrary content into the downloaded file, and in the worst case, allow the attacker to execute diff --git a/javascript/ql/src/Statements/UselessComparisonTest.qhelp b/javascript/ql/src/Statements/UselessComparisonTest.qhelp index 27483f5516a..9af227fe4b7 100644 --- a/javascript/ql/src/Statements/UselessComparisonTest.qhelp +++ b/javascript/ql/src/Statements/UselessComparisonTest.qhelp @@ -17,7 +17,7 @@ longer needed, remove it.

    -If the check is needed to guard against NaN values, insert a comment explaning the possibility of NaN. +If the check is needed to guard against NaN values, insert a comment explaining the possibility of NaN.

    diff --git a/javascript/ql/src/change-notes/2022-10-04-fix-loops-file-system-race.md b/javascript/ql/src/change-notes/2022-10-04-fix-loops-file-system-race.md new file mode 100644 index 00000000000..54b37b7d869 --- /dev/null +++ b/javascript/ql/src/change-notes/2022-10-04-fix-loops-file-system-race.md @@ -0,0 +1,4 @@ +--- +category: minorAnalysis +--- +* Removed some false positives from the `js/file-system-race` query by requiring that the file-check dominates the file-access. \ No newline at end of file diff --git a/javascript/ql/src/change-notes/released/0.0.10.md b/javascript/ql/src/change-notes/released/0.0.10.md index ef8f27dd689..029d450716f 100644 --- a/javascript/ql/src/change-notes/released/0.0.10.md +++ b/javascript/ql/src/change-notes/released/0.0.10.md @@ -2,7 +2,7 @@ ### New Queries -* A new query, `js/unsafe-code-construction`, has been added to the query suite, highlighting libraries that may leave clients vulnerable to arbitary code execution. +* A new query, `js/unsafe-code-construction`, has been added to the query suite, highlighting libraries that may leave clients vulnerable to arbitrary code execution. The query is not run by default. * A new query `js/file-system-race` has been added. The query detects when there is time between a file being checked and used. The query is not run by default. * A new query `js/jwt-missing-verification` has been added. The query detects applications that don't verify JWT tokens. diff --git a/javascript/ql/test/library-tests/frameworks/Express/XSS.qll b/javascript/ql/test/library-tests/frameworks/Express/XSS.qll new file mode 100644 index 00000000000..5985d76d3fd --- /dev/null +++ b/javascript/ql/test/library-tests/frameworks/Express/XSS.qll @@ -0,0 +1,4 @@ +import javascript +import semmle.javascript.security.dataflow.ReflectedXssCustomizations + +query predicate test_Xss(ReflectedXss::Sink sink, Http::ResponseSendArgument res) { sink = res } diff --git a/javascript/ql/test/library-tests/frameworks/Express/src/express.js b/javascript/ql/test/library-tests/frameworks/Express/src/express.js index d60a18cde4f..917538ad3e0 100644 --- a/javascript/ql/test/library-tests/frameworks/Express/src/express.js +++ b/javascript/ql/test/library-tests/frameworks/Express/src/express.js @@ -34,12 +34,12 @@ app.post('/some/other/path', function(req, res) { app.get('/', require('./exportedHandler.js').handler); function getHandler() { - return function (req, res){} + return function(req, res) { } } app.use(getHandler()); function getArrowHandler() { - return (req, res) => f(); + return (req, res) => f(); } app.use(getArrowHandler()); @@ -49,3 +49,21 @@ app.post('/headers', function(req, res) { req.hostname; req.headers[config.headerName]; }); + +app.get('/some/xss1', function(req, res) { + res.header("Content-Type", "text/html"); + res.send(req.params.foo) + foo(res); +}); + +app.get('/some/xss2', function(req, res) { + res.header("Content-Type", "application/xml"); + res.send(req.params.foo) + foo(res); +}); + +app.get('/some/non-xss1', function(req, res) { + res.header("Content-Type", "text/plain"); + res.send(req.params.foo) + foo(res); +}); diff --git a/javascript/ql/test/library-tests/frameworks/Express/tests.expected b/javascript/ql/test/library-tests/frameworks/Express/tests.expected index cce9e29c946..93f9b4c578e 100644 --- a/javascript/ql/test/library-tests/frameworks/Express/tests.expected +++ b/javascript/ql/test/library-tests/frameworks/Express/tests.expected @@ -17,6 +17,9 @@ test_RouteHandlerExpr_getBody | src/express.js:16:19:18:3 | functio ... ");\\n } | src/express.js:16:19:18:3 | functio ... ");\\n } | | src/express.js:22:30:32:1 | functio ... ar');\\n} | src/express.js:22:30:32:1 | functio ... ar');\\n} | | src/express.js:46:22:51:1 | functio ... ame];\\n} | src/express.js:46:22:51:1 | functio ... ame];\\n} | +| src/express.js:53:23:57:1 | functio ... res);\\n} | src/express.js:53:23:57:1 | functio ... res);\\n} | +| src/express.js:59:23:63:1 | functio ... res);\\n} | src/express.js:59:23:63:1 | functio ... res);\\n} | +| src/express.js:65:27:69:1 | functio ... res);\\n} | src/express.js:65:27:69:1 | functio ... res);\\n} | | src/inheritedFromNode.js:4:15:8:1 | functio ... .url;\\n} | src/inheritedFromNode.js:4:15:8:1 | functio ... .url;\\n} | | src/middleware-flow.js:13:16:13:24 | installDb | src/middleware-flow.js:5:1:10:1 | functio ... xt();\\n} | | src/middleware-flow.js:17:24:21:5 | (req, r ... ;\\n } | src/middleware-flow.js:17:24:21:5 | (req, r ... ;\\n } | @@ -48,6 +51,9 @@ test_RouteSetup | src/express.js:16:3:18:4 | router. ... );\\n }) | src/express.js:2:11:2:19 | express() | false | | src/express.js:22:1:32:2 | app.pos ... r');\\n}) | src/express.js:2:11:2:19 | express() | false | | src/express.js:46:1:51:2 | app.pos ... me];\\n}) | src/express.js:2:11:2:19 | express() | false | +| src/express.js:53:1:57:2 | app.get ... es);\\n}) | src/express.js:2:11:2:19 | express() | false | +| src/express.js:59:1:63:2 | app.get ... es);\\n}) | src/express.js:2:11:2:19 | express() | false | +| src/express.js:65:1:69:2 | app.get ... es);\\n}) | src/express.js:2:11:2:19 | express() | false | | src/inheritedFromNode.js:4:1:8:2 | app.pos ... url;\\n}) | src/inheritedFromNode.js:2:11:2:19 | express() | false | | src/middleware-flow.js:13:5:13:25 | router. ... tallDb) | src/middleware-flow.js:2:13:2:21 | express() | true | | src/middleware-flow.js:17:5:21:6 | router. ... \\n }) | src/middleware-flow.js:2:13:2:21 | express() | false | @@ -107,6 +113,9 @@ test_RouteSetup_getLastRouteHandlerExpr | src/express.js:39:1:39:21 | app.use ... dler()) | src/express.js:39:9:39:20 | getHandler() | | src/express.js:44:1:44:26 | app.use ... dler()) | src/express.js:44:9:44:25 | getArrowHandler() | | src/express.js:46:1:51:2 | app.pos ... me];\\n}) | src/express.js:46:22:51:1 | functio ... ame];\\n} | +| src/express.js:53:1:57:2 | app.get ... es);\\n}) | src/express.js:53:23:57:1 | functio ... res);\\n} | +| src/express.js:59:1:63:2 | app.get ... es);\\n}) | src/express.js:59:23:63:1 | functio ... res);\\n} | +| src/express.js:65:1:69:2 | app.get ... es);\\n}) | src/express.js:65:27:69:1 | functio ... res);\\n} | | src/inheritedFromNode.js:4:1:8:2 | app.pos ... url;\\n}) | src/inheritedFromNode.js:4:15:8:1 | functio ... .url;\\n} | | src/middleware-flow.js:13:5:13:25 | router. ... tallDb) | src/middleware-flow.js:13:16:13:24 | installDb | | src/middleware-flow.js:17:5:21:6 | router. ... \\n }) | src/middleware-flow.js:17:24:21:5 | (req, r ... ;\\n } | @@ -753,7 +762,28 @@ test_RouterDefinition_getMiddlewareStackAt | src/express.js:2:11:2:19 | express() | src/express.js:46:5:46:8 | post | src/express.js:44:9:44:25 | getArrowHandler() | | src/express.js:2:11:2:19 | express() | src/express.js:46:10:46:19 | '/headers' | src/express.js:44:9:44:25 | getArrowHandler() | | src/express.js:2:11:2:19 | express() | src/express.js:46:22:51:1 | functio ... ame];\\n} | src/express.js:44:9:44:25 | getArrowHandler() | -| src/express.js:2:11:2:19 | express() | src/express.js:52:1:52:0 | exit node of | src/express.js:44:9:44:25 | getArrowHandler() | +| src/express.js:2:11:2:19 | express() | src/express.js:53:1:53:3 | app | src/express.js:44:9:44:25 | getArrowHandler() | +| src/express.js:2:11:2:19 | express() | src/express.js:53:1:53:7 | app.get | src/express.js:44:9:44:25 | getArrowHandler() | +| src/express.js:2:11:2:19 | express() | src/express.js:53:1:57:2 | app.get ... es);\\n}) | src/express.js:44:9:44:25 | getArrowHandler() | +| src/express.js:2:11:2:19 | express() | src/express.js:53:1:57:3 | app.get ... s);\\n}); | src/express.js:44:9:44:25 | getArrowHandler() | +| src/express.js:2:11:2:19 | express() | src/express.js:53:5:53:7 | get | src/express.js:44:9:44:25 | getArrowHandler() | +| src/express.js:2:11:2:19 | express() | src/express.js:53:9:53:20 | '/some/xss1' | src/express.js:44:9:44:25 | getArrowHandler() | +| src/express.js:2:11:2:19 | express() | src/express.js:53:23:57:1 | functio ... res);\\n} | src/express.js:44:9:44:25 | getArrowHandler() | +| src/express.js:2:11:2:19 | express() | src/express.js:59:1:59:3 | app | src/express.js:44:9:44:25 | getArrowHandler() | +| src/express.js:2:11:2:19 | express() | src/express.js:59:1:59:7 | app.get | src/express.js:44:9:44:25 | getArrowHandler() | +| src/express.js:2:11:2:19 | express() | src/express.js:59:1:63:2 | app.get ... es);\\n}) | src/express.js:44:9:44:25 | getArrowHandler() | +| src/express.js:2:11:2:19 | express() | src/express.js:59:1:63:3 | app.get ... s);\\n}); | src/express.js:44:9:44:25 | getArrowHandler() | +| src/express.js:2:11:2:19 | express() | src/express.js:59:5:59:7 | get | src/express.js:44:9:44:25 | getArrowHandler() | +| src/express.js:2:11:2:19 | express() | src/express.js:59:9:59:20 | '/some/xss2' | src/express.js:44:9:44:25 | getArrowHandler() | +| src/express.js:2:11:2:19 | express() | src/express.js:59:23:63:1 | functio ... res);\\n} | src/express.js:44:9:44:25 | getArrowHandler() | +| src/express.js:2:11:2:19 | express() | src/express.js:65:1:65:3 | app | src/express.js:44:9:44:25 | getArrowHandler() | +| src/express.js:2:11:2:19 | express() | src/express.js:65:1:65:7 | app.get | src/express.js:44:9:44:25 | getArrowHandler() | +| src/express.js:2:11:2:19 | express() | src/express.js:65:1:69:2 | app.get ... es);\\n}) | src/express.js:44:9:44:25 | getArrowHandler() | +| src/express.js:2:11:2:19 | express() | src/express.js:65:1:69:3 | app.get ... s);\\n}); | src/express.js:44:9:44:25 | getArrowHandler() | +| src/express.js:2:11:2:19 | express() | src/express.js:65:5:65:7 | get | src/express.js:44:9:44:25 | getArrowHandler() | +| src/express.js:2:11:2:19 | express() | src/express.js:65:9:65:24 | '/some/non-xss1' | src/express.js:44:9:44:25 | getArrowHandler() | +| src/express.js:2:11:2:19 | express() | src/express.js:65:27:69:1 | functio ... res);\\n} | src/express.js:44:9:44:25 | getArrowHandler() | +| src/express.js:2:11:2:19 | express() | src/express.js:70:1:70:0 | exit node of | src/express.js:44:9:44:25 | getArrowHandler() | | src/middleware-flow.js:2:13:2:21 | express() | src/middleware-flow.js:13:5:13:25 | router. ... tallDb) | src/middleware-flow.js:13:16:13:24 | installDb | | src/middleware-flow.js:2:13:2:21 | express() | src/middleware-flow.js:14:2:14:1 | exit node of functio ... lDb);\\n} | src/middleware-flow.js:13:16:13:24 | installDb | | src/subrouter.js:2:11:2:19 | express() | src/subrouter.js:4:1:4:26 | app.use ... rotect) | src/subrouter.js:4:19:4:25 | protect | @@ -872,14 +902,23 @@ test_isRequest | src/express.js:28:3:28:5 | req | | src/express.js:29:3:29:5 | req | | src/express.js:30:3:30:5 | req | -| src/express.js:37:22:37:24 | req | -| src/express.js:42:13:42:15 | req | +| src/express.js:37:19:37:21 | req | +| src/express.js:42:11:42:13 | req | | src/express.js:46:31:46:33 | req | | src/express.js:46:31:46:33 | req | | src/express.js:47:3:47:5 | req | | src/express.js:48:3:48:5 | req | | src/express.js:49:3:49:5 | req | | src/express.js:50:3:50:5 | req | +| src/express.js:53:32:53:34 | req | +| src/express.js:53:32:53:34 | req | +| src/express.js:55:12:55:14 | req | +| src/express.js:59:32:59:34 | req | +| src/express.js:59:32:59:34 | req | +| src/express.js:61:12:61:14 | req | +| src/express.js:65:36:65:38 | req | +| src/express.js:65:36:65:38 | req | +| src/express.js:67:12:67:14 | req | | src/inheritedFromNode.js:4:24:4:26 | req | | src/inheritedFromNode.js:4:24:4:26 | req | | src/inheritedFromNode.js:7:2:7:4 | req | @@ -974,6 +1013,9 @@ test_RouteSetup_getRouter | src/express.js:39:1:39:21 | app.use ... dler()) | src/express.js:2:11:2:19 | express() | | src/express.js:44:1:44:26 | app.use ... dler()) | src/express.js:2:11:2:19 | express() | | src/express.js:46:1:51:2 | app.pos ... me];\\n}) | src/express.js:2:11:2:19 | express() | +| src/express.js:53:1:57:2 | app.get ... es);\\n}) | src/express.js:2:11:2:19 | express() | +| src/express.js:59:1:63:2 | app.get ... es);\\n}) | src/express.js:2:11:2:19 | express() | +| src/express.js:65:1:69:2 | app.get ... es);\\n}) | src/express.js:2:11:2:19 | express() | | src/inheritedFromNode.js:4:1:8:2 | app.pos ... url;\\n}) | src/inheritedFromNode.js:2:11:2:19 | express() | | src/middleware-flow.js:13:5:13:25 | router. ... tallDb) | src/middleware-flow.js:2:13:2:21 | express() | | src/middleware-flow.js:17:5:21:6 | router. ... \\n }) | src/middleware-flow.js:2:13:2:21 | express() | @@ -1022,6 +1064,9 @@ test_StandardRouteHandler | src/express.js:16:19:18:3 | functio ... ");\\n } | src/express.js:2:11:2:19 | express() | src/express.js:16:28:16:30 | req | src/express.js:16:33:16:35 | res | | src/express.js:22:30:32:1 | functio ... ar');\\n} | src/express.js:2:11:2:19 | express() | src/express.js:22:39:22:41 | req | src/express.js:22:44:22:46 | res | | src/express.js:46:22:51:1 | functio ... ame];\\n} | src/express.js:2:11:2:19 | express() | src/express.js:46:31:46:33 | req | src/express.js:46:36:46:38 | res | +| src/express.js:53:23:57:1 | functio ... res);\\n} | src/express.js:2:11:2:19 | express() | src/express.js:53:32:53:34 | req | src/express.js:53:37:53:39 | res | +| src/express.js:59:23:63:1 | functio ... res);\\n} | src/express.js:2:11:2:19 | express() | src/express.js:59:32:59:34 | req | src/express.js:59:37:59:39 | res | +| src/express.js:65:27:69:1 | functio ... res);\\n} | src/express.js:2:11:2:19 | express() | src/express.js:65:36:65:38 | req | src/express.js:65:41:65:43 | res | | src/inheritedFromNode.js:4:15:8:1 | functio ... .url;\\n} | src/inheritedFromNode.js:2:11:2:19 | express() | src/inheritedFromNode.js:4:24:4:26 | req | src/inheritedFromNode.js:4:29:4:31 | res | | src/middleware-flow.js:5:1:10:1 | functio ... xt();\\n} | src/middleware-flow.js:2:13:2:21 | express() | src/middleware-flow.js:5:20:5:22 | req | src/middleware-flow.js:5:25:5:27 | res | | src/middleware-flow.js:17:24:21:5 | (req, r ... ;\\n } | src/middleware-flow.js:2:13:2:21 | express() | src/middleware-flow.js:17:25:17:27 | req | src/middleware-flow.js:17:30:17:32 | res | @@ -1054,6 +1099,9 @@ test_RequestInputAccess | src/express.js:48:3:48:10 | req.host | header | src/express.js:46:22:51:1 | functio ... ame];\\n} | | src/express.js:49:3:49:14 | req.hostname | header | src/express.js:46:22:51:1 | functio ... ame];\\n} | | src/express.js:50:3:50:32 | req.hea ... erName] | header | src/express.js:46:22:51:1 | functio ... ame];\\n} | +| src/express.js:55:12:55:25 | req.params.foo | parameter | src/express.js:53:23:57:1 | functio ... res);\\n} | +| src/express.js:61:12:61:25 | req.params.foo | parameter | src/express.js:59:23:63:1 | functio ... res);\\n} | +| src/express.js:67:12:67:25 | req.params.foo | parameter | src/express.js:65:27:69:1 | functio ... res);\\n} | | src/inheritedFromNode.js:7:2:7:8 | req.url | url | src/inheritedFromNode.js:4:15:8:1 | functio ... .url;\\n} | | src/params.js:4:35:4:39 | value | parameter | src/params.js:4:18:12:1 | (req, r ... }\\n} | | src/params.js:5:17:5:28 | req.query.xx | parameter | src/params.js:4:18:12:1 | (req, r ... }\\n} | @@ -1066,6 +1114,12 @@ test_RouteHandler_getAResponseHeader | src/express.js:4:23:9:1 | functio ... res);\\n} | access-control-allow-credentials | src/express.js:12:3:12:54 | arg.hea ... , true) | | src/express.js:4:23:9:1 | functio ... res);\\n} | content-type | src/express.js:7:3:7:42 | res.hea ... plain") | | src/express.js:4:23:9:1 | functio ... res);\\n} | location | src/express.js:6:3:6:45 | res.hea ... rget")) | +| src/express.js:53:23:57:1 | functio ... res);\\n} | access-control-allow-credentials | src/express.js:12:3:12:54 | arg.hea ... , true) | +| src/express.js:53:23:57:1 | functio ... res);\\n} | content-type | src/express.js:54:3:54:41 | res.hea ... /html") | +| src/express.js:59:23:63:1 | functio ... res);\\n} | access-control-allow-credentials | src/express.js:12:3:12:54 | arg.hea ... , true) | +| src/express.js:59:23:63:1 | functio ... res);\\n} | content-type | src/express.js:60:3:60:47 | res.hea ... n/xml") | +| src/express.js:65:27:69:1 | functio ... res);\\n} | access-control-allow-credentials | src/express.js:12:3:12:54 | arg.hea ... , true) | +| src/express.js:65:27:69:1 | functio ... res);\\n} | content-type | src/express.js:66:3:66:42 | res.hea ... plain") | test_RouteSetup_handlesSameRequestMethodAs | src/csurf-example.js:13:1:13:20 | app.use('/api', api) | src/csurf-example.js:16:1:16:51 | app.use ... lse })) | | src/csurf-example.js:13:1:13:20 | app.use('/api', api) | src/csurf-example.js:17:1:17:23 | app.use ... rser()) | @@ -1099,6 +1153,9 @@ test_RouteSetup_handlesSameRequestMethodAs | src/csurf-example.js:32:3:34:4 | router. ... ')\\n }) | src/csurf-example.js:40:1:40:49 | app.pos ... es) {}) | test_HeaderDefinition_defines | src/express.js:7:3:7:42 | res.hea ... plain") | content-type | text/plain | +| src/express.js:54:3:54:41 | res.hea ... /html") | content-type | text/html | +| src/express.js:60:3:60:47 | res.hea ... n/xml") | content-type | application/xml | +| src/express.js:66:3:66:42 | res.hea ... plain") | content-type | text/plain | test_ResponseExpr | src/advanced-routehandler-registration.js:6:12:6:14 | res | src/advanced-routehandler-registration.js:6:6:6:35 | (req, r ... og(req) | | src/advanced-routehandler-registration.js:7:12:7:14 | res | src/advanced-routehandler-registration.js:7:6:7:35 | (req, r ... og(req) | @@ -1203,8 +1260,20 @@ test_ResponseExpr | src/express.js:8:7:8:9 | res | src/express.js:4:23:9:1 | functio ... res);\\n} | | src/express.js:11:14:11:16 | arg | src/express.js:4:23:9:1 | functio ... res);\\n} | | src/express.js:11:14:11:16 | arg | src/express.js:4:23:9:1 | functio ... res);\\n} | +| src/express.js:11:14:11:16 | arg | src/express.js:53:23:57:1 | functio ... res);\\n} | +| src/express.js:11:14:11:16 | arg | src/express.js:53:23:57:1 | functio ... res);\\n} | +| src/express.js:11:14:11:16 | arg | src/express.js:59:23:63:1 | functio ... res);\\n} | +| src/express.js:11:14:11:16 | arg | src/express.js:59:23:63:1 | functio ... res);\\n} | +| src/express.js:11:14:11:16 | arg | src/express.js:65:27:69:1 | functio ... res);\\n} | +| src/express.js:11:14:11:16 | arg | src/express.js:65:27:69:1 | functio ... res);\\n} | | src/express.js:12:3:12:5 | arg | src/express.js:4:23:9:1 | functio ... res);\\n} | +| src/express.js:12:3:12:5 | arg | src/express.js:53:23:57:1 | functio ... res);\\n} | +| src/express.js:12:3:12:5 | arg | src/express.js:59:23:63:1 | functio ... res);\\n} | +| src/express.js:12:3:12:5 | arg | src/express.js:65:27:69:1 | functio ... res);\\n} | | src/express.js:12:3:12:54 | arg.hea ... , true) | src/express.js:4:23:9:1 | functio ... res);\\n} | +| src/express.js:12:3:12:54 | arg.hea ... , true) | src/express.js:53:23:57:1 | functio ... res);\\n} | +| src/express.js:12:3:12:54 | arg.hea ... , true) | src/express.js:59:23:63:1 | functio ... res);\\n} | +| src/express.js:12:3:12:54 | arg.hea ... , true) | src/express.js:65:27:69:1 | functio ... res);\\n} | | src/express.js:16:33:16:35 | res | src/express.js:16:19:18:3 | functio ... ");\\n } | | src/express.js:16:33:16:35 | res | src/express.js:16:19:18:3 | functio ... ");\\n } | | src/express.js:17:5:17:7 | res | src/express.js:16:19:18:3 | functio ... ");\\n } | @@ -1213,9 +1282,30 @@ test_ResponseExpr | src/express.js:22:44:22:46 | res | src/express.js:22:30:32:1 | functio ... ar');\\n} | | src/express.js:31:3:31:5 | res | src/express.js:22:30:32:1 | functio ... ar');\\n} | | src/express.js:31:3:31:26 | res.coo ... 'bar') | src/express.js:22:30:32:1 | functio ... ar');\\n} | -| src/express.js:37:27:37:29 | res | src/express.js:37:12:37:32 | functio ... res){} | -| src/express.js:42:18:42:20 | res | src/express.js:42:12:42:28 | (req, res) => f() | +| src/express.js:37:24:37:26 | res | src/express.js:37:10:37:31 | functio ... es) { } | +| src/express.js:42:16:42:18 | res | src/express.js:42:10:42:26 | (req, res) => f() | | src/express.js:46:36:46:38 | res | src/express.js:46:22:51:1 | functio ... ame];\\n} | +| src/express.js:53:37:53:39 | res | src/express.js:53:23:57:1 | functio ... res);\\n} | +| src/express.js:53:37:53:39 | res | src/express.js:53:23:57:1 | functio ... res);\\n} | +| src/express.js:54:3:54:5 | res | src/express.js:53:23:57:1 | functio ... res);\\n} | +| src/express.js:54:3:54:41 | res.hea ... /html") | src/express.js:53:23:57:1 | functio ... res);\\n} | +| src/express.js:55:3:55:5 | res | src/express.js:53:23:57:1 | functio ... res);\\n} | +| src/express.js:55:3:55:26 | res.sen ... ms.foo) | src/express.js:53:23:57:1 | functio ... res);\\n} | +| src/express.js:56:7:56:9 | res | src/express.js:53:23:57:1 | functio ... res);\\n} | +| src/express.js:59:37:59:39 | res | src/express.js:59:23:63:1 | functio ... res);\\n} | +| src/express.js:59:37:59:39 | res | src/express.js:59:23:63:1 | functio ... res);\\n} | +| src/express.js:60:3:60:5 | res | src/express.js:59:23:63:1 | functio ... res);\\n} | +| src/express.js:60:3:60:47 | res.hea ... n/xml") | src/express.js:59:23:63:1 | functio ... res);\\n} | +| src/express.js:61:3:61:5 | res | src/express.js:59:23:63:1 | functio ... res);\\n} | +| src/express.js:61:3:61:26 | res.sen ... ms.foo) | src/express.js:59:23:63:1 | functio ... res);\\n} | +| src/express.js:62:7:62:9 | res | src/express.js:59:23:63:1 | functio ... res);\\n} | +| src/express.js:65:41:65:43 | res | src/express.js:65:27:69:1 | functio ... res);\\n} | +| src/express.js:65:41:65:43 | res | src/express.js:65:27:69:1 | functio ... res);\\n} | +| src/express.js:66:3:66:5 | res | src/express.js:65:27:69:1 | functio ... res);\\n} | +| src/express.js:66:3:66:42 | res.hea ... plain") | src/express.js:65:27:69:1 | functio ... res);\\n} | +| src/express.js:67:3:67:5 | res | src/express.js:65:27:69:1 | functio ... res);\\n} | +| src/express.js:67:3:67:26 | res.sen ... ms.foo) | src/express.js:65:27:69:1 | functio ... res);\\n} | +| src/express.js:68:7:68:9 | res | src/express.js:65:27:69:1 | functio ... res);\\n} | | src/inheritedFromNode.js:4:29:4:31 | res | src/inheritedFromNode.js:4:15:8:1 | functio ... .url;\\n} | | src/inheritedFromNode.js:4:29:4:31 | res | src/inheritedFromNode.js:4:15:8:1 | functio ... .url;\\n} | | src/inheritedFromNode.js:5:2:5:4 | res | src/inheritedFromNode.js:4:15:8:1 | functio ... .url;\\n} | @@ -1311,6 +1401,9 @@ test_RouterDefinition_getARouteHandler | src/express.js:2:11:2:19 | express() | src/express.js:16:19:18:3 | functio ... ");\\n } | | src/express.js:2:11:2:19 | express() | src/express.js:22:30:32:1 | functio ... ar');\\n} | | src/express.js:2:11:2:19 | express() | src/express.js:46:22:51:1 | functio ... ame];\\n} | +| src/express.js:2:11:2:19 | express() | src/express.js:53:23:57:1 | functio ... res);\\n} | +| src/express.js:2:11:2:19 | express() | src/express.js:59:23:63:1 | functio ... res);\\n} | +| src/express.js:2:11:2:19 | express() | src/express.js:65:27:69:1 | functio ... res);\\n} | | src/inheritedFromNode.js:2:11:2:19 | express() | src/inheritedFromNode.js:4:15:8:1 | functio ... .url;\\n} | | src/middleware-flow.js:2:13:2:21 | express() | src/middleware-flow.js:5:1:10:1 | functio ... xt();\\n} | | src/middleware-flow.js:2:13:2:21 | express() | src/middleware-flow.js:17:24:21:5 | (req, r ... ;\\n } | @@ -1374,12 +1467,21 @@ test_RouteHandlerExpr_getNextMiddleware | src/express.js:39:9:39:20 | getHandler() | src/express.js:44:9:44:25 | getArrowHandler() | | src/express.js:44:9:44:25 | getArrowHandler() | src/express.js:16:19:18:3 | functio ... ");\\n } | | src/express.js:44:9:44:25 | getArrowHandler() | src/express.js:46:22:51:1 | functio ... ame];\\n} | +| src/express.js:44:9:44:25 | getArrowHandler() | src/express.js:53:23:57:1 | functio ... res);\\n} | +| src/express.js:44:9:44:25 | getArrowHandler() | src/express.js:59:23:63:1 | functio ... res);\\n} | +| src/express.js:44:9:44:25 | getArrowHandler() | src/express.js:65:27:69:1 | functio ... res);\\n} | | src/subrouter.js:4:19:4:25 | protect | src/subrouter.js:5:14:5:28 | makeSubRouter() | test_HeaderDefinition | src/express3.js:5:3:5:51 | res.hea ... "val")) | src/express3.js:4:23:7:1 | functio ... al");\\n} | | src/express.js:6:3:6:45 | res.hea ... rget")) | src/express.js:4:23:9:1 | functio ... res);\\n} | | src/express.js:7:3:7:42 | res.hea ... plain") | src/express.js:4:23:9:1 | functio ... res);\\n} | | src/express.js:12:3:12:54 | arg.hea ... , true) | src/express.js:4:23:9:1 | functio ... res);\\n} | +| src/express.js:12:3:12:54 | arg.hea ... , true) | src/express.js:53:23:57:1 | functio ... res);\\n} | +| src/express.js:12:3:12:54 | arg.hea ... , true) | src/express.js:59:23:63:1 | functio ... res);\\n} | +| src/express.js:12:3:12:54 | arg.hea ... , true) | src/express.js:65:27:69:1 | functio ... res);\\n} | +| src/express.js:54:3:54:41 | res.hea ... /html") | src/express.js:53:23:57:1 | functio ... res);\\n} | +| src/express.js:60:3:60:47 | res.hea ... n/xml") | src/express.js:59:23:63:1 | functio ... res);\\n} | +| src/express.js:66:3:66:42 | res.hea ... plain") | src/express.js:65:27:69:1 | functio ... res);\\n} | | src/inheritedFromNode.js:6:2:6:16 | res.setHeader() | src/inheritedFromNode.js:4:15:8:1 | functio ... .url;\\n} | | src/responseExprs.js:19:5:19:16 | res.append() | src/responseExprs.js:16:30:42:1 | functio ... }\\n} | | src/responseExprs.js:37:5:37:28 | f(res.a ... ppend() | src/responseExprs.js:16:30:42:1 | functio ... }\\n} | @@ -1411,6 +1513,9 @@ test_RouteSetup_getServer | src/express.js:16:3:18:4 | router. ... );\\n }) | src/express.js:2:11:2:19 | express() | | src/express.js:22:1:32:2 | app.pos ... r');\\n}) | src/express.js:2:11:2:19 | express() | | src/express.js:46:1:51:2 | app.pos ... me];\\n}) | src/express.js:2:11:2:19 | express() | +| src/express.js:53:1:57:2 | app.get ... es);\\n}) | src/express.js:2:11:2:19 | express() | +| src/express.js:59:1:63:2 | app.get ... es);\\n}) | src/express.js:2:11:2:19 | express() | +| src/express.js:65:1:69:2 | app.get ... es);\\n}) | src/express.js:2:11:2:19 | express() | | src/inheritedFromNode.js:4:1:8:2 | app.pos ... url;\\n}) | src/inheritedFromNode.js:2:11:2:19 | express() | | src/middleware-flow.js:13:5:13:25 | router. ... tallDb) | src/middleware-flow.js:2:13:2:21 | express() | | src/middleware-flow.js:17:5:21:6 | router. ... \\n }) | src/middleware-flow.js:2:13:2:21 | express() | @@ -1426,6 +1531,9 @@ test_HeaderDefinition_getAHeaderName | src/express.js:6:3:6:45 | res.hea ... rget")) | location | | src/express.js:7:3:7:42 | res.hea ... plain") | content-type | | src/express.js:12:3:12:54 | arg.hea ... , true) | access-control-allow-credentials | +| src/express.js:54:3:54:41 | res.hea ... /html") | content-type | +| src/express.js:60:3:60:47 | res.hea ... n/xml") | content-type | +| src/express.js:66:3:66:42 | res.hea ... plain") | content-type | test_HeaderAccess | src/express.js:28:3:28:16 | req.get("foo") | foo | | src/express.js:29:3:29:19 | req.header("bar") | bar | @@ -1485,6 +1593,9 @@ test_RouteHandlerExpr | src/express.js:39:9:39:20 | getHandler() | src/express.js:39:1:39:21 | app.use ... dler()) | false | | src/express.js:44:9:44:25 | getArrowHandler() | src/express.js:44:1:44:26 | app.use ... dler()) | false | | src/express.js:46:22:51:1 | functio ... ame];\\n} | src/express.js:46:1:51:2 | app.pos ... me];\\n}) | true | +| src/express.js:53:23:57:1 | functio ... res);\\n} | src/express.js:53:1:57:2 | app.get ... es);\\n}) | true | +| src/express.js:59:23:63:1 | functio ... res);\\n} | src/express.js:59:1:63:2 | app.get ... es);\\n}) | true | +| src/express.js:65:27:69:1 | functio ... res);\\n} | src/express.js:65:1:69:2 | app.get ... es);\\n}) | true | | src/inheritedFromNode.js:4:15:8:1 | functio ... .url;\\n} | src/inheritedFromNode.js:4:1:8:2 | app.pos ... url;\\n}) | true | | src/middleware-flow.js:13:16:13:24 | installDb | src/middleware-flow.js:13:5:13:25 | router. ... tallDb) | false | | src/middleware-flow.js:17:24:21:5 | (req, r ... ;\\n } | src/middleware-flow.js:17:5:21:6 | router. ... \\n }) | true | @@ -1539,6 +1650,9 @@ test_HeaderDefinition_getNameExpr | src/express.js:6:3:6:45 | res.hea ... rget")) | src/express.js:6:14:6:23 | "Location" | | src/express.js:7:3:7:42 | res.hea ... plain") | src/express.js:7:14:7:27 | "Content-Type" | | src/express.js:12:3:12:54 | arg.hea ... , true) | src/express.js:12:14:12:47 | "Access ... ntials" | +| src/express.js:54:3:54:41 | res.hea ... /html") | src/express.js:54:14:54:27 | "Content-Type" | +| src/express.js:60:3:60:47 | res.hea ... n/xml") | src/express.js:60:14:60:27 | "Content-Type" | +| src/express.js:66:3:66:42 | res.hea ... plain") | src/express.js:66:14:66:27 | "Content-Type" | test_appCreation | src/advanced-routehandler-registration.js:2:11:2:19 | express() | | src/auth.js:1:13:1:32 | require('express')() | @@ -1586,6 +1700,9 @@ test_RouteSetup_getRequestMethod | src/express.js:22:1:32:2 | app.pos ... r');\\n}) | POST | | src/express.js:34:1:34:53 | app.get ... andler) | GET | | src/express.js:46:1:51:2 | app.pos ... me];\\n}) | POST | +| src/express.js:53:1:57:2 | app.get ... es);\\n}) | GET | +| src/express.js:59:1:63:2 | app.get ... es);\\n}) | GET | +| src/express.js:65:1:69:2 | app.get ... es);\\n}) | GET | | src/inheritedFromNode.js:4:1:8:2 | app.pos ... url;\\n}) | POST | | src/middleware-flow.js:17:5:21:6 | router. ... \\n }) | GET | | src/middleware-flow.js:27:9:27:33 | router. ... ers[p]) | GET | @@ -1714,9 +1831,42 @@ test_RouteHandler_getAResponseExpr | src/express.js:22:30:32:1 | functio ... ar');\\n} | src/express.js:22:44:22:46 | res | | src/express.js:22:30:32:1 | functio ... ar');\\n} | src/express.js:31:3:31:5 | res | | src/express.js:22:30:32:1 | functio ... ar');\\n} | src/express.js:31:3:31:26 | res.coo ... 'bar') | -| src/express.js:37:12:37:32 | functio ... res){} | src/express.js:37:27:37:29 | res | -| src/express.js:42:12:42:28 | (req, res) => f() | src/express.js:42:18:42:20 | res | +| src/express.js:37:10:37:31 | functio ... es) { } | src/express.js:37:24:37:26 | res | +| src/express.js:42:10:42:26 | (req, res) => f() | src/express.js:42:16:42:18 | res | | src/express.js:46:22:51:1 | functio ... ame];\\n} | src/express.js:46:36:46:38 | res | +| src/express.js:53:23:57:1 | functio ... res);\\n} | src/express.js:11:14:11:16 | arg | +| src/express.js:53:23:57:1 | functio ... res);\\n} | src/express.js:11:14:11:16 | arg | +| src/express.js:53:23:57:1 | functio ... res);\\n} | src/express.js:12:3:12:5 | arg | +| src/express.js:53:23:57:1 | functio ... res);\\n} | src/express.js:12:3:12:54 | arg.hea ... , true) | +| src/express.js:53:23:57:1 | functio ... res);\\n} | src/express.js:53:37:53:39 | res | +| src/express.js:53:23:57:1 | functio ... res);\\n} | src/express.js:53:37:53:39 | res | +| src/express.js:53:23:57:1 | functio ... res);\\n} | src/express.js:54:3:54:5 | res | +| src/express.js:53:23:57:1 | functio ... res);\\n} | src/express.js:54:3:54:41 | res.hea ... /html") | +| src/express.js:53:23:57:1 | functio ... res);\\n} | src/express.js:55:3:55:5 | res | +| src/express.js:53:23:57:1 | functio ... res);\\n} | src/express.js:55:3:55:26 | res.sen ... ms.foo) | +| src/express.js:53:23:57:1 | functio ... res);\\n} | src/express.js:56:7:56:9 | res | +| src/express.js:59:23:63:1 | functio ... res);\\n} | src/express.js:11:14:11:16 | arg | +| src/express.js:59:23:63:1 | functio ... res);\\n} | src/express.js:11:14:11:16 | arg | +| src/express.js:59:23:63:1 | functio ... res);\\n} | src/express.js:12:3:12:5 | arg | +| src/express.js:59:23:63:1 | functio ... res);\\n} | src/express.js:12:3:12:54 | arg.hea ... , true) | +| src/express.js:59:23:63:1 | functio ... res);\\n} | src/express.js:59:37:59:39 | res | +| src/express.js:59:23:63:1 | functio ... res);\\n} | src/express.js:59:37:59:39 | res | +| src/express.js:59:23:63:1 | functio ... res);\\n} | src/express.js:60:3:60:5 | res | +| src/express.js:59:23:63:1 | functio ... res);\\n} | src/express.js:60:3:60:47 | res.hea ... n/xml") | +| src/express.js:59:23:63:1 | functio ... res);\\n} | src/express.js:61:3:61:5 | res | +| src/express.js:59:23:63:1 | functio ... res);\\n} | src/express.js:61:3:61:26 | res.sen ... ms.foo) | +| src/express.js:59:23:63:1 | functio ... res);\\n} | src/express.js:62:7:62:9 | res | +| src/express.js:65:27:69:1 | functio ... res);\\n} | src/express.js:11:14:11:16 | arg | +| src/express.js:65:27:69:1 | functio ... res);\\n} | src/express.js:11:14:11:16 | arg | +| src/express.js:65:27:69:1 | functio ... res);\\n} | src/express.js:12:3:12:5 | arg | +| src/express.js:65:27:69:1 | functio ... res);\\n} | src/express.js:12:3:12:54 | arg.hea ... , true) | +| src/express.js:65:27:69:1 | functio ... res);\\n} | src/express.js:65:41:65:43 | res | +| src/express.js:65:27:69:1 | functio ... res);\\n} | src/express.js:65:41:65:43 | res | +| src/express.js:65:27:69:1 | functio ... res);\\n} | src/express.js:66:3:66:5 | res | +| src/express.js:65:27:69:1 | functio ... res);\\n} | src/express.js:66:3:66:42 | res.hea ... plain") | +| src/express.js:65:27:69:1 | functio ... res);\\n} | src/express.js:67:3:67:5 | res | +| src/express.js:65:27:69:1 | functio ... res);\\n} | src/express.js:67:3:67:26 | res.sen ... ms.foo) | +| src/express.js:65:27:69:1 | functio ... res);\\n} | src/express.js:68:7:68:9 | res | | src/inheritedFromNode.js:4:15:8:1 | functio ... .url;\\n} | src/inheritedFromNode.js:4:29:4:31 | res | | src/inheritedFromNode.js:4:15:8:1 | functio ... .url;\\n} | src/inheritedFromNode.js:4:29:4:31 | res | | src/inheritedFromNode.js:4:15:8:1 | functio ... .url;\\n} | src/inheritedFromNode.js:5:2:5:4 | res | @@ -1890,9 +2040,30 @@ test_isResponse | src/express.js:22:44:22:46 | res | | src/express.js:31:3:31:5 | res | | src/express.js:31:3:31:26 | res.coo ... 'bar') | -| src/express.js:37:27:37:29 | res | -| src/express.js:42:18:42:20 | res | +| src/express.js:37:24:37:26 | res | +| src/express.js:42:16:42:18 | res | | src/express.js:46:36:46:38 | res | +| src/express.js:53:37:53:39 | res | +| src/express.js:53:37:53:39 | res | +| src/express.js:54:3:54:5 | res | +| src/express.js:54:3:54:41 | res.hea ... /html") | +| src/express.js:55:3:55:5 | res | +| src/express.js:55:3:55:26 | res.sen ... ms.foo) | +| src/express.js:56:7:56:9 | res | +| src/express.js:59:37:59:39 | res | +| src/express.js:59:37:59:39 | res | +| src/express.js:60:3:60:5 | res | +| src/express.js:60:3:60:47 | res.hea ... n/xml") | +| src/express.js:61:3:61:5 | res | +| src/express.js:61:3:61:26 | res.sen ... ms.foo) | +| src/express.js:62:7:62:9 | res | +| src/express.js:65:41:65:43 | res | +| src/express.js:65:41:65:43 | res | +| src/express.js:66:3:66:5 | res | +| src/express.js:66:3:66:42 | res.hea ... plain") | +| src/express.js:67:3:67:5 | res | +| src/express.js:67:3:67:26 | res.sen ... ms.foo) | +| src/express.js:68:7:68:9 | res | | src/inheritedFromNode.js:4:29:4:31 | res | | src/inheritedFromNode.js:4:29:4:31 | res | | src/inheritedFromNode.js:5:2:5:4 | res | @@ -1976,6 +2147,9 @@ test_ResponseBody | src/express3.js:6:12:6:16 | "val" | src/express3.js:4:23:7:1 | functio ... al");\\n} | | src/express4.js:8:12:8:19 | dynamic1 | src/express4.js:4:23:9:1 | functio ... ic1);\\n} | | src/express.js:17:14:17:23 | "Go away." | src/express.js:16:19:18:3 | functio ... ");\\n } | +| src/express.js:55:12:55:25 | req.params.foo | src/express.js:53:23:57:1 | functio ... res);\\n} | +| src/express.js:61:12:61:25 | req.params.foo | src/express.js:59:23:63:1 | functio ... res);\\n} | +| src/express.js:67:12:67:25 | req.params.foo | src/express.js:65:27:69:1 | functio ... res);\\n} | | src/params.js:8:18:8:22 | value | src/params.js:4:18:12:1 | (req, r ... }\\n} | | src/params.js:15:12:15:18 | "Hello" | src/params.js:14:24:16:1 | functio ... lo");\\n} | test_ResponseSendArgument @@ -1984,6 +2158,9 @@ test_ResponseSendArgument | src/express3.js:6:12:6:16 | "val" | src/express3.js:4:23:7:1 | functio ... al");\\n} | | src/express4.js:8:12:8:19 | dynamic1 | src/express4.js:4:23:9:1 | functio ... ic1);\\n} | | src/express.js:17:14:17:23 | "Go away." | src/express.js:16:19:18:3 | functio ... ");\\n } | +| src/express.js:55:12:55:25 | req.params.foo | src/express.js:53:23:57:1 | functio ... res);\\n} | +| src/express.js:61:12:61:25 | req.params.foo | src/express.js:59:23:63:1 | functio ... res);\\n} | +| src/express.js:67:12:67:25 | req.params.foo | src/express.js:65:27:69:1 | functio ... res);\\n} | | src/params.js:8:18:8:22 | value | src/params.js:4:18:12:1 | (req, r ... }\\n} | | src/params.js:15:12:15:18 | "Hello" | src/params.js:14:24:16:1 | functio ... lo");\\n} | test_RouteSetup_getARouteHandler @@ -2078,12 +2255,15 @@ test_RouteSetup_getARouteHandler | src/express.js:34:1:34:53 | app.get ... andler) | src/exportedHandler.js:1:19:1:55 | functio ... res) {} | | src/express.js:34:1:34:53 | app.get ... andler) | src/express.js:34:14:34:52 | require ... handler | | src/express.js:39:1:39:21 | app.use ... dler()) | src/express.js:36:1:38:1 | return of function getHandler | -| src/express.js:39:1:39:21 | app.use ... dler()) | src/express.js:37:12:37:32 | functio ... res){} | +| src/express.js:39:1:39:21 | app.use ... dler()) | src/express.js:37:10:37:31 | functio ... es) { } | | src/express.js:39:1:39:21 | app.use ... dler()) | src/express.js:39:9:39:20 | getHandler() | | src/express.js:44:1:44:26 | app.use ... dler()) | src/express.js:41:1:43:1 | return of function getArrowHandler | -| src/express.js:44:1:44:26 | app.use ... dler()) | src/express.js:42:12:42:28 | (req, res) => f() | +| src/express.js:44:1:44:26 | app.use ... dler()) | src/express.js:42:10:42:26 | (req, res) => f() | | src/express.js:44:1:44:26 | app.use ... dler()) | src/express.js:44:9:44:25 | getArrowHandler() | | src/express.js:46:1:51:2 | app.pos ... me];\\n}) | src/express.js:46:22:51:1 | functio ... ame];\\n} | +| src/express.js:53:1:57:2 | app.get ... es);\\n}) | src/express.js:53:23:57:1 | functio ... res);\\n} | +| src/express.js:59:1:63:2 | app.get ... es);\\n}) | src/express.js:59:23:63:1 | functio ... res);\\n} | +| src/express.js:65:1:69:2 | app.get ... es);\\n}) | src/express.js:65:27:69:1 | functio ... res);\\n} | | src/inheritedFromNode.js:4:1:8:2 | app.pos ... url;\\n}) | src/inheritedFromNode.js:4:15:8:1 | functio ... .url;\\n} | | src/middleware-flow.js:13:5:13:25 | router. ... tallDb) | src/middleware-flow.js:5:1:10:1 | functio ... xt();\\n} | | src/middleware-flow.js:17:5:21:6 | router. ... \\n }) | src/middleware-flow.js:17:24:21:5 | (req, r ... ;\\n } | @@ -2304,6 +2484,12 @@ test_RouteHandlerExpr_getAMatchingAncestor | src/express.js:44:9:44:25 | getArrowHandler() | src/express.js:39:9:39:20 | getHandler() | | src/express.js:46:22:51:1 | functio ... ame];\\n} | src/express.js:39:9:39:20 | getHandler() | | src/express.js:46:22:51:1 | functio ... ame];\\n} | src/express.js:44:9:44:25 | getArrowHandler() | +| src/express.js:53:23:57:1 | functio ... res);\\n} | src/express.js:39:9:39:20 | getHandler() | +| src/express.js:53:23:57:1 | functio ... res);\\n} | src/express.js:44:9:44:25 | getArrowHandler() | +| src/express.js:59:23:63:1 | functio ... res);\\n} | src/express.js:39:9:39:20 | getHandler() | +| src/express.js:59:23:63:1 | functio ... res);\\n} | src/express.js:44:9:44:25 | getArrowHandler() | +| src/express.js:65:27:69:1 | functio ... res);\\n} | src/express.js:39:9:39:20 | getHandler() | +| src/express.js:65:27:69:1 | functio ... res);\\n} | src/express.js:44:9:44:25 | getArrowHandler() | test_isRouterCreation | es6-imported-router.js:3:1:3:12 | new Router() | | src/advanced-routehandler-registration.js:2:11:2:19 | express() | @@ -2380,6 +2566,9 @@ test_RouteSetup_getRouteHandlerExpr | src/express.js:39:1:39:21 | app.use ... dler()) | 0 | src/express.js:39:9:39:20 | getHandler() | | src/express.js:44:1:44:26 | app.use ... dler()) | 0 | src/express.js:44:9:44:25 | getArrowHandler() | | src/express.js:46:1:51:2 | app.pos ... me];\\n}) | 0 | src/express.js:46:22:51:1 | functio ... ame];\\n} | +| src/express.js:53:1:57:2 | app.get ... es);\\n}) | 0 | src/express.js:53:23:57:1 | functio ... res);\\n} | +| src/express.js:59:1:63:2 | app.get ... es);\\n}) | 0 | src/express.js:59:23:63:1 | functio ... res);\\n} | +| src/express.js:65:1:69:2 | app.get ... es);\\n}) | 0 | src/express.js:65:27:69:1 | functio ... res);\\n} | | src/inheritedFromNode.js:4:1:8:2 | app.pos ... url;\\n}) | 0 | src/inheritedFromNode.js:4:15:8:1 | functio ... .url;\\n} | | src/middleware-flow.js:13:5:13:25 | router. ... tallDb) | 0 | src/middleware-flow.js:13:16:13:24 | installDb | | src/middleware-flow.js:17:5:21:6 | router. ... \\n }) | 0 | src/middleware-flow.js:17:24:21:5 | (req, r ... ;\\n } | @@ -2474,9 +2663,12 @@ test_RouteHandler | src/express.js:4:23:9:1 | functio ... res);\\n} | src/express.js:4:32:4:34 | req | src/express.js:4:37:4:39 | res | | src/express.js:16:19:18:3 | functio ... ");\\n } | src/express.js:16:28:16:30 | req | src/express.js:16:33:16:35 | res | | src/express.js:22:30:32:1 | functio ... ar');\\n} | src/express.js:22:39:22:41 | req | src/express.js:22:44:22:46 | res | -| src/express.js:37:12:37:32 | functio ... res){} | src/express.js:37:22:37:24 | req | src/express.js:37:27:37:29 | res | -| src/express.js:42:12:42:28 | (req, res) => f() | src/express.js:42:13:42:15 | req | src/express.js:42:18:42:20 | res | +| src/express.js:37:10:37:31 | functio ... es) { } | src/express.js:37:19:37:21 | req | src/express.js:37:24:37:26 | res | +| src/express.js:42:10:42:26 | (req, res) => f() | src/express.js:42:11:42:13 | req | src/express.js:42:16:42:18 | res | | src/express.js:46:22:51:1 | functio ... ame];\\n} | src/express.js:46:31:46:33 | req | src/express.js:46:36:46:38 | res | +| src/express.js:53:23:57:1 | functio ... res);\\n} | src/express.js:53:32:53:34 | req | src/express.js:53:37:53:39 | res | +| src/express.js:59:23:63:1 | functio ... res);\\n} | src/express.js:59:32:59:34 | req | src/express.js:59:37:59:39 | res | +| src/express.js:65:27:69:1 | functio ... res);\\n} | src/express.js:65:36:65:38 | req | src/express.js:65:41:65:43 | res | | src/inheritedFromNode.js:4:15:8:1 | functio ... .url;\\n} | src/inheritedFromNode.js:4:24:4:26 | req | src/inheritedFromNode.js:4:29:4:31 | res | | src/middleware-flow.js:5:1:10:1 | functio ... xt();\\n} | src/middleware-flow.js:5:20:5:22 | req | src/middleware-flow.js:5:25:5:27 | res | | src/middleware-flow.js:17:24:21:5 | (req, r ... ;\\n } | src/middleware-flow.js:17:25:17:27 | req | src/middleware-flow.js:17:30:17:32 | res | @@ -2546,6 +2738,9 @@ test_RouteSetup_getARouteHandlerExpr | src/express.js:39:1:39:21 | app.use ... dler()) | src/express.js:39:9:39:20 | getHandler() | | src/express.js:44:1:44:26 | app.use ... dler()) | src/express.js:44:9:44:25 | getArrowHandler() | | src/express.js:46:1:51:2 | app.pos ... me];\\n}) | src/express.js:46:22:51:1 | functio ... ame];\\n} | +| src/express.js:53:1:57:2 | app.get ... es);\\n}) | src/express.js:53:23:57:1 | functio ... res);\\n} | +| src/express.js:59:1:63:2 | app.get ... es);\\n}) | src/express.js:59:23:63:1 | functio ... res);\\n} | +| src/express.js:65:1:69:2 | app.get ... es);\\n}) | src/express.js:65:27:69:1 | functio ... res);\\n} | | src/inheritedFromNode.js:4:1:8:2 | app.pos ... url;\\n}) | src/inheritedFromNode.js:4:15:8:1 | functio ... .url;\\n} | | src/middleware-flow.js:13:5:13:25 | router. ... tallDb) | src/middleware-flow.js:13:16:13:24 | installDb | | src/middleware-flow.js:17:5:21:6 | router. ... \\n }) | src/middleware-flow.js:17:24:21:5 | (req, r ... ;\\n } | @@ -2608,6 +2803,9 @@ test_RouteHandlerExpr_getPreviousMiddleware | src/express.js:16:19:18:3 | functio ... ");\\n } | src/express.js:44:9:44:25 | getArrowHandler() | | src/express.js:44:9:44:25 | getArrowHandler() | src/express.js:39:9:39:20 | getHandler() | | src/express.js:46:22:51:1 | functio ... ame];\\n} | src/express.js:44:9:44:25 | getArrowHandler() | +| src/express.js:53:23:57:1 | functio ... res);\\n} | src/express.js:44:9:44:25 | getArrowHandler() | +| src/express.js:59:23:63:1 | functio ... res);\\n} | src/express.js:44:9:44:25 | getArrowHandler() | +| src/express.js:65:27:69:1 | functio ... res);\\n} | src/express.js:44:9:44:25 | getArrowHandler() | | src/subrouter.js:5:14:5:28 | makeSubRouter() | src/subrouter.js:4:19:4:25 | protect | test_RequestExpr | src/advanced-routehandler-registration.js:6:7:6:9 | req | src/advanced-routehandler-registration.js:6:6:6:35 | (req, r ... og(req) | @@ -2735,14 +2933,23 @@ test_RequestExpr | src/express.js:28:3:28:5 | req | src/express.js:22:30:32:1 | functio ... ar');\\n} | | src/express.js:29:3:29:5 | req | src/express.js:22:30:32:1 | functio ... ar');\\n} | | src/express.js:30:3:30:5 | req | src/express.js:22:30:32:1 | functio ... ar');\\n} | -| src/express.js:37:22:37:24 | req | src/express.js:37:12:37:32 | functio ... res){} | -| src/express.js:42:13:42:15 | req | src/express.js:42:12:42:28 | (req, res) => f() | +| src/express.js:37:19:37:21 | req | src/express.js:37:10:37:31 | functio ... es) { } | +| src/express.js:42:11:42:13 | req | src/express.js:42:10:42:26 | (req, res) => f() | | src/express.js:46:31:46:33 | req | src/express.js:46:22:51:1 | functio ... ame];\\n} | | src/express.js:46:31:46:33 | req | src/express.js:46:22:51:1 | functio ... ame];\\n} | | src/express.js:47:3:47:5 | req | src/express.js:46:22:51:1 | functio ... ame];\\n} | | src/express.js:48:3:48:5 | req | src/express.js:46:22:51:1 | functio ... ame];\\n} | | src/express.js:49:3:49:5 | req | src/express.js:46:22:51:1 | functio ... ame];\\n} | | src/express.js:50:3:50:5 | req | src/express.js:46:22:51:1 | functio ... ame];\\n} | +| src/express.js:53:32:53:34 | req | src/express.js:53:23:57:1 | functio ... res);\\n} | +| src/express.js:53:32:53:34 | req | src/express.js:53:23:57:1 | functio ... res);\\n} | +| src/express.js:55:12:55:14 | req | src/express.js:53:23:57:1 | functio ... res);\\n} | +| src/express.js:59:32:59:34 | req | src/express.js:59:23:63:1 | functio ... res);\\n} | +| src/express.js:59:32:59:34 | req | src/express.js:59:23:63:1 | functio ... res);\\n} | +| src/express.js:61:12:61:14 | req | src/express.js:59:23:63:1 | functio ... res);\\n} | +| src/express.js:65:36:65:38 | req | src/express.js:65:27:69:1 | functio ... res);\\n} | +| src/express.js:65:36:65:38 | req | src/express.js:65:27:69:1 | functio ... res);\\n} | +| src/express.js:67:12:67:14 | req | src/express.js:65:27:69:1 | functio ... res);\\n} | | src/inheritedFromNode.js:4:24:4:26 | req | src/inheritedFromNode.js:4:15:8:1 | functio ... .url;\\n} | | src/inheritedFromNode.js:4:24:4:26 | req | src/inheritedFromNode.js:4:15:8:1 | functio ... .url;\\n} | | src/inheritedFromNode.js:7:2:7:4 | req | src/inheritedFromNode.js:4:15:8:1 | functio ... .url;\\n} | @@ -2926,14 +3133,23 @@ test_RouteHandler_getARequestExpr | src/express.js:22:30:32:1 | functio ... ar');\\n} | src/express.js:28:3:28:5 | req | | src/express.js:22:30:32:1 | functio ... ar');\\n} | src/express.js:29:3:29:5 | req | | src/express.js:22:30:32:1 | functio ... ar');\\n} | src/express.js:30:3:30:5 | req | -| src/express.js:37:12:37:32 | functio ... res){} | src/express.js:37:22:37:24 | req | -| src/express.js:42:12:42:28 | (req, res) => f() | src/express.js:42:13:42:15 | req | +| src/express.js:37:10:37:31 | functio ... es) { } | src/express.js:37:19:37:21 | req | +| src/express.js:42:10:42:26 | (req, res) => f() | src/express.js:42:11:42:13 | req | | src/express.js:46:22:51:1 | functio ... ame];\\n} | src/express.js:46:31:46:33 | req | | src/express.js:46:22:51:1 | functio ... ame];\\n} | src/express.js:46:31:46:33 | req | | src/express.js:46:22:51:1 | functio ... ame];\\n} | src/express.js:47:3:47:5 | req | | src/express.js:46:22:51:1 | functio ... ame];\\n} | src/express.js:48:3:48:5 | req | | src/express.js:46:22:51:1 | functio ... ame];\\n} | src/express.js:49:3:49:5 | req | | src/express.js:46:22:51:1 | functio ... ame];\\n} | src/express.js:50:3:50:5 | req | +| src/express.js:53:23:57:1 | functio ... res);\\n} | src/express.js:53:32:53:34 | req | +| src/express.js:53:23:57:1 | functio ... res);\\n} | src/express.js:53:32:53:34 | req | +| src/express.js:53:23:57:1 | functio ... res);\\n} | src/express.js:55:12:55:14 | req | +| src/express.js:59:23:63:1 | functio ... res);\\n} | src/express.js:59:32:59:34 | req | +| src/express.js:59:23:63:1 | functio ... res);\\n} | src/express.js:59:32:59:34 | req | +| src/express.js:59:23:63:1 | functio ... res);\\n} | src/express.js:61:12:61:14 | req | +| src/express.js:65:27:69:1 | functio ... res);\\n} | src/express.js:65:36:65:38 | req | +| src/express.js:65:27:69:1 | functio ... res);\\n} | src/express.js:65:36:65:38 | req | +| src/express.js:65:27:69:1 | functio ... res);\\n} | src/express.js:67:12:67:14 | req | | src/inheritedFromNode.js:4:15:8:1 | functio ... .url;\\n} | src/inheritedFromNode.js:4:24:4:26 | req | | src/inheritedFromNode.js:4:15:8:1 | functio ... .url;\\n} | src/inheritedFromNode.js:4:24:4:26 | req | | src/inheritedFromNode.js:4:15:8:1 | functio ... .url;\\n} | src/inheritedFromNode.js:7:2:7:4 | req | @@ -3022,3 +3238,13 @@ dbUse | src/middleware-flow.js:20:9:20:26 | req.deep.access.db | | src/middleware-flow.js:23:33:23:38 | req.db | | src/middleware-flow.js:24:33:24:38 | req.db | +test_Xss +| src/csurf-example.js:26:12:26:42 | 'csrf w ... t here' | src/csurf-example.js:26:12:26:42 | 'csrf w ... t here' | +| src/csurf-example.js:33:14:33:34 | 'no csr ... t here' | src/csurf-example.js:33:14:33:34 | 'no csr ... t here' | +| src/express3.js:6:12:6:16 | "val" | src/express3.js:6:12:6:16 | "val" | +| src/express4.js:8:12:8:19 | dynamic1 | src/express4.js:8:12:8:19 | dynamic1 | +| src/express.js:17:14:17:23 | "Go away." | src/express.js:17:14:17:23 | "Go away." | +| src/express.js:55:12:55:25 | req.params.foo | src/express.js:55:12:55:25 | req.params.foo | +| src/express.js:61:12:61:25 | req.params.foo | src/express.js:61:12:61:25 | req.params.foo | +| src/params.js:8:18:8:22 | value | src/params.js:8:18:8:22 | value | +| src/params.js:15:12:15:18 | "Hello" | src/params.js:15:12:15:18 | "Hello" | diff --git a/javascript/ql/test/library-tests/frameworks/Express/tests.ql b/javascript/ql/test/library-tests/frameworks/Express/tests.ql index d708732267a..007503f7aa2 100644 --- a/javascript/ql/test/library-tests/frameworks/Express/tests.ql +++ b/javascript/ql/test/library-tests/frameworks/Express/tests.ql @@ -47,3 +47,4 @@ import Credentials import RouteHandler_getARequestExpr import RouteHandlerContainer import MiddlewareFlow +import XSS diff --git a/javascript/ql/test/query-tests/Security/CWE-367/tst.js b/javascript/ql/test/query-tests/Security/CWE-367/tst.js index a0dc22eab3c..ed0dd5c1b57 100644 --- a/javascript/ql/test/query-tests/Security/CWE-367/tst.js +++ b/javascript/ql/test/query-tests/Security/CWE-367/tst.js @@ -41,3 +41,8 @@ const filePath3 = createFile(); if (fs.existsSync(filePath3)) { fs.readFileSync(filePath3); // OK - a read after an existence check is OK } + +const filePath4 = createFile(); +while(Math.random() > 0.5) { + fs.open(filePath4); // OK - it is only ever opened here. +} \ No newline at end of file diff --git a/misc/bazel/cmake/BUILD.bazel b/misc/bazel/cmake/BUILD.bazel new file mode 100644 index 00000000000..e69de29bb2d diff --git a/misc/bazel/cmake/cmake.bzl b/misc/bazel/cmake/cmake.bzl new file mode 100644 index 00000000000..d3c6581677b --- /dev/null +++ b/misc/bazel/cmake/cmake.bzl @@ -0,0 +1,272 @@ +CmakeInfo = provider( + fields = { + "name": "", + "inputs": "", + "kind": "", + "modifier": "", + "hdrs": "", + "srcs": "", + "deps": "", + "system_includes": "", + "includes": "", + "quote_includes": "", + "stripped_includes": "", + "imported_static_libs": "", + "imported_dynamic_libs": "", + "copts": "", + "linkopts": "", + "force_cxx_compilation": "", + "defines": "", + "local_defines": "", + "transitive_deps": "", + }, +) + +def _cmake_name(label): + return ("%s_%s_%s" % (label.workspace_name, label.package, label.name)).replace("/", "_") + +def _cmake_file(file): + if not file.is_source: + return "${BAZEL_EXEC_ROOT}/" + file.path + return _cmake_path(file.path) + +def _cmake_path(path): + if path.startswith("external/"): + return "${BAZEL_OUTPUT_BASE}/" + path + return "${BAZEL_WORKSPACE}/" + path + +def _file_kind(file): + ext = file.extension + if ext in ("c", "cc", "cpp"): + return "src" + if ext in ("h", "hh", "hpp", "def", "inc"): + return "hdr" + if ext == "a": + return "static_lib" + if ext in ("so", "dylib"): + return "dynamic_lib" + return None + +def _get_includes(includes): + # see strip prefix comment below to understand why we are skipping virtual includes here + return [_cmake_path(i) for i in includes.to_list() if "/_virtual_includes/" not in i] + +def _cmake_aspect_impl(target, ctx): + if not ctx.rule.kind.startswith("cc_"): + return [CmakeInfo(name = None, transitive_deps = depset())] + + name = _cmake_name(ctx.label) + + is_macos = "darwin" in ctx.var["TARGET_CPU"] + + is_binary = ctx.rule.kind == "cc_binary" + force_cxx_compilation = "force_cxx_compilation" in ctx.rule.attr.features + attr = ctx.rule.attr + srcs = attr.srcs + getattr(attr, "hdrs", []) + getattr(attr, "textual_hdrs", []) + srcs = [f for src in srcs for f in src.files.to_list()] + inputs = [f for f in srcs if not f.is_source or f.path.startswith("external/")] + by_kind = {} + for f in srcs: + by_kind.setdefault(_file_kind(f), []).append(_cmake_file(f)) + hdrs = by_kind.get("hdr", []) + srcs = by_kind.get("src", []) + static_libs = by_kind.get("static_lib", []) + dynamic_libs = by_kind.get("dynamic_lib", []) + if not srcs and is_binary: + empty = ctx.actions.declare_file(name + "_empty.cpp") + ctx.actions.write(empty, "") + inputs.append(empty) + srcs = [_cmake_file(empty)] + deps = ctx.rule.attr.deps if hasattr(ctx.rule.attr, "deps") else [] + + cxx_compilation = force_cxx_compilation or any([not src.endswith(".c") for src in srcs]) + + copts = ctx.fragments.cpp.copts + (ctx.fragments.cpp.cxxopts if cxx_compilation else ctx.fragments.cpp.conlyopts) + copts += [ctx.expand_make_variables("copts", o, {}) for o in ctx.rule.attr.copts] + + linkopts = ctx.fragments.cpp.linkopts + linkopts += [ctx.expand_make_variables("linkopts", o, {}) for o in ctx.rule.attr.linkopts] + + compilation_ctx = target[CcInfo].compilation_context + system_includes = _get_includes(compilation_ctx.system_includes) + + # move -I copts to includes + includes = _get_includes(compilation_ctx.includes) + [_cmake_path(opt[2:]) for opt in copts if opt.startswith("-I")] + copts = [opt for opt in copts if not opt.startswith("-I")] + quote_includes = _get_includes(compilation_ctx.quote_includes) + + # strip prefix is special, as in bazel it creates a _virtual_includes directory with symlinks + # as we want to avoid relying on bazel having done that, we must undo that mechanism + # also for some reason cmake fails to propagate these with target_include_directories, + # so we propagate them ourselvels by using the stripped_includes field + stripped_includes = [] + if getattr(ctx.rule.attr, "strip_include_prefix", ""): + prefix = ctx.rule.attr.strip_include_prefix.strip("/") + if ctx.label.workspace_name: + stripped_includes = [ + "${BAZEL_OUTPUT_BASE}/external/%s/%s" % (ctx.label.workspace_name, prefix), # source + "${BAZEL_EXEC_ROOT}/%s/external/%s/%s" % (ctx.var["BINDIR"], ctx.label.workspace_name, prefix), # generated + ] + else: + stripped_includes = [ + prefix, # source + "${BAZEL_EXEC_ROOT}/%s/%s" % (ctx.var["BINDIR"], prefix), # generated + ] + + deps = [dep[CmakeInfo] for dep in deps if CmakeInfo in dep] + + # by the book this should be done with depsets, but so far the performance implication is negligible + for dep in deps: + if dep.name: + stripped_includes += dep.stripped_includes + includes += stripped_includes + + return [ + CmakeInfo( + name = name, + inputs = inputs, + kind = "executable" if is_binary else "library", + modifier = "INTERFACE" if not srcs and not is_binary else "", + hdrs = hdrs, + srcs = srcs, + deps = [dep for dep in deps if dep.name != None], + includes = includes, + system_includes = system_includes, + quote_includes = quote_includes, + stripped_includes = stripped_includes, + imported_static_libs = static_libs, + imported_dynamic_libs = dynamic_libs, + copts = copts, + linkopts = linkopts, + defines = compilation_ctx.defines.to_list(), + local_defines = compilation_ctx.local_defines.to_list(), + force_cxx_compilation = force_cxx_compilation, + transitive_deps = depset(deps, transitive = [dep.transitive_deps for dep in deps]), + ), + ] + +cmake_aspect = aspect( + implementation = _cmake_aspect_impl, + attr_aspects = ["deps"], + fragments = ["cpp"], +) + +def _map_cmake_info(info, is_windows): + args = " ".join([info.name, info.modifier] + info.hdrs + info.srcs).strip() + commands = [ + "add_%s(%s)" % (info.kind, args), + ] + if info.imported_static_libs and info.imported_dynamic_libs: + commands += [ + "if(BUILD_SHARED_LIBS)", + " target_link_libraries(%s %s %s)" % + (info.name, info.modifier or "PUBLIC", " ".join(info.imported_dynamic_libs)), + "else()", + " target_link_libraries(%s %s %s)" % + (info.name, info.modifier or "PUBLIC", " ".join(info.imported_static_libs)), + "endif()", + ] + elif info.imported_static_libs or info.imported_dynamic_libs: + commands += [ + "target_link_libraries(%s %s %s)" % + (info.name, info.modifier or "PUBLIC", " ".join(info.imported_dynamic_lib + info.imported_static_libs)), + ] + if info.deps: + libs = {} + if info.modifier == "INTERFACE": + libs = {"INTERFACE": [lib.name for lib in info.deps]} + else: + for lib in info.deps: + libs.setdefault(lib.modifier, []).append(lib.name) + for modifier, names in libs.items(): + commands += [ + "target_link_libraries(%s %s %s)" % (info.name, modifier or "PUBLIC", " ".join(names)), + ] + if info.includes: + commands += [ + "target_include_directories(%s %s %s)" % (info.name, info.modifier or "PUBLIC", " ".join(info.includes)), + ] + if info.system_includes: + commands += [ + "target_include_directories(%s SYSTEM %s %s)" % (info.name, info.modifier or "PUBLIC", " ".join(info.system_includes)), + ] + if info.quote_includes: + if is_windows: + commands += [ + "target_include_directories(%s %s %s)" % (info.name, info.modifier or "PUBLIC", " ".join(info.quote_includes)), + ] + else: + commands += [ + "target_compile_options(%s %s %s)" % (info.name, info.modifier or "PUBLIC", " ".join(["-iquote%s" % i for i in info.quote_includes])), + ] + if info.copts and info.modifier != "INTERFACE": + commands += [ + "target_compile_options(%s PRIVATE %s)" % (info.name, " ".join(info.copts)), + ] + if info.linkopts: + commands += [ + "target_link_options(%s %s %s)" % (info.name, info.modifier or "PUBLIC", " ".join(info.linkopts)), + ] + if info.force_cxx_compilation and any([f.endswith(".c") for f in info.srcs]): + commands += [ + "set_source_files_properties(%s PROPERTIES LANGUAGE CXX)" % " ".join([f for f in info.srcs if f.endswith(".c")]), + ] + if info.defines: + commands += [ + "target_compile_definitions(%s %s %s)" % (info.name, info.modifier or "PUBLIC", " ".join(info.defines)), + ] + if info.local_defines: + commands += [ + "target_compile_definitions(%s %s %s)" % (info.name, info.modifier or "PRIVATE", " ".join(info.local_defines)), + ] + return commands + +GeneratedCmakeFiles = provider( + fields = { + "files": "", + }, +) + +def _generate_cmake_impl(ctx): + commands = [] + inputs = [] + + infos = {} + for dep in ctx.attr.targets: + for info in [dep[CmakeInfo]] + dep[CmakeInfo].transitive_deps.to_list(): + if info.name != None: + inputs += info.inputs + infos[info.name] = info + + is_windows = ctx.target_platform_has_constraint(ctx.attr._windows[platform_common.ConstraintValueInfo]) + + for info in infos.values(): + commands += _map_cmake_info(info, is_windows) + commands.append("") + + for include in ctx.attr.includes: + for file in include[GeneratedCmakeFiles].files.to_list(): + inputs.append(file) + commands.append("include(${BAZEL_EXEC_ROOT}/%s)" % file.path) + + # we want to use a run or run_shell action to register a bunch of files like inputs, but we cannot write all + # in a shell command as we would hit the command size limit. So we first write the file and then copy it with + # the dummy inputs + tmp_output = ctx.actions.declare_file(ctx.label.name + ".cmake~") + output = ctx.actions.declare_file(ctx.label.name + ".cmake") + ctx.actions.write(tmp_output, "\n".join(commands)) + ctx.actions.run_shell(outputs = [output], inputs = inputs + [tmp_output], command = "cp %s %s" % (tmp_output.path, output.path)) + + return [ + DefaultInfo(files = depset([output])), + GeneratedCmakeFiles(files = depset([output])), + ] + +generate_cmake = rule( + implementation = _generate_cmake_impl, + attrs = { + "targets": attr.label_list(aspects = [cmake_aspect]), + "includes": attr.label_list(providers = [GeneratedCmakeFiles]), + "_windows": attr.label(default = "@platforms//os:windows"), + }, +) diff --git a/misc/bazel/cmake/setup.cmake b/misc/bazel/cmake/setup.cmake new file mode 100644 index 00000000000..a1e94384602 --- /dev/null +++ b/misc/bazel/cmake/setup.cmake @@ -0,0 +1,28 @@ +option(BUILD_SHARED_LIBS "Build and use shared libraries" 0) +option(CREATE_COMPILATION_DATABASE_LINK "Create compilation database link. Implies CMAKE_EXPORT_COMPILE_COMMANDS" 1) + +if (CREATE_COMPILATION_DATABASE_LINK) + set(CMAKE_EXPORT_COMPILE_COMMANDS 1) +endif () + +macro(bazel) + execute_process(COMMAND bazel ${ARGN} COMMAND_ERROR_IS_FATAL ANY OUTPUT_STRIP_TRAILING_WHITESPACE) +endmacro() + +bazel(info workspace OUTPUT_VARIABLE BAZEL_WORKSPACE) + +bazel(info output_base OUTPUT_VARIABLE BAZEL_OUTPUT_BASE) +string(REPLACE "-" "_" BAZEL_EXEC_ROOT ${PROJECT_NAME}) +set(BAZEL_EXEC_ROOT ${BAZEL_OUTPUT_BASE}/execroot/${BAZEL_EXEC_ROOT}) + +macro(include_generated BAZEL_TARGET) + bazel(build ${BAZEL_TARGET}) + string(REPLACE "@" "/external/" BAZEL_TARGET_PATH ${BAZEL_TARGET}) + string(REPLACE "//" "/" BAZEL_TARGET_PATH ${BAZEL_TARGET_PATH}) + string(REPLACE ":" "/" BAZEL_TARGET_PATH ${BAZEL_TARGET_PATH}) + include(${BAZEL_WORKSPACE}/bazel-bin${BAZEL_TARGET_PATH}.cmake) +endmacro() + +if (CREATE_COMPILATION_DATABASE_LINK) + file(CREATE_LINK ${PROJECT_BINARY_DIR}/compile_commands.json ${PROJECT_SOURCE_DIR}/compile_commands.json SYMBOLIC) +endif () diff --git a/python/PoCs/XmlParsing/PoC.py b/python/PoCs/XmlParsing/PoC.py index a4de65084ae..5a52edace3a 100644 --- a/python/PoCs/XmlParsing/PoC.py +++ b/python/PoCs/XmlParsing/PoC.py @@ -82,7 +82,7 @@ predefined_entity_xml = """ # other setup # we set up local Flask application so we can tests whether loading external resources -# works (such as SSRF from DTD-retrival works) +# works (such as SSRF from DTD-retrieval works) app = Flask(__name__) @app.route("/alive") @@ -187,7 +187,7 @@ class TestSax(): @staticmethod @expects_timeout - def test_quardratic_blowup_allowed_by_default(): + def test_quadratic_blowup_allowed_by_default(): parser = xml.sax.make_parser() parser.parse(StringIO(quadratic_blowup)) @@ -263,7 +263,7 @@ class TestEtree: @staticmethod @expects_timeout - def test_quardratic_blowup_allowed_by_default(): + def test_quadratic_blowup_allowed_by_default(): parser = xml.etree.ElementTree.XMLParser() _root = xml.etree.ElementTree.fromstring(quadratic_blowup, parser=parser) @@ -324,7 +324,7 @@ class TestLxml: assert "Detected an entity reference loop" in str(e) @staticmethod - def test_quardratic_blowup_disabled_by_default(): + def test_quadratic_blowup_disabled_by_default(): parser = lxml.etree.XMLParser() try: _root = lxml.etree.fromstring(quadratic_blowup, parser=parser) @@ -465,7 +465,7 @@ class TestXmltodict: assert d == {"lolz": None}, d @staticmethod - def test_quardratic_blowup_disabled_by_default(): + def test_quadratic_blowup_disabled_by_default(): d = xmltodict.parse(quadratic_blowup) assert d == {"foo": None}, d @@ -476,7 +476,7 @@ class TestXmltodict: @staticmethod @expects_timeout - def test_quardratic_blowup_manually_enabled(): + def test_quadratic_blowup_manually_enabled(): xmltodict.parse(quadratic_blowup, disable_entities=False) @staticmethod @@ -524,7 +524,7 @@ class TestMinidom: @staticmethod @expects_timeout - def test_quardratic_blowup(): + def test_quadratic_blowup(): xml.dom.minidom.parseString(quadratic_blowup) @staticmethod @@ -585,7 +585,7 @@ class TestPulldom: @staticmethod @expects_timeout - def test_quardratic_blowup(): + def test_quadratic_blowup(): doc = xml.dom.pulldom.parseString(quadratic_blowup) for event, node in doc: pass @@ -670,7 +670,7 @@ class TestExpat: @staticmethod @expects_timeout - def test_quardratic_blowup(): + def test_quadratic_blowup(): parser = xml.parsers.expat.ParserCreate() parser.Parse(quadratic_blowup, True) @@ -699,7 +699,7 @@ class TestExpat: assert char_data_recv == [] - # there might be ways to make it vuln, but I did not investigate futher. + # there might be ways to make it vuln, but I did not investigate further. @staticmethod def test_dtd(): @@ -711,4 +711,4 @@ class TestExpat: parser.Parse(dtd_retrieval, True) assert hit_dtd == False - # there might be ways to make it vuln, but I did not investigate futher. + # there might be ways to make it vuln, but I did not investigate further. diff --git a/python/ql/examples/snippets/override_method.ql b/python/ql/examples/snippets/override_method.ql index cb0c7d57680..2b601d59df7 100644 --- a/python/ql/examples/snippets/override_method.ql +++ b/python/ql/examples/snippets/override_method.ql @@ -1,7 +1,7 @@ /** * @id py/examples/override-method * @name Override of method - * @description Finds methods that overide MyClass.methodName + * @description Finds methods that override MyClass.methodName * @tags method * override */ diff --git a/python/ql/lib/CHANGELOG.md b/python/ql/lib/CHANGELOG.md index 10707d9d391..f83460af94f 100644 --- a/python/ql/lib/CHANGELOG.md +++ b/python/ql/lib/CHANGELOG.md @@ -2,7 +2,7 @@ ### Minor Analysis Improvements -* Added the ability to refer to subscript operations in the API graph. It is now possible to write `response().getMember("cookies").getASubscript()` to find code like `resp.cookies["key"]` (assuming `response` returns an API node for reponse objects). +* Added the ability to refer to subscript operations in the API graph. It is now possible to write `response().getMember("cookies").getASubscript()` to find code like `resp.cookies["key"]` (assuming `response` returns an API node for response objects). * Added modeling of creating Flask responses with `flask.jsonify`. ## 0.6.0 diff --git a/python/ql/lib/change-notes/2022-10-04-api-subscript-nodes.md b/python/ql/lib/change-notes/2022-10-04-api-subscript-nodes.md new file mode 100644 index 00000000000..7c022bc1528 --- /dev/null +++ b/python/ql/lib/change-notes/2022-10-04-api-subscript-nodes.md @@ -0,0 +1,7 @@ +--- +category: minorAnalysis +--- +* Fixed labels in the API graph pertaining to definitions of subscripts. Previously, these were found by `getMember` rather than `getASubscript`. +* Added edges for indices of subscripts to the API graph. Now a subscripted API node will have an edge to the API node for the index expression. So if `foo` is matched by API node `A`, then `"key"` in `foo["key"]` will be matched by the API node `A.getIndex()`. This can be used to track the origin of the index. +* Added member predicate `getSubscriptAt(API::Node index)` to `API::Node`. Like `getASubscript()`, this will return an API node that matches a subscript of the node, but here it will be restricted to subscripts where the index matches the `index` parameter. +* Added convenience predicate `getSubscript("key")` to obtain a subscript at a specific index, when the index happens to be a statically known string. diff --git a/python/ql/lib/change-notes/released/0.6.1.md b/python/ql/lib/change-notes/released/0.6.1.md index e4ca9748e5f..a414197f409 100644 --- a/python/ql/lib/change-notes/released/0.6.1.md +++ b/python/ql/lib/change-notes/released/0.6.1.md @@ -2,5 +2,5 @@ ### Minor Analysis Improvements -* Added the ability to refer to subscript operations in the API graph. It is now possible to write `response().getMember("cookies").getASubscript()` to find code like `resp.cookies["key"]` (assuming `response` returns an API node for reponse objects). +* Added the ability to refer to subscript operations in the API graph. It is now possible to write `response().getMember("cookies").getASubscript()` to find code like `resp.cookies["key"]` (assuming `response` returns an API node for response objects). * Added modeling of creating Flask responses with `flask.jsonify`. diff --git a/python/ql/lib/design.md b/python/ql/lib/design.md index a390f50beee..0fc1622b61c 100644 --- a/python/ql/lib/design.md +++ b/python/ql/lib/design.md @@ -1,7 +1,7 @@ # The Python libraries The Python libraries are a collection of libraries for analysing Python code. -Everythng can be imported by importing `python.qll`. +Everything can be imported by importing `python.qll`. ## The analysis layers @@ -15,10 +15,10 @@ The analysis is built up in layers. the stack looks like this: ## Avoiding non-monotonic recursion -Given the many interactivg layers, it is imprtant to decie which predicates are allowed to be mutually recursive in order to avoid non-monotonic recursion when negation is used to express the predicates. -As an example, we have defined local source as those whcih do not receive local flow. This means that the local flow relation is not allowed to be recursive with anything depending on local sources. +Given the many interacting layers, it is important to decide which predicates are allowed to be mutually recursive in order to avoid non-monotonic recursion when negation is used to express the predicates. +As an example, we have defined local source as those which do not receive local flow. This means that the local flow relation is not allowed to be recursive with anything depending on local sources. -Some particular reatrictions to keep in mind: +Some particular restrictions to keep in mind: - Typetracking needs to use a local flow step not including summaries - Typetracking needs to use a call graph not including summaries diff --git a/python/ql/lib/semmle/python/ApiGraphs.qll b/python/ql/lib/semmle/python/ApiGraphs.qll index 450d949036d..c294e062f6d 100644 --- a/python/ql/lib/semmle/python/ApiGraphs.qll +++ b/python/ql/lib/semmle/python/ApiGraphs.qll @@ -211,7 +211,7 @@ module API { * Gets a node representing the `i`th parameter of the function represented by this node. * * This predicate may have multiple results when there are multiple invocations of this API component. - * Consider using `getAnInvocation()` if there is a need to distingiush between individual calls. + * Consider using `getAnInvocation()` if there is a need to distinguish between individual calls. */ Node getParameter(int i) { result = this.getASuccessor(Label::parameter(i)) } @@ -219,7 +219,7 @@ module API { * Gets the node representing the keyword parameter `name` of the function represented by this node. * * This predicate may have multiple results when there are multiple invocations of this API component. - * Consider using `getAnInvocation()` if there is a need to distingiush between individual calls. + * Consider using `getAnInvocation()` if there is a need to distinguish between individual calls. */ Node getKeywordParameter(string name) { result = this.getASuccessor(Label::keywordParameter(name)) @@ -249,6 +249,60 @@ module API { */ Node getASubscript() { result = this.getASuccessor(Label::subscript()) } + /** + * Gets a node representing an index of a subscript of this node. + * For example, in `obj[x]`, `x` is an index of `obj`. + */ + Node getIndex() { result = this.getASuccessor(Label::index()) } + + /** + * Gets a node representing a subscript of this node at (string) index `key`. + * This requires that the index can be statically determined. + * + * For example, the subscripts of `a` and `b` below would be found using + * the index `foo`: + * ```py + * a["foo"] + * x = "foo" if cond else "bar" + * b[x] + * ``` + */ + Node getSubscript(string key) { + exists(API::Node index | result = this.getSubscriptAt(index) | + key = index.getAValueReachingSink().asExpr().(PY::StrConst).getText() + ) + } + + /** + * Gets a node representing a subscript of this node at index `index`. + */ + Node getSubscriptAt(API::Node index) { + result = this.getASubscript() and + index = this.getIndex() and + ( + // subscripting + exists(PY::SubscriptNode subscript | + subscript.getObject() = this.getAValueReachableFromSource().asCfgNode() and + subscript.getIndex() = index.asSink().asCfgNode() + | + // reading + subscript = result.asSource().asCfgNode() + or + // writing + subscript.(PY::DefinitionNode).getValue() = result.asSink().asCfgNode() + ) + or + // dictionary literals + exists(PY::Dict dict, PY::KeyValuePair item | + dict = this.getAValueReachingSink().asExpr() and + dict.getItem(_) = item and + item.getKey() = index.asSink().asExpr() + | + item.getValue() = result.asSink().asExpr() + ) + ) + } + /** * Gets a string representation of the lexicographically least among all shortest access paths * from the root to this node. @@ -405,7 +459,7 @@ module API { Node builtin(string n) { result = moduleImport("builtins").getMember(n) } /** - * An `CallCfgNode` that is connected to the API graph. + * A `CallCfgNode` that is connected to the API graph. * * Can be used to reason about calls to an external API in which the correlation between * parameters and/or return values must be retained. @@ -694,12 +748,31 @@ module API { rhs = aw.getValue() ) or - // TODO: I had expected `DataFlow::AttrWrite` to contain the attribute writes from a dict, that's how JS works. + // dictionary literals exists(PY::Dict dict, PY::KeyValuePair item | dict = pred.(DataFlow::ExprNode).getNode().getNode() and - dict.getItem(_) = item and - lbl = Label::member(item.getKey().(PY::StrConst).getS()) and - rhs.(DataFlow::ExprNode).getNode().getNode() = item.getValue() + dict.getItem(_) = item + | + // from `x` to `{ "key": x }` + // TODO: once convenient, this should be done at a higher level than the AST, + // at least at the CFG layer, to take splitting into account. + rhs.(DataFlow::ExprNode).getNode().getNode() = item.getValue() and + lbl = Label::subscript() + or + // from `"key"` to `{ "key": x }` + // TODO: once convenient, this should be done at a higher level than the AST, + // at least at the CFG layer, to take splitting into account. + rhs.(DataFlow::ExprNode).getNode().getNode() = item.getKey() and + lbl = Label::index() + ) + or + // list literals, from `x` to `[x]` + // TODO: once convenient, this should be done at a higher level than the AST, + // at least at the CFG layer, to take splitting into account. + // Also consider `SequenceNode for generality. + exists(PY::List list | list = pred.(DataFlow::ExprNode).getNode().getNode() | + rhs.(DataFlow::ExprNode).getNode().getNode() = list.getAnElt() and + lbl = Label::subscript() ) or exists(PY::CallableExpr fn | fn = pred.(DataFlow::ExprNode).getNode().getNode() | @@ -720,6 +793,20 @@ module API { lbl = Label::memberFromRef(aw) ) or + // subscripting + exists(DataFlow::LocalSourceNode src, DataFlow::Node subscript, DataFlow::Node index | + use(base, src) and + subscript = trackUseNode(src).getSubscript(index) + | + // from `x` to a definition of `x[...]` + rhs.asCfgNode() = subscript.asCfgNode().(PY::DefinitionNode).getValue() and + lbl = Label::subscript() + or + // from `x` to `"key"` in `x["key"]` + rhs = index and + lbl = Label::index() + ) + or exists(EntryPoint entry | base = root() and lbl = Label::entryPoint(entry) and @@ -757,7 +844,8 @@ module API { or // Subscripting a node that is a use of `base` lbl = Label::subscript() and - ref = pred.getASubscript() + ref = pred.getSubscript(_) and + ref.asCfgNode().isLoad() or // Subclassing a node lbl = Label::subclass() and @@ -973,8 +1061,7 @@ module API { member = any(DataFlow::AttrRef pr).getAttributeName() or exists(Builtins::likelyBuiltin(member)) or ImportStar::namePossiblyDefinedInImportStar(_, member, _) or - Impl::prefix_member(_, member, _) or - member = any(PY::Dict d).getAnItem().(PY::KeyValuePair).getKey().(PY::StrConst).getS() + Impl::prefix_member(_, member, _) } or MkLabelUnknownMember() or MkLabelParameter(int i) { @@ -992,6 +1079,7 @@ module API { MkLabelSubclass() or MkLabelAwait() or MkLabelSubscript() or + MkLabelIndex() or MkLabelEntryPoint(EntryPoint ep) /** A label for a module. */ @@ -1072,6 +1160,11 @@ module API { override string toString() { result = "getASubscript()" } } + /** A label that gets the index of a subscript. */ + class LabelIndex extends ApiLabel, MkLabelIndex { + override string toString() { result = "getIndex()" } + } + /** A label for entry points. */ class LabelEntryPoint extends ApiLabel, MkLabelEntryPoint { private EntryPoint entry; @@ -1120,6 +1213,9 @@ module API { /** Gets the `subscript` edge label. */ LabelSubscript subscript() { any() } + /** Gets the `subscript` edge label. */ + LabelIndex index() { any() } + /** Gets the label going from the root node to the nodes associated with the given entry point. */ LabelEntryPoint entryPoint(EntryPoint ep) { result = MkLabelEntryPoint(ep) } } diff --git a/python/ql/lib/semmle/python/Constants.qll b/python/ql/lib/semmle/python/Constants.qll index 3faa6072acc..19e3e757989 100644 --- a/python/ql/lib/semmle/python/Constants.qll +++ b/python/ql/lib/semmle/python/Constants.qll @@ -7,7 +7,7 @@ int major_version() { explicit_major_version(result) or not explicit_major_version(_) and - /* If there is more than one version, prefer 2 for backwards compatibilty */ + /* If there is more than one version, prefer 2 for backwards compatibility */ (if py_flags_versioned("version.major", "2", "2") then result = 2 else result = 3) } diff --git a/python/ql/lib/semmle/python/Flow.qll b/python/ql/lib/semmle/python/Flow.qll index f3114c51417..e736749bba5 100644 --- a/python/ql/lib/semmle/python/Flow.qll +++ b/python/ql/lib/semmle/python/Flow.qll @@ -931,7 +931,7 @@ class NameConstantNode extends NameNode { } -/** A control flow node correspoinding to a starred expression, `*a`. */ +/** A control flow node corresponding to a starred expression, `*a`. */ class StarredNode extends ControlFlowNode { StarredNode() { toAst(this) instanceof Starred } diff --git a/python/ql/lib/semmle/python/Frameworks.qll b/python/ql/lib/semmle/python/Frameworks.qll index 6cf4044157b..eab33a03ed7 100644 --- a/python/ql/lib/semmle/python/Frameworks.qll +++ b/python/ql/lib/semmle/python/Frameworks.qll @@ -12,6 +12,7 @@ private import semmle.python.frameworks.Asyncpg private import semmle.python.frameworks.ClickhouseDriver private import semmle.python.frameworks.Cryptodome private import semmle.python.frameworks.Cryptography +private import semmle.python.frameworks.Cx_Oracle private import semmle.python.frameworks.data.ModelsAsData private import semmle.python.frameworks.Dill private import semmle.python.frameworks.Django @@ -33,11 +34,15 @@ private import semmle.python.frameworks.MarkupSafe private import semmle.python.frameworks.Multidict private import semmle.python.frameworks.Mysql private import semmle.python.frameworks.MySQLdb +private import semmle.python.frameworks.Oracledb private import semmle.python.frameworks.Peewee +private import semmle.python.frameworks.Phoenixdb private import semmle.python.frameworks.Psycopg2 private import semmle.python.frameworks.Pycurl private import semmle.python.frameworks.Pydantic +private import semmle.python.frameworks.Pymssql private import semmle.python.frameworks.PyMySQL +private import semmle.python.frameworks.Pyodbc private import semmle.python.frameworks.Requests private import semmle.python.frameworks.RestFramework private import semmle.python.frameworks.Rsa @@ -51,6 +56,6 @@ private import semmle.python.frameworks.Tornado private import semmle.python.frameworks.Twisted private import semmle.python.frameworks.Ujson private import semmle.python.frameworks.Urllib3 +private import semmle.python.frameworks.Xmltodict private import semmle.python.frameworks.Yaml private import semmle.python.frameworks.Yarl -private import semmle.python.frameworks.Xmltodict diff --git a/python/ql/lib/semmle/python/dataflow/new/RemoteFlowSources.qll b/python/ql/lib/semmle/python/dataflow/new/RemoteFlowSources.qll index 23bddd347b3..63b0f9c733b 100644 --- a/python/ql/lib/semmle/python/dataflow/new/RemoteFlowSources.qll +++ b/python/ql/lib/semmle/python/dataflow/new/RemoteFlowSources.qll @@ -1,5 +1,5 @@ /** - * Provides an extension point for for modeling user-controlled data. + * Provides an extension point for modeling user-controlled data. * Such data is often used as data-flow sources in security queries. */ diff --git a/python/ql/lib/semmle/python/dataflow/new/SensitiveDataSources.qll b/python/ql/lib/semmle/python/dataflow/new/SensitiveDataSources.qll index be51b99b4c0..65d334f1c38 100644 --- a/python/ql/lib/semmle/python/dataflow/new/SensitiveDataSources.qll +++ b/python/ql/lib/semmle/python/dataflow/new/SensitiveDataSources.qll @@ -1,5 +1,5 @@ /** - * Provides an extension point for for modeling sensitive data, such as secrets, certificates, or passwords. + * Provides an extension point for modeling sensitive data, such as secrets, certificates, or passwords. * Sensitive data can be interesting to use as data-flow sources in security queries. */ diff --git a/python/ql/lib/semmle/python/dataflow/new/internal/DataFlowDispatchPointsTo.qll b/python/ql/lib/semmle/python/dataflow/new/internal/DataFlowDispatchPointsTo.qll index 09ba8238155..0efae6ae45c 100644 --- a/python/ql/lib/semmle/python/dataflow/new/internal/DataFlowDispatchPointsTo.qll +++ b/python/ql/lib/semmle/python/dataflow/new/internal/DataFlowDispatchPointsTo.qll @@ -205,12 +205,12 @@ module ArgumentPassing { result = TCfgNode(call.getArgByName(unbind_string(argName))) ) or - // a synthezised argument passed to the starred parameter (at position -1) + // a synthesized argument passed to the starred parameter (at position -1) callable.getScope().hasVarArg() and paramN = -1 and result = TPosOverflowNode(call, callable) or - // a synthezised argument passed to the doubly starred parameter (at position -2) + // a synthesized argument passed to the doubly starred parameter (at position -2) callable.getScope().hasKwArg() and paramN = -2 and result = TKwOverflowNode(call, callable) @@ -769,7 +769,7 @@ DataFlowCallable viableCallable(ExtractedDataFlowCall call) { // A call to a library callable with a flow summary // In this situation we can not resolve the callable from the call, // as that would make data flow depend on type tracking. - // Instead we reolve the call from the summary. + // Instead we resolve the call from the summary. exists(LibraryCallable callable | result = TLibraryCallable(callable) and call.getNode() = callable.getACall().getNode() diff --git a/python/ql/lib/semmle/python/dataflow/new/internal/DataFlowImpl.qll b/python/ql/lib/semmle/python/dataflow/new/internal/DataFlowImpl.qll index 9053019a6d0..b5631b26b0b 100644 --- a/python/ql/lib/semmle/python/dataflow/new/internal/DataFlowImpl.qll +++ b/python/ql/lib/semmle/python/dataflow/new/internal/DataFlowImpl.qll @@ -838,13 +838,13 @@ private module Stage1 implements StageSig { * by `revFlow`. */ pragma[nomagic] - predicate revFlowIsReadAndStored(Content c, Configuration conf) { + additional predicate revFlowIsReadAndStored(Content c, Configuration conf) { revFlowConsCand(c, conf) and revFlowStore(c, _, _, conf) } pragma[nomagic] - predicate viableReturnPosOutNodeCandFwd1( + additional predicate viableReturnPosOutNodeCandFwd1( DataFlowCall call, ReturnPosition pos, NodeEx out, Configuration config ) { fwdFlowReturnPosition(pos, _, config) and @@ -860,7 +860,7 @@ private module Stage1 implements StageSig { } pragma[nomagic] - predicate viableParamArgNodeCandFwd1( + additional predicate viableParamArgNodeCandFwd1( DataFlowCall call, ParamNodeEx p, ArgNodeEx arg, Configuration config ) { viableParamArgEx(call, p, arg) and @@ -907,7 +907,7 @@ private module Stage1 implements StageSig { ) } - predicate revFlowState(FlowState state, Configuration config) { + additional predicate revFlowState(FlowState state, Configuration config) { exists(NodeEx node | sinkNode(node, state, config) and revFlow(node, _, pragma[only_bind_into](config)) and @@ -999,7 +999,7 @@ private module Stage1 implements StageSig { ) } - predicate stats( + additional predicate stats( boolean fwd, int nodes, int fields, int conscand, int states, int tuples, Configuration config ) { fwd = true and @@ -1260,7 +1260,7 @@ private module MkStage { * argument. */ pragma[nomagic] - predicate fwdFlow( + additional predicate fwdFlow( NodeEx node, FlowState state, Cc cc, ApOption argAp, Ap ap, Configuration config ) { fwdFlow0(node, state, cc, argAp, ap, config) and @@ -1484,7 +1484,7 @@ private module MkStage { * the access path of the returned value. */ pragma[nomagic] - predicate revFlow( + additional predicate revFlow( NodeEx node, FlowState state, boolean toReturn, ApOption returnAp, Ap ap, Configuration config ) { revFlow0(node, state, toReturn, returnAp, ap, config) and @@ -1662,7 +1662,7 @@ private module MkStage { ) } - predicate revFlow(NodeEx node, FlowState state, Configuration config) { + additional predicate revFlow(NodeEx node, FlowState state, Configuration config) { revFlow(node, state, _, _, _, config) } @@ -1675,11 +1675,13 @@ private module MkStage { // use an alias as a workaround for bad functionality-induced joins pragma[nomagic] - predicate revFlowAlias(NodeEx node, Configuration config) { revFlow(node, _, _, _, _, config) } + additional predicate revFlowAlias(NodeEx node, Configuration config) { + revFlow(node, _, _, _, _, config) + } // use an alias as a workaround for bad functionality-induced joins pragma[nomagic] - predicate revFlowAlias(NodeEx node, FlowState state, Ap ap, Configuration config) { + additional predicate revFlowAlias(NodeEx node, FlowState state, Ap ap, Configuration config) { revFlow(node, state, ap, config) } @@ -1700,7 +1702,7 @@ private module MkStage { ) } - predicate consCand(TypedContent tc, Ap ap, Configuration config) { + additional predicate consCand(TypedContent tc, Ap ap, Configuration config) { revConsCand(tc, ap, config) and validAp(ap, config) } @@ -1742,7 +1744,7 @@ private module MkStage { ) } - predicate stats( + additional predicate stats( boolean fwd, int nodes, int fields, int conscand, int states, int tuples, Configuration config ) { fwd = true and diff --git a/python/ql/lib/semmle/python/dataflow/new/internal/DataFlowImpl2.qll b/python/ql/lib/semmle/python/dataflow/new/internal/DataFlowImpl2.qll index 9053019a6d0..b5631b26b0b 100644 --- a/python/ql/lib/semmle/python/dataflow/new/internal/DataFlowImpl2.qll +++ b/python/ql/lib/semmle/python/dataflow/new/internal/DataFlowImpl2.qll @@ -838,13 +838,13 @@ private module Stage1 implements StageSig { * by `revFlow`. */ pragma[nomagic] - predicate revFlowIsReadAndStored(Content c, Configuration conf) { + additional predicate revFlowIsReadAndStored(Content c, Configuration conf) { revFlowConsCand(c, conf) and revFlowStore(c, _, _, conf) } pragma[nomagic] - predicate viableReturnPosOutNodeCandFwd1( + additional predicate viableReturnPosOutNodeCandFwd1( DataFlowCall call, ReturnPosition pos, NodeEx out, Configuration config ) { fwdFlowReturnPosition(pos, _, config) and @@ -860,7 +860,7 @@ private module Stage1 implements StageSig { } pragma[nomagic] - predicate viableParamArgNodeCandFwd1( + additional predicate viableParamArgNodeCandFwd1( DataFlowCall call, ParamNodeEx p, ArgNodeEx arg, Configuration config ) { viableParamArgEx(call, p, arg) and @@ -907,7 +907,7 @@ private module Stage1 implements StageSig { ) } - predicate revFlowState(FlowState state, Configuration config) { + additional predicate revFlowState(FlowState state, Configuration config) { exists(NodeEx node | sinkNode(node, state, config) and revFlow(node, _, pragma[only_bind_into](config)) and @@ -999,7 +999,7 @@ private module Stage1 implements StageSig { ) } - predicate stats( + additional predicate stats( boolean fwd, int nodes, int fields, int conscand, int states, int tuples, Configuration config ) { fwd = true and @@ -1260,7 +1260,7 @@ private module MkStage { * argument. */ pragma[nomagic] - predicate fwdFlow( + additional predicate fwdFlow( NodeEx node, FlowState state, Cc cc, ApOption argAp, Ap ap, Configuration config ) { fwdFlow0(node, state, cc, argAp, ap, config) and @@ -1484,7 +1484,7 @@ private module MkStage { * the access path of the returned value. */ pragma[nomagic] - predicate revFlow( + additional predicate revFlow( NodeEx node, FlowState state, boolean toReturn, ApOption returnAp, Ap ap, Configuration config ) { revFlow0(node, state, toReturn, returnAp, ap, config) and @@ -1662,7 +1662,7 @@ private module MkStage { ) } - predicate revFlow(NodeEx node, FlowState state, Configuration config) { + additional predicate revFlow(NodeEx node, FlowState state, Configuration config) { revFlow(node, state, _, _, _, config) } @@ -1675,11 +1675,13 @@ private module MkStage { // use an alias as a workaround for bad functionality-induced joins pragma[nomagic] - predicate revFlowAlias(NodeEx node, Configuration config) { revFlow(node, _, _, _, _, config) } + additional predicate revFlowAlias(NodeEx node, Configuration config) { + revFlow(node, _, _, _, _, config) + } // use an alias as a workaround for bad functionality-induced joins pragma[nomagic] - predicate revFlowAlias(NodeEx node, FlowState state, Ap ap, Configuration config) { + additional predicate revFlowAlias(NodeEx node, FlowState state, Ap ap, Configuration config) { revFlow(node, state, ap, config) } @@ -1700,7 +1702,7 @@ private module MkStage { ) } - predicate consCand(TypedContent tc, Ap ap, Configuration config) { + additional predicate consCand(TypedContent tc, Ap ap, Configuration config) { revConsCand(tc, ap, config) and validAp(ap, config) } @@ -1742,7 +1744,7 @@ private module MkStage { ) } - predicate stats( + additional predicate stats( boolean fwd, int nodes, int fields, int conscand, int states, int tuples, Configuration config ) { fwd = true and diff --git a/python/ql/lib/semmle/python/dataflow/new/internal/DataFlowImpl3.qll b/python/ql/lib/semmle/python/dataflow/new/internal/DataFlowImpl3.qll index 9053019a6d0..b5631b26b0b 100644 --- a/python/ql/lib/semmle/python/dataflow/new/internal/DataFlowImpl3.qll +++ b/python/ql/lib/semmle/python/dataflow/new/internal/DataFlowImpl3.qll @@ -838,13 +838,13 @@ private module Stage1 implements StageSig { * by `revFlow`. */ pragma[nomagic] - predicate revFlowIsReadAndStored(Content c, Configuration conf) { + additional predicate revFlowIsReadAndStored(Content c, Configuration conf) { revFlowConsCand(c, conf) and revFlowStore(c, _, _, conf) } pragma[nomagic] - predicate viableReturnPosOutNodeCandFwd1( + additional predicate viableReturnPosOutNodeCandFwd1( DataFlowCall call, ReturnPosition pos, NodeEx out, Configuration config ) { fwdFlowReturnPosition(pos, _, config) and @@ -860,7 +860,7 @@ private module Stage1 implements StageSig { } pragma[nomagic] - predicate viableParamArgNodeCandFwd1( + additional predicate viableParamArgNodeCandFwd1( DataFlowCall call, ParamNodeEx p, ArgNodeEx arg, Configuration config ) { viableParamArgEx(call, p, arg) and @@ -907,7 +907,7 @@ private module Stage1 implements StageSig { ) } - predicate revFlowState(FlowState state, Configuration config) { + additional predicate revFlowState(FlowState state, Configuration config) { exists(NodeEx node | sinkNode(node, state, config) and revFlow(node, _, pragma[only_bind_into](config)) and @@ -999,7 +999,7 @@ private module Stage1 implements StageSig { ) } - predicate stats( + additional predicate stats( boolean fwd, int nodes, int fields, int conscand, int states, int tuples, Configuration config ) { fwd = true and @@ -1260,7 +1260,7 @@ private module MkStage { * argument. */ pragma[nomagic] - predicate fwdFlow( + additional predicate fwdFlow( NodeEx node, FlowState state, Cc cc, ApOption argAp, Ap ap, Configuration config ) { fwdFlow0(node, state, cc, argAp, ap, config) and @@ -1484,7 +1484,7 @@ private module MkStage { * the access path of the returned value. */ pragma[nomagic] - predicate revFlow( + additional predicate revFlow( NodeEx node, FlowState state, boolean toReturn, ApOption returnAp, Ap ap, Configuration config ) { revFlow0(node, state, toReturn, returnAp, ap, config) and @@ -1662,7 +1662,7 @@ private module MkStage { ) } - predicate revFlow(NodeEx node, FlowState state, Configuration config) { + additional predicate revFlow(NodeEx node, FlowState state, Configuration config) { revFlow(node, state, _, _, _, config) } @@ -1675,11 +1675,13 @@ private module MkStage { // use an alias as a workaround for bad functionality-induced joins pragma[nomagic] - predicate revFlowAlias(NodeEx node, Configuration config) { revFlow(node, _, _, _, _, config) } + additional predicate revFlowAlias(NodeEx node, Configuration config) { + revFlow(node, _, _, _, _, config) + } // use an alias as a workaround for bad functionality-induced joins pragma[nomagic] - predicate revFlowAlias(NodeEx node, FlowState state, Ap ap, Configuration config) { + additional predicate revFlowAlias(NodeEx node, FlowState state, Ap ap, Configuration config) { revFlow(node, state, ap, config) } @@ -1700,7 +1702,7 @@ private module MkStage { ) } - predicate consCand(TypedContent tc, Ap ap, Configuration config) { + additional predicate consCand(TypedContent tc, Ap ap, Configuration config) { revConsCand(tc, ap, config) and validAp(ap, config) } @@ -1742,7 +1744,7 @@ private module MkStage { ) } - predicate stats( + additional predicate stats( boolean fwd, int nodes, int fields, int conscand, int states, int tuples, Configuration config ) { fwd = true and diff --git a/python/ql/lib/semmle/python/dataflow/new/internal/DataFlowImpl4.qll b/python/ql/lib/semmle/python/dataflow/new/internal/DataFlowImpl4.qll index 9053019a6d0..b5631b26b0b 100644 --- a/python/ql/lib/semmle/python/dataflow/new/internal/DataFlowImpl4.qll +++ b/python/ql/lib/semmle/python/dataflow/new/internal/DataFlowImpl4.qll @@ -838,13 +838,13 @@ private module Stage1 implements StageSig { * by `revFlow`. */ pragma[nomagic] - predicate revFlowIsReadAndStored(Content c, Configuration conf) { + additional predicate revFlowIsReadAndStored(Content c, Configuration conf) { revFlowConsCand(c, conf) and revFlowStore(c, _, _, conf) } pragma[nomagic] - predicate viableReturnPosOutNodeCandFwd1( + additional predicate viableReturnPosOutNodeCandFwd1( DataFlowCall call, ReturnPosition pos, NodeEx out, Configuration config ) { fwdFlowReturnPosition(pos, _, config) and @@ -860,7 +860,7 @@ private module Stage1 implements StageSig { } pragma[nomagic] - predicate viableParamArgNodeCandFwd1( + additional predicate viableParamArgNodeCandFwd1( DataFlowCall call, ParamNodeEx p, ArgNodeEx arg, Configuration config ) { viableParamArgEx(call, p, arg) and @@ -907,7 +907,7 @@ private module Stage1 implements StageSig { ) } - predicate revFlowState(FlowState state, Configuration config) { + additional predicate revFlowState(FlowState state, Configuration config) { exists(NodeEx node | sinkNode(node, state, config) and revFlow(node, _, pragma[only_bind_into](config)) and @@ -999,7 +999,7 @@ private module Stage1 implements StageSig { ) } - predicate stats( + additional predicate stats( boolean fwd, int nodes, int fields, int conscand, int states, int tuples, Configuration config ) { fwd = true and @@ -1260,7 +1260,7 @@ private module MkStage { * argument. */ pragma[nomagic] - predicate fwdFlow( + additional predicate fwdFlow( NodeEx node, FlowState state, Cc cc, ApOption argAp, Ap ap, Configuration config ) { fwdFlow0(node, state, cc, argAp, ap, config) and @@ -1484,7 +1484,7 @@ private module MkStage { * the access path of the returned value. */ pragma[nomagic] - predicate revFlow( + additional predicate revFlow( NodeEx node, FlowState state, boolean toReturn, ApOption returnAp, Ap ap, Configuration config ) { revFlow0(node, state, toReturn, returnAp, ap, config) and @@ -1662,7 +1662,7 @@ private module MkStage { ) } - predicate revFlow(NodeEx node, FlowState state, Configuration config) { + additional predicate revFlow(NodeEx node, FlowState state, Configuration config) { revFlow(node, state, _, _, _, config) } @@ -1675,11 +1675,13 @@ private module MkStage { // use an alias as a workaround for bad functionality-induced joins pragma[nomagic] - predicate revFlowAlias(NodeEx node, Configuration config) { revFlow(node, _, _, _, _, config) } + additional predicate revFlowAlias(NodeEx node, Configuration config) { + revFlow(node, _, _, _, _, config) + } // use an alias as a workaround for bad functionality-induced joins pragma[nomagic] - predicate revFlowAlias(NodeEx node, FlowState state, Ap ap, Configuration config) { + additional predicate revFlowAlias(NodeEx node, FlowState state, Ap ap, Configuration config) { revFlow(node, state, ap, config) } @@ -1700,7 +1702,7 @@ private module MkStage { ) } - predicate consCand(TypedContent tc, Ap ap, Configuration config) { + additional predicate consCand(TypedContent tc, Ap ap, Configuration config) { revConsCand(tc, ap, config) and validAp(ap, config) } @@ -1742,7 +1744,7 @@ private module MkStage { ) } - predicate stats( + additional predicate stats( boolean fwd, int nodes, int fields, int conscand, int states, int tuples, Configuration config ) { fwd = true and diff --git a/python/ql/lib/semmle/python/dataflow/new/internal/DataFlowPrivate.qll b/python/ql/lib/semmle/python/dataflow/new/internal/DataFlowPrivate.qll index be44f39f13c..6f1396518aa 100644 --- a/python/ql/lib/semmle/python/dataflow/new/internal/DataFlowPrivate.qll +++ b/python/ql/lib/semmle/python/dataflow/new/internal/DataFlowPrivate.qll @@ -453,13 +453,15 @@ predicate jumpStep(Node nodeFrom, Node nodeTo) { jumpStepSharedWithTypeTracker(nodeFrom, nodeTo) or jumpStepNotSharedWithTypeTracker(nodeFrom, nodeTo) + or + FlowSummaryImpl::Private::Steps::summaryJumpStep(nodeFrom, nodeTo) } /** * Set of jumpSteps that are shared with type-tracker implementation. * * For ORM modeling we want to add jumpsteps to global dataflow, but since these are - * based on type-trackers, it's important that these new ORM jumsteps are not used in + * based on type-trackers, it's important that these new ORM jumpsteps are not used in * the type-trackers as well, as that would make evaluation of type-tracking recursive * with the new jumpsteps. * @@ -485,7 +487,7 @@ predicate jumpStepSharedWithTypeTracker(Node nodeFrom, Node nodeTo) { * Set of jumpSteps that are NOT shared with type-tracker implementation. * * For ORM modeling we want to add jumpsteps to global dataflow, but since these are - * based on type-trackers, it's important that these new ORM jumsteps are not used in + * based on type-trackers, it's important that these new ORM jumpsteps are not used in * the type-trackers as well, as that would make evaluation of type-tracking recursive * with the new jumpsteps. * @@ -668,7 +670,7 @@ predicate attributeStoreStep(Node nodeFrom, AttributeContent c, PostUpdateNode n } /** - * Holds if `nodeFrom` flows into the synthezised positional overflow argument (`nodeTo`) + * Holds if `nodeFrom` flows into the synthesized positional overflow argument (`nodeTo`) * at the position indicated by `c`. */ predicate posOverflowStoreStep(CfgNode nodeFrom, TupleElementContent c, Node nodeTo) { @@ -680,7 +682,7 @@ predicate posOverflowStoreStep(CfgNode nodeFrom, TupleElementContent c, Node nod } /** - * Holds if `nodeFrom` flows into the synthezised keyword overflow argument (`nodeTo`) + * Holds if `nodeFrom` flows into the synthesized keyword overflow argument (`nodeTo`) * at the key indicated by `c`. */ predicate kwOverflowStoreStep(CfgNode nodeFrom, DictionaryElementContent c, Node nodeTo) { @@ -814,7 +816,7 @@ predicate attributeReadStep(Node nodeFrom, AttributeContent c, AttrRead nodeTo) /** * Holds if `nodeFrom` is a dictionary argument being unpacked and `nodeTo` is the - * synthezised unpacked argument with the name indicated by `c`. + * synthesized unpacked argument with the name indicated by `c`. */ predicate kwUnpackReadStep(CfgNode nodeFrom, DictionaryElementContent c, Node nodeTo) { exists(CallNode call, CallableValue callable, string name | diff --git a/python/ql/lib/semmle/python/dataflow/new/internal/FlowSummaryImpl.qll b/python/ql/lib/semmle/python/dataflow/new/internal/FlowSummaryImpl.qll index a13c7cd1224..275569b4c02 100644 --- a/python/ql/lib/semmle/python/dataflow/new/internal/FlowSummaryImpl.qll +++ b/python/ql/lib/semmle/python/dataflow/new/internal/FlowSummaryImpl.qll @@ -61,6 +61,20 @@ module Public { /** Gets a summary component for a return of kind `rk`. */ SummaryComponent return(ReturnKind rk) { result = TReturnSummaryComponent(rk) } + + /** Gets a summary component for synthetic global `sg`. */ + SummaryComponent syntheticGlobal(SyntheticGlobal sg) { + result = TSyntheticGlobalSummaryComponent(sg) + } + + /** + * A synthetic global. This represents some form of global state, which + * summaries can read and write individually. + */ + abstract class SyntheticGlobal extends string { + bindingset[this] + SyntheticGlobal() { any() } + } } /** @@ -256,6 +270,7 @@ module Private { TParameterSummaryComponent(ArgumentPosition pos) or TArgumentSummaryComponent(ParameterPosition pos) or TReturnSummaryComponent(ReturnKind rk) or + TSyntheticGlobalSummaryComponent(SummaryComponent::SyntheticGlobal sg) or TWithoutContentSummaryComponent(ContentSet c) or TWithContentSummaryComponent(ContentSet c) @@ -563,6 +578,11 @@ module Private { getCallbackReturnType(getNodeType(summaryNodeInputState(pragma[only_bind_out](c), s.tail())), rk) ) + or + exists(SummaryComponent::SyntheticGlobal sg | + head = TSyntheticGlobalSummaryComponent(sg) and + result = getSyntheticGlobalType(sg) + ) ) or n = summaryNodeOutputState(c, s) and @@ -582,6 +602,11 @@ module Private { getCallbackParameterType(getNodeType(summaryNodeInputState(pragma[only_bind_out](c), s.tail())), pos) ) + or + exists(SummaryComponent::SyntheticGlobal sg | + head = TSyntheticGlobalSummaryComponent(sg) and + result = getSyntheticGlobalType(sg) + ) ) ) } @@ -692,6 +717,18 @@ module Private { ) } + /** + * Holds if there is a jump step from `pred` to `succ`, which is synthesized + * from a flow summary. + */ + predicate summaryJumpStep(Node pred, Node succ) { + exists(SummaryComponentStack s | + s = SummaryComponentStack::singleton(SummaryComponent::syntheticGlobal(_)) and + pred = summaryNodeOutputState(_, s) and + succ = summaryNodeInputState(_, s) + ) + } + /** * Holds if values stored inside content `c` are cleared at `n`. `n` is a * synthesized summary node, so in order for values to be cleared at calls @@ -871,18 +908,28 @@ module Private { AccessPathRange() { relevantSpec(this) } } - /** Holds if specification component `c` parses as parameter `n`. */ + /** Holds if specification component `token` parses as parameter `pos`. */ predicate parseParam(AccessPathToken token, ArgumentPosition pos) { token.getName() = "Parameter" and pos = parseParamBody(token.getAnArgument()) } - /** Holds if specification component `c` parses as argument `n`. */ + /** Holds if specification component `token` parses as argument `pos`. */ predicate parseArg(AccessPathToken token, ParameterPosition pos) { token.getName() = "Argument" and pos = parseArgBody(token.getAnArgument()) } + /** Holds if specification component `token` parses as synthetic global `sg`. */ + predicate parseSynthGlobal(AccessPathToken token, string sg) { + token.getName() = "SyntheticGlobal" and + sg = token.getAnArgument() + } + + private class SyntheticGlobalFromAccessPath extends SummaryComponent::SyntheticGlobal { + SyntheticGlobalFromAccessPath() { parseSynthGlobal(_, this) } + } + private SummaryComponent interpretComponent(AccessPathToken token) { exists(ParameterPosition pos | parseArg(token, pos) and result = SummaryComponent::argument(pos) @@ -894,6 +941,10 @@ module Private { or token = "ReturnValue" and result = SummaryComponent::return(getReturnValueKind()) or + exists(string sg | + parseSynthGlobal(token, sg) and result = SummaryComponent::syntheticGlobal(sg) + ) + or result = interpretComponentSpecific(token) } diff --git a/python/ql/lib/semmle/python/dataflow/new/internal/FlowSummaryImplSpecific.qll b/python/ql/lib/semmle/python/dataflow/new/internal/FlowSummaryImplSpecific.qll index 2f12e3a03d9..056ed02a874 100644 --- a/python/ql/lib/semmle/python/dataflow/new/internal/FlowSummaryImplSpecific.qll +++ b/python/ql/lib/semmle/python/dataflow/new/internal/FlowSummaryImplSpecific.qll @@ -12,15 +12,15 @@ * * Having both extracted and non-extracted callables means that we now have three types of calls: * - Extracted calls to extracted callables, either `NormalCall` or `SpecialCall`. These are handled by standard data flow. - * - Extracted calls to non-extracted callables, `LibraryCall`. These are handled by loking up the relevant summary when the - * global data flwo graph is connected up via `getViableCallable`. + * - Extracted calls to non-extracted callables, `LibraryCall`. These are handled by looking up the relevant summary when the + * global data flow graph is connected up via `getViableCallable`. * - Non-extracted calls, `SummaryCall`. These are synthesised by the flow summary framework. * * The first two can be referred to as `ExtractedDataFlowCall`. In fact, `LibraryCall` is a subclass of `NormalCall`, where * `getCallable` is set to `none()`. The member predicate `ExtractedDataFlowCall::getCallable` is _not_ the mechanism for * call resolution in global data flow. That mechanism is `getViableCallable`. * Resolving a call to a non-extracted callable goes via `LibraryCallable::getACall`, which may involve type tracking. - * To avoid that type tracking becomes mutualy recursive with data flow, type tracking must use a call graph not including summaries. + * To avoid that type tracking becomes mutually recursive with data flow, type tracking must use a call graph not including summaries. * Type tracking sees the callgraph given by `ExtractedDataFlowCall::getACallable`. * * We do not support summaries of special methods via the special methods framework, @@ -73,6 +73,9 @@ DataFlowType getCallbackParameterType(DataFlowType t, int i) { any() } */ DataFlowType getCallbackReturnType(DataFlowType t, ReturnKind rk) { any() } +/** Gets the type of synthetic global `sg`. */ +DataFlowType getSyntheticGlobalType(SummaryComponent::SyntheticGlobal sg) { any() } + /** * Holds if an external flow summary exists for `c` with input specification * `input`, output specification `output`, kind `kind`, and a flag `generated` diff --git a/python/ql/lib/semmle/python/dataflow/new/internal/IterableUnpacking.qll b/python/ql/lib/semmle/python/dataflow/new/internal/IterableUnpacking.qll index f576529e3c6..c0c62e80315 100644 --- a/python/ql/lib/semmle/python/dataflow/new/internal/IterableUnpacking.qll +++ b/python/ql/lib/semmle/python/dataflow/new/internal/IterableUnpacking.qll @@ -52,14 +52,14 @@ * Note that an empty access path means that the value we are tracking flows directly to the element. * * - * The `TIterableSequence(sequence)` is at this point superflous but becomes useful when handling recursive + * The `TIterableSequence(sequence)` is at this point superfluous but becomes useful when handling recursive * structures in the LHS, where `sequence` is some internal sequence node. We can have a uniform treatment * by always having these two synthetic nodes. So we transfer to (or, in the recursive case, read into) * `TIterableSequence(sequence)`, from which we take a read step to `TIterableElement(sequence)` and then a * store step to `sequence`. * * This allows the unknown content from the RHS to be read into `TIterableElement(sequence)` and tuple content - * to then be stored into `sequence`. If the content is already tuple content, this inderection creates crosstalk + * to then be stored into `sequence`. If the content is already tuple content, this indirection creates crosstalk * between indices. Therefore, tuple content is never read into `TIterableElement(sequence)`; it is instead * transferred directly from `TIterableSequence(sequence)` to `sequence` via a flow step. Such a flow step will * also transfer other content, but only tuple content is further read from `sequence` into its elements. diff --git a/python/ql/lib/semmle/python/dataflow/new/internal/LocalSources.qll b/python/ql/lib/semmle/python/dataflow/new/internal/LocalSources.qll index dfd4a40ff99..72ea5d95310 100644 --- a/python/ql/lib/semmle/python/dataflow/new/internal/LocalSources.qll +++ b/python/ql/lib/semmle/python/dataflow/new/internal/LocalSources.qll @@ -104,7 +104,7 @@ class LocalSourceNode extends Node { /** * Gets a subscript of this node. */ - Node getASubscript() { Cached::subscript(this, result) } + Node getSubscript(Node index) { Cached::subscript(this, result, index) } /** * Gets a call to the method `methodName` on this node. @@ -185,7 +185,7 @@ private module Cached { /** * Holds if `source` is a `LocalSourceNode` that can reach `sink` via local flow steps. * - * The slightly backwards parametering ordering is to force correct indexing. + * The slightly backwards parameter ordering is to force correct indexing. */ cached predicate hasLocalSource(Node sink, LocalSourceNode source) { @@ -249,13 +249,14 @@ private module Cached { } /** - * Holds if `node` flows to a sequence/mapping of which `subscript` is a subscript. + * Holds if `node` flows to a sequence/mapping of which `subscript` is a subscript with index/key `index`. */ cached - predicate subscript(LocalSourceNode node, CfgNode subscript) { + predicate subscript(LocalSourceNode node, CfgNode subscript, CfgNode index) { exists(CfgNode seq, SubscriptNode subscriptNode | subscriptNode = subscript.getNode() | node.flowsTo(seq) and - seq.getNode() = subscriptNode.getObject() + seq.getNode() = subscriptNode.getObject() and + index.getNode() = subscriptNode.getIndex() ) } } diff --git a/python/ql/lib/semmle/python/dataflow/new/internal/TypeTracker.qll b/python/ql/lib/semmle/python/dataflow/new/internal/TypeTracker.qll index 1ada143a475..52807799c2c 100644 --- a/python/ql/lib/semmle/python/dataflow/new/internal/TypeTracker.qll +++ b/python/ql/lib/semmle/python/dataflow/new/internal/TypeTracker.qll @@ -186,7 +186,7 @@ private module Cached { jumpStep(nodeFrom, nodeTo) and summary = JumpStep() or - levelStep(nodeFrom, nodeTo) and + levelStepNoCall(nodeFrom, nodeTo) and summary = LevelStep() or exists(TypeTrackerContent content | @@ -216,6 +216,9 @@ private module Cached { or returnStep(nodeFrom, nodeTo) and summary = ReturnStep() + or + levelStepCall(nodeFrom, nodeTo) and + summary = LevelStep() } } diff --git a/python/ql/lib/semmle/python/dataflow/new/internal/TypeTrackerSpecific.qll b/python/ql/lib/semmle/python/dataflow/new/internal/TypeTrackerSpecific.qll index 05ad3cbdd7d..690216089e9 100644 --- a/python/ql/lib/semmle/python/dataflow/new/internal/TypeTrackerSpecific.qll +++ b/python/ql/lib/semmle/python/dataflow/new/internal/TypeTrackerSpecific.qll @@ -45,8 +45,11 @@ predicate simpleLocalFlowStep = DataFlowPrivate::simpleLocalFlowStepForTypetrack predicate jumpStep = DataFlowPrivate::jumpStepSharedWithTypeTracker/2; -/** Holds if there is a level step from `pred` to `succ`. */ -predicate levelStep(Node pred, Node succ) { none() } +/** Holds if there is a level step from `nodeFrom` to `nodeTo`, which may depend on the call graph. */ +predicate levelStepCall(Node nodeFrom, Node nodeTo) { none() } + +/** Holds if there is a level step from `nodeFrom` to `nodeTo`, which does not depend on the call graph. */ +predicate levelStepNoCall(Node nodeFrom, Node nodeTo) { none() } /** * Gets the name of a possible piece of content. For Python, this is currently only attribute names, diff --git a/python/ql/lib/semmle/python/dataflow/old/Implementation.qll b/python/ql/lib/semmle/python/dataflow/old/Implementation.qll index 796dc743478..76510b5f712 100644 --- a/python/ql/lib/semmle/python/dataflow/old/Implementation.qll +++ b/python/ql/lib/semmle/python/dataflow/old/Implementation.qll @@ -250,7 +250,7 @@ class TaintTrackingImplementation extends string { } /** - * Hold if taint flows to `src` to `(node, context, path, kind)` in a single step, labelled with `egdeLabel` with this configuration. + * Hold if taint flows to `src` to `(node, context, path, kind)` in a single step, labelled with `edgeLabel` with this configuration. * `edgeLabel` is purely informative. */ predicate flowStep( diff --git a/python/ql/lib/semmle/python/frameworks/Aioch.qll b/python/ql/lib/semmle/python/frameworks/Aioch.qll index 8595a708fb7..ac22bef6dde 100644 --- a/python/ql/lib/semmle/python/frameworks/Aioch.qll +++ b/python/ql/lib/semmle/python/frameworks/Aioch.qll @@ -31,7 +31,7 @@ module Aioch { } /** - * A call to any of the the execute methods on a `aioch.Client`, which are just async + * A call to any of the execute methods on a `aioch.Client`, which are just async * versions of the methods in the `clickhouse-driver` PyPI package. * * See diff --git a/python/ql/lib/semmle/python/frameworks/Aiohttp.qll b/python/ql/lib/semmle/python/frameworks/Aiohttp.qll index 2557b544ee1..bf361083867 100644 --- a/python/ql/lib/semmle/python/frameworks/Aiohttp.qll +++ b/python/ql/lib/semmle/python/frameworks/Aiohttp.qll @@ -45,7 +45,7 @@ module AiohttpWebModel { } /** Gets a reference to an `aiohttp.web.UrlDispatcher` instance. */ - API::Node urlDispathcerInstance() { + API::Node urlDispatcherInstance() { result = API::moduleImport("aiohttp").getMember("web").getMember("UrlDispatcher").getReturn() or result = applicationInstance().getMember("router") @@ -170,7 +170,7 @@ module AiohttpWebModel { funcName = "route" and routeArgsStart = 1 | - this = urlDispathcerInstance().getMember("add_" + funcName).getACall() + this = urlDispatcherInstance().getMember("add_" + funcName).getACall() or this = API::moduleImport("aiohttp").getMember("web").getMember(funcName).getACall() ) @@ -621,15 +621,12 @@ module AiohttpWebModel { DataFlow::Node value; AiohttpResponseCookieSubscriptWrite() { - exists(SubscriptNode subscript | + exists(API::Node i | + value = aiohttpResponseInstance().getMember("cookies").getSubscriptAt(i).asSink() and + index = i.asSink() and // To give `this` a value, we need to choose between either LHS or RHS, - // and just go with the LHS - this.asCfgNode() = subscript - | - subscript.getObject() = - aiohttpResponseInstance().getMember("cookies").getAValueReachableFromSource().asCfgNode() and - value.asCfgNode() = subscript.(DefinitionNode).getValue() and - index.asCfgNode() = subscript.getIndex() + // and just go with the RHS as it is readily available + this = value ) } diff --git a/python/ql/lib/semmle/python/frameworks/Aiopg.qll b/python/ql/lib/semmle/python/frameworks/Aiopg.qll index 053d59df51a..979f7edb94f 100644 --- a/python/ql/lib/semmle/python/frameworks/Aiopg.qll +++ b/python/ql/lib/semmle/python/frameworks/Aiopg.qll @@ -98,10 +98,10 @@ private module Aiopg { * See https://aiopg.readthedocs.io/en/stable/sa.html#aiopg.sa.SAConnection.execute */ class AwaitedSAConnectionExecuteCall extends SqlExecution::Range { - SAConnectionExecuteCall excute; + SAConnectionExecuteCall execute; - AwaitedSAConnectionExecuteCall() { this = excute.getReturn().getAwaited().asSource() } + AwaitedSAConnectionExecuteCall() { this = execute.getReturn().getAwaited().asSource() } - override DataFlow::Node getSql() { result = excute.getSql() } + override DataFlow::Node getSql() { result = execute.getSql() } } } diff --git a/python/ql/lib/semmle/python/frameworks/ClickhouseDriver.qll b/python/ql/lib/semmle/python/frameworks/ClickhouseDriver.qll index c46e8d060a9..035b30620bc 100644 --- a/python/ql/lib/semmle/python/frameworks/ClickhouseDriver.qll +++ b/python/ql/lib/semmle/python/frameworks/ClickhouseDriver.qll @@ -50,7 +50,7 @@ module ClickhouseDriver { string getExecuteMethodName() { result in ["execute_with_progress", "execute", "execute_iter"] } /** - * A call to any of the the execute methods on a `clickhouse_driver.Client` method + * A call to any of the execute methods on a `clickhouse_driver.Client` method * * See * - https://clickhouse-driver.readthedocs.io/en/latest/api.html#clickhouse_driver.Client.execute diff --git a/python/ql/lib/semmle/python/frameworks/Cryptography.qll b/python/ql/lib/semmle/python/frameworks/Cryptography.qll index 021da3ef0a0..d3e03083c09 100644 --- a/python/ql/lib/semmle/python/frameworks/Cryptography.qll +++ b/python/ql/lib/semmle/python/frameworks/Cryptography.qll @@ -14,7 +14,7 @@ private import semmle.python.ApiGraphs */ private module CryptographyModel { /** - * Provides helper predicates for the eliptic curve cryptography parts in + * Provides helper predicates for the elliptic curve cryptography parts in * `cryptography.hazmat.primitives.asymmetric.ec`. */ module Ecc { diff --git a/python/ql/lib/semmle/python/frameworks/Cx_Oracle.qll b/python/ql/lib/semmle/python/frameworks/Cx_Oracle.qll new file mode 100644 index 00000000000..da5d0b07ed4 --- /dev/null +++ b/python/ql/lib/semmle/python/frameworks/Cx_Oracle.qll @@ -0,0 +1,31 @@ +/** + * Provides classes modeling security-relevant aspects of the `cx_Oracle` PyPI package. + * + * See + * - https://github.com/oracle/python-cx_Oracle + * - https://pypi.org/project/cx-Oracle/ + */ + +private import python +private import semmle.python.dataflow.new.DataFlow +private import semmle.python.dataflow.new.RemoteFlowSources +private import semmle.python.Concepts +private import semmle.python.ApiGraphs +private import semmle.python.frameworks.PEP249 + +/** + * Provides models for the `cx_Oracle` PyPI package. + * + * See + * - https://github.com/oracle/python-cx_Oracle + * - https://pypi.org/project/cx-Oracle/ + */ +private module Cx_Oracle { + /** + * A model for Cx_Oracle as a module that implements PEP 249, providing ways to execute SQL statements + * against a database. + */ + class Cx_Oracle extends PEP249::PEP249ModuleApiNode { + Cx_Oracle() { this = API::moduleImport("cx_Oracle") } + } +} diff --git a/python/ql/lib/semmle/python/frameworks/Mysql.qll b/python/ql/lib/semmle/python/frameworks/Mysql.qll index b61037ff62a..5f5d9bb35d5 100644 --- a/python/ql/lib/semmle/python/frameworks/Mysql.qll +++ b/python/ql/lib/semmle/python/frameworks/Mysql.qll @@ -21,17 +21,11 @@ private import semmle.python.frameworks.PEP249 * - https://dev.mysql.com/doc/connector-python/en/connector-python-example-connecting.html */ private module Mysql { - // --------------------------------------------------------------------------- - // mysql - // --------------------------------------------------------------------------- - /** Provides models for the `mysql` module. */ - module MysqlMod { - /** - * The mysql.connector module - * See https://dev.mysql.com/doc/connector-python/en/connector-python-example-connecting.html - */ - class MysqlConnector extends PEP249::PEP249ModuleApiNode { - MysqlConnector() { this = API::moduleImport("mysql").getMember("connector") } - } + /** + * The mysql.connector module + * See https://dev.mysql.com/doc/connector-python/en/connector-python-example-connecting.html + */ + class MysqlConnector extends PEP249::PEP249ModuleApiNode { + MysqlConnector() { this = API::moduleImport("mysql").getMember("connector") } } } diff --git a/python/ql/lib/semmle/python/frameworks/Oracledb.qll b/python/ql/lib/semmle/python/frameworks/Oracledb.qll new file mode 100644 index 00000000000..a8aa369f903 --- /dev/null +++ b/python/ql/lib/semmle/python/frameworks/Oracledb.qll @@ -0,0 +1,31 @@ +/** + * Provides classes modeling security-relevant aspects of the `oracledb` PyPI package. + * + * See + * - https://python-oracledb.readthedocs.io/en/latest/index.html + * - https://pypi.org/project/oracledb/ + */ + +private import python +private import semmle.python.dataflow.new.DataFlow +private import semmle.python.dataflow.new.RemoteFlowSources +private import semmle.python.Concepts +private import semmle.python.ApiGraphs +private import semmle.python.frameworks.PEP249 + +/** + * Provides models for the `oracledb` PyPI package. + * + * See + * - https://python-oracledb.readthedocs.io/en/latest/index.html + * - https://pypi.org/project/oracledb/ + */ +private module Oracledb { + /** + * A model for oracledb as a module that implements PEP 249, providing ways to execute SQL statements + * against a database. + */ + class Oracledb extends PEP249::PEP249ModuleApiNode { + Oracledb() { this = API::moduleImport("oracledb") } + } +} diff --git a/python/ql/lib/semmle/python/frameworks/Phoenixdb.qll b/python/ql/lib/semmle/python/frameworks/Phoenixdb.qll new file mode 100644 index 00000000000..0158f6998af --- /dev/null +++ b/python/ql/lib/semmle/python/frameworks/Phoenixdb.qll @@ -0,0 +1,31 @@ +/** + * Provides classes modeling security-relevant aspects of the `phoenixdb` PyPI package. + * + * See + * - https://github.com/apache/phoenix-queryserver/tree/master/python-phoenixdb + * - https://pypi.org/project/phoenixdb/ + */ + +private import python +private import semmle.python.dataflow.new.DataFlow +private import semmle.python.dataflow.new.RemoteFlowSources +private import semmle.python.Concepts +private import semmle.python.ApiGraphs +private import semmle.python.frameworks.PEP249 + +/** + * Provides models for the `phoenixdb` PyPI package. + * + * See + * - https://github.com/apache/phoenix-queryserver/tree/master/python-phoenixdb + * - https://pypi.org/project/phoenixdb/ + */ +private module Phoenixdb { + /** + * A model for Phoenixdb as a module that implements PEP 249, providing ways to execute SQL statements + * against a database. + */ + class Phoenixdb extends PEP249::PEP249ModuleApiNode { + Phoenixdb() { this = API::moduleImport("phoenixdb") } + } +} diff --git a/python/ql/lib/semmle/python/frameworks/Pydantic.qll b/python/ql/lib/semmle/python/frameworks/Pydantic.qll index f2d86cf381d..b495ef0b93e 100644 --- a/python/ql/lib/semmle/python/frameworks/Pydantic.qll +++ b/python/ql/lib/semmle/python/frameworks/Pydantic.qll @@ -65,7 +65,7 @@ module Pydantic { * NOTE: We currently overapproximate, and treat all attributes as containing * another pydantic model. For the code below, we _could_ limit this to `main_foo` * and members of `other_foos`. IF THIS IS CHANGED, YOU MUST CHANGE THE ADDITIONAL - * TAINT STEPS BELOW, SUCH THAT SIMPLE ACCESS OF SOMETHIGN LIKE `str` IS STILL + * TAINT STEPS BELOW, SUCH THAT SIMPLE ACCESS OF SOMETHING LIKE `str` IS STILL * TAINTED. * * diff --git a/python/ql/lib/semmle/python/frameworks/Pymssql.qll b/python/ql/lib/semmle/python/frameworks/Pymssql.qll new file mode 100644 index 00000000000..263963f5cc8 --- /dev/null +++ b/python/ql/lib/semmle/python/frameworks/Pymssql.qll @@ -0,0 +1,25 @@ +/** + * Provides classes modeling security-relevant aspects of the `pymssql` PyPI package. + * See https://pypi.org/project/pymssql/ + */ + +private import python +private import semmle.python.dataflow.new.DataFlow +private import semmle.python.dataflow.new.RemoteFlowSources +private import semmle.python.Concepts +private import semmle.python.ApiGraphs +private import semmle.python.frameworks.PEP249 + +/** + * Provides models for the `pymssql` PyPI package. + * See https://pypi.org/project/pymssql/ + */ +private module Pymssql { + /** + * A model of `pymssql` as a module that implements PEP 249, providing ways to execute SQL statements + * against a database. + */ + class PymssqlPEP249 extends PEP249::PEP249ModuleApiNode { + PymssqlPEP249() { this = API::moduleImport("pymssql") } + } +} diff --git a/python/ql/lib/semmle/python/frameworks/Pyodbc.qll b/python/ql/lib/semmle/python/frameworks/Pyodbc.qll new file mode 100644 index 00000000000..75f235df884 --- /dev/null +++ b/python/ql/lib/semmle/python/frameworks/Pyodbc.qll @@ -0,0 +1,31 @@ +/** + * Provides classes modeling security-relevant aspects of the `pyodbc` PyPI package. + * + * See + * - https://github.com/mkleehammer/pyodbc/wiki + * - https://pypi.org/project/pyodbc/ + */ + +private import python +private import semmle.python.dataflow.new.DataFlow +private import semmle.python.dataflow.new.RemoteFlowSources +private import semmle.python.Concepts +private import semmle.python.ApiGraphs +private import semmle.python.frameworks.PEP249 + +/** + * Provides models for the `pyodbc` PyPI package. + * + * See + * - https://github.com/mkleehammer/pyodbc/wiki + * - https://pypi.org/project/pyodbc/ + */ +private module Pyodbc { + /** + * A model for Pyodbc as a module that implements PEP 249, providing ways to execute SQL statements + * against a database. + */ + class Pyodbc extends PEP249::PEP249ModuleApiNode { + Pyodbc() { this = API::moduleImport("pyodbc") } + } +} diff --git a/python/ql/lib/semmle/python/frameworks/Requests.qll b/python/ql/lib/semmle/python/frameworks/Requests.qll index d32860b177e..5f3b344c45c 100644 --- a/python/ql/lib/semmle/python/frameworks/Requests.qll +++ b/python/ql/lib/semmle/python/frameworks/Requests.qll @@ -113,7 +113,7 @@ private module Requests { ClassInstantiation() { this = classRef().getACall() } } - /** Return value from making a reuqest. */ + /** Return value from making a request. */ private class RequestReturnValue extends InstanceSource, DataFlow::Node { RequestReturnValue() { this = any(OutgoingRequestCall c) } } diff --git a/python/ql/lib/semmle/python/frameworks/Stdlib.qll b/python/ql/lib/semmle/python/frameworks/Stdlib.qll index 04c5ddc446d..f5d6dd8df1c 100644 --- a/python/ql/lib/semmle/python/frameworks/Stdlib.qll +++ b/python/ql/lib/semmle/python/frameworks/Stdlib.qll @@ -2403,7 +2403,7 @@ private module StdlibPrivate { /** * Gets a name of a constructor for a `pathlib.Path` object. - * We include the pure paths, as they can be "exported" (say with `as_posix`) and then used to acces the underlying file system. + * We include the pure paths, as they can be "exported" (say with `as_posix`) and then used to access the underlying file system. */ private string pathlibPathConstructor() { result in ["Path", "PurePath", "PurePosixPath", "PureWindowsPath", "PosixPath", "WindowsPath"] @@ -2510,11 +2510,11 @@ private module StdlibPrivate { /** A file system access from a `pathlib.Path` method call. */ private class PathlibFileAccess extends FileSystemAccess::Range, DataFlow::CallCfgNode { DataFlow::AttrRead fileAccess; - string attrbuteName; + string attributeName; PathlibFileAccess() { - attrbuteName = fileAccess.getAttributeName() and - attrbuteName in [ + attributeName = fileAccess.getAttributeName() and + attributeName in [ "stat", "chmod", "exists", "expanduser", "glob", "group", "is_dir", "is_file", "is_mount", "is_symlink", "is_socket", "is_fifo", "is_block_device", "is_char_device", "iter_dir", "lchmod", "lstat", "mkdir", "open", "owner", "read_bytes", "read_text", "readlink", @@ -2530,14 +2530,14 @@ private module StdlibPrivate { /** A file system write from a `pathlib.Path` method call. */ private class PathlibFileWrites extends PathlibFileAccess, FileSystemWriteAccess::Range { - PathlibFileWrites() { attrbuteName in ["write_bytes", "write_text"] } + PathlibFileWrites() { attributeName in ["write_bytes", "write_text"] } override DataFlow::Node getADataNode() { result in [this.getArg(0), this.getArgByName("data")] } } /** A call to the `open` method on a `pathlib.Path` instance. */ private class PathLibOpenCall extends PathlibFileAccess, Stdlib::FileLikeObject::InstanceSource { - PathLibOpenCall() { attrbuteName = "open" } + PathLibOpenCall() { attributeName = "open" } } /** @@ -2549,7 +2549,7 @@ private module StdlibPrivate { * - https://docs.python.org/3/library/pathlib.html#pathlib.Path.symlink_to */ private class PathLibLinkToCall extends PathlibFileAccess, API::CallNode { - PathLibLinkToCall() { attrbuteName in ["link_to", "hardlink_to", "symlink_to"] } + PathLibLinkToCall() { attributeName in ["link_to", "hardlink_to", "symlink_to"] } override DataFlow::Node getAPathArgument() { result = super.getAPathArgument() @@ -2566,7 +2566,7 @@ private module StdlibPrivate { * - https://docs.python.org/3/library/pathlib.html#pathlib.Path.rename */ private class PathLibReplaceCall extends PathlibFileAccess, API::CallNode { - PathLibReplaceCall() { attrbuteName in ["replace", "rename"] } + PathLibReplaceCall() { attributeName in ["replace", "rename"] } override DataFlow::Node getAPathArgument() { result = super.getAPathArgument() @@ -2581,7 +2581,7 @@ private module StdlibPrivate { * See https://docs.python.org/3/library/pathlib.html#pathlib.Path.samefile */ private class PathLibSameFileCall extends PathlibFileAccess, API::CallNode { - PathLibSameFileCall() { attrbuteName = "samefile" } + PathLibSameFileCall() { attributeName = "samefile" } override DataFlow::Node getAPathArgument() { result = super.getAPathArgument() @@ -2720,7 +2720,7 @@ private module StdlibPrivate { /** * A hashing operation from the `hashlib` package using one of the predefined classes - * (such as `hashlib.md5`), by calling its' `update` mehtod. + * (such as `hashlib.md5`), by calling its' `update` method. */ class HashlibHashClassUpdateCall extends HashlibGenericHashOperation { HashlibHashClassUpdateCall() { this = hashClass.getReturn().getMember("update").getACall() } diff --git a/python/ql/lib/semmle/python/frameworks/Stdlib/Urllib2.qll b/python/ql/lib/semmle/python/frameworks/Stdlib/Urllib2.qll index 7fc9e5ea468..d440b1852c9 100644 --- a/python/ql/lib/semmle/python/frameworks/Stdlib/Urllib2.qll +++ b/python/ql/lib/semmle/python/frameworks/Stdlib/Urllib2.qll @@ -10,7 +10,7 @@ private import semmle.python.Concepts private import semmle.python.ApiGraphs /** - * Provides models for the the `urllib2` module, part of + * Provides models for the `urllib2` module, part of * the Python 2 standard library. * * See https://docs.python.org/2/library/urllib2.html diff --git a/python/ql/lib/semmle/python/frameworks/internal/PEP249Impl.qll b/python/ql/lib/semmle/python/frameworks/internal/PEP249Impl.qll index 5feaa7f61da..bf63bbb3731 100644 --- a/python/ql/lib/semmle/python/frameworks/internal/PEP249Impl.qll +++ b/python/ql/lib/semmle/python/frameworks/internal/PEP249Impl.qll @@ -146,7 +146,7 @@ module PEP249 { * Note: while `execute` method on a connection is not part of PEP249, if it is used, we * recognize it as an alias for constructing a cursor and calling `execute` on it. * - * See https://www.python.org/dev/peps/pep-0249/#id15. + * See https://peps.python.org/pep-0249/#execute. */ private DataFlow::TypeTrackingNode execute(DataFlow::TypeTracker t) { t.startInAttr("execute") and @@ -161,14 +161,44 @@ module PEP249 { * Note: while `execute` method on a connection is not part of PEP249, if it is used, we * recognize it as an alias for constructing a cursor and calling `execute` on it. * - * See https://www.python.org/dev/peps/pep-0249/#id15. + * See https://peps.python.org/pep-0249/#execute. */ DataFlow::Node execute() { execute(DataFlow::TypeTracker::end()).flowsTo(result) } - /** A call to the `execute` method on a cursor (or on a connection). */ + /** + * A call to the `execute` method on a cursor or a connection. + * + * See https://peps.python.org/pep-0249/#execute + * + * Note: While `execute` method on a connection is not part of PEP249, if it is used, we + * recognize it as an alias for constructing a cursor and calling `execute` on it. + */ private class ExecuteCall extends SqlExecution::Range, DataFlow::CallCfgNode { ExecuteCall() { this.getFunction() = execute() } override DataFlow::Node getSql() { result in [this.getArg(0), this.getArgByName("sql")] } } + + private DataFlow::TypeTrackingNode executemany(DataFlow::TypeTracker t) { + t.startInAttr("executemany") and + result in [Cursor::instance(), Connection::instance()] + or + exists(DataFlow::TypeTracker t2 | result = executemany(t2).track(t2, t)) + } + + private DataFlow::Node executemany() { executemany(DataFlow::TypeTracker::end()).flowsTo(result) } + + /** + * A call to the `executemany` method on a cursor or a connection. + * + * See https://peps.python.org/pep-0249/#executemany + * + * Note: While `executemany` method on a connection is not part of PEP249, if it is used, we + * recognize it as an alias for constructing a cursor and calling `executemany` on it. + */ + private class ExecutemanyCall extends SqlExecution::Range, DataFlow::CallCfgNode { + ExecutemanyCall() { this.getFunction() = executemany() } + + override DataFlow::Node getSql() { result in [this.getArg(0), this.getArgByName("sql")] } + } } diff --git a/python/ql/lib/semmle/python/frameworks/internal/SubclassFinder.qll b/python/ql/lib/semmle/python/frameworks/internal/SubclassFinder.qll index 65125d20f80..f077eb3ba65 100644 --- a/python/ql/lib/semmle/python/frameworks/internal/SubclassFinder.qll +++ b/python/ql/lib/semmle/python/frameworks/internal/SubclassFinder.qll @@ -68,9 +68,9 @@ private module NotExposed { // modeling. See https://github.com/github/codeql/pull/5632 for more discussion. // // - bindingset[fullyQaulified] - string fullyQualifiedToApiGraphPath(string fullyQaulified) { - result = "moduleImport(\"" + fullyQaulified.replaceAll(".", "\").getMember(\"") + "\")" + bindingset[fullyQualified] + string fullyQualifiedToApiGraphPath(string fullyQualified) { + result = "moduleImport(\"" + fullyQualified.replaceAll(".", "\").getMember(\"") + "\")" } /** DEPRECATED: Alias for fullyQualifiedToApiGraphPath */ diff --git a/python/ql/lib/semmle/python/objects/ObjectAPI.qll b/python/ql/lib/semmle/python/objects/ObjectAPI.qll index f47244a74c2..6adbd93c940 100644 --- a/python/ql/lib/semmle/python/objects/ObjectAPI.qll +++ b/python/ql/lib/semmle/python/objects/ObjectAPI.qll @@ -324,7 +324,7 @@ module Value { Value none_() { result = ObjectInternal::none_() } /** - * Shorcuts added by the `site` module to exit your interactive session. + * Shortcuts added by the `site` module to exit your interactive session. * * see https://docs.python.org/3/library/constants.html#constants-added-by-the-site-module */ diff --git a/python/ql/lib/semmle/python/pointsto/PointsTo.qll b/python/ql/lib/semmle/python/pointsto/PointsTo.qll index 7d0319a82c9..a5732e3bbd4 100644 --- a/python/ql/lib/semmle/python/pointsto/PointsTo.qll +++ b/python/ql/lib/semmle/python/pointsto/PointsTo.qll @@ -1177,7 +1177,7 @@ module InterProceduralPointsTo { ) } - /** Holds if the named `argument` given the context `caller` is transferred to the parameter `param` with conntext `callee` by a call. */ + /** Holds if the named `argument` given the context `caller` is transferred to the parameter `param` with context `callee` by a call. */ cached predicate named_argument_transfer( ControlFlowNode argument, PointsToContext caller, ParameterDefinition param, diff --git a/python/ql/lib/semmle/python/regex.qll b/python/ql/lib/semmle/python/regex.qll index 6e316264ebc..247a39701d0 100644 --- a/python/ql/lib/semmle/python/regex.qll +++ b/python/ql/lib/semmle/python/regex.qll @@ -283,7 +283,7 @@ abstract class RegexString extends Expr { /** * Helper predicate for `escapingChar`. - * In order to avoid negative recusrion, we return a boolean. + * In order to avoid negative recursion, we return a boolean. * This way, we can refer to `escaping(pos - 1).booleanNot()` * rather than to a negated version of `escaping(pos)`. */ diff --git a/python/ql/lib/semmle/python/security/BadTagFilterQuery.qll b/python/ql/lib/semmle/python/security/BadTagFilterQuery.qll index ed06bfbe798..95bfbeeeb5d 100644 --- a/python/ql/lib/semmle/python/security/BadTagFilterQuery.qll +++ b/python/ql/lib/semmle/python/security/BadTagFilterQuery.qll @@ -1,5 +1,5 @@ /** - * Provides precicates for reasoning about bad tag filter vulnerabilities. + * Provides predicates for reasoning about bad tag filter vulnerabilities. */ import regexp.RegexpMatching @@ -65,7 +65,7 @@ predicate isBadRegexpFilter(HtmlMatchingRegExp regexp, string msg) { regexp.matches("") and exists(int a, int b | a != b | regexp.fillsCaptureGroup("", a) and - // might be ambigously parsed (matching both capture groups), and that is ok here. + // might be ambiguously parsed (matching both capture groups), and that is ok here. regexp.fillsCaptureGroup("", b) and not regexp.fillsCaptureGroup("", a) and msg = diff --git a/python/ql/lib/semmle/python/security/dataflow/StackTraceExposureQuery.qll b/python/ql/lib/semmle/python/security/dataflow/StackTraceExposureQuery.qll index c69762e01b9..3975985fce1 100644 --- a/python/ql/lib/semmle/python/security/dataflow/StackTraceExposureQuery.qll +++ b/python/ql/lib/semmle/python/security/dataflow/StackTraceExposureQuery.qll @@ -28,7 +28,7 @@ class Configuration extends TaintTracking::Configuration { } // A stack trace is accessible as the `__traceback__` attribute of a caught exception. - // seehttps://docs.python.org/3/reference/datamodel.html#traceback-objects + // see https://docs.python.org/3/reference/datamodel.html#traceback-objects override predicate isAdditionalTaintStep(DataFlow::Node nodeFrom, DataFlow::Node nodeTo) { exists(DataFlow::AttrRead attr | attr.getAttributeName() = "__traceback__" | nodeFrom = attr.getObject() and diff --git a/python/ql/lib/semmle/python/security/regexp/ExponentialBackTracking.qll b/python/ql/lib/semmle/python/security/regexp/ExponentialBackTracking.qll index d006837466b..4a608890249 100644 --- a/python/ql/lib/semmle/python/security/regexp/ExponentialBackTracking.qll +++ b/python/ql/lib/semmle/python/security/regexp/ExponentialBackTracking.qll @@ -202,7 +202,7 @@ private predicate isFork(State q, InputSymbol s1, InputSymbol s2, State r1, Stat // // We additionally require that the there exists another InfiniteRepetitionQuantifier `mid` on the path from `q` to itself. // This is done to avoid flagging regular expressions such as `/(a?)*b/` - that only has polynomial runtime, and is detected by `js/polynomial-redos`. - // The below code is therefore a heuritic, that only flags regular expressions such as `/(a*)*b/`, + // The below code is therefore a heuristic, that only flags regular expressions such as `/(a*)*b/`, // and does not flag regular expressions such as `/(a?b?)c/`, but the latter pattern is not used frequently. r1 = r2 and q1 = q2 and diff --git a/python/ql/lib/semmle/python/security/regexp/NfaUtils.qll b/python/ql/lib/semmle/python/security/regexp/NfaUtils.qll index 5112bdad11e..a6e4db6764e 100644 --- a/python/ql/lib/semmle/python/security/regexp/NfaUtils.qll +++ b/python/ql/lib/semmle/python/security/regexp/NfaUtils.qll @@ -59,8 +59,8 @@ predicate matchesEpsilon(RegExpTerm t) { /** * A lookahead/lookbehind that matches the empty string. */ -class EmptyPositiveSubPatttern extends RegExpSubPattern { - EmptyPositiveSubPatttern() { +class EmptyPositiveSubPattern extends RegExpSubPattern { + EmptyPositiveSubPattern() { ( this instanceof RegExpPositiveLookahead or @@ -70,6 +70,9 @@ class EmptyPositiveSubPatttern extends RegExpSubPattern { } } +/** DEPRECATED: Use `EmptyPositiveSubPattern` instead. */ +deprecated class EmptyPositiveSubPatttern = EmptyPositiveSubPattern; + /** * A branch in a disjunction that is the root node in a literal, or a literal * whose root node is not a disjunction. @@ -133,7 +136,7 @@ private predicate isCanonicalTerm(RelevantRegExpTerm term, string str) { } /** - * Gets a string reperesentation of the flags used with the regular expression. + * Gets a string representation of the flags used with the regular expression. * Only the flags that are relevant for the canonicalization are included. */ string getCanonicalizationFlags(RegExpTerm root) { @@ -334,7 +337,7 @@ private module CharacterClasses { ) } - private string lowercaseLetter() { result = "abdcefghijklmnopqrstuvwxyz".charAt(_) } + private string lowercaseLetter() { result = "abcdefghijklmnopqrstuvwxyz".charAt(_) } private string upperCaseLetter() { result = "ABCDEFGHIJKLMNOPQRSTUVWXYZ".charAt(_) } @@ -697,9 +700,7 @@ predicate delta(State q1, EdgeLabel lbl, State q2) { lbl = Epsilon() and q2 = Accept(getRoot(dollar)) ) or - exists(EmptyPositiveSubPatttern empty | q1 = before(empty) | - lbl = Epsilon() and q2 = after(empty) - ) + exists(EmptyPositiveSubPattern empty | q1 = before(empty) | lbl = Epsilon() and q2 = after(empty)) } /** @@ -1028,7 +1029,7 @@ module ReDoSPruning { * as the suffix "X" will cause both the regular expressions to be rejected. * * The string `w` is repeated any number of times because it needs to be - * infinitely repeatedable for the attack to work. + * infinitely repeatable for the attack to work. * For the regular expression `/((ab)+)*abab/` the accepting state is not reachable from the fork * using epsilon transitions. But any attempt at repeating `w` will end in a state that accepts all suffixes. */ diff --git a/python/ql/lib/semmle/python/security/regexp/NfaUtilsSpecific.qll b/python/ql/lib/semmle/python/security/regexp/NfaUtilsSpecific.qll index 863c8ecd8ea..70ed5bcedad 100644 --- a/python/ql/lib/semmle/python/security/regexp/NfaUtilsSpecific.qll +++ b/python/ql/lib/semmle/python/security/regexp/NfaUtilsSpecific.qll @@ -6,7 +6,7 @@ import python import semmle.python.RegexTreeView /** - * Holds if `term` is an ecape class representing e.g. `\d`. + * Holds if `term` is an escape class representing e.g. `\d`. * `clazz` is which character class it represents, e.g. "d" for `\d`. */ predicate isEscapeClass(RegExpTerm term, string clazz) { diff --git a/python/ql/lib/semmle/python/security/regexp/RegexpMatching.qll b/python/ql/lib/semmle/python/security/regexp/RegexpMatching.qll index 07dbc41957f..e2c75ff980b 100644 --- a/python/ql/lib/semmle/python/security/regexp/RegexpMatching.qll +++ b/python/ql/lib/semmle/python/security/regexp/RegexpMatching.qll @@ -1,5 +1,5 @@ /** - * Provides precicates for reasoning about which strings are matched by a regular expression, + * Provides predicates for reasoning about which strings are matched by a regular expression, * and for testing which capture groups are filled when a particular regexp matches a string. */ diff --git a/python/ql/lib/semmle/python/security/regexp/SuperlinearBackTracking.qll b/python/ql/lib/semmle/python/security/regexp/SuperlinearBackTracking.qll index c818e89ffa6..14a69dc0644 100644 --- a/python/ql/lib/semmle/python/security/regexp/SuperlinearBackTracking.qll +++ b/python/ql/lib/semmle/python/security/regexp/SuperlinearBackTracking.qll @@ -76,7 +76,7 @@ class StateTuple extends TStateTuple { StateTuple() { this = MkStateTuple(q1, q2, q3) } /** - * Gest a string repesentation of this tuple. + * Gest a string representation of this tuple. */ string toString() { result = "(" + q1 + ", " + q2 + ", " + q3 + ")" } diff --git a/python/ql/lib/semmle/python/types/IgnoredAndApproximations.txt b/python/ql/lib/semmle/python/types/IgnoredAndApproximations.txt index 2b2540e35ee..09d234efb80 100644 --- a/python/ql/lib/semmle/python/types/IgnoredAndApproximations.txt +++ b/python/ql/lib/semmle/python/types/IgnoredAndApproximations.txt @@ -28,7 +28,7 @@ def f(): pass is equivalent to f = dec(x)(f) but in a context-insensitive context. Need a method: -Object decoratored_function(Object decorator, Object undecorated); +Object decorated_function(Object decorator, Object undecorated); But what is the decorator and what object is available as a result? Need to create an object for each decorator of a class or function. That should be the actual Object. diff --git a/python/ql/src/Classes/MaybeUndefinedClassAttribute.ql b/python/ql/src/Classes/MaybeUndefinedClassAttribute.ql index ef360d95ec7..9818aaece3c 100644 --- a/python/ql/src/Classes/MaybeUndefinedClassAttribute.ql +++ b/python/ql/src/Classes/MaybeUndefinedClassAttribute.ql @@ -39,5 +39,5 @@ where sa.getName() = a.getName() select a, "Attribute '" + a.getName() + - "' is not defined in the class body nor in the __init__() method, but it is defined $@", sa, + "' is not defined in the class body nor in the __init__() method, but it is defined $@.", sa, "here" diff --git a/python/ql/src/Classes/SlotsInOldStyleClass.ql b/python/ql/src/Classes/SlotsInOldStyleClass.ql index cd4f9dd5f1d..bb229edc8d3 100644 --- a/python/ql/src/Classes/SlotsInOldStyleClass.ql +++ b/python/ql/src/Classes/SlotsInOldStyleClass.ql @@ -15,4 +15,5 @@ import python from ClassObject c where not c.isNewStyle() and c.declaresAttribute("__slots__") and not c.failedInference() -select c, "Using __slots__ in an old style class just creates a class attribute called '__slots__'" +select c, + "Using '__slots__' in an old style class just creates a class attribute called '__slots__'." diff --git a/python/ql/src/Classes/SubclassShadowing.ql b/python/ql/src/Classes/SubclassShadowing.ql index 6594f5eee12..974230709bb 100644 --- a/python/ql/src/Classes/SubclassShadowing.ql +++ b/python/ql/src/Classes/SubclassShadowing.ql @@ -42,5 +42,5 @@ predicate shadowed_by_super_class( from ClassObject c, ClassObject supercls, Assign assign, FunctionObject shadowed where shadowed_by_super_class(c, supercls, assign, shadowed) select shadowed.getOrigin(), - "Method " + shadowed.getName() + " is shadowed by $@ in super class '" + supercls.getName() + "'.", - assign, "an attribute" + "Method " + shadowed.getName() + " is shadowed by an $@ in super class '" + supercls.getName() + + "'.", assign, "attribute" diff --git a/python/ql/src/Classes/SuperInOldStyleClass.ql b/python/ql/src/Classes/SuperInOldStyleClass.ql index f309c025fec..deba0889449 100644 --- a/python/ql/src/Classes/SuperInOldStyleClass.ql +++ b/python/ql/src/Classes/SuperInOldStyleClass.ql @@ -24,4 +24,4 @@ predicate uses_of_super_in_old_style_class(Call s) { from Call c where uses_of_super_in_old_style_class(c) -select c, "super() will not work in old-style classes" +select c, "'super()' will not work in old-style classes." diff --git a/python/ql/src/Classes/UndefinedClassAttribute.ql b/python/ql/src/Classes/UndefinedClassAttribute.ql index 7e5717b792d..748c4681820 100644 --- a/python/ql/src/Classes/UndefinedClassAttribute.ql +++ b/python/ql/src/Classes/UndefinedClassAttribute.ql @@ -30,4 +30,4 @@ predicate report_undefined_class_attribute(Attribute a, ClassObject c, string na from Attribute a, ClassObject c, string name where report_undefined_class_attribute(a, c, name) -select a, "Attribute '" + name + "' is not defined in either the class body or in any method" +select a, "Attribute '" + name + "' is not defined in either the class body or in any method." diff --git a/python/ql/src/Exceptions/RaisingTuple.ql b/python/ql/src/Exceptions/RaisingTuple.ql index 9116430ac18..37e406326fa 100644 --- a/python/ql/src/Exceptions/RaisingTuple.ql +++ b/python/ql/src/Exceptions/RaisingTuple.ql @@ -21,5 +21,5 @@ where major_version() = 2 /* Raising a tuple is a type error in Python 3, so is handled by the IllegalRaise query. */ select r, - "Raising $@ will result in the first element (recursively) being raised and all other elements being discarded.", - origin, "a tuple" + "Raising a $@ will result in the first element (recursively) being raised and all other elements being discarded.", + origin, "tuple" diff --git a/python/ql/src/Exceptions/UnguardedNextInGenerator.ql b/python/ql/src/Exceptions/UnguardedNextInGenerator.ql index 0bd49f2c8c8..a6969218fdd 100644 --- a/python/ql/src/Exceptions/UnguardedNextInGenerator.ql +++ b/python/ql/src/Exceptions/UnguardedNextInGenerator.ql @@ -73,4 +73,4 @@ where // However, we do not know the minor version of the analyzed code (only of the extractor), // so we only alert on Python 2. major_version() = 2 -select call, "Call to next() in a generator" +select call, "Call to 'next()' in a generator." diff --git a/python/ql/src/Expressions/Comparisons/UselessComparisonTest.ql b/python/ql/src/Expressions/Comparisons/UselessComparisonTest.ql index 8bab127ec9d..3bd5f84fc67 100644 --- a/python/ql/src/Expressions/Comparisons/UselessComparisonTest.ql +++ b/python/ql/src/Expressions/Comparisons/UselessComparisonTest.ql @@ -48,4 +48,4 @@ private predicate useless_test_ast(AstNode comp, AstNode previous, boolean isTru from Expr test, Expr other, boolean isTrue where useless_test_ast(test, other, isTrue) and not useless_test_ast(test.getAChildNode+(), other, _) -select test, "Test is always " + isTrue + ", because of $@", other, "this condition" +select test, "Test is always " + isTrue + ", because of $@.", other, "this condition" diff --git a/python/ql/src/Functions/DeprecatedSliceMethod.ql b/python/ql/src/Functions/DeprecatedSliceMethod.ql index 2f3e8373b0b..af596f704cd 100644 --- a/python/ql/src/Functions/DeprecatedSliceMethod.ql +++ b/python/ql/src/Functions/DeprecatedSliceMethod.ql @@ -21,4 +21,4 @@ where not f.isOverridingMethod() and slice_method_name(meth) and f.getName() = meth -select f, meth + " method has been deprecated since Python 2.0" +select f, meth + " method has been deprecated since Python 2.0." diff --git a/python/ql/src/Functions/ModificationOfParameterWithDefault.ql b/python/ql/src/Functions/ModificationOfParameterWithDefault.ql index e4a50065b41..88b346fd2a0 100644 --- a/python/ql/src/Functions/ModificationOfParameterWithDefault.ql +++ b/python/ql/src/Functions/ModificationOfParameterWithDefault.ql @@ -19,5 +19,5 @@ from ModificationOfParameterWithDefault::Configuration config, DataFlow::PathNode source, DataFlow::PathNode sink where config.hasFlowPath(source, sink) -select sink.getNode(), source, sink, "This expression mutates $@.", source.getNode(), - "a default value" +select sink.getNode(), source, sink, "This expression mutates a $@.", source.getNode(), + "default value" diff --git a/python/ql/src/Functions/UseImplicitNoneReturnValue.ql b/python/ql/src/Functions/UseImplicitNoneReturnValue.ql index 606f1e6da51..f45c9c42e0e 100644 --- a/python/ql/src/Functions/UseImplicitNoneReturnValue.ql +++ b/python/ql/src/Functions/UseImplicitNoneReturnValue.ql @@ -35,4 +35,4 @@ where forall(FunctionValue callee | c.getFunc().pointsTo(callee) | callee.getScope().isProcedure()) and /* Mox return objects have an `AndReturn` method */ not useOfMoxInModule(c.getEnclosingModule()) -select c, "The result of '$@' is used even though it is always None.", func, func.getQualifiedName() +select c, "The result of $@ is used even though it is always None.", func, func.getQualifiedName() diff --git a/python/ql/src/Imports/ImportShadowedByLoopVar.ql b/python/ql/src/Imports/ImportShadowedByLoopVar.ql index 035f1640d71..5a9bd33941c 100644 --- a/python/ql/src/Imports/ImportShadowedByLoopVar.ql +++ b/python/ql/src/Imports/ImportShadowedByLoopVar.ql @@ -22,4 +22,4 @@ predicate shadowsImport(Variable l) { from Variable l, Name defn where shadowsImport(l) and defn.defines(l) and exists(For for | defn = for.getTarget()) -select defn, "Loop variable '" + l.getId() + "' shadows an import" +select defn, "Loop variable '" + l.getId() + "' shadows an import." diff --git a/python/ql/src/Imports/ImportStarUsed.ql b/python/ql/src/Imports/ImportStarUsed.ql index ad25748e771..1094a879c2a 100644 --- a/python/ql/src/Imports/ImportStarUsed.ql +++ b/python/ql/src/Imports/ImportStarUsed.ql @@ -13,4 +13,4 @@ import python from ImportStar i -select i, "Using 'from ... import *' pollutes the namespace" +select i, "Using 'from ... import *' pollutes the namespace." diff --git a/python/ql/src/Imports/ImportandImportFrom.ql b/python/ql/src/Imports/ImportandImportFrom.ql index e57cac8aed4..f77ce345113 100644 --- a/python/ql/src/Imports/ImportandImportFrom.ql +++ b/python/ql/src/Imports/ImportandImportFrom.ql @@ -22,4 +22,4 @@ predicate import_and_import_from(Import i1, Import i2, Module m) { from Stmt i1, Stmt i2, Module m where import_and_import_from(i1, i2, m) -select i1, "Module '" + m.getName() + "' is imported with both 'import' and 'import from'" +select i1, "Module '" + m.getName() + "' is imported with both 'import' and 'import from'." diff --git a/python/ql/src/Numerics/Pythagorean.ql b/python/ql/src/Numerics/Pythagorean.ql index 03056de3a61..0fa325e9ae6 100644 --- a/python/ql/src/Numerics/Pythagorean.ql +++ b/python/ql/src/Numerics/Pythagorean.ql @@ -36,4 +36,4 @@ where right.asExpr() = s.getRight() and left.getALocalSource() = square() and right.getALocalSource() = square() -select c, "Pythagorean calculation with sub-optimal numerics" +select c, "Pythagorean calculation with sub-optimal numerics." diff --git a/python/ql/src/Security/CWE-020/IncompleteUrlSubstringSanitization.ql b/python/ql/src/Security/CWE-020/IncompleteUrlSubstringSanitization.ql index 7db2b972da0..6bf97d50bf5 100644 --- a/python/ql/src/Security/CWE-020/IncompleteUrlSubstringSanitization.ql +++ b/python/ql/src/Security/CWE-020/IncompleteUrlSubstringSanitization.ql @@ -51,4 +51,5 @@ predicate unsafe_call_to_endswith(Call sanitizer, StrConst url) { from Expr sanitizer, StrConst url where incomplete_sanitization(sanitizer, url) -select sanitizer, "'$@' may be at an arbitrary position in the sanitized URL.", url, url.getText() +select sanitizer, "The string $@ may be at an arbitrary position in the sanitized URL.", url, + url.getText() diff --git a/python/ql/src/Security/CWE-022/PathInjection.ql b/python/ql/src/Security/CWE-022/PathInjection.ql index 3ed0ef6234b..8548c815fe4 100644 --- a/python/ql/src/Security/CWE-022/PathInjection.ql +++ b/python/ql/src/Security/CWE-022/PathInjection.ql @@ -22,5 +22,5 @@ import DataFlow::PathGraph from Configuration config, DataFlow::PathNode source, DataFlow::PathNode sink where config.hasFlowPath(source, sink) -select sink.getNode(), source, sink, "This path depends on $@.", source.getNode(), - "a user-provided value" +select sink.getNode(), source, sink, "This path depends on a $@.", source.getNode(), + "user-provided value" diff --git a/python/ql/src/Security/CWE-022/TarSlip.ql b/python/ql/src/Security/CWE-022/TarSlip.ql index 241355f1c1b..647b41756f8 100644 --- a/python/ql/src/Security/CWE-022/TarSlip.ql +++ b/python/ql/src/Security/CWE-022/TarSlip.ql @@ -18,5 +18,5 @@ import DataFlow::PathGraph from Configuration config, DataFlow::PathNode source, DataFlow::PathNode sink where config.hasFlowPath(source, sink) -select sink.getNode(), source, sink, "This file extraction depends on $@", source.getNode(), - "a potentially untrusted source" +select sink.getNode(), source, sink, "This file extraction depends on a $@.", source.getNode(), + "potentially untrusted source" diff --git a/python/ql/src/Security/CWE-078/CommandInjection.ql b/python/ql/src/Security/CWE-078/CommandInjection.ql index 8ac08164a8c..f8c48714e1a 100644 --- a/python/ql/src/Security/CWE-078/CommandInjection.ql +++ b/python/ql/src/Security/CWE-078/CommandInjection.ql @@ -20,5 +20,5 @@ import DataFlow::PathGraph from Configuration config, DataFlow::PathNode source, DataFlow::PathNode sink where config.hasFlowPath(source, sink) -select sink.getNode(), source, sink, "This command line depends on $@.", source.getNode(), - "a user-provided value" +select sink.getNode(), source, sink, "This command line depends on a $@.", source.getNode(), + "user-provided value" diff --git a/python/ql/src/Security/CWE-079/ReflectedXss.ql b/python/ql/src/Security/CWE-079/ReflectedXss.ql index 2b1e0b8b745..1189e35be67 100644 --- a/python/ql/src/Security/CWE-079/ReflectedXss.ql +++ b/python/ql/src/Security/CWE-079/ReflectedXss.ql @@ -19,5 +19,5 @@ import DataFlow::PathGraph from Configuration config, DataFlow::PathNode source, DataFlow::PathNode sink where config.hasFlowPath(source, sink) -select sink.getNode(), source, sink, "Cross-site scripting vulnerability due to $@.", - source.getNode(), "a user-provided value" +select sink.getNode(), source, sink, "Cross-site scripting vulnerability due to a $@.", + source.getNode(), "user-provided value" diff --git a/python/ql/src/Security/CWE-089/SqlInjection.ql b/python/ql/src/Security/CWE-089/SqlInjection.ql index f00eae6ea42..5e910cf3edf 100644 --- a/python/ql/src/Security/CWE-089/SqlInjection.ql +++ b/python/ql/src/Security/CWE-089/SqlInjection.ql @@ -17,5 +17,5 @@ import DataFlow::PathGraph from Configuration config, DataFlow::PathNode source, DataFlow::PathNode sink where config.hasFlowPath(source, sink) -select sink.getNode(), source, sink, "This SQL query depends on $@.", source.getNode(), - "a user-provided value" +select sink.getNode(), source, sink, "This SQL query depends on a $@.", source.getNode(), + "user-provided value" diff --git a/python/ql/src/Security/CWE-090/LdapInjection.ql b/python/ql/src/Security/CWE-090/LdapInjection.ql index 14ffbb95518..efcf52eba41 100644 --- a/python/ql/src/Security/CWE-090/LdapInjection.ql +++ b/python/ql/src/Security/CWE-090/LdapInjection.ql @@ -23,5 +23,6 @@ where or any(FilterConfiguration filterConfig).hasFlowPath(source, sink) and parameterName = "filter" -select sink.getNode(), source, sink, "$@ depends on $@.", sink.getNode(), - "LDAP query parameter (" + parameterName + ")", source.getNode(), "a user-provided value" +select sink.getNode(), source, sink, + "LDAP query parameter (" + parameterName + ") depends on a $@.", source.getNode(), + "user-provided value" diff --git a/python/ql/src/Security/CWE-094/CodeInjection.ql b/python/ql/src/Security/CWE-094/CodeInjection.ql index c4334d925f4..5e5c06b68b7 100644 --- a/python/ql/src/Security/CWE-094/CodeInjection.ql +++ b/python/ql/src/Security/CWE-094/CodeInjection.ql @@ -20,5 +20,5 @@ import DataFlow::PathGraph from Configuration config, DataFlow::PathNode source, DataFlow::PathNode sink where config.hasFlowPath(source, sink) -select sink.getNode(), source, sink, "This code execution depends on $@.", source.getNode(), - "a user-provided value" +select sink.getNode(), source, sink, "This code execution depends on a $@.", source.getNode(), + "user-provided value" diff --git a/python/ql/src/Security/CWE-117/LogInjection.ql b/python/ql/src/Security/CWE-117/LogInjection.ql index 045d8300e0c..3c380321af2 100644 --- a/python/ql/src/Security/CWE-117/LogInjection.ql +++ b/python/ql/src/Security/CWE-117/LogInjection.ql @@ -17,5 +17,5 @@ import DataFlow::PathGraph from Configuration config, DataFlow::PathNode source, DataFlow::PathNode sink where config.hasFlowPath(source, sink) -select sink.getNode(), source, sink, "This log entry depends on $@.", source.getNode(), - "a user-provided value" +select sink.getNode(), source, sink, "This log entry depends on a $@.", source.getNode(), + "user-provided value" diff --git a/python/ql/src/Security/CWE-295/RequestWithoutValidation.ql b/python/ql/src/Security/CWE-295/RequestWithoutValidation.ql index 125957e59b6..b402c4d2a3f 100644 --- a/python/ql/src/Security/CWE-295/RequestWithoutValidation.ql +++ b/python/ql/src/Security/CWE-295/RequestWithoutValidation.ql @@ -22,6 +22,6 @@ where // certificate validation, for example in `requests.get(..., verify=arg)`, `arg` would // be the `disablingNode`, and the `origin` would be the place were `arg` got its // value from. - if disablingNode = origin then ending = "." else ending = " by the value from $@." -select request, "This request may run without certificate validation because it is $@" + ending, - disablingNode, "disabled here", origin, "here" + if disablingNode = origin then ending = "." else ending = " by $@." +select request, "This request may run without certificate validation because $@" + ending, + disablingNode, "it is disabled", origin, "this value" diff --git a/python/ql/src/Security/CWE-312/CleartextLogging.ql b/python/ql/src/Security/CWE-312/CleartextLogging.ql index 877ee081e3a..0c2591eaec4 100644 --- a/python/ql/src/Security/CWE-312/CleartextLogging.ql +++ b/python/ql/src/Security/CWE-312/CleartextLogging.ql @@ -22,5 +22,5 @@ from Configuration config, DataFlow::PathNode source, DataFlow::PathNode sink, s where config.hasFlowPath(source, sink) and classification = source.getNode().(Source).getClassification() -select sink.getNode(), source, sink, "$@ is logged here.", source.getNode(), - "Sensitive data (" + classification + ")" +select sink.getNode(), source, sink, "This expression logs $@ as clear text.", source.getNode(), + "sensitive data (" + classification + ")" diff --git a/python/ql/src/Security/CWE-312/CleartextStorage.ql b/python/ql/src/Security/CWE-312/CleartextStorage.ql index 81513fd9b1d..9a8d5de3331 100644 --- a/python/ql/src/Security/CWE-312/CleartextStorage.ql +++ b/python/ql/src/Security/CWE-312/CleartextStorage.ql @@ -22,5 +22,5 @@ from Configuration config, DataFlow::PathNode source, DataFlow::PathNode sink, s where config.hasFlowPath(source, sink) and classification = source.getNode().(Source).getClassification() -select sink.getNode(), source, sink, "$@ is stored here.", source.getNode(), - "Sensitive data (" + classification + ")" +select sink.getNode(), source, sink, "This expression stores $@ as clear text.", source.getNode(), + "sensitive data (" + classification + ")" diff --git a/python/ql/src/Security/CWE-327/FluentApiModel.qll b/python/ql/src/Security/CWE-327/FluentApiModel.qll index a66f949e72d..a7fc90f229a 100644 --- a/python/ql/src/Security/CWE-327/FluentApiModel.qll +++ b/python/ql/src/Security/CWE-327/FluentApiModel.qll @@ -63,7 +63,7 @@ class InsecureContextConfiguration extends DataFlow::Configuration { } /** - * Holds if `conectionCreation` marks the creation of a connetion based on the contex + * Holds if `conectionCreation` marks the creation of a connection based on the contex * found at `contextOrigin` and allowing `insecure_version`. * * `specific` is true iff the context is configured for a specific protocol version (`ssl.PROTOCOL_TLSv1_2`) rather @@ -88,7 +88,7 @@ predicate unsafe_connection_creation_with_context( } /** - * Holds if `conectionCreation` marks the creation of a connetion witout reference to a context + * Holds if `conectionCreation` marks the creation of a connection without reference to a context * and allowing `insecure_version`. */ predicate unsafe_connection_creation_without_context( diff --git a/python/ql/src/Security/CWE-327/InsecureProtocol.ql b/python/ql/src/Security/CWE-327/InsecureProtocol.ql index b4984c8c764..bf04f8e5ccb 100644 --- a/python/ql/src/Security/CWE-327/InsecureProtocol.ql +++ b/python/ql/src/Security/CWE-327/InsecureProtocol.ql @@ -15,7 +15,7 @@ import semmle.python.dataflow.new.DataFlow import FluentApiModel // Helper for pretty printer `configName`. -// This is a consequence of missing pretty priting. +// This is a consequence of missing pretty printing. // We do not want to evaluate our bespoke pretty printer // for all `DataFlow::Node`s so we define a sub class of interesting ones. class ProtocolConfiguration extends DataFlow::Node { @@ -31,7 +31,7 @@ class ProtocolConfiguration extends DataFlow::Node { } // Helper for pretty printer `callName`. -// This is a consequence of missing pretty priting. +// This is a consequence of missing pretty printing. // We do not want to evaluate our bespoke pretty printer // for all `DataFlow::Node`s so we define a sub class of interesting ones. class Nameable extends DataFlow::Node { @@ -79,5 +79,5 @@ where connectionCreation = protocolConfiguration and specific = true select connectionCreation, - "Insecure SSL/TLS protocol version " + insecure_version + " " + verb(specific) + " by $@ ", + "Insecure SSL/TLS protocol version " + insecure_version + " " + verb(specific) + " by $@.", protocolConfiguration, configName(protocolConfiguration) diff --git a/python/ql/src/Security/CWE-327/README.md b/python/ql/src/Security/CWE-327/README.md index f80dfd0a296..9e7b11581d0 100644 --- a/python/ql/src/Security/CWE-327/README.md +++ b/python/ql/src/Security/CWE-327/README.md @@ -14,7 +14,7 @@ This should be kept up to date; the world is moving fast and protocols are being > Deprecated since version 3.7: Since Python 3.2 and 2.7.9, it is recommended to use the `SSLContext.wrap_socket()` instead of `wrap_socket()`. The top-level function is limited and creates an insecure client socket without server name indication or hostname matching. - Default constructors are fine, a fluent API is used to constrain possible protocols later. -## Current recomendation +## Current recommendation TLS 1.2 or TLS 1.3 diff --git a/python/ql/src/Security/CWE-502/UnsafeDeserialization.ql b/python/ql/src/Security/CWE-502/UnsafeDeserialization.ql index 545c54890bf..0ef54275827 100644 --- a/python/ql/src/Security/CWE-502/UnsafeDeserialization.ql +++ b/python/ql/src/Security/CWE-502/UnsafeDeserialization.ql @@ -18,5 +18,5 @@ import DataFlow::PathGraph from Configuration config, DataFlow::PathNode source, DataFlow::PathNode sink where config.hasFlowPath(source, sink) -select sink.getNode(), source, sink, "Unsafe deserialization depends on $@.", source.getNode(), - "a user-provided value" +select sink.getNode(), source, sink, "Unsafe deserialization depends on a $@.", source.getNode(), + "user-provided value" diff --git a/python/ql/src/Security/CWE-601/UrlRedirect.ql b/python/ql/src/Security/CWE-601/UrlRedirect.ql index 98110eaf5d8..fbe3f3349ce 100644 --- a/python/ql/src/Security/CWE-601/UrlRedirect.ql +++ b/python/ql/src/Security/CWE-601/UrlRedirect.ql @@ -18,5 +18,5 @@ import DataFlow::PathGraph from Configuration config, DataFlow::PathNode source, DataFlow::PathNode sink where config.hasFlowPath(source, sink) -select sink.getNode(), source, sink, "Untrusted URL redirection depends on $@.", source.getNode(), - "a user-provided value" +select sink.getNode(), source, sink, "Untrusted URL redirection depends on a $@.", source.getNode(), + "user-provided value" diff --git a/python/ql/src/Security/CWE-611/Xxe.qhelp b/python/ql/src/Security/CWE-611/Xxe.qhelp index 19bbc955fd6..2260966f480 100644 --- a/python/ql/src/Security/CWE-611/Xxe.qhelp +++ b/python/ql/src/Security/CWE-611/Xxe.qhelp @@ -38,7 +38,7 @@ default parser     from lxml.etree allows local external entities t

    To guard against XXE attacks with the lxml library, you should create a parser with resolve_entities set to false. This means that no -entity expansion is undertaken, althuogh standard predefined entities such as +entity expansion is undertaken, although standard predefined entities such as &gt;, for writing > inside the text of an XML element, are still allowed.

    diff --git a/python/ql/src/Security/CWE-611/Xxe.ql b/python/ql/src/Security/CWE-611/Xxe.ql index 9bb705efc33..b361f6ffcfb 100644 --- a/python/ql/src/Security/CWE-611/Xxe.ql +++ b/python/ql/src/Security/CWE-611/Xxe.ql @@ -19,5 +19,5 @@ import DataFlow::PathGraph from Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink where cfg.hasFlowPath(source, sink) select sink.getNode(), source, sink, - "XML parsing depends on $@ without guarding against external entity expansion.", source.getNode(), - "a user-provided value" + "XML parsing depends on a $@ without guarding against external entity expansion.", + source.getNode(), "user-provided value" diff --git a/python/ql/src/Security/CWE-643/XpathInjection.ql b/python/ql/src/Security/CWE-643/XpathInjection.ql index 9056fe43a05..07df47624e7 100644 --- a/python/ql/src/Security/CWE-643/XpathInjection.ql +++ b/python/ql/src/Security/CWE-643/XpathInjection.ql @@ -17,5 +17,5 @@ import DataFlow::PathGraph from Configuration config, DataFlow::PathNode source, DataFlow::PathNode sink where config.hasFlowPath(source, sink) -select sink.getNode(), source, sink, "XPath expression depends on $@.", source.getNode(), - "a user-provided value" +select sink.getNode(), source, sink, "XPath expression depends on a $@.", source.getNode(), + "user-provided value" diff --git a/python/ql/src/Security/CWE-730/PolynomialReDoS.ql b/python/ql/src/Security/CWE-730/PolynomialReDoS.ql index 278b7369a38..1637686c1d8 100644 --- a/python/ql/src/Security/CWE-730/PolynomialReDoS.ql +++ b/python/ql/src/Security/CWE-730/PolynomialReDoS.ql @@ -30,6 +30,6 @@ where // regexp.isAtEndLine() // ) select sinkNode.getHighlight(), source, sink, - "This $@ that depends on $@ may run slow on strings " + regexp.getPrefixMessage() + + "This $@ that depends on a $@ may run slow on strings " + regexp.getPrefixMessage() + "with many repetitions of '" + regexp.getPumpString() + "'.", regexp, "regular expression", - source.getNode(), "a user-provided value" + source.getNode(), "user-provided value" diff --git a/python/ql/src/Security/CWE-730/RegexInjection.ql b/python/ql/src/Security/CWE-730/RegexInjection.ql index 571cac2bdd8..5075c7a675d 100644 --- a/python/ql/src/Security/CWE-730/RegexInjection.ql +++ b/python/ql/src/Security/CWE-730/RegexInjection.ql @@ -24,6 +24,6 @@ from where config.hasFlowPath(source, sink) and regexExecution = sink.getNode().(Sink).getRegexExecution() -select sink.getNode(), source, sink, "$@ depends on $@ and executed by $@.", sink.getNode(), - "This regular expression", source.getNode(), "a user-provided value", regexExecution, - regexExecution.getName() +select sink.getNode(), source, sink, + "This regular expression depends on a $@ and is executed by $@.", source.getNode(), + "user-provided value", regexExecution, regexExecution.getName() diff --git a/python/ql/src/Security/CWE-776/XmlBomb.ql b/python/ql/src/Security/CWE-776/XmlBomb.ql index 1dde46e651c..f943aa58c44 100644 --- a/python/ql/src/Security/CWE-776/XmlBomb.ql +++ b/python/ql/src/Security/CWE-776/XmlBomb.ql @@ -19,5 +19,5 @@ import DataFlow::PathGraph from Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink where cfg.hasFlowPath(source, sink) select sink.getNode(), source, sink, - "XML parsing depends on $@ without guarding against uncontrolled entity expansion.", - source.getNode(), "a user-provided value" + "XML parsing depends on a $@ without guarding against uncontrolled entity expansion.", + source.getNode(), "user-provided value" diff --git a/python/ql/src/Security/CWE-798/HardcodedCredentials.ql b/python/ql/src/Security/CWE-798/HardcodedCredentials.ql index 895352be75c..4c9818e91f8 100644 --- a/python/ql/src/Security/CWE-798/HardcodedCredentials.ql +++ b/python/ql/src/Security/CWE-798/HardcodedCredentials.ql @@ -116,7 +116,7 @@ private string getACredentialRegex() { } class HardcodedCredentialsConfiguration extends TaintTracking::Configuration { - HardcodedCredentialsConfiguration() { this = "Hardcoded coredentials configuration" } + HardcodedCredentialsConfiguration() { this = "Hardcoded credentials configuration" } override predicate isSource(TaintTracking::Source source) { source instanceof HardcodedValueSource @@ -129,4 +129,5 @@ from HardcodedCredentialsConfiguration config, TaintedPathSource src, TaintedPat where config.hasFlowPath(src, sink) and not any(TestScope test).contains(src.getAstNode()) -select sink.getSink(), src, sink, "Use of $@.", src.getSource(), "hardcoded credentials" +select src.getSource(), src, sink, "This hardcoded value is $@.", sink.getNode(), + "used as credentials" diff --git a/python/ql/src/Security/CWE-918/FullServerSideRequestForgery.ql b/python/ql/src/Security/CWE-918/FullServerSideRequestForgery.ql index 37334fea87c..a29f9e775a1 100644 --- a/python/ql/src/Security/CWE-918/FullServerSideRequestForgery.ql +++ b/python/ql/src/Security/CWE-918/FullServerSideRequestForgery.ql @@ -21,5 +21,5 @@ where request = sink.getNode().(Sink).getRequest() and fullConfig.hasFlowPath(source, sink) and fullyControlledRequest(request) -select request, source, sink, "The full URL of this request depends on $@.", source.getNode(), - "a user-provided value" +select request, source, sink, "The full URL of this request depends on a $@.", source.getNode(), + "user-provided value" diff --git a/python/ql/src/Security/CWE-918/PartialServerSideRequestForgery.ql b/python/ql/src/Security/CWE-918/PartialServerSideRequestForgery.ql index 8f8d72c7d65..3bbeaabcce6 100644 --- a/python/ql/src/Security/CWE-918/PartialServerSideRequestForgery.ql +++ b/python/ql/src/Security/CWE-918/PartialServerSideRequestForgery.ql @@ -21,5 +21,5 @@ where request = sink.getNode().(Sink).getRequest() and partialConfig.hasFlowPath(source, sink) and not fullyControlledRequest(request) -select request, source, sink, "Part of the URL of this request depends on $@.", source.getNode(), - "a user-provided value" +select request, source, sink, "Part of the URL of this request depends on a $@.", source.getNode(), + "user-provided value" diff --git a/python/ql/src/Statements/DocStrings.ql b/python/ql/src/Statements/DocStrings.ql index b20731f723b..355aff93f17 100644 --- a/python/ql/src/Statements/DocStrings.ql +++ b/python/ql/src/Statements/DocStrings.ql @@ -48,4 +48,4 @@ string scope_type(Scope s) { from Scope s where needs_docstring(s) and not exists(s.getDocString()) -select s, scope_type(s) + " " + s.getName() + " does not have a docstring" +select s, scope_type(s) + " " + s.getName() + " does not have a docstring." diff --git a/python/ql/src/Statements/NonIteratorInForLoop.ql b/python/ql/src/Statements/NonIteratorInForLoop.ql index 0df5c30a77d..91ad69f8d44 100644 --- a/python/ql/src/Statements/NonIteratorInForLoop.ql +++ b/python/ql/src/Statements/NonIteratorInForLoop.ql @@ -22,4 +22,5 @@ where not t.failedInference(_) and not v = Value::named("None") and not t.isDescriptorType() -select loop, "$@ of class '$@' may be used in for-loop.", origin, "Non-iterable", t, t.getName() +select loop, "This for-loop may attempt to iterate over a $@ of class $@.", origin, + "non-iterable instance", t, t.getName() diff --git a/python/ql/src/Statements/SideEffectInAssert.ql b/python/ql/src/Statements/SideEffectInAssert.ql index 21aff6ca646..e4797d2dad4 100644 --- a/python/ql/src/Statements/SideEffectInAssert.ql +++ b/python/ql/src/Statements/SideEffectInAssert.ql @@ -42,4 +42,4 @@ predicate probable_side_effect(Expr e) { from Assert a, Expr e where probable_side_effect(e) and a.contains(e) -select a, "This 'assert' statement contains $@ which may have side effects.", e, "an expression" +select a, "This 'assert' statement contains an $@ which may have side effects.", e, "expression" diff --git a/python/ql/src/Statements/UnusedExceptionObject.ql b/python/ql/src/Statements/UnusedExceptionObject.ql index 6c19f82d60f..2cb4c4e447a 100644 --- a/python/ql/src/Statements/UnusedExceptionObject.ql +++ b/python/ql/src/Statements/UnusedExceptionObject.ql @@ -17,4 +17,4 @@ where call.getFunc().pointsTo(ex) and ex.getASuperType() = ClassValue::exception() and exists(ExprStmt s | s.getValue() = call) -select call, "Instantiating an exception, but not raising it, has no effect" +select call, "Instantiating an exception, but not raising it, has no effect." diff --git a/python/ql/src/Variables/Global.ql b/python/ql/src/Variables/Global.ql index d1ecadb1710..b29fb564a87 100644 --- a/python/ql/src/Variables/Global.ql +++ b/python/ql/src/Variables/Global.ql @@ -13,4 +13,4 @@ import python from Global g where not g.getScope() instanceof Module -select g, "Updating global variables except at module initialization is discouraged" +select g, "Updating global variables except at module initialization is discouraged." diff --git a/python/ql/src/Variables/LoopVariableCapture.ql b/python/ql/src/Variables/LoopVariableCapture.ql index 74cd20b1d6c..e4ccd73e5e1 100644 --- a/python/ql/src/Variables/LoopVariableCapture.ql +++ b/python/ql/src/Variables/LoopVariableCapture.ql @@ -44,4 +44,4 @@ predicate escaping_capturing_looping_construct(CallableExpr capturing, AstNode l from CallableExpr capturing, AstNode loop, Variable var where escaping_capturing_looping_construct(capturing, loop, var) -select capturing, "Capture of loop variable '$@'", loop, var.getId() +select capturing, "Capture of loop variable $@.", loop, var.getId() diff --git a/python/ql/src/Variables/MultiplyDefined.ql b/python/ql/src/Variables/MultiplyDefined.ql index a8fedd25156..a045dd6e8fa 100644 --- a/python/ql/src/Variables/MultiplyDefined.ql +++ b/python/ql/src/Variables/MultiplyDefined.ql @@ -67,5 +67,5 @@ where forall(Name el | el = asgn1.getParentNode().(Tuple).getAnElt() | multiply_defined(el, _, _)) and not uninteresting_definition(asgn1) select asgn1, - "This assignment to '" + v.getId() + - "' is unnecessary as it is redefined $@ before this value is used.", asgn2 as t, "here" + "This assignment to '" + v.getId() + "' is unnecessary as it is $@ before this value is used.", + asgn2, "redefined" diff --git a/python/ql/src/Variables/ShadowGlobal.ql b/python/ql/src/Variables/ShadowGlobal.ql index 065abf42fe4..79d74d272ae 100644 --- a/python/ql/src/Variables/ShadowGlobal.ql +++ b/python/ql/src/Variables/ShadowGlobal.ql @@ -67,4 +67,4 @@ where def.defines(g) and not assigned_pytest_fixture(g) and not g.getId() = "_" -select d, "Local variable '" + g.getId() + "' shadows a global variable defined $@.", def, "here" +select d, "Local variable '" + g.getId() + "' shadows a $@.", def, "global variable" diff --git a/python/ql/src/Variables/Undefined.qll b/python/ql/src/Variables/Undefined.qll index e31a99507d2..a88620d8779 100644 --- a/python/ql/src/Variables/Undefined.qll +++ b/python/ql/src/Variables/Undefined.qll @@ -55,7 +55,7 @@ predicate exitFunctionGuardedEdge(EssaVariable pred, EssaVariable succ) { } class UninitializedConfig extends TaintTracking::Configuration { - UninitializedConfig() { this = "Unitialized local config" } + UninitializedConfig() { this = "Uninitialized local config" } override predicate isSource(DataFlow::Node source, TaintKind kind) { kind instanceof Uninitialized and diff --git a/python/ql/src/Variables/UndefinedPlaceHolder.ql b/python/ql/src/Variables/UndefinedPlaceHolder.ql index 29004a6123f..7f7794e60a1 100644 --- a/python/ql/src/Variables/UndefinedPlaceHolder.ql +++ b/python/ql/src/Variables/UndefinedPlaceHolder.ql @@ -43,4 +43,4 @@ where not initialized_as_local(p) and not template_attribute(p) and not_a_global(p) -select p, "This use of place-holder variable '" + p.getId() + "' may be undefined" +select p, "This use of place-holder variable '" + p.getId() + "' may be undefined." diff --git a/python/ql/src/Variables/UnusedLocalVariable.ql b/python/ql/src/Variables/UnusedLocalVariable.ql index 2202359fa0b..a009d4a51b9 100644 --- a/python/ql/src/Variables/UnusedLocalVariable.ql +++ b/python/ql/src/Variables/UnusedLocalVariable.ql @@ -43,4 +43,4 @@ where unused_local(unused, v) and // If unused is part of a tuple, count it as unused if all elements of that tuple are unused. forall(Name el | el = unused.getParentNode().(Tuple).getAnElt() | unused_local(el, _)) -select unused, "Variable " + v.getId() + " is not used" +select unused, "Variable " + v.getId() + " is not used." diff --git a/python/ql/src/analysis/CrossProjectDefinitions.qll b/python/ql/src/analysis/CrossProjectDefinitions.qll index c3d2735d9c6..84fd8215712 100644 --- a/python/ql/src/analysis/CrossProjectDefinitions.qll +++ b/python/ql/src/analysis/CrossProjectDefinitions.qll @@ -1,5 +1,5 @@ /** - * Symbols for crosss-project jump-to-definition resolution. + * Symbols for cross-project jump-to-definition resolution. */ import python diff --git a/python/ql/src/change-notes/2022-10-07-alert-messages.md b/python/ql/src/change-notes/2022-10-07-alert-messages.md new file mode 100644 index 00000000000..de46b7752eb --- /dev/null +++ b/python/ql/src/change-notes/2022-10-07-alert-messages.md @@ -0,0 +1,4 @@ +--- +category: minorAnalysis +--- +* The alert message of many queries have been changed to better follow the style guide and make the message consistent with other languages. \ No newline at end of file diff --git a/python/ql/src/change-notes/2022-10-10-pep249-executemany-modeling.md b/python/ql/src/change-notes/2022-10-10-pep249-executemany-modeling.md new file mode 100644 index 00000000000..42037942ee7 --- /dev/null +++ b/python/ql/src/change-notes/2022-10-10-pep249-executemany-modeling.md @@ -0,0 +1,4 @@ +--- +category: minorAnalysis +--- +* Added model of `executemany` calls on PEP-249 compliant database APIs, resulting in additional sinks for `py/sql-injection`. diff --git a/python/ql/src/change-notes/2022-10-10-pymssql-modeling.md b/python/ql/src/change-notes/2022-10-10-pymssql-modeling.md new file mode 100644 index 00000000000..fa3aad75612 --- /dev/null +++ b/python/ql/src/change-notes/2022-10-10-pymssql-modeling.md @@ -0,0 +1,4 @@ +--- +category: minorAnalysis +--- +* Added model of `pymssql` PyPI package as a SQL interface following PEP249, resulting in additional sinks for `py/sql-injection`. diff --git a/python/ql/src/change-notes/2022-10-12-cx_oracle-phoenixdb-pyodbc-modeling.md b/python/ql/src/change-notes/2022-10-12-cx_oracle-phoenixdb-pyodbc-modeling.md new file mode 100644 index 00000000000..e240aca65ca --- /dev/null +++ b/python/ql/src/change-notes/2022-10-12-cx_oracle-phoenixdb-pyodbc-modeling.md @@ -0,0 +1,4 @@ +--- +category: minorAnalysis +--- +* Added model of `cx_Oracle`, `oracledb`, `phonenixdb` and `pyodbc` PyPI packages as a SQL interface following PEP249, resulting in additional sinks for `py/sql-injection`. diff --git a/python/ql/src/experimental/Security/CWE-022/ZipSlip.ql b/python/ql/src/experimental/Security/CWE-022/ZipSlip.ql index dd89b4d1280..a914b938b96 100644 --- a/python/ql/src/experimental/Security/CWE-022/ZipSlip.ql +++ b/python/ql/src/experimental/Security/CWE-022/ZipSlip.ql @@ -18,5 +18,6 @@ import DataFlow::PathGraph from ZipSlipConfig config, DataFlow::PathNode source, DataFlow::PathNode sink where config.hasFlowPath(source, sink) -select sink.getNode(), source, sink, "Extraction of zipfile from $@", source.getNode(), - "a potentially untrusted source" +select source.getNode(), source, sink, + "This unsanitized archive entry, which may contain '..', is used in a $@.", sink.getNode(), + "file system operation" diff --git a/python/ql/src/experimental/Security/CWE-091/Xslt.qhelp b/python/ql/src/experimental/Security/CWE-091/Xslt.qhelp index d35da4e82d4..307314f00df 100644 --- a/python/ql/src/experimental/Security/CWE-091/Xslt.qhelp +++ b/python/ql/src/experimental/Security/CWE-091/Xslt.qhelp @@ -8,7 +8,7 @@

    This vulnerability can be prevented by not allowing untrusted user input to be passed as an XSL stylesheet. - If the application logic necessiates processing untrusted XSL stylesheets, the input should be properly filtered and sanitized before use. + If the application logic necessitates processing untrusted XSL stylesheets, the input should be properly filtered and sanitized before use.

    diff --git a/python/ql/src/experimental/Security/CWE-113/HeaderInjection.ql b/python/ql/src/experimental/Security/CWE-113/HeaderInjection.ql index 3cb4a20d5de..6c1170a5e72 100644 --- a/python/ql/src/experimental/Security/CWE-113/HeaderInjection.ql +++ b/python/ql/src/experimental/Security/CWE-113/HeaderInjection.ql @@ -17,5 +17,5 @@ import DataFlow::PathGraph from HeaderInjectionFlowConfig config, DataFlow::PathNode source, DataFlow::PathNode sink where config.hasFlowPath(source, sink) -select sink.getNode(), source, sink, "$@ HTTP header is constructed from a $@.", sink.getNode(), - "This", source.getNode(), "user-provided value" +select sink.getNode(), source, sink, "This HTTP header is constructed from a $@.", source.getNode(), + "user-provided value" diff --git a/python/ql/src/experimental/Security/CWE-1236/CsvInjection.py b/python/ql/src/experimental/Security/CWE-1236/CsvInjection.py index 4c436592bc9..cde3d2c6968 100644 --- a/python/ql/src/experimental/Security/CWE-1236/CsvInjection.py +++ b/python/ql/src/experimental/Security/CWE-1236/CsvInjection.py @@ -22,10 +22,10 @@ def bad1(): def good1(): csv_data = request.args.get('csv') csvWriter = csv.writer(open("test.csv", "wt")) - csvWriter.writerow(santize_for_csv(csv_data)) + csvWriter.writerow(sanitize_for_csv(csv_data)) return "good1" -def santize_for_csv(data: str| List[str] | List[List[str]]): +def sanitize_for_csv(data: str| List[str] | List[List[str]]): def sanitize(item): return "'" + item diff --git a/python/ql/src/experimental/Security/CWE-287/ImproperLdapAuth.ql b/python/ql/src/experimental/Security/CWE-287/ImproperLdapAuth.ql index 177c58e2782..d4d4425aa0a 100644 --- a/python/ql/src/experimental/Security/CWE-287/ImproperLdapAuth.ql +++ b/python/ql/src/experimental/Security/CWE-287/ImproperLdapAuth.ql @@ -27,4 +27,4 @@ predicate authenticatesImproperly(LdapBind ldapBind) { from LdapBind ldapBind where authenticatesImproperly(ldapBind) -select ldapBind, "The following LDAP bind operation is executed without authentication" +select ldapBind, "The following LDAP bind operation is executed without authentication." diff --git a/python/ql/src/experimental/Security/CWE-522/LDAPInsecureAuth.ql b/python/ql/src/experimental/Security/CWE-522/LDAPInsecureAuth.ql index 88715203be8..88925d56a15 100644 --- a/python/ql/src/experimental/Security/CWE-522/LDAPInsecureAuth.ql +++ b/python/ql/src/experimental/Security/CWE-522/LDAPInsecureAuth.ql @@ -16,5 +16,4 @@ import experimental.semmle.python.security.LDAPInsecureAuth from LdapInsecureAuthConfig config, DataFlow::PathNode source, DataFlow::PathNode sink where config.hasFlowPath(source, sink) -select sink.getNode(), source, sink, "$@ is authenticated insecurely.", sink.getNode(), - "This LDAP host" +select sink.getNode(), source, sink, "This LDAP host is authenticated insecurely." diff --git a/python/ql/src/experimental/Security/CWE-611/SimpleXmlRpcServer.ql b/python/ql/src/experimental/Security/CWE-611/SimpleXmlRpcServer.ql index e31fdc88629..edd19bfdfd9 100644 --- a/python/ql/src/experimental/Security/CWE-611/SimpleXmlRpcServer.ql +++ b/python/ql/src/experimental/Security/CWE-611/SimpleXmlRpcServer.ql @@ -16,4 +16,4 @@ private import semmle.python.ApiGraphs from DataFlow::CallCfgNode call where call = API::moduleImport("xmlrpc").getMember("server").getMember("SimpleXMLRPCServer").getACall() -select call, "SimpleXMLRPCServer is vulnerable to XML bombs" +select call, "SimpleXMLRPCServer is vulnerable to XML bombs." diff --git a/python/ql/src/experimental/Security/CWE-943/NoSQLInjection.ql b/python/ql/src/experimental/Security/CWE-943/NoSQLInjection.ql index cd4405d301b..87e003fcc45 100644 --- a/python/ql/src/experimental/Security/CWE-943/NoSQLInjection.ql +++ b/python/ql/src/experimental/Security/CWE-943/NoSQLInjection.ql @@ -15,5 +15,5 @@ import DataFlow::PathGraph from NoSqlInjection::Configuration config, DataFlow::PathNode source, DataFlow::PathNode sink where config.hasFlowPath(source, sink) -select sink, source, sink, "$@ NoSQL query contains an unsanitized $@", sink, "This", source, +select sink, source, sink, "This NoSQL query contains an unsanitized $@.", source, "user-provided value" diff --git a/python/ql/src/experimental/semmle/python/frameworks/Django.qll b/python/ql/src/experimental/semmle/python/frameworks/Django.qll index 441911866f3..f5156d2eb5c 100644 --- a/python/ql/src/experimental/semmle/python/frameworks/Django.qll +++ b/python/ql/src/experimental/semmle/python/frameworks/Django.qll @@ -91,14 +91,10 @@ private module ExperimentalPrivateDjango { result = baseClassRef().getReturn().getAMember() } - /** Gets a reference to a header instance call with `__setitem__`. */ - API::Node headerSetItem() { - result = headerInstance() and - result.asSource().(DataFlow::AttrRead).getAttributeName() = "__setitem__" - } - class DjangoResponseSetItemCall extends DataFlow::CallCfgNode, HeaderDeclaration::Range { - DjangoResponseSetItemCall() { this = headerSetItem().getACall() } + DjangoResponseSetItemCall() { + this = baseClassRef().getReturn().getMember("__setitem__").getACall() + } override DataFlow::Node getNameArg() { result = this.getArg(0) } @@ -109,8 +105,7 @@ private module ExperimentalPrivateDjango { DataFlow::Node headerInput; DjangoResponseDefinition() { - this.asCfgNode().(DefinitionNode) = - headerInstance().getAValueReachableFromSource().asCfgNode() and + headerInput = headerInstance().asSink() and headerInput.asCfgNode() = this.asCfgNode().(DefinitionNode).getValue() } diff --git a/python/ql/src/experimental/semmle/python/frameworks/Sendgrid.qll b/python/ql/src/experimental/semmle/python/frameworks/Sendgrid.qll index 2914c59d755..51ff2fda354 100644 --- a/python/ql/src/experimental/semmle/python/frameworks/Sendgrid.qll +++ b/python/ql/src/experimental/semmle/python/frameworks/Sendgrid.qll @@ -26,7 +26,7 @@ private module Sendgrid { } /** Gets a reference to a `SendGridAPIClient` instance call with `send` or `post`. */ - private DataFlow::CallCfgNode sendgridApiSendCall() { + private API::CallNode sendgridApiSendCall() { result = sendgridApiClient().getMember("send").getACall() or result = @@ -62,7 +62,7 @@ private module Sendgrid { * * `getFrom()`'s result would be `"from@example.com"`. * * `getSubject()`'s result would be `"Sending with SendGrid is Fun"`. */ - private class SendGridMail extends DataFlow::CallCfgNode, EmailSender::Range { + private class SendGridMail extends API::CallNode, EmailSender::Range { SendGridMail() { this = sendgridApiSendCall() } private DataFlow::CallCfgNode getMailCall() { @@ -118,40 +118,28 @@ private module Sendgrid { or result = this.sendgridWrite("html_content") or - exists(KeyValuePair content, Dict generalDict, KeyValuePair typePair, KeyValuePair valuePair | - content.getKey().(StrConst).getText() = "content" and - content.getValue().(List).getAnElt() = generalDict and - // declare KeyValuePairs keys and values - typePair.getKey().(StrConst).getText() = "type" and - typePair.getValue().(StrConst).getText() = ["text/html", "text/x-amp-html"] and - valuePair.getKey().(StrConst).getText() = "value" and - result.asExpr() = valuePair.getValue() and - // correlate generalDict with previously set KeyValuePairs - generalDict.getAnItem() in [typePair, valuePair] and - [this.getArg(0), this.getArgByName("request_body")].getALocalSource().asExpr() = - any(Dict d | d.getAnItem() = content) + exists(API::Node contentElement | + contentElement = + this.getKeywordParameter("request_body").getSubscript("content").getASubscript() + | + contentElement.getSubscript("type").getAValueReachingSink().asExpr().(StrConst).getText() = + ["text/html", "text/x-amp-html"] and + result = contentElement.getSubscript("value").getAValueReachingSink() ) or - exists(KeyValuePair footer, Dict generalDict, KeyValuePair enablePair, KeyValuePair htmlPair | - footer.getKey().(StrConst).getText() = ["footer", "subscription_tracking"] and - footer.getValue() = generalDict and - // check footer is enabled - enablePair.getKey().(StrConst).getText() = "enable" and - exists(enablePair.getValue().(True)) and - // get html content - htmlPair.getKey().(StrConst).getText() = "html" and - result.asExpr() = htmlPair.getValue() and - // correlate generalDict with previously set KeyValuePairs - generalDict.getAnItem() in [enablePair, htmlPair] and - exists(KeyValuePair k | - k.getKey() = - [this.getArg(0), this.getArgByName("request_body")] - .getALocalSource() - .asExpr() - .(Dict) - .getAKey() and - k.getValue() = any(Dict d | d.getAKey() = footer.getKey()) - ) + exists(API::Node html | + html = + this.getKeywordParameter("request_body") + .getSubscript("tracking_settings") + .getSubscript("subscription_tracking") + or + html = + this.getKeywordParameter("request_body") + .getSubscript("mail_settings") + .getSubscript("footer") + | + html.getSubscript("enable").getAValueReachingSink().asExpr() instanceof True and + result = html.getSubscript("html").getAValueReachingSink() ) } diff --git a/python/ql/src/experimental/semmle/python/libraries/SmtpLib.qll b/python/ql/src/experimental/semmle/python/libraries/SmtpLib.qll index 3eeca7a560c..83ea49cbb66 100644 --- a/python/ql/src/experimental/semmle/python/libraries/SmtpLib.qll +++ b/python/ql/src/experimental/semmle/python/libraries/SmtpLib.qll @@ -101,33 +101,6 @@ module SmtpLib { ) } - /** - * Gets a message subscript write by correlating subscript's object local source with - * `smtp`'s `sendmail` call 3rd argument's local source. - * - * Given the following example with `getSMTPSubscriptByIndex(any(SmtpLibSendMail s), "Subject")`: - * - * ```py - * message = MIMEMultipart("alternative") - * message["Subject"] = "multipart test" - * server.sendmail(sender_email, receiver_email, message.as_string()) - * ``` - * - * * `def` would be `message["Subject"]` (`DefinitionNode`) - * * `sub` would be `message["Subject"]` (`Subscript`) - * * `result` would be `"multipart test"` - */ - private DataFlow::Node getSmtpSubscriptByIndex(DataFlow::CallCfgNode sendCall, string index) { - exists(DefinitionNode def, Subscript sub | - sub = def.getNode() and - DataFlow::exprNode(sub.getObject()).getALocalSource() = - [sendCall.getArg(2), sendCall.getArg(2).(DataFlow::MethodCallNode).getObject()] - .getALocalSource() and - sub.getIndex().(StrConst).getText() = index and - result.asCfgNode() = def.getValue() - ) - } - /** * Gets a reference to `smtplib.SMTP_SSL().sendmail()`. * @@ -153,7 +126,7 @@ module SmtpLib { * * `getFrom()`'s result would be `sender_email`. * * `getSubject()`'s result would be `"multipart test"`. */ - private class SmtpLibSendMail extends DataFlow::CallCfgNode, EmailSender::Range { + private class SmtpLibSendMail extends API::CallNode, EmailSender::Range { SmtpLibSendMail() { this = smtpConnectionInstance().getReturn().getMember("sendmail").getACall() } @@ -163,15 +136,24 @@ module SmtpLib { override DataFlow::Node getHtmlBody() { result = getSmtpMessage(this, "html") } override DataFlow::Node getTo() { - result in [this.getArg(1), getSmtpSubscriptByIndex(this, "To")] + result = this.getParameter(1, "to_addrs").asSink() + or + result = this.getMsg().getSubscript("To").asSink() } override DataFlow::Node getFrom() { - result in [this.getArg(0), getSmtpSubscriptByIndex(this, "From")] + result = this.getParameter(0, "from_addr").asSink() + or + result = this.getMsg().getSubscript("From").asSink() } - override DataFlow::Node getSubject() { - result in [this.getArg(2), getSmtpSubscriptByIndex(this, "Subject")] + override DataFlow::Node getSubject() { result = this.getMsg().getSubscript("Subject").asSink() } + + private API::Node getMsg() { + result.getAValueReachableFromSource() = this.getParameter(2, "msg").asSink() + or + result.getMember("as_string").getReturn().getAValueReachableFromSource() = + this.getParameter(2, "msg").asSink() } } } diff --git a/python/ql/src/experimental/semmle/python/templates/DjangoTemplate.qll b/python/ql/src/experimental/semmle/python/templates/DjangoTemplate.qll index e0dfeb52494..1089ab872ec 100644 --- a/python/ql/src/experimental/semmle/python/templates/DjangoTemplate.qll +++ b/python/ql/src/experimental/semmle/python/templates/DjangoTemplate.qll @@ -7,7 +7,7 @@ import experimental.semmle.python.templates.SSTISink deprecated ClassValue theDjangoTemplateClass() { result = Value::named("django.template.Template") } /** - * A sink representng `django.template.Template` class instantiation argument. + * A sink representing `django.template.Template` class instantiation argument. * * from django.template import Template * template = Template(`sink`) @@ -26,7 +26,7 @@ deprecated class DjangoTemplateTemplateSink extends SSTISink { } // TODO (intentionally commented out QLDoc, since qlformat will delete those lines otherwise) // /** -// * Sinks representng the django.template.Template class instantiation. +// * Sinks representing the django.template.Template class instantiation. // * // * from django.template import engines // * diff --git a/python/ql/src/experimental/semmle/python/templates/FlaskTemplate.qll b/python/ql/src/experimental/semmle/python/templates/FlaskTemplate.qll index 9e768472ec1..c0f3c90235d 100644 --- a/python/ql/src/experimental/semmle/python/templates/FlaskTemplate.qll +++ b/python/ql/src/experimental/semmle/python/templates/FlaskTemplate.qll @@ -9,7 +9,7 @@ deprecated Value theFlaskRenderTemplateClass() { } /** - * A sink representng `flask.render_template_string` function call argument. + * A sink representing `flask.render_template_string` function call argument. * * from flask import render_template_string * render_template_string(`sink`) diff --git a/python/ql/src/semmle/python/functions/ModificationOfParameterWithDefaultCustomizations.qll b/python/ql/src/semmle/python/functions/ModificationOfParameterWithDefaultCustomizations.qll index 7906d6bf0d4..0aa2b96a634 100644 --- a/python/ql/src/semmle/python/functions/ModificationOfParameterWithDefaultCustomizations.qll +++ b/python/ql/src/semmle/python/functions/ModificationOfParameterWithDefaultCustomizations.qll @@ -33,7 +33,7 @@ module ModificationOfParameterWithDefault { * should determine if the node (which is perhaps about to be modified) * can be the default value or not. * - * In this query we do not track the default value exactly, but rather wheter + * In this query we do not track the default value exactly, but rather whether * it is empty or not (see `Source`). * * This is the extension point for determining that a node must be empty and @@ -46,7 +46,7 @@ module ModificationOfParameterWithDefault { * should determine if the node (which is perhaps about to be modified) * can be the default value or not. * - * In this query we do not track the default value exactly, but rather wheter + * In this query we do not track the default value exactly, but rather whether * it is empty or not (see `Source`). * * This is the extension point for determining that a node must be non-empty @@ -54,7 +54,7 @@ module ModificationOfParameterWithDefault { */ abstract class MustBeNonEmpty extends DataFlow::Node { } - /** Gets the truthiness (non emptyness) of the default of `p` if that value is mutable */ + /** Gets the truthiness (non emptiness) of the default of `p` if that value is mutable */ private boolean mutableDefaultValue(Parameter p) { exists(Dict d | p.getDefault() = d | exists(d.getAKey()) and result = true diff --git a/python/ql/test/2/query-tests/Classes/new-style/SlotsInOldStyleClass.expected b/python/ql/test/2/query-tests/Classes/new-style/SlotsInOldStyleClass.expected index 60c073b9dd6..ccad85bd384 100644 --- a/python/ql/test/2/query-tests/Classes/new-style/SlotsInOldStyleClass.expected +++ b/python/ql/test/2/query-tests/Classes/new-style/SlotsInOldStyleClass.expected @@ -1 +1 @@ -| newstyle_test.py:4:1:4:16 | class OldStyle1 | Using __slots__ in an old style class just creates a class attribute called '__slots__' | +| newstyle_test.py:4:1:4:16 | class OldStyle1 | Using '__slots__' in an old style class just creates a class attribute called '__slots__'. | diff --git a/python/ql/test/2/query-tests/Classes/new-style/SuperInOldStyleClass.expected b/python/ql/test/2/query-tests/Classes/new-style/SuperInOldStyleClass.expected index f60a56e8efe..2ee934ed673 100644 --- a/python/ql/test/2/query-tests/Classes/new-style/SuperInOldStyleClass.expected +++ b/python/ql/test/2/query-tests/Classes/new-style/SuperInOldStyleClass.expected @@ -1 +1 @@ -| newstyle_test.py:15:9:15:15 | super() | super() will not work in old-style classes | +| newstyle_test.py:15:9:15:15 | super() | 'super()' will not work in old-style classes. | diff --git a/python/ql/test/2/query-tests/Exceptions/generators/UnguardedNextInGenerator.expected b/python/ql/test/2/query-tests/Exceptions/generators/UnguardedNextInGenerator.expected index 289b8fb5a0d..7cd772d4662 100644 --- a/python/ql/test/2/query-tests/Exceptions/generators/UnguardedNextInGenerator.expected +++ b/python/ql/test/2/query-tests/Exceptions/generators/UnguardedNextInGenerator.expected @@ -1,2 +1,2 @@ -| test.py:5:15:5:22 | ControlFlowNode for next() | Call to next() in a generator | -| test.py:10:20:10:27 | ControlFlowNode for next() | Call to next() in a generator | +| test.py:5:15:5:22 | ControlFlowNode for next() | Call to 'next()' in a generator. | +| test.py:10:20:10:27 | ControlFlowNode for next() | Call to 'next()' in a generator. | diff --git a/python/ql/test/2/query-tests/Exceptions/raising/RaisingTuple.expected b/python/ql/test/2/query-tests/Exceptions/raising/RaisingTuple.expected index 7200c147ea9..ecfd7587d53 100644 --- a/python/ql/test/2/query-tests/Exceptions/raising/RaisingTuple.expected +++ b/python/ql/test/2/query-tests/Exceptions/raising/RaisingTuple.expected @@ -1,3 +1,3 @@ -| test.py:8:5:8:12 | Raise | Raising $@ will result in the first element (recursively) being raised and all other elements being discarded. | test.py:7:10:7:29 | ControlFlowNode for Tuple | a tuple | -| test.py:11:5:11:32 | Raise | Raising $@ will result in the first element (recursively) being raised and all other elements being discarded. | test.py:11:12:11:31 | ControlFlowNode for Tuple | a tuple | -| test.py:15:5:15:23 | Raise | Raising $@ will result in the first element (recursively) being raised and all other elements being discarded. | test.py:14:10:14:19 | ControlFlowNode for Tuple | a tuple | +| test.py:8:5:8:12 | Raise | Raising a $@ will result in the first element (recursively) being raised and all other elements being discarded. | test.py:7:10:7:29 | ControlFlowNode for Tuple | tuple | +| test.py:11:5:11:32 | Raise | Raising a $@ will result in the first element (recursively) being raised and all other elements being discarded. | test.py:11:12:11:31 | ControlFlowNode for Tuple | tuple | +| test.py:15:5:15:23 | Raise | Raising a $@ will result in the first element (recursively) being raised and all other elements being discarded. | test.py:14:10:14:19 | ControlFlowNode for Tuple | tuple | diff --git a/python/ql/test/3/query-tests/Statements/iter/NonIteratorInForLoop.expected b/python/ql/test/3/query-tests/Statements/iter/NonIteratorInForLoop.expected index 1f807ddf5f0..c59db3b2b65 100644 --- a/python/ql/test/3/query-tests/Statements/iter/NonIteratorInForLoop.expected +++ b/python/ql/test/3/query-tests/Statements/iter/NonIteratorInForLoop.expected @@ -1,2 +1,2 @@ -| async_iterator.py:26:11:26:34 | For | $@ of class '$@' may be used in for-loop. | async_iterator.py:26:20:26:33 | ControlFlowNode for MissingAiter() | Non-iterable | async_iterator.py:13:1:13:19 | class MissingAiter | MissingAiter | -| statements_test.py:34:5:34:19 | For | $@ of class '$@' may be used in for-loop. | statements_test.py:34:18:34:18 | ControlFlowNode for IntegerLiteral | Non-iterable | file://:0:0:0:0 | builtin-class int | int | +| async_iterator.py:26:11:26:34 | For | This for-loop may attempt to iterate over a $@ of class $@. | async_iterator.py:26:20:26:33 | ControlFlowNode for MissingAiter() | non-iterable instance | async_iterator.py:13:1:13:19 | class MissingAiter | MissingAiter | +| statements_test.py:34:5:34:19 | For | This for-loop may attempt to iterate over a $@ of class $@. | statements_test.py:34:18:34:18 | ControlFlowNode for IntegerLiteral | non-iterable instance | file://:0:0:0:0 | builtin-class int | int | diff --git a/python/ql/test/experimental/library-tests/CallGraph/code/runtime_decision.py b/python/ql/test/experimental/library-tests/CallGraph/code/runtime_decision.py index 7be3f83fe68..fd2f7773ced 100644 --- a/python/ql/test/experimental/library-tests/CallGraph/code/runtime_decision.py +++ b/python/ql/test/experimental/library-tests/CallGraph/code/runtime_decision.py @@ -1,7 +1,7 @@ import sys import random -# hmm, annoying that you have to keep names unique accross files :| +# hmm, annoying that you have to keep names unique across files :| # since I like to use foo and bar ALL the time :D # name:rd_foo diff --git a/python/ql/test/experimental/query-tests/Security/CWE-022/ZipSlip.expected b/python/ql/test/experimental/query-tests/Security/CWE-022/ZipSlip.expected index 66594b3374e..580163a52e9 100644 --- a/python/ql/test/experimental/query-tests/Security/CWE-022/ZipSlip.expected +++ b/python/ql/test/experimental/query-tests/Security/CWE-022/ZipSlip.expected @@ -27,8 +27,8 @@ nodes | zipslip_bad.py:37:32:37:32 | ControlFlowNode for x | semmle.label | ControlFlowNode for x | subpaths #select -| zipslip_bad.py:11:25:11:29 | ControlFlowNode for entry | zipslip_bad.py:8:10:8:31 | ControlFlowNode for Attribute() | zipslip_bad.py:11:25:11:29 | ControlFlowNode for entry | Extraction of zipfile from $@ | zipslip_bad.py:8:10:8:31 | ControlFlowNode for Attribute() | a potentially untrusted source | -| zipslip_bad.py:17:26:17:30 | ControlFlowNode for entry | zipslip_bad.py:14:10:14:28 | ControlFlowNode for Attribute() | zipslip_bad.py:17:26:17:30 | ControlFlowNode for entry | Extraction of zipfile from $@ | zipslip_bad.py:14:10:14:28 | ControlFlowNode for Attribute() | a potentially untrusted source | -| zipslip_bad.py:23:29:23:33 | ControlFlowNode for entry | zipslip_bad.py:20:10:20:27 | ControlFlowNode for Attribute() | zipslip_bad.py:23:29:23:33 | ControlFlowNode for entry | Extraction of zipfile from $@ | zipslip_bad.py:20:10:20:27 | ControlFlowNode for Attribute() | a potentially untrusted source | -| zipslip_bad.py:30:25:30:25 | ControlFlowNode for x | zipslip_bad.py:27:10:27:22 | ControlFlowNode for Attribute() | zipslip_bad.py:30:25:30:25 | ControlFlowNode for x | Extraction of zipfile from $@ | zipslip_bad.py:27:10:27:22 | ControlFlowNode for Attribute() | a potentially untrusted source | -| zipslip_bad.py:37:32:37:32 | ControlFlowNode for x | zipslip_bad.py:34:16:34:28 | ControlFlowNode for Attribute() | zipslip_bad.py:37:32:37:32 | ControlFlowNode for x | Extraction of zipfile from $@ | zipslip_bad.py:34:16:34:28 | ControlFlowNode for Attribute() | a potentially untrusted source | +| zipslip_bad.py:8:10:8:31 | ControlFlowNode for Attribute() | zipslip_bad.py:8:10:8:31 | ControlFlowNode for Attribute() | zipslip_bad.py:11:25:11:29 | ControlFlowNode for entry | This unsanitized archive entry, which may contain '..', is used in a $@. | zipslip_bad.py:11:25:11:29 | ControlFlowNode for entry | file system operation | +| zipslip_bad.py:14:10:14:28 | ControlFlowNode for Attribute() | zipslip_bad.py:14:10:14:28 | ControlFlowNode for Attribute() | zipslip_bad.py:17:26:17:30 | ControlFlowNode for entry | This unsanitized archive entry, which may contain '..', is used in a $@. | zipslip_bad.py:17:26:17:30 | ControlFlowNode for entry | file system operation | +| zipslip_bad.py:20:10:20:27 | ControlFlowNode for Attribute() | zipslip_bad.py:20:10:20:27 | ControlFlowNode for Attribute() | zipslip_bad.py:23:29:23:33 | ControlFlowNode for entry | This unsanitized archive entry, which may contain '..', is used in a $@. | zipslip_bad.py:23:29:23:33 | ControlFlowNode for entry | file system operation | +| zipslip_bad.py:27:10:27:22 | ControlFlowNode for Attribute() | zipslip_bad.py:27:10:27:22 | ControlFlowNode for Attribute() | zipslip_bad.py:30:25:30:25 | ControlFlowNode for x | This unsanitized archive entry, which may contain '..', is used in a $@. | zipslip_bad.py:30:25:30:25 | ControlFlowNode for x | file system operation | +| zipslip_bad.py:34:16:34:28 | ControlFlowNode for Attribute() | zipslip_bad.py:34:16:34:28 | ControlFlowNode for Attribute() | zipslip_bad.py:37:32:37:32 | ControlFlowNode for x | This unsanitized archive entry, which may contain '..', is used in a $@. | zipslip_bad.py:37:32:37:32 | ControlFlowNode for x | file system operation | diff --git a/python/ql/test/experimental/query-tests/Security/CWE-113/HeaderInjection.expected b/python/ql/test/experimental/query-tests/Security/CWE-113/HeaderInjection.expected index 588c9ea3bb5..af98a815fe8 100644 --- a/python/ql/test/experimental/query-tests/Security/CWE-113/HeaderInjection.expected +++ b/python/ql/test/experimental/query-tests/Security/CWE-113/HeaderInjection.expected @@ -45,9 +45,9 @@ nodes | flask_bad.py:38:24:38:33 | ControlFlowNode for rfs_header | semmle.label | ControlFlowNode for rfs_header | subpaths #select -| django_bad.py:7:40:7:49 | ControlFlowNode for rfs_header | django_bad.py:5:18:5:58 | ControlFlowNode for Attribute() | django_bad.py:7:40:7:49 | ControlFlowNode for rfs_header | $@ HTTP header is constructed from a $@. | django_bad.py:7:40:7:49 | ControlFlowNode for rfs_header | This | django_bad.py:5:18:5:58 | ControlFlowNode for Attribute() | user-provided value | -| django_bad.py:14:30:14:39 | ControlFlowNode for rfs_header | django_bad.py:12:18:12:58 | ControlFlowNode for Attribute() | django_bad.py:14:30:14:39 | ControlFlowNode for rfs_header | $@ HTTP header is constructed from a $@. | django_bad.py:14:30:14:39 | ControlFlowNode for rfs_header | This | django_bad.py:12:18:12:58 | ControlFlowNode for Attribute() | user-provided value | -| flask_bad.py:12:31:12:40 | ControlFlowNode for rfs_header | flask_bad.py:1:29:1:35 | ControlFlowNode for ImportMember | flask_bad.py:12:31:12:40 | ControlFlowNode for rfs_header | $@ HTTP header is constructed from a $@. | flask_bad.py:12:31:12:40 | ControlFlowNode for rfs_header | This | flask_bad.py:1:29:1:35 | ControlFlowNode for ImportMember | user-provided value | -| flask_bad.py:21:38:21:47 | ControlFlowNode for rfs_header | flask_bad.py:1:29:1:35 | ControlFlowNode for ImportMember | flask_bad.py:21:38:21:47 | ControlFlowNode for rfs_header | $@ HTTP header is constructed from a $@. | flask_bad.py:21:38:21:47 | ControlFlowNode for rfs_header | This | flask_bad.py:1:29:1:35 | ControlFlowNode for ImportMember | user-provided value | -| flask_bad.py:29:34:29:43 | ControlFlowNode for rfs_header | flask_bad.py:1:29:1:35 | ControlFlowNode for ImportMember | flask_bad.py:29:34:29:43 | ControlFlowNode for rfs_header | $@ HTTP header is constructed from a $@. | flask_bad.py:29:34:29:43 | ControlFlowNode for rfs_header | This | flask_bad.py:1:29:1:35 | ControlFlowNode for ImportMember | user-provided value | -| flask_bad.py:38:24:38:33 | ControlFlowNode for rfs_header | flask_bad.py:1:29:1:35 | ControlFlowNode for ImportMember | flask_bad.py:38:24:38:33 | ControlFlowNode for rfs_header | $@ HTTP header is constructed from a $@. | flask_bad.py:38:24:38:33 | ControlFlowNode for rfs_header | This | flask_bad.py:1:29:1:35 | ControlFlowNode for ImportMember | user-provided value | +| django_bad.py:7:40:7:49 | ControlFlowNode for rfs_header | django_bad.py:5:18:5:58 | ControlFlowNode for Attribute() | django_bad.py:7:40:7:49 | ControlFlowNode for rfs_header | This HTTP header is constructed from a $@. | django_bad.py:5:18:5:58 | ControlFlowNode for Attribute() | user-provided value | +| django_bad.py:14:30:14:39 | ControlFlowNode for rfs_header | django_bad.py:12:18:12:58 | ControlFlowNode for Attribute() | django_bad.py:14:30:14:39 | ControlFlowNode for rfs_header | This HTTP header is constructed from a $@. | django_bad.py:12:18:12:58 | ControlFlowNode for Attribute() | user-provided value | +| flask_bad.py:12:31:12:40 | ControlFlowNode for rfs_header | flask_bad.py:1:29:1:35 | ControlFlowNode for ImportMember | flask_bad.py:12:31:12:40 | ControlFlowNode for rfs_header | This HTTP header is constructed from a $@. | flask_bad.py:1:29:1:35 | ControlFlowNode for ImportMember | user-provided value | +| flask_bad.py:21:38:21:47 | ControlFlowNode for rfs_header | flask_bad.py:1:29:1:35 | ControlFlowNode for ImportMember | flask_bad.py:21:38:21:47 | ControlFlowNode for rfs_header | This HTTP header is constructed from a $@. | flask_bad.py:1:29:1:35 | ControlFlowNode for ImportMember | user-provided value | +| flask_bad.py:29:34:29:43 | ControlFlowNode for rfs_header | flask_bad.py:1:29:1:35 | ControlFlowNode for ImportMember | flask_bad.py:29:34:29:43 | ControlFlowNode for rfs_header | This HTTP header is constructed from a $@. | flask_bad.py:1:29:1:35 | ControlFlowNode for ImportMember | user-provided value | +| flask_bad.py:38:24:38:33 | ControlFlowNode for rfs_header | flask_bad.py:1:29:1:35 | ControlFlowNode for ImportMember | flask_bad.py:38:24:38:33 | ControlFlowNode for rfs_header | This HTTP header is constructed from a $@. | flask_bad.py:1:29:1:35 | ControlFlowNode for ImportMember | user-provided value | diff --git a/python/ql/test/experimental/query-tests/Security/CWE-287/ImproperLdapAuth.expected b/python/ql/test/experimental/query-tests/Security/CWE-287/ImproperLdapAuth.expected index 766665ee1b6..224c1a33902 100644 --- a/python/ql/test/experimental/query-tests/Security/CWE-287/ImproperLdapAuth.expected +++ b/python/ql/test/experimental/query-tests/Security/CWE-287/ImproperLdapAuth.expected @@ -1,10 +1,10 @@ -| auth_bad_2.py:19:5:19:42 | ControlFlowNode for Attribute() | The following LDAP bind operation is executed without authentication | -| auth_bad_2.py:33:5:33:44 | ControlFlowNode for Attribute() | The following LDAP bind operation is executed without authentication | -| auth_bad_2.py:47:5:47:43 | ControlFlowNode for Attribute() | The following LDAP bind operation is executed without authentication | -| auth_bad_2.py:60:5:60:52 | ControlFlowNode for Attribute() | The following LDAP bind operation is executed without authentication | -| auth_bad_2.py:73:5:73:39 | ControlFlowNode for Attribute() | The following LDAP bind operation is executed without authentication | -| auth_bad_2.py:87:5:87:48 | ControlFlowNode for Attribute() | The following LDAP bind operation is executed without authentication | -| auth_bad_3.py:19:12:19:43 | ControlFlowNode for Connection() | The following LDAP bind operation is executed without authentication | -| auth_bad_3.py:33:12:33:57 | ControlFlowNode for Connection() | The following LDAP bind operation is executed without authentication | -| auth_bad_3.py:46:12:46:55 | ControlFlowNode for Connection() | The following LDAP bind operation is executed without authentication | -| auth_bad_3.py:60:12:60:42 | ControlFlowNode for Connection() | The following LDAP bind operation is executed without authentication | +| auth_bad_2.py:19:5:19:42 | ControlFlowNode for Attribute() | The following LDAP bind operation is executed without authentication. | +| auth_bad_2.py:33:5:33:44 | ControlFlowNode for Attribute() | The following LDAP bind operation is executed without authentication. | +| auth_bad_2.py:47:5:47:43 | ControlFlowNode for Attribute() | The following LDAP bind operation is executed without authentication. | +| auth_bad_2.py:60:5:60:52 | ControlFlowNode for Attribute() | The following LDAP bind operation is executed without authentication. | +| auth_bad_2.py:73:5:73:39 | ControlFlowNode for Attribute() | The following LDAP bind operation is executed without authentication. | +| auth_bad_2.py:87:5:87:48 | ControlFlowNode for Attribute() | The following LDAP bind operation is executed without authentication. | +| auth_bad_3.py:19:12:19:43 | ControlFlowNode for Connection() | The following LDAP bind operation is executed without authentication. | +| auth_bad_3.py:33:12:33:57 | ControlFlowNode for Connection() | The following LDAP bind operation is executed without authentication. | +| auth_bad_3.py:46:12:46:55 | ControlFlowNode for Connection() | The following LDAP bind operation is executed without authentication. | +| auth_bad_3.py:60:12:60:42 | ControlFlowNode for Connection() | The following LDAP bind operation is executed without authentication. | diff --git a/python/ql/test/experimental/query-tests/Security/CWE-522/LDAPInsecureAuth.expected b/python/ql/test/experimental/query-tests/Security/CWE-522/LDAPInsecureAuth.expected index 425b00a85c7..ec408995b0f 100644 --- a/python/ql/test/experimental/query-tests/Security/CWE-522/LDAPInsecureAuth.expected +++ b/python/ql/test/experimental/query-tests/Security/CWE-522/LDAPInsecureAuth.expected @@ -26,9 +26,9 @@ nodes | ldap3_remote.py:139:18:139:21 | ControlFlowNode for host | semmle.label | ControlFlowNode for host | subpaths #select -| ldap2_remote.py:45:41:45:60 | ControlFlowNode for BinaryExpr | ldap2_remote.py:45:41:45:60 | ControlFlowNode for BinaryExpr | ldap2_remote.py:45:41:45:60 | ControlFlowNode for BinaryExpr | $@ is authenticated insecurely. | ldap2_remote.py:45:41:45:60 | ControlFlowNode for BinaryExpr | This LDAP host | -| ldap2_remote.py:56:41:56:60 | ControlFlowNode for BinaryExpr | ldap2_remote.py:56:41:56:60 | ControlFlowNode for BinaryExpr | ldap2_remote.py:56:41:56:60 | ControlFlowNode for BinaryExpr | $@ is authenticated insecurely. | ldap2_remote.py:56:41:56:60 | ControlFlowNode for BinaryExpr | This LDAP host | -| ldap3_remote.py:102:18:102:21 | ControlFlowNode for host | ldap3_remote.py:101:12:101:49 | ControlFlowNode for BinaryExpr | ldap3_remote.py:102:18:102:21 | ControlFlowNode for host | $@ is authenticated insecurely. | ldap3_remote.py:102:18:102:21 | ControlFlowNode for host | This LDAP host | -| ldap3_remote.py:115:18:115:21 | ControlFlowNode for host | ldap3_remote.py:114:12:114:49 | ControlFlowNode for BinaryExpr | ldap3_remote.py:115:18:115:21 | ControlFlowNode for host | $@ is authenticated insecurely. | ldap3_remote.py:115:18:115:21 | ControlFlowNode for host | This LDAP host | -| ldap3_remote.py:127:18:127:21 | ControlFlowNode for host | ldap3_remote.py:126:12:126:31 | ControlFlowNode for BinaryExpr | ldap3_remote.py:127:18:127:21 | ControlFlowNode for host | $@ is authenticated insecurely. | ldap3_remote.py:127:18:127:21 | ControlFlowNode for host | This LDAP host | -| ldap3_remote.py:139:18:139:21 | ControlFlowNode for host | ldap3_remote.py:2:19:2:25 | ControlFlowNode for ImportMember | ldap3_remote.py:139:18:139:21 | ControlFlowNode for host | $@ is authenticated insecurely. | ldap3_remote.py:139:18:139:21 | ControlFlowNode for host | This LDAP host | +| ldap2_remote.py:45:41:45:60 | ControlFlowNode for BinaryExpr | ldap2_remote.py:45:41:45:60 | ControlFlowNode for BinaryExpr | ldap2_remote.py:45:41:45:60 | ControlFlowNode for BinaryExpr | This LDAP host is authenticated insecurely. | +| ldap2_remote.py:56:41:56:60 | ControlFlowNode for BinaryExpr | ldap2_remote.py:56:41:56:60 | ControlFlowNode for BinaryExpr | ldap2_remote.py:56:41:56:60 | ControlFlowNode for BinaryExpr | This LDAP host is authenticated insecurely. | +| ldap3_remote.py:102:18:102:21 | ControlFlowNode for host | ldap3_remote.py:101:12:101:49 | ControlFlowNode for BinaryExpr | ldap3_remote.py:102:18:102:21 | ControlFlowNode for host | This LDAP host is authenticated insecurely. | +| ldap3_remote.py:115:18:115:21 | ControlFlowNode for host | ldap3_remote.py:114:12:114:49 | ControlFlowNode for BinaryExpr | ldap3_remote.py:115:18:115:21 | ControlFlowNode for host | This LDAP host is authenticated insecurely. | +| ldap3_remote.py:127:18:127:21 | ControlFlowNode for host | ldap3_remote.py:126:12:126:31 | ControlFlowNode for BinaryExpr | ldap3_remote.py:127:18:127:21 | ControlFlowNode for host | This LDAP host is authenticated insecurely. | +| ldap3_remote.py:139:18:139:21 | ControlFlowNode for host | ldap3_remote.py:2:19:2:25 | ControlFlowNode for ImportMember | ldap3_remote.py:139:18:139:21 | ControlFlowNode for host | This LDAP host is authenticated insecurely. | diff --git a/python/ql/test/experimental/query-tests/Security/CWE-611-SimpleXmlRpcServer/SimpleXmlRpcServer.expected b/python/ql/test/experimental/query-tests/Security/CWE-611-SimpleXmlRpcServer/SimpleXmlRpcServer.expected index 5f848fb56bb..30438f41083 100644 --- a/python/ql/test/experimental/query-tests/Security/CWE-611-SimpleXmlRpcServer/SimpleXmlRpcServer.expected +++ b/python/ql/test/experimental/query-tests/Security/CWE-611-SimpleXmlRpcServer/SimpleXmlRpcServer.expected @@ -1 +1 @@ -| xmlrpc_server.py:7:10:7:48 | ControlFlowNode for SimpleXMLRPCServer() | SimpleXMLRPCServer is vulnerable to XML bombs | +| xmlrpc_server.py:7:10:7:48 | ControlFlowNode for SimpleXMLRPCServer() | SimpleXMLRPCServer is vulnerable to XML bombs. | diff --git a/python/ql/test/experimental/query-tests/Security/CWE-943/NoSQLInjection.expected b/python/ql/test/experimental/query-tests/Security/CWE-943/NoSQLInjection.expected index 54948a2d17f..400288d7ea2 100644 --- a/python/ql/test/experimental/query-tests/Security/CWE-943/NoSQLInjection.expected +++ b/python/ql/test/experimental/query-tests/Security/CWE-943/NoSQLInjection.expected @@ -162,15 +162,15 @@ nodes | pymongo_test.py:43:34:43:73 | ControlFlowNode for Dict | semmle.label | ControlFlowNode for Dict | subpaths #select -| flask_mongoengine_bad.py:22:34:22:44 | ControlFlowNode for json_search | flask_mongoengine_bad.py:1:26:1:32 | ControlFlowNode for ImportMember | flask_mongoengine_bad.py:22:34:22:44 | ControlFlowNode for json_search | $@ NoSQL query contains an unsanitized $@ | flask_mongoengine_bad.py:22:34:22:44 | ControlFlowNode for json_search | This | flask_mongoengine_bad.py:1:26:1:32 | ControlFlowNode for ImportMember | user-provided value | -| flask_mongoengine_bad.py:30:39:30:59 | ControlFlowNode for Dict | flask_mongoengine_bad.py:1:26:1:32 | ControlFlowNode for ImportMember | flask_mongoengine_bad.py:30:39:30:59 | ControlFlowNode for Dict | $@ NoSQL query contains an unsanitized $@ | flask_mongoengine_bad.py:30:39:30:59 | ControlFlowNode for Dict | This | flask_mongoengine_bad.py:1:26:1:32 | ControlFlowNode for ImportMember | user-provided value | -| flask_pymongo_bad.py:14:31:14:51 | ControlFlowNode for Dict | flask_pymongo_bad.py:1:26:1:32 | ControlFlowNode for ImportMember | flask_pymongo_bad.py:14:31:14:51 | ControlFlowNode for Dict | $@ NoSQL query contains an unsanitized $@ | flask_pymongo_bad.py:14:31:14:51 | ControlFlowNode for Dict | This | flask_pymongo_bad.py:1:26:1:32 | ControlFlowNode for ImportMember | user-provided value | -| mongoengine_bad.py:22:26:22:46 | ControlFlowNode for Dict | mongoengine_bad.py:1:26:1:32 | ControlFlowNode for ImportMember | mongoengine_bad.py:22:26:22:46 | ControlFlowNode for Dict | $@ NoSQL query contains an unsanitized $@ | mongoengine_bad.py:22:26:22:46 | ControlFlowNode for Dict | This | mongoengine_bad.py:1:26:1:32 | ControlFlowNode for ImportMember | user-provided value | -| mongoengine_bad.py:30:26:30:46 | ControlFlowNode for Dict | mongoengine_bad.py:1:26:1:32 | ControlFlowNode for ImportMember | mongoengine_bad.py:30:26:30:46 | ControlFlowNode for Dict | $@ NoSQL query contains an unsanitized $@ | mongoengine_bad.py:30:26:30:46 | ControlFlowNode for Dict | This | mongoengine_bad.py:1:26:1:32 | ControlFlowNode for ImportMember | user-provided value | -| mongoengine_bad.py:38:26:38:46 | ControlFlowNode for Dict | mongoengine_bad.py:1:26:1:32 | ControlFlowNode for ImportMember | mongoengine_bad.py:38:26:38:46 | ControlFlowNode for Dict | $@ NoSQL query contains an unsanitized $@ | mongoengine_bad.py:38:26:38:46 | ControlFlowNode for Dict | This | mongoengine_bad.py:1:26:1:32 | ControlFlowNode for ImportMember | user-provided value | -| mongoengine_bad.py:46:26:46:46 | ControlFlowNode for Dict | mongoengine_bad.py:1:26:1:32 | ControlFlowNode for ImportMember | mongoengine_bad.py:46:26:46:46 | ControlFlowNode for Dict | $@ NoSQL query contains an unsanitized $@ | mongoengine_bad.py:46:26:46:46 | ControlFlowNode for Dict | This | mongoengine_bad.py:1:26:1:32 | ControlFlowNode for ImportMember | user-provided value | -| mongoengine_bad.py:53:34:53:44 | ControlFlowNode for json_search | mongoengine_bad.py:1:26:1:32 | ControlFlowNode for ImportMember | mongoengine_bad.py:53:34:53:44 | ControlFlowNode for json_search | $@ NoSQL query contains an unsanitized $@ | mongoengine_bad.py:53:34:53:44 | ControlFlowNode for json_search | This | mongoengine_bad.py:1:26:1:32 | ControlFlowNode for ImportMember | user-provided value | -| mongoengine_bad.py:61:29:61:49 | ControlFlowNode for Dict | mongoengine_bad.py:1:26:1:32 | ControlFlowNode for ImportMember | mongoengine_bad.py:61:29:61:49 | ControlFlowNode for Dict | $@ NoSQL query contains an unsanitized $@ | mongoengine_bad.py:61:29:61:49 | ControlFlowNode for Dict | This | mongoengine_bad.py:1:26:1:32 | ControlFlowNode for ImportMember | user-provided value | -| pymongo_test.py:15:42:15:62 | ControlFlowNode for Dict | pymongo_test.py:1:26:1:32 | ControlFlowNode for ImportMember | pymongo_test.py:15:42:15:62 | ControlFlowNode for Dict | $@ NoSQL query contains an unsanitized $@ | pymongo_test.py:15:42:15:62 | ControlFlowNode for Dict | This | pymongo_test.py:1:26:1:32 | ControlFlowNode for ImportMember | user-provided value | -| pymongo_test.py:33:34:33:73 | ControlFlowNode for Dict | pymongo_test.py:1:26:1:32 | ControlFlowNode for ImportMember | pymongo_test.py:33:34:33:73 | ControlFlowNode for Dict | $@ NoSQL query contains an unsanitized $@ | pymongo_test.py:33:34:33:73 | ControlFlowNode for Dict | This | pymongo_test.py:1:26:1:32 | ControlFlowNode for ImportMember | user-provided value | -| pymongo_test.py:43:34:43:73 | ControlFlowNode for Dict | pymongo_test.py:1:26:1:32 | ControlFlowNode for ImportMember | pymongo_test.py:43:34:43:73 | ControlFlowNode for Dict | $@ NoSQL query contains an unsanitized $@ | pymongo_test.py:43:34:43:73 | ControlFlowNode for Dict | This | pymongo_test.py:1:26:1:32 | ControlFlowNode for ImportMember | user-provided value | +| flask_mongoengine_bad.py:22:34:22:44 | ControlFlowNode for json_search | flask_mongoengine_bad.py:1:26:1:32 | ControlFlowNode for ImportMember | flask_mongoengine_bad.py:22:34:22:44 | ControlFlowNode for json_search | This NoSQL query contains an unsanitized $@. | flask_mongoengine_bad.py:1:26:1:32 | ControlFlowNode for ImportMember | user-provided value | +| flask_mongoengine_bad.py:30:39:30:59 | ControlFlowNode for Dict | flask_mongoengine_bad.py:1:26:1:32 | ControlFlowNode for ImportMember | flask_mongoengine_bad.py:30:39:30:59 | ControlFlowNode for Dict | This NoSQL query contains an unsanitized $@. | flask_mongoengine_bad.py:1:26:1:32 | ControlFlowNode for ImportMember | user-provided value | +| flask_pymongo_bad.py:14:31:14:51 | ControlFlowNode for Dict | flask_pymongo_bad.py:1:26:1:32 | ControlFlowNode for ImportMember | flask_pymongo_bad.py:14:31:14:51 | ControlFlowNode for Dict | This NoSQL query contains an unsanitized $@. | flask_pymongo_bad.py:1:26:1:32 | ControlFlowNode for ImportMember | user-provided value | +| mongoengine_bad.py:22:26:22:46 | ControlFlowNode for Dict | mongoengine_bad.py:1:26:1:32 | ControlFlowNode for ImportMember | mongoengine_bad.py:22:26:22:46 | ControlFlowNode for Dict | This NoSQL query contains an unsanitized $@. | mongoengine_bad.py:1:26:1:32 | ControlFlowNode for ImportMember | user-provided value | +| mongoengine_bad.py:30:26:30:46 | ControlFlowNode for Dict | mongoengine_bad.py:1:26:1:32 | ControlFlowNode for ImportMember | mongoengine_bad.py:30:26:30:46 | ControlFlowNode for Dict | This NoSQL query contains an unsanitized $@. | mongoengine_bad.py:1:26:1:32 | ControlFlowNode for ImportMember | user-provided value | +| mongoengine_bad.py:38:26:38:46 | ControlFlowNode for Dict | mongoengine_bad.py:1:26:1:32 | ControlFlowNode for ImportMember | mongoengine_bad.py:38:26:38:46 | ControlFlowNode for Dict | This NoSQL query contains an unsanitized $@. | mongoengine_bad.py:1:26:1:32 | ControlFlowNode for ImportMember | user-provided value | +| mongoengine_bad.py:46:26:46:46 | ControlFlowNode for Dict | mongoengine_bad.py:1:26:1:32 | ControlFlowNode for ImportMember | mongoengine_bad.py:46:26:46:46 | ControlFlowNode for Dict | This NoSQL query contains an unsanitized $@. | mongoengine_bad.py:1:26:1:32 | ControlFlowNode for ImportMember | user-provided value | +| mongoengine_bad.py:53:34:53:44 | ControlFlowNode for json_search | mongoengine_bad.py:1:26:1:32 | ControlFlowNode for ImportMember | mongoengine_bad.py:53:34:53:44 | ControlFlowNode for json_search | This NoSQL query contains an unsanitized $@. | mongoengine_bad.py:1:26:1:32 | ControlFlowNode for ImportMember | user-provided value | +| mongoengine_bad.py:61:29:61:49 | ControlFlowNode for Dict | mongoengine_bad.py:1:26:1:32 | ControlFlowNode for ImportMember | mongoengine_bad.py:61:29:61:49 | ControlFlowNode for Dict | This NoSQL query contains an unsanitized $@. | mongoengine_bad.py:1:26:1:32 | ControlFlowNode for ImportMember | user-provided value | +| pymongo_test.py:15:42:15:62 | ControlFlowNode for Dict | pymongo_test.py:1:26:1:32 | ControlFlowNode for ImportMember | pymongo_test.py:15:42:15:62 | ControlFlowNode for Dict | This NoSQL query contains an unsanitized $@. | pymongo_test.py:1:26:1:32 | ControlFlowNode for ImportMember | user-provided value | +| pymongo_test.py:33:34:33:73 | ControlFlowNode for Dict | pymongo_test.py:1:26:1:32 | ControlFlowNode for ImportMember | pymongo_test.py:33:34:33:73 | ControlFlowNode for Dict | This NoSQL query contains an unsanitized $@. | pymongo_test.py:1:26:1:32 | ControlFlowNode for ImportMember | user-provided value | +| pymongo_test.py:43:34:43:73 | ControlFlowNode for Dict | pymongo_test.py:1:26:1:32 | ControlFlowNode for ImportMember | pymongo_test.py:43:34:43:73 | ControlFlowNode for Dict | This NoSQL query contains an unsanitized $@. | pymongo_test.py:1:26:1:32 | ControlFlowNode for ImportMember | user-provided value | diff --git a/python/ql/test/library-tests/ApiGraphs/py3/deftest1.py b/python/ql/test/library-tests/ApiGraphs/py3/deftest1.py index ea421dbfc54..db04548eaa0 100644 --- a/python/ql/test/library-tests/ApiGraphs/py3/deftest1.py +++ b/python/ql/test/library-tests/ApiGraphs/py3/deftest1.py @@ -5,12 +5,12 @@ def callback(x): #$ use=moduleImport("mypkg").getMember("foo").getMember("bar"). foo.bar(callback) #$ def=moduleImport("mypkg").getMember("foo").getMember("bar").getParameter(0) use=moduleImport("mypkg").getMember("foo").getMember("bar").getReturn() -def callback2(x): #$ use=moduleImport("mypkg").getMember("foo").getMember("baz").getParameter(0).getMember("c").getParameter(0) - x.baz2() #$ use=moduleImport("mypkg").getMember("foo").getMember("baz").getParameter(0).getMember("c").getParameter(0).getMember("baz2").getReturn() +def callback2(x): #$ use=moduleImport("mypkg").getMember("foo").getMember("baz").getParameter(0).getASubscript().getParameter(0) + x.baz2() #$ use=moduleImport("mypkg").getMember("foo").getMember("baz").getParameter(0).getASubscript().getParameter(0).getMember("baz2").getReturn() mydict = { - "c": callback2, #$ def=moduleImport("mypkg").getMember("foo").getMember("baz").getParameter(0).getMember("c") - "other": "whatever" #$ def=moduleImport("mypkg").getMember("foo").getMember("baz").getParameter(0).getMember("other") + "c": callback2, #$ def=moduleImport("mypkg").getMember("foo").getMember("baz").getParameter(0).getASubscript() + "other": "whatever" #$ def=moduleImport("mypkg").getMember("foo").getMember("baz").getParameter(0).getASubscript() } foo.baz(mydict) #$ def=moduleImport("mypkg").getMember("foo").getMember("baz").getParameter(0) use=moduleImport("mypkg").getMember("foo").getMember("baz").getReturn() @@ -34,11 +34,11 @@ otherDict.fourth = callback4 foo.quack(otherDict.fourth) #$ def=moduleImport("mypkg").getMember("foo").getMember("quack").getParameter(0) use=moduleImport("mypkg").getMember("foo").getMember("quack").getReturn() -def namedCallback(myName, otherName): - # Using named parameters: +def namedCallback(myName, otherName): + # Using named parameters: myName() #$ use=moduleImport("mypkg").getMember("foo").getMember("blob").getParameter(0).getKeywordParameter("myName").getReturn() otherName() #$ use=moduleImport("mypkg").getMember("foo").getMember("blob").getParameter(0).getKeywordParameter("otherName").getReturn() - # Using numbered parameters: + # Using numbered parameters: myName() #$ use=moduleImport("mypkg").getMember("foo").getMember("blob").getParameter(0).getParameter(0).getReturn() otherName() #$ use=moduleImport("mypkg").getMember("foo").getMember("blob").getParameter(0).getParameter(1).getReturn() @@ -58,4 +58,4 @@ recursiveDict.callback = recusisionCallback; recursiveDict.rec1 = recursiveDict; recursiveDict.rec2 = recursiveDict; -foo.rec(recursiveDict); #$ def=moduleImport("mypkg").getMember("foo").getMember("rec").getParameter(0) \ No newline at end of file +foo.rec(recursiveDict); #$ def=moduleImport("mypkg").getMember("foo").getMember("rec").getParameter(0) diff --git a/python/ql/test/library-tests/ApiGraphs/py3/getSubscript.expected b/python/ql/test/library-tests/ApiGraphs/py3/getSubscript.expected new file mode 100644 index 00000000000..d65fecd1e69 --- /dev/null +++ b/python/ql/test/library-tests/ApiGraphs/py3/getSubscript.expected @@ -0,0 +1,6 @@ +| test_subscript.py:4:11:4:28 | Use moduleImport("mypkg").getMember("foo").getReturn().getASubscript() | +| test_subscript.py:5:26:5:27 | Def moduleImport("mypkg").getMember("foo").getReturn().getASubscript() | +| test_subscript.py:6:5:6:22 | Use moduleImport("mypkg").getMember("foo").getReturn().getASubscript() | +| test_subscript.py:6:5:6:28 | Def moduleImport("mypkg").getMember("foo").getReturn().getASubscript() | +| test_subscript.py:7:5:7:22 | Use moduleImport("mypkg").getMember("foo").getReturn().getASubscript() | +| test_subscript.py:7:5:7:28 | Def moduleImport("mypkg").getMember("foo").getReturn().getASubscript() | diff --git a/python/ql/test/library-tests/ApiGraphs/py3/getSubscript.ql b/python/ql/test/library-tests/ApiGraphs/py3/getSubscript.ql new file mode 100644 index 00000000000..fc15486efed --- /dev/null +++ b/python/ql/test/library-tests/ApiGraphs/py3/getSubscript.ql @@ -0,0 +1,4 @@ +import python +import semmle.python.ApiGraphs + +select API::moduleImport("mypkg").getMember("foo").getReturn().getSubscript(["bar", "baz", "qux"]) diff --git a/python/ql/test/library-tests/ApiGraphs/py3/test_subscript.py b/python/ql/test/library-tests/ApiGraphs/py3/test_subscript.py new file mode 100644 index 00000000000..c4d3c655983 --- /dev/null +++ b/python/ql/test/library-tests/ApiGraphs/py3/test_subscript.py @@ -0,0 +1,8 @@ +import mypkg + +def test_subscript(): + bar = mypkg.foo()["bar"] #$ use=moduleImport("mypkg").getMember("foo").getReturn().getASubscript() + mypkg.foo()["baz"] = 42 #$ def=moduleImport("mypkg").getMember("foo").getReturn().getASubscript() + mypkg.foo()["qux"] += 42 #$ use=moduleImport("mypkg").getMember("foo").getReturn().getASubscript() + mypkg.foo()["qux"] += 42 #$ def=moduleImport("mypkg").getMember("foo").getReturn().getASubscript() + mypkg.foo()[mypkg.index] = mypkg.value #$ def=moduleImport("mypkg").getMember("foo").getReturn().getASubscript() diff --git a/python/ql/test/library-tests/frameworks/cx_Oracle/ConceptsTest.expected b/python/ql/test/library-tests/frameworks/cx_Oracle/ConceptsTest.expected new file mode 100644 index 00000000000..e69de29bb2d diff --git a/python/ql/test/library-tests/frameworks/cx_Oracle/ConceptsTest.ql b/python/ql/test/library-tests/frameworks/cx_Oracle/ConceptsTest.ql new file mode 100644 index 00000000000..b557a0bccb6 --- /dev/null +++ b/python/ql/test/library-tests/frameworks/cx_Oracle/ConceptsTest.ql @@ -0,0 +1,2 @@ +import python +import experimental.meta.ConceptsTest diff --git a/python/ql/test/library-tests/frameworks/cx_Oracle/pep249.py b/python/ql/test/library-tests/frameworks/cx_Oracle/pep249.py new file mode 100644 index 00000000000..6ffd9786335 --- /dev/null +++ b/python/ql/test/library-tests/frameworks/cx_Oracle/pep249.py @@ -0,0 +1,6 @@ +import cx_Oracle +connection = cx_Oracle.connect(user="hr", password="pwd", + dsn="dbhost.example.com/orclpdb1") + +cursor = connection.cursor() +cursor.execute("some sql") # $ getSql="some sql" diff --git a/python/ql/test/library-tests/frameworks/django-orm/ReflectedXss.expected b/python/ql/test/library-tests/frameworks/django-orm/ReflectedXss.expected index bbcf58067be..dc055e4a08f 100644 --- a/python/ql/test/library-tests/frameworks/django-orm/ReflectedXss.expected +++ b/python/ql/test/library-tests/frameworks/django-orm/ReflectedXss.expected @@ -94,8 +94,8 @@ nodes | testapp/orm_security_tests.py:121:25:121:36 | ControlFlowNode for Attribute | semmle.label | ControlFlowNode for Attribute | subpaths #select -| testapp/orm_security_tests.py:44:29:44:37 | ControlFlowNode for resp_text | testapp/orm_security_tests.py:19:12:19:18 | ControlFlowNode for request | testapp/orm_security_tests.py:44:29:44:37 | ControlFlowNode for resp_text | Cross-site scripting vulnerability due to $@. | testapp/orm_security_tests.py:19:12:19:18 | ControlFlowNode for request | a user-provided value | -| testapp/orm_security_tests.py:48:25:48:57 | ControlFlowNode for Attribute() | testapp/orm_security_tests.py:19:12:19:18 | ControlFlowNode for request | testapp/orm_security_tests.py:48:25:48:57 | ControlFlowNode for Attribute() | Cross-site scripting vulnerability due to $@. | testapp/orm_security_tests.py:19:12:19:18 | ControlFlowNode for request | a user-provided value | -| testapp/orm_security_tests.py:55:25:55:55 | ControlFlowNode for Attribute() | testapp/orm_security_tests.py:19:12:19:18 | ControlFlowNode for request | testapp/orm_security_tests.py:55:25:55:55 | ControlFlowNode for Attribute() | Cross-site scripting vulnerability due to $@. | testapp/orm_security_tests.py:19:12:19:18 | ControlFlowNode for request | a user-provided value | -| testapp/orm_security_tests.py:102:25:102:36 | ControlFlowNode for Attribute | testapp/orm_security_tests.py:95:37:95:43 | ControlFlowNode for request | testapp/orm_security_tests.py:102:25:102:36 | ControlFlowNode for Attribute | Cross-site scripting vulnerability due to $@. | testapp/orm_security_tests.py:95:37:95:43 | ControlFlowNode for request | a user-provided value | -| testapp/orm_security_tests.py:121:25:121:36 | ControlFlowNode for Attribute | testapp/orm_security_tests.py:114:33:114:39 | ControlFlowNode for request | testapp/orm_security_tests.py:121:25:121:36 | ControlFlowNode for Attribute | Cross-site scripting vulnerability due to $@. | testapp/orm_security_tests.py:114:33:114:39 | ControlFlowNode for request | a user-provided value | +| testapp/orm_security_tests.py:44:29:44:37 | ControlFlowNode for resp_text | testapp/orm_security_tests.py:19:12:19:18 | ControlFlowNode for request | testapp/orm_security_tests.py:44:29:44:37 | ControlFlowNode for resp_text | Cross-site scripting vulnerability due to a $@. | testapp/orm_security_tests.py:19:12:19:18 | ControlFlowNode for request | user-provided value | +| testapp/orm_security_tests.py:48:25:48:57 | ControlFlowNode for Attribute() | testapp/orm_security_tests.py:19:12:19:18 | ControlFlowNode for request | testapp/orm_security_tests.py:48:25:48:57 | ControlFlowNode for Attribute() | Cross-site scripting vulnerability due to a $@. | testapp/orm_security_tests.py:19:12:19:18 | ControlFlowNode for request | user-provided value | +| testapp/orm_security_tests.py:55:25:55:55 | ControlFlowNode for Attribute() | testapp/orm_security_tests.py:19:12:19:18 | ControlFlowNode for request | testapp/orm_security_tests.py:55:25:55:55 | ControlFlowNode for Attribute() | Cross-site scripting vulnerability due to a $@. | testapp/orm_security_tests.py:19:12:19:18 | ControlFlowNode for request | user-provided value | +| testapp/orm_security_tests.py:102:25:102:36 | ControlFlowNode for Attribute | testapp/orm_security_tests.py:95:37:95:43 | ControlFlowNode for request | testapp/orm_security_tests.py:102:25:102:36 | ControlFlowNode for Attribute | Cross-site scripting vulnerability due to a $@. | testapp/orm_security_tests.py:95:37:95:43 | ControlFlowNode for request | user-provided value | +| testapp/orm_security_tests.py:121:25:121:36 | ControlFlowNode for Attribute | testapp/orm_security_tests.py:114:33:114:39 | ControlFlowNode for request | testapp/orm_security_tests.py:121:25:121:36 | ControlFlowNode for Attribute | Cross-site scripting vulnerability due to a $@. | testapp/orm_security_tests.py:114:33:114:39 | ControlFlowNode for request | user-provided value | diff --git a/python/ql/test/library-tests/frameworks/modeling-example/NaiveModel.expected b/python/ql/test/library-tests/frameworks/modeling-example/NaiveModel.expected index 4f88ba7b4e1..3c432f49458 100644 --- a/python/ql/test/library-tests/frameworks/modeling-example/NaiveModel.expected +++ b/python/ql/test/library-tests/frameworks/modeling-example/NaiveModel.expected @@ -30,7 +30,7 @@ subpaths #select | test.py:22:10:22:24 | ControlFlowNode for Attribute() | test.py:21:11:21:18 | ControlFlowNode for source() | test.py:22:10:22:24 | ControlFlowNode for Attribute() | test flow (naive): test_simple | | test.py:33:10:33:12 | ControlFlowNode for val | test.py:29:11:29:18 | ControlFlowNode for source() | test.py:33:10:33:12 | ControlFlowNode for val | test flow (naive): test_alias | -| test.py:41:10:41:12 | ControlFlowNode for val | test.py:45:11:45:18 | ControlFlowNode for source() | test.py:41:10:41:12 | ControlFlowNode for val | test flow (naive): test_accross_functions | +| test.py:41:10:41:12 | ControlFlowNode for val | test.py:45:11:45:18 | ControlFlowNode for source() | test.py:41:10:41:12 | ControlFlowNode for val | test flow (naive): test_across_functions | | test.py:54:10:54:12 | ControlFlowNode for val | test.py:70:11:70:18 | ControlFlowNode for source() | test.py:54:10:54:12 | ControlFlowNode for val | test flow (naive): test_deeply_nested | | test.py:79:10:79:12 | ControlFlowNode for val | test.py:83:11:83:18 | ControlFlowNode for source() | test.py:79:10:79:12 | ControlFlowNode for val | test flow (naive): test_pass_bound_method | | test.py:91:10:91:12 | ControlFlowNode for val | test.py:107:11:107:18 | ControlFlowNode for source() | test.py:91:10:91:12 | ControlFlowNode for val | test flow (naive): test_deeply_nested_bound_method | diff --git a/python/ql/test/library-tests/frameworks/modeling-example/ProperModel.expected b/python/ql/test/library-tests/frameworks/modeling-example/ProperModel.expected index 9fee0cc2941..e3f2a30c96a 100644 --- a/python/ql/test/library-tests/frameworks/modeling-example/ProperModel.expected +++ b/python/ql/test/library-tests/frameworks/modeling-example/ProperModel.expected @@ -70,7 +70,7 @@ subpaths #select | test.py:22:10:22:24 | ControlFlowNode for Attribute() | test.py:21:11:21:18 | ControlFlowNode for source() | test.py:22:10:22:24 | ControlFlowNode for Attribute() | test flow (proper): test_simple | | test.py:33:10:33:12 | ControlFlowNode for val | test.py:29:11:29:18 | ControlFlowNode for source() | test.py:33:10:33:12 | ControlFlowNode for val | test flow (proper): test_alias | -| test.py:41:10:41:12 | ControlFlowNode for val | test.py:45:11:45:18 | ControlFlowNode for source() | test.py:41:10:41:12 | ControlFlowNode for val | test flow (proper): test_accross_functions | +| test.py:41:10:41:12 | ControlFlowNode for val | test.py:45:11:45:18 | ControlFlowNode for source() | test.py:41:10:41:12 | ControlFlowNode for val | test flow (proper): test_across_functions | | test.py:54:10:54:12 | ControlFlowNode for val | test.py:70:11:70:18 | ControlFlowNode for source() | test.py:54:10:54:12 | ControlFlowNode for val | test flow (proper): test_deeply_nested | | test.py:79:10:79:12 | ControlFlowNode for val | test.py:83:11:83:18 | ControlFlowNode for source() | test.py:79:10:79:12 | ControlFlowNode for val | test flow (proper): test_pass_bound_method | | test.py:91:10:91:12 | ControlFlowNode for val | test.py:107:11:107:18 | ControlFlowNode for source() | test.py:91:10:91:12 | ControlFlowNode for val | test flow (proper): test_deeply_nested_bound_method | diff --git a/python/ql/test/library-tests/frameworks/modeling-example/test.py b/python/ql/test/library-tests/frameworks/modeling-example/test.py index 6fe7bb3fcad..50b82df7068 100644 --- a/python/ql/test/library-tests/frameworks/modeling-example/test.py +++ b/python/ql/test/library-tests/frameworks/modeling-example/test.py @@ -41,7 +41,7 @@ def sink_func(arg): sink(val) -def test_accross_functions(): +def test_across_functions(): src = source() sink_func(src) diff --git a/python/ql/test/library-tests/frameworks/oracledb/ConceptsTest.expected b/python/ql/test/library-tests/frameworks/oracledb/ConceptsTest.expected new file mode 100644 index 00000000000..e69de29bb2d diff --git a/python/ql/test/library-tests/frameworks/oracledb/ConceptsTest.ql b/python/ql/test/library-tests/frameworks/oracledb/ConceptsTest.ql new file mode 100644 index 00000000000..b557a0bccb6 --- /dev/null +++ b/python/ql/test/library-tests/frameworks/oracledb/ConceptsTest.ql @@ -0,0 +1,2 @@ +import python +import experimental.meta.ConceptsTest diff --git a/python/ql/test/library-tests/frameworks/oracledb/pep249.py b/python/ql/test/library-tests/frameworks/oracledb/pep249.py new file mode 100644 index 00000000000..ebf6c6e5a13 --- /dev/null +++ b/python/ql/test/library-tests/frameworks/oracledb/pep249.py @@ -0,0 +1,5 @@ +import oracledb + +connection = oracledb.connect(user="username", password="password", dsn="connectstring") +cursor = connection.cursor() +cursor.execute("some sql") # $ getSql="some sql" diff --git a/python/ql/test/library-tests/frameworks/phoenixdb/ConceptsTest.expected b/python/ql/test/library-tests/frameworks/phoenixdb/ConceptsTest.expected new file mode 100644 index 00000000000..e69de29bb2d diff --git a/python/ql/test/library-tests/frameworks/phoenixdb/ConceptsTest.ql b/python/ql/test/library-tests/frameworks/phoenixdb/ConceptsTest.ql new file mode 100644 index 00000000000..b557a0bccb6 --- /dev/null +++ b/python/ql/test/library-tests/frameworks/phoenixdb/ConceptsTest.ql @@ -0,0 +1,2 @@ +import python +import experimental.meta.ConceptsTest diff --git a/python/ql/test/library-tests/frameworks/phoenixdb/pep249.py b/python/ql/test/library-tests/frameworks/phoenixdb/pep249.py new file mode 100644 index 00000000000..0021eb282d2 --- /dev/null +++ b/python/ql/test/library-tests/frameworks/phoenixdb/pep249.py @@ -0,0 +1,8 @@ +import phoenixdb +import phoenixdb.cursor + +database_url = 'http://localhost:8765/' +conn = phoenixdb.connect(database_url, autocommit=True) + +cursor = conn.cursor() +cursor.execute("some sql") # $ getSql="some sql" diff --git a/python/ql/test/library-tests/frameworks/pymssql/ConceptsTest.expected b/python/ql/test/library-tests/frameworks/pymssql/ConceptsTest.expected new file mode 100644 index 00000000000..e69de29bb2d diff --git a/python/ql/test/library-tests/frameworks/pymssql/ConceptsTest.ql b/python/ql/test/library-tests/frameworks/pymssql/ConceptsTest.ql new file mode 100644 index 00000000000..b557a0bccb6 --- /dev/null +++ b/python/ql/test/library-tests/frameworks/pymssql/ConceptsTest.ql @@ -0,0 +1,2 @@ +import python +import experimental.meta.ConceptsTest diff --git a/python/ql/test/library-tests/frameworks/pymssql/pep249.py b/python/ql/test/library-tests/frameworks/pymssql/pep249.py new file mode 100644 index 00000000000..2ecd00ad464 --- /dev/null +++ b/python/ql/test/library-tests/frameworks/pymssql/pep249.py @@ -0,0 +1,6 @@ +import pymssql +connection = pymssql.connect(host="localhost", user="user", password="passwd") + +cursor = connection.cursor() +cursor.execute("some sql", (42,)) # $ getSql="some sql" +cursor.executemany("some sql", [(42,)]) # $ getSql="some sql" diff --git a/python/ql/test/library-tests/frameworks/pymysql/pep249.py b/python/ql/test/library-tests/frameworks/pymysql/pep249.py index 363e55f1fc3..1f9352875c5 100644 --- a/python/ql/test/library-tests/frameworks/pymysql/pep249.py +++ b/python/ql/test/library-tests/frameworks/pymysql/pep249.py @@ -3,3 +3,4 @@ connection = pymysql.connect(host="localhost", user="user", password="passwd") cursor = connection.cursor() cursor.execute("some sql", (42,)) # $ getSql="some sql" +cursor.executemany("some sql", [(42,)]) # $ getSql="some sql" diff --git a/python/ql/test/library-tests/frameworks/pyodbc/ConceptsTest.expected b/python/ql/test/library-tests/frameworks/pyodbc/ConceptsTest.expected new file mode 100644 index 00000000000..e69de29bb2d diff --git a/python/ql/test/library-tests/frameworks/pyodbc/ConceptsTest.ql b/python/ql/test/library-tests/frameworks/pyodbc/ConceptsTest.ql new file mode 100644 index 00000000000..b557a0bccb6 --- /dev/null +++ b/python/ql/test/library-tests/frameworks/pyodbc/ConceptsTest.ql @@ -0,0 +1,2 @@ +import python +import experimental.meta.ConceptsTest diff --git a/python/ql/test/library-tests/frameworks/pyodbc/pep249.py b/python/ql/test/library-tests/frameworks/pyodbc/pep249.py new file mode 100644 index 00000000000..64b9042136f --- /dev/null +++ b/python/ql/test/library-tests/frameworks/pyodbc/pep249.py @@ -0,0 +1,6 @@ +import pyodbc + +cnxn = pyodbc.connect('DSN=test;PWD=password') + +cursor = cnxn.cursor() +cursor.execute("some sql") # $ getSql="some sql" diff --git a/python/ql/test/query-tests/Classes/subclass-shadowing/SubclassShadowing.expected b/python/ql/test/query-tests/Classes/subclass-shadowing/SubclassShadowing.expected index ae922ef5264..caad71a9a31 100644 --- a/python/ql/test/query-tests/Classes/subclass-shadowing/SubclassShadowing.expected +++ b/python/ql/test/query-tests/Classes/subclass-shadowing/SubclassShadowing.expected @@ -1 +1 @@ -| subclass_shadowing.py:10:5:10:21 | FunctionExpr | Method shadow is shadowed by $@ in super class 'Base'. | subclass_shadowing.py:6:9:6:23 | AssignStmt | an attribute | +| subclass_shadowing.py:10:5:10:21 | FunctionExpr | Method shadow is shadowed by an $@ in super class 'Base'. | subclass_shadowing.py:6:9:6:23 | AssignStmt | attribute | diff --git a/python/ql/test/query-tests/Classes/undefined-attribute/MaybeUndefinedClassAttribute.expected b/python/ql/test/query-tests/Classes/undefined-attribute/MaybeUndefinedClassAttribute.expected index 1aebf13f2bc..6ea6b538a23 100644 --- a/python/ql/test/query-tests/Classes/undefined-attribute/MaybeUndefinedClassAttribute.expected +++ b/python/ql/test/query-tests/Classes/undefined-attribute/MaybeUndefinedClassAttribute.expected @@ -1,4 +1,4 @@ -| undefined_attribute.py:27:16:27:29 | Attribute | Attribute 'may_exist' is not defined in the class body nor in the __init__() method, but it is defined $@ | undefined_attribute.py:11:9:11:22 | Attribute | here | -| undefined_attribute.py:184:16:184:32 | Attribute | Attribute 'return_queue' is not defined in the class body nor in the __init__() method, but it is defined $@ | undefined_attribute.py:181:13:181:29 | Attribute | here | -| undefined_attribute.py:257:16:257:31 | Attribute | Attribute 'glance_host' is not defined in the class body nor in the __init__() method, but it is defined $@ | undefined_attribute.py:262:13:262:28 | Attribute | here | -| undefined_attribute.py:258:16:258:31 | Attribute | Attribute 'glance_port' is not defined in the class body nor in the __init__() method, but it is defined $@ | undefined_attribute.py:263:10:263:25 | Attribute | here | +| undefined_attribute.py:27:16:27:29 | Attribute | Attribute 'may_exist' is not defined in the class body nor in the __init__() method, but it is defined $@. | undefined_attribute.py:11:9:11:22 | Attribute | here | +| undefined_attribute.py:184:16:184:32 | Attribute | Attribute 'return_queue' is not defined in the class body nor in the __init__() method, but it is defined $@. | undefined_attribute.py:181:13:181:29 | Attribute | here | +| undefined_attribute.py:257:16:257:31 | Attribute | Attribute 'glance_host' is not defined in the class body nor in the __init__() method, but it is defined $@. | undefined_attribute.py:262:13:262:28 | Attribute | here | +| undefined_attribute.py:258:16:258:31 | Attribute | Attribute 'glance_port' is not defined in the class body nor in the __init__() method, but it is defined $@. | undefined_attribute.py:263:10:263:25 | Attribute | here | diff --git a/python/ql/test/query-tests/Classes/undefined-attribute/UndefinedClassAttribute.expected b/python/ql/test/query-tests/Classes/undefined-attribute/UndefinedClassAttribute.expected index deb82710cf5..3f62e1c256c 100644 --- a/python/ql/test/query-tests/Classes/undefined-attribute/UndefinedClassAttribute.expected +++ b/python/ql/test/query-tests/Classes/undefined-attribute/UndefinedClassAttribute.expected @@ -1,4 +1,4 @@ -| undefined_attribute.py:24:16:24:30 | Attribute | Attribute 'not_exists' is not defined in either the class body or in any method | -| undefined_attribute.py:109:16:109:21 | Attribute | Attribute 'y' is not defined in either the class body or in any method | -| undefined_attribute.py:250:16:250:31 | Attribute | Attribute 'glance_host' is not defined in either the class body or in any method | -| undefined_attribute.py:251:16:251:31 | Attribute | Attribute 'glance_port' is not defined in either the class body or in any method | +| undefined_attribute.py:24:16:24:30 | Attribute | Attribute 'not_exists' is not defined in either the class body or in any method. | +| undefined_attribute.py:109:16:109:21 | Attribute | Attribute 'y' is not defined in either the class body or in any method. | +| undefined_attribute.py:250:16:250:31 | Attribute | Attribute 'glance_host' is not defined in either the class body or in any method. | +| undefined_attribute.py:251:16:251:31 | Attribute | Attribute 'glance_port' is not defined in either the class body or in any method. | diff --git a/python/ql/test/query-tests/Expressions/comparisons/UselessComparisonTest.expected b/python/ql/test/query-tests/Expressions/comparisons/UselessComparisonTest.expected index f2f9a79a657..a0b6ebbfef6 100644 --- a/python/ql/test/query-tests/Expressions/comparisons/UselessComparisonTest.expected +++ b/python/ql/test/query-tests/Expressions/comparisons/UselessComparisonTest.expected @@ -1,10 +1,10 @@ -| test.py:6:8:6:13 | Compare | Test is always true, because of $@ | test.py:4:8:4:12 | Compare | this condition | -| test.py:8:8:8:13 | Compare | Test is always true, because of $@ | test.py:4:17:4:21 | Compare | this condition | -| test.py:13:16:13:22 | Compare | Test is always false, because of $@ | test.py:11:12:11:17 | Compare | this condition | -| test.py:15:14:15:18 | Compare | Test is always true, because of $@ | test.py:11:12:11:17 | Compare | this condition | -| test.py:27:8:27:13 | Compare | Test is always true, because of $@ | test.py:25:8:25:12 | Compare | this condition | -| test.py:30:12:30:18 | Compare | Test is always false, because of $@ | test.py:25:17:25:23 | Compare | this condition | -| test.py:49:8:49:12 | Compare | Test is always false, because of $@ | test.py:47:8:47:50 | Compare | this condition | -| test.py:73:14:73:26 | Compare | Test is always true, because of $@ | test.py:71:8:71:19 | Compare | this condition | -| test.py:79:14:79:46 | Compare | Test is always true, because of $@ | test.py:77:8:77:19 | Compare | this condition | -| test.py:85:10:85:42 | Compare | Test is always true, because of $@ | test.py:83:8:83:19 | Compare | this condition | +| test.py:6:8:6:13 | Compare | Test is always true, because of $@. | test.py:4:8:4:12 | Compare | this condition | +| test.py:8:8:8:13 | Compare | Test is always true, because of $@. | test.py:4:17:4:21 | Compare | this condition | +| test.py:13:16:13:22 | Compare | Test is always false, because of $@. | test.py:11:12:11:17 | Compare | this condition | +| test.py:15:14:15:18 | Compare | Test is always true, because of $@. | test.py:11:12:11:17 | Compare | this condition | +| test.py:27:8:27:13 | Compare | Test is always true, because of $@. | test.py:25:8:25:12 | Compare | this condition | +| test.py:30:12:30:18 | Compare | Test is always false, because of $@. | test.py:25:17:25:23 | Compare | this condition | +| test.py:49:8:49:12 | Compare | Test is always false, because of $@. | test.py:47:8:47:50 | Compare | this condition | +| test.py:73:14:73:26 | Compare | Test is always true, because of $@. | test.py:71:8:71:19 | Compare | this condition | +| test.py:79:14:79:46 | Compare | Test is always true, because of $@. | test.py:77:8:77:19 | Compare | this condition | +| test.py:85:10:85:42 | Compare | Test is always true, because of $@. | test.py:83:8:83:19 | Compare | this condition | diff --git a/python/ql/test/query-tests/Functions/ModificationOfParameterWithDefault/ModificationOfParameterWithDefault.expected b/python/ql/test/query-tests/Functions/ModificationOfParameterWithDefault/ModificationOfParameterWithDefault.expected index 71f4137f1ef..527a30c9b3f 100644 --- a/python/ql/test/query-tests/Functions/ModificationOfParameterWithDefault/ModificationOfParameterWithDefault.expected +++ b/python/ql/test/query-tests/Functions/ModificationOfParameterWithDefault/ModificationOfParameterWithDefault.expected @@ -83,26 +83,26 @@ nodes | test.py:147:9:147:9 | ControlFlowNode for l | semmle.label | ControlFlowNode for l | subpaths #select -| test.py:3:5:3:5 | ControlFlowNode for l | test.py:2:12:2:12 | ControlFlowNode for l | test.py:3:5:3:5 | ControlFlowNode for l | This expression mutates $@. | test.py:2:12:2:12 | ControlFlowNode for l | a default value | -| test.py:8:5:8:5 | ControlFlowNode for l | test.py:7:11:7:11 | ControlFlowNode for l | test.py:8:5:8:5 | ControlFlowNode for l | This expression mutates $@. | test.py:7:11:7:11 | ControlFlowNode for l | a default value | -| test.py:13:9:13:9 | ControlFlowNode for l | test.py:12:14:12:14 | ControlFlowNode for l | test.py:13:9:13:9 | ControlFlowNode for l | This expression mutates $@. | test.py:12:14:12:14 | ControlFlowNode for l | a default value | -| test.py:18:5:18:5 | ControlFlowNode for l | test.py:17:15:17:15 | ControlFlowNode for l | test.py:18:5:18:5 | ControlFlowNode for l | This expression mutates $@. | test.py:17:15:17:15 | ControlFlowNode for l | a default value | -| test.py:23:5:23:5 | ControlFlowNode for l | test.py:22:15:22:15 | ControlFlowNode for l | test.py:23:5:23:5 | ControlFlowNode for l | This expression mutates $@. | test.py:22:15:22:15 | ControlFlowNode for l | a default value | -| test.py:28:5:28:5 | ControlFlowNode for l | test.py:27:12:27:12 | ControlFlowNode for l | test.py:28:5:28:5 | ControlFlowNode for l | This expression mutates $@. | test.py:27:12:27:12 | ControlFlowNode for l | a default value | -| test.py:39:5:39:5 | ControlFlowNode for l | test.py:43:14:43:14 | ControlFlowNode for l | test.py:39:5:39:5 | ControlFlowNode for l | This expression mutates $@. | test.py:43:14:43:14 | ControlFlowNode for l | a default value | -| test.py:49:5:49:5 | ControlFlowNode for l | test.py:48:14:48:14 | ControlFlowNode for l | test.py:49:5:49:5 | ControlFlowNode for l | This expression mutates $@. | test.py:48:14:48:14 | ControlFlowNode for l | a default value | -| test.py:54:5:54:5 | ControlFlowNode for d | test.py:53:10:53:10 | ControlFlowNode for d | test.py:54:5:54:5 | ControlFlowNode for d | This expression mutates $@. | test.py:53:10:53:10 | ControlFlowNode for d | a default value | -| test.py:59:5:59:5 | ControlFlowNode for d | test.py:58:19:58:19 | ControlFlowNode for d | test.py:59:5:59:5 | ControlFlowNode for d | This expression mutates $@. | test.py:58:19:58:19 | ControlFlowNode for d | a default value | -| test.py:64:5:64:5 | ControlFlowNode for d | test.py:63:28:63:28 | ControlFlowNode for d | test.py:64:5:64:5 | ControlFlowNode for d | This expression mutates $@. | test.py:63:28:63:28 | ControlFlowNode for d | a default value | -| test.py:68:5:68:5 | ControlFlowNode for d | test.py:72:19:72:19 | ControlFlowNode for d | test.py:68:5:68:5 | ControlFlowNode for d | This expression mutates $@. | test.py:72:19:72:19 | ControlFlowNode for d | a default value | -| test.py:78:5:78:5 | ControlFlowNode for d | test.py:77:17:77:17 | ControlFlowNode for d | test.py:78:5:78:5 | ControlFlowNode for d | This expression mutates $@. | test.py:77:17:77:17 | ControlFlowNode for d | a default value | -| test.py:83:5:83:5 | ControlFlowNode for d | test.py:82:26:82:26 | ControlFlowNode for d | test.py:83:5:83:5 | ControlFlowNode for d | This expression mutates $@. | test.py:82:26:82:26 | ControlFlowNode for d | a default value | -| test.py:88:5:88:5 | ControlFlowNode for d | test.py:87:35:87:35 | ControlFlowNode for d | test.py:88:5:88:5 | ControlFlowNode for d | This expression mutates $@. | test.py:87:35:87:35 | ControlFlowNode for d | a default value | -| test.py:92:5:92:5 | ControlFlowNode for d | test.py:96:26:96:26 | ControlFlowNode for d | test.py:92:5:92:5 | ControlFlowNode for d | This expression mutates $@. | test.py:96:26:96:26 | ControlFlowNode for d | a default value | -| test.py:109:9:109:9 | ControlFlowNode for d | test.py:108:14:108:14 | ControlFlowNode for d | test.py:109:9:109:9 | ControlFlowNode for d | This expression mutates $@. | test.py:108:14:108:14 | ControlFlowNode for d | a default value | -| test.py:115:5:115:5 | ControlFlowNode for d | test.py:113:20:113:20 | ControlFlowNode for d | test.py:115:5:115:5 | ControlFlowNode for d | This expression mutates $@. | test.py:113:20:113:20 | ControlFlowNode for d | a default value | -| test.py:121:5:121:5 | ControlFlowNode for d | test.py:119:29:119:29 | ControlFlowNode for d | test.py:121:5:121:5 | ControlFlowNode for d | This expression mutates $@. | test.py:119:29:119:29 | ControlFlowNode for d | a default value | -| test.py:128:9:128:9 | ControlFlowNode for l | test.py:124:15:124:15 | ControlFlowNode for l | test.py:128:9:128:9 | ControlFlowNode for l | This expression mutates $@. | test.py:124:15:124:15 | ControlFlowNode for l | a default value | -| test.py:135:9:135:9 | ControlFlowNode for l | test.py:131:23:131:23 | ControlFlowNode for l | test.py:135:9:135:9 | ControlFlowNode for l | This expression mutates $@. | test.py:131:23:131:23 | ControlFlowNode for l | a default value | -| test.py:140:9:140:9 | ControlFlowNode for l | test.py:138:15:138:15 | ControlFlowNode for l | test.py:140:9:140:9 | ControlFlowNode for l | This expression mutates $@. | test.py:138:15:138:15 | ControlFlowNode for l | a default value | -| test.py:147:9:147:9 | ControlFlowNode for l | test.py:145:23:145:23 | ControlFlowNode for l | test.py:147:9:147:9 | ControlFlowNode for l | This expression mutates $@. | test.py:145:23:145:23 | ControlFlowNode for l | a default value | +| test.py:3:5:3:5 | ControlFlowNode for l | test.py:2:12:2:12 | ControlFlowNode for l | test.py:3:5:3:5 | ControlFlowNode for l | This expression mutates a $@. | test.py:2:12:2:12 | ControlFlowNode for l | default value | +| test.py:8:5:8:5 | ControlFlowNode for l | test.py:7:11:7:11 | ControlFlowNode for l | test.py:8:5:8:5 | ControlFlowNode for l | This expression mutates a $@. | test.py:7:11:7:11 | ControlFlowNode for l | default value | +| test.py:13:9:13:9 | ControlFlowNode for l | test.py:12:14:12:14 | ControlFlowNode for l | test.py:13:9:13:9 | ControlFlowNode for l | This expression mutates a $@. | test.py:12:14:12:14 | ControlFlowNode for l | default value | +| test.py:18:5:18:5 | ControlFlowNode for l | test.py:17:15:17:15 | ControlFlowNode for l | test.py:18:5:18:5 | ControlFlowNode for l | This expression mutates a $@. | test.py:17:15:17:15 | ControlFlowNode for l | default value | +| test.py:23:5:23:5 | ControlFlowNode for l | test.py:22:15:22:15 | ControlFlowNode for l | test.py:23:5:23:5 | ControlFlowNode for l | This expression mutates a $@. | test.py:22:15:22:15 | ControlFlowNode for l | default value | +| test.py:28:5:28:5 | ControlFlowNode for l | test.py:27:12:27:12 | ControlFlowNode for l | test.py:28:5:28:5 | ControlFlowNode for l | This expression mutates a $@. | test.py:27:12:27:12 | ControlFlowNode for l | default value | +| test.py:39:5:39:5 | ControlFlowNode for l | test.py:43:14:43:14 | ControlFlowNode for l | test.py:39:5:39:5 | ControlFlowNode for l | This expression mutates a $@. | test.py:43:14:43:14 | ControlFlowNode for l | default value | +| test.py:49:5:49:5 | ControlFlowNode for l | test.py:48:14:48:14 | ControlFlowNode for l | test.py:49:5:49:5 | ControlFlowNode for l | This expression mutates a $@. | test.py:48:14:48:14 | ControlFlowNode for l | default value | +| test.py:54:5:54:5 | ControlFlowNode for d | test.py:53:10:53:10 | ControlFlowNode for d | test.py:54:5:54:5 | ControlFlowNode for d | This expression mutates a $@. | test.py:53:10:53:10 | ControlFlowNode for d | default value | +| test.py:59:5:59:5 | ControlFlowNode for d | test.py:58:19:58:19 | ControlFlowNode for d | test.py:59:5:59:5 | ControlFlowNode for d | This expression mutates a $@. | test.py:58:19:58:19 | ControlFlowNode for d | default value | +| test.py:64:5:64:5 | ControlFlowNode for d | test.py:63:28:63:28 | ControlFlowNode for d | test.py:64:5:64:5 | ControlFlowNode for d | This expression mutates a $@. | test.py:63:28:63:28 | ControlFlowNode for d | default value | +| test.py:68:5:68:5 | ControlFlowNode for d | test.py:72:19:72:19 | ControlFlowNode for d | test.py:68:5:68:5 | ControlFlowNode for d | This expression mutates a $@. | test.py:72:19:72:19 | ControlFlowNode for d | default value | +| test.py:78:5:78:5 | ControlFlowNode for d | test.py:77:17:77:17 | ControlFlowNode for d | test.py:78:5:78:5 | ControlFlowNode for d | This expression mutates a $@. | test.py:77:17:77:17 | ControlFlowNode for d | default value | +| test.py:83:5:83:5 | ControlFlowNode for d | test.py:82:26:82:26 | ControlFlowNode for d | test.py:83:5:83:5 | ControlFlowNode for d | This expression mutates a $@. | test.py:82:26:82:26 | ControlFlowNode for d | default value | +| test.py:88:5:88:5 | ControlFlowNode for d | test.py:87:35:87:35 | ControlFlowNode for d | test.py:88:5:88:5 | ControlFlowNode for d | This expression mutates a $@. | test.py:87:35:87:35 | ControlFlowNode for d | default value | +| test.py:92:5:92:5 | ControlFlowNode for d | test.py:96:26:96:26 | ControlFlowNode for d | test.py:92:5:92:5 | ControlFlowNode for d | This expression mutates a $@. | test.py:96:26:96:26 | ControlFlowNode for d | default value | +| test.py:109:9:109:9 | ControlFlowNode for d | test.py:108:14:108:14 | ControlFlowNode for d | test.py:109:9:109:9 | ControlFlowNode for d | This expression mutates a $@. | test.py:108:14:108:14 | ControlFlowNode for d | default value | +| test.py:115:5:115:5 | ControlFlowNode for d | test.py:113:20:113:20 | ControlFlowNode for d | test.py:115:5:115:5 | ControlFlowNode for d | This expression mutates a $@. | test.py:113:20:113:20 | ControlFlowNode for d | default value | +| test.py:121:5:121:5 | ControlFlowNode for d | test.py:119:29:119:29 | ControlFlowNode for d | test.py:121:5:121:5 | ControlFlowNode for d | This expression mutates a $@. | test.py:119:29:119:29 | ControlFlowNode for d | default value | +| test.py:128:9:128:9 | ControlFlowNode for l | test.py:124:15:124:15 | ControlFlowNode for l | test.py:128:9:128:9 | ControlFlowNode for l | This expression mutates a $@. | test.py:124:15:124:15 | ControlFlowNode for l | default value | +| test.py:135:9:135:9 | ControlFlowNode for l | test.py:131:23:131:23 | ControlFlowNode for l | test.py:135:9:135:9 | ControlFlowNode for l | This expression mutates a $@. | test.py:131:23:131:23 | ControlFlowNode for l | default value | +| test.py:140:9:140:9 | ControlFlowNode for l | test.py:138:15:138:15 | ControlFlowNode for l | test.py:140:9:140:9 | ControlFlowNode for l | This expression mutates a $@. | test.py:138:15:138:15 | ControlFlowNode for l | default value | +| test.py:147:9:147:9 | ControlFlowNode for l | test.py:145:23:145:23 | ControlFlowNode for l | test.py:147:9:147:9 | ControlFlowNode for l | This expression mutates a $@. | test.py:145:23:145:23 | ControlFlowNode for l | default value | diff --git a/python/ql/test/query-tests/Functions/general/DeprecatedSliceMethod.expected b/python/ql/test/query-tests/Functions/general/DeprecatedSliceMethod.expected index c40120862c3..d2fa86f6f27 100644 --- a/python/ql/test/query-tests/Functions/general/DeprecatedSliceMethod.expected +++ b/python/ql/test/query-tests/Functions/general/DeprecatedSliceMethod.expected @@ -1,3 +1,3 @@ -| functions_test.py:99:5:99:40 | Function DeprecatedSliceMethods.__getslice__ | __getslice__ method has been deprecated since Python 2.0 | -| functions_test.py:102:5:102:47 | Function DeprecatedSliceMethods.__setslice__ | __setslice__ method has been deprecated since Python 2.0 | -| functions_test.py:105:5:105:40 | Function DeprecatedSliceMethods.__delslice__ | __delslice__ method has been deprecated since Python 2.0 | +| functions_test.py:99:5:99:40 | Function DeprecatedSliceMethods.__getslice__ | __getslice__ method has been deprecated since Python 2.0. | +| functions_test.py:102:5:102:47 | Function DeprecatedSliceMethods.__setslice__ | __setslice__ method has been deprecated since Python 2.0. | +| functions_test.py:105:5:105:40 | Function DeprecatedSliceMethods.__delslice__ | __delslice__ method has been deprecated since Python 2.0. | diff --git a/python/ql/test/query-tests/Functions/general/ModificationOfParameterWithDefault.expected b/python/ql/test/query-tests/Functions/general/ModificationOfParameterWithDefault.expected index a2eff0d757f..02111ef0e5e 100644 --- a/python/ql/test/query-tests/Functions/general/ModificationOfParameterWithDefault.expected +++ b/python/ql/test/query-tests/Functions/general/ModificationOfParameterWithDefault.expected @@ -34,11 +34,11 @@ nodes | functions_test.py:196:28:196:28 | ControlFlowNode for x | semmle.label | ControlFlowNode for x | subpaths #select -| functions_test.py:40:5:40:5 | ControlFlowNode for x | functions_test.py:39:9:39:9 | ControlFlowNode for x | functions_test.py:40:5:40:5 | ControlFlowNode for x | This expression mutates $@. | functions_test.py:39:9:39:9 | ControlFlowNode for x | a default value | -| functions_test.py:134:5:134:5 | ControlFlowNode for x | functions_test.py:133:15:133:15 | ControlFlowNode for x | functions_test.py:134:5:134:5 | ControlFlowNode for x | This expression mutates $@. | functions_test.py:133:15:133:15 | ControlFlowNode for x | a default value | -| functions_test.py:152:5:152:5 | ControlFlowNode for x | functions_test.py:157:27:157:27 | ControlFlowNode for y | functions_test.py:152:5:152:5 | ControlFlowNode for x | This expression mutates $@. | functions_test.py:157:27:157:27 | ControlFlowNode for y | a default value | -| functions_test.py:155:5:155:5 | ControlFlowNode for x | functions_test.py:157:27:157:27 | ControlFlowNode for y | functions_test.py:155:5:155:5 | ControlFlowNode for x | This expression mutates $@. | functions_test.py:157:27:157:27 | ControlFlowNode for y | a default value | -| functions_test.py:183:9:183:9 | ControlFlowNode for x | functions_test.py:192:18:192:18 | ControlFlowNode for x | functions_test.py:183:9:183:9 | ControlFlowNode for x | This expression mutates $@. | functions_test.py:192:18:192:18 | ControlFlowNode for x | a default value | -| functions_test.py:183:9:183:9 | ControlFlowNode for x | functions_test.py:195:18:195:18 | ControlFlowNode for x | functions_test.py:183:9:183:9 | ControlFlowNode for x | This expression mutates $@. | functions_test.py:195:18:195:18 | ControlFlowNode for x | a default value | -| functions_test.py:185:9:185:9 | ControlFlowNode for x | functions_test.py:192:18:192:18 | ControlFlowNode for x | functions_test.py:185:9:185:9 | ControlFlowNode for x | This expression mutates $@. | functions_test.py:192:18:192:18 | ControlFlowNode for x | a default value | -| functions_test.py:185:9:185:9 | ControlFlowNode for x | functions_test.py:195:18:195:18 | ControlFlowNode for x | functions_test.py:185:9:185:9 | ControlFlowNode for x | This expression mutates $@. | functions_test.py:195:18:195:18 | ControlFlowNode for x | a default value | +| functions_test.py:40:5:40:5 | ControlFlowNode for x | functions_test.py:39:9:39:9 | ControlFlowNode for x | functions_test.py:40:5:40:5 | ControlFlowNode for x | This expression mutates a $@. | functions_test.py:39:9:39:9 | ControlFlowNode for x | default value | +| functions_test.py:134:5:134:5 | ControlFlowNode for x | functions_test.py:133:15:133:15 | ControlFlowNode for x | functions_test.py:134:5:134:5 | ControlFlowNode for x | This expression mutates a $@. | functions_test.py:133:15:133:15 | ControlFlowNode for x | default value | +| functions_test.py:152:5:152:5 | ControlFlowNode for x | functions_test.py:157:27:157:27 | ControlFlowNode for y | functions_test.py:152:5:152:5 | ControlFlowNode for x | This expression mutates a $@. | functions_test.py:157:27:157:27 | ControlFlowNode for y | default value | +| functions_test.py:155:5:155:5 | ControlFlowNode for x | functions_test.py:157:27:157:27 | ControlFlowNode for y | functions_test.py:155:5:155:5 | ControlFlowNode for x | This expression mutates a $@. | functions_test.py:157:27:157:27 | ControlFlowNode for y | default value | +| functions_test.py:183:9:183:9 | ControlFlowNode for x | functions_test.py:192:18:192:18 | ControlFlowNode for x | functions_test.py:183:9:183:9 | ControlFlowNode for x | This expression mutates a $@. | functions_test.py:192:18:192:18 | ControlFlowNode for x | default value | +| functions_test.py:183:9:183:9 | ControlFlowNode for x | functions_test.py:195:18:195:18 | ControlFlowNode for x | functions_test.py:183:9:183:9 | ControlFlowNode for x | This expression mutates a $@. | functions_test.py:195:18:195:18 | ControlFlowNode for x | default value | +| functions_test.py:185:9:185:9 | ControlFlowNode for x | functions_test.py:192:18:192:18 | ControlFlowNode for x | functions_test.py:185:9:185:9 | ControlFlowNode for x | This expression mutates a $@. | functions_test.py:192:18:192:18 | ControlFlowNode for x | default value | +| functions_test.py:185:9:185:9 | ControlFlowNode for x | functions_test.py:195:18:195:18 | ControlFlowNode for x | functions_test.py:185:9:185:9 | ControlFlowNode for x | This expression mutates a $@. | functions_test.py:195:18:195:18 | ControlFlowNode for x | default value | diff --git a/python/ql/test/query-tests/Functions/return_values/UseImplicitNoneReturnValue.expected b/python/ql/test/query-tests/Functions/return_values/UseImplicitNoneReturnValue.expected index 54a74971d37..ca99ca1ae9c 100644 --- a/python/ql/test/query-tests/Functions/return_values/UseImplicitNoneReturnValue.expected +++ b/python/ql/test/query-tests/Functions/return_values/UseImplicitNoneReturnValue.expected @@ -1,2 +1,2 @@ -| functions_test.py:77:9:77:20 | do_nothing() | The result of '$@' is used even though it is always None. | functions_test.py:83:1:83:17 | Function do_nothing | do_nothing | -| functions_test.py:234:16:234:27 | do_nothing() | The result of '$@' is used even though it is always None. | functions_test.py:83:1:83:17 | Function do_nothing | do_nothing | +| functions_test.py:77:9:77:20 | do_nothing() | The result of $@ is used even though it is always None. | functions_test.py:83:1:83:17 | Function do_nothing | do_nothing | +| functions_test.py:234:16:234:27 | do_nothing() | The result of $@ is used even though it is always None. | functions_test.py:83:1:83:17 | Function do_nothing | do_nothing | diff --git a/python/ql/test/query-tests/Imports/PyCheckerTests/ImportandImportFrom.expected b/python/ql/test/query-tests/Imports/PyCheckerTests/ImportandImportFrom.expected index 620a54a4973..a9e372efb21 100644 --- a/python/ql/test/query-tests/Imports/PyCheckerTests/ImportandImportFrom.expected +++ b/python/ql/test/query-tests/Imports/PyCheckerTests/ImportandImportFrom.expected @@ -1,2 +1,2 @@ -| imports_test.py:4:1:4:19 | Import | Module 'test_module2' is imported with both 'import' and 'import from' | -| pkg_notok/__init__.py:4:1:4:16 | Import | Module 'pkg_notok' is imported with both 'import' and 'import from' | +| imports_test.py:4:1:4:19 | Import | Module 'test_module2' is imported with both 'import' and 'import from'. | +| pkg_notok/__init__.py:4:1:4:16 | Import | Module 'pkg_notok' is imported with both 'import' and 'import from'. | diff --git a/python/ql/test/query-tests/Imports/general/ImportShadowedByLoopVar.expected b/python/ql/test/query-tests/Imports/general/ImportShadowedByLoopVar.expected index 562cc12c51e..bc72acb5a01 100644 --- a/python/ql/test/query-tests/Imports/general/ImportShadowedByLoopVar.expected +++ b/python/ql/test/query-tests/Imports/general/ImportShadowedByLoopVar.expected @@ -1 +1 @@ -| imports_test.py:16:5:16:10 | module | Loop variable 'module' shadows an import | +| imports_test.py:16:5:16:10 | module | Loop variable 'module' shadows an import. | diff --git a/python/ql/test/query-tests/Imports/general/ImportStarUsed.expected b/python/ql/test/query-tests/Imports/general/ImportStarUsed.expected index d29bc2b9b5f..6257baddfb8 100644 --- a/python/ql/test/query-tests/Imports/general/ImportStarUsed.expected +++ b/python/ql/test/query-tests/Imports/general/ImportStarUsed.expected @@ -1,3 +1,3 @@ -| imports_test.py:21:1:21:20 | from module import * | Using 'from ... import *' pollutes the namespace | -| imports_test.py:22:1:22:32 | from module_without_all import * | Using 'from ... import *' pollutes the namespace | -| imports_test.py:65:1:65:40 | from module_that_does_not_exist import * | Using 'from ... import *' pollutes the namespace | +| imports_test.py:21:1:21:20 | from module import * | Using 'from ... import *' pollutes the namespace. | +| imports_test.py:22:1:22:32 | from module_without_all import * | Using 'from ... import *' pollutes the namespace. | +| imports_test.py:65:1:65:40 | from module_that_does_not_exist import * | Using 'from ... import *' pollutes the namespace. | diff --git a/python/ql/test/query-tests/Numerics/Pythagorean.expected b/python/ql/test/query-tests/Numerics/Pythagorean.expected index 2f5ef6ff562..a289983af53 100644 --- a/python/ql/test/query-tests/Numerics/Pythagorean.expected +++ b/python/ql/test/query-tests/Numerics/Pythagorean.expected @@ -1,3 +1,3 @@ -| pythagorean_test.py:6:12:6:28 | ControlFlowNode for sqrt() | Pythagorean calculation with sub-optimal numerics | -| pythagorean_test.py:9:12:9:26 | ControlFlowNode for sqrt() | Pythagorean calculation with sub-optimal numerics | -| pythagorean_test.py:14:12:14:24 | ControlFlowNode for sqrt() | Pythagorean calculation with sub-optimal numerics | +| pythagorean_test.py:6:12:6:28 | ControlFlowNode for sqrt() | Pythagorean calculation with sub-optimal numerics. | +| pythagorean_test.py:9:12:9:26 | ControlFlowNode for sqrt() | Pythagorean calculation with sub-optimal numerics. | +| pythagorean_test.py:14:12:14:24 | ControlFlowNode for sqrt() | Pythagorean calculation with sub-optimal numerics. | diff --git a/python/ql/test/query-tests/Security/CWE-020-IncompleteUrlSubstringSanitization/IncompleteUrlSubstringSanitization.expected b/python/ql/test/query-tests/Security/CWE-020-IncompleteUrlSubstringSanitization/IncompleteUrlSubstringSanitization.expected index 4b2ba67ecda..3a70e1df2c2 100644 --- a/python/ql/test/query-tests/Security/CWE-020-IncompleteUrlSubstringSanitization/IncompleteUrlSubstringSanitization.expected +++ b/python/ql/test/query-tests/Security/CWE-020-IncompleteUrlSubstringSanitization/IncompleteUrlSubstringSanitization.expected @@ -1,2 +1,2 @@ -| urltest.py:9:8:9:30 | Compare | '$@' may be at an arbitrary position in the sanitized URL. | urltest.py:9:8:9:20 | Str | example.com | -| urltest.py:15:8:15:37 | Attribute() | '$@' may be at an arbitrary position in the sanitized URL. | urltest.py:15:24:15:36 | Str | example.com | +| urltest.py:9:8:9:30 | Compare | The string $@ may be at an arbitrary position in the sanitized URL. | urltest.py:9:8:9:20 | Str | example.com | +| urltest.py:15:8:15:37 | Attribute() | The string $@ may be at an arbitrary position in the sanitized URL. | urltest.py:15:24:15:36 | Str | example.com | diff --git a/python/ql/test/query-tests/Security/CWE-022-PathInjection/PathInjection.expected b/python/ql/test/query-tests/Security/CWE-022-PathInjection/PathInjection.expected index 64fe441dc64..4d92275ff36 100644 --- a/python/ql/test/query-tests/Security/CWE-022-PathInjection/PathInjection.expected +++ b/python/ql/test/query-tests/Security/CWE-022-PathInjection/PathInjection.expected @@ -150,21 +150,21 @@ subpaths | test.py:25:19:25:19 | ControlFlowNode for x | test.py:12:15:12:15 | ControlFlowNode for x | test.py:13:12:13:30 | ControlFlowNode for Attribute() | test.py:25:9:25:20 | ControlFlowNode for normalize() | | test.py:48:23:48:23 | ControlFlowNode for x | test.py:12:15:12:15 | ControlFlowNode for x | test.py:13:12:13:30 | ControlFlowNode for Attribute() | test.py:48:13:48:24 | ControlFlowNode for normalize() | #select -| flask_path_injection.py:21:32:21:38 | ControlFlowNode for dirname | flask_path_injection.py:1:26:1:32 | ControlFlowNode for ImportMember | flask_path_injection.py:21:32:21:38 | ControlFlowNode for dirname | This path depends on $@. | flask_path_injection.py:1:26:1:32 | ControlFlowNode for ImportMember | a user-provided value | -| path_injection.py:13:14:13:47 | ControlFlowNode for Attribute() | path_injection.py:3:26:3:32 | ControlFlowNode for ImportMember | path_injection.py:13:14:13:47 | ControlFlowNode for Attribute() | This path depends on $@. | path_injection.py:3:26:3:32 | ControlFlowNode for ImportMember | a user-provided value | -| path_injection.py:21:14:21:18 | ControlFlowNode for npath | path_injection.py:3:26:3:32 | ControlFlowNode for ImportMember | path_injection.py:21:14:21:18 | ControlFlowNode for npath | This path depends on $@. | path_injection.py:3:26:3:32 | ControlFlowNode for ImportMember | a user-provided value | -| path_injection.py:31:14:31:18 | ControlFlowNode for npath | path_injection.py:3:26:3:32 | ControlFlowNode for ImportMember | path_injection.py:31:14:31:18 | ControlFlowNode for npath | This path depends on $@. | path_injection.py:3:26:3:32 | ControlFlowNode for ImportMember | a user-provided value | -| path_injection.py:48:14:48:18 | ControlFlowNode for npath | path_injection.py:3:26:3:32 | ControlFlowNode for ImportMember | path_injection.py:48:14:48:18 | ControlFlowNode for npath | This path depends on $@. | path_injection.py:3:26:3:32 | ControlFlowNode for ImportMember | a user-provided value | -| path_injection.py:65:14:65:18 | ControlFlowNode for npath | path_injection.py:3:26:3:32 | ControlFlowNode for ImportMember | path_injection.py:65:14:65:18 | ControlFlowNode for npath | This path depends on $@. | path_injection.py:3:26:3:32 | ControlFlowNode for ImportMember | a user-provided value | -| path_injection.py:87:18:87:37 | ControlFlowNode for possibly_unsafe_path | path_injection.py:3:26:3:32 | ControlFlowNode for ImportMember | path_injection.py:87:18:87:37 | ControlFlowNode for possibly_unsafe_path | This path depends on $@. | path_injection.py:3:26:3:32 | ControlFlowNode for ImportMember | a user-provided value | -| path_injection.py:94:14:94:17 | ControlFlowNode for path | path_injection.py:91:20:91:25 | ControlFlowNode for foo_id | path_injection.py:94:14:94:17 | ControlFlowNode for path | This path depends on $@. | path_injection.py:91:20:91:25 | ControlFlowNode for foo_id | a user-provided value | -| path_injection.py:102:14:102:17 | ControlFlowNode for path | path_injection.py:98:20:98:22 | ControlFlowNode for foo | path_injection.py:102:14:102:17 | ControlFlowNode for path | This path depends on $@. | path_injection.py:98:20:98:22 | ControlFlowNode for foo | a user-provided value | -| path_injection.py:113:14:113:17 | ControlFlowNode for path | path_injection.py:3:26:3:32 | ControlFlowNode for ImportMember | path_injection.py:113:14:113:17 | ControlFlowNode for path | This path depends on $@. | path_injection.py:3:26:3:32 | ControlFlowNode for ImportMember | a user-provided value | -| path_injection.py:124:14:124:17 | ControlFlowNode for path | path_injection.py:3:26:3:32 | ControlFlowNode for ImportMember | path_injection.py:124:14:124:17 | ControlFlowNode for path | This path depends on $@. | path_injection.py:3:26:3:32 | ControlFlowNode for ImportMember | a user-provided value | -| path_injection.py:132:14:132:22 | ControlFlowNode for sanitized | path_injection.py:3:26:3:32 | ControlFlowNode for ImportMember | path_injection.py:132:14:132:22 | ControlFlowNode for sanitized | This path depends on $@. | path_injection.py:3:26:3:32 | ControlFlowNode for ImportMember | a user-provided value | -| path_injection.py:142:14:142:17 | ControlFlowNode for path | path_injection.py:3:26:3:32 | ControlFlowNode for ImportMember | path_injection.py:142:14:142:17 | ControlFlowNode for path | This path depends on $@. | path_injection.py:3:26:3:32 | ControlFlowNode for ImportMember | a user-provided value | -| path_injection.py:152:18:152:21 | ControlFlowNode for path | path_injection.py:3:26:3:32 | ControlFlowNode for ImportMember | path_injection.py:152:18:152:21 | ControlFlowNode for path | This path depends on $@. | path_injection.py:3:26:3:32 | ControlFlowNode for ImportMember | a user-provided value | -| test.py:19:10:19:10 | ControlFlowNode for x | test.py:3:26:3:32 | ControlFlowNode for ImportMember | test.py:19:10:19:10 | ControlFlowNode for x | This path depends on $@. | test.py:3:26:3:32 | ControlFlowNode for ImportMember | a user-provided value | -| test.py:26:10:26:10 | ControlFlowNode for y | test.py:3:26:3:32 | ControlFlowNode for ImportMember | test.py:26:10:26:10 | ControlFlowNode for y | This path depends on $@. | test.py:3:26:3:32 | ControlFlowNode for ImportMember | a user-provided value | -| test.py:33:14:33:14 | ControlFlowNode for x | test.py:3:26:3:32 | ControlFlowNode for ImportMember | test.py:33:14:33:14 | ControlFlowNode for x | This path depends on $@. | test.py:3:26:3:32 | ControlFlowNode for ImportMember | a user-provided value | -| test.py:49:14:49:14 | ControlFlowNode for y | test.py:3:26:3:32 | ControlFlowNode for ImportMember | test.py:49:14:49:14 | ControlFlowNode for y | This path depends on $@. | test.py:3:26:3:32 | ControlFlowNode for ImportMember | a user-provided value | +| flask_path_injection.py:21:32:21:38 | ControlFlowNode for dirname | flask_path_injection.py:1:26:1:32 | ControlFlowNode for ImportMember | flask_path_injection.py:21:32:21:38 | ControlFlowNode for dirname | This path depends on a $@. | flask_path_injection.py:1:26:1:32 | ControlFlowNode for ImportMember | user-provided value | +| path_injection.py:13:14:13:47 | ControlFlowNode for Attribute() | path_injection.py:3:26:3:32 | ControlFlowNode for ImportMember | path_injection.py:13:14:13:47 | ControlFlowNode for Attribute() | This path depends on a $@. | path_injection.py:3:26:3:32 | ControlFlowNode for ImportMember | user-provided value | +| path_injection.py:21:14:21:18 | ControlFlowNode for npath | path_injection.py:3:26:3:32 | ControlFlowNode for ImportMember | path_injection.py:21:14:21:18 | ControlFlowNode for npath | This path depends on a $@. | path_injection.py:3:26:3:32 | ControlFlowNode for ImportMember | user-provided value | +| path_injection.py:31:14:31:18 | ControlFlowNode for npath | path_injection.py:3:26:3:32 | ControlFlowNode for ImportMember | path_injection.py:31:14:31:18 | ControlFlowNode for npath | This path depends on a $@. | path_injection.py:3:26:3:32 | ControlFlowNode for ImportMember | user-provided value | +| path_injection.py:48:14:48:18 | ControlFlowNode for npath | path_injection.py:3:26:3:32 | ControlFlowNode for ImportMember | path_injection.py:48:14:48:18 | ControlFlowNode for npath | This path depends on a $@. | path_injection.py:3:26:3:32 | ControlFlowNode for ImportMember | user-provided value | +| path_injection.py:65:14:65:18 | ControlFlowNode for npath | path_injection.py:3:26:3:32 | ControlFlowNode for ImportMember | path_injection.py:65:14:65:18 | ControlFlowNode for npath | This path depends on a $@. | path_injection.py:3:26:3:32 | ControlFlowNode for ImportMember | user-provided value | +| path_injection.py:87:18:87:37 | ControlFlowNode for possibly_unsafe_path | path_injection.py:3:26:3:32 | ControlFlowNode for ImportMember | path_injection.py:87:18:87:37 | ControlFlowNode for possibly_unsafe_path | This path depends on a $@. | path_injection.py:3:26:3:32 | ControlFlowNode for ImportMember | user-provided value | +| path_injection.py:94:14:94:17 | ControlFlowNode for path | path_injection.py:91:20:91:25 | ControlFlowNode for foo_id | path_injection.py:94:14:94:17 | ControlFlowNode for path | This path depends on a $@. | path_injection.py:91:20:91:25 | ControlFlowNode for foo_id | user-provided value | +| path_injection.py:102:14:102:17 | ControlFlowNode for path | path_injection.py:98:20:98:22 | ControlFlowNode for foo | path_injection.py:102:14:102:17 | ControlFlowNode for path | This path depends on a $@. | path_injection.py:98:20:98:22 | ControlFlowNode for foo | user-provided value | +| path_injection.py:113:14:113:17 | ControlFlowNode for path | path_injection.py:3:26:3:32 | ControlFlowNode for ImportMember | path_injection.py:113:14:113:17 | ControlFlowNode for path | This path depends on a $@. | path_injection.py:3:26:3:32 | ControlFlowNode for ImportMember | user-provided value | +| path_injection.py:124:14:124:17 | ControlFlowNode for path | path_injection.py:3:26:3:32 | ControlFlowNode for ImportMember | path_injection.py:124:14:124:17 | ControlFlowNode for path | This path depends on a $@. | path_injection.py:3:26:3:32 | ControlFlowNode for ImportMember | user-provided value | +| path_injection.py:132:14:132:22 | ControlFlowNode for sanitized | path_injection.py:3:26:3:32 | ControlFlowNode for ImportMember | path_injection.py:132:14:132:22 | ControlFlowNode for sanitized | This path depends on a $@. | path_injection.py:3:26:3:32 | ControlFlowNode for ImportMember | user-provided value | +| path_injection.py:142:14:142:17 | ControlFlowNode for path | path_injection.py:3:26:3:32 | ControlFlowNode for ImportMember | path_injection.py:142:14:142:17 | ControlFlowNode for path | This path depends on a $@. | path_injection.py:3:26:3:32 | ControlFlowNode for ImportMember | user-provided value | +| path_injection.py:152:18:152:21 | ControlFlowNode for path | path_injection.py:3:26:3:32 | ControlFlowNode for ImportMember | path_injection.py:152:18:152:21 | ControlFlowNode for path | This path depends on a $@. | path_injection.py:3:26:3:32 | ControlFlowNode for ImportMember | user-provided value | +| test.py:19:10:19:10 | ControlFlowNode for x | test.py:3:26:3:32 | ControlFlowNode for ImportMember | test.py:19:10:19:10 | ControlFlowNode for x | This path depends on a $@. | test.py:3:26:3:32 | ControlFlowNode for ImportMember | user-provided value | +| test.py:26:10:26:10 | ControlFlowNode for y | test.py:3:26:3:32 | ControlFlowNode for ImportMember | test.py:26:10:26:10 | ControlFlowNode for y | This path depends on a $@. | test.py:3:26:3:32 | ControlFlowNode for ImportMember | user-provided value | +| test.py:33:14:33:14 | ControlFlowNode for x | test.py:3:26:3:32 | ControlFlowNode for ImportMember | test.py:33:14:33:14 | ControlFlowNode for x | This path depends on a $@. | test.py:3:26:3:32 | ControlFlowNode for ImportMember | user-provided value | +| test.py:49:14:49:14 | ControlFlowNode for y | test.py:3:26:3:32 | ControlFlowNode for ImportMember | test.py:49:14:49:14 | ControlFlowNode for y | This path depends on a $@. | test.py:3:26:3:32 | ControlFlowNode for ImportMember | user-provided value | diff --git a/python/ql/test/query-tests/Security/CWE-022-TarSlip/TarSlip.expected b/python/ql/test/query-tests/Security/CWE-022-TarSlip/TarSlip.expected index 15d62252945..d10399cc7ca 100644 --- a/python/ql/test/query-tests/Security/CWE-022-TarSlip/TarSlip.expected +++ b/python/ql/test/query-tests/Security/CWE-022-TarSlip/TarSlip.expected @@ -23,8 +23,8 @@ nodes | tarslip.py:61:21:61:25 | ControlFlowNode for entry | semmle.label | ControlFlowNode for entry | subpaths #select -| tarslip.py:15:1:15:3 | ControlFlowNode for tar | tarslip.py:14:7:14:39 | ControlFlowNode for Attribute() | tarslip.py:15:1:15:3 | ControlFlowNode for tar | This file extraction depends on $@ | tarslip.py:14:7:14:39 | ControlFlowNode for Attribute() | a potentially untrusted source | -| tarslip.py:20:17:20:21 | ControlFlowNode for entry | tarslip.py:18:7:18:39 | ControlFlowNode for Attribute() | tarslip.py:20:17:20:21 | ControlFlowNode for entry | This file extraction depends on $@ | tarslip.py:18:7:18:39 | ControlFlowNode for Attribute() | a potentially untrusted source | -| tarslip.py:39:17:39:21 | ControlFlowNode for entry | tarslip.py:35:7:35:39 | ControlFlowNode for Attribute() | tarslip.py:39:17:39:21 | ControlFlowNode for entry | This file extraction depends on $@ | tarslip.py:35:7:35:39 | ControlFlowNode for Attribute() | a potentially untrusted source | -| tarslip.py:43:24:43:26 | ControlFlowNode for tar | tarslip.py:42:7:42:39 | ControlFlowNode for Attribute() | tarslip.py:43:24:43:26 | ControlFlowNode for tar | This file extraction depends on $@ | tarslip.py:42:7:42:39 | ControlFlowNode for Attribute() | a potentially untrusted source | -| tarslip.py:61:21:61:25 | ControlFlowNode for entry | tarslip.py:58:7:58:39 | ControlFlowNode for Attribute() | tarslip.py:61:21:61:25 | ControlFlowNode for entry | This file extraction depends on $@ | tarslip.py:58:7:58:39 | ControlFlowNode for Attribute() | a potentially untrusted source | +| tarslip.py:15:1:15:3 | ControlFlowNode for tar | tarslip.py:14:7:14:39 | ControlFlowNode for Attribute() | tarslip.py:15:1:15:3 | ControlFlowNode for tar | This file extraction depends on a $@. | tarslip.py:14:7:14:39 | ControlFlowNode for Attribute() | potentially untrusted source | +| tarslip.py:20:17:20:21 | ControlFlowNode for entry | tarslip.py:18:7:18:39 | ControlFlowNode for Attribute() | tarslip.py:20:17:20:21 | ControlFlowNode for entry | This file extraction depends on a $@. | tarslip.py:18:7:18:39 | ControlFlowNode for Attribute() | potentially untrusted source | +| tarslip.py:39:17:39:21 | ControlFlowNode for entry | tarslip.py:35:7:35:39 | ControlFlowNode for Attribute() | tarslip.py:39:17:39:21 | ControlFlowNode for entry | This file extraction depends on a $@. | tarslip.py:35:7:35:39 | ControlFlowNode for Attribute() | potentially untrusted source | +| tarslip.py:43:24:43:26 | ControlFlowNode for tar | tarslip.py:42:7:42:39 | ControlFlowNode for Attribute() | tarslip.py:43:24:43:26 | ControlFlowNode for tar | This file extraction depends on a $@. | tarslip.py:42:7:42:39 | ControlFlowNode for Attribute() | potentially untrusted source | +| tarslip.py:61:21:61:25 | ControlFlowNode for entry | tarslip.py:58:7:58:39 | ControlFlowNode for Attribute() | tarslip.py:61:21:61:25 | ControlFlowNode for entry | This file extraction depends on a $@. | tarslip.py:58:7:58:39 | ControlFlowNode for Attribute() | potentially untrusted source | diff --git a/python/ql/test/query-tests/Security/CWE-078-CommandInjection-py2/CommandInjection.expected b/python/ql/test/query-tests/Security/CWE-078-CommandInjection-py2/CommandInjection.expected index c86a2a28688..81ae4e63c2f 100644 --- a/python/ql/test/query-tests/Security/CWE-078-CommandInjection-py2/CommandInjection.expected +++ b/python/ql/test/query-tests/Security/CWE-078-CommandInjection-py2/CommandInjection.expected @@ -29,12 +29,12 @@ nodes | command_injection.py:29:19:29:31 | ControlFlowNode for BinaryExpr | semmle.label | ControlFlowNode for BinaryExpr | subpaths #select -| command_injection.py:19:15:19:27 | ControlFlowNode for BinaryExpr | command_injection.py:5:26:5:32 | ControlFlowNode for ImportMember | command_injection.py:19:15:19:27 | ControlFlowNode for BinaryExpr | This command line depends on $@. | command_injection.py:5:26:5:32 | ControlFlowNode for ImportMember | a user-provided value | -| command_injection.py:20:15:20:27 | ControlFlowNode for BinaryExpr | command_injection.py:5:26:5:32 | ControlFlowNode for ImportMember | command_injection.py:20:15:20:27 | ControlFlowNode for BinaryExpr | This command line depends on $@. | command_injection.py:5:26:5:32 | ControlFlowNode for ImportMember | a user-provided value | -| command_injection.py:21:15:21:27 | ControlFlowNode for BinaryExpr | command_injection.py:5:26:5:32 | ControlFlowNode for ImportMember | command_injection.py:21:15:21:27 | ControlFlowNode for BinaryExpr | This command line depends on $@. | command_injection.py:5:26:5:32 | ControlFlowNode for ImportMember | a user-provided value | -| command_injection.py:23:20:23:32 | ControlFlowNode for BinaryExpr | command_injection.py:5:26:5:32 | ControlFlowNode for ImportMember | command_injection.py:23:20:23:32 | ControlFlowNode for BinaryExpr | This command line depends on $@. | command_injection.py:5:26:5:32 | ControlFlowNode for ImportMember | a user-provided value | -| command_injection.py:25:19:25:31 | ControlFlowNode for BinaryExpr | command_injection.py:5:26:5:32 | ControlFlowNode for ImportMember | command_injection.py:25:19:25:31 | ControlFlowNode for BinaryExpr | This command line depends on $@. | command_injection.py:5:26:5:32 | ControlFlowNode for ImportMember | a user-provided value | -| command_injection.py:26:19:26:31 | ControlFlowNode for BinaryExpr | command_injection.py:5:26:5:32 | ControlFlowNode for ImportMember | command_injection.py:26:19:26:31 | ControlFlowNode for BinaryExpr | This command line depends on $@. | command_injection.py:5:26:5:32 | ControlFlowNode for ImportMember | a user-provided value | -| command_injection.py:27:19:27:31 | ControlFlowNode for BinaryExpr | command_injection.py:5:26:5:32 | ControlFlowNode for ImportMember | command_injection.py:27:19:27:31 | ControlFlowNode for BinaryExpr | This command line depends on $@. | command_injection.py:5:26:5:32 | ControlFlowNode for ImportMember | a user-provided value | -| command_injection.py:28:19:28:31 | ControlFlowNode for BinaryExpr | command_injection.py:5:26:5:32 | ControlFlowNode for ImportMember | command_injection.py:28:19:28:31 | ControlFlowNode for BinaryExpr | This command line depends on $@. | command_injection.py:5:26:5:32 | ControlFlowNode for ImportMember | a user-provided value | -| command_injection.py:29:19:29:31 | ControlFlowNode for BinaryExpr | command_injection.py:5:26:5:32 | ControlFlowNode for ImportMember | command_injection.py:29:19:29:31 | ControlFlowNode for BinaryExpr | This command line depends on $@. | command_injection.py:5:26:5:32 | ControlFlowNode for ImportMember | a user-provided value | +| command_injection.py:19:15:19:27 | ControlFlowNode for BinaryExpr | command_injection.py:5:26:5:32 | ControlFlowNode for ImportMember | command_injection.py:19:15:19:27 | ControlFlowNode for BinaryExpr | This command line depends on a $@. | command_injection.py:5:26:5:32 | ControlFlowNode for ImportMember | user-provided value | +| command_injection.py:20:15:20:27 | ControlFlowNode for BinaryExpr | command_injection.py:5:26:5:32 | ControlFlowNode for ImportMember | command_injection.py:20:15:20:27 | ControlFlowNode for BinaryExpr | This command line depends on a $@. | command_injection.py:5:26:5:32 | ControlFlowNode for ImportMember | user-provided value | +| command_injection.py:21:15:21:27 | ControlFlowNode for BinaryExpr | command_injection.py:5:26:5:32 | ControlFlowNode for ImportMember | command_injection.py:21:15:21:27 | ControlFlowNode for BinaryExpr | This command line depends on a $@. | command_injection.py:5:26:5:32 | ControlFlowNode for ImportMember | user-provided value | +| command_injection.py:23:20:23:32 | ControlFlowNode for BinaryExpr | command_injection.py:5:26:5:32 | ControlFlowNode for ImportMember | command_injection.py:23:20:23:32 | ControlFlowNode for BinaryExpr | This command line depends on a $@. | command_injection.py:5:26:5:32 | ControlFlowNode for ImportMember | user-provided value | +| command_injection.py:25:19:25:31 | ControlFlowNode for BinaryExpr | command_injection.py:5:26:5:32 | ControlFlowNode for ImportMember | command_injection.py:25:19:25:31 | ControlFlowNode for BinaryExpr | This command line depends on a $@. | command_injection.py:5:26:5:32 | ControlFlowNode for ImportMember | user-provided value | +| command_injection.py:26:19:26:31 | ControlFlowNode for BinaryExpr | command_injection.py:5:26:5:32 | ControlFlowNode for ImportMember | command_injection.py:26:19:26:31 | ControlFlowNode for BinaryExpr | This command line depends on a $@. | command_injection.py:5:26:5:32 | ControlFlowNode for ImportMember | user-provided value | +| command_injection.py:27:19:27:31 | ControlFlowNode for BinaryExpr | command_injection.py:5:26:5:32 | ControlFlowNode for ImportMember | command_injection.py:27:19:27:31 | ControlFlowNode for BinaryExpr | This command line depends on a $@. | command_injection.py:5:26:5:32 | ControlFlowNode for ImportMember | user-provided value | +| command_injection.py:28:19:28:31 | ControlFlowNode for BinaryExpr | command_injection.py:5:26:5:32 | ControlFlowNode for ImportMember | command_injection.py:28:19:28:31 | ControlFlowNode for BinaryExpr | This command line depends on a $@. | command_injection.py:5:26:5:32 | ControlFlowNode for ImportMember | user-provided value | +| command_injection.py:29:19:29:31 | ControlFlowNode for BinaryExpr | command_injection.py:5:26:5:32 | ControlFlowNode for ImportMember | command_injection.py:29:19:29:31 | ControlFlowNode for BinaryExpr | This command line depends on a $@. | command_injection.py:5:26:5:32 | ControlFlowNode for ImportMember | user-provided value | diff --git a/python/ql/test/query-tests/Security/CWE-078-CommandInjection/CommandInjection.expected b/python/ql/test/query-tests/Security/CWE-078-CommandInjection/CommandInjection.expected index 71b8d19b2cd..a203a43374d 100644 --- a/python/ql/test/query-tests/Security/CWE-078-CommandInjection/CommandInjection.expected +++ b/python/ql/test/query-tests/Security/CWE-078-CommandInjection/CommandInjection.expected @@ -65,16 +65,16 @@ nodes | command_injection.py:80:19:80:30 | ControlFlowNode for BinaryExpr | semmle.label | ControlFlowNode for BinaryExpr | subpaths #select -| command_injection.py:13:15:13:27 | ControlFlowNode for BinaryExpr | command_injection.py:5:26:5:32 | ControlFlowNode for ImportMember | command_injection.py:13:15:13:27 | ControlFlowNode for BinaryExpr | This command line depends on $@. | command_injection.py:5:26:5:32 | ControlFlowNode for ImportMember | a user-provided value | -| command_injection.py:20:22:20:34 | ControlFlowNode for BinaryExpr | command_injection.py:5:26:5:32 | ControlFlowNode for ImportMember | command_injection.py:20:22:20:34 | ControlFlowNode for BinaryExpr | This command line depends on $@. | command_injection.py:5:26:5:32 | ControlFlowNode for ImportMember | a user-provided value | -| command_injection.py:26:23:26:25 | ControlFlowNode for cmd | command_injection.py:5:26:5:32 | ControlFlowNode for ImportMember | command_injection.py:26:23:26:25 | ControlFlowNode for cmd | This command line depends on $@. | command_injection.py:5:26:5:32 | ControlFlowNode for ImportMember | a user-provided value | -| command_injection.py:33:14:33:26 | ControlFlowNode for BinaryExpr | command_injection.py:5:26:5:32 | ControlFlowNode for ImportMember | command_injection.py:33:14:33:26 | ControlFlowNode for BinaryExpr | This command line depends on $@. | command_injection.py:5:26:5:32 | ControlFlowNode for ImportMember | a user-provided value | -| command_injection.py:41:15:41:21 | ControlFlowNode for command | command_injection.py:5:26:5:32 | ControlFlowNode for ImportMember | command_injection.py:41:15:41:21 | ControlFlowNode for command | This command line depends on $@. | command_injection.py:5:26:5:32 | ControlFlowNode for ImportMember | a user-provided value | -| command_injection.py:42:15:42:21 | ControlFlowNode for command | command_injection.py:5:26:5:32 | ControlFlowNode for ImportMember | command_injection.py:42:15:42:21 | ControlFlowNode for command | This command line depends on $@. | command_injection.py:5:26:5:32 | ControlFlowNode for ImportMember | a user-provided value | -| command_injection.py:55:15:55:21 | ControlFlowNode for command | command_injection.py:5:26:5:32 | ControlFlowNode for ImportMember | command_injection.py:55:15:55:21 | ControlFlowNode for command | This command line depends on $@. | command_injection.py:5:26:5:32 | ControlFlowNode for ImportMember | a user-provided value | -| command_injection.py:56:14:56:20 | ControlFlowNode for command | command_injection.py:5:26:5:32 | ControlFlowNode for ImportMember | command_injection.py:56:14:56:20 | ControlFlowNode for command | This command line depends on $@. | command_injection.py:5:26:5:32 | ControlFlowNode for ImportMember | a user-provided value | -| command_injection.py:57:21:57:27 | ControlFlowNode for command | command_injection.py:5:26:5:32 | ControlFlowNode for ImportMember | command_injection.py:57:21:57:27 | ControlFlowNode for command | This command line depends on $@. | command_injection.py:5:26:5:32 | ControlFlowNode for ImportMember | a user-provided value | -| command_injection.py:58:27:58:33 | ControlFlowNode for command | command_injection.py:5:26:5:32 | ControlFlowNode for ImportMember | command_injection.py:58:27:58:33 | ControlFlowNode for command | This command line depends on $@. | command_injection.py:5:26:5:32 | ControlFlowNode for ImportMember | a user-provided value | -| command_injection.py:59:20:59:26 | ControlFlowNode for command | command_injection.py:5:26:5:32 | ControlFlowNode for ImportMember | command_injection.py:59:20:59:26 | ControlFlowNode for command | This command line depends on $@. | command_injection.py:5:26:5:32 | ControlFlowNode for ImportMember | a user-provided value | -| command_injection.py:73:19:73:30 | ControlFlowNode for BinaryExpr | command_injection.py:5:26:5:32 | ControlFlowNode for ImportMember | command_injection.py:73:19:73:30 | ControlFlowNode for BinaryExpr | This command line depends on $@. | command_injection.py:5:26:5:32 | ControlFlowNode for ImportMember | a user-provided value | -| command_injection.py:80:19:80:30 | ControlFlowNode for BinaryExpr | command_injection.py:5:26:5:32 | ControlFlowNode for ImportMember | command_injection.py:80:19:80:30 | ControlFlowNode for BinaryExpr | This command line depends on $@. | command_injection.py:5:26:5:32 | ControlFlowNode for ImportMember | a user-provided value | +| command_injection.py:13:15:13:27 | ControlFlowNode for BinaryExpr | command_injection.py:5:26:5:32 | ControlFlowNode for ImportMember | command_injection.py:13:15:13:27 | ControlFlowNode for BinaryExpr | This command line depends on a $@. | command_injection.py:5:26:5:32 | ControlFlowNode for ImportMember | user-provided value | +| command_injection.py:20:22:20:34 | ControlFlowNode for BinaryExpr | command_injection.py:5:26:5:32 | ControlFlowNode for ImportMember | command_injection.py:20:22:20:34 | ControlFlowNode for BinaryExpr | This command line depends on a $@. | command_injection.py:5:26:5:32 | ControlFlowNode for ImportMember | user-provided value | +| command_injection.py:26:23:26:25 | ControlFlowNode for cmd | command_injection.py:5:26:5:32 | ControlFlowNode for ImportMember | command_injection.py:26:23:26:25 | ControlFlowNode for cmd | This command line depends on a $@. | command_injection.py:5:26:5:32 | ControlFlowNode for ImportMember | user-provided value | +| command_injection.py:33:14:33:26 | ControlFlowNode for BinaryExpr | command_injection.py:5:26:5:32 | ControlFlowNode for ImportMember | command_injection.py:33:14:33:26 | ControlFlowNode for BinaryExpr | This command line depends on a $@. | command_injection.py:5:26:5:32 | ControlFlowNode for ImportMember | user-provided value | +| command_injection.py:41:15:41:21 | ControlFlowNode for command | command_injection.py:5:26:5:32 | ControlFlowNode for ImportMember | command_injection.py:41:15:41:21 | ControlFlowNode for command | This command line depends on a $@. | command_injection.py:5:26:5:32 | ControlFlowNode for ImportMember | user-provided value | +| command_injection.py:42:15:42:21 | ControlFlowNode for command | command_injection.py:5:26:5:32 | ControlFlowNode for ImportMember | command_injection.py:42:15:42:21 | ControlFlowNode for command | This command line depends on a $@. | command_injection.py:5:26:5:32 | ControlFlowNode for ImportMember | user-provided value | +| command_injection.py:55:15:55:21 | ControlFlowNode for command | command_injection.py:5:26:5:32 | ControlFlowNode for ImportMember | command_injection.py:55:15:55:21 | ControlFlowNode for command | This command line depends on a $@. | command_injection.py:5:26:5:32 | ControlFlowNode for ImportMember | user-provided value | +| command_injection.py:56:14:56:20 | ControlFlowNode for command | command_injection.py:5:26:5:32 | ControlFlowNode for ImportMember | command_injection.py:56:14:56:20 | ControlFlowNode for command | This command line depends on a $@. | command_injection.py:5:26:5:32 | ControlFlowNode for ImportMember | user-provided value | +| command_injection.py:57:21:57:27 | ControlFlowNode for command | command_injection.py:5:26:5:32 | ControlFlowNode for ImportMember | command_injection.py:57:21:57:27 | ControlFlowNode for command | This command line depends on a $@. | command_injection.py:5:26:5:32 | ControlFlowNode for ImportMember | user-provided value | +| command_injection.py:58:27:58:33 | ControlFlowNode for command | command_injection.py:5:26:5:32 | ControlFlowNode for ImportMember | command_injection.py:58:27:58:33 | ControlFlowNode for command | This command line depends on a $@. | command_injection.py:5:26:5:32 | ControlFlowNode for ImportMember | user-provided value | +| command_injection.py:59:20:59:26 | ControlFlowNode for command | command_injection.py:5:26:5:32 | ControlFlowNode for ImportMember | command_injection.py:59:20:59:26 | ControlFlowNode for command | This command line depends on a $@. | command_injection.py:5:26:5:32 | ControlFlowNode for ImportMember | user-provided value | +| command_injection.py:73:19:73:30 | ControlFlowNode for BinaryExpr | command_injection.py:5:26:5:32 | ControlFlowNode for ImportMember | command_injection.py:73:19:73:30 | ControlFlowNode for BinaryExpr | This command line depends on a $@. | command_injection.py:5:26:5:32 | ControlFlowNode for ImportMember | user-provided value | +| command_injection.py:80:19:80:30 | ControlFlowNode for BinaryExpr | command_injection.py:5:26:5:32 | ControlFlowNode for ImportMember | command_injection.py:80:19:80:30 | ControlFlowNode for BinaryExpr | This command line depends on a $@. | command_injection.py:5:26:5:32 | ControlFlowNode for ImportMember | user-provided value | diff --git a/python/ql/test/query-tests/Security/CWE-079-ReflectedXss/ReflectedXss.expected b/python/ql/test/query-tests/Security/CWE-079-ReflectedXss/ReflectedXss.expected index 5dc0fc3e5d7..dfdbce34124 100644 --- a/python/ql/test/query-tests/Security/CWE-079-ReflectedXss/ReflectedXss.expected +++ b/python/ql/test/query-tests/Security/CWE-079-ReflectedXss/ReflectedXss.expected @@ -25,6 +25,6 @@ nodes | reflected_xss.py:28:26:28:41 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() | subpaths #select -| reflected_xss.py:10:26:10:53 | ControlFlowNode for BinaryExpr | reflected_xss.py:2:26:2:32 | ControlFlowNode for ImportMember | reflected_xss.py:10:26:10:53 | ControlFlowNode for BinaryExpr | Cross-site scripting vulnerability due to $@. | reflected_xss.py:2:26:2:32 | ControlFlowNode for ImportMember | a user-provided value | -| reflected_xss.py:22:26:22:41 | ControlFlowNode for Attribute() | reflected_xss.py:2:26:2:32 | ControlFlowNode for ImportMember | reflected_xss.py:22:26:22:41 | ControlFlowNode for Attribute() | Cross-site scripting vulnerability due to $@. | reflected_xss.py:2:26:2:32 | ControlFlowNode for ImportMember | a user-provided value | -| reflected_xss.py:28:26:28:41 | ControlFlowNode for Attribute() | reflected_xss.py:2:26:2:32 | ControlFlowNode for ImportMember | reflected_xss.py:28:26:28:41 | ControlFlowNode for Attribute() | Cross-site scripting vulnerability due to $@. | reflected_xss.py:2:26:2:32 | ControlFlowNode for ImportMember | a user-provided value | +| reflected_xss.py:10:26:10:53 | ControlFlowNode for BinaryExpr | reflected_xss.py:2:26:2:32 | ControlFlowNode for ImportMember | reflected_xss.py:10:26:10:53 | ControlFlowNode for BinaryExpr | Cross-site scripting vulnerability due to a $@. | reflected_xss.py:2:26:2:32 | ControlFlowNode for ImportMember | user-provided value | +| reflected_xss.py:22:26:22:41 | ControlFlowNode for Attribute() | reflected_xss.py:2:26:2:32 | ControlFlowNode for ImportMember | reflected_xss.py:22:26:22:41 | ControlFlowNode for Attribute() | Cross-site scripting vulnerability due to a $@. | reflected_xss.py:2:26:2:32 | ControlFlowNode for ImportMember | user-provided value | +| reflected_xss.py:28:26:28:41 | ControlFlowNode for Attribute() | reflected_xss.py:2:26:2:32 | ControlFlowNode for ImportMember | reflected_xss.py:28:26:28:41 | ControlFlowNode for Attribute() | Cross-site scripting vulnerability due to a $@. | reflected_xss.py:2:26:2:32 | ControlFlowNode for ImportMember | user-provided value | diff --git a/python/ql/test/query-tests/Security/CWE-089-SqlInjection/SqlInjection.expected b/python/ql/test/query-tests/Security/CWE-089-SqlInjection/SqlInjection.expected index ed4c3e3d313..46379fcbbc4 100644 --- a/python/ql/test/query-tests/Security/CWE-089-SqlInjection/SqlInjection.expected +++ b/python/ql/test/query-tests/Security/CWE-089-SqlInjection/SqlInjection.expected @@ -36,19 +36,19 @@ nodes | sqlalchemy_textclause.py:51:24:51:31 | ControlFlowNode for username | semmle.label | ControlFlowNode for username | subpaths #select -| sql_injection.py:21:24:21:77 | ControlFlowNode for BinaryExpr | sql_injection.py:14:15:14:22 | ControlFlowNode for username | sql_injection.py:21:24:21:77 | ControlFlowNode for BinaryExpr | This SQL query depends on $@. | sql_injection.py:14:15:14:22 | ControlFlowNode for username | a user-provided value | -| sql_injection.py:24:38:24:95 | ControlFlowNode for BinaryExpr | sql_injection.py:14:15:14:22 | ControlFlowNode for username | sql_injection.py:24:38:24:95 | ControlFlowNode for BinaryExpr | This SQL query depends on $@. | sql_injection.py:14:15:14:22 | ControlFlowNode for username | a user-provided value | -| sql_injection.py:25:26:25:83 | ControlFlowNode for BinaryExpr | sql_injection.py:14:15:14:22 | ControlFlowNode for username | sql_injection.py:25:26:25:83 | ControlFlowNode for BinaryExpr | This SQL query depends on $@. | sql_injection.py:14:15:14:22 | ControlFlowNode for username | a user-provided value | -| sql_injection.py:26:28:26:85 | ControlFlowNode for BinaryExpr | sql_injection.py:14:15:14:22 | ControlFlowNode for username | sql_injection.py:26:28:26:85 | ControlFlowNode for BinaryExpr | This SQL query depends on $@. | sql_injection.py:14:15:14:22 | ControlFlowNode for username | a user-provided value | -| sqlalchemy_textclause.py:27:28:27:87 | ControlFlowNode for Attribute() | sqlalchemy_textclause.py:23:15:23:22 | ControlFlowNode for username | sqlalchemy_textclause.py:27:28:27:87 | ControlFlowNode for Attribute() | This SQL query depends on $@. | sqlalchemy_textclause.py:23:15:23:22 | ControlFlowNode for username | a user-provided value | -| sqlalchemy_textclause.py:31:50:31:72 | ControlFlowNode for Attribute() | sqlalchemy_textclause.py:23:15:23:22 | ControlFlowNode for username | sqlalchemy_textclause.py:31:50:31:72 | ControlFlowNode for Attribute() | This SQL query depends on $@. | sqlalchemy_textclause.py:23:15:23:22 | ControlFlowNode for username | a user-provided value | -| sqlalchemy_textclause.py:41:26:41:33 | ControlFlowNode for username | sqlalchemy_textclause.py:23:15:23:22 | ControlFlowNode for username | sqlalchemy_textclause.py:41:26:41:33 | ControlFlowNode for username | This SQL query depends on $@. | sqlalchemy_textclause.py:23:15:23:22 | ControlFlowNode for username | a user-provided value | -| sqlalchemy_textclause.py:42:31:42:38 | ControlFlowNode for username | sqlalchemy_textclause.py:23:15:23:22 | ControlFlowNode for username | sqlalchemy_textclause.py:42:31:42:38 | ControlFlowNode for username | This SQL query depends on $@. | sqlalchemy_textclause.py:23:15:23:22 | ControlFlowNode for username | a user-provided value | -| sqlalchemy_textclause.py:43:30:43:37 | ControlFlowNode for username | sqlalchemy_textclause.py:23:15:23:22 | ControlFlowNode for username | sqlalchemy_textclause.py:43:30:43:37 | ControlFlowNode for username | This SQL query depends on $@. | sqlalchemy_textclause.py:23:15:23:22 | ControlFlowNode for username | a user-provided value | -| sqlalchemy_textclause.py:44:35:44:42 | ControlFlowNode for username | sqlalchemy_textclause.py:23:15:23:22 | ControlFlowNode for username | sqlalchemy_textclause.py:44:35:44:42 | ControlFlowNode for username | This SQL query depends on $@. | sqlalchemy_textclause.py:23:15:23:22 | ControlFlowNode for username | a user-provided value | -| sqlalchemy_textclause.py:45:41:45:48 | ControlFlowNode for username | sqlalchemy_textclause.py:23:15:23:22 | ControlFlowNode for username | sqlalchemy_textclause.py:45:41:45:48 | ControlFlowNode for username | This SQL query depends on $@. | sqlalchemy_textclause.py:23:15:23:22 | ControlFlowNode for username | a user-provided value | -| sqlalchemy_textclause.py:46:46:46:53 | ControlFlowNode for username | sqlalchemy_textclause.py:23:15:23:22 | ControlFlowNode for username | sqlalchemy_textclause.py:46:46:46:53 | ControlFlowNode for username | This SQL query depends on $@. | sqlalchemy_textclause.py:23:15:23:22 | ControlFlowNode for username | a user-provided value | -| sqlalchemy_textclause.py:47:47:47:54 | ControlFlowNode for username | sqlalchemy_textclause.py:23:15:23:22 | ControlFlowNode for username | sqlalchemy_textclause.py:47:47:47:54 | ControlFlowNode for username | This SQL query depends on $@. | sqlalchemy_textclause.py:23:15:23:22 | ControlFlowNode for username | a user-provided value | -| sqlalchemy_textclause.py:48:52:48:59 | ControlFlowNode for username | sqlalchemy_textclause.py:23:15:23:22 | ControlFlowNode for username | sqlalchemy_textclause.py:48:52:48:59 | ControlFlowNode for username | This SQL query depends on $@. | sqlalchemy_textclause.py:23:15:23:22 | ControlFlowNode for username | a user-provided value | -| sqlalchemy_textclause.py:50:18:50:25 | ControlFlowNode for username | sqlalchemy_textclause.py:23:15:23:22 | ControlFlowNode for username | sqlalchemy_textclause.py:50:18:50:25 | ControlFlowNode for username | This SQL query depends on $@. | sqlalchemy_textclause.py:23:15:23:22 | ControlFlowNode for username | a user-provided value | -| sqlalchemy_textclause.py:51:24:51:31 | ControlFlowNode for username | sqlalchemy_textclause.py:23:15:23:22 | ControlFlowNode for username | sqlalchemy_textclause.py:51:24:51:31 | ControlFlowNode for username | This SQL query depends on $@. | sqlalchemy_textclause.py:23:15:23:22 | ControlFlowNode for username | a user-provided value | +| sql_injection.py:21:24:21:77 | ControlFlowNode for BinaryExpr | sql_injection.py:14:15:14:22 | ControlFlowNode for username | sql_injection.py:21:24:21:77 | ControlFlowNode for BinaryExpr | This SQL query depends on a $@. | sql_injection.py:14:15:14:22 | ControlFlowNode for username | user-provided value | +| sql_injection.py:24:38:24:95 | ControlFlowNode for BinaryExpr | sql_injection.py:14:15:14:22 | ControlFlowNode for username | sql_injection.py:24:38:24:95 | ControlFlowNode for BinaryExpr | This SQL query depends on a $@. | sql_injection.py:14:15:14:22 | ControlFlowNode for username | user-provided value | +| sql_injection.py:25:26:25:83 | ControlFlowNode for BinaryExpr | sql_injection.py:14:15:14:22 | ControlFlowNode for username | sql_injection.py:25:26:25:83 | ControlFlowNode for BinaryExpr | This SQL query depends on a $@. | sql_injection.py:14:15:14:22 | ControlFlowNode for username | user-provided value | +| sql_injection.py:26:28:26:85 | ControlFlowNode for BinaryExpr | sql_injection.py:14:15:14:22 | ControlFlowNode for username | sql_injection.py:26:28:26:85 | ControlFlowNode for BinaryExpr | This SQL query depends on a $@. | sql_injection.py:14:15:14:22 | ControlFlowNode for username | user-provided value | +| sqlalchemy_textclause.py:27:28:27:87 | ControlFlowNode for Attribute() | sqlalchemy_textclause.py:23:15:23:22 | ControlFlowNode for username | sqlalchemy_textclause.py:27:28:27:87 | ControlFlowNode for Attribute() | This SQL query depends on a $@. | sqlalchemy_textclause.py:23:15:23:22 | ControlFlowNode for username | user-provided value | +| sqlalchemy_textclause.py:31:50:31:72 | ControlFlowNode for Attribute() | sqlalchemy_textclause.py:23:15:23:22 | ControlFlowNode for username | sqlalchemy_textclause.py:31:50:31:72 | ControlFlowNode for Attribute() | This SQL query depends on a $@. | sqlalchemy_textclause.py:23:15:23:22 | ControlFlowNode for username | user-provided value | +| sqlalchemy_textclause.py:41:26:41:33 | ControlFlowNode for username | sqlalchemy_textclause.py:23:15:23:22 | ControlFlowNode for username | sqlalchemy_textclause.py:41:26:41:33 | ControlFlowNode for username | This SQL query depends on a $@. | sqlalchemy_textclause.py:23:15:23:22 | ControlFlowNode for username | user-provided value | +| sqlalchemy_textclause.py:42:31:42:38 | ControlFlowNode for username | sqlalchemy_textclause.py:23:15:23:22 | ControlFlowNode for username | sqlalchemy_textclause.py:42:31:42:38 | ControlFlowNode for username | This SQL query depends on a $@. | sqlalchemy_textclause.py:23:15:23:22 | ControlFlowNode for username | user-provided value | +| sqlalchemy_textclause.py:43:30:43:37 | ControlFlowNode for username | sqlalchemy_textclause.py:23:15:23:22 | ControlFlowNode for username | sqlalchemy_textclause.py:43:30:43:37 | ControlFlowNode for username | This SQL query depends on a $@. | sqlalchemy_textclause.py:23:15:23:22 | ControlFlowNode for username | user-provided value | +| sqlalchemy_textclause.py:44:35:44:42 | ControlFlowNode for username | sqlalchemy_textclause.py:23:15:23:22 | ControlFlowNode for username | sqlalchemy_textclause.py:44:35:44:42 | ControlFlowNode for username | This SQL query depends on a $@. | sqlalchemy_textclause.py:23:15:23:22 | ControlFlowNode for username | user-provided value | +| sqlalchemy_textclause.py:45:41:45:48 | ControlFlowNode for username | sqlalchemy_textclause.py:23:15:23:22 | ControlFlowNode for username | sqlalchemy_textclause.py:45:41:45:48 | ControlFlowNode for username | This SQL query depends on a $@. | sqlalchemy_textclause.py:23:15:23:22 | ControlFlowNode for username | user-provided value | +| sqlalchemy_textclause.py:46:46:46:53 | ControlFlowNode for username | sqlalchemy_textclause.py:23:15:23:22 | ControlFlowNode for username | sqlalchemy_textclause.py:46:46:46:53 | ControlFlowNode for username | This SQL query depends on a $@. | sqlalchemy_textclause.py:23:15:23:22 | ControlFlowNode for username | user-provided value | +| sqlalchemy_textclause.py:47:47:47:54 | ControlFlowNode for username | sqlalchemy_textclause.py:23:15:23:22 | ControlFlowNode for username | sqlalchemy_textclause.py:47:47:47:54 | ControlFlowNode for username | This SQL query depends on a $@. | sqlalchemy_textclause.py:23:15:23:22 | ControlFlowNode for username | user-provided value | +| sqlalchemy_textclause.py:48:52:48:59 | ControlFlowNode for username | sqlalchemy_textclause.py:23:15:23:22 | ControlFlowNode for username | sqlalchemy_textclause.py:48:52:48:59 | ControlFlowNode for username | This SQL query depends on a $@. | sqlalchemy_textclause.py:23:15:23:22 | ControlFlowNode for username | user-provided value | +| sqlalchemy_textclause.py:50:18:50:25 | ControlFlowNode for username | sqlalchemy_textclause.py:23:15:23:22 | ControlFlowNode for username | sqlalchemy_textclause.py:50:18:50:25 | ControlFlowNode for username | This SQL query depends on a $@. | sqlalchemy_textclause.py:23:15:23:22 | ControlFlowNode for username | user-provided value | +| sqlalchemy_textclause.py:51:24:51:31 | ControlFlowNode for username | sqlalchemy_textclause.py:23:15:23:22 | ControlFlowNode for username | sqlalchemy_textclause.py:51:24:51:31 | ControlFlowNode for username | This SQL query depends on a $@. | sqlalchemy_textclause.py:23:15:23:22 | ControlFlowNode for username | user-provided value | diff --git a/python/ql/test/query-tests/Security/CWE-090-LdapInjection/LdapInjection.expected b/python/ql/test/query-tests/Security/CWE-090-LdapInjection/LdapInjection.expected index 53fd7478f44..6b71a42cd5e 100644 --- a/python/ql/test/query-tests/Security/CWE-090-LdapInjection/LdapInjection.expected +++ b/python/ql/test/query-tests/Security/CWE-090-LdapInjection/LdapInjection.expected @@ -117,13 +117,13 @@ nodes | ldap_bad.py:55:43:55:55 | ControlFlowNode for search_filter | semmle.label | ControlFlowNode for search_filter | subpaths #select -| ldap3_bad.py:21:17:21:18 | ControlFlowNode for dn | ldap3_bad.py:1:19:1:25 | ControlFlowNode for ImportMember | ldap3_bad.py:21:17:21:18 | ControlFlowNode for dn | $@ depends on $@. | ldap3_bad.py:21:17:21:18 | ControlFlowNode for dn | LDAP query parameter (DN) | ldap3_bad.py:1:19:1:25 | ControlFlowNode for ImportMember | a user-provided value | -| ldap3_bad.py:21:21:21:33 | ControlFlowNode for search_filter | ldap3_bad.py:1:19:1:25 | ControlFlowNode for ImportMember | ldap3_bad.py:21:21:21:33 | ControlFlowNode for search_filter | $@ depends on $@. | ldap3_bad.py:21:21:21:33 | ControlFlowNode for search_filter | LDAP query parameter (filter) | ldap3_bad.py:1:19:1:25 | ControlFlowNode for ImportMember | a user-provided value | -| ldap3_bad.py:38:9:38:10 | ControlFlowNode for dn | ldap3_bad.py:1:19:1:25 | ControlFlowNode for ImportMember | ldap3_bad.py:38:9:38:10 | ControlFlowNode for dn | $@ depends on $@. | ldap3_bad.py:38:9:38:10 | ControlFlowNode for dn | LDAP query parameter (DN) | ldap3_bad.py:1:19:1:25 | ControlFlowNode for ImportMember | a user-provided value | -| ldap3_bad.py:38:13:38:25 | ControlFlowNode for search_filter | ldap3_bad.py:1:19:1:25 | ControlFlowNode for ImportMember | ldap3_bad.py:38:13:38:25 | ControlFlowNode for search_filter | $@ depends on $@. | ldap3_bad.py:38:13:38:25 | ControlFlowNode for search_filter | LDAP query parameter (filter) | ldap3_bad.py:1:19:1:25 | ControlFlowNode for ImportMember | a user-provided value | -| ldap_bad.py:21:9:21:10 | ControlFlowNode for dn | ldap_bad.py:1:19:1:25 | ControlFlowNode for ImportMember | ldap_bad.py:21:9:21:10 | ControlFlowNode for dn | $@ depends on $@. | ldap_bad.py:21:9:21:10 | ControlFlowNode for dn | LDAP query parameter (DN) | ldap_bad.py:1:19:1:25 | ControlFlowNode for ImportMember | a user-provided value | -| ldap_bad.py:21:33:21:45 | ControlFlowNode for search_filter | ldap_bad.py:1:19:1:25 | ControlFlowNode for ImportMember | ldap_bad.py:21:33:21:45 | ControlFlowNode for search_filter | $@ depends on $@. | ldap_bad.py:21:33:21:45 | ControlFlowNode for search_filter | LDAP query parameter (filter) | ldap_bad.py:1:19:1:25 | ControlFlowNode for ImportMember | a user-provided value | -| ldap_bad.py:37:9:37:10 | ControlFlowNode for dn | ldap_bad.py:1:19:1:25 | ControlFlowNode for ImportMember | ldap_bad.py:37:9:37:10 | ControlFlowNode for dn | $@ depends on $@. | ldap_bad.py:37:9:37:10 | ControlFlowNode for dn | LDAP query parameter (DN) | ldap_bad.py:1:19:1:25 | ControlFlowNode for ImportMember | a user-provided value | -| ldap_bad.py:37:33:37:45 | ControlFlowNode for search_filter | ldap_bad.py:1:19:1:25 | ControlFlowNode for ImportMember | ldap_bad.py:37:33:37:45 | ControlFlowNode for search_filter | $@ depends on $@. | ldap_bad.py:37:33:37:45 | ControlFlowNode for search_filter | LDAP query parameter (filter) | ldap_bad.py:1:19:1:25 | ControlFlowNode for ImportMember | a user-provided value | -| ldap_bad.py:55:9:55:10 | ControlFlowNode for dn | ldap_bad.py:1:19:1:25 | ControlFlowNode for ImportMember | ldap_bad.py:55:9:55:10 | ControlFlowNode for dn | $@ depends on $@. | ldap_bad.py:55:9:55:10 | ControlFlowNode for dn | LDAP query parameter (DN) | ldap_bad.py:1:19:1:25 | ControlFlowNode for ImportMember | a user-provided value | -| ldap_bad.py:55:43:55:55 | ControlFlowNode for search_filter | ldap_bad.py:1:19:1:25 | ControlFlowNode for ImportMember | ldap_bad.py:55:43:55:55 | ControlFlowNode for search_filter | $@ depends on $@. | ldap_bad.py:55:43:55:55 | ControlFlowNode for search_filter | LDAP query parameter (filter) | ldap_bad.py:1:19:1:25 | ControlFlowNode for ImportMember | a user-provided value | +| ldap3_bad.py:21:17:21:18 | ControlFlowNode for dn | ldap3_bad.py:1:19:1:25 | ControlFlowNode for ImportMember | ldap3_bad.py:21:17:21:18 | ControlFlowNode for dn | LDAP query parameter (DN) depends on a $@. | ldap3_bad.py:1:19:1:25 | ControlFlowNode for ImportMember | user-provided value | +| ldap3_bad.py:21:21:21:33 | ControlFlowNode for search_filter | ldap3_bad.py:1:19:1:25 | ControlFlowNode for ImportMember | ldap3_bad.py:21:21:21:33 | ControlFlowNode for search_filter | LDAP query parameter (filter) depends on a $@. | ldap3_bad.py:1:19:1:25 | ControlFlowNode for ImportMember | user-provided value | +| ldap3_bad.py:38:9:38:10 | ControlFlowNode for dn | ldap3_bad.py:1:19:1:25 | ControlFlowNode for ImportMember | ldap3_bad.py:38:9:38:10 | ControlFlowNode for dn | LDAP query parameter (DN) depends on a $@. | ldap3_bad.py:1:19:1:25 | ControlFlowNode for ImportMember | user-provided value | +| ldap3_bad.py:38:13:38:25 | ControlFlowNode for search_filter | ldap3_bad.py:1:19:1:25 | ControlFlowNode for ImportMember | ldap3_bad.py:38:13:38:25 | ControlFlowNode for search_filter | LDAP query parameter (filter) depends on a $@. | ldap3_bad.py:1:19:1:25 | ControlFlowNode for ImportMember | user-provided value | +| ldap_bad.py:21:9:21:10 | ControlFlowNode for dn | ldap_bad.py:1:19:1:25 | ControlFlowNode for ImportMember | ldap_bad.py:21:9:21:10 | ControlFlowNode for dn | LDAP query parameter (DN) depends on a $@. | ldap_bad.py:1:19:1:25 | ControlFlowNode for ImportMember | user-provided value | +| ldap_bad.py:21:33:21:45 | ControlFlowNode for search_filter | ldap_bad.py:1:19:1:25 | ControlFlowNode for ImportMember | ldap_bad.py:21:33:21:45 | ControlFlowNode for search_filter | LDAP query parameter (filter) depends on a $@. | ldap_bad.py:1:19:1:25 | ControlFlowNode for ImportMember | user-provided value | +| ldap_bad.py:37:9:37:10 | ControlFlowNode for dn | ldap_bad.py:1:19:1:25 | ControlFlowNode for ImportMember | ldap_bad.py:37:9:37:10 | ControlFlowNode for dn | LDAP query parameter (DN) depends on a $@. | ldap_bad.py:1:19:1:25 | ControlFlowNode for ImportMember | user-provided value | +| ldap_bad.py:37:33:37:45 | ControlFlowNode for search_filter | ldap_bad.py:1:19:1:25 | ControlFlowNode for ImportMember | ldap_bad.py:37:33:37:45 | ControlFlowNode for search_filter | LDAP query parameter (filter) depends on a $@. | ldap_bad.py:1:19:1:25 | ControlFlowNode for ImportMember | user-provided value | +| ldap_bad.py:55:9:55:10 | ControlFlowNode for dn | ldap_bad.py:1:19:1:25 | ControlFlowNode for ImportMember | ldap_bad.py:55:9:55:10 | ControlFlowNode for dn | LDAP query parameter (DN) depends on a $@. | ldap_bad.py:1:19:1:25 | ControlFlowNode for ImportMember | user-provided value | +| ldap_bad.py:55:43:55:55 | ControlFlowNode for search_filter | ldap_bad.py:1:19:1:25 | ControlFlowNode for ImportMember | ldap_bad.py:55:43:55:55 | ControlFlowNode for search_filter | LDAP query parameter (filter) depends on a $@. | ldap_bad.py:1:19:1:25 | ControlFlowNode for ImportMember | user-provided value | diff --git a/python/ql/test/query-tests/Security/CWE-094-CodeInjection/CodeInjection.expected b/python/ql/test/query-tests/Security/CWE-094-CodeInjection/CodeInjection.expected index a1911a6331e..68cc9d9916a 100644 --- a/python/ql/test/query-tests/Security/CWE-094-CodeInjection/CodeInjection.expected +++ b/python/ql/test/query-tests/Security/CWE-094-CodeInjection/CodeInjection.expected @@ -23,7 +23,7 @@ nodes | code_injection.py:21:20:21:27 | ControlFlowNode for obj_name | semmle.label | ControlFlowNode for obj_name | subpaths #select -| code_injection.py:7:10:7:13 | ControlFlowNode for code | code_injection.py:1:26:1:32 | ControlFlowNode for ImportMember | code_injection.py:7:10:7:13 | ControlFlowNode for code | This code execution depends on $@. | code_injection.py:1:26:1:32 | ControlFlowNode for ImportMember | a user-provided value | -| code_injection.py:8:10:8:13 | ControlFlowNode for code | code_injection.py:1:26:1:32 | ControlFlowNode for ImportMember | code_injection.py:8:10:8:13 | ControlFlowNode for code | This code execution depends on $@. | code_injection.py:1:26:1:32 | ControlFlowNode for ImportMember | a user-provided value | -| code_injection.py:10:10:10:12 | ControlFlowNode for cmd | code_injection.py:1:26:1:32 | ControlFlowNode for ImportMember | code_injection.py:10:10:10:12 | ControlFlowNode for cmd | This code execution depends on $@. | code_injection.py:1:26:1:32 | ControlFlowNode for ImportMember | a user-provided value | -| code_injection.py:21:20:21:27 | ControlFlowNode for obj_name | code_injection.py:1:26:1:32 | ControlFlowNode for ImportMember | code_injection.py:21:20:21:27 | ControlFlowNode for obj_name | This code execution depends on $@. | code_injection.py:1:26:1:32 | ControlFlowNode for ImportMember | a user-provided value | +| code_injection.py:7:10:7:13 | ControlFlowNode for code | code_injection.py:1:26:1:32 | ControlFlowNode for ImportMember | code_injection.py:7:10:7:13 | ControlFlowNode for code | This code execution depends on a $@. | code_injection.py:1:26:1:32 | ControlFlowNode for ImportMember | user-provided value | +| code_injection.py:8:10:8:13 | ControlFlowNode for code | code_injection.py:1:26:1:32 | ControlFlowNode for ImportMember | code_injection.py:8:10:8:13 | ControlFlowNode for code | This code execution depends on a $@. | code_injection.py:1:26:1:32 | ControlFlowNode for ImportMember | user-provided value | +| code_injection.py:10:10:10:12 | ControlFlowNode for cmd | code_injection.py:1:26:1:32 | ControlFlowNode for ImportMember | code_injection.py:10:10:10:12 | ControlFlowNode for cmd | This code execution depends on a $@. | code_injection.py:1:26:1:32 | ControlFlowNode for ImportMember | user-provided value | +| code_injection.py:21:20:21:27 | ControlFlowNode for obj_name | code_injection.py:1:26:1:32 | ControlFlowNode for ImportMember | code_injection.py:21:20:21:27 | ControlFlowNode for obj_name | This code execution depends on a $@. | code_injection.py:1:26:1:32 | ControlFlowNode for ImportMember | user-provided value | diff --git a/python/ql/test/query-tests/Security/CWE-117-LogInjection/LogInjection.expected b/python/ql/test/query-tests/Security/CWE-117-LogInjection/LogInjection.expected index d4138316fc2..561c898a928 100644 --- a/python/ql/test/query-tests/Security/CWE-117-LogInjection/LogInjection.expected +++ b/python/ql/test/query-tests/Security/CWE-117-LogInjection/LogInjection.expected @@ -31,7 +31,7 @@ nodes | LogInjectionBad.py:37:19:37:38 | ControlFlowNode for BinaryExpr | semmle.label | ControlFlowNode for BinaryExpr | subpaths #select -| LogInjectionBad.py:18:21:18:40 | ControlFlowNode for BinaryExpr | LogInjectionBad.py:7:19:7:25 | ControlFlowNode for ImportMember | LogInjectionBad.py:18:21:18:40 | ControlFlowNode for BinaryExpr | This log entry depends on $@. | LogInjectionBad.py:7:19:7:25 | ControlFlowNode for ImportMember | a user-provided value | -| LogInjectionBad.py:24:18:24:37 | ControlFlowNode for BinaryExpr | LogInjectionBad.py:7:19:7:25 | ControlFlowNode for ImportMember | LogInjectionBad.py:24:18:24:37 | ControlFlowNode for BinaryExpr | This log entry depends on $@. | LogInjectionBad.py:7:19:7:25 | ControlFlowNode for ImportMember | a user-provided value | -| LogInjectionBad.py:30:25:30:44 | ControlFlowNode for BinaryExpr | LogInjectionBad.py:7:19:7:25 | ControlFlowNode for ImportMember | LogInjectionBad.py:30:25:30:44 | ControlFlowNode for BinaryExpr | This log entry depends on $@. | LogInjectionBad.py:7:19:7:25 | ControlFlowNode for ImportMember | a user-provided value | -| LogInjectionBad.py:37:19:37:38 | ControlFlowNode for BinaryExpr | LogInjectionBad.py:7:19:7:25 | ControlFlowNode for ImportMember | LogInjectionBad.py:37:19:37:38 | ControlFlowNode for BinaryExpr | This log entry depends on $@. | LogInjectionBad.py:7:19:7:25 | ControlFlowNode for ImportMember | a user-provided value | +| LogInjectionBad.py:18:21:18:40 | ControlFlowNode for BinaryExpr | LogInjectionBad.py:7:19:7:25 | ControlFlowNode for ImportMember | LogInjectionBad.py:18:21:18:40 | ControlFlowNode for BinaryExpr | This log entry depends on a $@. | LogInjectionBad.py:7:19:7:25 | ControlFlowNode for ImportMember | user-provided value | +| LogInjectionBad.py:24:18:24:37 | ControlFlowNode for BinaryExpr | LogInjectionBad.py:7:19:7:25 | ControlFlowNode for ImportMember | LogInjectionBad.py:24:18:24:37 | ControlFlowNode for BinaryExpr | This log entry depends on a $@. | LogInjectionBad.py:7:19:7:25 | ControlFlowNode for ImportMember | user-provided value | +| LogInjectionBad.py:30:25:30:44 | ControlFlowNode for BinaryExpr | LogInjectionBad.py:7:19:7:25 | ControlFlowNode for ImportMember | LogInjectionBad.py:30:25:30:44 | ControlFlowNode for BinaryExpr | This log entry depends on a $@. | LogInjectionBad.py:7:19:7:25 | ControlFlowNode for ImportMember | user-provided value | +| LogInjectionBad.py:37:19:37:38 | ControlFlowNode for BinaryExpr | LogInjectionBad.py:7:19:7:25 | ControlFlowNode for ImportMember | LogInjectionBad.py:37:19:37:38 | ControlFlowNode for BinaryExpr | This log entry depends on a $@. | LogInjectionBad.py:7:19:7:25 | ControlFlowNode for ImportMember | user-provided value | diff --git a/python/ql/test/query-tests/Security/CWE-295-RequestWithoutValidation/RequestWithoutValidation.expected b/python/ql/test/query-tests/Security/CWE-295-RequestWithoutValidation/RequestWithoutValidation.expected index f81eda034dc..c4c3ad6801f 100644 --- a/python/ql/test/query-tests/Security/CWE-295-RequestWithoutValidation/RequestWithoutValidation.expected +++ b/python/ql/test/query-tests/Security/CWE-295-RequestWithoutValidation/RequestWithoutValidation.expected @@ -1,6 +1,6 @@ -| make_request.py:5:1:5:48 | ControlFlowNode for Attribute() | This request may run without certificate validation because it is $@. | make_request.py:5:43:5:47 | ControlFlowNode for False | disabled here | make_request.py:5:43:5:47 | ControlFlowNode for False | here | -| make_request.py:7:1:7:49 | ControlFlowNode for Attribute() | This request may run without certificate validation because it is $@. | make_request.py:7:44:7:48 | ControlFlowNode for False | disabled here | make_request.py:7:44:7:48 | ControlFlowNode for False | here | -| make_request.py:12:1:12:39 | ControlFlowNode for put() | This request may run without certificate validation because it is $@. | make_request.py:12:34:12:38 | ControlFlowNode for False | disabled here | make_request.py:12:34:12:38 | ControlFlowNode for False | here | -| make_request.py:28:5:28:46 | ControlFlowNode for patch() | This request may run without certificate validation because it is $@ by the value from $@. | make_request.py:28:40:28:45 | ControlFlowNode for verify | disabled here | make_request.py:30:6:30:10 | ControlFlowNode for False | here | -| make_request.py:34:1:34:45 | ControlFlowNode for Attribute() | This request may run without certificate validation because it is $@. | make_request.py:34:44:34:44 | ControlFlowNode for IntegerLiteral | disabled here | make_request.py:34:44:34:44 | ControlFlowNode for IntegerLiteral | here | -| make_request.py:41:1:41:26 | ControlFlowNode for Attribute() | This request may run without certificate validation because it is $@. | make_request.py:41:21:41:25 | ControlFlowNode for False | disabled here | make_request.py:41:21:41:25 | ControlFlowNode for False | here | +| make_request.py:5:1:5:48 | ControlFlowNode for Attribute() | This request may run without certificate validation because $@. | make_request.py:5:43:5:47 | ControlFlowNode for False | it is disabled | make_request.py:5:43:5:47 | ControlFlowNode for False | this value | +| make_request.py:7:1:7:49 | ControlFlowNode for Attribute() | This request may run without certificate validation because $@. | make_request.py:7:44:7:48 | ControlFlowNode for False | it is disabled | make_request.py:7:44:7:48 | ControlFlowNode for False | this value | +| make_request.py:12:1:12:39 | ControlFlowNode for put() | This request may run without certificate validation because $@. | make_request.py:12:34:12:38 | ControlFlowNode for False | it is disabled | make_request.py:12:34:12:38 | ControlFlowNode for False | this value | +| make_request.py:28:5:28:46 | ControlFlowNode for patch() | This request may run without certificate validation because $@ by $@. | make_request.py:28:40:28:45 | ControlFlowNode for verify | it is disabled | make_request.py:30:6:30:10 | ControlFlowNode for False | this value | +| make_request.py:34:1:34:45 | ControlFlowNode for Attribute() | This request may run without certificate validation because $@. | make_request.py:34:44:34:44 | ControlFlowNode for IntegerLiteral | it is disabled | make_request.py:34:44:34:44 | ControlFlowNode for IntegerLiteral | this value | +| make_request.py:41:1:41:26 | ControlFlowNode for Attribute() | This request may run without certificate validation because $@. | make_request.py:41:21:41:25 | ControlFlowNode for False | it is disabled | make_request.py:41:21:41:25 | ControlFlowNode for False | this value | diff --git a/python/ql/test/query-tests/Security/CWE-312-CleartextLogging/CleartextLogging.expected b/python/ql/test/query-tests/Security/CWE-312-CleartextLogging/CleartextLogging.expected index f5fb2ac8dfb..e9b5ac67585 100644 --- a/python/ql/test/query-tests/Security/CWE-312-CleartextLogging/CleartextLogging.expected +++ b/python/ql/test/query-tests/Security/CWE-312-CleartextLogging/CleartextLogging.expected @@ -22,13 +22,13 @@ nodes | test.py:69:11:69:31 | ControlFlowNode for Subscript | semmle.label | ControlFlowNode for Subscript | subpaths #select -| test.py:20:48:20:55 | ControlFlowNode for password | test.py:19:16:19:29 | ControlFlowNode for get_password() | test.py:20:48:20:55 | ControlFlowNode for password | $@ is logged here. | test.py:19:16:19:29 | ControlFlowNode for get_password() | Sensitive data (password) | -| test.py:22:58:22:65 | ControlFlowNode for password | test.py:19:16:19:29 | ControlFlowNode for get_password() | test.py:22:58:22:65 | ControlFlowNode for password | $@ is logged here. | test.py:19:16:19:29 | ControlFlowNode for get_password() | Sensitive data (password) | -| test.py:23:58:23:65 | ControlFlowNode for password | test.py:19:16:19:29 | ControlFlowNode for get_password() | test.py:23:58:23:65 | ControlFlowNode for password | $@ is logged here. | test.py:19:16:19:29 | ControlFlowNode for get_password() | Sensitive data (password) | -| test.py:27:40:27:47 | ControlFlowNode for password | test.py:19:16:19:29 | ControlFlowNode for get_password() | test.py:27:40:27:47 | ControlFlowNode for password | $@ is logged here. | test.py:19:16:19:29 | ControlFlowNode for get_password() | Sensitive data (password) | -| test.py:30:58:30:65 | ControlFlowNode for password | test.py:19:16:19:29 | ControlFlowNode for get_password() | test.py:30:58:30:65 | ControlFlowNode for password | $@ is logged here. | test.py:19:16:19:29 | ControlFlowNode for get_password() | Sensitive data (password) | -| test.py:34:30:34:39 | ControlFlowNode for get_cert() | test.py:34:30:34:39 | ControlFlowNode for get_cert() | test.py:34:30:34:39 | ControlFlowNode for get_cert() | $@ is logged here. | test.py:34:30:34:39 | ControlFlowNode for get_cert() | Sensitive data (certificate) | -| test.py:37:11:37:24 | ControlFlowNode for get_password() | test.py:37:11:37:24 | ControlFlowNode for get_password() | test.py:37:11:37:24 | ControlFlowNode for get_password() | $@ is logged here. | test.py:37:11:37:24 | ControlFlowNode for get_password() | Sensitive data (password) | -| test.py:39:22:39:35 | ControlFlowNode for get_password() | test.py:39:22:39:35 | ControlFlowNode for get_password() | test.py:39:22:39:35 | ControlFlowNode for get_password() | $@ is logged here. | test.py:39:22:39:35 | ControlFlowNode for get_password() | Sensitive data (password) | -| test.py:40:22:40:35 | ControlFlowNode for get_password() | test.py:40:22:40:35 | ControlFlowNode for get_password() | test.py:40:22:40:35 | ControlFlowNode for get_password() | $@ is logged here. | test.py:40:22:40:35 | ControlFlowNode for get_password() | Sensitive data (password) | -| test.py:69:11:69:31 | ControlFlowNode for Subscript | test.py:67:21:67:37 | ControlFlowNode for Attribute | test.py:69:11:69:31 | ControlFlowNode for Subscript | $@ is logged here. | test.py:67:21:67:37 | ControlFlowNode for Attribute | Sensitive data (password) | +| test.py:20:48:20:55 | ControlFlowNode for password | test.py:19:16:19:29 | ControlFlowNode for get_password() | test.py:20:48:20:55 | ControlFlowNode for password | This expression logs $@ as clear text. | test.py:19:16:19:29 | ControlFlowNode for get_password() | sensitive data (password) | +| test.py:22:58:22:65 | ControlFlowNode for password | test.py:19:16:19:29 | ControlFlowNode for get_password() | test.py:22:58:22:65 | ControlFlowNode for password | This expression logs $@ as clear text. | test.py:19:16:19:29 | ControlFlowNode for get_password() | sensitive data (password) | +| test.py:23:58:23:65 | ControlFlowNode for password | test.py:19:16:19:29 | ControlFlowNode for get_password() | test.py:23:58:23:65 | ControlFlowNode for password | This expression logs $@ as clear text. | test.py:19:16:19:29 | ControlFlowNode for get_password() | sensitive data (password) | +| test.py:27:40:27:47 | ControlFlowNode for password | test.py:19:16:19:29 | ControlFlowNode for get_password() | test.py:27:40:27:47 | ControlFlowNode for password | This expression logs $@ as clear text. | test.py:19:16:19:29 | ControlFlowNode for get_password() | sensitive data (password) | +| test.py:30:58:30:65 | ControlFlowNode for password | test.py:19:16:19:29 | ControlFlowNode for get_password() | test.py:30:58:30:65 | ControlFlowNode for password | This expression logs $@ as clear text. | test.py:19:16:19:29 | ControlFlowNode for get_password() | sensitive data (password) | +| test.py:34:30:34:39 | ControlFlowNode for get_cert() | test.py:34:30:34:39 | ControlFlowNode for get_cert() | test.py:34:30:34:39 | ControlFlowNode for get_cert() | This expression logs $@ as clear text. | test.py:34:30:34:39 | ControlFlowNode for get_cert() | sensitive data (certificate) | +| test.py:37:11:37:24 | ControlFlowNode for get_password() | test.py:37:11:37:24 | ControlFlowNode for get_password() | test.py:37:11:37:24 | ControlFlowNode for get_password() | This expression logs $@ as clear text. | test.py:37:11:37:24 | ControlFlowNode for get_password() | sensitive data (password) | +| test.py:39:22:39:35 | ControlFlowNode for get_password() | test.py:39:22:39:35 | ControlFlowNode for get_password() | test.py:39:22:39:35 | ControlFlowNode for get_password() | This expression logs $@ as clear text. | test.py:39:22:39:35 | ControlFlowNode for get_password() | sensitive data (password) | +| test.py:40:22:40:35 | ControlFlowNode for get_password() | test.py:40:22:40:35 | ControlFlowNode for get_password() | test.py:40:22:40:35 | ControlFlowNode for get_password() | This expression logs $@ as clear text. | test.py:40:22:40:35 | ControlFlowNode for get_password() | sensitive data (password) | +| test.py:69:11:69:31 | ControlFlowNode for Subscript | test.py:67:21:67:37 | ControlFlowNode for Attribute | test.py:69:11:69:31 | ControlFlowNode for Subscript | This expression logs $@ as clear text. | test.py:67:21:67:37 | ControlFlowNode for Attribute | sensitive data (password) | diff --git a/python/ql/test/query-tests/Security/CWE-312-CleartextStorage-py3/CleartextStorage.expected b/python/ql/test/query-tests/Security/CWE-312-CleartextStorage-py3/CleartextStorage.expected index ea3b3cb4c2a..f2b0894ec0a 100644 --- a/python/ql/test/query-tests/Security/CWE-312-CleartextStorage-py3/CleartextStorage.expected +++ b/python/ql/test/query-tests/Security/CWE-312-CleartextStorage-py3/CleartextStorage.expected @@ -9,6 +9,6 @@ nodes | test.py:15:26:15:29 | ControlFlowNode for cert | semmle.label | ControlFlowNode for cert | subpaths #select -| test.py:12:21:12:24 | ControlFlowNode for cert | test.py:9:12:9:21 | ControlFlowNode for get_cert() | test.py:12:21:12:24 | ControlFlowNode for cert | $@ is stored here. | test.py:9:12:9:21 | ControlFlowNode for get_cert() | Sensitive data (certificate) | -| test.py:13:22:13:41 | ControlFlowNode for Attribute() | test.py:9:12:9:21 | ControlFlowNode for get_cert() | test.py:13:22:13:41 | ControlFlowNode for Attribute() | $@ is stored here. | test.py:9:12:9:21 | ControlFlowNode for get_cert() | Sensitive data (certificate) | -| test.py:15:26:15:29 | ControlFlowNode for cert | test.py:9:12:9:21 | ControlFlowNode for get_cert() | test.py:15:26:15:29 | ControlFlowNode for cert | $@ is stored here. | test.py:9:12:9:21 | ControlFlowNode for get_cert() | Sensitive data (certificate) | +| test.py:12:21:12:24 | ControlFlowNode for cert | test.py:9:12:9:21 | ControlFlowNode for get_cert() | test.py:12:21:12:24 | ControlFlowNode for cert | This expression stores $@ as clear text. | test.py:9:12:9:21 | ControlFlowNode for get_cert() | sensitive data (certificate) | +| test.py:13:22:13:41 | ControlFlowNode for Attribute() | test.py:9:12:9:21 | ControlFlowNode for get_cert() | test.py:13:22:13:41 | ControlFlowNode for Attribute() | This expression stores $@ as clear text. | test.py:9:12:9:21 | ControlFlowNode for get_cert() | sensitive data (certificate) | +| test.py:15:26:15:29 | ControlFlowNode for cert | test.py:9:12:9:21 | ControlFlowNode for get_cert() | test.py:15:26:15:29 | ControlFlowNode for cert | This expression stores $@ as clear text. | test.py:9:12:9:21 | ControlFlowNode for get_cert() | sensitive data (certificate) | diff --git a/python/ql/test/query-tests/Security/CWE-312-CleartextStorage/CleartextStorage.expected b/python/ql/test/query-tests/Security/CWE-312-CleartextStorage/CleartextStorage.expected index 518935eb677..158afa2acc8 100644 --- a/python/ql/test/query-tests/Security/CWE-312-CleartextStorage/CleartextStorage.expected +++ b/python/ql/test/query-tests/Security/CWE-312-CleartextStorage/CleartextStorage.expected @@ -15,7 +15,7 @@ nodes | test.py:10:25:10:29 | ControlFlowNode for lines | semmle.label | ControlFlowNode for lines | subpaths #select -| password_in_cookie.py:9:33:9:40 | ControlFlowNode for password | password_in_cookie.py:7:16:7:43 | ControlFlowNode for Attribute() | password_in_cookie.py:9:33:9:40 | ControlFlowNode for password | $@ is stored here. | password_in_cookie.py:7:16:7:43 | ControlFlowNode for Attribute() | Sensitive data (password) | -| password_in_cookie.py:16:33:16:40 | ControlFlowNode for password | password_in_cookie.py:14:16:14:43 | ControlFlowNode for Attribute() | password_in_cookie.py:16:33:16:40 | ControlFlowNode for password | $@ is stored here. | password_in_cookie.py:14:16:14:43 | ControlFlowNode for Attribute() | Sensitive data (password) | -| test.py:8:20:8:23 | ControlFlowNode for cert | test.py:6:12:6:21 | ControlFlowNode for get_cert() | test.py:8:20:8:23 | ControlFlowNode for cert | $@ is stored here. | test.py:6:12:6:21 | ControlFlowNode for get_cert() | Sensitive data (certificate) | -| test.py:10:25:10:29 | ControlFlowNode for lines | test.py:6:12:6:21 | ControlFlowNode for get_cert() | test.py:10:25:10:29 | ControlFlowNode for lines | $@ is stored here. | test.py:6:12:6:21 | ControlFlowNode for get_cert() | Sensitive data (certificate) | +| password_in_cookie.py:9:33:9:40 | ControlFlowNode for password | password_in_cookie.py:7:16:7:43 | ControlFlowNode for Attribute() | password_in_cookie.py:9:33:9:40 | ControlFlowNode for password | This expression stores $@ as clear text. | password_in_cookie.py:7:16:7:43 | ControlFlowNode for Attribute() | sensitive data (password) | +| password_in_cookie.py:16:33:16:40 | ControlFlowNode for password | password_in_cookie.py:14:16:14:43 | ControlFlowNode for Attribute() | password_in_cookie.py:16:33:16:40 | ControlFlowNode for password | This expression stores $@ as clear text. | password_in_cookie.py:14:16:14:43 | ControlFlowNode for Attribute() | sensitive data (password) | +| test.py:8:20:8:23 | ControlFlowNode for cert | test.py:6:12:6:21 | ControlFlowNode for get_cert() | test.py:8:20:8:23 | ControlFlowNode for cert | This expression stores $@ as clear text. | test.py:6:12:6:21 | ControlFlowNode for get_cert() | sensitive data (certificate) | +| test.py:10:25:10:29 | ControlFlowNode for lines | test.py:6:12:6:21 | ControlFlowNode for get_cert() | test.py:10:25:10:29 | ControlFlowNode for lines | This expression stores $@ as clear text. | test.py:6:12:6:21 | ControlFlowNode for get_cert() | sensitive data (certificate) | diff --git a/python/ql/test/query-tests/Security/CWE-327-InsecureProtocol/InsecureProtocol.expected b/python/ql/test/query-tests/Security/CWE-327-InsecureProtocol/InsecureProtocol.expected index 359a8d28ba1..c08e19e5f1c 100644 --- a/python/ql/test/query-tests/Security/CWE-327-InsecureProtocol/InsecureProtocol.expected +++ b/python/ql/test/query-tests/Security/CWE-327-InsecureProtocol/InsecureProtocol.expected @@ -1,39 +1,39 @@ -| InsecureProtocol.py:6:1:6:47 | ControlFlowNode for Attribute() | Insecure SSL/TLS protocol version SSLv2 specified by $@ | InsecureProtocol.py:6:1:6:47 | ControlFlowNode for Attribute() | call to ssl.wrap_socket | -| InsecureProtocol.py:7:1:7:47 | ControlFlowNode for Attribute() | Insecure SSL/TLS protocol version SSLv3 specified by $@ | InsecureProtocol.py:7:1:7:47 | ControlFlowNode for Attribute() | call to ssl.wrap_socket | -| InsecureProtocol.py:8:1:8:47 | ControlFlowNode for Attribute() | Insecure SSL/TLS protocol version TLSv1 specified by $@ | InsecureProtocol.py:8:1:8:47 | ControlFlowNode for Attribute() | call to ssl.wrap_socket | -| InsecureProtocol.py:10:1:10:39 | ControlFlowNode for SSLContext() | Insecure SSL/TLS protocol version SSLv2 specified by $@ | InsecureProtocol.py:10:1:10:39 | ControlFlowNode for SSLContext() | call to SSLContext | -| InsecureProtocol.py:11:1:11:39 | ControlFlowNode for SSLContext() | Insecure SSL/TLS protocol version SSLv3 specified by $@ | InsecureProtocol.py:11:1:11:39 | ControlFlowNode for SSLContext() | call to SSLContext | -| InsecureProtocol.py:12:1:12:39 | ControlFlowNode for SSLContext() | Insecure SSL/TLS protocol version TLSv1 specified by $@ | InsecureProtocol.py:12:1:12:39 | ControlFlowNode for SSLContext() | call to SSLContext | -| InsecureProtocol.py:14:1:14:29 | ControlFlowNode for Attribute() | Insecure SSL/TLS protocol version SSLv2 specified by $@ | InsecureProtocol.py:14:1:14:29 | ControlFlowNode for Attribute() | call to SSL.Context | -| InsecureProtocol.py:15:1:15:29 | ControlFlowNode for Attribute() | Insecure SSL/TLS protocol version SSLv3 specified by $@ | InsecureProtocol.py:15:1:15:29 | ControlFlowNode for Attribute() | call to SSL.Context | -| InsecureProtocol.py:16:1:16:29 | ControlFlowNode for Attribute() | Insecure SSL/TLS protocol version TLSv1 specified by $@ | InsecureProtocol.py:16:1:16:29 | ControlFlowNode for Attribute() | call to SSL.Context | -| InsecureProtocol.py:19:1:19:19 | ControlFlowNode for Attribute() | Insecure SSL/TLS protocol version SSLv2 specified by $@ | InsecureProtocol.py:19:1:19:19 | ControlFlowNode for Attribute() | call to SSL.Context | -| InsecureProtocol.py:23:1:23:43 | ControlFlowNode for Attribute() | Insecure SSL/TLS protocol version SSLv2 specified by $@ | InsecureProtocol.py:23:1:23:43 | ControlFlowNode for Attribute() | call to ssl.wrap_socket | -| InsecureProtocol.py:24:1:24:35 | ControlFlowNode for SSLContext() | Insecure SSL/TLS protocol version SSLv2 specified by $@ | InsecureProtocol.py:24:1:24:35 | ControlFlowNode for SSLContext() | call to SSLContext | -| pyOpenSSL_fluent.py:8:27:8:33 | ControlFlowNode for context | Insecure SSL/TLS protocol version SSLv2 allowed by $@ | pyOpenSSL_fluent.py:6:15:6:44 | ControlFlowNode for Attribute() | call to SSL.Context | -| pyOpenSSL_fluent.py:8:27:8:33 | ControlFlowNode for context | Insecure SSL/TLS protocol version SSLv3 allowed by $@ | pyOpenSSL_fluent.py:6:15:6:44 | ControlFlowNode for Attribute() | call to SSL.Context | -| pyOpenSSL_fluent.py:8:27:8:33 | ControlFlowNode for context | Insecure SSL/TLS protocol version TLSv1 allowed by $@ | pyOpenSSL_fluent.py:6:15:6:44 | ControlFlowNode for Attribute() | call to SSL.Context | -| pyOpenSSL_fluent.py:8:27:8:33 | ControlFlowNode for context | Insecure SSL/TLS protocol version TLSv1_1 allowed by $@ | pyOpenSSL_fluent.py:6:15:6:44 | ControlFlowNode for Attribute() | call to SSL.Context | -| pyOpenSSL_fluent.py:18:27:18:33 | ControlFlowNode for context | Insecure SSL/TLS protocol version SSLv2 allowed by $@ | pyOpenSSL_fluent.py:15:15:15:44 | ControlFlowNode for Attribute() | call to SSL.Context | -| pyOpenSSL_fluent.py:18:27:18:33 | ControlFlowNode for context | Insecure SSL/TLS protocol version SSLv3 allowed by $@ | pyOpenSSL_fluent.py:15:15:15:44 | ControlFlowNode for Attribute() | call to SSL.Context | -| pyOpenSSL_fluent.py:18:27:18:33 | ControlFlowNode for context | Insecure SSL/TLS protocol version TLSv1_1 allowed by $@ | pyOpenSSL_fluent.py:15:15:15:44 | ControlFlowNode for Attribute() | call to SSL.Context | -| ssl_fluent.py:9:14:9:20 | ControlFlowNode for context | Insecure SSL/TLS protocol version TLSv1 allowed by $@ | ssl_fluent.py:6:15:6:46 | ControlFlowNode for Attribute() | call to ssl.SSLContext | -| ssl_fluent.py:9:14:9:20 | ControlFlowNode for context | Insecure SSL/TLS protocol version TLSv1_1 allowed by $@ | ssl_fluent.py:6:15:6:46 | ControlFlowNode for Attribute() | call to ssl.SSLContext | -| ssl_fluent.py:19:14:19:20 | ControlFlowNode for context | Insecure SSL/TLS protocol version TLSv1_1 allowed by $@ | ssl_fluent.py:15:15:15:46 | ControlFlowNode for Attribute() | call to ssl.SSLContext | -| ssl_fluent.py:28:14:28:20 | ControlFlowNode for context | Insecure SSL/TLS protocol version TLSv1_1 allowed by $@ | ssl_fluent.py:24:15:24:53 | ControlFlowNode for Attribute() | call to ssl.SSLContext | -| ssl_fluent.py:37:14:37:20 | ControlFlowNode for context | Insecure SSL/TLS protocol version TLSv1_1 allowed by $@ | ssl_fluent.py:33:15:33:53 | ControlFlowNode for Attribute() | call to ssl.SSLContext | -| ssl_fluent.py:57:14:57:20 | ControlFlowNode for context | Insecure SSL/TLS protocol version TLSv1 allowed by $@ | ssl_fluent.py:54:15:54:49 | ControlFlowNode for Attribute() | call to ssl.SSLContext | -| ssl_fluent.py:57:14:57:20 | ControlFlowNode for context | Insecure SSL/TLS protocol version TLSv1_1 allowed by $@ | ssl_fluent.py:54:15:54:49 | ControlFlowNode for Attribute() | call to ssl.SSLContext | -| ssl_fluent.py:71:14:71:20 | ControlFlowNode for context | Insecure SSL/TLS protocol version TLSv1 allowed by $@ | ssl_fluent.py:62:12:62:43 | ControlFlowNode for Attribute() | call to ssl.SSLContext | -| ssl_fluent.py:71:14:71:20 | ControlFlowNode for context | Insecure SSL/TLS protocol version TLSv1 allowed by $@ | ssl_fluent.py:101:15:101:46 | ControlFlowNode for Attribute() | call to ssl.SSLContext | -| ssl_fluent.py:71:14:71:20 | ControlFlowNode for context | Insecure SSL/TLS protocol version TLSv1_1 allowed by $@ | ssl_fluent.py:62:12:62:43 | ControlFlowNode for Attribute() | call to ssl.SSLContext | -| ssl_fluent.py:71:14:71:20 | ControlFlowNode for context | Insecure SSL/TLS protocol version TLSv1_1 allowed by $@ | ssl_fluent.py:101:15:101:46 | ControlFlowNode for Attribute() | call to ssl.SSLContext | -| ssl_fluent.py:71:14:71:20 | ControlFlowNode for context | Insecure SSL/TLS protocol version TLSv1_1 allowed by $@ | ssl_fluent.py:117:5:117:11 | ControlFlowNode for context | context modification | -| ssl_fluent.py:71:14:71:20 | ControlFlowNode for context | Insecure SSL/TLS protocol version TLSv1_1 allowed by $@ | ssl_fluent.py:135:5:135:11 | ControlFlowNode for context | context modification | -| ssl_fluent.py:77:14:77:20 | ControlFlowNode for context | Insecure SSL/TLS protocol version TLSv1 allowed by $@ | ssl_fluent.py:62:12:62:43 | ControlFlowNode for Attribute() | call to ssl.SSLContext | -| ssl_fluent.py:77:14:77:20 | ControlFlowNode for context | Insecure SSL/TLS protocol version TLSv1_1 allowed by $@ | ssl_fluent.py:62:12:62:43 | ControlFlowNode for Attribute() | call to ssl.SSLContext | -| ssl_fluent.py:97:14:97:20 | ControlFlowNode for context | Insecure SSL/TLS protocol version TLSv1_1 allowed by $@ | ssl_fluent.py:95:5:95:11 | ControlFlowNode for context | context modification | -| ssl_fluent.py:146:14:146:20 | ControlFlowNode for context | Insecure SSL/TLS protocol version TLSv1_1 allowed by $@ | ssl_fluent.py:143:5:143:11 | ControlFlowNode for context | context modification | -| ssl_fluent.py:165:14:165:20 | ControlFlowNode for context | Insecure SSL/TLS protocol version SSLv3 allowed by $@ | ssl_fluent.py:162:5:162:11 | ControlFlowNode for context | context modification | -| ssl_fluent.py:165:14:165:20 | ControlFlowNode for context | Insecure SSL/TLS protocol version TLSv1 allowed by $@ | ssl_fluent.py:161:15:161:65 | ControlFlowNode for Attribute() | call to ssl.create_default_context | -| ssl_fluent.py:165:14:165:20 | ControlFlowNode for context | Insecure SSL/TLS protocol version TLSv1_1 allowed by $@ | ssl_fluent.py:161:15:161:65 | ControlFlowNode for Attribute() | call to ssl.create_default_context | +| InsecureProtocol.py:6:1:6:47 | ControlFlowNode for Attribute() | Insecure SSL/TLS protocol version SSLv2 specified by $@. | InsecureProtocol.py:6:1:6:47 | ControlFlowNode for Attribute() | call to ssl.wrap_socket | +| InsecureProtocol.py:7:1:7:47 | ControlFlowNode for Attribute() | Insecure SSL/TLS protocol version SSLv3 specified by $@. | InsecureProtocol.py:7:1:7:47 | ControlFlowNode for Attribute() | call to ssl.wrap_socket | +| InsecureProtocol.py:8:1:8:47 | ControlFlowNode for Attribute() | Insecure SSL/TLS protocol version TLSv1 specified by $@. | InsecureProtocol.py:8:1:8:47 | ControlFlowNode for Attribute() | call to ssl.wrap_socket | +| InsecureProtocol.py:10:1:10:39 | ControlFlowNode for SSLContext() | Insecure SSL/TLS protocol version SSLv2 specified by $@. | InsecureProtocol.py:10:1:10:39 | ControlFlowNode for SSLContext() | call to SSLContext | +| InsecureProtocol.py:11:1:11:39 | ControlFlowNode for SSLContext() | Insecure SSL/TLS protocol version SSLv3 specified by $@. | InsecureProtocol.py:11:1:11:39 | ControlFlowNode for SSLContext() | call to SSLContext | +| InsecureProtocol.py:12:1:12:39 | ControlFlowNode for SSLContext() | Insecure SSL/TLS protocol version TLSv1 specified by $@. | InsecureProtocol.py:12:1:12:39 | ControlFlowNode for SSLContext() | call to SSLContext | +| InsecureProtocol.py:14:1:14:29 | ControlFlowNode for Attribute() | Insecure SSL/TLS protocol version SSLv2 specified by $@. | InsecureProtocol.py:14:1:14:29 | ControlFlowNode for Attribute() | call to SSL.Context | +| InsecureProtocol.py:15:1:15:29 | ControlFlowNode for Attribute() | Insecure SSL/TLS protocol version SSLv3 specified by $@. | InsecureProtocol.py:15:1:15:29 | ControlFlowNode for Attribute() | call to SSL.Context | +| InsecureProtocol.py:16:1:16:29 | ControlFlowNode for Attribute() | Insecure SSL/TLS protocol version TLSv1 specified by $@. | InsecureProtocol.py:16:1:16:29 | ControlFlowNode for Attribute() | call to SSL.Context | +| InsecureProtocol.py:19:1:19:19 | ControlFlowNode for Attribute() | Insecure SSL/TLS protocol version SSLv2 specified by $@. | InsecureProtocol.py:19:1:19:19 | ControlFlowNode for Attribute() | call to SSL.Context | +| InsecureProtocol.py:23:1:23:43 | ControlFlowNode for Attribute() | Insecure SSL/TLS protocol version SSLv2 specified by $@. | InsecureProtocol.py:23:1:23:43 | ControlFlowNode for Attribute() | call to ssl.wrap_socket | +| InsecureProtocol.py:24:1:24:35 | ControlFlowNode for SSLContext() | Insecure SSL/TLS protocol version SSLv2 specified by $@. | InsecureProtocol.py:24:1:24:35 | ControlFlowNode for SSLContext() | call to SSLContext | +| pyOpenSSL_fluent.py:8:27:8:33 | ControlFlowNode for context | Insecure SSL/TLS protocol version SSLv2 allowed by $@. | pyOpenSSL_fluent.py:6:15:6:44 | ControlFlowNode for Attribute() | call to SSL.Context | +| pyOpenSSL_fluent.py:8:27:8:33 | ControlFlowNode for context | Insecure SSL/TLS protocol version SSLv3 allowed by $@. | pyOpenSSL_fluent.py:6:15:6:44 | ControlFlowNode for Attribute() | call to SSL.Context | +| pyOpenSSL_fluent.py:8:27:8:33 | ControlFlowNode for context | Insecure SSL/TLS protocol version TLSv1 allowed by $@. | pyOpenSSL_fluent.py:6:15:6:44 | ControlFlowNode for Attribute() | call to SSL.Context | +| pyOpenSSL_fluent.py:8:27:8:33 | ControlFlowNode for context | Insecure SSL/TLS protocol version TLSv1_1 allowed by $@. | pyOpenSSL_fluent.py:6:15:6:44 | ControlFlowNode for Attribute() | call to SSL.Context | +| pyOpenSSL_fluent.py:18:27:18:33 | ControlFlowNode for context | Insecure SSL/TLS protocol version SSLv2 allowed by $@. | pyOpenSSL_fluent.py:15:15:15:44 | ControlFlowNode for Attribute() | call to SSL.Context | +| pyOpenSSL_fluent.py:18:27:18:33 | ControlFlowNode for context | Insecure SSL/TLS protocol version SSLv3 allowed by $@. | pyOpenSSL_fluent.py:15:15:15:44 | ControlFlowNode for Attribute() | call to SSL.Context | +| pyOpenSSL_fluent.py:18:27:18:33 | ControlFlowNode for context | Insecure SSL/TLS protocol version TLSv1_1 allowed by $@. | pyOpenSSL_fluent.py:15:15:15:44 | ControlFlowNode for Attribute() | call to SSL.Context | +| ssl_fluent.py:9:14:9:20 | ControlFlowNode for context | Insecure SSL/TLS protocol version TLSv1 allowed by $@. | ssl_fluent.py:6:15:6:46 | ControlFlowNode for Attribute() | call to ssl.SSLContext | +| ssl_fluent.py:9:14:9:20 | ControlFlowNode for context | Insecure SSL/TLS protocol version TLSv1_1 allowed by $@. | ssl_fluent.py:6:15:6:46 | ControlFlowNode for Attribute() | call to ssl.SSLContext | +| ssl_fluent.py:19:14:19:20 | ControlFlowNode for context | Insecure SSL/TLS protocol version TLSv1_1 allowed by $@. | ssl_fluent.py:15:15:15:46 | ControlFlowNode for Attribute() | call to ssl.SSLContext | +| ssl_fluent.py:28:14:28:20 | ControlFlowNode for context | Insecure SSL/TLS protocol version TLSv1_1 allowed by $@. | ssl_fluent.py:24:15:24:53 | ControlFlowNode for Attribute() | call to ssl.SSLContext | +| ssl_fluent.py:37:14:37:20 | ControlFlowNode for context | Insecure SSL/TLS protocol version TLSv1_1 allowed by $@. | ssl_fluent.py:33:15:33:53 | ControlFlowNode for Attribute() | call to ssl.SSLContext | +| ssl_fluent.py:57:14:57:20 | ControlFlowNode for context | Insecure SSL/TLS protocol version TLSv1 allowed by $@. | ssl_fluent.py:54:15:54:49 | ControlFlowNode for Attribute() | call to ssl.SSLContext | +| ssl_fluent.py:57:14:57:20 | ControlFlowNode for context | Insecure SSL/TLS protocol version TLSv1_1 allowed by $@. | ssl_fluent.py:54:15:54:49 | ControlFlowNode for Attribute() | call to ssl.SSLContext | +| ssl_fluent.py:71:14:71:20 | ControlFlowNode for context | Insecure SSL/TLS protocol version TLSv1 allowed by $@. | ssl_fluent.py:62:12:62:43 | ControlFlowNode for Attribute() | call to ssl.SSLContext | +| ssl_fluent.py:71:14:71:20 | ControlFlowNode for context | Insecure SSL/TLS protocol version TLSv1 allowed by $@. | ssl_fluent.py:101:15:101:46 | ControlFlowNode for Attribute() | call to ssl.SSLContext | +| ssl_fluent.py:71:14:71:20 | ControlFlowNode for context | Insecure SSL/TLS protocol version TLSv1_1 allowed by $@. | ssl_fluent.py:62:12:62:43 | ControlFlowNode for Attribute() | call to ssl.SSLContext | +| ssl_fluent.py:71:14:71:20 | ControlFlowNode for context | Insecure SSL/TLS protocol version TLSv1_1 allowed by $@. | ssl_fluent.py:101:15:101:46 | ControlFlowNode for Attribute() | call to ssl.SSLContext | +| ssl_fluent.py:71:14:71:20 | ControlFlowNode for context | Insecure SSL/TLS protocol version TLSv1_1 allowed by $@. | ssl_fluent.py:117:5:117:11 | ControlFlowNode for context | context modification | +| ssl_fluent.py:71:14:71:20 | ControlFlowNode for context | Insecure SSL/TLS protocol version TLSv1_1 allowed by $@. | ssl_fluent.py:135:5:135:11 | ControlFlowNode for context | context modification | +| ssl_fluent.py:77:14:77:20 | ControlFlowNode for context | Insecure SSL/TLS protocol version TLSv1 allowed by $@. | ssl_fluent.py:62:12:62:43 | ControlFlowNode for Attribute() | call to ssl.SSLContext | +| ssl_fluent.py:77:14:77:20 | ControlFlowNode for context | Insecure SSL/TLS protocol version TLSv1_1 allowed by $@. | ssl_fluent.py:62:12:62:43 | ControlFlowNode for Attribute() | call to ssl.SSLContext | +| ssl_fluent.py:97:14:97:20 | ControlFlowNode for context | Insecure SSL/TLS protocol version TLSv1_1 allowed by $@. | ssl_fluent.py:95:5:95:11 | ControlFlowNode for context | context modification | +| ssl_fluent.py:146:14:146:20 | ControlFlowNode for context | Insecure SSL/TLS protocol version TLSv1_1 allowed by $@. | ssl_fluent.py:143:5:143:11 | ControlFlowNode for context | context modification | +| ssl_fluent.py:165:14:165:20 | ControlFlowNode for context | Insecure SSL/TLS protocol version SSLv3 allowed by $@. | ssl_fluent.py:162:5:162:11 | ControlFlowNode for context | context modification | +| ssl_fluent.py:165:14:165:20 | ControlFlowNode for context | Insecure SSL/TLS protocol version TLSv1 allowed by $@. | ssl_fluent.py:161:15:161:65 | ControlFlowNode for Attribute() | call to ssl.create_default_context | +| ssl_fluent.py:165:14:165:20 | ControlFlowNode for context | Insecure SSL/TLS protocol version TLSv1_1 allowed by $@. | ssl_fluent.py:161:15:161:65 | ControlFlowNode for Attribute() | call to ssl.create_default_context | diff --git a/python/ql/test/query-tests/Security/CWE-502-UnsafeDeserialization/UnsafeDeserialization.expected b/python/ql/test/query-tests/Security/CWE-502-UnsafeDeserialization/UnsafeDeserialization.expected index dc536fa9e7e..80dd354c35c 100644 --- a/python/ql/test/query-tests/Security/CWE-502-UnsafeDeserialization/UnsafeDeserialization.expected +++ b/python/ql/test/query-tests/Security/CWE-502-UnsafeDeserialization/UnsafeDeserialization.expected @@ -19,7 +19,7 @@ nodes | unsafe_deserialization.py:21:16:21:22 | ControlFlowNode for payload | semmle.label | ControlFlowNode for payload | subpaths #select -| unsafe_deserialization.py:15:18:15:24 | ControlFlowNode for payload | unsafe_deserialization.py:8:26:8:32 | ControlFlowNode for ImportMember | unsafe_deserialization.py:15:18:15:24 | ControlFlowNode for payload | Unsafe deserialization depends on $@. | unsafe_deserialization.py:8:26:8:32 | ControlFlowNode for ImportMember | a user-provided value | -| unsafe_deserialization.py:16:15:16:21 | ControlFlowNode for payload | unsafe_deserialization.py:8:26:8:32 | ControlFlowNode for ImportMember | unsafe_deserialization.py:16:15:16:21 | ControlFlowNode for payload | Unsafe deserialization depends on $@. | unsafe_deserialization.py:8:26:8:32 | ControlFlowNode for ImportMember | a user-provided value | -| unsafe_deserialization.py:18:19:18:25 | ControlFlowNode for payload | unsafe_deserialization.py:8:26:8:32 | ControlFlowNode for ImportMember | unsafe_deserialization.py:18:19:18:25 | ControlFlowNode for payload | Unsafe deserialization depends on $@. | unsafe_deserialization.py:8:26:8:32 | ControlFlowNode for ImportMember | a user-provided value | -| unsafe_deserialization.py:21:16:21:22 | ControlFlowNode for payload | unsafe_deserialization.py:8:26:8:32 | ControlFlowNode for ImportMember | unsafe_deserialization.py:21:16:21:22 | ControlFlowNode for payload | Unsafe deserialization depends on $@. | unsafe_deserialization.py:8:26:8:32 | ControlFlowNode for ImportMember | a user-provided value | +| unsafe_deserialization.py:15:18:15:24 | ControlFlowNode for payload | unsafe_deserialization.py:8:26:8:32 | ControlFlowNode for ImportMember | unsafe_deserialization.py:15:18:15:24 | ControlFlowNode for payload | Unsafe deserialization depends on a $@. | unsafe_deserialization.py:8:26:8:32 | ControlFlowNode for ImportMember | user-provided value | +| unsafe_deserialization.py:16:15:16:21 | ControlFlowNode for payload | unsafe_deserialization.py:8:26:8:32 | ControlFlowNode for ImportMember | unsafe_deserialization.py:16:15:16:21 | ControlFlowNode for payload | Unsafe deserialization depends on a $@. | unsafe_deserialization.py:8:26:8:32 | ControlFlowNode for ImportMember | user-provided value | +| unsafe_deserialization.py:18:19:18:25 | ControlFlowNode for payload | unsafe_deserialization.py:8:26:8:32 | ControlFlowNode for ImportMember | unsafe_deserialization.py:18:19:18:25 | ControlFlowNode for payload | Unsafe deserialization depends on a $@. | unsafe_deserialization.py:8:26:8:32 | ControlFlowNode for ImportMember | user-provided value | +| unsafe_deserialization.py:21:16:21:22 | ControlFlowNode for payload | unsafe_deserialization.py:8:26:8:32 | ControlFlowNode for ImportMember | unsafe_deserialization.py:21:16:21:22 | ControlFlowNode for payload | Unsafe deserialization depends on a $@. | unsafe_deserialization.py:8:26:8:32 | ControlFlowNode for ImportMember | user-provided value | diff --git a/python/ql/test/query-tests/Security/CWE-601-UrlRedirect/UrlRedirect.expected b/python/ql/test/query-tests/Security/CWE-601-UrlRedirect/UrlRedirect.expected index 19f96791e87..43e62be9707 100644 --- a/python/ql/test/query-tests/Security/CWE-601-UrlRedirect/UrlRedirect.expected +++ b/python/ql/test/query-tests/Security/CWE-601-UrlRedirect/UrlRedirect.expected @@ -55,11 +55,11 @@ nodes | test.py:83:21:83:26 | ControlFlowNode for unsafe | semmle.label | ControlFlowNode for unsafe | subpaths #select -| test.py:8:21:8:26 | ControlFlowNode for target | test.py:1:26:1:32 | ControlFlowNode for ImportMember | test.py:8:21:8:26 | ControlFlowNode for target | Untrusted URL redirection depends on $@. | test.py:1:26:1:32 | ControlFlowNode for ImportMember | a user-provided value | -| test.py:32:21:32:24 | ControlFlowNode for safe | test.py:1:26:1:32 | ControlFlowNode for ImportMember | test.py:32:21:32:24 | ControlFlowNode for safe | Untrusted URL redirection depends on $@. | test.py:1:26:1:32 | ControlFlowNode for ImportMember | a user-provided value | -| test.py:39:21:39:24 | ControlFlowNode for safe | test.py:1:26:1:32 | ControlFlowNode for ImportMember | test.py:39:21:39:24 | ControlFlowNode for safe | Untrusted URL redirection depends on $@. | test.py:1:26:1:32 | ControlFlowNode for ImportMember | a user-provided value | -| test.py:46:21:46:24 | ControlFlowNode for safe | test.py:1:26:1:32 | ControlFlowNode for ImportMember | test.py:46:21:46:24 | ControlFlowNode for safe | Untrusted URL redirection depends on $@. | test.py:1:26:1:32 | ControlFlowNode for ImportMember | a user-provided value | -| test.py:62:21:62:26 | ControlFlowNode for unsafe | test.py:1:26:1:32 | ControlFlowNode for ImportMember | test.py:62:21:62:26 | ControlFlowNode for unsafe | Untrusted URL redirection depends on $@. | test.py:1:26:1:32 | ControlFlowNode for ImportMember | a user-provided value | -| test.py:69:21:69:26 | ControlFlowNode for unsafe | test.py:1:26:1:32 | ControlFlowNode for ImportMember | test.py:69:21:69:26 | ControlFlowNode for unsafe | Untrusted URL redirection depends on $@. | test.py:1:26:1:32 | ControlFlowNode for ImportMember | a user-provided value | -| test.py:76:21:76:26 | ControlFlowNode for unsafe | test.py:1:26:1:32 | ControlFlowNode for ImportMember | test.py:76:21:76:26 | ControlFlowNode for unsafe | Untrusted URL redirection depends on $@. | test.py:1:26:1:32 | ControlFlowNode for ImportMember | a user-provided value | -| test.py:83:21:83:26 | ControlFlowNode for unsafe | test.py:1:26:1:32 | ControlFlowNode for ImportMember | test.py:83:21:83:26 | ControlFlowNode for unsafe | Untrusted URL redirection depends on $@. | test.py:1:26:1:32 | ControlFlowNode for ImportMember | a user-provided value | +| test.py:8:21:8:26 | ControlFlowNode for target | test.py:1:26:1:32 | ControlFlowNode for ImportMember | test.py:8:21:8:26 | ControlFlowNode for target | Untrusted URL redirection depends on a $@. | test.py:1:26:1:32 | ControlFlowNode for ImportMember | user-provided value | +| test.py:32:21:32:24 | ControlFlowNode for safe | test.py:1:26:1:32 | ControlFlowNode for ImportMember | test.py:32:21:32:24 | ControlFlowNode for safe | Untrusted URL redirection depends on a $@. | test.py:1:26:1:32 | ControlFlowNode for ImportMember | user-provided value | +| test.py:39:21:39:24 | ControlFlowNode for safe | test.py:1:26:1:32 | ControlFlowNode for ImportMember | test.py:39:21:39:24 | ControlFlowNode for safe | Untrusted URL redirection depends on a $@. | test.py:1:26:1:32 | ControlFlowNode for ImportMember | user-provided value | +| test.py:46:21:46:24 | ControlFlowNode for safe | test.py:1:26:1:32 | ControlFlowNode for ImportMember | test.py:46:21:46:24 | ControlFlowNode for safe | Untrusted URL redirection depends on a $@. | test.py:1:26:1:32 | ControlFlowNode for ImportMember | user-provided value | +| test.py:62:21:62:26 | ControlFlowNode for unsafe | test.py:1:26:1:32 | ControlFlowNode for ImportMember | test.py:62:21:62:26 | ControlFlowNode for unsafe | Untrusted URL redirection depends on a $@. | test.py:1:26:1:32 | ControlFlowNode for ImportMember | user-provided value | +| test.py:69:21:69:26 | ControlFlowNode for unsafe | test.py:1:26:1:32 | ControlFlowNode for ImportMember | test.py:69:21:69:26 | ControlFlowNode for unsafe | Untrusted URL redirection depends on a $@. | test.py:1:26:1:32 | ControlFlowNode for ImportMember | user-provided value | +| test.py:76:21:76:26 | ControlFlowNode for unsafe | test.py:1:26:1:32 | ControlFlowNode for ImportMember | test.py:76:21:76:26 | ControlFlowNode for unsafe | Untrusted URL redirection depends on a $@. | test.py:1:26:1:32 | ControlFlowNode for ImportMember | user-provided value | +| test.py:83:21:83:26 | ControlFlowNode for unsafe | test.py:1:26:1:32 | ControlFlowNode for ImportMember | test.py:83:21:83:26 | ControlFlowNode for unsafe | Untrusted URL redirection depends on a $@. | test.py:1:26:1:32 | ControlFlowNode for ImportMember | user-provided value | diff --git a/python/ql/test/query-tests/Security/CWE-611-Xxe/Xxe.expected b/python/ql/test/query-tests/Security/CWE-611-Xxe/Xxe.expected index 3421155d992..3084f83c396 100644 --- a/python/ql/test/query-tests/Security/CWE-611-Xxe/Xxe.expected +++ b/python/ql/test/query-tests/Security/CWE-611-Xxe/Xxe.expected @@ -23,5 +23,5 @@ nodes | test.py:30:34:30:44 | ControlFlowNode for xml_content | semmle.label | ControlFlowNode for xml_content | subpaths #select -| test.py:9:34:9:44 | ControlFlowNode for xml_content | test.py:1:26:1:32 | ControlFlowNode for ImportMember | test.py:9:34:9:44 | ControlFlowNode for xml_content | XML parsing depends on $@ without guarding against external entity expansion. | test.py:1:26:1:32 | ControlFlowNode for ImportMember | a user-provided value | -| test.py:30:34:30:44 | ControlFlowNode for xml_content | test.py:1:26:1:32 | ControlFlowNode for ImportMember | test.py:30:34:30:44 | ControlFlowNode for xml_content | XML parsing depends on $@ without guarding against external entity expansion. | test.py:1:26:1:32 | ControlFlowNode for ImportMember | a user-provided value | +| test.py:9:34:9:44 | ControlFlowNode for xml_content | test.py:1:26:1:32 | ControlFlowNode for ImportMember | test.py:9:34:9:44 | ControlFlowNode for xml_content | XML parsing depends on a $@ without guarding against external entity expansion. | test.py:1:26:1:32 | ControlFlowNode for ImportMember | user-provided value | +| test.py:30:34:30:44 | ControlFlowNode for xml_content | test.py:1:26:1:32 | ControlFlowNode for ImportMember | test.py:30:34:30:44 | ControlFlowNode for xml_content | XML parsing depends on a $@ without guarding against external entity expansion. | test.py:1:26:1:32 | ControlFlowNode for ImportMember | user-provided value | diff --git a/python/ql/test/query-tests/Security/CWE-643-XPathInjection/XpathInjection.expected b/python/ql/test/query-tests/Security/CWE-643-XPathInjection/XpathInjection.expected index a33e851828d..6ecac65dad0 100644 --- a/python/ql/test/query-tests/Security/CWE-643-XPathInjection/XpathInjection.expected +++ b/python/ql/test/query-tests/Security/CWE-643-XPathInjection/XpathInjection.expected @@ -44,9 +44,9 @@ nodes | xpathFlow.py:49:29:49:38 | ControlFlowNode for xpathQuery | semmle.label | ControlFlowNode for xpathQuery | subpaths #select -| xpathBad.py:13:20:13:43 | ControlFlowNode for BinaryExpr | xpathBad.py:9:7:9:13 | ControlFlowNode for request | xpathBad.py:13:20:13:43 | ControlFlowNode for BinaryExpr | XPath expression depends on $@. | xpathBad.py:9:7:9:13 | ControlFlowNode for request | a user-provided value | -| xpathFlow.py:14:20:14:29 | ControlFlowNode for xpathQuery | xpathFlow.py:2:26:2:32 | ControlFlowNode for ImportMember | xpathFlow.py:14:20:14:29 | ControlFlowNode for xpathQuery | XPath expression depends on $@. | xpathFlow.py:2:26:2:32 | ControlFlowNode for ImportMember | a user-provided value | -| xpathFlow.py:23:29:23:38 | ControlFlowNode for xpathQuery | xpathFlow.py:2:26:2:32 | ControlFlowNode for ImportMember | xpathFlow.py:23:29:23:38 | ControlFlowNode for xpathQuery | XPath expression depends on $@. | xpathFlow.py:2:26:2:32 | ControlFlowNode for ImportMember | a user-provided value | -| xpathFlow.py:32:29:32:38 | ControlFlowNode for xpathQuery | xpathFlow.py:2:26:2:32 | ControlFlowNode for ImportMember | xpathFlow.py:32:29:32:38 | ControlFlowNode for xpathQuery | XPath expression depends on $@. | xpathFlow.py:2:26:2:32 | ControlFlowNode for ImportMember | a user-provided value | -| xpathFlow.py:41:31:41:40 | ControlFlowNode for xpathQuery | xpathFlow.py:2:26:2:32 | ControlFlowNode for ImportMember | xpathFlow.py:41:31:41:40 | ControlFlowNode for xpathQuery | XPath expression depends on $@. | xpathFlow.py:2:26:2:32 | ControlFlowNode for ImportMember | a user-provided value | -| xpathFlow.py:49:29:49:38 | ControlFlowNode for xpathQuery | xpathFlow.py:2:26:2:32 | ControlFlowNode for ImportMember | xpathFlow.py:49:29:49:38 | ControlFlowNode for xpathQuery | XPath expression depends on $@. | xpathFlow.py:2:26:2:32 | ControlFlowNode for ImportMember | a user-provided value | +| xpathBad.py:13:20:13:43 | ControlFlowNode for BinaryExpr | xpathBad.py:9:7:9:13 | ControlFlowNode for request | xpathBad.py:13:20:13:43 | ControlFlowNode for BinaryExpr | XPath expression depends on a $@. | xpathBad.py:9:7:9:13 | ControlFlowNode for request | user-provided value | +| xpathFlow.py:14:20:14:29 | ControlFlowNode for xpathQuery | xpathFlow.py:2:26:2:32 | ControlFlowNode for ImportMember | xpathFlow.py:14:20:14:29 | ControlFlowNode for xpathQuery | XPath expression depends on a $@. | xpathFlow.py:2:26:2:32 | ControlFlowNode for ImportMember | user-provided value | +| xpathFlow.py:23:29:23:38 | ControlFlowNode for xpathQuery | xpathFlow.py:2:26:2:32 | ControlFlowNode for ImportMember | xpathFlow.py:23:29:23:38 | ControlFlowNode for xpathQuery | XPath expression depends on a $@. | xpathFlow.py:2:26:2:32 | ControlFlowNode for ImportMember | user-provided value | +| xpathFlow.py:32:29:32:38 | ControlFlowNode for xpathQuery | xpathFlow.py:2:26:2:32 | ControlFlowNode for ImportMember | xpathFlow.py:32:29:32:38 | ControlFlowNode for xpathQuery | XPath expression depends on a $@. | xpathFlow.py:2:26:2:32 | ControlFlowNode for ImportMember | user-provided value | +| xpathFlow.py:41:31:41:40 | ControlFlowNode for xpathQuery | xpathFlow.py:2:26:2:32 | ControlFlowNode for ImportMember | xpathFlow.py:41:31:41:40 | ControlFlowNode for xpathQuery | XPath expression depends on a $@. | xpathFlow.py:2:26:2:32 | ControlFlowNode for ImportMember | user-provided value | +| xpathFlow.py:49:29:49:38 | ControlFlowNode for xpathQuery | xpathFlow.py:2:26:2:32 | ControlFlowNode for ImportMember | xpathFlow.py:49:29:49:38 | ControlFlowNode for xpathQuery | XPath expression depends on a $@. | xpathFlow.py:2:26:2:32 | ControlFlowNode for ImportMember | user-provided value | diff --git a/python/ql/test/query-tests/Security/CWE-730-PolynomialReDoS/PolynomialReDoS.expected b/python/ql/test/query-tests/Security/CWE-730-PolynomialReDoS/PolynomialReDoS.expected index 4646f9c03e9..424b07a0b9d 100644 --- a/python/ql/test/query-tests/Security/CWE-730-PolynomialReDoS/PolynomialReDoS.expected +++ b/python/ql/test/query-tests/Security/CWE-730-PolynomialReDoS/PolynomialReDoS.expected @@ -15,5 +15,5 @@ nodes | test.py:9:32:9:35 | ControlFlowNode for text | semmle.label | ControlFlowNode for text | subpaths #select -| test.py:8:30:8:33 | ControlFlowNode for text | test.py:2:26:2:32 | ControlFlowNode for ImportMember | test.py:8:30:8:33 | ControlFlowNode for text | This $@ that depends on $@ may run slow on strings with many repetitions of ' '. | test.py:8:21:8:23 | \\s+ | regular expression | test.py:2:26:2:32 | ControlFlowNode for ImportMember | a user-provided value | -| test.py:9:32:9:35 | ControlFlowNode for text | test.py:2:26:2:32 | ControlFlowNode for ImportMember | test.py:9:32:9:35 | ControlFlowNode for text | This $@ that depends on $@ may run slow on strings with many repetitions of '99'. | test.py:9:27:9:29 | \\d+ | regular expression | test.py:2:26:2:32 | ControlFlowNode for ImportMember | a user-provided value | +| test.py:8:30:8:33 | ControlFlowNode for text | test.py:2:26:2:32 | ControlFlowNode for ImportMember | test.py:8:30:8:33 | ControlFlowNode for text | This $@ that depends on a $@ may run slow on strings with many repetitions of ' '. | test.py:8:21:8:23 | \\s+ | regular expression | test.py:2:26:2:32 | ControlFlowNode for ImportMember | user-provided value | +| test.py:9:32:9:35 | ControlFlowNode for text | test.py:2:26:2:32 | ControlFlowNode for ImportMember | test.py:9:32:9:35 | ControlFlowNode for text | This $@ that depends on a $@ may run slow on strings with many repetitions of '99'. | test.py:9:27:9:29 | \\d+ | regular expression | test.py:2:26:2:32 | ControlFlowNode for ImportMember | user-provided value | diff --git a/python/ql/test/query-tests/Security/CWE-730-RegexInjection/RegexInjection.expected b/python/ql/test/query-tests/Security/CWE-730-RegexInjection/RegexInjection.expected index bbc01aab4be..9e87a8cbbea 100644 --- a/python/ql/test/query-tests/Security/CWE-730-RegexInjection/RegexInjection.expected +++ b/python/ql/test/query-tests/Security/CWE-730-RegexInjection/RegexInjection.expected @@ -31,6 +31,6 @@ nodes | re_bad.py:37:16:37:29 | ControlFlowNode for unsafe_pattern | semmle.label | ControlFlowNode for unsafe_pattern | subpaths #select -| re_bad.py:14:15:14:28 | ControlFlowNode for unsafe_pattern | re_bad.py:1:19:1:25 | ControlFlowNode for ImportMember | re_bad.py:14:15:14:28 | ControlFlowNode for unsafe_pattern | $@ depends on $@ and executed by $@. | re_bad.py:14:15:14:28 | ControlFlowNode for unsafe_pattern | This regular expression | re_bad.py:1:19:1:25 | ControlFlowNode for ImportMember | a user-provided value | re_bad.py:14:5:14:33 | ControlFlowNode for Attribute() | re.search | -| re_bad.py:25:35:25:48 | ControlFlowNode for unsafe_pattern | re_bad.py:1:19:1:25 | ControlFlowNode for ImportMember | re_bad.py:25:35:25:48 | ControlFlowNode for unsafe_pattern | $@ depends on $@ and executed by $@. | re_bad.py:25:35:25:48 | ControlFlowNode for unsafe_pattern | This regular expression | re_bad.py:1:19:1:25 | ControlFlowNode for ImportMember | a user-provided value | re_bad.py:26:5:26:31 | ControlFlowNode for Attribute() | re.search | -| re_bad.py:37:16:37:29 | ControlFlowNode for unsafe_pattern | re_bad.py:1:19:1:25 | ControlFlowNode for ImportMember | re_bad.py:37:16:37:29 | ControlFlowNode for unsafe_pattern | $@ depends on $@ and executed by $@. | re_bad.py:37:16:37:29 | ControlFlowNode for unsafe_pattern | This regular expression | re_bad.py:1:19:1:25 | ControlFlowNode for ImportMember | a user-provided value | re_bad.py:37:5:37:41 | ControlFlowNode for Attribute() | re.search | +| re_bad.py:14:15:14:28 | ControlFlowNode for unsafe_pattern | re_bad.py:1:19:1:25 | ControlFlowNode for ImportMember | re_bad.py:14:15:14:28 | ControlFlowNode for unsafe_pattern | This regular expression depends on a $@ and is executed by $@. | re_bad.py:1:19:1:25 | ControlFlowNode for ImportMember | user-provided value | re_bad.py:14:5:14:33 | ControlFlowNode for Attribute() | re.search | +| re_bad.py:25:35:25:48 | ControlFlowNode for unsafe_pattern | re_bad.py:1:19:1:25 | ControlFlowNode for ImportMember | re_bad.py:25:35:25:48 | ControlFlowNode for unsafe_pattern | This regular expression depends on a $@ and is executed by $@. | re_bad.py:1:19:1:25 | ControlFlowNode for ImportMember | user-provided value | re_bad.py:26:5:26:31 | ControlFlowNode for Attribute() | re.search | +| re_bad.py:37:16:37:29 | ControlFlowNode for unsafe_pattern | re_bad.py:1:19:1:25 | ControlFlowNode for ImportMember | re_bad.py:37:16:37:29 | ControlFlowNode for unsafe_pattern | This regular expression depends on a $@ and is executed by $@. | re_bad.py:1:19:1:25 | ControlFlowNode for ImportMember | user-provided value | re_bad.py:37:5:37:41 | ControlFlowNode for Attribute() | re.search | diff --git a/python/ql/test/query-tests/Security/CWE-776-XmlBomb/XmlBomb.expected b/python/ql/test/query-tests/Security/CWE-776-XmlBomb/XmlBomb.expected index 99f81737974..44913020a05 100644 --- a/python/ql/test/query-tests/Security/CWE-776-XmlBomb/XmlBomb.expected +++ b/python/ql/test/query-tests/Security/CWE-776-XmlBomb/XmlBomb.expected @@ -15,4 +15,4 @@ nodes | test.py:30:34:30:44 | ControlFlowNode for xml_content | semmle.label | ControlFlowNode for xml_content | subpaths #select -| test.py:30:34:30:44 | ControlFlowNode for xml_content | test.py:1:26:1:32 | ControlFlowNode for ImportMember | test.py:30:34:30:44 | ControlFlowNode for xml_content | XML parsing depends on $@ without guarding against uncontrolled entity expansion. | test.py:1:26:1:32 | ControlFlowNode for ImportMember | a user-provided value | +| test.py:30:34:30:44 | ControlFlowNode for xml_content | test.py:1:26:1:32 | ControlFlowNode for ImportMember | test.py:30:34:30:44 | ControlFlowNode for xml_content | XML parsing depends on a $@ without guarding against uncontrolled entity expansion. | test.py:1:26:1:32 | ControlFlowNode for ImportMember | user-provided value | diff --git a/python/ql/test/query-tests/Security/CWE-798-HardcodedCredentials/HardcodedCredentials.expected b/python/ql/test/query-tests/Security/CWE-798-HardcodedCredentials/HardcodedCredentials.expected index d912d5a7b84..efea6e2f054 100644 --- a/python/ql/test/query-tests/Security/CWE-798-HardcodedCredentials/HardcodedCredentials.expected +++ b/python/ql/test/query-tests/Security/CWE-798-HardcodedCredentials/HardcodedCredentials.expected @@ -4,5 +4,5 @@ edges | test.py:6:12:6:25 | hard coded value | test.py:15:18:15:25 | hard coded value | | test.py:6:12:6:25 | hard coded value | test.py:15:18:15:25 | hard coded value | #select -| test.py:14:18:14:25 | USERNAME | test.py:5:12:5:24 | hard coded value | test.py:14:18:14:25 | hard coded value | Use of $@. | test.py:5:12:5:24 | Str | hardcoded credentials | -| test.py:15:18:15:25 | PASSWORD | test.py:6:12:6:25 | hard coded value | test.py:15:18:15:25 | hard coded value | Use of $@. | test.py:6:12:6:25 | Str | hardcoded credentials | +| test.py:5:12:5:24 | Str | test.py:5:12:5:24 | hard coded value | test.py:14:18:14:25 | hard coded value | This hardcoded value is $@. | test.py:14:18:14:25 | USERNAME | used as credentials | +| test.py:6:12:6:25 | Str | test.py:6:12:6:25 | hard coded value | test.py:15:18:15:25 | hard coded value | This hardcoded value is $@. | test.py:15:18:15:25 | PASSWORD | used as credentials | diff --git a/python/ql/test/query-tests/Security/CWE-918-ServerSideRequestForgery/FullServerSideRequestForgery.expected b/python/ql/test/query-tests/Security/CWE-918-ServerSideRequestForgery/FullServerSideRequestForgery.expected index 9de3a7c1182..d8ea245581a 100644 --- a/python/ql/test/query-tests/Security/CWE-918-ServerSideRequestForgery/FullServerSideRequestForgery.expected +++ b/python/ql/test/query-tests/Security/CWE-918-ServerSideRequestForgery/FullServerSideRequestForgery.expected @@ -298,22 +298,22 @@ nodes | test_requests.py:8:18:8:27 | ControlFlowNode for user_input | semmle.label | ControlFlowNode for user_input | subpaths #select -| full_partial_test.py:10:5:10:28 | ControlFlowNode for Attribute() | full_partial_test.py:1:19:1:25 | ControlFlowNode for ImportMember | full_partial_test.py:10:18:10:27 | ControlFlowNode for user_input | The full URL of this request depends on $@. | full_partial_test.py:1:19:1:25 | ControlFlowNode for ImportMember | a user-provided value | -| full_partial_test.py:13:5:13:21 | ControlFlowNode for Attribute() | full_partial_test.py:1:19:1:25 | ControlFlowNode for ImportMember | full_partial_test.py:13:18:13:20 | ControlFlowNode for url | The full URL of this request depends on $@. | full_partial_test.py:1:19:1:25 | ControlFlowNode for ImportMember | a user-provided value | -| full_partial_test.py:19:5:19:21 | ControlFlowNode for Attribute() | full_partial_test.py:1:19:1:25 | ControlFlowNode for ImportMember | full_partial_test.py:19:18:19:20 | ControlFlowNode for url | The full URL of this request depends on $@. | full_partial_test.py:1:19:1:25 | ControlFlowNode for ImportMember | a user-provided value | -| full_partial_test.py:23:5:23:21 | ControlFlowNode for Attribute() | full_partial_test.py:1:19:1:25 | ControlFlowNode for ImportMember | full_partial_test.py:23:18:23:20 | ControlFlowNode for url | The full URL of this request depends on $@. | full_partial_test.py:1:19:1:25 | ControlFlowNode for ImportMember | a user-provided value | -| full_partial_test.py:42:5:42:21 | ControlFlowNode for Attribute() | full_partial_test.py:1:19:1:25 | ControlFlowNode for ImportMember | full_partial_test.py:42:18:42:20 | ControlFlowNode for url | The full URL of this request depends on $@. | full_partial_test.py:1:19:1:25 | ControlFlowNode for ImportMember | a user-provided value | -| full_partial_test.py:45:5:45:21 | ControlFlowNode for Attribute() | full_partial_test.py:1:19:1:25 | ControlFlowNode for ImportMember | full_partial_test.py:45:18:45:20 | ControlFlowNode for url | The full URL of this request depends on $@. | full_partial_test.py:1:19:1:25 | ControlFlowNode for ImportMember | a user-provided value | -| full_partial_test.py:48:5:48:21 | ControlFlowNode for Attribute() | full_partial_test.py:1:19:1:25 | ControlFlowNode for ImportMember | full_partial_test.py:48:18:48:20 | ControlFlowNode for url | The full URL of this request depends on $@. | full_partial_test.py:1:19:1:25 | ControlFlowNode for ImportMember | a user-provided value | -| full_partial_test.py:51:5:51:21 | ControlFlowNode for Attribute() | full_partial_test.py:1:19:1:25 | ControlFlowNode for ImportMember | full_partial_test.py:51:18:51:20 | ControlFlowNode for url | The full URL of this request depends on $@. | full_partial_test.py:1:19:1:25 | ControlFlowNode for ImportMember | a user-provided value | -| full_partial_test.py:54:5:54:21 | ControlFlowNode for Attribute() | full_partial_test.py:1:19:1:25 | ControlFlowNode for ImportMember | full_partial_test.py:54:18:54:20 | ControlFlowNode for url | The full URL of this request depends on $@. | full_partial_test.py:1:19:1:25 | ControlFlowNode for ImportMember | a user-provided value | -| full_partial_test.py:62:5:62:21 | ControlFlowNode for Attribute() | full_partial_test.py:1:19:1:25 | ControlFlowNode for ImportMember | full_partial_test.py:62:18:62:20 | ControlFlowNode for url | The full URL of this request depends on $@. | full_partial_test.py:1:19:1:25 | ControlFlowNode for ImportMember | a user-provided value | -| full_partial_test.py:65:5:65:21 | ControlFlowNode for Attribute() | full_partial_test.py:1:19:1:25 | ControlFlowNode for ImportMember | full_partial_test.py:65:18:65:20 | ControlFlowNode for url | The full URL of this request depends on $@. | full_partial_test.py:1:19:1:25 | ControlFlowNode for ImportMember | a user-provided value | -| full_partial_test.py:76:5:76:21 | ControlFlowNode for Attribute() | full_partial_test.py:1:19:1:25 | ControlFlowNode for ImportMember | full_partial_test.py:76:18:76:20 | ControlFlowNode for url | The full URL of this request depends on $@. | full_partial_test.py:1:19:1:25 | ControlFlowNode for ImportMember | a user-provided value | -| full_partial_test.py:79:5:79:21 | ControlFlowNode for Attribute() | full_partial_test.py:1:19:1:25 | ControlFlowNode for ImportMember | full_partial_test.py:79:18:79:20 | ControlFlowNode for url | The full URL of this request depends on $@. | full_partial_test.py:1:19:1:25 | ControlFlowNode for ImportMember | a user-provided value | -| full_partial_test.py:82:5:82:21 | ControlFlowNode for Attribute() | full_partial_test.py:1:19:1:25 | ControlFlowNode for ImportMember | full_partial_test.py:82:18:82:20 | ControlFlowNode for url | The full URL of this request depends on $@. | full_partial_test.py:1:19:1:25 | ControlFlowNode for ImportMember | a user-provided value | -| test_http_client.py:14:5:14:36 | ControlFlowNode for Attribute() | test_http_client.py:1:26:1:32 | ControlFlowNode for ImportMember | test_http_client.py:13:27:13:37 | ControlFlowNode for unsafe_host | The full URL of this request depends on $@. | test_http_client.py:1:26:1:32 | ControlFlowNode for ImportMember | a user-provided value | -| test_http_client.py:14:5:14:36 | ControlFlowNode for Attribute() | test_http_client.py:1:26:1:32 | ControlFlowNode for ImportMember | test_http_client.py:14:25:14:35 | ControlFlowNode for unsafe_path | The full URL of this request depends on $@. | test_http_client.py:1:26:1:32 | ControlFlowNode for ImportMember | a user-provided value | -| test_http_client.py:19:5:19:36 | ControlFlowNode for Attribute() | test_http_client.py:1:26:1:32 | ControlFlowNode for ImportMember | test_http_client.py:18:27:18:37 | ControlFlowNode for unsafe_host | The full URL of this request depends on $@. | test_http_client.py:1:26:1:32 | ControlFlowNode for ImportMember | a user-provided value | -| test_http_client.py:19:5:19:36 | ControlFlowNode for Attribute() | test_http_client.py:1:26:1:32 | ControlFlowNode for ImportMember | test_http_client.py:19:25:19:35 | ControlFlowNode for unsafe_path | The full URL of this request depends on $@. | test_http_client.py:1:26:1:32 | ControlFlowNode for ImportMember | a user-provided value | -| test_requests.py:8:5:8:28 | ControlFlowNode for Attribute() | test_requests.py:1:19:1:25 | ControlFlowNode for ImportMember | test_requests.py:8:18:8:27 | ControlFlowNode for user_input | The full URL of this request depends on $@. | test_requests.py:1:19:1:25 | ControlFlowNode for ImportMember | a user-provided value | +| full_partial_test.py:10:5:10:28 | ControlFlowNode for Attribute() | full_partial_test.py:1:19:1:25 | ControlFlowNode for ImportMember | full_partial_test.py:10:18:10:27 | ControlFlowNode for user_input | The full URL of this request depends on a $@. | full_partial_test.py:1:19:1:25 | ControlFlowNode for ImportMember | user-provided value | +| full_partial_test.py:13:5:13:21 | ControlFlowNode for Attribute() | full_partial_test.py:1:19:1:25 | ControlFlowNode for ImportMember | full_partial_test.py:13:18:13:20 | ControlFlowNode for url | The full URL of this request depends on a $@. | full_partial_test.py:1:19:1:25 | ControlFlowNode for ImportMember | user-provided value | +| full_partial_test.py:19:5:19:21 | ControlFlowNode for Attribute() | full_partial_test.py:1:19:1:25 | ControlFlowNode for ImportMember | full_partial_test.py:19:18:19:20 | ControlFlowNode for url | The full URL of this request depends on a $@. | full_partial_test.py:1:19:1:25 | ControlFlowNode for ImportMember | user-provided value | +| full_partial_test.py:23:5:23:21 | ControlFlowNode for Attribute() | full_partial_test.py:1:19:1:25 | ControlFlowNode for ImportMember | full_partial_test.py:23:18:23:20 | ControlFlowNode for url | The full URL of this request depends on a $@. | full_partial_test.py:1:19:1:25 | ControlFlowNode for ImportMember | user-provided value | +| full_partial_test.py:42:5:42:21 | ControlFlowNode for Attribute() | full_partial_test.py:1:19:1:25 | ControlFlowNode for ImportMember | full_partial_test.py:42:18:42:20 | ControlFlowNode for url | The full URL of this request depends on a $@. | full_partial_test.py:1:19:1:25 | ControlFlowNode for ImportMember | user-provided value | +| full_partial_test.py:45:5:45:21 | ControlFlowNode for Attribute() | full_partial_test.py:1:19:1:25 | ControlFlowNode for ImportMember | full_partial_test.py:45:18:45:20 | ControlFlowNode for url | The full URL of this request depends on a $@. | full_partial_test.py:1:19:1:25 | ControlFlowNode for ImportMember | user-provided value | +| full_partial_test.py:48:5:48:21 | ControlFlowNode for Attribute() | full_partial_test.py:1:19:1:25 | ControlFlowNode for ImportMember | full_partial_test.py:48:18:48:20 | ControlFlowNode for url | The full URL of this request depends on a $@. | full_partial_test.py:1:19:1:25 | ControlFlowNode for ImportMember | user-provided value | +| full_partial_test.py:51:5:51:21 | ControlFlowNode for Attribute() | full_partial_test.py:1:19:1:25 | ControlFlowNode for ImportMember | full_partial_test.py:51:18:51:20 | ControlFlowNode for url | The full URL of this request depends on a $@. | full_partial_test.py:1:19:1:25 | ControlFlowNode for ImportMember | user-provided value | +| full_partial_test.py:54:5:54:21 | ControlFlowNode for Attribute() | full_partial_test.py:1:19:1:25 | ControlFlowNode for ImportMember | full_partial_test.py:54:18:54:20 | ControlFlowNode for url | The full URL of this request depends on a $@. | full_partial_test.py:1:19:1:25 | ControlFlowNode for ImportMember | user-provided value | +| full_partial_test.py:62:5:62:21 | ControlFlowNode for Attribute() | full_partial_test.py:1:19:1:25 | ControlFlowNode for ImportMember | full_partial_test.py:62:18:62:20 | ControlFlowNode for url | The full URL of this request depends on a $@. | full_partial_test.py:1:19:1:25 | ControlFlowNode for ImportMember | user-provided value | +| full_partial_test.py:65:5:65:21 | ControlFlowNode for Attribute() | full_partial_test.py:1:19:1:25 | ControlFlowNode for ImportMember | full_partial_test.py:65:18:65:20 | ControlFlowNode for url | The full URL of this request depends on a $@. | full_partial_test.py:1:19:1:25 | ControlFlowNode for ImportMember | user-provided value | +| full_partial_test.py:76:5:76:21 | ControlFlowNode for Attribute() | full_partial_test.py:1:19:1:25 | ControlFlowNode for ImportMember | full_partial_test.py:76:18:76:20 | ControlFlowNode for url | The full URL of this request depends on a $@. | full_partial_test.py:1:19:1:25 | ControlFlowNode for ImportMember | user-provided value | +| full_partial_test.py:79:5:79:21 | ControlFlowNode for Attribute() | full_partial_test.py:1:19:1:25 | ControlFlowNode for ImportMember | full_partial_test.py:79:18:79:20 | ControlFlowNode for url | The full URL of this request depends on a $@. | full_partial_test.py:1:19:1:25 | ControlFlowNode for ImportMember | user-provided value | +| full_partial_test.py:82:5:82:21 | ControlFlowNode for Attribute() | full_partial_test.py:1:19:1:25 | ControlFlowNode for ImportMember | full_partial_test.py:82:18:82:20 | ControlFlowNode for url | The full URL of this request depends on a $@. | full_partial_test.py:1:19:1:25 | ControlFlowNode for ImportMember | user-provided value | +| test_http_client.py:14:5:14:36 | ControlFlowNode for Attribute() | test_http_client.py:1:26:1:32 | ControlFlowNode for ImportMember | test_http_client.py:13:27:13:37 | ControlFlowNode for unsafe_host | The full URL of this request depends on a $@. | test_http_client.py:1:26:1:32 | ControlFlowNode for ImportMember | user-provided value | +| test_http_client.py:14:5:14:36 | ControlFlowNode for Attribute() | test_http_client.py:1:26:1:32 | ControlFlowNode for ImportMember | test_http_client.py:14:25:14:35 | ControlFlowNode for unsafe_path | The full URL of this request depends on a $@. | test_http_client.py:1:26:1:32 | ControlFlowNode for ImportMember | user-provided value | +| test_http_client.py:19:5:19:36 | ControlFlowNode for Attribute() | test_http_client.py:1:26:1:32 | ControlFlowNode for ImportMember | test_http_client.py:18:27:18:37 | ControlFlowNode for unsafe_host | The full URL of this request depends on a $@. | test_http_client.py:1:26:1:32 | ControlFlowNode for ImportMember | user-provided value | +| test_http_client.py:19:5:19:36 | ControlFlowNode for Attribute() | test_http_client.py:1:26:1:32 | ControlFlowNode for ImportMember | test_http_client.py:19:25:19:35 | ControlFlowNode for unsafe_path | The full URL of this request depends on a $@. | test_http_client.py:1:26:1:32 | ControlFlowNode for ImportMember | user-provided value | +| test_requests.py:8:5:8:28 | ControlFlowNode for Attribute() | test_requests.py:1:19:1:25 | ControlFlowNode for ImportMember | test_requests.py:8:18:8:27 | ControlFlowNode for user_input | The full URL of this request depends on a $@. | test_requests.py:1:19:1:25 | ControlFlowNode for ImportMember | user-provided value | diff --git a/python/ql/test/query-tests/Security/CWE-918-ServerSideRequestForgery/PartialServerSideRequestForgery.expected b/python/ql/test/query-tests/Security/CWE-918-ServerSideRequestForgery/PartialServerSideRequestForgery.expected index 7294de47bc2..5bc17ef2572 100644 --- a/python/ql/test/query-tests/Security/CWE-918-ServerSideRequestForgery/PartialServerSideRequestForgery.expected +++ b/python/ql/test/query-tests/Security/CWE-918-ServerSideRequestForgery/PartialServerSideRequestForgery.expected @@ -298,15 +298,15 @@ nodes | test_requests.py:8:18:8:27 | ControlFlowNode for user_input | semmle.label | ControlFlowNode for user_input | subpaths #select -| full_partial_test.py:68:5:68:21 | ControlFlowNode for Attribute() | full_partial_test.py:1:19:1:25 | ControlFlowNode for ImportMember | full_partial_test.py:68:18:68:20 | ControlFlowNode for url | Part of the URL of this request depends on $@. | full_partial_test.py:1:19:1:25 | ControlFlowNode for ImportMember | a user-provided value | -| full_partial_test.py:89:5:89:21 | ControlFlowNode for Attribute() | full_partial_test.py:1:19:1:25 | ControlFlowNode for ImportMember | full_partial_test.py:89:18:89:20 | ControlFlowNode for url | Part of the URL of this request depends on $@. | full_partial_test.py:1:19:1:25 | ControlFlowNode for ImportMember | a user-provided value | -| full_partial_test.py:95:5:95:21 | ControlFlowNode for Attribute() | full_partial_test.py:1:19:1:25 | ControlFlowNode for ImportMember | full_partial_test.py:95:18:95:20 | ControlFlowNode for url | Part of the URL of this request depends on $@. | full_partial_test.py:1:19:1:25 | ControlFlowNode for ImportMember | a user-provided value | -| full_partial_test.py:101:5:101:21 | ControlFlowNode for Attribute() | full_partial_test.py:1:19:1:25 | ControlFlowNode for ImportMember | full_partial_test.py:101:18:101:20 | ControlFlowNode for url | Part of the URL of this request depends on $@. | full_partial_test.py:1:19:1:25 | ControlFlowNode for ImportMember | a user-provided value | -| full_partial_test.py:107:5:107:21 | ControlFlowNode for Attribute() | full_partial_test.py:1:19:1:25 | ControlFlowNode for ImportMember | full_partial_test.py:107:18:107:20 | ControlFlowNode for url | Part of the URL of this request depends on $@. | full_partial_test.py:1:19:1:25 | ControlFlowNode for ImportMember | a user-provided value | -| full_partial_test.py:116:5:116:21 | ControlFlowNode for Attribute() | full_partial_test.py:1:19:1:25 | ControlFlowNode for ImportMember | full_partial_test.py:116:18:116:20 | ControlFlowNode for url | Part of the URL of this request depends on $@. | full_partial_test.py:1:19:1:25 | ControlFlowNode for ImportMember | a user-provided value | -| full_partial_test.py:122:5:122:21 | ControlFlowNode for Attribute() | full_partial_test.py:1:19:1:25 | ControlFlowNode for ImportMember | full_partial_test.py:122:18:122:20 | ControlFlowNode for url | Part of the URL of this request depends on $@. | full_partial_test.py:1:19:1:25 | ControlFlowNode for ImportMember | a user-provided value | -| test_http_client.py:22:5:22:31 | ControlFlowNode for Attribute() | test_http_client.py:1:26:1:32 | ControlFlowNode for ImportMember | test_http_client.py:18:27:18:37 | ControlFlowNode for unsafe_host | Part of the URL of this request depends on $@. | test_http_client.py:1:26:1:32 | ControlFlowNode for ImportMember | a user-provided value | -| test_http_client.py:26:5:26:31 | ControlFlowNode for Attribute() | test_http_client.py:1:26:1:32 | ControlFlowNode for ImportMember | test_http_client.py:25:27:25:37 | ControlFlowNode for unsafe_host | Part of the URL of this request depends on $@. | test_http_client.py:1:26:1:32 | ControlFlowNode for ImportMember | a user-provided value | -| test_http_client.py:29:5:29:36 | ControlFlowNode for Attribute() | test_http_client.py:1:26:1:32 | ControlFlowNode for ImportMember | test_http_client.py:29:25:29:35 | ControlFlowNode for unsafe_path | Part of the URL of this request depends on $@. | test_http_client.py:1:26:1:32 | ControlFlowNode for ImportMember | a user-provided value | -| test_http_client.py:33:5:33:29 | ControlFlowNode for Attribute() | test_http_client.py:1:26:1:32 | ControlFlowNode for ImportMember | test_http_client.py:33:25:33:28 | ControlFlowNode for path | Part of the URL of this request depends on $@. | test_http_client.py:1:26:1:32 | ControlFlowNode for ImportMember | a user-provided value | -| test_http_client.py:37:5:37:29 | ControlFlowNode for Attribute() | test_http_client.py:1:26:1:32 | ControlFlowNode for ImportMember | test_http_client.py:37:25:37:28 | ControlFlowNode for path | Part of the URL of this request depends on $@. | test_http_client.py:1:26:1:32 | ControlFlowNode for ImportMember | a user-provided value | +| full_partial_test.py:68:5:68:21 | ControlFlowNode for Attribute() | full_partial_test.py:1:19:1:25 | ControlFlowNode for ImportMember | full_partial_test.py:68:18:68:20 | ControlFlowNode for url | Part of the URL of this request depends on a $@. | full_partial_test.py:1:19:1:25 | ControlFlowNode for ImportMember | user-provided value | +| full_partial_test.py:89:5:89:21 | ControlFlowNode for Attribute() | full_partial_test.py:1:19:1:25 | ControlFlowNode for ImportMember | full_partial_test.py:89:18:89:20 | ControlFlowNode for url | Part of the URL of this request depends on a $@. | full_partial_test.py:1:19:1:25 | ControlFlowNode for ImportMember | user-provided value | +| full_partial_test.py:95:5:95:21 | ControlFlowNode for Attribute() | full_partial_test.py:1:19:1:25 | ControlFlowNode for ImportMember | full_partial_test.py:95:18:95:20 | ControlFlowNode for url | Part of the URL of this request depends on a $@. | full_partial_test.py:1:19:1:25 | ControlFlowNode for ImportMember | user-provided value | +| full_partial_test.py:101:5:101:21 | ControlFlowNode for Attribute() | full_partial_test.py:1:19:1:25 | ControlFlowNode for ImportMember | full_partial_test.py:101:18:101:20 | ControlFlowNode for url | Part of the URL of this request depends on a $@. | full_partial_test.py:1:19:1:25 | ControlFlowNode for ImportMember | user-provided value | +| full_partial_test.py:107:5:107:21 | ControlFlowNode for Attribute() | full_partial_test.py:1:19:1:25 | ControlFlowNode for ImportMember | full_partial_test.py:107:18:107:20 | ControlFlowNode for url | Part of the URL of this request depends on a $@. | full_partial_test.py:1:19:1:25 | ControlFlowNode for ImportMember | user-provided value | +| full_partial_test.py:116:5:116:21 | ControlFlowNode for Attribute() | full_partial_test.py:1:19:1:25 | ControlFlowNode for ImportMember | full_partial_test.py:116:18:116:20 | ControlFlowNode for url | Part of the URL of this request depends on a $@. | full_partial_test.py:1:19:1:25 | ControlFlowNode for ImportMember | user-provided value | +| full_partial_test.py:122:5:122:21 | ControlFlowNode for Attribute() | full_partial_test.py:1:19:1:25 | ControlFlowNode for ImportMember | full_partial_test.py:122:18:122:20 | ControlFlowNode for url | Part of the URL of this request depends on a $@. | full_partial_test.py:1:19:1:25 | ControlFlowNode for ImportMember | user-provided value | +| test_http_client.py:22:5:22:31 | ControlFlowNode for Attribute() | test_http_client.py:1:26:1:32 | ControlFlowNode for ImportMember | test_http_client.py:18:27:18:37 | ControlFlowNode for unsafe_host | Part of the URL of this request depends on a $@. | test_http_client.py:1:26:1:32 | ControlFlowNode for ImportMember | user-provided value | +| test_http_client.py:26:5:26:31 | ControlFlowNode for Attribute() | test_http_client.py:1:26:1:32 | ControlFlowNode for ImportMember | test_http_client.py:25:27:25:37 | ControlFlowNode for unsafe_host | Part of the URL of this request depends on a $@. | test_http_client.py:1:26:1:32 | ControlFlowNode for ImportMember | user-provided value | +| test_http_client.py:29:5:29:36 | ControlFlowNode for Attribute() | test_http_client.py:1:26:1:32 | ControlFlowNode for ImportMember | test_http_client.py:29:25:29:35 | ControlFlowNode for unsafe_path | Part of the URL of this request depends on a $@. | test_http_client.py:1:26:1:32 | ControlFlowNode for ImportMember | user-provided value | +| test_http_client.py:33:5:33:29 | ControlFlowNode for Attribute() | test_http_client.py:1:26:1:32 | ControlFlowNode for ImportMember | test_http_client.py:33:25:33:28 | ControlFlowNode for path | Part of the URL of this request depends on a $@. | test_http_client.py:1:26:1:32 | ControlFlowNode for ImportMember | user-provided value | +| test_http_client.py:37:5:37:29 | ControlFlowNode for Attribute() | test_http_client.py:1:26:1:32 | ControlFlowNode for ImportMember | test_http_client.py:37:25:37:28 | ControlFlowNode for path | Part of the URL of this request depends on a $@. | test_http_client.py:1:26:1:32 | ControlFlowNode for ImportMember | user-provided value | diff --git a/python/ql/test/query-tests/Statements/DocStrings/DocStrings.expected b/python/ql/test/query-tests/Statements/DocStrings/DocStrings.expected index 29cebbf4f9d..2f76425fa78 100644 --- a/python/ql/test/query-tests/Statements/DocStrings/DocStrings.expected +++ b/python/ql/test/query-tests/Statements/DocStrings/DocStrings.expected @@ -1,4 +1,4 @@ -| DocStrings.py:0:0:0:0 | Module DocStrings | Module DocStrings does not have a docstring | -| DocStrings.py:40:1:40:13 | Class Not_OK | Class Not_OK does not have a docstring | -| DocStrings.py:48:5:48:26 | Function meth_not_ok | Function meth_not_ok does not have a docstring | -| DocStrings.py:53:1:53:17 | Function not_ok | Function not_ok does not have a docstring | +| DocStrings.py:0:0:0:0 | Module DocStrings | Module DocStrings does not have a docstring. | +| DocStrings.py:40:1:40:13 | Class Not_OK | Class Not_OK does not have a docstring. | +| DocStrings.py:48:5:48:26 | Function meth_not_ok | Function meth_not_ok does not have a docstring. | +| DocStrings.py:53:1:53:17 | Function not_ok | Function not_ok does not have a docstring. | diff --git a/python/ql/test/query-tests/Statements/asserts/SideEffectInAssert.expected b/python/ql/test/query-tests/Statements/asserts/SideEffectInAssert.expected index f03252810d8..b39426cb2b7 100644 --- a/python/ql/test/query-tests/Statements/asserts/SideEffectInAssert.expected +++ b/python/ql/test/query-tests/Statements/asserts/SideEffectInAssert.expected @@ -1,3 +1,3 @@ -| assert.py:5:5:5:20 | Assert | This 'assert' statement contains $@ which may have side effects. | assert.py:5:13:5:19 | Yield | an expression | -| assert.py:8:5:8:22 | Assert | This 'assert' statement contains $@ which may have side effects. | assert.py:8:12:8:22 | Attribute() | an expression | -| side_effect.py:5:1:5:43 | Assert | This 'assert' statement contains $@ which may have side effects. | side_effect.py:5:8:5:38 | Attribute() | an expression | +| assert.py:5:5:5:20 | Assert | This 'assert' statement contains an $@ which may have side effects. | assert.py:5:13:5:19 | Yield | expression | +| assert.py:8:5:8:22 | Assert | This 'assert' statement contains an $@ which may have side effects. | assert.py:8:12:8:22 | Attribute() | expression | +| side_effect.py:5:1:5:43 | Assert | This 'assert' statement contains an $@ which may have side effects. | side_effect.py:5:8:5:38 | Attribute() | expression | diff --git a/python/ql/test/query-tests/Statements/general/NonIteratorInForLoop.expected b/python/ql/test/query-tests/Statements/general/NonIteratorInForLoop.expected index 38d063a8c0e..4c79685061f 100644 --- a/python/ql/test/query-tests/Statements/general/NonIteratorInForLoop.expected +++ b/python/ql/test/query-tests/Statements/general/NonIteratorInForLoop.expected @@ -1 +1 @@ -| test.py:50:1:50:23 | For | $@ of class '$@' may be used in for-loop. | test.py:50:10:50:22 | ControlFlowNode for NonIterator() | Non-iterable | test.py:45:1:45:26 | class NonIterator | NonIterator | +| test.py:50:1:50:23 | For | This for-loop may attempt to iterate over a $@ of class $@. | test.py:50:10:50:22 | ControlFlowNode for NonIterator() | non-iterable instance | test.py:45:1:45:26 | class NonIterator | NonIterator | diff --git a/python/ql/test/query-tests/Statements/no_effect/UnusedExceptionObject.expected b/python/ql/test/query-tests/Statements/no_effect/UnusedExceptionObject.expected index 217832385ad..4ab8cecb8f8 100644 --- a/python/ql/test/query-tests/Statements/no_effect/UnusedExceptionObject.expected +++ b/python/ql/test/query-tests/Statements/no_effect/UnusedExceptionObject.expected @@ -1 +1 @@ -| test.py:127:9:127:26 | ValueError() | Instantiating an exception, but not raising it, has no effect | +| test.py:127:9:127:26 | ValueError() | Instantiating an exception, but not raising it, has no effect. | diff --git a/python/ql/test/query-tests/Variables/capture/LoopVariableCapture.expected b/python/ql/test/query-tests/Variables/capture/LoopVariableCapture.expected index cc9ae7029d6..8fd40c120a6 100644 --- a/python/ql/test/query-tests/Variables/capture/LoopVariableCapture.expected +++ b/python/ql/test/query-tests/Variables/capture/LoopVariableCapture.expected @@ -1,8 +1,8 @@ -| test.py:5:9:5:20 | FunctionExpr | Capture of loop variable '$@' | test.py:4:5:4:23 | For | x | -| test.py:10:6:10:14 | Lambda | Capture of loop variable '$@' | test.py:10:5:10:36 | ListComp | i | -| test.py:42:6:42:14 | Lambda | Capture of loop variable '$@' | test.py:42:5:42:56 | ListComp | i | -| test.py:43:6:43:14 | Lambda | Capture of loop variable '$@' | test.py:43:5:43:56 | ListComp | j | -| test.py:45:6:45:14 | Lambda | Capture of loop variable '$@' | test.py:45:5:45:36 | SetComp | i | -| test.py:49:8:49:16 | Lambda | Capture of loop variable '$@' | test.py:49:5:49:38 | DictComp | i | -| test.py:57:6:57:14 | Lambda | Capture of loop variable '$@' | test.py:57:6:57:35 | GeneratorExp | i | -| test.py:62:10:62:18 | Lambda | Capture of loop variable '$@' | test.py:62:10:62:39 | GeneratorExp | i | +| test.py:5:9:5:20 | FunctionExpr | Capture of loop variable $@. | test.py:4:5:4:23 | For | x | +| test.py:10:6:10:14 | Lambda | Capture of loop variable $@. | test.py:10:5:10:36 | ListComp | i | +| test.py:42:6:42:14 | Lambda | Capture of loop variable $@. | test.py:42:5:42:56 | ListComp | i | +| test.py:43:6:43:14 | Lambda | Capture of loop variable $@. | test.py:43:5:43:56 | ListComp | j | +| test.py:45:6:45:14 | Lambda | Capture of loop variable $@. | test.py:45:5:45:36 | SetComp | i | +| test.py:49:8:49:16 | Lambda | Capture of loop variable $@. | test.py:49:5:49:38 | DictComp | i | +| test.py:57:6:57:14 | Lambda | Capture of loop variable $@. | test.py:57:6:57:35 | GeneratorExp | i | +| test.py:62:10:62:18 | Lambda | Capture of loop variable $@. | test.py:62:10:62:39 | GeneratorExp | i | diff --git a/python/ql/test/query-tests/Variables/general/Global.expected b/python/ql/test/query-tests/Variables/general/Global.expected index 073dea682ed..4308dca8db8 100644 --- a/python/ql/test/query-tests/Variables/general/Global.expected +++ b/python/ql/test/query-tests/Variables/general/Global.expected @@ -1 +1 @@ -| variables_test.py:64:5:64:14 | Global | Updating global variables except at module initialization is discouraged | +| variables_test.py:64:5:64:14 | Global | Updating global variables except at module initialization is discouraged. | diff --git a/python/ql/test/query-tests/Variables/general/ShadowGlobal.expected b/python/ql/test/query-tests/Variables/general/ShadowGlobal.expected index ae59529932f..3080eb75c5d 100644 --- a/python/ql/test/query-tests/Variables/general/ShadowGlobal.expected +++ b/python/ql/test/query-tests/Variables/general/ShadowGlobal.expected @@ -1 +1 @@ -| variables_test.py:14:5:14:7 | sh1 | Local variable 'sh1' shadows a global variable defined $@. | variables_test.py:6:5:6:7 | sh1 | here | +| variables_test.py:14:5:14:7 | sh1 | Local variable 'sh1' shadows a $@. | variables_test.py:6:5:6:7 | sh1 | global variable | diff --git a/python/ql/test/query-tests/Variables/multiple/MultiplyDefined.expected b/python/ql/test/query-tests/Variables/multiple/MultiplyDefined.expected index 68d01f762f6..9c45f0ab896 100644 --- a/python/ql/test/query-tests/Variables/multiple/MultiplyDefined.expected +++ b/python/ql/test/query-tests/Variables/multiple/MultiplyDefined.expected @@ -1,7 +1,7 @@ -| uselesscode_test.py:4:5:4:8 | mult | This assignment to 'mult' is unnecessary as it is redefined $@ before this value is used. | uselesscode_test.py:15:5:15:8 | mult | here | -| uselesscode_test.py:5:5:5:5 | x | This assignment to 'x' is unnecessary as it is redefined $@ before this value is used. | uselesscode_test.py:7:5:7:5 | x | here | -| uselesscode_test.py:28:7:28:10 | Mult | This assignment to 'Mult' is unnecessary as it is redefined $@ before this value is used. | uselesscode_test.py:37:7:37:10 | Mult | here | -| uselesscode_test.py:52:9:52:11 | bad | This assignment to 'bad' is unnecessary as it is redefined $@ before this value is used. | uselesscode_test.py:53:9:53:11 | bad | here | -| uselesscode_test.py:67:9:67:11 | bad | This assignment to 'bad' is unnecessary as it is redefined $@ before this value is used. | uselesscode_test.py:71:9:71:11 | bad | here | -| uselesscode_test.py:117:5:117:5 | x | This assignment to 'x' is unnecessary as it is redefined $@ before this value is used. | uselesscode_test.py:118:5:118:5 | x | here | -| uselesscode_test.py:117:8:117:8 | y | This assignment to 'y' is unnecessary as it is redefined $@ before this value is used. | uselesscode_test.py:118:8:118:8 | y | here | +| uselesscode_test.py:4:5:4:8 | mult | This assignment to 'mult' is unnecessary as it is $@ before this value is used. | uselesscode_test.py:15:5:15:8 | mult | redefined | +| uselesscode_test.py:5:5:5:5 | x | This assignment to 'x' is unnecessary as it is $@ before this value is used. | uselesscode_test.py:7:5:7:5 | x | redefined | +| uselesscode_test.py:28:7:28:10 | Mult | This assignment to 'Mult' is unnecessary as it is $@ before this value is used. | uselesscode_test.py:37:7:37:10 | Mult | redefined | +| uselesscode_test.py:52:9:52:11 | bad | This assignment to 'bad' is unnecessary as it is $@ before this value is used. | uselesscode_test.py:53:9:53:11 | bad | redefined | +| uselesscode_test.py:67:9:67:11 | bad | This assignment to 'bad' is unnecessary as it is $@ before this value is used. | uselesscode_test.py:71:9:71:11 | bad | redefined | +| uselesscode_test.py:117:5:117:5 | x | This assignment to 'x' is unnecessary as it is $@ before this value is used. | uselesscode_test.py:118:5:118:5 | x | redefined | +| uselesscode_test.py:117:8:117:8 | y | This assignment to 'y' is unnecessary as it is $@ before this value is used. | uselesscode_test.py:118:8:118:8 | y | redefined | diff --git a/python/ql/test/query-tests/Variables/unused/UnusedLocalVariable.expected b/python/ql/test/query-tests/Variables/unused/UnusedLocalVariable.expected index e0c2505bdda..06ae6a34602 100644 --- a/python/ql/test/query-tests/Variables/unused/UnusedLocalVariable.expected +++ b/python/ql/test/query-tests/Variables/unused/UnusedLocalVariable.expected @@ -1,5 +1,5 @@ -| variables_test.py:29:5:29:5 | x | Variable x is not used | -| variables_test.py:89:5:89:5 | a | Variable a is not used | -| variables_test.py:89:7:89:7 | b | Variable b is not used | -| variables_test.py:89:9:89:9 | c | Variable c is not used | -| variables_test.py:95:5:95:7 | var | Variable var is not used | +| variables_test.py:29:5:29:5 | x | Variable x is not used. | +| variables_test.py:89:5:89:5 | a | Variable a is not used. | +| variables_test.py:89:7:89:7 | b | Variable b is not used. | +| variables_test.py:89:9:89:9 | c | Variable c is not used. | +| variables_test.py:95:5:95:7 | var | Variable var is not used. | diff --git a/python/ql/test/query-tests/Variables/unused_local_nonlocal/UnusedLocalVariable.expected b/python/ql/test/query-tests/Variables/unused_local_nonlocal/UnusedLocalVariable.expected index 9abbf310179..4293a0ed355 100644 --- a/python/ql/test/query-tests/Variables/unused_local_nonlocal/UnusedLocalVariable.expected +++ b/python/ql/test/query-tests/Variables/unused_local_nonlocal/UnusedLocalVariable.expected @@ -1 +1 @@ -| variables_test.py:32:9:32:12 | test | Variable test is not used | +| variables_test.py:32:9:32:12 | test | Variable test is not used. | diff --git a/python/tools/recorded-call-graph-metrics/src/cg_trace/main.py b/python/tools/recorded-call-graph-metrics/src/cg_trace/main.py index 51ba2cf8a0a..381fcce6932 100644 --- a/python/tools/recorded-call-graph-metrics/src/cg_trace/main.py +++ b/python/tools/recorded-call-graph-metrics/src/cg_trace/main.py @@ -33,7 +33,7 @@ def record_calls(code, globals): def setup_logging(debug): # code we run can also set up logging, so we need to set the level directly on our - # own pacakge + # own package sh = logging.StreamHandler(stream=sys.stderr) pkg_logger = logging.getLogger("cg_trace") diff --git a/python/tools/recorded-call-graph-metrics/src/cg_trace/tracer.py b/python/tools/recorded-call-graph-metrics/src/cg_trace/tracer.py index f5521865568..b68ec72a32c 100644 --- a/python/tools/recorded-call-graph-metrics/src/cg_trace/tracer.py +++ b/python/tools/recorded-call-graph-metrics/src/cg_trace/tracer.py @@ -251,7 +251,7 @@ class CallGraphTracer: def __init__(self): # Performing `Call.from_frame` can be expensive, so we cache (call, callee) - # pairs we have already seen to avoid double procressing. + # pairs we have already seen to avoid double processing. self.python_calls = dict() self.external_calls = dict() diff --git a/ql/extractor/src/extractor.rs b/ql/extractor/src/extractor.rs index db280634ae5..f5557e5a188 100644 --- a/ql/extractor/src/extractor.rs +++ b/ql/extractor/src/extractor.rs @@ -216,7 +216,7 @@ struct Visitor<'a> { schema: &'a NodeTypeMap, /// A stack for gathering information from child nodes. Whenever a node is /// entered the parent's [Label], child counter, and an empty list is pushed. - /// All children append their data to the the list. When the visitor leaves a + /// All children append their data to the list. When the visitor leaves a /// node the list containing the child data is popped from the stack and /// matched against the dbscheme for the node. If the expectations are met /// the corresponding row definitions are added to the trap_output. diff --git a/ql/node-types/src/lib.rs b/ql/node-types/src/lib.rs index 780ddf780d3..0472443a380 100644 --- a/ql/node-types/src/lib.rs +++ b/ql/node-types/src/lib.rs @@ -43,7 +43,7 @@ pub enum FieldTypeInfo { }, /// The field can be one of several tokens, so the db type will be an `int` - /// with a `case @foo.kind` for each possiblity. + /// with a `case @foo.kind` for each possibility. ReservedWordInt(BTreeMap), } diff --git a/ql/ql/src/codeql_ql/ast/Ast.qll b/ql/ql/src/codeql_ql/ast/Ast.qll index 9dc56acade6..2a51f873d52 100644 --- a/ql/ql/src/codeql_ql/ast/Ast.qll +++ b/ql/ql/src/codeql_ql/ast/Ast.qll @@ -853,7 +853,7 @@ class Class extends TClass, TypeDeclaration, ModuleDeclaration { override string getName() { result = cls.getName().getValue() } /** - * Gets the charateristic predicate for this class. + * Gets the characteristic predicate for this class. */ CharPred getCharPred() { toQL(result) = cls.getChild(_).(QL::ClassMember).getChild(_) } @@ -1009,7 +1009,7 @@ class NewTypeBranch extends TNewTypeBranch, Predicate, TypeDeclaration { class Call extends TCall, Expr, Formula { /** Gets the `i`th argument of this call. */ Expr getArgument(int i) { - none() // overridden in sublcasses. + none() // overridden in subclasses. } /** Gets an argument of this call, if any. */ @@ -2507,10 +2507,10 @@ module YAML { deprecated class YAMLNode = YamlNode; /** A YAML comment. */ - class YamlComment extends TYamlCommemt, YamlNode { + class YamlComment extends TYamlComment, YamlNode { Yaml::Comment yamlcomment; - YamlComment() { this = TYamlCommemt(yamlcomment) } + YamlComment() { this = TYamlComment(yamlcomment) } override string getAPrimaryQlClass() { result = "YamlComment" } } diff --git a/ql/ql/src/codeql_ql/ast/internal/AstNodes.qll b/ql/ql/src/codeql_ql/ast/internal/AstNodes.qll index 6c8522b324c..e85b188e8e7 100644 --- a/ql/ql/src/codeql_ql/ast/internal/AstNodes.qll +++ b/ql/ql/src/codeql_ql/ast/internal/AstNodes.qll @@ -60,7 +60,7 @@ newtype TAstNode = TPredicateExpr(QL::PredicateExpr pe) or TAnnotation(QL::Annotation annot) or TAnnotationArg(QL::AnnotArg arg) or - TYamlCommemt(Yaml::Comment yc) or + TYamlComment(Yaml::Comment yc) or TYamlEntry(Yaml::Entry ye) or TYamlKey(Yaml::Key yk) or TYamlListitem(Yaml::Listitem yli) or @@ -86,7 +86,7 @@ class TCall = TPredicateCall or TMemberCall or TNoneCall or TAnyCall; class TTypeRef = TImport or TModuleExpr or TType; -class TYamlNode = TYamlCommemt or TYamlEntry or TYamlKey or TYamlListitem or TYamlValue; +class TYamlNode = TYamlComment or TYamlEntry or TYamlKey or TYamlListitem or TYamlValue; class TSignatureExpr = TPredicateExpr or TType or TModuleExpr; @@ -125,7 +125,7 @@ private QL::AstNode toQLExpr(AST::AstNode n) { } Yaml::AstNode toGenerateYaml(AST::AstNode n) { - n = TYamlCommemt(result) or + n = TYamlComment(result) or n = TYamlEntry(result) or n = TYamlKey(result) or n = TYamlListitem(result) or diff --git a/ql/ql/src/codeql_ql/ast/internal/Builtins.qll b/ql/ql/src/codeql_ql/ast/internal/Builtins.qll index 1fc1b3f992d..27356691dab 100644 --- a/ql/ql/src/codeql_ql/ast/internal/Builtins.qll +++ b/ql/ql/src/codeql_ql/ast/internal/Builtins.qll @@ -61,12 +61,12 @@ predicate isBuiltinMember(string qual, string ret, string name, string args) { } module BuiltinsConsistency { - query predicate noBuildinParse(string sig) { + query predicate noBuiltinParse(string sig) { isBuiltinMember(sig) and not exists(sig.regexpCapture("(\\w+) (\\w+)\\.(\\w+)\\(([\\w, ]*)\\)", _)) } - query predicate noBuildinClasslessParse(string sig) { + query predicate noBuiltinClasslessParse(string sig) { isBuiltinClassless(sig) and not exists(sig.regexpCapture("(\\w+) (\\w+)\\(([\\w, ]*)\\)", _)) } diff --git a/ql/ql/src/codeql_ql/ast/internal/Module.qll b/ql/ql/src/codeql_ql/ast/internal/Module.qll index 834f87e7dc0..0ab31e7dd68 100644 --- a/ql/ql/src/codeql_ql/ast/internal/Module.qll +++ b/ql/ql/src/codeql_ql/ast/internal/Module.qll @@ -271,7 +271,7 @@ private module Cached { pragma[noinline] private predicate resolveModuleRefHelper(TypeRef me, ContainerOrModule enclosing, string name) { - // The scope is all enclosing modules, the immidiatly containing folder, not the parent folders. + // The scope is all enclosing modules, the immediately containing folder, not the parent folders. enclosing = getEnclosingModuleNoFolderStep*(getStartModule(me)) and name = [me.(ModuleExpr).getName(), me.(TypeExpr).getClassName()] and not exists(me.(ModuleExpr).getQualifier()) and @@ -313,7 +313,7 @@ private predicate definesModule( m = TModule(any(Module mod | public = getPublicBool(mod))) ) or - // signature module in a paramertized module + // signature module in a parameterized module exists(Module mod, SignatureExpr sig, TypeRef ty, int i | mod = container.asModule() and mod.hasParameter(i, name, sig) and diff --git a/ql/ql/src/codeql_ql/ast/internal/Predicate.qll b/ql/ql/src/codeql_ql/ast/internal/Predicate.qll index 6eae656332a..46dc86113da 100644 --- a/ql/ql/src/codeql_ql/ast/internal/Predicate.qll +++ b/ql/ql/src/codeql_ql/ast/internal/Predicate.qll @@ -157,7 +157,7 @@ private module Cached { ) } - private predicate resolveBuildinPredicateCall(PredicateCall call, BuiltinClassless pred) { + private predicate resolveBuiltinPredicateCall(PredicateCall call, BuiltinClassless pred) { call.getNumberOfArguments() = pred.getArity() and call.getPredicateName() = pred.getName() } @@ -167,7 +167,7 @@ private module Cached { resolvePredicateCall(c, p) or not resolvePredicateCall(c, _) and - resolveBuildinPredicateCall(c, p) + resolveBuiltinPredicateCall(c, p) or resolveMemberCall(c, p) or diff --git a/ql/ql/src/codeql_ql/dataflow/DataFlow.qll b/ql/ql/src/codeql_ql/dataflow/DataFlow.qll index c9043416bae..89abe4f1776 100644 --- a/ql/ql/src/codeql_ql/dataflow/DataFlow.qll +++ b/ql/ql/src/codeql_ql/dataflow/DataFlow.qll @@ -72,7 +72,7 @@ class AstNodeNode extends Node, MkAstNodeNode { } /** - * Gets the data-flow node correspoinding to the given AST node. + * Gets the data-flow node corresponding to the given AST node. */ pragma[inline] Node astNode(AstNode node) { result = MkAstNodeNode(node) } diff --git a/ql/ql/src/codeql_ql/style/DeadCodeQuery.qll b/ql/ql/src/codeql_ql/style/DeadCodeQuery.qll index 6bb85db2385..bf61f178fff 100644 --- a/ql/ql/src/codeql_ql/style/DeadCodeQuery.qll +++ b/ql/ql/src/codeql_ql/style/DeadCodeQuery.qll @@ -75,7 +75,7 @@ private AstNode alive() { or result instanceof TopLevel // toplevel is always alive. or - // recurisve cases + // recursive cases result = aliveStep(alive()) } @@ -243,13 +243,13 @@ private AstNode queryable() { or result instanceof TopLevel // toplevel is always alive. or - // recurisve cases + // recursive cases result = aliveStep(queryable()) } /** * Gets an AstNode that does not affect any query result. - * Is interresting as an quick-eval target to investigate dead code. + * Is interesting as an quick-eval target to investigate dead code. * (It is intentional that this predicate is a result of this predicate). */ AstNode unQueryable(string msg) { diff --git a/ql/ql/src/qlpack.yml b/ql/ql/src/qlpack.yml index 549257177cb..c9aacdfd132 100644 --- a/ql/ql/src/qlpack.yml +++ b/ql/ql/src/qlpack.yml @@ -6,4 +6,4 @@ suites: codeql-suites defaultSuiteFile: codeql-suites/ql-code-scanning.qls extractor: ql dependencies: - codeql/typos: 0.0.2-dev + codeql/typos: 0.0.3-dev diff --git a/ql/ql/src/queries/bugs/InconsistentDeprecation.ql b/ql/ql/src/queries/bugs/InconsistentDeprecation.ql index 366d2daa4f5..5a6a6760ec4 100644 --- a/ql/ql/src/queries/bugs/InconsistentDeprecation.ql +++ b/ql/ql/src/queries/bugs/InconsistentDeprecation.ql @@ -5,7 +5,7 @@ * @problem.severity warning * @id ql/inconsistent-deprecation * @tags correctness - * maintanability + * maintainability * @precision very-high */ diff --git a/ql/ql/src/queries/bugs/MissingSanitizerGuardCase.ql b/ql/ql/src/queries/bugs/MissingSanitizerGuardCase.ql index 325d2877cb3..fd42bdf0986 100644 --- a/ql/ql/src/queries/bugs/MissingSanitizerGuardCase.ql +++ b/ql/ql/src/queries/bugs/MissingSanitizerGuardCase.ql @@ -25,4 +25,4 @@ from SanGuard guard where not exists(TypeExpr t | t.getResolvedType().(ClassType).getDeclaration() = guard) and not guard.hasAnnotation("deprecated") -select guard, "Guard class is not mentioned anywhere" +select guard, "Guard class is not mentioned anywhere." diff --git a/ql/ql/src/queries/diagnostics/EmptyConsistencies.ql b/ql/ql/src/queries/diagnostics/EmptyConsistencies.ql index 8091904f3e8..5009e9370fb 100644 --- a/ql/ql/src/queries/diagnostics/EmptyConsistencies.ql +++ b/ql/ql/src/queries/diagnostics/EmptyConsistencies.ql @@ -5,7 +5,7 @@ * @kind problem * @problem.severity warning * @precision very-high - * @id ql/diagnostics/empty-consitencies + * @id ql/diagnostics/empty-consistencies */ import ql diff --git a/ql/ql/src/queries/performance/DontUseGetAQlClass.ql b/ql/ql/src/queries/performance/DontUseGetAQlClass.ql index adbcb0baccc..dbf31cad4c3 100644 --- a/ql/ql/src/queries/performance/DontUseGetAQlClass.ql +++ b/ql/ql/src/queries/performance/DontUseGetAQlClass.ql @@ -19,4 +19,4 @@ where not call.getLocation().getFile().getAbsolutePath().matches("%/" + ["meta", "test"] + "/%") and not call.getLocation().getFile().getBaseName().toLowerCase() = ["consistency.ql", "test.ql", "tst.ql", "tests.ql"] -select call, "Don't use .getAQlClass" +select call, "Don't use '.getAQlClass()'." diff --git a/ql/ql/src/queries/performance/NonInitialStdLibImport.ql b/ql/ql/src/queries/performance/NonInitialStdLibImport.ql index 88296d895fc..8ac736ad10d 100644 --- a/ql/ql/src/queries/performance/NonInitialStdLibImport.ql +++ b/ql/ql/src/queries/performance/NonInitialStdLibImport.ql @@ -27,4 +27,4 @@ Import importBefore(Import i) { from Import i where isStdLibImport(i, _) and exists(importBefore(i)) -select i, "This import may cause reevaluation to occur, as there are other imports preceding it" +select i, "This import may cause reevaluation to occur, as there are other imports preceding it." diff --git a/ql/ql/src/queries/performance/TransitiveStep.ql b/ql/ql/src/queries/performance/TransitiveStep.ql index d92dd44b76c..ccc5ca3d5bf 100644 --- a/ql/ql/src/queries/performance/TransitiveStep.ql +++ b/ql/ql/src/queries/performance/TransitiveStep.ql @@ -161,5 +161,5 @@ predicate transitiveDelta(Call rec, TransitivelyClosedCall tc) { from Call rec, TransitivelyClosedCall tc, AstNode reason where transitiveDelta(rec, tc) and reason = tc.getReason() -select tc, "This recursive delta is transively closed $@, which may be a performance problem.", - reason, "here" +select tc, "This recursive delta is $@, which may be a performance problem.", reason, + "transitively closed" diff --git a/ql/ql/src/queries/performance/UnusedField.ql b/ql/ql/src/queries/performance/UnusedField.ql index 37b32f61a2a..728e729030a 100644 --- a/ql/ql/src/queries/performance/UnusedField.ql +++ b/ql/ql/src/queries/performance/UnusedField.ql @@ -31,5 +31,6 @@ where ) ) and (if clz = implClz then extraMsg = "." else extraMsg = " of any class between it and $@.") -select clz, "The field $@ declared in $@ is not used in the characteristic predicate" + extraMsg, - field, field.getName(), clz, clz.getName(), implClz, implClz.getName() +select clz, + "This class declares the $@ but does not bind it in the characteristic predicate" + extraMsg, + field, "field " + field.getName(), implClz, implClz.getName() diff --git a/ql/ql/src/queries/style/AcronymsShouldBeCamelCase.ql b/ql/ql/src/queries/style/AcronymsShouldBeCamelCase.ql index 9490488e137..e7d27efa66c 100644 --- a/ql/ql/src/queries/style/AcronymsShouldBeCamelCase.ql +++ b/ql/ql/src/queries/style/AcronymsShouldBeCamelCase.ql @@ -14,4 +14,4 @@ import codeql_ql.style.AcronymsShouldBeCamelCaseQuery from string name, AstNode node where shouldBePascalCased(name, node, _) -select node, "Acronyms in " + name + " should be PascalCase/camelCase" +select node, "Acronyms in " + name + " should be PascalCase/camelCase." diff --git a/ql/ql/src/queries/style/AlertMessage.ql b/ql/ql/src/queries/style/AlertMessage.ql index 954ada575c3..4e874fc2eb8 100644 --- a/ql/ql/src/queries/style/AlertMessage.ql +++ b/ql/ql/src/queries/style/AlertMessage.ql @@ -126,7 +126,7 @@ String avoidHere(Select sel, string part) { String avoidArticleInLinkText(Select sel) { result = sel.getExpr((any(int i | i > 1))) and result = getSelectPart(sel, _) and - result.getValue().regexpMatch("a|an .*") + result.getValue().regexpMatch("(a|an) .*") } /** @@ -203,6 +203,9 @@ AstNode getAlertLocLink(Select sel) { from AstNode node, string msg, Select sel where not node.getLocation().getFile().getAbsolutePath().matches("%/test/%") and + not node.getLocation().getFile().getAbsolutePath().matches("%/examples/%") and + not node.getLocation().getFile().getAbsolutePath().matches("%/experimental/%") and + not node.getLocation().getFile().getAbsolutePath().matches("%/meta/%") and sel.getQueryDoc().getQueryKind() = ["problem", "path-problem"] and ( node = shouldHaveFullStop(sel) and diff --git a/ql/ql/src/queries/style/ConsistentCasing.ql b/ql/ql/src/queries/style/ConsistentCasing.ql index f46c9826651..41affc5fe06 100644 --- a/ql/ql/src/queries/style/ConsistentCasing.ql +++ b/ql/ql/src/queries/style/ConsistentCasing.ql @@ -34,7 +34,7 @@ predicate problem(string name1, AstNode node1, string name2, string kind) { pack2 = pack1.getADependency*() and name2 = getNameAndPack(_, kind, lower, pack2) and // TODO: Get if it's a dependency pack in the alert-message. name1 != name2 and - kind != "variable" // these are benign, and plentyful... + kind != "variable" // these are benign, and plentiful... ) } diff --git a/ql/ql/src/queries/style/DeadCode.ql b/ql/ql/src/queries/style/DeadCode.ql index e5fbf8c043a..fe83ee0617f 100644 --- a/ql/ql/src/queries/style/DeadCode.ql +++ b/ql/ql/src/queries/style/DeadCode.ql @@ -12,4 +12,4 @@ import codeql_ql.style.DeadCodeQuery from AstNode node where isDead(node) -select node, "Code is dead" +select node, "This code is never used, and it's not publicly exported." diff --git a/ql/ql/src/queries/style/FieldOnlyUsedInCharPred.ql b/ql/ql/src/queries/style/FieldOnlyUsedInCharPred.ql index aaf5fadf79f..e1f4810d391 100644 --- a/ql/ql/src/queries/style/FieldOnlyUsedInCharPred.ql +++ b/ql/ql/src/queries/style/FieldOnlyUsedInCharPred.ql @@ -22,4 +22,4 @@ where call.getEnclosingPredicate() = c.getCharPred() and call.getTarget() instanceof NewTypeBranch ).getAnArgument() and not f.getVarDecl().overrides(_) -select f, "Field is only used in CharPred" +select f, "Field is only used in CharPred." diff --git a/ql/ql/src/queries/style/MissingOverride.ql b/ql/ql/src/queries/style/MissingOverride.ql index a06222e29a8..833b1ba198b 100644 --- a/ql/ql/src/queries/style/MissingOverride.ql +++ b/ql/ql/src/queries/style/MissingOverride.ql @@ -1,6 +1,6 @@ /** * @name Missing override annotation - * @description Predicates that overide another predicate should have an `override` annotation. + * @description Predicates that override another predicate should have an `override` annotation. * @kind problem * @problem.severity warning * @precision very-high diff --git a/ql/ql/src/queries/style/RedundantCast.ql b/ql/ql/src/queries/style/RedundantCast.ql index d51fd57ced2..95cf7237e08 100644 --- a/ql/ql/src/queries/style/RedundantCast.ql +++ b/ql/ql/src/queries/style/RedundantCast.ql @@ -13,4 +13,4 @@ import codeql_ql.style.RedundantCastQuery from AstNode node, TypeExpr type where redundantCast(node, type) -select node, "Redundant cast to $@", type, type.getResolvedType().getName() +select node, "Redundant cast to $@.", type, type.getResolvedType().getName() diff --git a/ql/ql/src/queries/style/RedundantOverride.ql b/ql/ql/src/queries/style/RedundantOverride.ql index 53b17be1992..49235fd48b4 100644 --- a/ql/ql/src/queries/style/RedundantOverride.ql +++ b/ql/ql/src/queries/style/RedundantOverride.ql @@ -13,4 +13,4 @@ import codeql_ql.style.RedundantOverrideQuery from ClassPredicate pred, ClassPredicate sup where redundantOverride(pred, sup) -select pred, "Redundant override of $@ predicate", sup, "this" +select pred, "Redundant override of $@.", sup, "this predicate" diff --git a/ql/ql/src/queries/style/RegexpInsteadOfPattern.ql b/ql/ql/src/queries/style/RegexpInsteadOfPattern.ql index 4e65b9f7d1a..93ecc17120c 100644 --- a/ql/ql/src/queries/style/RegexpInsteadOfPattern.ql +++ b/ql/ql/src/queries/style/RegexpInsteadOfPattern.ql @@ -3,7 +3,7 @@ * @description The `matches` builtin predicate takes a special pattern format as an input, not a regular expression. * @kind problem * @problem.severity warning - * @id ql/rexexp-pattern + * @id ql/regex-pattern * @precision medium */ @@ -33,5 +33,5 @@ where c.getArgument(0) = arg and arg.getValue().regexpMatch(getALikelyRegExpPattern()) select c, - "Argument \"$@\" looks like a reguar expression, but will be interpreted as a SQL 'LIKE' pattern.", + "Argument \"$@\" looks like a regular expression, but will be interpreted as a SQL 'LIKE' pattern.", arg, arg.getValue() diff --git a/ql/ql/src/queries/style/UseInstanceofExtension.ql b/ql/ql/src/queries/style/UseInstanceofExtension.ql index da27e5cbb47..ab2a53c6a67 100644 --- a/ql/ql/src/queries/style/UseInstanceofExtension.ql +++ b/ql/ql/src/queries/style/UseInstanceofExtension.ql @@ -1,6 +1,6 @@ /** * @name Suggest using non-extending subtype relationships. - * @description Non-extending subtypes ("instanceof extensions") are generally preferrable to instanceof expressions in characteristic predicates. + * @description Non-extending subtypes ("instanceof extensions") are generally preferable to instanceof expressions in characteristic predicates. * @kind problem * @problem.severity warning * @id ql/suggest-instanceof-extension @@ -17,5 +17,5 @@ where usesCastingBasedInstanceof(c, type) or usesFieldBasedInstanceof(c, any(TypeExpr te | te.getResolvedType() = type), _, _) ) and - message = "consider defining $@ as non-extending subtype of $@" -select c, message, c, c.getName(), type.getDeclaration(), type.getName() + message = "Consider defining this class as non-extending subtype of $@." +select c, message, type.getDeclaration(), type.getName() diff --git a/ql/ql/test/queries/style/AcronymsShouldBeCamelCase/AcronymsShouldBeCamelCase.expected b/ql/ql/test/queries/style/AcronymsShouldBeCamelCase/AcronymsShouldBeCamelCase.expected index de23b92bafa..416285920a5 100644 --- a/ql/ql/test/queries/style/AcronymsShouldBeCamelCase/AcronymsShouldBeCamelCase.expected +++ b/ql/ql/test/queries/style/AcronymsShouldBeCamelCase/AcronymsShouldBeCamelCase.expected @@ -1,3 +1,3 @@ -| Test.qll:2:11:2:15 | ClasslessPredicate isXML | Acronyms in isXML should be PascalCase/camelCase | -| Test.qll:8:9:8:20 | NewType TXMLElements | Acronyms in TXMLElements should be PascalCase/camelCase | -| Test.qll:10:3:10:13 | NewTypeBranch TXMLElement | Acronyms in TXMLElement should be PascalCase/camelCase | +| Test.qll:2:11:2:15 | ClasslessPredicate isXML | Acronyms in isXML should be PascalCase/camelCase. | +| Test.qll:8:9:8:20 | NewType TXMLElements | Acronyms in TXMLElements should be PascalCase/camelCase. | +| Test.qll:10:3:10:13 | NewTypeBranch TXMLElement | Acronyms in TXMLElement should be PascalCase/camelCase. | diff --git a/ql/ql/test/queries/style/DeadCode/DeadCode.expected b/ql/ql/test/queries/style/DeadCode/DeadCode.expected index 39a2b034390..5238a57c6ed 100644 --- a/ql/ql/test/queries/style/DeadCode/DeadCode.expected +++ b/ql/ql/test/queries/style/DeadCode/DeadCode.expected @@ -1,2 +1,2 @@ -| Foo.qll:2:21:2:25 | ClasslessPredicate dead1 | Code is dead | -| Foo.qll:6:13:6:17 | ClasslessPredicate dead2 | Code is dead | +| Foo.qll:2:21:2:25 | ClasslessPredicate dead1 | This code is never used, and it's not publicly exported. | +| Foo.qll:6:13:6:17 | ClasslessPredicate dead2 | This code is never used, and it's not publicly exported. | diff --git a/ql/ql/test/queries/style/RedundantCast/RedundantCast.expected b/ql/ql/test/queries/style/RedundantCast/RedundantCast.expected index e4e57083633..f56d882faf6 100644 --- a/ql/ql/test/queries/style/RedundantCast/RedundantCast.expected +++ b/ql/ql/test/queries/style/RedundantCast/RedundantCast.expected @@ -1,3 +1,3 @@ -| Foo.qll:5:25:5:31 | InlineCast | Redundant cast to $@ | Foo.qll:5:28:5:30 | TypeExpr | Foo | -| Foo.qll:7:33:7:39 | InlineCast | Redundant cast to $@ | Foo.qll:7:36:7:38 | TypeExpr | Foo | -| Foo.qll:11:36:11:42 | InlineCast | Redundant cast to $@ | Foo.qll:11:39:11:41 | TypeExpr | Foo | +| Foo.qll:5:25:5:31 | InlineCast | Redundant cast to $@. | Foo.qll:5:28:5:30 | TypeExpr | Foo | +| Foo.qll:7:33:7:39 | InlineCast | Redundant cast to $@. | Foo.qll:7:36:7:38 | TypeExpr | Foo | +| Foo.qll:11:36:11:42 | InlineCast | Redundant cast to $@. | Foo.qll:11:39:11:41 | TypeExpr | Foo | diff --git a/ql/ql/test/queries/style/RedundantOverride/RedundantOverride.expected b/ql/ql/test/queries/style/RedundantOverride/RedundantOverride.expected index dbb5c60174f..e0877fb21f3 100644 --- a/ql/ql/test/queries/style/RedundantOverride/RedundantOverride.expected +++ b/ql/ql/test/queries/style/RedundantOverride/RedundantOverride.expected @@ -1,11 +1,11 @@ -| RedundantOverride.qll:9:18:9:21 | ClassPredicate pred | Redundant override of $@ predicate | RedundantOverride.qll:5:9:5:12 | ClassPredicate pred | this | -| RedundantOverride.qll:21:18:21:21 | ClassPredicate pred | Redundant override of $@ predicate | RedundantOverride.qll:17:9:17:12 | ClassPredicate pred | this | -| RedundantOverride.qll:110:24:110:27 | ClassPredicate pred | Redundant override of $@ predicate | RedundantOverride.qll:106:15:106:18 | ClassPredicate pred | this | -| RedundantOverride.qll:124:18:124:21 | ClassPredicate pred | Redundant override of $@ predicate | RedundantOverride.qll:118:9:118:12 | ClassPredicate pred | this | -| RedundantOverride.qll:128:18:128:21 | ClassPredicate pred | Redundant override of $@ predicate | RedundantOverride.qll:118:9:118:12 | ClassPredicate pred | this | -| RedundantOverride.qll:132:18:132:21 | ClassPredicate pred | Redundant override of $@ predicate | RedundantOverride.qll:128:18:128:21 | ClassPredicate pred | this | -| RedundantOverride.qll:150:18:150:21 | ClassPredicate pred | Redundant override of $@ predicate | RedundantOverride.qll:140:9:140:12 | ClassPredicate pred | this | -| RedundantOverride.qll:164:18:164:21 | ClassPredicate pred | Redundant override of $@ predicate | RedundantOverride.qll:158:9:158:12 | ClassPredicate pred | this | -| RedundantOverride.qll:168:18:168:21 | ClassPredicate pred | Redundant override of $@ predicate | RedundantOverride.qll:158:9:158:12 | ClassPredicate pred | this | -| RedundantOverride.qll:172:18:172:21 | ClassPredicate pred | Redundant override of $@ predicate | RedundantOverride.qll:168:18:168:21 | ClassPredicate pred | this | -| RedundantOverride.qll:176:18:176:21 | ClassPredicate pred | Redundant override of $@ predicate | RedundantOverride.qll:168:18:168:21 | ClassPredicate pred | this | +| RedundantOverride.qll:9:18:9:21 | ClassPredicate pred | Redundant override of $@. | RedundantOverride.qll:5:9:5:12 | ClassPredicate pred | this predicate | +| RedundantOverride.qll:21:18:21:21 | ClassPredicate pred | Redundant override of $@. | RedundantOverride.qll:17:9:17:12 | ClassPredicate pred | this predicate | +| RedundantOverride.qll:110:24:110:27 | ClassPredicate pred | Redundant override of $@. | RedundantOverride.qll:106:15:106:18 | ClassPredicate pred | this predicate | +| RedundantOverride.qll:124:18:124:21 | ClassPredicate pred | Redundant override of $@. | RedundantOverride.qll:118:9:118:12 | ClassPredicate pred | this predicate | +| RedundantOverride.qll:128:18:128:21 | ClassPredicate pred | Redundant override of $@. | RedundantOverride.qll:118:9:118:12 | ClassPredicate pred | this predicate | +| RedundantOverride.qll:132:18:132:21 | ClassPredicate pred | Redundant override of $@. | RedundantOverride.qll:128:18:128:21 | ClassPredicate pred | this predicate | +| RedundantOverride.qll:150:18:150:21 | ClassPredicate pred | Redundant override of $@. | RedundantOverride.qll:140:9:140:12 | ClassPredicate pred | this predicate | +| RedundantOverride.qll:164:18:164:21 | ClassPredicate pred | Redundant override of $@. | RedundantOverride.qll:158:9:158:12 | ClassPredicate pred | this predicate | +| RedundantOverride.qll:168:18:168:21 | ClassPredicate pred | Redundant override of $@. | RedundantOverride.qll:158:9:158:12 | ClassPredicate pred | this predicate | +| RedundantOverride.qll:172:18:172:21 | ClassPredicate pred | Redundant override of $@. | RedundantOverride.qll:168:18:168:21 | ClassPredicate pred | this predicate | +| RedundantOverride.qll:176:18:176:21 | ClassPredicate pred | Redundant override of $@. | RedundantOverride.qll:168:18:168:21 | ClassPredicate pred | this predicate | diff --git a/ruby/actions/create-extractor-pack/action.yml b/ruby/actions/create-extractor-pack/action.yml index 4cc8189e149..b0907eff834 100644 --- a/ruby/actions/create-extractor-pack/action.yml +++ b/ruby/actions/create-extractor-pack/action.yml @@ -3,7 +3,7 @@ description: Builds the Ruby CodeQL pack runs: using: composite steps: - - uses: actions/cache@v2 + - uses: actions/cache@v3 with: path: | ~/.cargo/registry diff --git a/ruby/extractor/src/extractor.rs b/ruby/extractor/src/extractor.rs index db280634ae5..f5557e5a188 100644 --- a/ruby/extractor/src/extractor.rs +++ b/ruby/extractor/src/extractor.rs @@ -216,7 +216,7 @@ struct Visitor<'a> { schema: &'a NodeTypeMap, /// A stack for gathering information from child nodes. Whenever a node is /// entered the parent's [Label], child counter, and an empty list is pushed. - /// All children append their data to the the list. When the visitor leaves a + /// All children append their data to the list. When the visitor leaves a /// node the list containing the child data is popped from the stack and /// matched against the dbscheme for the node. If the expectations are met /// the corresponding row definitions are added to the trap_output. diff --git a/ruby/extractor/src/main.rs b/ruby/extractor/src/main.rs index ca1039e4e0d..3f69a67d043 100644 --- a/ruby/extractor/src/main.rs +++ b/ruby/extractor/src/main.rs @@ -68,7 +68,6 @@ fn main() -> std::io::Result<()> { .unwrap_or_else(|_| tracing_subscriber::EnvFilter::new("ruby_extractor=warn")), ) .init(); - tracing::warn!("Support for Ruby is currently in Beta: https://codeql.github.com/docs/codeql-overview/supported-languages-and-frameworks/"); let num_threads = num_codeql_threads(); tracing::info!( "Using {} {}", diff --git a/ruby/node-types/src/lib.rs b/ruby/node-types/src/lib.rs index 2fdf0c8c8cc..a48e9ddbf9a 100644 --- a/ruby/node-types/src/lib.rs +++ b/ruby/node-types/src/lib.rs @@ -43,7 +43,7 @@ pub enum FieldTypeInfo { }, /// The field can be one of several tokens, so the db type will be an `int` - /// with a `case @foo.kind` for each possiblity. + /// with a `case @foo.kind` for each possibility. ReservedWordInt(BTreeMap), } diff --git a/ruby/ql/lib/change-notes/2022-10-07-actionmailer-params.md b/ruby/ql/lib/change-notes/2022-10-07-actionmailer-params.md new file mode 100644 index 00000000000..0bac2da675d --- /dev/null +++ b/ruby/ql/lib/change-notes/2022-10-07-actionmailer-params.md @@ -0,0 +1,4 @@ +--- +category: minorAnalysis +--- +* Calls to `params` in `ActionMailer` classes are now treated as sources of remote user input. diff --git a/ruby/ql/lib/change-notes/2022-10-09-activejob-serializers-deserialize.md b/ruby/ql/lib/change-notes/2022-10-09-activejob-serializers-deserialize.md new file mode 100644 index 00000000000..4d0be19e67f --- /dev/null +++ b/ruby/ql/lib/change-notes/2022-10-09-activejob-serializers-deserialize.md @@ -0,0 +1,4 @@ +--- +category: minorAnalysis +--- +* `ActiveJob::Serializers.deserialize` is considered to be a code execution sink. diff --git a/ruby/ql/lib/change-notes/2022-10-13-actiondispatch-request.md b/ruby/ql/lib/change-notes/2022-10-13-actiondispatch-request.md new file mode 100644 index 00000000000..9248c64d7ac --- /dev/null +++ b/ruby/ql/lib/change-notes/2022-10-13-actiondispatch-request.md @@ -0,0 +1,5 @@ +--- +category: minorAnalysis +--- +* More sources of remote input arising from methods on `ActionDispatch::Request` + are now recognised. diff --git a/ruby/ql/lib/change-notes/2022-10-13-faraday-run-request.md b/ruby/ql/lib/change-notes/2022-10-13-faraday-run-request.md new file mode 100644 index 00000000000..017b57884f5 --- /dev/null +++ b/ruby/ql/lib/change-notes/2022-10-13-faraday-run-request.md @@ -0,0 +1,4 @@ +--- +category: minorAnalysis +--- +* The response value returned by the `Faraday#run_request` method is now also considered a source of remote input. diff --git a/ruby/ql/lib/change-notes/2022-10-14-digest-model.md b/ruby/ql/lib/change-notes/2022-10-14-digest-model.md new file mode 100644 index 00000000000..20d446a3ee5 --- /dev/null +++ b/ruby/ql/lib/change-notes/2022-10-14-digest-model.md @@ -0,0 +1,4 @@ +--- +category: minorAnalysis +--- +* The hashing algorithms from `Digest` and `OpenSSL::Digest` are now recognized and can be flagged by the `rb/weak-cryptographic-algorithm` query. diff --git a/ruby/ql/lib/codeql/ruby/ApiGraphs.qll b/ruby/ql/lib/codeql/ruby/ApiGraphs.qll index 98311e0ec22..7f69f71d17f 100644 --- a/ruby/ql/lib/codeql/ruby/ApiGraphs.qll +++ b/ruby/ql/lib/codeql/ruby/ApiGraphs.qll @@ -203,7 +203,7 @@ module API { /** * Gets a node representing a call to `method` on the receiver represented by this node. */ - Node getMethod(string method) { + MethodAccessNode getMethod(string method) { result = this.getASubclass().getASuccessor(Label::method(method)) } @@ -522,7 +522,8 @@ module API { or exists(TypeTrackerSpecific::TypeTrackerContent c | TypeTrackerSpecific::basicLoadStep(node, ref, c) and - lbl = Label::content(c.getAStoreContent()) + lbl = Label::content(c.getAStoreContent()) and + not c.isSingleton(any(DataFlow::Content::AttributeNameContent k)) ) // note: method calls are not handled here as there is no DataFlow::Node for the intermediate MkMethodAccessNode API node } @@ -638,7 +639,10 @@ module API { isUse(src) and t.start() or - exists(TypeTracker t2 | result = trackUseNode(src, t2).track(t2, t)) + exists(TypeTracker t2 | + result = trackUseNode(src, t2).track(t2, t) and + not result instanceof DataFlowPrivate::SelfParameterNode + ) } /** @@ -657,7 +661,11 @@ module API { isDef(rhs) and result = rhs.getALocalSource() or - exists(TypeBackTracker t2 | result = trackDefNode(rhs, t2).backtrack(t2, t)) + exists(TypeBackTracker t2, DataFlow::LocalSourceNode mid | + mid = trackDefNode(rhs, t2) and + not mid instanceof DataFlowPrivate::SelfParameterNode and + result = mid.backtrack(t2, t) + ) } /** Gets a data flow node reaching the RHS of the given def node. */ @@ -890,7 +898,7 @@ module API { /** Gets the `subclass` edge label. */ LabelSubclass subclass() { any() } - /** Gets the label representing the given keword argument/parameter. */ + /** Gets the label representing the given keyword argument/parameter. */ LabelKeywordParameter keywordParameter(string name) { result.getName() = name } /** Gets the label representing the `n`th positional argument/parameter. */ diff --git a/ruby/ql/lib/codeql/ruby/Concepts.qll b/ruby/ql/lib/codeql/ruby/Concepts.qll index aab70b7ec07..dd7c75565b7 100644 --- a/ruby/ql/lib/codeql/ruby/Concepts.qll +++ b/ruby/ql/lib/codeql/ruby/Concepts.qll @@ -250,6 +250,11 @@ module Http { /** Gets a string that identifies the framework used for this route setup. */ string getFramework() { result = super.getFramework() } + + /** + * Gets the HTTP method name, in lowercase, that this handler will respond to. + */ + string getHttpMethod() { result = super.getHttpMethod() } } /** Provides a class for modeling new HTTP routing APIs. */ @@ -287,9 +292,34 @@ module Http { /** Gets a string that identifies the framework used for this route setup. */ abstract string getFramework(); + + /** + * Gets the HTTP method name, in all caps, that this handler will respond to. + */ + abstract string getHttpMethod(); } } + /** A kind of request input. */ + class RequestInputKind extends string { + RequestInputKind() { this = ["parameter", "header", "body", "url", "cookie"] } + } + + /** Input from the parameters of a request. */ + RequestInputKind parameterInputKind() { result = "parameter" } + + /** Input from the headers of a request. */ + RequestInputKind headerInputKind() { result = "header" } + + /** Input from the body of a request. */ + RequestInputKind bodyInputKind() { result = "body" } + + /** Input from the URL of a request. */ + RequestInputKind urlInputKind() { result = "url" } + + /** Input from the cookies of a request. */ + RequestInputKind cookieInputKind() { result = "cookie" } + /** * An access to a user-controlled HTTP request input. For example, the URL or body of a request. * Instances of this class automatically become `RemoteFlowSource`s. @@ -304,6 +334,32 @@ module Http { * This is typically the name of the method that gives rise to this input. */ string getSourceType() { result = super.getSourceType() } + + /** + * Gets the kind of the accessed input, + * Can be one of "parameter", "header", "body", "url", "cookie". + */ + RequestInputKind getKind() { result = super.getKind() } + + /** + * Holds if this part of the request may be controlled by a third party, + * that is, an agent other than the one who sent the request. + * + * This is true for the URL, query parameters, and request body. + * These can be controlled by a malicious third party in the following scenarios: + * + * - The user clicks a malicious link or is otherwise redirected to a malicious URL. + * - The user visits a web site that initiates a form submission or AJAX request on their behalf. + * + * In these cases, the request is technically sent from the user's browser, but + * the user is not in direct control of the URL or POST body. + * + * Headers are never considered third-party controllable by this predicate, although the + * third party does have some control over the the Referer and Origin headers. + */ + predicate isThirdPartyControllable() { + this.getKind() = [parameterInputKind(), urlInputKind(), bodyInputKind()] + } } /** Provides a class for modeling new HTTP request inputs. */ @@ -321,6 +377,12 @@ module Http { * This is typically the name of the method that gives rise to this input. */ abstract string getSourceType(); + + /** + * Gets the kind of the accessed input, + * Can be one of "parameter", "header", "body", "url", "cookie". + */ + abstract RequestInputKind getKind(); } } @@ -343,6 +405,12 @@ module Http { /** Gets a string that identifies the framework used for this route setup. */ string getFramework() { result = super.getFramework() } + + /** + * Gets an HTTP method name, in all caps, that this handler will respond to. + * Handlers can potentially respond to multiple HTTP methods. + */ + string getAnHttpMethod() { result = super.getAnHttpMethod() } } /** Provides a class for modeling new HTTP request handlers. */ @@ -364,6 +432,12 @@ module Http { /** Gets a string that identifies the framework used for this request handler. */ abstract string getFramework(); + + /** + * Gets an HTTP method name, in all caps, that this handler will respond to. + * Handlers can potentially respond to multiple HTTP methods. + */ + abstract string getAnHttpMethod(); } } @@ -378,6 +452,8 @@ module Http { } override string getFramework() { result = rs.getFramework() } + + override string getAnHttpMethod() { result = rs.getHttpMethod() } } /** A parameter that will receive parts of the url when handling an incoming request. */ @@ -387,6 +463,39 @@ module Http { RoutedParameter() { this.getParameter() = handler.getARoutedParameter() } override string getSourceType() { result = handler.getFramework() + " RoutedParameter" } + + override RequestInputKind getKind() { result = parameterInputKind() } + } + + /** + * A data flow node that writes data to a header in an HTTP response. + * + * Extend this class to refine existing API models. If you want to model new APIs, + * extend `HeaderWriteAccess::Range` instead. + */ + class HeaderWriteAccess extends DataFlow::Node instanceof HeaderWriteAccess::Range { + /** Gets the (lower case) name of the header that is written to. */ + string getName() { result = super.getName().toLowerCase() } + + /** Gets the value that is written to the header. */ + DataFlow::Node getValue() { result = super.getValue() } + } + + /** Provides a class for modeling new HTTP header writes. */ + module HeaderWriteAccess { + /** + * A data flow node that writes data to the header in an HTTP response. + * + * Extend this class to model new APIs. If you want to refine existing API models, + * extend `HeaderWriteAccess` instead. + */ + abstract class Range extends DataFlow::Node { + /** Gets the name of the header that is written to. */ + abstract string getName(); + + /** Gets the value that is written to the header. */ + abstract DataFlow::Node getValue(); + } } /** diff --git a/ruby/ql/lib/codeql/ruby/Frameworks.qll b/ruby/ql/lib/codeql/ruby/Frameworks.qll index 868489ad26b..f89040b1d5d 100644 --- a/ruby/ql/lib/codeql/ruby/Frameworks.qll +++ b/ruby/ql/lib/codeql/ruby/Frameworks.qll @@ -5,6 +5,8 @@ private import codeql.ruby.frameworks.Core private import codeql.ruby.frameworks.ActionCable private import codeql.ruby.frameworks.ActionController +private import codeql.ruby.frameworks.ActiveJob +private import codeql.ruby.frameworks.ActionMailer private import codeql.ruby.frameworks.ActiveRecord private import codeql.ruby.frameworks.ActiveResource private import codeql.ruby.frameworks.ActiveStorage diff --git a/ruby/ql/lib/codeql/ruby/ast/Call.qll b/ruby/ql/lib/codeql/ruby/ast/Call.qll index df9e1fa8403..04ac15ededc 100644 --- a/ruby/ql/lib/codeql/ruby/ast/Call.qll +++ b/ruby/ql/lib/codeql/ruby/ast/Call.qll @@ -106,7 +106,7 @@ class MethodCall extends Call instanceof MethodCallImpl { final Block getBlock() { result = super.getBlockImpl() } /** - * Holds if the safe nagivation operator (`&.`) is used in this call. + * Holds if the safe navigation operator (`&.`) is used in this call. * ```rb * foo&.empty? * ``` diff --git a/ruby/ql/lib/codeql/ruby/ast/Constant.qll b/ruby/ql/lib/codeql/ruby/ast/Constant.qll index d62056c866f..a6658fb63c0 100644 --- a/ruby/ql/lib/codeql/ruby/ast/Constant.qll +++ b/ruby/ql/lib/codeql/ruby/ast/Constant.qll @@ -65,7 +65,7 @@ class ConstantValue extends TConstantValue { /** Holds if this is the string value `s`. */ predicate isString(string s) { s = this.getString() } - /** Gets the symbol value (exluding the `:` prefix), if this is a symbol. */ + /** Gets the symbol value (excluding the `:` prefix), if this is a symbol. */ string getSymbol() { this = TSymbol(result) } /** Holds if this is the symbol value `:s`. */ diff --git a/ruby/ql/lib/codeql/ruby/ast/internal/Module.qll b/ruby/ql/lib/codeql/ruby/ast/internal/Module.qll index 67b53baa51c..50222e742b5 100644 --- a/ruby/ql/lib/codeql/ruby/ast/internal/Module.qll +++ b/ruby/ql/lib/codeql/ruby/ast/internal/Module.qll @@ -138,9 +138,26 @@ private module Cached { cached string resolveConstantWrite(ConstantWriteAccess c) { result = resolveConstantWriteAccess(c) } + /** + * Gets a method named `name` that is available in module `m`. This includes methods + * that are included/prepended into `m` and methods available on base classes of `m`. + */ cached Method lookupMethod(Module m, string name) { TMethod(result) = lookupMethodOrConst(m, name) } + /** + * Gets a method named `name` that is available in a sub class of module `m`. This + * includes methods that are included/prepended into any of the sub classes of `m`, + * but not methods inherited from base classes. + */ + cached + Method lookupMethodInSubClasses(Module m, string name) { + exists(Module sub | sub.getSuperClass() = m | + TMethod(result) = lookupMethodOrConst0(sub, name) or + result = lookupMethodInSubClasses(sub, name) + ) + } + cached Expr lookupConst(Module m, string name) { TExpr(result) = lookupMethodOrConst(m, name) @@ -394,7 +411,7 @@ private module ResolveImpl { /** * The qualified names of the ancestors of a class/module. The ancestors should be an ordered list - * of the ancestores of `prepend`ed modules, the module itself , the ancestors or `include`d modules + * of the ancestors of `prepend`ed modules, the module itself , the ancestors or `include`d modules * and the ancestors of the super class. The priority value only distinguishes the kind of ancestor, * it does not order the ancestors within a group of the same kind. This is an over-approximation, however, * computing the precise order is tricky because it depends on the evaluation/file loading order. diff --git a/ruby/ql/lib/codeql/ruby/ast/internal/Variable.qll b/ruby/ql/lib/codeql/ruby/ast/internal/Variable.qll index 454a8119dd6..01c4c263246 100644 --- a/ruby/ql/lib/codeql/ruby/ast/internal/Variable.qll +++ b/ruby/ql/lib/codeql/ruby/ast/internal/Variable.qll @@ -676,7 +676,9 @@ private class SelfVariableAccessReal extends SelfVariableAccessImpl, TSelfReal { private SelfVariable var; SelfVariableAccessReal() { - exists(Ruby::Self self | this = TSelfReal(self) and var = TSelfVariable(scopeOf(self))) + exists(Ruby::Self self | + this = TSelfReal(self) and var = TSelfVariable(scopeOf(self).getEnclosingSelfScope()) + ) } final override SelfVariable getVariableImpl() { result = var } diff --git a/ruby/ql/lib/codeql/ruby/controlflow/CfgNodes.qll b/ruby/ql/lib/codeql/ruby/controlflow/CfgNodes.qll index 5cf68d31a5d..f7be488d0fd 100644 --- a/ruby/ql/lib/codeql/ruby/controlflow/CfgNodes.qll +++ b/ruby/ql/lib/codeql/ruby/controlflow/CfgNodes.qll @@ -687,6 +687,15 @@ module ExprNodes { final ExprCfgNode getValue() { e.hasCfgChild(e.getValue(), this, result) } } + /** A control-flow node that wraps a `VariableAccess` AST expression. */ + class VariableAccessCfgNode extends ExprCfgNode { + override string getAPrimaryQlClass() { result = "VariableAccessCfgNode" } + + override VariableAccess e; + + final override VariableAccess getExpr() { result = ExprCfgNode.super.getExpr() } + } + /** A control-flow node that wraps a `VariableReadAccess` AST expression. */ class VariableReadAccessCfgNode extends ExprCfgNode { override string getAPrimaryQlClass() { result = "VariableReadAccessCfgNode" } diff --git a/ruby/ql/lib/codeql/ruby/controlflow/internal/ControlFlowGraphImplShared.qll b/ruby/ql/lib/codeql/ruby/controlflow/internal/ControlFlowGraphImplShared.qll index 7d0dd10c084..dbd90ba0ae1 100644 --- a/ruby/ql/lib/codeql/ruby/controlflow/internal/ControlFlowGraphImplShared.qll +++ b/ruby/ql/lib/codeql/ruby/controlflow/internal/ControlFlowGraphImplShared.qll @@ -885,7 +885,7 @@ module TestOutput { /** * Gets a string used to resolve ties in node and edge ordering. */ - string getOrderDisambuigation() { result = "" } + string getOrderDisambiguation() { result = "" } } query predicate nodes(RelevantNode n, string attr, string val) { @@ -900,7 +900,7 @@ module TestOutput { order by l.getFile().getBaseName(), l.getFile().getAbsolutePath(), l.getStartLine(), l.getStartColumn(), l.getEndLine(), l.getEndColumn(), p.toString(), - p.getOrderDisambuigation() + p.getOrderDisambiguation() ) ).toString() } @@ -923,7 +923,7 @@ module TestOutput { order by l.getFile().getBaseName(), l.getFile().getAbsolutePath(), l.getStartLine(), l.getStartColumn(), l.getEndLine(), l.getEndColumn(), t.toString(), s.toString(), - s.getOrderDisambuigation() + s.getOrderDisambiguation() ) ).toString() } diff --git a/ruby/ql/lib/codeql/ruby/dataflow/FlowSummary.qll b/ruby/ql/lib/codeql/ruby/dataflow/FlowSummary.qll index 80c131f3677..5f3e11d2703 100644 --- a/ruby/ql/lib/codeql/ruby/dataflow/FlowSummary.qll +++ b/ruby/ql/lib/codeql/ruby/dataflow/FlowSummary.qll @@ -46,7 +46,7 @@ module SummaryComponent { /** * Gets a summary component that represents an element in a collection at a specific - * known index `cv`, or an uknown index. + * known index `cv`, or an unknown index. */ SummaryComponent elementKnownOrUnknown(ConstantValue cv) { result = SC::content(TKnownOrUnknownElementContent(TKnownElementContent(cv))) diff --git a/ruby/ql/lib/codeql/ruby/dataflow/RemoteFlowSources.qll b/ruby/ql/lib/codeql/ruby/dataflow/RemoteFlowSources.qll index de85af6b938..db1dfee61d7 100644 --- a/ruby/ql/lib/codeql/ruby/dataflow/RemoteFlowSources.qll +++ b/ruby/ql/lib/codeql/ruby/dataflow/RemoteFlowSources.qll @@ -1,5 +1,5 @@ /** - * Provides an extension point for for modeling user-controlled data. + * Provides an extension point for modeling user-controlled data. * Such data is often used as data-flow sources in security queries. */ diff --git a/ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowDispatch.qll b/ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowDispatch.qll index f988ea43779..23daff2dbcb 100644 --- a/ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowDispatch.qll +++ b/ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowDispatch.qll @@ -151,17 +151,24 @@ private class NormalCall extends DataFlowCall, TNormalCall { override Location getLocation() { result = c.getLocation() } } +/** A call for which we want to compute call targets. */ +private class RelevantCall extends CfgNodes::ExprNodes::CallCfgNode { + pragma[nomagic] + RelevantCall() { + // Temporarily disable operation resolution (due to bad performance) + not this.getExpr() instanceof Operation + } +} + pragma[nomagic] -private predicate methodCall( - CfgNodes::ExprNodes::CallCfgNode call, DataFlow::Node receiver, string method -) { +private predicate methodCall(RelevantCall call, DataFlow::Node receiver, string method) { method = call.getExpr().(MethodCall).getMethodName() and receiver.asExpr() = call.getReceiver() } pragma[nomagic] -private predicate flowsToMethodCall( - CfgNodes::ExprNodes::CallCfgNode call, DataFlow::LocalSourceNode sourceNode, string method +private predicate flowsToMethodCallReceiver( + RelevantCall call, DataFlow::LocalSourceNode sourceNode, string method ) { exists(DataFlow::Node receiver | methodCall(call, receiver, method) and @@ -169,7 +176,12 @@ private predicate flowsToMethodCall( ) } -private Block yieldCall(CfgNodes::ExprNodes::CallCfgNode call) { +pragma[nomagic] +private predicate moduleFlowsToMethodCallReceiver(RelevantCall call, Module m, string method) { + flowsToMethodCallReceiver(call, trackModuleAccess(m), method) +} + +private Block yieldCall(RelevantCall call) { call.getExpr() instanceof YieldCall and exists(BlockParameterNode node | node = trackBlock(result) and @@ -178,7 +190,7 @@ private Block yieldCall(CfgNodes::ExprNodes::CallCfgNode call) { } pragma[nomagic] -private predicate superCall(CfgNodes::ExprNodes::CallCfgNode call, Module superClass, string method) { +private predicate superCall(RelevantCall call, Module superClass, string method) { call.getExpr() instanceof SuperCall and exists(Module tp | tp = call.getExpr().getEnclosingModule().getModule() and @@ -187,20 +199,6 @@ private predicate superCall(CfgNodes::ExprNodes::CallCfgNode call, Module superC ) } -pragma[nomagic] -private predicate instanceMethodCall(CfgNodes::ExprNodes::CallCfgNode call, Module tp, string method) { - exists(DataFlow::Node receiver, Module m, boolean exact | - methodCall(call, receiver, method) and - receiver = trackInstance(m, exact) - | - tp = m - or - // When we don't know the exact type, it could be any sub class - exact = false and - tp.getSuperClass+() = m - ) -} - /** Holds if `self` belongs to module `m`. */ pragma[nomagic] private predicate selfInModule(SelfVariable self, Module m) { @@ -318,6 +316,19 @@ private predicate extendCallModule(Module m, Module n) { ) } +/** + * Gets a method available in module `m`, or in one of `m`'s transitive + * sub classes when `exact = false`. + */ +pragma[nomagic] +private Method lookupMethod(Module m, string name, boolean exact) { + result = lookupMethod(m, name) and + exact in [false, true] + or + result = lookupMethodInSubClasses(m, name) and + exact = false +} + cached private module Cached { cached @@ -332,100 +343,139 @@ private module Cached { FlowSummaryImpl::Private::summaryCallbackRange(c, receiver) } - cached - CfgScope getTarget(CfgNodes::ExprNodes::CallCfgNode call) { - // Temporarily disable operation resolution (due to bad performance) - not call.getExpr() instanceof Operation and - ( - exists(string method | - exists(Module tp | - instanceMethodCall(call, tp, method) and - result = lookupMethod(tp, method) and - ( - if result.(Method).isPrivate() - then - call.getReceiver().getExpr() instanceof SelfVariableAccess and - // For now, we restrict the scope of top-level declarations to their file. - // This may remove some plausible targets, but also removes a lot of - // implausible targets - if result.getEnclosingModule() instanceof Toplevel - then result.getFile() = call.getFile() - else any() - else any() - ) and - if result.(Method).isProtected() - then result = lookupMethod(call.getExpr().getEnclosingModule().getModule(), method) - else any() - ) - or - // singleton method defined on an instance, e.g. - // ```rb - // c = C.new - // def c.singleton; end # <- result - // c.singleton # <- call - // ``` - // or an `extend`ed instance, e.g. - // ```rb - // c = C.new - // module M - // def instance; end # <- result - // end - // c.extend M - // c.instance # <- call - // ``` - exists(DataFlow::Node receiver | - methodCall(call, receiver, method) and - receiver = trackSingletonMethodOnInstance(result, method) - ) - or - // singleton method defined on a module - // or an `extend`ed module, e.g. - // ```rb - // module M - // def instance; end # <- result - // end - // M.extend(M) - // M.instance # <- call - // ``` - exists(DataFlow::Node sourceNode, Module m | - flowsToMethodCall(call, sourceNode, method) and - result = lookupSingletonMethod(m, method) - | - // ```rb - // def C.singleton; end # <- result - // C.singleton # <- call - // ``` - sourceNode = trackModuleAccess(m) - or - // ```rb - // class C - // def self.singleton; end # <- result - // self.singleton # <- call - // end - // ``` - selfInModule(sourceNode.(SsaSelfDefinitionNode).getVariable(), m) - or - // ```rb - // class C - // def self.singleton; end # <- result - // def self.other - // self.singleton # <- call - // end - // end - // ``` - selfInMethod(sourceNode.(SsaSelfDefinitionNode).getVariable(), _, m.getSuperClass*()) - ) - ) - or - exists(Module superClass, string method | - superCall(call, superClass, method) and - result = lookupMethod(superClass, method) - ) - or - result = yieldCall(call) + pragma[nomagic] + private Method lookupInstanceMethodCall(RelevantCall call, string method, boolean exact) { + exists(Module tp, DataFlow::Node receiver | + methodCall(call, pragma[only_bind_into](receiver), pragma[only_bind_into](method)) and + receiver = trackInstance(tp, exact) and + result = lookupMethod(tp, pragma[only_bind_into](method), exact) ) } + pragma[nomagic] + private predicate isToplevelMethodInFile(Method m, File f) { + m.getEnclosingModule() instanceof Toplevel and + f = m.getFile() + } + + /** Holds if a `self` access may be the receiver of `call` directly inside module `m`. */ + pragma[nomagic] + private predicate selfInModuleFlowsToMethodCallReceiver(RelevantCall call, Module m, string method) { + exists(SsaSelfDefinitionNode self | + flowsToMethodCallReceiver(call, self, method) and + selfInModule(self.getVariable(), m) + ) + } + + /** + * Holds if a `self` access may be the receiver of `call` inside some singleton method, where + * that method belongs to `m` or one of `m`'s transitive super classes. + */ + pragma[nomagic] + private predicate selfInSingletonMethodFlowsToMethodCallReceiver( + RelevantCall call, Module m, string method + ) { + exists(SsaSelfDefinitionNode self, Module target, MethodBase caller | + flowsToMethodCallReceiver(call, self, method) and + target = m.getSuperClass*() and + selfInMethod(self.getVariable(), caller, target) and + singletonMethod(caller, _, _) and + // Singleton methods declared in a block in the top-level may spuriously end up being seen as singleton + // methods on Object, if the block is actually evaluated in the context of another class. + // The 'self' inside such a singleton method could then be any class, leading to self-calls + // being resolved to arbitrary singleton methods. + // To remedy this, we do not allow following super-classes all the way to Object. + not (m != target and target = TResolved("Object")) + ) + } + + cached + CfgScope getTarget(RelevantCall call) { + exists(string method | + exists(boolean exact | + result = lookupInstanceMethodCall(call, method, exact) and + ( + if result.(Method).isPrivate() + then + call.getReceiver().getExpr() instanceof SelfVariableAccess and + // For now, we restrict the scope of top-level declarations to their file. + // This may remove some plausible targets, but also removes a lot of + // implausible targets + ( + isToplevelMethodInFile(result, call.getFile()) or + not isToplevelMethodInFile(result, _) + ) + else any() + ) and + if result.(Method).isProtected() + then result = lookupMethod(call.getExpr().getEnclosingModule().getModule(), method, exact) + else any() + ) + or + // singleton method defined on an instance, e.g. + // ```rb + // c = C.new + // def c.singleton; end # <- result + // c.singleton # <- call + // ``` + // or an `extend`ed instance, e.g. + // ```rb + // c = C.new + // module M + // def instance; end # <- result + // end + // c.extend M + // c.instance # <- call + // ``` + exists(DataFlow::Node receiver | + methodCall(call, receiver, method) and + receiver = trackSingletonMethodOnInstance(result, method) + ) + or + // singleton method defined on a module + // or an `extend`ed module, e.g. + // ```rb + // module M + // def instance; end # <- result + // end + // M.extend(M) + // M.instance # <- call + // ``` + exists(Module m | result = lookupSingletonMethod(m, method) | + // ```rb + // def C.singleton; end # <- result + // C.singleton # <- call + // ``` + moduleFlowsToMethodCallReceiver(call, m, method) + or + // ```rb + // class C + // def self.singleton; end # <- result + // self.singleton # <- call + // end + // ``` + selfInModuleFlowsToMethodCallReceiver(call, m, method) + or + // ```rb + // class C + // def self.singleton; end # <- result + // def self.other + // self.singleton # <- call + // end + // end + // ``` + selfInSingletonMethodFlowsToMethodCallReceiver(call, m, method) + ) + ) + or + exists(Module superClass, string method | + superCall(call, superClass, method) and + result = lookupMethod(superClass, method) + ) + or + result = yieldCall(call) + } + /** Gets a viable run-time target for the call `call`. */ cached DataFlowCallable viableCallable(DataFlowCall call) { @@ -551,8 +601,8 @@ private predicate isInstance(DataFlow::Node n, Module tp, boolean exact) { tp = TResolved("Proc") and exact = true or - exists(CfgNodes::ExprNodes::CallCfgNode call, DataFlow::LocalSourceNode sourceNode | - flowsToMethodCall(call, sourceNode, "new") and + exists(RelevantCall call, DataFlow::LocalSourceNode sourceNode | + flowsToMethodCallReceiver(call, sourceNode, "new") and exact = true and n.asExpr() = call | @@ -834,10 +884,7 @@ pragma[nomagic] private predicate paramReturnFlow( DataFlow::Node nodeFrom, DataFlow::PostUpdateNode nodeTo, StepSummary summary ) { - exists( - CfgNodes::ExprNodes::CallCfgNode call, DataFlow::Node arg, DataFlow::ParameterNode p, - Expr nodeFromPreExpr - | + exists(RelevantCall call, DataFlow::Node arg, DataFlow::ParameterNode p, Expr nodeFromPreExpr | TypeTrackerSpecific::callStep(call, arg, p) and nodeTo.getPreUpdateNode() = arg and summary.toString() = "return" and @@ -911,8 +958,7 @@ private predicate isInstanceLocalMustFlow(DataFlow::Node n, Module tp, boolean e */ pragma[nomagic] private predicate mayBenefitFromCallContext0( - CfgNodes::ExprNodes::CallCfgNode ctx, ArgumentNode arg, CfgNodes::ExprNodes::CallCfgNode call, - Callable encl, string name + RelevantCall ctx, ArgumentNode arg, RelevantCall call, Callable encl, string name ) { exists( ParameterNodeImpl p, SsaDefinitionNode ssaNode, ParameterPosition ppos, ArgumentPosition apos @@ -920,7 +966,7 @@ private predicate mayBenefitFromCallContext0( // the receiver of `call` references `p` ssaNode = trackInstance(_, _) and LocalFlow::localFlowSsaParamInput(p, ssaNode) and - flowsToMethodCall(pragma[only_bind_into](call), pragma[only_bind_into](ssaNode), + flowsToMethodCallReceiver(pragma[only_bind_into](call), pragma[only_bind_into](ssaNode), pragma[only_bind_into](name)) and // `p` is a parameter of `encl`, encl = call.getScope() and @@ -943,8 +989,7 @@ private predicate mayBenefitFromCallContext0( */ pragma[nomagic] private predicate mayBenefitFromCallContext1( - CfgNodes::ExprNodes::CallCfgNode ctx, CfgNodes::ExprNodes::CallCfgNode call, Callable encl, - Module tp, boolean exact, string name + RelevantCall ctx, RelevantCall call, Callable encl, Module tp, boolean exact, string name ) { exists(ArgumentNode arg | mayBenefitFromCallContext0(ctx, pragma[only_bind_into](arg), call, encl, @@ -972,19 +1017,14 @@ predicate mayBenefitFromCallContext(DataFlowCall call, DataFlowCallable c) { pragma[nomagic] DataFlowCallable viableImplInCallContext(DataFlowCall call, DataFlowCall ctx) { // `ctx` can provide a potentially better type bound - exists(CfgNodes::ExprNodes::CallCfgNode call0, Callable res | + exists(RelevantCall call0, Callable res | call0 = call.asCall() and res = result.asCallable() and res = getTarget(call0) and // make sure to not include e.g. private methods - exists(Module tp, Module m, boolean exact, string name | - res = lookupMethod(tp, name) and + exists(Module m, boolean exact, string name | + res = lookupMethod(m, name, exact) and mayBenefitFromCallContext1(ctx.asCall(), pragma[only_bind_into](call0), _, pragma[only_bind_into](m), exact, pragma[only_bind_into](name)) - | - tp = m - or - exact = false and - tp.getSuperClass+() = m ) ) or diff --git a/ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowImpl.qll b/ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowImpl.qll index 9053019a6d0..b5631b26b0b 100644 --- a/ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowImpl.qll +++ b/ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowImpl.qll @@ -838,13 +838,13 @@ private module Stage1 implements StageSig { * by `revFlow`. */ pragma[nomagic] - predicate revFlowIsReadAndStored(Content c, Configuration conf) { + additional predicate revFlowIsReadAndStored(Content c, Configuration conf) { revFlowConsCand(c, conf) and revFlowStore(c, _, _, conf) } pragma[nomagic] - predicate viableReturnPosOutNodeCandFwd1( + additional predicate viableReturnPosOutNodeCandFwd1( DataFlowCall call, ReturnPosition pos, NodeEx out, Configuration config ) { fwdFlowReturnPosition(pos, _, config) and @@ -860,7 +860,7 @@ private module Stage1 implements StageSig { } pragma[nomagic] - predicate viableParamArgNodeCandFwd1( + additional predicate viableParamArgNodeCandFwd1( DataFlowCall call, ParamNodeEx p, ArgNodeEx arg, Configuration config ) { viableParamArgEx(call, p, arg) and @@ -907,7 +907,7 @@ private module Stage1 implements StageSig { ) } - predicate revFlowState(FlowState state, Configuration config) { + additional predicate revFlowState(FlowState state, Configuration config) { exists(NodeEx node | sinkNode(node, state, config) and revFlow(node, _, pragma[only_bind_into](config)) and @@ -999,7 +999,7 @@ private module Stage1 implements StageSig { ) } - predicate stats( + additional predicate stats( boolean fwd, int nodes, int fields, int conscand, int states, int tuples, Configuration config ) { fwd = true and @@ -1260,7 +1260,7 @@ private module MkStage { * argument. */ pragma[nomagic] - predicate fwdFlow( + additional predicate fwdFlow( NodeEx node, FlowState state, Cc cc, ApOption argAp, Ap ap, Configuration config ) { fwdFlow0(node, state, cc, argAp, ap, config) and @@ -1484,7 +1484,7 @@ private module MkStage { * the access path of the returned value. */ pragma[nomagic] - predicate revFlow( + additional predicate revFlow( NodeEx node, FlowState state, boolean toReturn, ApOption returnAp, Ap ap, Configuration config ) { revFlow0(node, state, toReturn, returnAp, ap, config) and @@ -1662,7 +1662,7 @@ private module MkStage { ) } - predicate revFlow(NodeEx node, FlowState state, Configuration config) { + additional predicate revFlow(NodeEx node, FlowState state, Configuration config) { revFlow(node, state, _, _, _, config) } @@ -1675,11 +1675,13 @@ private module MkStage { // use an alias as a workaround for bad functionality-induced joins pragma[nomagic] - predicate revFlowAlias(NodeEx node, Configuration config) { revFlow(node, _, _, _, _, config) } + additional predicate revFlowAlias(NodeEx node, Configuration config) { + revFlow(node, _, _, _, _, config) + } // use an alias as a workaround for bad functionality-induced joins pragma[nomagic] - predicate revFlowAlias(NodeEx node, FlowState state, Ap ap, Configuration config) { + additional predicate revFlowAlias(NodeEx node, FlowState state, Ap ap, Configuration config) { revFlow(node, state, ap, config) } @@ -1700,7 +1702,7 @@ private module MkStage { ) } - predicate consCand(TypedContent tc, Ap ap, Configuration config) { + additional predicate consCand(TypedContent tc, Ap ap, Configuration config) { revConsCand(tc, ap, config) and validAp(ap, config) } @@ -1742,7 +1744,7 @@ private module MkStage { ) } - predicate stats( + additional predicate stats( boolean fwd, int nodes, int fields, int conscand, int states, int tuples, Configuration config ) { fwd = true and diff --git a/ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowImpl2.qll b/ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowImpl2.qll index 9053019a6d0..b5631b26b0b 100644 --- a/ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowImpl2.qll +++ b/ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowImpl2.qll @@ -838,13 +838,13 @@ private module Stage1 implements StageSig { * by `revFlow`. */ pragma[nomagic] - predicate revFlowIsReadAndStored(Content c, Configuration conf) { + additional predicate revFlowIsReadAndStored(Content c, Configuration conf) { revFlowConsCand(c, conf) and revFlowStore(c, _, _, conf) } pragma[nomagic] - predicate viableReturnPosOutNodeCandFwd1( + additional predicate viableReturnPosOutNodeCandFwd1( DataFlowCall call, ReturnPosition pos, NodeEx out, Configuration config ) { fwdFlowReturnPosition(pos, _, config) and @@ -860,7 +860,7 @@ private module Stage1 implements StageSig { } pragma[nomagic] - predicate viableParamArgNodeCandFwd1( + additional predicate viableParamArgNodeCandFwd1( DataFlowCall call, ParamNodeEx p, ArgNodeEx arg, Configuration config ) { viableParamArgEx(call, p, arg) and @@ -907,7 +907,7 @@ private module Stage1 implements StageSig { ) } - predicate revFlowState(FlowState state, Configuration config) { + additional predicate revFlowState(FlowState state, Configuration config) { exists(NodeEx node | sinkNode(node, state, config) and revFlow(node, _, pragma[only_bind_into](config)) and @@ -999,7 +999,7 @@ private module Stage1 implements StageSig { ) } - predicate stats( + additional predicate stats( boolean fwd, int nodes, int fields, int conscand, int states, int tuples, Configuration config ) { fwd = true and @@ -1260,7 +1260,7 @@ private module MkStage { * argument. */ pragma[nomagic] - predicate fwdFlow( + additional predicate fwdFlow( NodeEx node, FlowState state, Cc cc, ApOption argAp, Ap ap, Configuration config ) { fwdFlow0(node, state, cc, argAp, ap, config) and @@ -1484,7 +1484,7 @@ private module MkStage { * the access path of the returned value. */ pragma[nomagic] - predicate revFlow( + additional predicate revFlow( NodeEx node, FlowState state, boolean toReturn, ApOption returnAp, Ap ap, Configuration config ) { revFlow0(node, state, toReturn, returnAp, ap, config) and @@ -1662,7 +1662,7 @@ private module MkStage { ) } - predicate revFlow(NodeEx node, FlowState state, Configuration config) { + additional predicate revFlow(NodeEx node, FlowState state, Configuration config) { revFlow(node, state, _, _, _, config) } @@ -1675,11 +1675,13 @@ private module MkStage { // use an alias as a workaround for bad functionality-induced joins pragma[nomagic] - predicate revFlowAlias(NodeEx node, Configuration config) { revFlow(node, _, _, _, _, config) } + additional predicate revFlowAlias(NodeEx node, Configuration config) { + revFlow(node, _, _, _, _, config) + } // use an alias as a workaround for bad functionality-induced joins pragma[nomagic] - predicate revFlowAlias(NodeEx node, FlowState state, Ap ap, Configuration config) { + additional predicate revFlowAlias(NodeEx node, FlowState state, Ap ap, Configuration config) { revFlow(node, state, ap, config) } @@ -1700,7 +1702,7 @@ private module MkStage { ) } - predicate consCand(TypedContent tc, Ap ap, Configuration config) { + additional predicate consCand(TypedContent tc, Ap ap, Configuration config) { revConsCand(tc, ap, config) and validAp(ap, config) } @@ -1742,7 +1744,7 @@ private module MkStage { ) } - predicate stats( + additional predicate stats( boolean fwd, int nodes, int fields, int conscand, int states, int tuples, Configuration config ) { fwd = true and diff --git a/ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowImplForHttpClientLibraries.qll b/ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowImplForHttpClientLibraries.qll index 9053019a6d0..b5631b26b0b 100644 --- a/ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowImplForHttpClientLibraries.qll +++ b/ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowImplForHttpClientLibraries.qll @@ -838,13 +838,13 @@ private module Stage1 implements StageSig { * by `revFlow`. */ pragma[nomagic] - predicate revFlowIsReadAndStored(Content c, Configuration conf) { + additional predicate revFlowIsReadAndStored(Content c, Configuration conf) { revFlowConsCand(c, conf) and revFlowStore(c, _, _, conf) } pragma[nomagic] - predicate viableReturnPosOutNodeCandFwd1( + additional predicate viableReturnPosOutNodeCandFwd1( DataFlowCall call, ReturnPosition pos, NodeEx out, Configuration config ) { fwdFlowReturnPosition(pos, _, config) and @@ -860,7 +860,7 @@ private module Stage1 implements StageSig { } pragma[nomagic] - predicate viableParamArgNodeCandFwd1( + additional predicate viableParamArgNodeCandFwd1( DataFlowCall call, ParamNodeEx p, ArgNodeEx arg, Configuration config ) { viableParamArgEx(call, p, arg) and @@ -907,7 +907,7 @@ private module Stage1 implements StageSig { ) } - predicate revFlowState(FlowState state, Configuration config) { + additional predicate revFlowState(FlowState state, Configuration config) { exists(NodeEx node | sinkNode(node, state, config) and revFlow(node, _, pragma[only_bind_into](config)) and @@ -999,7 +999,7 @@ private module Stage1 implements StageSig { ) } - predicate stats( + additional predicate stats( boolean fwd, int nodes, int fields, int conscand, int states, int tuples, Configuration config ) { fwd = true and @@ -1260,7 +1260,7 @@ private module MkStage { * argument. */ pragma[nomagic] - predicate fwdFlow( + additional predicate fwdFlow( NodeEx node, FlowState state, Cc cc, ApOption argAp, Ap ap, Configuration config ) { fwdFlow0(node, state, cc, argAp, ap, config) and @@ -1484,7 +1484,7 @@ private module MkStage { * the access path of the returned value. */ pragma[nomagic] - predicate revFlow( + additional predicate revFlow( NodeEx node, FlowState state, boolean toReturn, ApOption returnAp, Ap ap, Configuration config ) { revFlow0(node, state, toReturn, returnAp, ap, config) and @@ -1662,7 +1662,7 @@ private module MkStage { ) } - predicate revFlow(NodeEx node, FlowState state, Configuration config) { + additional predicate revFlow(NodeEx node, FlowState state, Configuration config) { revFlow(node, state, _, _, _, config) } @@ -1675,11 +1675,13 @@ private module MkStage { // use an alias as a workaround for bad functionality-induced joins pragma[nomagic] - predicate revFlowAlias(NodeEx node, Configuration config) { revFlow(node, _, _, _, _, config) } + additional predicate revFlowAlias(NodeEx node, Configuration config) { + revFlow(node, _, _, _, _, config) + } // use an alias as a workaround for bad functionality-induced joins pragma[nomagic] - predicate revFlowAlias(NodeEx node, FlowState state, Ap ap, Configuration config) { + additional predicate revFlowAlias(NodeEx node, FlowState state, Ap ap, Configuration config) { revFlow(node, state, ap, config) } @@ -1700,7 +1702,7 @@ private module MkStage { ) } - predicate consCand(TypedContent tc, Ap ap, Configuration config) { + additional predicate consCand(TypedContent tc, Ap ap, Configuration config) { revConsCand(tc, ap, config) and validAp(ap, config) } @@ -1742,7 +1744,7 @@ private module MkStage { ) } - predicate stats( + additional predicate stats( boolean fwd, int nodes, int fields, int conscand, int states, int tuples, Configuration config ) { fwd = true and diff --git a/ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowImplForPathname.qll b/ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowImplForPathname.qll index 9053019a6d0..b5631b26b0b 100644 --- a/ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowImplForPathname.qll +++ b/ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowImplForPathname.qll @@ -838,13 +838,13 @@ private module Stage1 implements StageSig { * by `revFlow`. */ pragma[nomagic] - predicate revFlowIsReadAndStored(Content c, Configuration conf) { + additional predicate revFlowIsReadAndStored(Content c, Configuration conf) { revFlowConsCand(c, conf) and revFlowStore(c, _, _, conf) } pragma[nomagic] - predicate viableReturnPosOutNodeCandFwd1( + additional predicate viableReturnPosOutNodeCandFwd1( DataFlowCall call, ReturnPosition pos, NodeEx out, Configuration config ) { fwdFlowReturnPosition(pos, _, config) and @@ -860,7 +860,7 @@ private module Stage1 implements StageSig { } pragma[nomagic] - predicate viableParamArgNodeCandFwd1( + additional predicate viableParamArgNodeCandFwd1( DataFlowCall call, ParamNodeEx p, ArgNodeEx arg, Configuration config ) { viableParamArgEx(call, p, arg) and @@ -907,7 +907,7 @@ private module Stage1 implements StageSig { ) } - predicate revFlowState(FlowState state, Configuration config) { + additional predicate revFlowState(FlowState state, Configuration config) { exists(NodeEx node | sinkNode(node, state, config) and revFlow(node, _, pragma[only_bind_into](config)) and @@ -999,7 +999,7 @@ private module Stage1 implements StageSig { ) } - predicate stats( + additional predicate stats( boolean fwd, int nodes, int fields, int conscand, int states, int tuples, Configuration config ) { fwd = true and @@ -1260,7 +1260,7 @@ private module MkStage { * argument. */ pragma[nomagic] - predicate fwdFlow( + additional predicate fwdFlow( NodeEx node, FlowState state, Cc cc, ApOption argAp, Ap ap, Configuration config ) { fwdFlow0(node, state, cc, argAp, ap, config) and @@ -1484,7 +1484,7 @@ private module MkStage { * the access path of the returned value. */ pragma[nomagic] - predicate revFlow( + additional predicate revFlow( NodeEx node, FlowState state, boolean toReturn, ApOption returnAp, Ap ap, Configuration config ) { revFlow0(node, state, toReturn, returnAp, ap, config) and @@ -1662,7 +1662,7 @@ private module MkStage { ) } - predicate revFlow(NodeEx node, FlowState state, Configuration config) { + additional predicate revFlow(NodeEx node, FlowState state, Configuration config) { revFlow(node, state, _, _, _, config) } @@ -1675,11 +1675,13 @@ private module MkStage { // use an alias as a workaround for bad functionality-induced joins pragma[nomagic] - predicate revFlowAlias(NodeEx node, Configuration config) { revFlow(node, _, _, _, _, config) } + additional predicate revFlowAlias(NodeEx node, Configuration config) { + revFlow(node, _, _, _, _, config) + } // use an alias as a workaround for bad functionality-induced joins pragma[nomagic] - predicate revFlowAlias(NodeEx node, FlowState state, Ap ap, Configuration config) { + additional predicate revFlowAlias(NodeEx node, FlowState state, Ap ap, Configuration config) { revFlow(node, state, ap, config) } @@ -1700,7 +1702,7 @@ private module MkStage { ) } - predicate consCand(TypedContent tc, Ap ap, Configuration config) { + additional predicate consCand(TypedContent tc, Ap ap, Configuration config) { revConsCand(tc, ap, config) and validAp(ap, config) } @@ -1742,7 +1744,7 @@ private module MkStage { ) } - predicate stats( + additional predicate stats( boolean fwd, int nodes, int fields, int conscand, int states, int tuples, Configuration config ) { fwd = true and diff --git a/ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowImplForRegExp.qll b/ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowImplForRegExp.qll index 9053019a6d0..b5631b26b0b 100644 --- a/ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowImplForRegExp.qll +++ b/ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowImplForRegExp.qll @@ -838,13 +838,13 @@ private module Stage1 implements StageSig { * by `revFlow`. */ pragma[nomagic] - predicate revFlowIsReadAndStored(Content c, Configuration conf) { + additional predicate revFlowIsReadAndStored(Content c, Configuration conf) { revFlowConsCand(c, conf) and revFlowStore(c, _, _, conf) } pragma[nomagic] - predicate viableReturnPosOutNodeCandFwd1( + additional predicate viableReturnPosOutNodeCandFwd1( DataFlowCall call, ReturnPosition pos, NodeEx out, Configuration config ) { fwdFlowReturnPosition(pos, _, config) and @@ -860,7 +860,7 @@ private module Stage1 implements StageSig { } pragma[nomagic] - predicate viableParamArgNodeCandFwd1( + additional predicate viableParamArgNodeCandFwd1( DataFlowCall call, ParamNodeEx p, ArgNodeEx arg, Configuration config ) { viableParamArgEx(call, p, arg) and @@ -907,7 +907,7 @@ private module Stage1 implements StageSig { ) } - predicate revFlowState(FlowState state, Configuration config) { + additional predicate revFlowState(FlowState state, Configuration config) { exists(NodeEx node | sinkNode(node, state, config) and revFlow(node, _, pragma[only_bind_into](config)) and @@ -999,7 +999,7 @@ private module Stage1 implements StageSig { ) } - predicate stats( + additional predicate stats( boolean fwd, int nodes, int fields, int conscand, int states, int tuples, Configuration config ) { fwd = true and @@ -1260,7 +1260,7 @@ private module MkStage { * argument. */ pragma[nomagic] - predicate fwdFlow( + additional predicate fwdFlow( NodeEx node, FlowState state, Cc cc, ApOption argAp, Ap ap, Configuration config ) { fwdFlow0(node, state, cc, argAp, ap, config) and @@ -1484,7 +1484,7 @@ private module MkStage { * the access path of the returned value. */ pragma[nomagic] - predicate revFlow( + additional predicate revFlow( NodeEx node, FlowState state, boolean toReturn, ApOption returnAp, Ap ap, Configuration config ) { revFlow0(node, state, toReturn, returnAp, ap, config) and @@ -1662,7 +1662,7 @@ private module MkStage { ) } - predicate revFlow(NodeEx node, FlowState state, Configuration config) { + additional predicate revFlow(NodeEx node, FlowState state, Configuration config) { revFlow(node, state, _, _, _, config) } @@ -1675,11 +1675,13 @@ private module MkStage { // use an alias as a workaround for bad functionality-induced joins pragma[nomagic] - predicate revFlowAlias(NodeEx node, Configuration config) { revFlow(node, _, _, _, _, config) } + additional predicate revFlowAlias(NodeEx node, Configuration config) { + revFlow(node, _, _, _, _, config) + } // use an alias as a workaround for bad functionality-induced joins pragma[nomagic] - predicate revFlowAlias(NodeEx node, FlowState state, Ap ap, Configuration config) { + additional predicate revFlowAlias(NodeEx node, FlowState state, Ap ap, Configuration config) { revFlow(node, state, ap, config) } @@ -1700,7 +1702,7 @@ private module MkStage { ) } - predicate consCand(TypedContent tc, Ap ap, Configuration config) { + additional predicate consCand(TypedContent tc, Ap ap, Configuration config) { revConsCand(tc, ap, config) and validAp(ap, config) } @@ -1742,7 +1744,7 @@ private module MkStage { ) } - predicate stats( + additional predicate stats( boolean fwd, int nodes, int fields, int conscand, int states, int tuples, Configuration config ) { fwd = true and diff --git a/ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowPrivate.qll b/ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowPrivate.qll index 41c2e6485fe..89010d75235 100644 --- a/ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowPrivate.qll +++ b/ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowPrivate.qll @@ -735,6 +735,9 @@ class SummaryNode extends NodeImpl, TSummaryNode { SummaryNode() { this = TSummaryNode(c, state) } + /** Gets the summarized callable that this node belongs to. */ + FlowSummaryImpl::Public::SummarizedCallable getSummarizedCallable() { result = c } + override CfgScope getCfgScope() { none() } override DataFlowCallable getEnclosingCallable() { result.asLibraryCallable() = c } @@ -1000,6 +1003,8 @@ predicate jumpStep(Node pred, Node succ) { succ.(SsaDefinitionNode).getDefinition()) or succ.asExpr().getExpr().(ConstantReadAccess).getValue() = pred.asExpr().getExpr() + or + FlowSummaryImpl::Private::Steps::summaryJumpStep(pred, succ) } private ContentSet getKeywordContent(string name) { @@ -1162,8 +1167,8 @@ private module PostUpdateNodes { ExprPostUpdateNode() { this = TExprPostUpdateNode(e) } override ExprNode getPreUpdateNode() { - // For compund arguments, such as `m(if b then x else y)`, we want the leaf nodes - // `[post] x` and `[post] y` to have two pre-update nodes: (1) the compund argument, + // For compound arguments, such as `m(if b then x else y)`, we want the leaf nodes + // `[post] x` and `[post] y` to have two pre-update nodes: (1) the compound argument, // `if b then x else y`; and the (2) the underlying expressions; `x` and `y`, // respectively. // diff --git a/ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowPublic.qll b/ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowPublic.qll index a89e4964b8b..5a6883a5fe4 100644 --- a/ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowPublic.qll +++ b/ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowPublic.qll @@ -443,15 +443,24 @@ signature predicate guardChecksSig(CfgNodes::ExprCfgNode g, CfgNode e, boolean b * in data flow and taint tracking. */ module BarrierGuard { + pragma[nomagic] + private predicate guardChecksSsaDef(CfgNodes::ExprCfgNode g, boolean branch, Ssa::Definition def) { + guardChecks(g, def.getARead(), branch) + } + + pragma[nomagic] + private predicate guardControlsSsaDef( + CfgNodes::ExprCfgNode g, boolean branch, Ssa::Definition def, Node n + ) { + def.getARead() = n.asExpr() and + guardControlsBlock(g, n.asExpr().getBasicBlock(), branch) + } + /** Gets a node that is safely guarded by the given guard check. */ Node getABarrierNode() { - exists( - CfgNodes::ExprCfgNode g, boolean branch, CfgNodes::ExprCfgNode testedNode, Ssa::Definition def - | - def.getARead() = testedNode and - def.getARead() = result.asExpr() and - guardChecks(g, testedNode, branch) and - guardControlsBlock(g, result.asExpr().getBasicBlock(), branch) + exists(CfgNodes::ExprCfgNode g, boolean branch, Ssa::Definition def | + guardChecksSsaDef(g, branch, def) and + guardControlsSsaDef(g, branch, def, result) ) or result.asExpr() = getAMaybeGuardedCapturedDef().getARead() diff --git a/ruby/ql/lib/codeql/ruby/dataflow/internal/FlowSummaryImpl.qll b/ruby/ql/lib/codeql/ruby/dataflow/internal/FlowSummaryImpl.qll index a13c7cd1224..275569b4c02 100644 --- a/ruby/ql/lib/codeql/ruby/dataflow/internal/FlowSummaryImpl.qll +++ b/ruby/ql/lib/codeql/ruby/dataflow/internal/FlowSummaryImpl.qll @@ -61,6 +61,20 @@ module Public { /** Gets a summary component for a return of kind `rk`. */ SummaryComponent return(ReturnKind rk) { result = TReturnSummaryComponent(rk) } + + /** Gets a summary component for synthetic global `sg`. */ + SummaryComponent syntheticGlobal(SyntheticGlobal sg) { + result = TSyntheticGlobalSummaryComponent(sg) + } + + /** + * A synthetic global. This represents some form of global state, which + * summaries can read and write individually. + */ + abstract class SyntheticGlobal extends string { + bindingset[this] + SyntheticGlobal() { any() } + } } /** @@ -256,6 +270,7 @@ module Private { TParameterSummaryComponent(ArgumentPosition pos) or TArgumentSummaryComponent(ParameterPosition pos) or TReturnSummaryComponent(ReturnKind rk) or + TSyntheticGlobalSummaryComponent(SummaryComponent::SyntheticGlobal sg) or TWithoutContentSummaryComponent(ContentSet c) or TWithContentSummaryComponent(ContentSet c) @@ -563,6 +578,11 @@ module Private { getCallbackReturnType(getNodeType(summaryNodeInputState(pragma[only_bind_out](c), s.tail())), rk) ) + or + exists(SummaryComponent::SyntheticGlobal sg | + head = TSyntheticGlobalSummaryComponent(sg) and + result = getSyntheticGlobalType(sg) + ) ) or n = summaryNodeOutputState(c, s) and @@ -582,6 +602,11 @@ module Private { getCallbackParameterType(getNodeType(summaryNodeInputState(pragma[only_bind_out](c), s.tail())), pos) ) + or + exists(SummaryComponent::SyntheticGlobal sg | + head = TSyntheticGlobalSummaryComponent(sg) and + result = getSyntheticGlobalType(sg) + ) ) ) } @@ -692,6 +717,18 @@ module Private { ) } + /** + * Holds if there is a jump step from `pred` to `succ`, which is synthesized + * from a flow summary. + */ + predicate summaryJumpStep(Node pred, Node succ) { + exists(SummaryComponentStack s | + s = SummaryComponentStack::singleton(SummaryComponent::syntheticGlobal(_)) and + pred = summaryNodeOutputState(_, s) and + succ = summaryNodeInputState(_, s) + ) + } + /** * Holds if values stored inside content `c` are cleared at `n`. `n` is a * synthesized summary node, so in order for values to be cleared at calls @@ -871,18 +908,28 @@ module Private { AccessPathRange() { relevantSpec(this) } } - /** Holds if specification component `c` parses as parameter `n`. */ + /** Holds if specification component `token` parses as parameter `pos`. */ predicate parseParam(AccessPathToken token, ArgumentPosition pos) { token.getName() = "Parameter" and pos = parseParamBody(token.getAnArgument()) } - /** Holds if specification component `c` parses as argument `n`. */ + /** Holds if specification component `token` parses as argument `pos`. */ predicate parseArg(AccessPathToken token, ParameterPosition pos) { token.getName() = "Argument" and pos = parseArgBody(token.getAnArgument()) } + /** Holds if specification component `token` parses as synthetic global `sg`. */ + predicate parseSynthGlobal(AccessPathToken token, string sg) { + token.getName() = "SyntheticGlobal" and + sg = token.getAnArgument() + } + + private class SyntheticGlobalFromAccessPath extends SummaryComponent::SyntheticGlobal { + SyntheticGlobalFromAccessPath() { parseSynthGlobal(_, this) } + } + private SummaryComponent interpretComponent(AccessPathToken token) { exists(ParameterPosition pos | parseArg(token, pos) and result = SummaryComponent::argument(pos) @@ -894,6 +941,10 @@ module Private { or token = "ReturnValue" and result = SummaryComponent::return(getReturnValueKind()) or + exists(string sg | + parseSynthGlobal(token, sg) and result = SummaryComponent::syntheticGlobal(sg) + ) + or result = interpretComponentSpecific(token) } diff --git a/ruby/ql/lib/codeql/ruby/dataflow/internal/FlowSummaryImplSpecific.qll b/ruby/ql/lib/codeql/ruby/dataflow/internal/FlowSummaryImplSpecific.qll index 997c5a82c81..0fde6438872 100644 --- a/ruby/ql/lib/codeql/ruby/dataflow/internal/FlowSummaryImplSpecific.qll +++ b/ruby/ql/lib/codeql/ruby/dataflow/internal/FlowSummaryImplSpecific.qll @@ -44,6 +44,9 @@ DataFlowType getCallbackParameterType(DataFlowType t, ArgumentPosition pos) { an */ DataFlowType getCallbackReturnType(DataFlowType t, ReturnKind rk) { any() } +/** Gets the type of synthetic global `sg`. */ +DataFlowType getSyntheticGlobalType(SummaryComponent::SyntheticGlobal sg) { any() } + /** * Holds if an external flow summary exists for `c` with input specification * `input`, output specification `output`, kind `kind`, and a flag `generated` diff --git a/ruby/ql/lib/codeql/ruby/dataflow/internal/SsaImpl.qll b/ruby/ql/lib/codeql/ruby/dataflow/internal/SsaImpl.qll index c4fb3ccee0e..ed3a1b4f88e 100644 --- a/ruby/ql/lib/codeql/ruby/dataflow/internal/SsaImpl.qll +++ b/ruby/ql/lib/codeql/ruby/dataflow/internal/SsaImpl.qll @@ -64,7 +64,7 @@ predicate uninitializedWrite(Cfg::EntryBasicBlock bb, int i, LocalVariable v) { i = -1 } -/** Holds if `bb` contains a caputured read of variable `v`. */ +/** Holds if `bb` contains a captured read of variable `v`. */ pragma[noinline] private predicate hasCapturedVariableRead(Cfg::BasicBlock bb, LocalVariable v) { exists(LocalVariableReadAccess read | @@ -74,7 +74,7 @@ private predicate hasCapturedVariableRead(Cfg::BasicBlock bb, LocalVariable v) { ) } -/** Holds if `bb` contains a caputured write to variable `v`. */ +/** Holds if `bb` contains a captured write to variable `v`. */ pragma[noinline] private predicate writesCapturedVariable(Cfg::BasicBlock bb, LocalVariable v) { exists(LocalVariableWriteAccess write | diff --git a/ruby/ql/lib/codeql/ruby/dataflow/internal/tainttrackingforregexp/TaintTrackingImpl.qll b/ruby/ql/lib/codeql/ruby/dataflow/internal/tainttrackingforregexp/TaintTrackingImpl.qll deleted file mode 100644 index bf937b6de31..00000000000 --- a/ruby/ql/lib/codeql/ruby/dataflow/internal/tainttrackingforregexp/TaintTrackingImpl.qll +++ /dev/null @@ -1,191 +0,0 @@ -/** - * Provides an implementation of global (interprocedural) taint tracking. - * This file re-exports the local (intraprocedural) taint-tracking analysis - * from `TaintTrackingParameter::Public` and adds a global analysis, mainly - * exposed through the `Configuration` class. For some languages, this file - * exists in several identical copies, allowing queries to use multiple - * `Configuration` classes that depend on each other without introducing - * mutual recursion among those configurations. - */ - -import TaintTrackingParameter::Public -private import TaintTrackingParameter::Private - -/** - * A configuration of interprocedural taint tracking analysis. This defines - * sources, sinks, and any other configurable aspect of the analysis. Each - * use of the taint tracking library must define its own unique extension of - * this abstract class. - * - * A taint-tracking configuration is a special data flow configuration - * (`DataFlow::Configuration`) that allows for flow through nodes that do not - * necessarily preserve values but are still relevant from a taint tracking - * perspective. (For example, string concatenation, where one of the operands - * is tainted.) - * - * To create a configuration, extend this class with a subclass whose - * characteristic predicate is a unique singleton string. For example, write - * - * ```ql - * class MyAnalysisConfiguration extends TaintTracking::Configuration { - * MyAnalysisConfiguration() { this = "MyAnalysisConfiguration" } - * // Override `isSource` and `isSink`. - * // Optionally override `isSanitizer`. - * // Optionally override `isSanitizerIn`. - * // Optionally override `isSanitizerOut`. - * // Optionally override `isSanitizerGuard`. - * // Optionally override `isAdditionalTaintStep`. - * } - * ``` - * - * Then, to query whether there is flow between some `source` and `sink`, - * write - * - * ```ql - * exists(MyAnalysisConfiguration cfg | cfg.hasFlow(source, sink)) - * ``` - * - * Multiple configurations can coexist, but it is unsupported to depend on - * another `TaintTracking::Configuration` or a `DataFlow::Configuration` in the - * overridden predicates that define sources, sinks, or additional steps. - * Instead, the dependency should go to a `TaintTracking2::Configuration` or a - * `DataFlow2::Configuration`, `DataFlow3::Configuration`, etc. - */ -abstract class Configuration extends DataFlow::Configuration { - bindingset[this] - Configuration() { any() } - - /** - * Holds if `source` is a relevant taint source. - * - * The smaller this predicate is, the faster `hasFlow()` will converge. - */ - // overridden to provide taint-tracking specific qldoc - override predicate isSource(DataFlow::Node source) { none() } - - /** - * Holds if `source` is a relevant taint source with the given initial - * `state`. - * - * The smaller this predicate is, the faster `hasFlow()` will converge. - */ - // overridden to provide taint-tracking specific qldoc - override predicate isSource(DataFlow::Node source, DataFlow::FlowState state) { none() } - - /** - * Holds if `sink` is a relevant taint sink - * - * The smaller this predicate is, the faster `hasFlow()` will converge. - */ - // overridden to provide taint-tracking specific qldoc - override predicate isSink(DataFlow::Node sink) { none() } - - /** - * Holds if `sink` is a relevant taint sink accepting `state`. - * - * The smaller this predicate is, the faster `hasFlow()` will converge. - */ - // overridden to provide taint-tracking specific qldoc - override predicate isSink(DataFlow::Node sink, DataFlow::FlowState state) { none() } - - /** Holds if the node `node` is a taint sanitizer. */ - predicate isSanitizer(DataFlow::Node node) { none() } - - final override predicate isBarrier(DataFlow::Node node) { - this.isSanitizer(node) or - defaultTaintSanitizer(node) - } - - /** - * Holds if the node `node` is a taint sanitizer when the flow state is - * `state`. - */ - predicate isSanitizer(DataFlow::Node node, DataFlow::FlowState state) { none() } - - final override predicate isBarrier(DataFlow::Node node, DataFlow::FlowState state) { - this.isSanitizer(node, state) - } - - /** Holds if taint propagation into `node` is prohibited. */ - predicate isSanitizerIn(DataFlow::Node node) { none() } - - final override predicate isBarrierIn(DataFlow::Node node) { this.isSanitizerIn(node) } - - /** Holds if taint propagation out of `node` is prohibited. */ - predicate isSanitizerOut(DataFlow::Node node) { none() } - - final override predicate isBarrierOut(DataFlow::Node node) { this.isSanitizerOut(node) } - - /** - * DEPRECATED: Use `isSanitizer` and `BarrierGuard` module instead. - * - * Holds if taint propagation through nodes guarded by `guard` is prohibited. - */ - deprecated predicate isSanitizerGuard(DataFlow::BarrierGuard guard) { none() } - - deprecated final override predicate isBarrierGuard(DataFlow::BarrierGuard guard) { - this.isSanitizerGuard(guard) - } - - /** - * DEPRECATED: Use `isSanitizer` and `BarrierGuard` module instead. - * - * Holds if taint propagation through nodes guarded by `guard` is prohibited - * when the flow state is `state`. - */ - deprecated predicate isSanitizerGuard(DataFlow::BarrierGuard guard, DataFlow::FlowState state) { - none() - } - - deprecated final override predicate isBarrierGuard( - DataFlow::BarrierGuard guard, DataFlow::FlowState state - ) { - this.isSanitizerGuard(guard, state) - } - - /** - * Holds if taint may propagate from `node1` to `node2` in addition to the normal data-flow and taint steps. - */ - predicate isAdditionalTaintStep(DataFlow::Node node1, DataFlow::Node node2) { none() } - - final override predicate isAdditionalFlowStep(DataFlow::Node node1, DataFlow::Node node2) { - this.isAdditionalTaintStep(node1, node2) or - defaultAdditionalTaintStep(node1, node2) - } - - /** - * Holds if taint may propagate from `node1` to `node2` in addition to the normal data-flow and taint steps. - * This step is only applicable in `state1` and updates the flow state to `state2`. - */ - predicate isAdditionalTaintStep( - DataFlow::Node node1, DataFlow::FlowState state1, DataFlow::Node node2, - DataFlow::FlowState state2 - ) { - none() - } - - final override predicate isAdditionalFlowStep( - DataFlow::Node node1, DataFlow::FlowState state1, DataFlow::Node node2, - DataFlow::FlowState state2 - ) { - this.isAdditionalTaintStep(node1, state1, node2, state2) - } - - override predicate allowImplicitRead(DataFlow::Node node, DataFlow::ContentSet c) { - ( - this.isSink(node) or - this.isSink(node, _) or - this.isAdditionalTaintStep(node, _) or - this.isAdditionalTaintStep(node, _, _, _) - ) and - defaultImplicitTaintRead(node, c) - } - - /** - * Holds if taint may flow from `source` to `sink` for this configuration. - */ - // overridden to provide taint-tracking specific qldoc - override predicate hasFlow(DataFlow::Node source, DataFlow::Node sink) { - super.hasFlow(source, sink) - } -} diff --git a/ruby/ql/lib/codeql/ruby/dataflow/internal/tainttrackingforregexp/TaintTrackingParameter.qll b/ruby/ql/lib/codeql/ruby/dataflow/internal/tainttrackingforregexp/TaintTrackingParameter.qll deleted file mode 100644 index 77949aa5ccf..00000000000 --- a/ruby/ql/lib/codeql/ruby/dataflow/internal/tainttrackingforregexp/TaintTrackingParameter.qll +++ /dev/null @@ -1,6 +0,0 @@ -import codeql.ruby.dataflow.internal.TaintTrackingPublic as Public - -module Private { - import codeql.ruby.dataflow.internal.DataFlowImplForRegExp as DataFlow - import codeql.ruby.dataflow.internal.TaintTrackingPrivate -} diff --git a/ruby/ql/lib/codeql/ruby/experimental/Rbi.qll b/ruby/ql/lib/codeql/ruby/experimental/Rbi.qll index 00b59110adc..008089a6251 100644 --- a/ruby/ql/lib/codeql/ruby/experimental/Rbi.qll +++ b/ruby/ql/lib/codeql/ruby/experimental/Rbi.qll @@ -417,7 +417,7 @@ module Rbi { override ReturnType getReturnType() { result = ReturnsCall.super.getReturnType() } } - /** A call to `void` that spcifies that a given method does not return a useful value. */ + /** A call to `void` that specifies that a given method does not return a useful value. */ class MethodVoidCall extends MethodReturnsTypeCall instanceof VoidCall { override ReturnType getReturnType() { result = VoidCall.super.getReturnType() } } @@ -448,7 +448,7 @@ module Rbi { } /** - * A call to `void` that spcifies that a given proc or block does not return + * A call to `void` that specifies that a given proc or block does not return * a useful value. */ class ProcVoidCall extends ProcReturnsTypeCall instanceof VoidCall { diff --git a/ruby/ql/lib/codeql/ruby/filters/GeneratedCode.qll b/ruby/ql/lib/codeql/ruby/filters/GeneratedCode.qll index 8e48a82ae1d..e1e4fb085a0 100644 --- a/ruby/ql/lib/codeql/ruby/filters/GeneratedCode.qll +++ b/ruby/ql/lib/codeql/ruby/filters/GeneratedCode.qll @@ -6,7 +6,7 @@ private import codeql.ruby.ast.internal.TreeSitter /** A source file that contains generated code. */ abstract class GeneratedCodeFile extends RubyFile { } -/** A file contining comments suggesting it contains generated code. */ +/** A file continuing comments suggesting it contains generated code. */ class GeneratedCommentFile extends GeneratedCodeFile { GeneratedCommentFile() { this = any(GeneratedCodeComment c).getLocation().getFile() } } diff --git a/ruby/ql/lib/codeql/ruby/frameworks/ActionController.qll b/ruby/ql/lib/codeql/ruby/frameworks/ActionController.qll index 8556c167b5d..e56df1465f6 100644 --- a/ruby/ql/lib/codeql/ruby/frameworks/ActionController.qll +++ b/ruby/ql/lib/codeql/ruby/frameworks/ActionController.qll @@ -83,6 +83,8 @@ class ActionControllerActionMethod extends Method, Http::Server::RequestHandler: override string getFramework() { result = "ActionController" } + override string getAnHttpMethod() { result = this.getARoute().getHttpMethod() } + /** Gets a call to render from within this method. */ Rails::RenderCall getARenderCall() { result.getParent+() = this } @@ -139,6 +141,8 @@ class ParamsSource extends Http::Server::RequestInputAccess::Range { ParamsSource() { this.asExpr().getExpr() instanceof Rails::ParamsCall } override string getSourceType() { result = "ActionController::Metal#params" } + + override Http::Server::RequestInputKind getKind() { result = Http::Server::parameterInputKind() } } /** @@ -149,6 +153,8 @@ class CookiesSource extends Http::Server::RequestInputAccess::Range { CookiesSource() { this.asExpr().getExpr() instanceof Rails::CookiesCall } override string getSourceType() { result = "ActionController::Metal#cookies" } + + override Http::Server::RequestInputKind getKind() { result = Http::Server::cookieInputKind() } } /** A call to `cookies` from within a controller. */ @@ -161,6 +167,140 @@ private class ActionControllerParamsCall extends ActionControllerContextCall, Pa ActionControllerParamsCall() { this.getMethodName() = "params" } } +/** Modeling for `ActionDispatch::Request`. */ +private module Request { + /** + * A call to `request` from within a controller. This is an instance of + * `ActionDispatch::Request`. + */ + private class RequestNode extends DataFlow::CallNode { + RequestNode() { + this.asExpr().getExpr() instanceof ActionControllerContextCall and + this.getMethodName() = "request" + } + } + + /** + * A method call on `request`. + */ + private class RequestMethodCall extends DataFlow::CallNode { + RequestMethodCall() { + any(RequestNode r).(DataFlow::LocalSourceNode).flowsTo(this.getReceiver()) + } + } + + abstract private class RequestInputAccess extends RequestMethodCall, + Http::Server::RequestInputAccess::Range { + override string getSourceType() { result = "ActionDispatch::Request#" + this.getMethodName() } + } + + /** + * A method call on `request` which returns request parameters. + */ + private class ParametersCall extends RequestInputAccess { + ParametersCall() { + this.getMethodName() = + [ + "parameters", "params", "GET", "POST", "query_parameters", "request_parameters", + "filtered_parameters" + ] + } + + override Http::Server::RequestInputKind getKind() { + result = Http::Server::parameterInputKind() + } + } + + /** A method call on `request` which returns part or all of the request path. */ + private class PathCall extends RequestInputAccess { + PathCall() { + this.getMethodName() = + ["path", "filtered_path", "fullpath", "original_fullpath", "original_url", "url"] + } + + override Http::Server::RequestInputKind getKind() { result = Http::Server::urlInputKind() } + } + + /** A method call on `request` which returns a specific request header. */ + private class HeadersCall extends RequestInputAccess { + HeadersCall() { + this.getMethodName() = + [ + "authorization", "script_name", "path_info", "user_agent", "referer", "referrer", + "host_authority", "content_type", "host", "hostname", "accept_encoding", + "accept_language", "if_none_match", "if_none_match_etags", "content_mime_type" + ] + or + // Request headers are prefixed with `HTTP_` to distinguish them from + // "headers" supplied by Rack middleware. + this.getMethodName() = ["get_header", "fetch_header"] and + this.getArgument(0).asExpr().getExpr().getConstantValue().getString().regexpMatch("^HTTP_.+") + } + + override Http::Server::RequestInputKind getKind() { result = Http::Server::headerInputKind() } + } + + // TODO: each_header + /** + * A method call on `request` which returns part or all of the host. + * This can be influenced by headers such as Host and X-Forwarded-Host. + */ + private class HostCall extends RequestInputAccess { + HostCall() { + this.getMethodName() = + [ + "authority", "host", "host_authority", "host_with_port", "hostname", "forwarded_for", + "forwarded_host", "port", "forwarded_port" + ] + } + + override Http::Server::RequestInputKind getKind() { result = Http::Server::headerInputKind() } + } + + /** + * A method call on `request` which is influenced by one or more request + * headers. + */ + private class HeaderTaintedCall extends RequestInputAccess { + HeaderTaintedCall() { + this.getMethodName() = ["media_type", "media_type_params", "content_charset", "base_url"] + } + + override Http::Server::RequestInputKind getKind() { result = Http::Server::headerInputKind() } + } + + /** A method call on `request` which returns the request body. */ + private class BodyCall extends RequestInputAccess { + BodyCall() { this.getMethodName() = ["body", "raw_post"] } + + override Http::Server::RequestInputKind getKind() { result = Http::Server::bodyInputKind() } + } + + /** + * A method call on `request` which returns the rack env. + * This is a hash containing all the information about the request. Values + * under keys starting with `HTTP_` are user-controlled. + */ + private class EnvCall extends RequestMethodCall { + EnvCall() { this.getMethodName() = ["env", "filtered_env"] } + } + + /** + * A read of a user-controlled parameter from the request env. + */ + private class EnvHttpAccess extends DataFlow::CallNode, Http::Server::RequestInputAccess::Range { + EnvHttpAccess() { + any(EnvCall c).(DataFlow::LocalSourceNode).flowsTo(this.getReceiver()) and + this.getMethodName() = "[]" and + this.getArgument(0).asExpr().getExpr().getConstantValue().getString().regexpMatch("^HTTP_.+") + } + + override Http::Server::RequestInputKind getKind() { result = Http::Server::headerInputKind() } + + override string getSourceType() { result = "ActionDispatch::Request#env[]" } + } +} + /** A call to `render` from within a controller. */ private class ActionControllerRenderCall extends ActionControllerContextCall, RenderCallImpl { ActionControllerRenderCall() { this.getMethodName() = "render" } @@ -171,14 +311,6 @@ private class ActionControllerRenderToCall extends ActionControllerContextCall, ActionControllerRenderToCall() { this.getMethodName() = ["render_to_body", "render_to_string"] } } -/** A call to `html_safe` from within a controller. */ -private class ActionControllerHtmlSafeCall extends HtmlSafeCallImpl { - ActionControllerHtmlSafeCall() { - this.getMethodName() = "html_safe" and - this.getEnclosingModule() instanceof ActionControllerControllerClass - } -} - /** A call to `html_escape` from within a controller. */ private class ActionControllerHtmlEscapeCall extends HtmlEscapeCallImpl { ActionControllerHtmlEscapeCall() { @@ -376,8 +508,11 @@ private class ActionControllerProtectFromForgeryCall extends CsrfProtectionSetti */ private class SendFile extends FileSystemAccess::Range, DataFlow::CallNode { SendFile() { - this.asExpr().getExpr() instanceof ActionControllerContextCall and - this.getMethodName() = "send_file" + this.getMethodName() = "send_file" and + ( + this.asExpr().getExpr() instanceof ActionControllerContextCall or + this.getReceiver().asExpr().getExpr() instanceof Response::ResponseCall + ) } override DataFlow::Node getAPathArgument() { result = this.getArgument(0) } @@ -502,3 +637,94 @@ private module ParamsSummaries { } } } + +/** + * Provides modeling for `ActionDispatch::Response`, which represents an HTTP + * response. + */ +private module Response { + class ResponseCall extends ActionControllerContextCall { + ResponseCall() { this.getMethodName() = "response" } + } + + class BodyWrite extends DataFlow::CallNode, Http::Server::HttpResponse::Range { + BodyWrite() { + this.getReceiver().asExpr().getExpr() instanceof ResponseCall and + this.getMethodName() = "body=" + } + + override DataFlow::Node getBody() { result = this.getArgument(0) } + + override DataFlow::Node getMimetypeOrContentTypeArg() { none() } + + override string getMimetypeDefault() { result = "text/http" } + } + + class SendFileCall extends DataFlow::CallNode, Http::Server::HttpResponse::Range { + SendFileCall() { + this.getReceiver().asExpr().getExpr() instanceof ResponseCall and + this.getMethodName() = "send_file" + } + + override DataFlow::Node getBody() { result = this.getArgument(0) } + + override DataFlow::Node getMimetypeOrContentTypeArg() { none() } + + override string getMimetypeDefault() { result = "application/octet-stream" } + } + + class HeaderWrite extends DataFlow::CallNode, Http::Server::HeaderWriteAccess::Range { + HeaderWrite() { + // response.header[key] = val + // response.headers[key] = val + exists(MethodCall headerCall | + headerCall.getMethodName() = ["header", "headers"] and + headerCall.getReceiver() instanceof ResponseCall + | + this.getReceiver().asExpr().getExpr() = headerCall and + this.getMethodName() = "[]=" + ) + or + // response.set_header(key) = val + // response[header] = val + // response.add_header(key, val) + this.getReceiver().asExpr().getExpr() instanceof ResponseCall and + this.getMethodName() = ["set_header", "[]=", "add_header"] + } + + override string getName() { + result = this.getArgument(0).asExpr().getConstantValue().getString() + } + + override DataFlow::Node getValue() { result = this.getArgument(1) } + } + + class SpecificHeaderWrite extends DataFlow::CallNode, Http::Server::HeaderWriteAccess::Range { + SpecificHeaderWrite() { + // response. = val + this.getReceiver().asExpr().getExpr() instanceof ResponseCall and + this.getMethodName() = + [ + "location=", "cache_control=", "_cache_control=", "etag=", "charset=", "content_type=", + "date=", "last_modified=", "weak_etag=", "strong_etag=" + ] + } + + override string getName() { + this.getMethodName() = "location=" and result = "location" + or + this.getMethodName() = ["_cache_control=", "cache_control="] and result = "cache-control" + or + this.getMethodName() = ["etag=", "weak_etag=", "strong_etag="] and result = "etag" + or + // sets the charset part of the content-type header + this.getMethodName() = ["charset=", "content_type="] and result = "content-type" + or + this.getMethodName() = "date=" and result = "date" + or + this.getMethodName() = "last_modified=" and result = "last-modified" + } + + override DataFlow::Node getValue() { result = this.getArgument(0) } + } +} diff --git a/ruby/ql/lib/codeql/ruby/frameworks/ActionMailer.qll b/ruby/ql/lib/codeql/ruby/frameworks/ActionMailer.qll new file mode 100644 index 00000000000..af183333d3d --- /dev/null +++ b/ruby/ql/lib/codeql/ruby/frameworks/ActionMailer.qll @@ -0,0 +1,53 @@ +/** + * Provides modeling for the `ActionMailer` library. + */ + +private import codeql.ruby.AST +private import codeql.ruby.ApiGraphs +private import codeql.ruby.frameworks.internal.Rails + +/** + * Provides modeling for the `ActionMailer` library. + */ +module ActionMailer { + /** + * A `ClassDeclaration` for a class that extends `ActionMailer::Base`. + * For example, + * + * ```rb + * class FooMailer < ActionMailer::Base + * ... + * end + * ``` + */ + class MailerClass extends ClassDeclaration { + MailerClass() { + this.getSuperclassExpr() = + [ + API::getTopLevelMember("ActionMailer").getMember("Base"), + // In Rails applications `ApplicationMailer` typically extends + // `ActionMailer::Base`, but we treat it separately in case the + // `ApplicationMailer` definition is not in the database. + API::getTopLevelMember("ApplicationMailer") + ].getASubclass().getAValueReachableFromSource().asExpr().getExpr() + } + } + + /** A method call with a `self` receiver from within a mailer class */ + private class ContextCall extends MethodCall { + private MailerClass mailerClass; + + ContextCall() { + this.getReceiver() instanceof SelfVariableAccess and + this.getEnclosingModule() = mailerClass + } + + /** Gets the mailer class containing this method. */ + MailerClass getMailerClass() { result = mailerClass } + } + + /** A call to `params` from within a mailer. */ + class ParamsCall extends ContextCall, ParamsCallImpl { + ParamsCall() { this.getMethodName() = "params" } + } +} diff --git a/ruby/ql/lib/codeql/ruby/frameworks/ActionView.qll b/ruby/ql/lib/codeql/ruby/frameworks/ActionView.qll index dabb731895c..d977f49670b 100644 --- a/ruby/ql/lib/codeql/ruby/frameworks/ActionView.qll +++ b/ruby/ql/lib/codeql/ruby/frameworks/ActionView.qll @@ -39,11 +39,6 @@ predicate inActionViewContext(AstNode n) { n.getLocation().getFile() instanceof ErbFile } -/** A call to `html_safe` from within a template. */ -private class ActionViewHtmlSafeCall extends HtmlSafeCallImpl { - ActionViewHtmlSafeCall() { this.getMethodName() = "html_safe" and inActionViewContext(this) } -} - /** * A call to a Rails method that escapes HTML. */ diff --git a/ruby/ql/lib/codeql/ruby/frameworks/ActiveJob.qll b/ruby/ql/lib/codeql/ruby/frameworks/ActiveJob.qll new file mode 100644 index 00000000000..aad917ccb2e --- /dev/null +++ b/ruby/ql/lib/codeql/ruby/frameworks/ActiveJob.qll @@ -0,0 +1,30 @@ +/** + * Modeling for `ActiveJob`, a framweork for declaring and enqueueing jobs that + * ships with Rails. + * https://rubygems.org/gems/activejob + */ + +private import codeql.ruby.ApiGraphs +private import codeql.ruby.Concepts +private import codeql.ruby.DataFlow + +/** Modeling for `ActiveJob`. */ +module ActiveJob { + /** + * `ActiveJob::Serializers` + */ + module Serializers { + /** + * A call to `ActiveJob::Serializers.deserialize`, which interprets part of + * its argument as a Ruby constant. + */ + class DeserializeCall extends DataFlow::CallNode, CodeExecution::Range { + DeserializeCall() { + this = + API::getTopLevelMember("ActiveJob").getMember("Serializers").getAMethodCall("deserialize") + } + + override DataFlow::Node getCode() { result = this.getArgument(0) } + } + } +} diff --git a/ruby/ql/lib/codeql/ruby/frameworks/ActiveSupport.qll b/ruby/ql/lib/codeql/ruby/frameworks/ActiveSupport.qll index d21877fe49d..0cf990ad00a 100644 --- a/ruby/ql/lib/codeql/ruby/frameworks/ActiveSupport.qll +++ b/ruby/ql/lib/codeql/ruby/frameworks/ActiveSupport.qll @@ -140,6 +140,25 @@ module ActiveSupport { } } + /** + * Type summaries for extensions to the `Pathname` module. + */ + private class PathnameTypeSummary extends ModelInput::TypeModelCsv { + override predicate row(string row) { + // package1;type1;package2;type2;path + // Pathname#existence : Pathname + row = ";Pathname;;Pathname;Method[existence].ReturnValue" + } + } + + /** Taint flow summaries for extensions to the `Pathname` module. */ + private class PathnameTaintSummary extends ModelInput::SummaryModelCsv { + override predicate row(string row) { + // Pathname#existence + row = ";Pathname;Method[existence];Argument[self];ReturnValue;taint" + } + } + /** * `ActiveSupport::SafeBuffer` wraps a string, providing HTML-safe methods * for concatenation. diff --git a/ruby/ql/lib/codeql/ruby/frameworks/Core.qll b/ruby/ql/lib/codeql/ruby/frameworks/Core.qll index 3e61b50dc04..6411dad64b5 100644 --- a/ruby/ql/lib/codeql/ruby/frameworks/Core.qll +++ b/ruby/ql/lib/codeql/ruby/frameworks/Core.qll @@ -15,6 +15,7 @@ import core.Hash import core.String import core.Regexp import core.IO +import core.Digest /** * A system command executed via subshell literal syntax. @@ -59,7 +60,7 @@ class SubshellHeredocExecution extends SystemCommandExecution::Range { private class SplatSummary extends SummarizedCallable { SplatSummary() { this = "*(splat)" } - override SplatExpr getACall() { any() } + override SplatExpr getACallSimple() { any() } override predicate propagatesFlowExt(string input, string output, boolean preservesValue) { ( diff --git a/ruby/ql/lib/codeql/ruby/frameworks/GraphQL.qll b/ruby/ql/lib/codeql/ruby/frameworks/GraphQL.qll index 92f9ad275a7..daf9a9fb578 100644 --- a/ruby/ql/lib/codeql/ruby/frameworks/GraphQL.qll +++ b/ruby/ql/lib/codeql/ruby/frameworks/GraphQL.qll @@ -84,6 +84,9 @@ private class GraphqlSchemaResolverClass extends ClassDeclaration { } } +/** Gets an HTTP method that is supported for querying a GraphQL server. */ +private string getASupportedHttpMethod() { result = ["get", "post"] } + /** * A `ClassDeclaration` for a class that extends `GraphQL::Schema::Object`. * For example, @@ -120,7 +123,7 @@ class GraphqlSchemaObjectClass extends ClassDeclaration { * `GraphQL::Schema::RelayClassicMutation` or * `GraphQL::Schema::Resolver`. * - * Both of these classes have an overrideable `resolve` instance + * Both of these classes have an overridable `resolve` instance * method which can receive user input in order to resolve a query or mutation. */ private class GraphqlResolvableClass extends ClassDeclaration { @@ -144,7 +147,7 @@ private class GraphqlResolvableClass extends ClassDeclaration { * * ```rb * module Mutation - * class NameAnInstrument < BaseMutationn + * class NameAnInstrument < BaseMutation * argument :instrument_uuid, Types::Uuid, * required: true, * loads: ::Instrument, @@ -172,6 +175,8 @@ class GraphqlResolveMethod extends Method, Http::Server::RequestHandler::Range { override string getFramework() { result = "GraphQL" } + override string getAnHttpMethod() { result = getASupportedHttpMethod() } + /** Gets the mutation class containing this method. */ GraphqlResolvableClass getMutationClass() { result = resolvableClass } } @@ -188,7 +193,7 @@ class GraphqlResolveMethod extends Method, Http::Server::RequestHandler::Range { * * ```rb * module Mutation - * class NameAnInstrument < BaseMutationn + * class NameAnInstrument < BaseMutation * argument :instrument_uuid, Types::Uuid, * required: true, * loads: ::Instrument, @@ -219,6 +224,8 @@ class GraphqlLoadMethod extends Method, Http::Server::RequestHandler::Range { override string getFramework() { result = "GraphQL" } + override string getAnHttpMethod() { result = getASupportedHttpMethod() } + /** Gets the mutation class containing this method. */ GraphqlResolvableClass getMutationClass() { result = resolvableClass } } @@ -388,6 +395,8 @@ class GraphqlFieldResolutionMethod extends Method, Http::Server::RequestHandler: override string getFramework() { result = "GraphQL" } + override string getAnHttpMethod() { result = getASupportedHttpMethod() } + /** Gets the class containing this method. */ GraphqlSchemaObjectClass getGraphqlClass() { result = schemaObjectClass } } diff --git a/ruby/ql/lib/codeql/ruby/frameworks/Rails.qll b/ruby/ql/lib/codeql/ruby/frameworks/Rails.qll index 9543076d101..97bd63453ee 100644 --- a/ruby/ql/lib/codeql/ruby/frameworks/Rails.qll +++ b/ruby/ql/lib/codeql/ruby/frameworks/Rails.qll @@ -16,10 +16,13 @@ private import codeql.ruby.security.OpenSSL */ module Rails { /** + * DEPRECATED: Any call to `html_safe` is considered an XSS sink. * A method call on a string to mark it as HTML safe for Rails. Strings marked * as such will not be automatically escaped when inserted into HTML. */ - class HtmlSafeCall extends MethodCall instanceof HtmlSafeCallImpl { } + deprecated class HtmlSafeCall extends MethodCall { + HtmlSafeCall() { this.getMethodName() = "html_safe" } + } /** A call to a Rails method to escape HTML. */ class HtmlEscapeCall extends MethodCall instanceof HtmlEscapeCallImpl { } @@ -71,6 +74,21 @@ module Rails { /** A render call that does not automatically set the HTTP response body. */ class RenderToCall extends MethodCall instanceof RenderToCallImpl { } + + /** + * A `render` call seen as a file system access. + */ + private class RenderAsFileSystemAccess extends FileSystemAccess::Range, DataFlow::CallNode { + RenderAsFileSystemAccess() { + exists(MethodCall call | this.asExpr().getExpr() = call | + call instanceof RenderCall + or + call instanceof RenderToCall + ) + } + + override DataFlow::Node getAPathArgument() { result = this.getKeywordArgument("file") } + } } /** diff --git a/ruby/ql/lib/codeql/ruby/frameworks/core/Digest.qll b/ruby/ql/lib/codeql/ruby/frameworks/core/Digest.qll new file mode 100644 index 00000000000..bff0e2265dc --- /dev/null +++ b/ruby/ql/lib/codeql/ruby/frameworks/core/Digest.qll @@ -0,0 +1,34 @@ +/** + * Provides modeling for the `Digest` module. + */ + +private import codeql.ruby.ApiGraphs +private import codeql.ruby.Concepts +private import codeql.ruby.DataFlow + +/** Gets an API node for a Digest class that hashes using `algo`. */ +private API::Node digest(Cryptography::HashingAlgorithm algo) { + exists(string name | result = API::getTopLevelMember("Digest").getMember(name) | + name = ["MD5", "SHA1", "SHA2", "RMD160"] and + algo.matchesName(name) + ) +} + +/** A call that hashes some input using a hashing algorithm from the `Digest` module. */ +private class DigestCall extends Cryptography::CryptographicOperation::Range instanceof DataFlow::CallNode { + Cryptography::HashingAlgorithm algo; + + DigestCall() { + this = digest(algo).getAMethodCall(["hexdigest", "base64digest", "bubblebabble"]) + or + this = digest(algo).getAMethodCall("file") // it's directly hashing the contents of a file, but that's close enough for us. + or + this = digest(algo).getInstance().getAMethodCall(["digest", "update", "<<"]) + } + + override Cryptography::HashingAlgorithm getAlgorithm() { result = algo } + + override DataFlow::Node getAnInput() { result = super.getArgument(0) } + + override Cryptography::BlockMode getBlockMode() { none() } +} diff --git a/ruby/ql/lib/codeql/ruby/frameworks/core/IO.qll b/ruby/ql/lib/codeql/ruby/frameworks/core/IO.qll index 9eff02a4a57..0828a6dcea7 100644 --- a/ruby/ql/lib/codeql/ruby/frameworks/core/IO.qll +++ b/ruby/ql/lib/codeql/ruby/frameworks/core/IO.qll @@ -95,7 +95,7 @@ module IO { * popen([env,] cmd, mode="r" [, opt]) -> io * popen([env,] cmd, mode="r" [, opt]) {|io| block } -> obj * ``` - * `IO.popen` does different things based on the the value of `cmd`: + * `IO.popen` does different things based on the value of `cmd`: * ``` * "-" : fork * commandline : command line string which is passed to a shell diff --git a/ruby/ql/lib/codeql/ruby/frameworks/core/String.qll b/ruby/ql/lib/codeql/ruby/frameworks/core/String.qll index 2b63531077a..e09ce6f3c42 100644 --- a/ruby/ql/lib/codeql/ruby/frameworks/core/String.qll +++ b/ruby/ql/lib/codeql/ruby/frameworks/core/String.qll @@ -3,7 +3,7 @@ private import codeql.ruby.AST private import codeql.ruby.ApiGraphs private import codeql.ruby.DataFlow -private import codeql.ruby.dataflow.FlowSummary +private import codeql.ruby.dataflow.FlowSummary as FlowSummary private import codeql.ruby.dataflow.internal.DataFlowDispatch private import codeql.ruby.controlflow.CfgNodes private import codeql.ruby.Regexp as RE @@ -107,6 +107,18 @@ module String { preservesValue = false } + /** A `String` callable with a flow summary. */ + abstract class SummarizedCallable extends FlowSummary::SummarizedCallable { + bindingset[this] + SummarizedCallable() { any() } + } + + abstract private class SimpleSummarizedCallable extends SummarizedCallable, + FlowSummary::SimpleSummarizedCallable { + bindingset[this] + SimpleSummarizedCallable() { any() } + } + private class NewSummary extends SummarizedCallable { NewSummary() { this = "String.new" } diff --git a/ruby/ql/lib/codeql/ruby/frameworks/http_clients/Faraday.qll b/ruby/ql/lib/codeql/ruby/frameworks/http_clients/Faraday.qll index 139a484f87a..295299e5068 100644 --- a/ruby/ql/lib/codeql/ruby/frameworks/http_clients/Faraday.qll +++ b/ruby/ql/lib/codeql/ruby/frameworks/http_clients/Faraday.qll @@ -37,7 +37,8 @@ class FaradayHttpRequest extends Http::Client::Request::Range, DataFlow::CallNod API::getTopLevelMember("Faraday").getInstance() ] and requestNode = - connectionNode.getReturn(["get", "head", "delete", "post", "put", "patch", "trace"]) and + connectionNode + .getReturn(["get", "head", "delete", "post", "put", "patch", "trace", "run_request"]) and this = requestNode.asSource() and connectionUse = connectionNode.asSource() } diff --git a/ruby/ql/lib/codeql/ruby/frameworks/http_clients/HttpClient.qll b/ruby/ql/lib/codeql/ruby/frameworks/http_clients/HttpClient.qll index 51537e25148..f8d6546539f 100644 --- a/ruby/ql/lib/codeql/ruby/frameworks/http_clients/HttpClient.qll +++ b/ruby/ql/lib/codeql/ruby/frameworks/http_clients/HttpClient.qll @@ -25,7 +25,7 @@ class HttpClientRequest extends Http::Client::Request::Range, DataFlow::CallNode [ // One-off requests API::getTopLevelMember("HTTPClient"), - // Conncection re-use + // Connection re-use API::getTopLevelMember("HTTPClient").getInstance() ] and requestNode = connectionNode.getReturn(method) and diff --git a/ruby/ql/lib/codeql/ruby/frameworks/internal/Rails.qll b/ruby/ql/lib/codeql/ruby/frameworks/internal/Rails.qll index 82ac926093b..ce81d869bc3 100644 --- a/ruby/ql/lib/codeql/ruby/frameworks/internal/Rails.qll +++ b/ruby/ql/lib/codeql/ruby/frameworks/internal/Rails.qll @@ -1,7 +1,5 @@ private import codeql.ruby.AST -abstract class HtmlSafeCallImpl extends MethodCall { } - abstract class HtmlEscapeCallImpl extends MethodCall { } abstract class RenderCallImpl extends MethodCall { } diff --git a/ruby/ql/lib/codeql/ruby/regexp/internal/ParseRegExp.qll b/ruby/ql/lib/codeql/ruby/regexp/internal/ParseRegExp.qll index bcf33e28f47..d77e45f8e55 100644 --- a/ruby/ql/lib/codeql/ruby/regexp/internal/ParseRegExp.qll +++ b/ruby/ql/lib/codeql/ruby/regexp/internal/ParseRegExp.qll @@ -241,7 +241,7 @@ abstract class RegExp extends Ast::StringlikeLiteral { /** * Helper predicate for `escapingChar`. - * In order to avoid negative recusrion, we return a boolean. + * In order to avoid negative recursion, we return a boolean. * This way, we can refer to `escaping(pos - 1).booleanNot()` * rather than to a negated version of `escaping(pos)`. */ diff --git a/ruby/ql/lib/codeql/ruby/regexp/internal/RegExpConfiguration.qll b/ruby/ql/lib/codeql/ruby/regexp/internal/RegExpConfiguration.qll index 5e1578eefef..3c451b15b78 100644 --- a/ruby/ql/lib/codeql/ruby/regexp/internal/RegExpConfiguration.qll +++ b/ruby/ql/lib/codeql/ruby/regexp/internal/RegExpConfiguration.qll @@ -1,10 +1,15 @@ private import codeql.ruby.Regexp -private import codeql.ruby.ast.Literal as Ast +private import codeql.ruby.AST as Ast +private import codeql.ruby.CFG private import codeql.ruby.DataFlow private import codeql.ruby.controlflow.CfgNodes -private import codeql.ruby.dataflow.internal.tainttrackingforregexp.TaintTrackingImpl +private import codeql.ruby.dataflow.internal.DataFlowImplForRegExp private import codeql.ruby.typetracking.TypeTracker private import codeql.ruby.ApiGraphs +private import codeql.ruby.dataflow.internal.DataFlowPrivate as DataFlowPrivate +private import codeql.ruby.dataflow.internal.FlowSummaryImpl as FlowSummaryImpl +private import codeql.ruby.dataflow.FlowSummary as FlowSummary +private import codeql.ruby.frameworks.core.String class RegExpConfiguration extends Configuration { RegExpConfiguration() { this = "RegExpConfiguration" } @@ -20,7 +25,7 @@ class RegExpConfiguration extends Configuration { override predicate isSink(DataFlow::Node sink) { sink instanceof RegExpInterpretation::Range } - override predicate isSanitizer(DataFlow::Node node) { + override predicate isBarrier(DataFlow::Node node) { exists(DataFlow::CallNode mce | mce.getMethodName() = ["match", "match?"] | // receiver of https://ruby-doc.org/core-2.4.0/String.html#method-i-match node = mce.getReceiver() and @@ -31,6 +36,24 @@ class RegExpConfiguration extends Configuration { mce.getReceiver() = trackRegexpType() ) } + + override predicate isAdditionalFlowStep(DataFlow::Node nodeFrom, DataFlow::Node nodeTo) { + // include taint flow through `String` summaries, + FlowSummaryImpl::Private::Steps::summaryLocalStep(nodeFrom, nodeTo, false) and + nodeFrom.(DataFlowPrivate::SummaryNode).getSummarizedCallable() instanceof + String::SummarizedCallable + or + // string concatenations, and + exists(CfgNodes::ExprNodes::OperationCfgNode op | + op = nodeTo.asExpr() and + op.getAnOperand() = nodeFrom.asExpr() and + op.getExpr().(Ast::BinaryOperation).getOperator() = "+" + ) + or + // string interpolations + nodeFrom.asExpr() = + nodeTo.asExpr().(CfgNodes::ExprNodes::StringlikeLiteralCfgNode).getAComponent() + } } private DataFlow::LocalSourceNode trackRegexpType(TypeTracker t) { diff --git a/ruby/ql/lib/codeql/ruby/security/BadTagFilterQuery.qll b/ruby/ql/lib/codeql/ruby/security/BadTagFilterQuery.qll index ed06bfbe798..95bfbeeeb5d 100644 --- a/ruby/ql/lib/codeql/ruby/security/BadTagFilterQuery.qll +++ b/ruby/ql/lib/codeql/ruby/security/BadTagFilterQuery.qll @@ -1,5 +1,5 @@ /** - * Provides precicates for reasoning about bad tag filter vulnerabilities. + * Provides predicates for reasoning about bad tag filter vulnerabilities. */ import regexp.RegexpMatching @@ -65,7 +65,7 @@ predicate isBadRegexpFilter(HtmlMatchingRegExp regexp, string msg) { regexp.matches("") and exists(int a, int b | a != b | regexp.fillsCaptureGroup("", a) and - // might be ambigously parsed (matching both capture groups), and that is ok here. + // might be ambiguously parsed (matching both capture groups), and that is ok here. regexp.fillsCaptureGroup("", b) and not regexp.fillsCaptureGroup("", a) and msg = diff --git a/ruby/ql/lib/codeql/ruby/security/KernelOpenQuery.qll b/ruby/ql/lib/codeql/ruby/security/KernelOpenQuery.qll new file mode 100644 index 00000000000..309a26ac9df --- /dev/null +++ b/ruby/ql/lib/codeql/ruby/security/KernelOpenQuery.qll @@ -0,0 +1,36 @@ +/** + * Provides utility classes and predicates for reasoning about `Kernel.open` and related methods. + */ + +private import codeql.ruby.AST +private import codeql.ruby.DataFlow +private import codeql.ruby.AST +private import codeql.ruby.ApiGraphs +private import codeql.ruby.frameworks.core.Kernel::Kernel + +/** A call to a method that might access a file or start a process. */ +class AmbiguousPathCall extends DataFlow::CallNode { + string name; + + AmbiguousPathCall() { + this.(KernelMethodCall).getMethodName() = "open" and + name = "Kernel.open" + or + this = API::getTopLevelMember("IO").getAMethodCall("read") and + not this = API::getTopLevelMember("File").getAMethodCall("read") and // needed in e.g. opal/opal, where some calls have both paths, but I'm not sure why + name = "IO.read" + } + + /** Gets the name for the method being called. */ + string getName() { result = name } + + /** Gets the name for a safer method that can be used instead. */ + string getReplacement() { + result = "File.read" and name = "IO.read" + or + result = "File.open" and name = "Kernel.open" + } + + /** Gets the argument that specifies the path to be accessed. */ + DataFlow::Node getPathArgument() { result = this.getArgument(0) } +} diff --git a/ruby/ql/lib/codeql/ruby/security/OpenSSL.qll b/ruby/ql/lib/codeql/ruby/security/OpenSSL.qll index 84bfa47d18e..5478c693f02 100644 --- a/ruby/ql/lib/codeql/ruby/security/OpenSSL.qll +++ b/ruby/ql/lib/codeql/ruby/security/OpenSSL.qll @@ -581,3 +581,49 @@ private class CipherOperation extends Cryptography::CryptographicOperation::Rang result = cipherNode.getCipherMode().getBlockMode() } } + +/** Predicates and classes modeling the `OpenSSL::Digest` module */ +private module Digest { + private import codeql.ruby.ApiGraphs + + /** A call that hashes some input using a hashing algorithm from the `OpenSSL::Digest` module. */ + private class DigestCall extends Cryptography::CryptographicOperation::Range instanceof DataFlow::CallNode { + Cryptography::HashingAlgorithm algo; + + DigestCall() { + exists(API::MethodAccessNode call | + call = API::getTopLevelMember("OpenSSL").getMember("Digest").getMethod("new") + | + this = call.getReturn().getAMethodCall(["digest", "update", "<<"]) and + algo.matchesName(call.getCallNode() + .getArgument(0) + .asExpr() + .getExpr() + .getConstantValue() + .getString()) + ) + } + + override Cryptography::HashingAlgorithm getAlgorithm() { result = algo } + + override DataFlow::Node getAnInput() { result = super.getArgument(0) } + + override Cryptography::BlockMode getBlockMode() { none() } + } + + /** A call to `OpenSSL::Digest.digest` that hashes input directly without constructing a digest instance. */ + private class DigestCallDirect extends Cryptography::CryptographicOperation::Range instanceof DataFlow::CallNode { + Cryptography::HashingAlgorithm algo; + + DigestCallDirect() { + this = API::getTopLevelMember("OpenSSL").getMember("Digest").getMethod("digest").getCallNode() and + algo.matchesName(this.getArgument(0).asExpr().getExpr().getConstantValue().getString()) + } + + override Cryptography::HashingAlgorithm getAlgorithm() { result = algo } + + override DataFlow::Node getAnInput() { result = super.getArgument(1) } + + override Cryptography::BlockMode getBlockMode() { none() } + } +} diff --git a/ruby/ql/lib/codeql/ruby/security/SensitiveActions.qll b/ruby/ql/lib/codeql/ruby/security/SensitiveActions.qll index dcdd0989e14..cc01ab4078b 100644 --- a/ruby/ql/lib/codeql/ruby/security/SensitiveActions.qll +++ b/ruby/ql/lib/codeql/ruby/security/SensitiveActions.qll @@ -11,6 +11,144 @@ private import codeql.ruby.AST private import codeql.ruby.DataFlow +import codeql.ruby.security.internal.SensitiveDataHeuristics +private import HeuristicNames +private import codeql.ruby.CFG + +/** An expression that might contain sensitive data. */ +cached +abstract class SensitiveNode extends DataFlow::Node { + /** Gets a human-readable description of this expression for use in alert messages. */ + cached + abstract string describe(); + + /** Gets a classification of the kind of sensitive data this expression might contain. */ + cached + abstract SensitiveDataClassification getClassification(); +} + +/** A method call that might produce sensitive data. */ +class SensitiveCall extends SensitiveNode instanceof DataFlow::CallNode { + SensitiveDataClassification classification; + + SensitiveCall() { + classification = this.getMethodName().(SensitiveDataMethodName).getClassification() + or + // This is particularly to pick up methods with an argument like "password", which + // may indicate a lookup. + exists(string s | super.getArgument(_).asExpr().getConstantValue().isStringlikeValue(s) | + nameIndicatesSensitiveData(s, classification) + ) + } + + override string describe() { result = "a call to " + super.getMethodName() } + + override SensitiveDataClassification getClassification() { result = classification } +} + +/** An access to a variable or hash value that might contain sensitive data. */ +abstract class SensitiveVariableAccess extends SensitiveNode { + string name; + + SensitiveVariableAccess() { + this.asExpr().(CfgNodes::ExprNodes::VariableAccessCfgNode).getExpr().getVariable().hasName(name) + or + this.asExpr() + .(CfgNodes::ExprNodes::ElementReferenceCfgNode) + .getAnArgument() + .getConstantValue() + .isStringlikeValue(name) + } + + override string describe() { result = "an access to " + name } +} + +/** A write to a location that might contain sensitive data. */ +abstract class SensitiveWrite extends DataFlow::Node { } + +/** + * Holds if `node` is a write to a variable or hash value named `name`. + * + * Helper predicate factored out for performance, + * to filter `name` as much as possible before using it in + * regex matching. + */ +pragma[nomagic] +private predicate writesProperty(DataFlow::Node node, string name) { + exists(VariableWriteAccess vwa | vwa.getVariable().getName() = name | + node.asExpr().getExpr() = vwa + ) + or + // hash value assignment + node.(DataFlow::CallNode).getMethodName() = "[]=" and + node.(DataFlow::CallNode).getArgument(0).asExpr().getConstantValue().isStringlikeValue(name) +} + +/** + * Instance and class variable names are reported with their respective `@` + * and `@@` prefixes. This predicate strips these prefixes. + */ +bindingset[name] +private string unprefixedVariableName(string name) { result = name.regexpReplaceAll("^@*", "") } + +/** A write to a variable or property that might contain sensitive data. */ +private class BasicSensitiveWrite extends SensitiveWrite { + SensitiveDataClassification classification; + + BasicSensitiveWrite() { + exists(string name | + /* + * PERFORMANCE OPTIMISATION: + * `nameIndicatesSensitiveData` performs a `regexpMatch` on `name`. + * To carry out a regex match, we must first compute the Cartesian product + * of all possible `name`s and regexes, then match. + * To keep this product as small as possible, + * we want to filter `name` as much as possible before the product. + * + * Do this by factoring out a helper predicate containing the filtering + * logic that restricts `name`. This helper predicate will get picked first + * in the join order, since it is the only call here that binds `name`. + */ + + writesProperty(this, name) and + nameIndicatesSensitiveData(unprefixedVariableName(name), classification) + ) + } + + /** Gets a classification of the kind of sensitive data the write might handle. */ + SensitiveDataClassification getClassification() { result = classification } +} + +/** An access to a variable or hash value that might contain sensitive data. */ +private class BasicSensitiveVariableAccess extends SensitiveVariableAccess { + SensitiveDataClassification classification; + + BasicSensitiveVariableAccess() { + nameIndicatesSensitiveData(unprefixedVariableName(name), classification) + } + + override SensitiveDataClassification getClassification() { result = classification } +} + +/** A method name that suggests it may be sensitive. */ +abstract class SensitiveMethodName extends string { + SensitiveMethodName() { this = any(MethodBase m).getName() } +} + +/** A method name that suggests it may produce sensitive data. */ +abstract class SensitiveDataMethodName extends SensitiveMethodName { + /** Gets a classification of the kind of sensitive data this method may produce. */ + abstract SensitiveDataClassification getClassification(); +} + +/** A method name that might return sensitive credential data. */ +class CredentialsMethodName extends SensitiveDataMethodName { + SensitiveDataClassification classification; + + CredentialsMethodName() { nameIndicatesSensitiveData(this, classification) } + + override SensitiveDataClassification getClassification() { result = classification } +} /** * A sensitive action, such as transfer of sensitive data. diff --git a/ruby/ql/lib/codeql/ruby/security/SensitiveGetQueryCustomizations.qll b/ruby/ql/lib/codeql/ruby/security/SensitiveGetQueryCustomizations.qll new file mode 100644 index 00000000000..a1a4277fe8f --- /dev/null +++ b/ruby/ql/lib/codeql/ruby/security/SensitiveGetQueryCustomizations.qll @@ -0,0 +1,54 @@ +/** + * Provides default sources and sinks for reasoning about sensitive data sourced + * from the query string of a GET request, as well as extension points for + * adding your own. + */ + +private import codeql.ruby.security.SensitiveActions +private import codeql.ruby.Concepts +private import codeql.ruby.DataFlow + +/** + * Provides default sources and sinks for reasoning about sensitive data sourced + * from the query string of a GET request, as well as extension points for + * adding your own. + */ +module SensitiveGetQuery { + /** + * A data flow source representing data sourced from the query string in a + * GET request handler. + */ + abstract class Source extends DataFlow::Node { + /** Gets the request handler corresponding to this data source. */ + abstract Http::Server::RequestHandler getHandler(); + } + + /** + * An access to data from the query string of a GET request as a data flow + * source. + */ + private class RequestInputAccessSource extends Source instanceof Http::Server::RequestInputAccess { + private Http::Server::RequestHandler handler; + + RequestInputAccessSource() { + handler = this.asExpr().getExpr().getEnclosingMethod() and + handler.getAnHttpMethod() = "get" and + this.getKind() = "parameter" + } + + override Http::Server::RequestHandler getHandler() { result = handler } + } + + /** + * A data flow sink suggesting a use of sensitive data. + */ + abstract class Sink extends DataFlow::Node { } + + /** A sensitive data node as a data flow sink. */ + private class SensitiveNodeSink extends Sink instanceof SensitiveNode { + SensitiveNodeSink() { + // User names and other similar information is not sensitive in this context. + not this.getClassification() = SensitiveDataClassification::id() + } + } +} diff --git a/ruby/ql/lib/codeql/ruby/security/SensitiveGetQueryQuery.qll b/ruby/ql/lib/codeql/ruby/security/SensitiveGetQueryQuery.qll new file mode 100644 index 00000000000..7c3531fe18c --- /dev/null +++ b/ruby/ql/lib/codeql/ruby/security/SensitiveGetQueryQuery.qll @@ -0,0 +1,31 @@ +/** + * Provides a taint-tracking configuration for detecting flow of query string + * data to sensitive actions in GET query request handlers. + * + * Note, for performance reasons: only import this file if `Configuration` is + * needed, otherwise `SensitiveGetQueryCustomizations` should be imported + * instead. + */ + +private import ruby +private import codeql.ruby.TaintTracking + +/** + * Provides a taint-tracking configuration for detecting flow of query string + * data to sensitive actions in GET query request handlers. + */ +module SensitiveGetQuery { + import SensitiveGetQueryCustomizations::SensitiveGetQuery + + /** + * A taint-tracking configuration for reasoning about use of sensitive data + * from a GET request query string. + */ + class Configuration extends TaintTracking::Configuration { + Configuration() { this = "SensitiveGetQuery" } + + override predicate isSource(DataFlow::Node source) { source instanceof Source } + + override predicate isSink(DataFlow::Node sink) { sink instanceof Sink } + } +} diff --git a/ruby/ql/lib/codeql/ruby/security/UnsafeDeserializationCustomizations.qll b/ruby/ql/lib/codeql/ruby/security/UnsafeDeserializationCustomizations.qll index 517ba6fa700..da759ea28e9 100644 --- a/ruby/ql/lib/codeql/ruby/security/UnsafeDeserializationCustomizations.qll +++ b/ruby/ql/lib/codeql/ruby/security/UnsafeDeserializationCustomizations.qll @@ -8,6 +8,8 @@ private import codeql.ruby.ApiGraphs private import codeql.ruby.CFG private import codeql.ruby.DataFlow private import codeql.ruby.dataflow.RemoteFlowSources +private import codeql.ruby.frameworks.ActiveJob +private import codeql.ruby.frameworks.core.Module module UnsafeDeserialization { /** @@ -199,4 +201,27 @@ module UnsafeDeserialization { toNode = callNode ) } + + /** + * A argument in a call to `Module.const_get`, considered as a sink for unsafe + * deserialization. + * + * Calls to `Module.const_get` can return arbitrary classes which can then be + * instantiated. + */ + class ConstGetCallArgument extends Sink { + ConstGetCallArgument() { this = any(Module::ModuleConstGetCallCodeExecution c).getCode() } + } + + /** + * A argument in a call to `ActiveJob::Serializers.deserialize`, considered as + * a sink for unsafe deserialization. + * + * This is roughly equivalent to a call to `Module.const_get`. + */ + class ActiveJobSerializersDeserializeArgument extends Sink { + ActiveJobSerializersDeserializeArgument() { + this = any(ActiveJob::Serializers::DeserializeCall c).getCode() + } + } } diff --git a/ruby/ql/lib/codeql/ruby/security/UrlRedirectCustomizations.qll b/ruby/ql/lib/codeql/ruby/security/UrlRedirectCustomizations.qll index bbc53e86655..230c010d00a 100644 --- a/ruby/ql/lib/codeql/ruby/security/UrlRedirectCustomizations.qll +++ b/ruby/ql/lib/codeql/ruby/security/UrlRedirectCustomizations.qll @@ -50,7 +50,9 @@ module UrlRedirect { /** * A source of remote user input, considered as a flow source. */ - class RemoteFlowSourceAsSource extends Source, RemoteFlowSource { } + class HttpRequestInputAccessAsSource extends Source, Http::Server::RequestInputAccess { + HttpRequestInputAccessAsSource() { this.isThirdPartyControllable() } + } /** * A HTTP redirect response, considered as a flow sink. diff --git a/ruby/ql/lib/codeql/ruby/security/XSS.qll b/ruby/ql/lib/codeql/ruby/security/XSS.qll index 42d7aae0c86..7a3b4d2f0e7 100644 --- a/ruby/ql/lib/codeql/ruby/security/XSS.qll +++ b/ruby/ql/lib/codeql/ruby/security/XSS.qll @@ -62,10 +62,7 @@ private module Shared { */ class HtmlSafeCallAsSink extends Sink { HtmlSafeCallAsSink() { - exists(Rails::HtmlSafeCall c, ErbOutputDirective d | - this.asExpr().getExpr() = c.getReceiver() and - c = d.getTerminalStmt() - ) + this = any(DataFlow::CallNode call | call.getMethodName() = "html_safe").getReceiver() } } @@ -105,6 +102,17 @@ private module Shared { } } + /** A write to an HTTP response header, considered as a flow sink. */ + class HeaderWriteAsSink extends Sink { + HeaderWriteAsSink() { + exists(Http::Server::HeaderWriteAccess a | + a.getName() = ["content-type", "access-control-allow-origin"] + | + this = a.getValue() + ) + } + } + /** * An HTML escaping, considered as a sanitizer. */ @@ -312,9 +320,11 @@ module ReflectedXss { deprecated predicate isAdditionalXSSTaintStep = isAdditionalXssTaintStep/2; /** - * A source of remote user input, considered as a flow source. + * A HTTP request input, considered as a flow source. */ - class RemoteFlowSourceAsSource extends Source, RemoteFlowSource { } + class HttpRequestInputAccessAsSource extends Source, Http::Server::RequestInputAccess { + HttpRequestInputAccessAsSource() { this.isThirdPartyControllable() } + } } /** DEPRECATED: Alias for ReflectedXss */ @@ -329,17 +339,13 @@ private module OrmTracking { override predicate isSource(DataFlow2::Node source) { source instanceof OrmInstantiation } - // Select any call node and narrow down later - override predicate isSink(DataFlow2::Node sink) { sink instanceof DataFlow2::CallNode } + // Select any call receiver and narrow down later + override predicate isSink(DataFlow2::Node sink) { + sink = any(DataFlow2::CallNode c).getReceiver() + } override predicate isAdditionalFlowStep(DataFlow2::Node node1, DataFlow2::Node node2) { Shared::isAdditionalXssFlowStep(node1, node2) - or - // Propagate flow through arbitrary method calls - node2.(DataFlow2::CallNode).getReceiver() = node1 - or - // Propagate flow through "or" expressions `or`/`||` - node2.asExpr().getExpr().(LogicalOrExpr).getAnOperand() = node1.asExpr().getExpr() } } } @@ -372,10 +378,9 @@ module StoredXss { private class OrmFieldAsSource extends Source instanceof DataFlow2::CallNode { OrmFieldAsSource() { - exists(OrmTracking::Configuration subConfig, DataFlow2::CallNode subSrc, MethodCall call | - subConfig.hasFlow(subSrc, this) and - call = this.asExpr().getExpr() and - subSrc.(OrmInstantiation).methodCallMayAccessField(call.getMethodName()) + exists(OrmTracking::Configuration subConfig, DataFlow2::CallNode subSrc | + subConfig.hasFlow(subSrc, this.getReceiver()) and + subSrc.(OrmInstantiation).methodCallMayAccessField(this.getMethodName()) ) } } diff --git a/ruby/ql/lib/codeql/ruby/security/regexp/ExponentialBackTracking.qll b/ruby/ql/lib/codeql/ruby/security/regexp/ExponentialBackTracking.qll index d006837466b..4a608890249 100644 --- a/ruby/ql/lib/codeql/ruby/security/regexp/ExponentialBackTracking.qll +++ b/ruby/ql/lib/codeql/ruby/security/regexp/ExponentialBackTracking.qll @@ -202,7 +202,7 @@ private predicate isFork(State q, InputSymbol s1, InputSymbol s2, State r1, Stat // // We additionally require that the there exists another InfiniteRepetitionQuantifier `mid` on the path from `q` to itself. // This is done to avoid flagging regular expressions such as `/(a?)*b/` - that only has polynomial runtime, and is detected by `js/polynomial-redos`. - // The below code is therefore a heuritic, that only flags regular expressions such as `/(a*)*b/`, + // The below code is therefore a heuristic, that only flags regular expressions such as `/(a*)*b/`, // and does not flag regular expressions such as `/(a?b?)c/`, but the latter pattern is not used frequently. r1 = r2 and q1 = q2 and diff --git a/ruby/ql/lib/codeql/ruby/security/regexp/NfaUtils.qll b/ruby/ql/lib/codeql/ruby/security/regexp/NfaUtils.qll index 5112bdad11e..a6e4db6764e 100644 --- a/ruby/ql/lib/codeql/ruby/security/regexp/NfaUtils.qll +++ b/ruby/ql/lib/codeql/ruby/security/regexp/NfaUtils.qll @@ -59,8 +59,8 @@ predicate matchesEpsilon(RegExpTerm t) { /** * A lookahead/lookbehind that matches the empty string. */ -class EmptyPositiveSubPatttern extends RegExpSubPattern { - EmptyPositiveSubPatttern() { +class EmptyPositiveSubPattern extends RegExpSubPattern { + EmptyPositiveSubPattern() { ( this instanceof RegExpPositiveLookahead or @@ -70,6 +70,9 @@ class EmptyPositiveSubPatttern extends RegExpSubPattern { } } +/** DEPRECATED: Use `EmptyPositiveSubPattern` instead. */ +deprecated class EmptyPositiveSubPatttern = EmptyPositiveSubPattern; + /** * A branch in a disjunction that is the root node in a literal, or a literal * whose root node is not a disjunction. @@ -133,7 +136,7 @@ private predicate isCanonicalTerm(RelevantRegExpTerm term, string str) { } /** - * Gets a string reperesentation of the flags used with the regular expression. + * Gets a string representation of the flags used with the regular expression. * Only the flags that are relevant for the canonicalization are included. */ string getCanonicalizationFlags(RegExpTerm root) { @@ -334,7 +337,7 @@ private module CharacterClasses { ) } - private string lowercaseLetter() { result = "abdcefghijklmnopqrstuvwxyz".charAt(_) } + private string lowercaseLetter() { result = "abcdefghijklmnopqrstuvwxyz".charAt(_) } private string upperCaseLetter() { result = "ABCDEFGHIJKLMNOPQRSTUVWXYZ".charAt(_) } @@ -697,9 +700,7 @@ predicate delta(State q1, EdgeLabel lbl, State q2) { lbl = Epsilon() and q2 = Accept(getRoot(dollar)) ) or - exists(EmptyPositiveSubPatttern empty | q1 = before(empty) | - lbl = Epsilon() and q2 = after(empty) - ) + exists(EmptyPositiveSubPattern empty | q1 = before(empty) | lbl = Epsilon() and q2 = after(empty)) } /** @@ -1028,7 +1029,7 @@ module ReDoSPruning { * as the suffix "X" will cause both the regular expressions to be rejected. * * The string `w` is repeated any number of times because it needs to be - * infinitely repeatedable for the attack to work. + * infinitely repeatable for the attack to work. * For the regular expression `/((ab)+)*abab/` the accepting state is not reachable from the fork * using epsilon transitions. But any attempt at repeating `w` will end in a state that accepts all suffixes. */ diff --git a/ruby/ql/lib/codeql/ruby/security/regexp/NfaUtilsSpecific.qll b/ruby/ql/lib/codeql/ruby/security/regexp/NfaUtilsSpecific.qll index 4a43b838dee..821586b1f90 100644 --- a/ruby/ql/lib/codeql/ruby/security/regexp/NfaUtilsSpecific.qll +++ b/ruby/ql/lib/codeql/ruby/security/regexp/NfaUtilsSpecific.qll @@ -7,7 +7,7 @@ import codeql.Locations private import codeql.ruby.ast.Literal as Ast /** - * Holds if `term` is an ecape class representing e.g. `\d`. + * Holds if `term` is an escape class representing e.g. `\d`. * `clazz` is which character class it represents, e.g. "d" for `\d`. */ predicate isEscapeClass(RegExpTerm term, string clazz) { diff --git a/ruby/ql/lib/codeql/ruby/security/regexp/PolynomialReDoSCustomizations.qll b/ruby/ql/lib/codeql/ruby/security/regexp/PolynomialReDoSCustomizations.qll index 5e870ac4fd3..8c05642fc83 100644 --- a/ruby/ql/lib/codeql/ruby/security/regexp/PolynomialReDoSCustomizations.qll +++ b/ruby/ql/lib/codeql/ruby/security/regexp/PolynomialReDoSCustomizations.qll @@ -106,6 +106,18 @@ module PolynomialReDoS { regexp.asExpr() = call.getReceiver() and this.asExpr() = call.getArgument(0) ) + or + // a case-when statement + exists(CfgNodes::ExprNodes::CaseExprCfgNode caseWhen | + matchNode.asExpr() = caseWhen and + this.asExpr() = caseWhen.getValue() + | + regexp.asExpr() = + caseWhen.getBranch(_).(CfgNodes::ExprNodes::WhenClauseCfgNode).getPattern(_) + or + regexp.asExpr() = + caseWhen.getBranch(_).(CfgNodes::ExprNodes::InClauseCfgNode).getPattern() + ) ) ) } diff --git a/ruby/ql/lib/codeql/ruby/security/regexp/RegexpMatching.qll b/ruby/ql/lib/codeql/ruby/security/regexp/RegexpMatching.qll index 07dbc41957f..e2c75ff980b 100644 --- a/ruby/ql/lib/codeql/ruby/security/regexp/RegexpMatching.qll +++ b/ruby/ql/lib/codeql/ruby/security/regexp/RegexpMatching.qll @@ -1,5 +1,5 @@ /** - * Provides precicates for reasoning about which strings are matched by a regular expression, + * Provides predicates for reasoning about which strings are matched by a regular expression, * and for testing which capture groups are filled when a particular regexp matches a string. */ diff --git a/ruby/ql/lib/codeql/ruby/security/regexp/SuperlinearBackTracking.qll b/ruby/ql/lib/codeql/ruby/security/regexp/SuperlinearBackTracking.qll index c818e89ffa6..14a69dc0644 100644 --- a/ruby/ql/lib/codeql/ruby/security/regexp/SuperlinearBackTracking.qll +++ b/ruby/ql/lib/codeql/ruby/security/regexp/SuperlinearBackTracking.qll @@ -76,7 +76,7 @@ class StateTuple extends TStateTuple { StateTuple() { this = MkStateTuple(q1, q2, q3) } /** - * Gest a string repesentation of this tuple. + * Gest a string representation of this tuple. */ string toString() { result = "(" + q1 + ", " + q2 + ", " + q3 + ")" } diff --git a/ruby/ql/lib/codeql/ruby/typetracking/TypeTracker.qll b/ruby/ql/lib/codeql/ruby/typetracking/TypeTracker.qll index 1ada143a475..52807799c2c 100644 --- a/ruby/ql/lib/codeql/ruby/typetracking/TypeTracker.qll +++ b/ruby/ql/lib/codeql/ruby/typetracking/TypeTracker.qll @@ -186,7 +186,7 @@ private module Cached { jumpStep(nodeFrom, nodeTo) and summary = JumpStep() or - levelStep(nodeFrom, nodeTo) and + levelStepNoCall(nodeFrom, nodeTo) and summary = LevelStep() or exists(TypeTrackerContent content | @@ -216,6 +216,9 @@ private module Cached { or returnStep(nodeFrom, nodeTo) and summary = ReturnStep() + or + levelStepCall(nodeFrom, nodeTo) and + summary = LevelStep() } } diff --git a/ruby/ql/lib/codeql/ruby/typetracking/TypeTrackerSpecific.qll b/ruby/ql/lib/codeql/ruby/typetracking/TypeTrackerSpecific.qll index c6579d56f4c..1c636c6987f 100644 --- a/ruby/ql/lib/codeql/ruby/typetracking/TypeTrackerSpecific.qll +++ b/ruby/ql/lib/codeql/ruby/typetracking/TypeTrackerSpecific.qll @@ -76,20 +76,28 @@ predicate simpleLocalFlowStep = DataFlowPrivate::localFlowStepTypeTracker/2; */ predicate jumpStep = DataFlowPrivate::jumpStep/2; -/** - * Holds if there is a summarized local flow step from `nodeFrom` to `nodeTo`, - * because there is direct flow from a parameter to a return. That is, summarized - * steps are not applied recursively. - */ +/** Holds if there is direct flow from `param` to a return. */ pragma[nomagic] -private predicate summarizedLocalStep(Node nodeFrom, Node nodeTo) { - exists(DataFlowPublic::ParameterNode param, DataFlowPrivate::ReturningNode returnNode | +private predicate flowThrough(DataFlowPublic::ParameterNode param) { + exists(DataFlowPrivate::ReturningNode returnNode | DataFlowPrivate::LocalFlow::getParameterDefNode(param.getParameter()) .(TypeTrackingNode) - .flowsTo(returnNode) and + .flowsTo(returnNode) + ) +} + +/** Holds if there is a level step from `nodeFrom` to `nodeTo`, which may depend on the call graph. */ +pragma[nomagic] +predicate levelStepCall(Node nodeFrom, Node nodeTo) { + exists(DataFlowPublic::ParameterNode param | + flowThrough(param) and callStep(nodeTo.asExpr(), nodeFrom, param) ) - or +} + +/** Holds if there is a level step from `nodeFrom` to `nodeTo`, which does not depend on the call graph. */ +pragma[nomagic] +predicate levelStepNoCall(Node nodeFrom, Node nodeTo) { exists( SummarizedCallable callable, DataFlowPublic::CallNode call, SummaryComponentStack input, SummaryComponentStack output @@ -99,10 +107,65 @@ private predicate summarizedLocalStep(Node nodeFrom, Node nodeTo) { nodeFrom = evaluateSummaryComponentStackLocal(callable, call, input) and nodeTo = evaluateSummaryComponentStackLocal(callable, call, output) ) + or + localFieldStep(nodeFrom, nodeTo) } -/** Holds if there is a level step from `nodeFrom` to `nodeTo`. */ -predicate levelStep(Node nodeFrom, Node nodeTo) { summarizedLocalStep(nodeFrom, nodeTo) } +/** + * Gets a method of `mod`, with `instance` indicating if this is an instance method. + * + * Does not take inheritance or the various forms of inclusion into account. + */ +pragma[nomagic] +private MethodBase getAMethod(ModuleBase mod, boolean instance) { + not mod instanceof SingletonClass and + result = mod.getAMethod() and + if result instanceof SingletonMethod then instance = false else instance = true + or + exists(SingletonClass cls | + cls.getValue().(SelfVariableAccess).getVariable().getDeclaringScope() = mod and + result = cls.getAMethod().(Method) and + instance = false + ) +} + +/** + * Gets a value flowing into `field` in `mod`, with `instance` indicating if it's + * a field on an instance of `mod` (as opposed to the module object itself). + */ +pragma[nomagic] +private Node fieldPredecessor(ModuleBase mod, boolean instance, string field) { + exists(InstanceVariableWriteAccess access, AssignExpr assign | + access.getReceiver().getVariable().getDeclaringScope() = getAMethod(mod, instance) and + field = access.getVariable().getName() and + assign.getLeftOperand() = access and + result.asExpr().getExpr() = assign.getRightOperand() + ) +} + +/** + * Gets a reference to `field` in `mod`, with `instance` indicating if it's + * a field on an instance of `mod` (as opposed to the module object itself). + */ +pragma[nomagic] +private Node fieldSuccessor(ModuleBase mod, boolean instance, string field) { + exists(InstanceVariableReadAccess access | + access.getReceiver().getVariable().getDeclaringScope() = getAMethod(mod, instance) and + result.asExpr().getExpr() = access and + field = access.getVariable().getName() + ) +} + +/** + * Holds if `pred -> succ` should be used a level step, from a field assignment to + * a read within the same class. + */ +private predicate localFieldStep(Node pred, Node succ) { + exists(ModuleBase mod, boolean instance, string field | + pred = fieldPredecessor(mod, instance, field) and + succ = fieldSuccessor(mod, instance, field) + ) +} pragma[noinline] private predicate argumentPositionMatch( @@ -325,9 +388,18 @@ private predicate hasStoreSummary( SummarizedCallable callable, DataFlow::ContentSet contents, SummaryComponentStack input, SummaryComponentStack output ) { - callable.propagatesFlow(input, push(SummaryComponent::content(contents), output), true) and not isNonLocal(input.head()) and - not isNonLocal(output.head()) + not isNonLocal(output.head()) and + ( + callable.propagatesFlow(input, push(SummaryComponent::content(contents), output), true) + or + // Allow the input to start with an arbitrary WithoutContent[X]. + // Since type-tracking only tracks one content deep, and we're about to store into another content, + // we're already preventing the input from being in a content. + callable + .propagatesFlow(push(SummaryComponent::withoutContent(_), input), + push(SummaryComponent::content(contents), output), true) + ) } pragma[nomagic] @@ -460,6 +532,9 @@ private predicate dependsOnSummaryComponentStack( callable.propagatesFlow(stack, _, true) or callable.propagatesFlow(_, stack, true) + or + // include store summaries as they may skip an initial step at the input + hasStoreSummary(callable, _, stack, _) ) or dependsOnSummaryComponentStackCons(callable, _, stack) diff --git a/ruby/ql/src/CHANGELOG.md b/ruby/ql/src/CHANGELOG.md index 6792b3e61c0..2a56b40f7a9 100644 --- a/ruby/ql/src/CHANGELOG.md +++ b/ruby/ql/src/CHANGELOG.md @@ -23,7 +23,7 @@ ### New Queries -* Added a new query, `rb/log-inection`, to detect cases where a malicious user may be able to forge log entries. +* Added a new query, `rb/log-injection`, to detect cases where a malicious user may be able to forge log entries. * Added a new query, `rb/incomplete-multi-character-sanitization`. The query finds string transformations that do not replace all occurrences of a multi-character substring. @@ -119,7 +119,7 @@ ### New Queries * A new query (`rb/request-forgery`) has been added. The query finds HTTP requests made with user-controlled URLs. -* A new query (`rb/csrf-protection-disabled`) has been added. The query finds cases where cross-site forgery protection is explictly disabled. +* A new query (`rb/csrf-protection-disabled`) has been added. The query finds cases where cross-site forgery protection is explicitly disabled. ### Query Metadata Changes diff --git a/ruby/ql/src/change-notes/2022-09-10-sensitive-get-query.md b/ruby/ql/src/change-notes/2022-09-10-sensitive-get-query.md new file mode 100644 index 00000000000..9d51950d1e4 --- /dev/null +++ b/ruby/ql/src/change-notes/2022-09-10-sensitive-get-query.md @@ -0,0 +1,4 @@ +--- +category: newQuery +--- +* Added a new query, `rb/sensitive-get-query`, to detect cases where sensitive data is read from the query parameters of an HTTP `GET` request. diff --git a/ruby/ql/src/change-notes/2022-10-06-non-constant-kernel-open.md b/ruby/ql/src/change-notes/2022-10-06-non-constant-kernel-open.md new file mode 100644 index 00000000000..b64f3930555 --- /dev/null +++ b/ruby/ql/src/change-notes/2022-10-06-non-constant-kernel-open.md @@ -0,0 +1,4 @@ +--- +category: newQuery +--- +* Added a new query, `rb/non-constant-kernel-open`, to detect uses of Kernel.open and related methods with non-constant values. \ No newline at end of file diff --git a/ruby/ql/src/change-notes/2022-10-12-rails-render-file.md b/ruby/ql/src/change-notes/2022-10-12-rails-render-file.md new file mode 100644 index 00000000000..2801a999279 --- /dev/null +++ b/ruby/ql/src/change-notes/2022-10-12-rails-render-file.md @@ -0,0 +1,4 @@ +--- +category: minorAnalysis +--- +* The `rb/path-injection` query now treats the `file:` argument of the Rails `render` method as a sink. diff --git a/ruby/ql/src/change-notes/2022-10-14-actiondispatch-response.md b/ruby/ql/src/change-notes/2022-10-14-actiondispatch-response.md new file mode 100644 index 00000000000..850b853eabe --- /dev/null +++ b/ruby/ql/src/change-notes/2022-10-14-actiondispatch-response.md @@ -0,0 +1,5 @@ +--- +category: minorAnalysis +--- +* HTTP response header and body writes via `ActionDispatch::Response` are now + recognized. diff --git a/ruby/ql/src/change-notes/released/0.0.4.md b/ruby/ql/src/change-notes/released/0.0.4.md index e406cd11ae8..7a5116b2ee9 100644 --- a/ruby/ql/src/change-notes/released/0.0.4.md +++ b/ruby/ql/src/change-notes/released/0.0.4.md @@ -3,7 +3,7 @@ ### New Queries * A new query (`rb/request-forgery`) has been added. The query finds HTTP requests made with user-controlled URLs. -* A new query (`rb/csrf-protection-disabled`) has been added. The query finds cases where cross-site forgery protection is explictly disabled. +* A new query (`rb/csrf-protection-disabled`) has been added. The query finds cases where cross-site forgery protection is explicitly disabled. ### Query Metadata Changes diff --git a/ruby/ql/src/change-notes/released/0.3.3.md b/ruby/ql/src/change-notes/released/0.3.3.md index 5364fab9428..9891376e73c 100644 --- a/ruby/ql/src/change-notes/released/0.3.3.md +++ b/ruby/ql/src/change-notes/released/0.3.3.md @@ -2,7 +2,7 @@ ### New Queries -* Added a new query, `rb/log-inection`, to detect cases where a malicious user may be able to forge log entries. +* Added a new query, `rb/log-injection`, to detect cases where a malicious user may be able to forge log entries. * Added a new query, `rb/incomplete-multi-character-sanitization`. The query finds string transformations that do not replace all occurrences of a multi-character substring. diff --git a/ruby/ql/src/experimental/manually-check-http-verb/ManuallyCheckHttpVerb.ql b/ruby/ql/src/experimental/manually-check-http-verb/ManuallyCheckHttpVerb.ql index a452889a663..7a98e0cecb0 100644 --- a/ruby/ql/src/experimental/manually-check-http-verb/ManuallyCheckHttpVerb.ql +++ b/ruby/ql/src/experimental/manually-check-http-verb/ManuallyCheckHttpVerb.ql @@ -1,6 +1,6 @@ /** * @name Manually checking http verb instead of using built in rails routes and protections - * @description Manually checking HTTP verbs is an indication that multiple requests are routed to the same controller action. This could lead to bypassing necessary authorization methods and other protections, like CSRF protection. Prefer using different controller actions for each HTTP method and relying Rails routing to handle mappting resources and verbs to specific methods. + * @description Manually checking HTTP verbs is an indication that multiple requests are routed to the same controller action. This could lead to bypassing necessary authorization methods and other protections, like CSRF protection. Prefer using different controller actions for each HTTP method and relying Rails routing to handle mapping resources and verbs to specific methods. * @kind path-problem * @problem.severity error * @security-severity 5.0 @@ -93,4 +93,4 @@ class HttpVerbConfig extends TaintTracking::Configuration { from HttpVerbConfig config, DataFlow::PathNode source, DataFlow::PathNode sink where config.hasFlowPath(source, sink) select sink.getNode(), source, sink, - "Manually checking HTTP verbs is an indication that multiple requests are routed to the same controller action. This could lead to bypassing necessary authorization methods and other protections, like CSRF protection. Prefer using different controller actions for each HTTP method and relying Rails routing to handle mappting resources and verbs to specific methods." + "Manually checking HTTP verbs is an indication that multiple requests are routed to the same controller action. This could lead to bypassing necessary authorization methods and other protections, like CSRF protection. Prefer using different controller actions for each HTTP method and relying Rails routing to handle mapping resources and verbs to specific methods." diff --git a/ruby/ql/src/queries/security/cwe-078/KernelOpen.inc.qhelp b/ruby/ql/src/queries/security/cwe-078/KernelOpen.inc.qhelp new file mode 100644 index 00000000000..eea2281cc4a --- /dev/null +++ b/ruby/ql/src/queries/security/cwe-078/KernelOpen.inc.qhelp @@ -0,0 +1,46 @@ + + + +

    If Kernel.open is given a file name that starts with a | +character, it will execute the remaining string as a shell command. If a +malicious user can control the file name, they can execute arbitrary code. +The same vulnerability applies to IO.read. +

    + +     + + +

    Use File.open instead of Kernel.open, as the former +does not have this vulnerability. Similarly, use File.read instead +of IO.read.

    + +     + + +

    +The following example shows code that calls Kernel.open on a +user-supplied file path. +

    + + + +

    Instead, File.open should be used, as in the following example.

    + + + +     + + +
  • +OWASP: +Command Injection. +
    • + +
  • +Example CVE: Command Injection in RDoc. +
    • + +     +     diff --git a/ruby/ql/src/queries/security/cwe-078/KernelOpen.qhelp b/ruby/ql/src/queries/security/cwe-078/KernelOpen.qhelp index eea2281cc4a..304aefcfbb2 100644 --- a/ruby/ql/src/queries/security/cwe-078/KernelOpen.qhelp +++ b/ruby/ql/src/queries/security/cwe-078/KernelOpen.qhelp @@ -1,46 +1,4 @@ - + - -

    If Kernel.open is given a file name that starts with a | -character, it will execute the remaining string as a shell command. If a -malicious user can control the file name, they can execute arbitrary code. -The same vulnerability applies to IO.read. -

    - -     - - -

    Use File.open instead of Kernel.open, as the former -does not have this vulnerability. Similarly, use File.read instead -of IO.read.

    - -     - - -

    -The following example shows code that calls Kernel.open on a -user-supplied file path. -

    - - - -

    Instead, File.open should be used, as in the following example.

    - - - -     - - -
  • -OWASP: -Command Injection. -
    • - -
  • -Example CVE: Command Injection in RDoc. -
    • - -     -     + + \ No newline at end of file diff --git a/ruby/ql/src/queries/security/cwe-078/KernelOpen.ql b/ruby/ql/src/queries/security/cwe-078/KernelOpen.ql index e2390944c1e..6e03bcb06c2 100644 --- a/ruby/ql/src/queries/security/cwe-078/KernelOpen.ql +++ b/ruby/ql/src/queries/security/cwe-078/KernelOpen.ql @@ -1,5 +1,5 @@ /** - * @name Use of `Kernel.open` or `IO.read` + * @name Use of `Kernel.open` or `IO.read` with user-controlled input * @description Using `Kernel.open` or `IO.read` may allow a malicious * user to execute arbitrary system commands. * @kind path-problem @@ -14,39 +14,12 @@ * external/cwe/cwe-073 */ -import codeql.ruby.AST -import codeql.ruby.ApiGraphs -import codeql.ruby.frameworks.core.Kernel::Kernel -import codeql.ruby.TaintTracking -import codeql.ruby.dataflow.BarrierGuards -import codeql.ruby.dataflow.RemoteFlowSources import codeql.ruby.DataFlow +import codeql.ruby.TaintTracking +import codeql.ruby.dataflow.RemoteFlowSources +import codeql.ruby.dataflow.BarrierGuards import DataFlow::PathGraph - -/** - * A method call that has a suggested replacement. - */ -abstract class Replacement extends DataFlow::CallNode { - abstract string getFrom(); - - abstract string getTo(); -} - -class KernelOpenCall extends KernelMethodCall, Replacement { - KernelOpenCall() { this.getMethodName() = "open" } - - override string getFrom() { result = "Kernel.open" } - - override string getTo() { result = "File.open" } -} - -class IOReadCall extends DataFlow::CallNode, Replacement { - IOReadCall() { this = API::getTopLevelMember("IO").getAMethodCall("read") } - - override string getFrom() { result = "IO.read" } - - override string getTo() { result = "File.read" } -} +import codeql.ruby.security.KernelOpenQuery class Configuration extends TaintTracking::Configuration { Configuration() { this = "KernelOpen" } @@ -54,9 +27,7 @@ class Configuration extends TaintTracking::Configuration { override predicate isSource(DataFlow::Node source) { source instanceof RemoteFlowSource } override predicate isSink(DataFlow::Node sink) { - exists(KernelOpenCall c | c.getArgument(0) = sink) - or - exists(IOReadCall c | c.getArgument(0) = sink) + sink = any(AmbiguousPathCall r).getPathArgument() } override predicate isSanitizer(DataFlow::Node node) { @@ -73,5 +44,6 @@ where sourceNode = source.getNode() and call.getArgument(0) = sink.getNode() select sink.getNode(), source, sink, - "This call to " + call.(Replacement).getFrom() + " depends on a $@. Replace it with " + - call.(Replacement).getTo() + ".", source.getNode(), "user-provided value" + "This call to " + call.(AmbiguousPathCall).getName() + + " depends on a $@. Consider replacing it with " + call.(AmbiguousPathCall).getReplacement() + + ".", source.getNode(), "user-provided value" diff --git a/ruby/ql/src/queries/security/cwe-078/NonConstantKernelOpen.qhelp b/ruby/ql/src/queries/security/cwe-078/NonConstantKernelOpen.qhelp new file mode 100644 index 00000000000..304aefcfbb2 --- /dev/null +++ b/ruby/ql/src/queries/security/cwe-078/NonConstantKernelOpen.qhelp @@ -0,0 +1,4 @@ + + + + \ No newline at end of file diff --git a/ruby/ql/src/queries/security/cwe-078/NonConstantKernelOpen.ql b/ruby/ql/src/queries/security/cwe-078/NonConstantKernelOpen.ql new file mode 100644 index 00000000000..da490fd9ae3 --- /dev/null +++ b/ruby/ql/src/queries/security/cwe-078/NonConstantKernelOpen.ql @@ -0,0 +1,29 @@ +/** + * @name Use of `Kernel.open` or `IO.read` with a non-constant value + * @description Using `Kernel.open` or `IO.read` may allow a malicious + * user to execute arbitrary system commands. + * @kind problem + * @problem.severity warning + * @security-severity 6.5 + * @precision high + * @id rb/non-constant-kernel-open + * @tags correctness + * security + * external/cwe/cwe-078 + * external/cwe/cwe-088 + * external/cwe/cwe-073 + */ + +import codeql.ruby.security.KernelOpenQuery +import codeql.ruby.ast.Literal + +from AmbiguousPathCall call +where + // there is not a constant string argument + not exists(call.getPathArgument().asExpr().getExpr().getConstantValue()) and + // if it's a format string, then the first argument is not a constant string + not call.getPathArgument().getALocalSource().asExpr().getExpr().(StringLiteral).getComponent(0) + instanceof StringTextComponent +select call, + "Call to " + call.getName() + " with a non-constant value. Consider replacing it with " + + call.getReplacement() + "." diff --git a/ruby/ql/src/queries/security/cwe-502/UnsafeDeserialization.qhelp b/ruby/ql/src/queries/security/cwe-502/UnsafeDeserialization.qhelp index c720cd78745..406ba24935b 100644 --- a/ruby/ql/src/queries/security/cwe-502/UnsafeDeserialization.qhelp +++ b/ruby/ql/src/queries/security/cwe-502/UnsafeDeserialization.qhelp @@ -12,7 +12,7 @@ to execute arbitrary code.

    Avoid deserialization of untrusted data if possible. If the architecture permits -it, use serialization formats that cannot represent arbitarary objects. For +it, use serialization formats that cannot represent arbitrary objects. For libraries that support it, such as the Ruby standard library's JSON module, ensure that the parser is configured to disable deserialization of arbitrary objects. diff --git a/ruby/ql/src/queries/security/cwe-598/SensitiveGetQuery.qhelp b/ruby/ql/src/queries/security/cwe-598/SensitiveGetQuery.qhelp new file mode 100644 index 00000000000..d066402efc8 --- /dev/null +++ b/ruby/ql/src/queries/security/cwe-598/SensitiveGetQuery.qhelp @@ -0,0 +1,43 @@ + + + +

    +Sensitive information such as passwords should not be transmitted within the query string of the requested URL. +Sensitive information within URLs may be logged in various locations, including the user's browser, the web server, +and any proxy servers between the two endpoints. URLs may also be displayed on-screen, bookmarked +or emailed around by users. They may be disclosed to third parties via the Referer header when any off-site links are +followed. Placing sensitive information into the URL therefore increases the risk that it will be captured by an attacker. +

    + + + +

    +Use HTTP POST to send sensitive information as part of the request body; for example, as form data. +

    +     + + +

    +The following example shows two route handlers that both receive a username and a password. +The first receives this sensitive information from the query parameters of a GET request, which is +transmitted in the URL. The second receives this sensitive information from the request body of a POST request. +

    + + +     + + +
  • + CWE: + CWE-598: Use of GET Request Method with Sensitive Query Strings +
    • +
  • + PortSwigger (Burp): + Password Submitted using GET Method +
    • +
  • + OWASP: + Information Exposure through Query Strings in URL +
    • +     + diff --git a/ruby/ql/src/queries/security/cwe-598/SensitiveGetQuery.ql b/ruby/ql/src/queries/security/cwe-598/SensitiveGetQuery.ql new file mode 100644 index 00000000000..ba3faf3fcae --- /dev/null +++ b/ruby/ql/src/queries/security/cwe-598/SensitiveGetQuery.ql @@ -0,0 +1,23 @@ +/** + * @name Sensitive data read from GET request + * @description Placing sensitive data in a GET request increases the risk of + * the data being exposed to an attacker. + * @kind path-problem + * @problem.severity warning + * @security-severity 6.5 + * @precision high + * @id rb/sensitive-get-query + * @tags security + * external/cwe/cwe-598 + */ + +import ruby +import DataFlow::PathGraph +import codeql.ruby.security.SensitiveGetQueryQuery +import codeql.ruby.security.SensitiveActions + +from DataFlow::PathNode source, DataFlow::PathNode sink, SensitiveGetQuery::Configuration config +where config.hasFlowPath(source, sink) +select source.getNode(), source, sink, + "$@ for GET requests uses query parameter as sensitive data.", + source.getNode().(SensitiveGetQuery::Source).getHandler(), "Route handler" diff --git a/ruby/ql/src/queries/security/cwe-598/examples/routes.rb b/ruby/ql/src/queries/security/cwe-598/examples/routes.rb new file mode 100644 index 00000000000..74370fe3bbb --- /dev/null +++ b/ruby/ql/src/queries/security/cwe-598/examples/routes.rb @@ -0,0 +1,4 @@ +Rails.application.routes.draw do + get "users/login", to: "#login_get" # BAD: sensitive data transmitted through query parameters + post "users/login", to: "users#login_post" # GOOD: sensitive data transmitted in the request body +end diff --git a/ruby/ql/src/queries/security/cwe-598/examples/users_controller.rb b/ruby/ql/src/queries/security/cwe-598/examples/users_controller.rb new file mode 100644 index 00000000000..ab720ba174d --- /dev/null +++ b/ruby/ql/src/queries/security/cwe-598/examples/users_controller.rb @@ -0,0 +1,16 @@ +class UsersController < ActionController::Base + def login_get + password = params[:password] + authenticate_user(params[:username], password) + end + + def login_post + password = params[:password] + authenticate_user(params[:username], password) + end + + private + def authenticate_user(username, password) + # ... authenticate the user here + end +end diff --git a/ruby/ql/src/queries/security/cwe-829/InsecureDownload.qhelp b/ruby/ql/src/queries/security/cwe-829/InsecureDownload.qhelp index 7c4d6131568..44726e36aa9 100644 --- a/ruby/ql/src/queries/security/cwe-829/InsecureDownload.qhelp +++ b/ruby/ql/src/queries/security/cwe-829/InsecureDownload.qhelp @@ -4,7 +4,7 @@

    - Downloading executeables or other sensitive files over an unencrypted connection + Downloading executables or other sensitive files over an unencrypted connection can leave a server open to man-in-the-middle attacks (MITM). Such an attack can allow an attacker to insert arbitrary content into the downloaded file, and in the worst case, allow the attacker to execute diff --git a/ruby/ql/test/library-tests/controlflow/graph/Cfg.expected b/ruby/ql/test/library-tests/controlflow/graph/Cfg.expected index 57a5b8f86ed..2359eb2c24a 100644 --- a/ruby/ql/test/library-tests/controlflow/graph/Cfg.expected +++ b/ruby/ql/test/library-tests/controlflow/graph/Cfg.expected @@ -3696,7 +3696,7 @@ cfg.rb: #-----| -> exit filter_nil # 207| filter_nil -#-----| -> exit cfg.rb (normal) +#-----| -> self # 207| list #-----| -> list @@ -3733,6 +3733,35 @@ cfg.rb: # 209| call to nil? #-----| -> exit do ... end (normal) +# 213| call to do_something +#-----| -> exit cfg.rb (normal) + +# 213| self +#-----| -> do ... end + +# 213| do ... end +#-----| -> call to do_something + +# 213| enter do ... end +#-----| -> self + +# 213| exit do ... end + +# 213| exit do ... end (normal) +#-----| -> exit do ... end + +# 214| self +#-----| -> call to something + +# 214| call to something +#-----| -> self + +# 215| call to something_else +#-----| -> exit do ... end (normal) + +# 215| self +#-----| -> call to something_else + desugar.rb: # 1| enter m1 #-----| -> x diff --git a/ruby/ql/test/library-tests/controlflow/graph/Nodes.expected b/ruby/ql/test/library-tests/controlflow/graph/Nodes.expected index bb9863a10bd..b929f1fe965 100644 --- a/ruby/ql/test/library-tests/controlflow/graph/Nodes.expected +++ b/ruby/ql/test/library-tests/controlflow/graph/Nodes.expected @@ -44,6 +44,9 @@ callsWithNoArguments | cfg.rb:205:1:205:3 | call to foo | | cfg.rb:208:3:210:5 | call to reject | | cfg.rb:209:5:209:13 | call to nil? | +| cfg.rb:213:1:216:3 | call to do_something | +| cfg.rb:214:3:214:16 | call to something | +| cfg.rb:215:3:215:16 | call to something_else | | desugar.rb:6:3:6:7 | call to foo | | desugar.rb:10:3:10:7 | call to foo | | desugar.rb:14:3:14:7 | call to foo | diff --git a/ruby/ql/test/library-tests/controlflow/graph/cfg.rb b/ruby/ql/test/library-tests/controlflow/graph/cfg.rb index 602e6a8afa1..52a0ae87043 100644 --- a/ruby/ql/test/library-tests/controlflow/graph/cfg.rb +++ b/ruby/ql/test/library-tests/controlflow/graph/cfg.rb @@ -210,6 +210,11 @@ def filter_nil list end end +do_something do + self.something + something_else +end + __END__ Some ignored nonsense diff --git a/ruby/ql/test/library-tests/dataflow/array-flow/type-tracking-array-flow.expected b/ruby/ql/test/library-tests/dataflow/array-flow/type-tracking-array-flow.expected index 71bb4e3a406..959c0f9a56c 100644 --- a/ruby/ql/test/library-tests/dataflow/array-flow/type-tracking-array-flow.expected +++ b/ruby/ql/test/library-tests/dataflow/array-flow/type-tracking-array-flow.expected @@ -1,6 +1,3 @@ -| array_flow.rb:3:16:3:35 | # $ hasValueFlow=0.1 | Missing result:hasValueFlow=0.1 | -| array_flow.rb:5:16:5:35 | # $ hasValueFlow=0.1 | Missing result:hasValueFlow=0.1 | -| array_flow.rb:83:13:83:30 | # $ hasValueFlow=9 | Missing result:hasValueFlow=9 | | array_flow.rb:107:10:107:13 | ...[...] | Unexpected result: hasValueFlow=11.2 | | array_flow.rb:179:28:179:46 | # $ hasValueFlow=19 | Missing result:hasValueFlow=19 | | array_flow.rb:180:28:180:46 | # $ hasValueFlow=19 | Missing result:hasValueFlow=19 | diff --git a/ruby/ql/test/library-tests/dataflow/barrier-guards/barrier-guards.rb b/ruby/ql/test/library-tests/dataflow/barrier-guards/barrier-guards.rb index 47b96da22dd..bc9599fd926 100644 --- a/ruby/ql/test/library-tests/dataflow/barrier-guards/barrier-guards.rb +++ b/ruby/ql/test/library-tests/dataflow/barrier-guards/barrier-guards.rb @@ -85,7 +85,7 @@ else foo end -if foos.index(foo)r == nil +if foos.index(foo) == nil foo else foo diff --git a/ruby/ql/test/library-tests/dataflow/type-tracker/TypeTracker.expected b/ruby/ql/test/library-tests/dataflow/type-tracker/TypeTracker.expected index 81820cd5e74..d9625478cf9 100644 --- a/ruby/ql/test/library-tests/dataflow/type-tracker/TypeTracker.expected +++ b/ruby/ql/test/library-tests/dataflow/type-tracker/TypeTracker.expected @@ -16,11 +16,16 @@ track | type_tracker.rb:2:5:5:7 | self in field= | type tracker with call steps | type_tracker.rb:7:5:9:7 | self in field | | type_tracker.rb:2:5:5:7 | self in field= | type tracker without call steps | type_tracker.rb:2:5:5:7 | self in field= | | type_tracker.rb:2:16:2:18 | val | type tracker with call steps | type_tracker.rb:2:16:2:18 | val | +| type_tracker.rb:2:16:2:18 | val | type tracker with call steps | type_tracker.rb:8:9:8:14 | @field | | type_tracker.rb:2:16:2:18 | val | type tracker without call steps | type_tracker.rb:2:5:5:7 | return return in field= | | type_tracker.rb:2:16:2:18 | val | type tracker without call steps | type_tracker.rb:2:16:2:18 | val | | type_tracker.rb:2:16:2:18 | val | type tracker without call steps | type_tracker.rb:2:16:2:18 | val | | type_tracker.rb:2:16:2:18 | val | type tracker without call steps | type_tracker.rb:2:16:2:18 | val | +| type_tracker.rb:2:16:2:18 | val | type tracker without call steps | type_tracker.rb:3:14:3:23 | call to field | +| type_tracker.rb:2:16:2:18 | val | type tracker without call steps | type_tracker.rb:7:5:9:7 | return return in field | +| type_tracker.rb:2:16:2:18 | val | type tracker without call steps | type_tracker.rb:8:9:8:14 | @field | | type_tracker.rb:2:16:2:18 | val | type tracker without call steps | type_tracker.rb:14:5:14:13 | call to field= | +| type_tracker.rb:2:16:2:18 | val | type tracker without call steps | type_tracker.rb:15:10:15:18 | call to field | | type_tracker.rb:3:9:3:23 | call to puts | type tracker without call steps | type_tracker.rb:3:9:3:23 | call to puts | | type_tracker.rb:3:14:3:23 | call to field | type tracker without call steps | type_tracker.rb:3:14:3:23 | call to field | | type_tracker.rb:4:9:4:14 | @field | type tracker without call steps | type_tracker.rb:4:9:4:14 | @field | @@ -55,6 +60,7 @@ track | type_tracker.rb:14:5:14:13 | call to field= | type tracker without call steps | type_tracker.rb:14:5:14:13 | call to field= | | type_tracker.rb:14:17:14:23 | "hello" | type tracker with call steps | type_tracker.rb:2:16:2:18 | val | | type_tracker.rb:14:17:14:23 | "hello" | type tracker with call steps | type_tracker.rb:2:16:2:18 | val | +| type_tracker.rb:14:17:14:23 | "hello" | type tracker with call steps | type_tracker.rb:8:9:8:14 | @field | | type_tracker.rb:14:17:14:23 | "hello" | type tracker with call steps with content attribute field | type_tracker.rb:7:5:9:7 | self (field) | | type_tracker.rb:14:17:14:23 | "hello" | type tracker with call steps with content attribute field | type_tracker.rb:7:5:9:7 | self in field | | type_tracker.rb:14:17:14:23 | "hello" | type tracker without call steps | type_tracker.rb:14:5:14:13 | call to field= | @@ -368,11 +374,16 @@ trackEnd | type_tracker.rb:2:16:2:18 | val | type_tracker.rb:2:16:2:18 | val | | type_tracker.rb:2:16:2:18 | val | type_tracker.rb:2:16:2:18 | val | | type_tracker.rb:2:16:2:18 | val | type_tracker.rb:2:16:2:18 | val | +| type_tracker.rb:2:16:2:18 | val | type_tracker.rb:3:14:3:23 | call to field | | type_tracker.rb:2:16:2:18 | val | type_tracker.rb:4:9:4:20 | ... = ... | | type_tracker.rb:2:16:2:18 | val | type_tracker.rb:4:9:4:20 | ... = ... | | type_tracker.rb:2:16:2:18 | val | type_tracker.rb:4:18:4:20 | val | | type_tracker.rb:2:16:2:18 | val | type_tracker.rb:4:18:4:20 | val | +| type_tracker.rb:2:16:2:18 | val | type_tracker.rb:7:5:9:7 | return return in field | +| type_tracker.rb:2:16:2:18 | val | type_tracker.rb:8:9:8:14 | @field | +| type_tracker.rb:2:16:2:18 | val | type_tracker.rb:8:9:8:14 | @field | | type_tracker.rb:2:16:2:18 | val | type_tracker.rb:14:5:14:13 | call to field= | +| type_tracker.rb:2:16:2:18 | val | type_tracker.rb:15:10:15:18 | call to field | | type_tracker.rb:3:9:3:23 | call to puts | type_tracker.rb:3:9:3:23 | call to puts | | type_tracker.rb:3:14:3:23 | call to field | type_tracker.rb:3:14:3:23 | call to field | | type_tracker.rb:4:9:4:14 | @field | type_tracker.rb:4:9:4:14 | @field | @@ -424,6 +435,7 @@ trackEnd | type_tracker.rb:14:17:14:23 | "hello" | type_tracker.rb:2:16:2:18 | val | | type_tracker.rb:14:17:14:23 | "hello" | type_tracker.rb:4:9:4:20 | ... = ... | | type_tracker.rb:14:17:14:23 | "hello" | type_tracker.rb:4:18:4:20 | val | +| type_tracker.rb:14:17:14:23 | "hello" | type_tracker.rb:8:9:8:14 | @field | | type_tracker.rb:14:17:14:23 | "hello" | type_tracker.rb:14:5:14:13 | __synth__0 | | type_tracker.rb:14:17:14:23 | "hello" | type_tracker.rb:14:5:14:13 | call to field= | | type_tracker.rb:14:17:14:23 | "hello" | type_tracker.rb:14:5:14:23 | ... | diff --git a/ruby/ql/test/library-tests/frameworks/ActionController.expected b/ruby/ql/test/library-tests/frameworks/ActionController.expected index f5a5f703abf..89f9f8b797e 100644 --- a/ruby/ql/test/library-tests/frameworks/ActionController.expected +++ b/ruby/ql/test/library-tests/frameworks/ActionController.expected @@ -1,17 +1,19 @@ actionControllerControllerClasses +| action_controller/input_access.rb:1:1:50:3 | UsersController | | action_controller/params_flow.rb:1:1:151:3 | MyController | | active_record/ActiveRecord.rb:23:1:39:3 | FooController | | active_record/ActiveRecord.rb:41:1:64:3 | BarController | | active_record/ActiveRecord.rb:66:1:98:3 | BazController | | active_record/ActiveRecord.rb:100:1:108:3 | AnnotatedController | | active_storage/active_storage.rb:39:1:45:3 | PostsController | -| app/controllers/comments_controller.rb:1:1:7:3 | CommentsController | +| app/controllers/comments_controller.rb:1:1:40:3 | CommentsController | | app/controllers/foo/bars_controller.rb:3:1:46:3 | BarsController | | app/controllers/photos_controller.rb:1:1:4:3 | PhotosController | | app/controllers/posts_controller.rb:1:1:10:3 | PostsController | | app/controllers/tags_controller.rb:1:1:2:3 | TagsController | | app/controllers/users/notifications_controller.rb:2:3:5:5 | NotificationsController | actionControllerActionMethods +| action_controller/input_access.rb:2:3:49:5 | index | | action_controller/params_flow.rb:2:3:4:5 | m1 | | action_controller/params_flow.rb:6:3:8:5 | m2 | | action_controller/params_flow.rb:10:3:12:5 | m2 | @@ -59,8 +61,8 @@ actionControllerActionMethods | active_record/ActiveRecord.rb:101:3:103:5 | index | | active_record/ActiveRecord.rb:105:3:107:5 | unsafe_action | | active_storage/active_storage.rb:40:3:44:5 | create | -| app/controllers/comments_controller.rb:2:3:3:5 | index | -| app/controllers/comments_controller.rb:5:3:6:5 | show | +| app/controllers/comments_controller.rb:2:3:36:5 | index | +| app/controllers/comments_controller.rb:38:3:39:5 | show | | app/controllers/foo/bars_controller.rb:5:3:7:5 | index | | app/controllers/foo/bars_controller.rb:9:3:18:5 | show_debug | | app/controllers/foo/bars_controller.rb:20:3:24:5 | show | @@ -115,6 +117,7 @@ paramsCalls | action_controller/params_flow.rb:144:10:144:15 | call to params | | action_controller/params_flow.rb:145:32:145:37 | call to params | | action_controller/params_flow.rb:148:22:148:27 | call to params | +| action_mailer/mailer.rb:3:10:3:15 | call to params | | active_record/ActiveRecord.rb:28:30:28:35 | call to params | | active_record/ActiveRecord.rb:29:29:29:34 | call to params | | active_record/ActiveRecord.rb:30:31:30:36 | call to params | @@ -189,6 +192,7 @@ paramsSources | action_controller/params_flow.rb:144:10:144:15 | call to params | | action_controller/params_flow.rb:145:32:145:37 | call to params | | action_controller/params_flow.rb:148:22:148:27 | call to params | +| action_mailer/mailer.rb:3:10:3:15 | call to params | | active_record/ActiveRecord.rb:28:30:28:35 | call to params | | active_record/ActiveRecord.rb:29:29:29:34 | call to params | | active_record/ActiveRecord.rb:30:31:30:36 | call to params | @@ -220,6 +224,137 @@ paramsSources | app/controllers/foo/bars_controller.rb:21:21:21:26 | call to params | | app/controllers/foo/bars_controller.rb:22:10:22:15 | call to params | | app/views/foo/bars/show.html.erb:5:9:5:14 | call to params | +httpInputAccesses +| action_controller/input_access.rb:3:5:3:18 | call to params | ActionDispatch::Request#params | +| action_controller/input_access.rb:4:5:4:22 | call to parameters | ActionDispatch::Request#parameters | +| action_controller/input_access.rb:5:5:5:15 | call to GET | ActionDispatch::Request#GET | +| action_controller/input_access.rb:6:5:6:16 | call to POST | ActionDispatch::Request#POST | +| action_controller/input_access.rb:7:5:7:28 | call to query_parameters | ActionDispatch::Request#query_parameters | +| action_controller/input_access.rb:8:5:8:30 | call to request_parameters | ActionDispatch::Request#request_parameters | +| action_controller/input_access.rb:9:5:9:31 | call to filtered_parameters | ActionDispatch::Request#filtered_parameters | +| action_controller/input_access.rb:11:5:11:25 | call to authorization | ActionDispatch::Request#authorization | +| action_controller/input_access.rb:12:5:12:23 | call to script_name | ActionDispatch::Request#script_name | +| action_controller/input_access.rb:13:5:13:21 | call to path_info | ActionDispatch::Request#path_info | +| action_controller/input_access.rb:14:5:14:22 | call to user_agent | ActionDispatch::Request#user_agent | +| action_controller/input_access.rb:15:5:15:19 | call to referer | ActionDispatch::Request#referer | +| action_controller/input_access.rb:16:5:16:20 | call to referrer | ActionDispatch::Request#referrer | +| action_controller/input_access.rb:17:5:17:26 | call to host_authority | ActionDispatch::Request#host_authority | +| action_controller/input_access.rb:18:5:18:24 | call to content_type | ActionDispatch::Request#content_type | +| action_controller/input_access.rb:19:5:19:16 | call to host | ActionDispatch::Request#host | +| action_controller/input_access.rb:20:5:20:20 | call to hostname | ActionDispatch::Request#hostname | +| action_controller/input_access.rb:21:5:21:27 | call to accept_encoding | ActionDispatch::Request#accept_encoding | +| action_controller/input_access.rb:22:5:22:27 | call to accept_language | ActionDispatch::Request#accept_language | +| action_controller/input_access.rb:23:5:23:25 | call to if_none_match | ActionDispatch::Request#if_none_match | +| action_controller/input_access.rb:24:5:24:31 | call to if_none_match_etags | ActionDispatch::Request#if_none_match_etags | +| action_controller/input_access.rb:25:5:25:29 | call to content_mime_type | ActionDispatch::Request#content_mime_type | +| action_controller/input_access.rb:27:5:27:21 | call to authority | ActionDispatch::Request#authority | +| action_controller/input_access.rb:28:5:28:16 | call to host | ActionDispatch::Request#host | +| action_controller/input_access.rb:29:5:29:26 | call to host_authority | ActionDispatch::Request#host_authority | +| action_controller/input_access.rb:30:5:30:26 | call to host_with_port | ActionDispatch::Request#host_with_port | +| action_controller/input_access.rb:31:5:31:20 | call to hostname | ActionDispatch::Request#hostname | +| action_controller/input_access.rb:32:5:32:25 | call to forwarded_for | ActionDispatch::Request#forwarded_for | +| action_controller/input_access.rb:33:5:33:26 | call to forwarded_host | ActionDispatch::Request#forwarded_host | +| action_controller/input_access.rb:34:5:34:16 | call to port | ActionDispatch::Request#port | +| action_controller/input_access.rb:35:5:35:26 | call to forwarded_port | ActionDispatch::Request#forwarded_port | +| action_controller/input_access.rb:37:5:37:22 | call to media_type | ActionDispatch::Request#media_type | +| action_controller/input_access.rb:38:5:38:29 | call to media_type_params | ActionDispatch::Request#media_type_params | +| action_controller/input_access.rb:39:5:39:27 | call to content_charset | ActionDispatch::Request#content_charset | +| action_controller/input_access.rb:40:5:40:20 | call to base_url | ActionDispatch::Request#base_url | +| action_controller/input_access.rb:42:5:42:16 | call to body | ActionDispatch::Request#body | +| action_controller/input_access.rb:43:5:43:20 | call to raw_post | ActionDispatch::Request#raw_post | +| action_controller/input_access.rb:45:5:45:30 | ...[...] | ActionDispatch::Request#env[] | +| action_controller/input_access.rb:47:5:47:39 | ...[...] | ActionDispatch::Request#env[] | +| action_controller/params_flow.rb:3:10:3:15 | call to params | ActionController::Metal#params | +| action_controller/params_flow.rb:7:10:7:15 | call to params | ActionController::Metal#params | +| action_controller/params_flow.rb:11:10:11:15 | call to params | ActionController::Metal#params | +| action_controller/params_flow.rb:15:10:15:15 | call to params | ActionController::Metal#params | +| action_controller/params_flow.rb:19:10:19:15 | call to params | ActionController::Metal#params | +| action_controller/params_flow.rb:23:10:23:15 | call to params | ActionController::Metal#params | +| action_controller/params_flow.rb:27:10:27:15 | call to params | ActionController::Metal#params | +| action_controller/params_flow.rb:31:10:31:15 | call to params | ActionController::Metal#params | +| action_controller/params_flow.rb:35:10:35:15 | call to params | ActionController::Metal#params | +| action_controller/params_flow.rb:39:10:39:15 | call to params | ActionController::Metal#params | +| action_controller/params_flow.rb:43:10:43:15 | call to params | ActionController::Metal#params | +| action_controller/params_flow.rb:47:10:47:15 | call to params | ActionController::Metal#params | +| action_controller/params_flow.rb:51:10:51:15 | call to params | ActionController::Metal#params | +| action_controller/params_flow.rb:55:10:55:15 | call to params | ActionController::Metal#params | +| action_controller/params_flow.rb:59:10:59:15 | call to params | ActionController::Metal#params | +| action_controller/params_flow.rb:63:10:63:15 | call to params | ActionController::Metal#params | +| action_controller/params_flow.rb:67:10:67:15 | call to params | ActionController::Metal#params | +| action_controller/params_flow.rb:71:10:71:15 | call to params | ActionController::Metal#params | +| action_controller/params_flow.rb:75:10:75:15 | call to params | ActionController::Metal#params | +| action_controller/params_flow.rb:79:10:79:15 | call to params | ActionController::Metal#params | +| action_controller/params_flow.rb:83:10:83:15 | call to params | ActionController::Metal#params | +| action_controller/params_flow.rb:87:10:87:15 | call to params | ActionController::Metal#params | +| action_controller/params_flow.rb:91:10:91:15 | call to params | ActionController::Metal#params | +| action_controller/params_flow.rb:95:10:95:15 | call to params | ActionController::Metal#params | +| action_controller/params_flow.rb:99:10:99:15 | call to params | ActionController::Metal#params | +| action_controller/params_flow.rb:103:10:103:15 | call to params | ActionController::Metal#params | +| action_controller/params_flow.rb:107:10:107:15 | call to params | ActionController::Metal#params | +| action_controller/params_flow.rb:111:10:111:15 | call to params | ActionController::Metal#params | +| action_controller/params_flow.rb:112:23:112:28 | call to params | ActionController::Metal#params | +| action_controller/params_flow.rb:116:10:116:15 | call to params | ActionController::Metal#params | +| action_controller/params_flow.rb:117:31:117:36 | call to params | ActionController::Metal#params | +| action_controller/params_flow.rb:121:10:121:15 | call to params | ActionController::Metal#params | +| action_controller/params_flow.rb:122:31:122:36 | call to params | ActionController::Metal#params | +| action_controller/params_flow.rb:126:10:126:15 | call to params | ActionController::Metal#params | +| action_controller/params_flow.rb:127:24:127:29 | call to params | ActionController::Metal#params | +| action_controller/params_flow.rb:130:14:130:19 | call to params | ActionController::Metal#params | +| action_controller/params_flow.rb:135:10:135:15 | call to params | ActionController::Metal#params | +| action_controller/params_flow.rb:136:32:136:37 | call to params | ActionController::Metal#params | +| action_controller/params_flow.rb:139:22:139:27 | call to params | ActionController::Metal#params | +| action_controller/params_flow.rb:144:10:144:15 | call to params | ActionController::Metal#params | +| action_controller/params_flow.rb:145:32:145:37 | call to params | ActionController::Metal#params | +| action_controller/params_flow.rb:148:22:148:27 | call to params | ActionController::Metal#params | +| action_mailer/mailer.rb:3:10:3:15 | call to params | ActionController::Metal#params | +| active_record/ActiveRecord.rb:28:30:28:35 | call to params | ActionController::Metal#params | +| active_record/ActiveRecord.rb:29:29:29:34 | call to params | ActionController::Metal#params | +| active_record/ActiveRecord.rb:30:31:30:36 | call to params | ActionController::Metal#params | +| active_record/ActiveRecord.rb:32:21:32:26 | call to params | ActionController::Metal#params | +| active_record/ActiveRecord.rb:34:34:34:39 | call to params | ActionController::Metal#params | +| active_record/ActiveRecord.rb:35:23:35:28 | call to params | ActionController::Metal#params | +| active_record/ActiveRecord.rb:35:38:35:43 | call to params | ActionController::Metal#params | +| active_record/ActiveRecord.rb:43:10:43:15 | call to params | ActionController::Metal#params | +| active_record/ActiveRecord.rb:50:11:50:16 | call to params | ActionController::Metal#params | +| active_record/ActiveRecord.rb:54:12:54:17 | call to params | ActionController::Metal#params | +| active_record/ActiveRecord.rb:59:12:59:17 | call to params | ActionController::Metal#params | +| active_record/ActiveRecord.rb:62:15:62:20 | call to params | ActionController::Metal#params | +| active_record/ActiveRecord.rb:68:21:68:26 | call to params | ActionController::Metal#params | +| active_record/ActiveRecord.rb:72:18:72:23 | call to params | ActionController::Metal#params | +| active_record/ActiveRecord.rb:76:24:76:29 | call to params | ActionController::Metal#params | +| active_record/ActiveRecord.rb:76:49:76:54 | call to params | ActionController::Metal#params | +| active_record/ActiveRecord.rb:80:25:80:30 | call to params | ActionController::Metal#params | +| active_record/ActiveRecord.rb:80:50:80:55 | call to params | ActionController::Metal#params | +| active_record/ActiveRecord.rb:88:21:88:26 | call to params | ActionController::Metal#params | +| active_record/ActiveRecord.rb:92:27:92:32 | call to params | ActionController::Metal#params | +| active_record/ActiveRecord.rb:92:52:92:57 | call to params | ActionController::Metal#params | +| active_record/ActiveRecord.rb:96:28:96:33 | call to params | ActionController::Metal#params | +| active_record/ActiveRecord.rb:96:53:96:58 | call to params | ActionController::Metal#params | +| active_record/ActiveRecord.rb:106:59:106:64 | call to params | ActionController::Metal#params | +| active_storage/active_storage.rb:41:21:41:26 | call to params | ActionController::Metal#params | +| active_storage/active_storage.rb:42:24:42:29 | call to params | ActionController::Metal#params | +| app/controllers/comments_controller.rb:3:5:3:18 | call to params | ActionDispatch::Request#params | +| app/controllers/comments_controller.rb:4:5:4:22 | call to parameters | ActionDispatch::Request#parameters | +| app/controllers/comments_controller.rb:5:5:5:15 | call to GET | ActionDispatch::Request#GET | +| app/controllers/comments_controller.rb:6:5:6:16 | call to POST | ActionDispatch::Request#POST | +| app/controllers/comments_controller.rb:7:5:7:28 | call to query_parameters | ActionDispatch::Request#query_parameters | +| app/controllers/comments_controller.rb:8:5:8:30 | call to request_parameters | ActionDispatch::Request#request_parameters | +| app/controllers/comments_controller.rb:9:5:9:31 | call to filtered_parameters | ActionDispatch::Request#filtered_parameters | +| app/controllers/foo/bars_controller.rb:10:27:10:33 | call to cookies | ActionController::Metal#cookies | +| app/controllers/foo/bars_controller.rb:13:21:13:26 | call to params | ActionController::Metal#params | +| app/controllers/foo/bars_controller.rb:14:10:14:15 | call to params | ActionController::Metal#params | +| app/controllers/foo/bars_controller.rb:21:21:21:26 | call to params | ActionController::Metal#params | +| app/controllers/foo/bars_controller.rb:22:10:22:15 | call to params | ActionController::Metal#params | +| app/graphql/mutations/dummy.rb:5:24:5:25 | id | GraphQL RoutedParameter | +| app/graphql/mutations/dummy.rb:9:17:9:25 | something | GraphQL RoutedParameter | +| app/graphql/resolvers/dummy_resolver.rb:6:24:6:25 | id | GraphQL RoutedParameter | +| app/graphql/resolvers/dummy_resolver.rb:10:17:10:25 | something | GraphQL RoutedParameter | +| app/graphql/types/query_type.rb:10:18:10:23 | number | GraphQL RoutedParameter | +| app/graphql/types/query_type.rb:18:23:18:33 | blah_number | GraphQL RoutedParameter | +| app/graphql/types/query_type.rb:27:20:27:25 | **args | GraphQL RoutedParameter | +| app/graphql/types/query_type.rb:36:34:36:37 | arg1 | GraphQL RoutedParameter | +| app/graphql/types/query_type.rb:36:41:36:46 | **rest | GraphQL RoutedParameter | +| app/views/foo/bars/show.html.erb:5:9:5:14 | call to params | ActionController::Metal#params | cookiesCalls | app/controllers/foo/bars_controller.rb:10:27:10:33 | call to cookies | cookiesSources @@ -235,3 +370,19 @@ getAssociatedControllerClasses controllerTemplateFiles | app/controllers/foo/bars_controller.rb:3:1:46:3 | BarsController | app/views/foo/bars/_widget.html.erb:0:0:0:0 | app/views/foo/bars/_widget.html.erb | | app/controllers/foo/bars_controller.rb:3:1:46:3 | BarsController | app/views/foo/bars/show.html.erb:0:0:0:0 | app/views/foo/bars/show.html.erb | +headerWriteAccesses +| app/controllers/comments_controller.rb:15:5:15:35 | call to []= | content-type | app/controllers/comments_controller.rb:15:39:15:49 | ... = ... | +| app/controllers/comments_controller.rb:16:5:16:46 | call to set_header | content-length | app/controllers/comments_controller.rb:16:43:16:45 | 100 | +| app/controllers/comments_controller.rb:17:5:17:39 | call to []= | x-custom-header | app/controllers/comments_controller.rb:17:43:17:46 | ... = ... | +| app/controllers/comments_controller.rb:18:5:18:39 | call to []= | x-another-custom-header | app/controllers/comments_controller.rb:18:43:18:47 | ... = ... | +| app/controllers/comments_controller.rb:19:5:19:49 | call to add_header | x-yet-another | app/controllers/comments_controller.rb:19:42:19:49 | "indeed" | +| app/controllers/comments_controller.rb:25:5:25:21 | call to location= | location | app/controllers/comments_controller.rb:25:25:25:36 | ... = ... | +| app/controllers/comments_controller.rb:26:5:26:26 | call to cache_control= | cache-control | app/controllers/comments_controller.rb:26:30:26:36 | ... = ... | +| app/controllers/comments_controller.rb:27:5:27:27 | call to _cache_control= | cache-control | app/controllers/comments_controller.rb:27:31:27:37 | ... = ... | +| app/controllers/comments_controller.rb:28:5:28:17 | call to etag= | etag | app/controllers/comments_controller.rb:28:21:28:27 | ... = ... | +| app/controllers/comments_controller.rb:29:5:29:20 | call to charset= | content-type | app/controllers/comments_controller.rb:29:24:29:30 | ... = ... | +| app/controllers/comments_controller.rb:30:5:30:25 | call to content_type= | content-type | app/controllers/comments_controller.rb:30:29:30:35 | ... = ... | +| app/controllers/comments_controller.rb:32:5:32:17 | call to date= | date | app/controllers/comments_controller.rb:32:21:32:30 | ... = ... | +| app/controllers/comments_controller.rb:33:5:33:26 | call to last_modified= | last-modified | app/controllers/comments_controller.rb:33:30:33:43 | ... = ... | +| app/controllers/comments_controller.rb:34:5:34:22 | call to weak_etag= | etag | app/controllers/comments_controller.rb:34:26:34:32 | ... = ... | +| app/controllers/comments_controller.rb:35:5:35:24 | call to strong_etag= | etag | app/controllers/comments_controller.rb:35:28:35:34 | ... = ... | diff --git a/ruby/ql/test/library-tests/frameworks/ActionController.ql b/ruby/ql/test/library-tests/frameworks/ActionController.ql index 459ec388ad5..dca683dc6ab 100644 --- a/ruby/ql/test/library-tests/frameworks/ActionController.ql +++ b/ruby/ql/test/library-tests/frameworks/ActionController.ql @@ -1,6 +1,9 @@ private import codeql.ruby.AST private import codeql.ruby.frameworks.ActionController private import codeql.ruby.frameworks.Rails +private import codeql.ruby.frameworks.ActionView +private import codeql.ruby.Concepts +private import codeql.ruby.DataFlow query predicate actionControllerControllerClasses(ActionControllerControllerClass cls) { any() } @@ -10,6 +13,10 @@ query predicate paramsCalls(Rails::ParamsCall c) { any() } query predicate paramsSources(ParamsSource src) { any() } +query predicate httpInputAccesses(Http::Server::RequestInputAccess a, string sourceType) { + sourceType = a.getSourceType() +} + query predicate cookiesCalls(Rails::CookiesCall c) { any() } query predicate cookiesSources(CookiesSource src) { any() } @@ -25,3 +32,9 @@ query predicate getAssociatedControllerClasses(ActionControllerControllerClass c query predicate controllerTemplateFiles(ActionControllerControllerClass cls, ErbFile templateFile) { controllerTemplateFile(cls, templateFile) } + +query predicate headerWriteAccesses( + Http::Server::HeaderWriteAccess a, string name, DataFlow::Node value +) { + name = a.getName() and value = a.getValue() +} diff --git a/ruby/ql/test/library-tests/frameworks/ActionDispatch.expected b/ruby/ql/test/library-tests/frameworks/ActionDispatch.expected index ffb5f5a1efd..b3499beda45 100644 --- a/ruby/ql/test/library-tests/frameworks/ActionDispatch.expected +++ b/ruby/ql/test/library-tests/frameworks/ActionDispatch.expected @@ -36,8 +36,8 @@ actionDispatchRoutes actionDispatchControllerMethods | app/config/routes.rb:2:3:8:5 | call to resources | app/controllers/posts_controller.rb:2:3:3:5 | index | | app/config/routes.rb:2:3:8:5 | call to resources | app/controllers/posts_controller.rb:5:3:6:5 | show | -| app/config/routes.rb:3:5:6:7 | call to resources | app/controllers/comments_controller.rb:2:3:3:5 | index | -| app/config/routes.rb:3:5:6:7 | call to resources | app/controllers/comments_controller.rb:5:3:6:5 | show | +| app/config/routes.rb:3:5:6:7 | call to resources | app/controllers/comments_controller.rb:2:3:36:5 | index | +| app/config/routes.rb:3:5:6:7 | call to resources | app/controllers/comments_controller.rb:38:3:39:5 | show | | app/config/routes.rb:7:5:7:37 | call to post | app/controllers/posts_controller.rb:8:3:9:5 | upvote | | app/config/routes.rb:27:3:27:48 | call to match | app/controllers/photos_controller.rb:2:3:3:5 | show | | app/config/routes.rb:28:3:28:50 | call to match | app/controllers/photos_controller.rb:2:3:3:5 | show | diff --git a/ruby/ql/test/library-tests/frameworks/ActionView.expected b/ruby/ql/test/library-tests/frameworks/ActionView.expected index 2f525d2be25..5a1abf0a37e 100644 --- a/ruby/ql/test/library-tests/frameworks/ActionView.expected +++ b/ruby/ql/test/library-tests/frameworks/ActionView.expected @@ -1,6 +1,3 @@ -htmlSafeCalls -| app/views/foo/bars/show.html.erb:23:3:23:25 | call to html_safe | -| app/views/foo/bars/show.html.erb:27:3:27:25 | call to html_safe | rawCalls | app/views/foo/bars/_widget.html.erb:1:5:1:21 | call to raw | | app/views/foo/bars/_widget.html.erb:2:5:2:20 | call to raw | @@ -24,6 +21,8 @@ renderToCalls linkToCalls | app/views/foo/bars/show.html.erb:33:5:33:41 | call to link_to | httpResponses +| app/controllers/comments_controller.rb:11:5:11:17 | call to body= | app/controllers/comments_controller.rb:11:21:11:34 | ... = ... | text/http | +| app/controllers/comments_controller.rb:21:5:21:37 | call to send_file | app/controllers/comments_controller.rb:21:24:21:36 | "my-file.ext" | application/octet-stream | | app/controllers/foo/bars_controller.rb:15:16:15:97 | call to render_to_string | app/controllers/foo/bars_controller.rb:15:33:15:47 | "foo/bars/show" | text/html | | app/controllers/foo/bars_controller.rb:23:5:23:76 | call to render | app/controllers/foo/bars_controller.rb:23:12:23:26 | "foo/bars/show" | text/html | | app/controllers/foo/bars_controller.rb:35:5:35:33 | call to render | app/controllers/foo/bars_controller.rb:35:18:35:33 | call to [] | application/json | diff --git a/ruby/ql/test/library-tests/frameworks/ActionView.ql b/ruby/ql/test/library-tests/frameworks/ActionView.ql index 700468c112c..124cf0722a1 100644 --- a/ruby/ql/test/library-tests/frameworks/ActionView.ql +++ b/ruby/ql/test/library-tests/frameworks/ActionView.ql @@ -4,8 +4,6 @@ private import codeql.ruby.frameworks.ActionView private import codeql.ruby.frameworks.Rails private import codeql.ruby.Concepts -query predicate htmlSafeCalls(Rails::HtmlSafeCall c) { any() } - query predicate rawCalls(RawCall c) { any() } query predicate renderCalls(Rails::RenderCall c) { any() } diff --git a/ruby/ql/test/library-tests/frameworks/action_controller/input_access.rb b/ruby/ql/test/library-tests/frameworks/action_controller/input_access.rb new file mode 100644 index 00000000000..334e36d3f3c --- /dev/null +++ b/ruby/ql/test/library-tests/frameworks/action_controller/input_access.rb @@ -0,0 +1,50 @@ +class UsersController < ActionController::Base + def index + request.params + request.parameters + request.GET + request.POST + request.query_parameters + request.request_parameters + request.filtered_parameters + + request.authorization + request.script_name + request.path_info + request.user_agent + request.referer + request.referrer + request.host_authority + request.content_type + request.host + request.hostname + request.accept_encoding + request.accept_language + request.if_none_match + request.if_none_match_etags + request.content_mime_type + + request.authority + request.host + request.host_authority + request.host_with_port + request.hostname + request.forwarded_for + request.forwarded_host + request.port + request.forwarded_port + + request.media_type + request.media_type_params + request.content_charset + request.base_url + + request.body + request.raw_post + + request.env["HTTP_ACCEPT"] + request.env["NOT_USER_CONTROLLED"] + request.filtered_env["HTTP_ACCEPT"] + request.filtered_env["NOT_USER_CONTROLLED"] + end +end diff --git a/ruby/ql/test/library-tests/frameworks/action_mailer/mailer.rb b/ruby/ql/test/library-tests/frameworks/action_mailer/mailer.rb new file mode 100644 index 00000000000..09243fbb7fe --- /dev/null +++ b/ruby/ql/test/library-tests/frameworks/action_mailer/mailer.rb @@ -0,0 +1,5 @@ +class MyMailer < ActionMailer::Base + def foo + sink params[:foo] # $hasTaintFlow + end +end diff --git a/ruby/ql/test/library-tests/frameworks/action_mailer/params-flow.expected b/ruby/ql/test/library-tests/frameworks/action_mailer/params-flow.expected new file mode 100644 index 00000000000..a4a7be5b17a --- /dev/null +++ b/ruby/ql/test/library-tests/frameworks/action_mailer/params-flow.expected @@ -0,0 +1,9 @@ +failures +edges +| mailer.rb:3:10:3:15 | call to params : | mailer.rb:3:10:3:21 | ...[...] | +nodes +| mailer.rb:3:10:3:15 | call to params : | semmle.label | call to params : | +| mailer.rb:3:10:3:21 | ...[...] | semmle.label | ...[...] | +subpaths +#select +| mailer.rb:3:10:3:21 | ...[...] | mailer.rb:3:10:3:15 | call to params : | mailer.rb:3:10:3:21 | ...[...] | $@ | mailer.rb:3:10:3:15 | call to params : | call to params : | diff --git a/ruby/ql/test/library-tests/frameworks/action_mailer/params-flow.ql b/ruby/ql/test/library-tests/frameworks/action_mailer/params-flow.ql new file mode 100644 index 00000000000..412ba5534b8 --- /dev/null +++ b/ruby/ql/test/library-tests/frameworks/action_mailer/params-flow.ql @@ -0,0 +1,18 @@ +/** + * @kind path-problem + */ + +import ruby +import TestUtilities.InlineFlowTest +import PathGraph +import codeql.ruby.frameworks.Rails + +class ParamsTaintFlowConf extends DefaultTaintFlowConf { + override predicate isSource(DataFlow::Node n) { + n.asExpr().getExpr() instanceof Rails::ParamsCall + } +} + +from DataFlow::PathNode source, DataFlow::PathNode sink, ParamsTaintFlowConf conf +where conf.hasFlowPath(source, sink) +select sink, source, sink, "$@", source, source.toString() diff --git a/ruby/ql/test/library-tests/frameworks/active_support/ActiveSupportDataFlow.expected b/ruby/ql/test/library-tests/frameworks/active_support/ActiveSupportDataFlow.expected index 2128d0173b1..6ad05678f03 100644 --- a/ruby/ql/test/library-tests/frameworks/active_support/ActiveSupportDataFlow.expected +++ b/ruby/ql/test/library-tests/frameworks/active_support/ActiveSupportDataFlow.expected @@ -136,6 +136,14 @@ edges | active_support.rb:191:34:191:34 | a : | active_support.rb:191:7:191:35 | call to new : | | active_support.rb:192:7:192:7 | x : | active_support.rb:192:7:192:16 | call to to_param : | | active_support.rb:192:7:192:16 | call to to_param : | active_support.rb:193:8:193:8 | y | +| active_support.rb:197:7:197:16 | call to source : | active_support.rb:198:20:198:20 | a : | +| active_support.rb:198:7:198:21 | call to new : | active_support.rb:199:7:199:7 | x : | +| active_support.rb:198:20:198:20 | a : | active_support.rb:198:7:198:21 | call to new : | +| active_support.rb:199:7:199:7 | x : | active_support.rb:199:7:199:17 | call to existence : | +| active_support.rb:199:7:199:17 | call to existence : | active_support.rb:200:8:200:8 | y | +| active_support.rb:199:7:199:17 | call to existence : | active_support.rb:201:7:201:7 | y : | +| active_support.rb:201:7:201:7 | y : | active_support.rb:201:7:201:17 | call to existence : | +| active_support.rb:201:7:201:17 | call to existence : | active_support.rb:202:8:202:8 | z | nodes | active_support.rb:9:9:9:18 | call to source : | semmle.label | call to source : | | active_support.rb:10:10:10:10 | x : | semmle.label | x : | @@ -310,6 +318,15 @@ nodes | active_support.rb:192:7:192:7 | x : | semmle.label | x : | | active_support.rb:192:7:192:16 | call to to_param : | semmle.label | call to to_param : | | active_support.rb:193:8:193:8 | y | semmle.label | y | +| active_support.rb:197:7:197:16 | call to source : | semmle.label | call to source : | +| active_support.rb:198:7:198:21 | call to new : | semmle.label | call to new : | +| active_support.rb:198:20:198:20 | a : | semmle.label | a : | +| active_support.rb:199:7:199:7 | x : | semmle.label | x : | +| active_support.rb:199:7:199:17 | call to existence : | semmle.label | call to existence : | +| active_support.rb:200:8:200:8 | y | semmle.label | y | +| active_support.rb:201:7:201:7 | y : | semmle.label | y : | +| active_support.rb:201:7:201:17 | call to existence : | semmle.label | call to existence : | +| active_support.rb:202:8:202:8 | z | semmle.label | z | subpaths #select | active_support.rb:106:10:106:13 | ...[...] | active_support.rb:104:10:104:17 | call to source : | active_support.rb:106:10:106:13 | ...[...] | $@ | active_support.rb:104:10:104:17 | call to source : | call to source : | diff --git a/ruby/ql/test/library-tests/frameworks/active_support/active_support.rb b/ruby/ql/test/library-tests/frameworks/active_support/active_support.rb index 9dac336f3dc..425a941cbd6 100644 --- a/ruby/ql/test/library-tests/frameworks/active_support/active_support.rb +++ b/ruby/ql/test/library-tests/frameworks/active_support/active_support.rb @@ -192,3 +192,12 @@ def m_safe_buffer_to_param y = x.to_param sink y # $hasTaintFlow=a end + +def m_pathname_existence + a = source "a" + x = Pathname.new(a) + y = x.existence + sink y # $hasTaintFlow=a + z = y.existence + sink z # $hasTaintFlow=a +end diff --git a/ruby/ql/test/library-tests/frameworks/app/controllers/comments_controller.rb b/ruby/ql/test/library-tests/frameworks/app/controllers/comments_controller.rb index 8c8164eaf03..57fac7797bd 100644 --- a/ruby/ql/test/library-tests/frameworks/app/controllers/comments_controller.rb +++ b/ruby/ql/test/library-tests/frameworks/app/controllers/comments_controller.rb @@ -1,7 +1,40 @@ class CommentsController < ApplicationController def index + request.params + request.parameters + request.GET + request.POST + request.query_parameters + request.request_parameters + request.filtered_parameters + + response.body = "some content" + + response.status = 200 + + response.header["Content-Type"] = "text/html" + response.set_header("Content-Length", 100) + response.headers["X-Custom-Header"] = "hi" + response["X-Another-Custom-Header"] = "yes" + response.add_header "X-Yet-Another", "indeed" + + response.send_file("my-file.ext") + + response.request + + response.location = "http://..." # relevant for url redirect query + response.cache_control = "value" + response._cache_control = "value" + response.etag = "value" + response.charset = "value" # sets the charset part of the content-type header + response.content_type = "value" # sets the main part of the content-type header + + response.date = Date.today + response.last_modified = Date.yesterday + response.weak_etag = "value" + response.strong_etag = "value" end def show end -end \ No newline at end of file +end diff --git a/ruby/ql/test/library-tests/modules/ancestors.expected b/ruby/ql/test/library-tests/modules/ancestors.expected index 98cfa6c7186..5ebbcb5c112 100644 --- a/ruby/ql/test/library-tests/modules/ancestors.expected +++ b/ruby/ql/test/library-tests/modules/ancestors.expected @@ -110,6 +110,15 @@ calls.rb: # 538| ProtectedMethodsSub #-----| super -> ProtectedMethods +# 552| SingletonUpCall_Base +#-----| super -> Object + +# 556| SingletonUpCall_Sub +#-----| super -> SingletonUpCall_Base + +# 564| SingletonUpCall_SubSub +#-----| super -> SingletonUpCall_Sub + hello.rb: # 1| EnglishWords @@ -120,6 +129,13 @@ hello.rb: # 18| HelloWorld #-----| super -> Greeting +instance_fields.rb: +# 11| A_target +#-----| super -> Object + +# 26| B_target +#-----| super -> Object + modules.rb: # 1| Empty @@ -197,9 +213,6 @@ modules_rec.rb: # 1| B::A #-----| super -> Object -# 4| A::B -#-----| super -> Object - private.rb: # 1| E #-----| super -> Object @@ -211,3 +224,9 @@ private.rb: # 96| PrivateOverride2 #-----| super -> PrivateOverride1 + +toplevel_self_singleton.rb: +# 2| A::B +#-----| super -> Object + +# 24| Good diff --git a/ruby/ql/test/library-tests/modules/callgraph.expected b/ruby/ql/test/library-tests/modules/callgraph.expected index df2bffe2933..21eeb8dfc4c 100644 --- a/ruby/ql/test/library-tests/modules/callgraph.expected +++ b/ruby/ql/test/library-tests/modules/callgraph.expected @@ -8,7 +8,6 @@ getTarget | calls.rb:17:1:17:8 | call to bar | calls.rb:13:1:15:3 | bar | | calls.rb:19:1:19:8 | call to foo | calls.rb:1:1:3:3 | foo | | calls.rb:19:1:19:8 | call to foo | calls.rb:85:1:89:3 | foo | -| calls.rb:23:9:23:19 | call to singleton_m | calls.rb:25:5:27:7 | singleton_m | | calls.rb:32:5:32:15 | call to singleton_m | calls.rb:25:5:27:7 | singleton_m | | calls.rb:33:5:33:20 | call to singleton_m | calls.rb:25:5:27:7 | singleton_m | | calls.rb:37:1:37:13 | call to singleton_m | calls.rb:25:5:27:7 | singleton_m | @@ -77,7 +76,6 @@ getTarget | calls.rb:224:9:224:24 | call to singleton_g | calls.rb:236:1:238:3 | singleton_g | | calls.rb:224:9:224:24 | call to singleton_g | calls.rb:243:1:245:3 | singleton_g | | calls.rb:224:9:224:24 | call to singleton_g | calls.rb:251:5:253:7 | singleton_g | -| calls.rb:224:9:224:24 | call to singleton_g | calls.rb:267:1:269:3 | singleton_g | | calls.rb:228:1:228:22 | call to singleton_a | calls.rb:191:5:194:7 | singleton_a | | calls.rb:229:1:229:22 | call to singleton_f | calls.rb:218:9:220:11 | singleton_f | | calls.rb:231:6:231:19 | call to new | calls.rb:117:5:117:16 | new | @@ -215,10 +213,18 @@ getTarget | calls.rb:549:2:549:6 | call to new | calls.rb:117:5:117:16 | new | | calls.rb:549:20:549:24 | call to baz | calls.rb:51:5:57:7 | baz | | calls.rb:550:26:550:37 | call to capitalize | calls.rb:97:5:97:23 | capitalize | +| calls.rb:557:5:557:13 | call to singleton | calls.rb:553:5:554:7 | singleton | +| calls.rb:560:9:560:17 | call to singleton | calls.rb:553:5:554:7 | singleton | +| calls.rb:561:9:561:18 | call to singleton2 | calls.rb:565:5:566:7 | singleton2 | +| calls.rb:568:5:568:14 | call to mid_method | calls.rb:559:5:562:7 | mid_method | | hello.rb:12:5:12:24 | call to include | calls.rb:108:5:110:7 | include | | hello.rb:14:16:14:20 | call to hello | hello.rb:2:5:4:7 | hello | | hello.rb:20:16:20:20 | call to super | hello.rb:13:5:15:7 | message | | hello.rb:20:30:20:34 | call to world | hello.rb:5:5:7:7 | world | +| instance_fields.rb:4:22:4:35 | call to new | calls.rb:117:5:117:16 | new | +| instance_fields.rb:7:13:7:25 | call to target | instance_fields.rb:12:5:13:7 | target | +| instance_fields.rb:19:22:19:35 | call to new | calls.rb:117:5:117:16 | new | +| instance_fields.rb:22:13:22:25 | call to target | instance_fields.rb:27:5:28:7 | target | | modules.rb:12:5:12:26 | call to puts | calls.rb:102:5:102:30 | puts | | modules.rb:22:3:22:19 | call to puts | calls.rb:102:5:102:30 | puts | | modules.rb:33:3:33:25 | call to puts | calls.rb:102:5:102:30 | puts | @@ -259,7 +265,10 @@ getTarget | private.rb:104:1:104:20 | call to new | calls.rb:117:5:117:16 | new | | private.rb:104:1:104:28 | call to call_m1 | private.rb:91:3:93:5 | call_m1 | | private.rb:105:1:105:20 | call to new | calls.rb:117:5:117:16 | new | +| toplevel_self_singleton.rb:30:13:30:19 | call to call_me | toplevel_self_singleton.rb:26:9:27:11 | call_me | +| toplevel_self_singleton.rb:31:13:31:20 | call to call_you | toplevel_self_singleton.rb:29:9:32:11 | call_you | unresolvedCall +| calls.rb:23:9:23:19 | call to singleton_m | | calls.rb:26:9:26:18 | call to instance_m | | calls.rb:29:5:29:14 | call to instance_m | | calls.rb:30:5:30:19 | call to instance_m | @@ -330,6 +339,7 @@ unresolvedCall | calls.rb:549:1:549:26 | call to each | | calls.rb:550:1:550:13 | call to [] | | calls.rb:550:1:550:39 | call to each | +| calls.rb:558:5:558:14 | call to singleton2 | | hello.rb:20:16:20:26 | ... + ... | | hello.rb:20:16:20:34 | ... + ... | | hello.rb:20:16:20:40 | ... + ... | @@ -343,6 +353,11 @@ unresolvedCall | private.rb:57:1:57:14 | call to private4 | | private.rb:100:7:100:29 | call to m1 | | private.rb:105:1:105:23 | call to m1 | +| toplevel_self_singleton.rb:8:1:16:3 | call to do_something | +| toplevel_self_singleton.rb:10:9:10:27 | call to ab_singleton_method | +| toplevel_self_singleton.rb:14:9:14:27 | call to ab_singleton_method | +| toplevel_self_singleton.rb:18:12:22:1 | call to new | +| toplevel_self_singleton.rb:20:9:20:27 | call to ab_singleton_method | privateMethod | calls.rb:1:1:3:3 | foo | | calls.rb:39:1:41:3 | call_instance_m | @@ -373,6 +388,7 @@ privateMethod | private.rb:83:11:85:5 | m1 | | private.rb:87:11:89:5 | m2 | | private.rb:97:11:101:5 | m1 | +| toplevel_self_singleton.rb:9:5:11:7 | method_in_block | publicMethod | calls.rb:7:1:9:3 | bar | | calls.rb:13:1:15:3 | bar | @@ -431,10 +447,19 @@ publicMethod | calls.rb:485:5:487:7 | singleton | | calls.rb:526:5:531:7 | baz | | calls.rb:539:5:542:7 | baz | +| calls.rb:553:5:554:7 | singleton | +| calls.rb:559:5:562:7 | mid_method | +| calls.rb:565:5:566:7 | singleton2 | | hello.rb:2:5:4:7 | hello | | hello.rb:5:5:7:7 | world | | hello.rb:13:5:15:7 | message | | hello.rb:19:5:21:7 | message | +| instance_fields.rb:3:9:5:11 | create | +| instance_fields.rb:6:9:8:11 | use | +| instance_fields.rb:12:5:13:7 | target | +| instance_fields.rb:18:9:20:11 | create | +| instance_fields.rb:21:9:23:11 | use | +| instance_fields.rb:27:5:28:7 | target | | modules.rb:9:5:10:7 | method_in_foo_bar | | modules.rb:16:3:17:5 | method_in_foo | | modules.rb:27:3:28:5 | method_in_another_definition_of_foo | @@ -446,6 +471,11 @@ publicMethod | private.rb:38:3:39:5 | public3 | | private.rb:66:3:67:5 | public | | private.rb:91:3:93:5 | call_m1 | +| toplevel_self_singleton.rb:3:9:4:11 | ab_singleton_method | +| toplevel_self_singleton.rb:13:5:15:7 | method_in_block | +| toplevel_self_singleton.rb:19:5:21:7 | method_in_struct | +| toplevel_self_singleton.rb:26:9:27:11 | call_me | +| toplevel_self_singleton.rb:29:9:32:11 | call_you | protectedMethod | calls.rb:514:15:516:7 | foo | | calls.rb:522:15:524:7 | bar | diff --git a/ruby/ql/test/library-tests/modules/calls.rb b/ruby/ql/test/library-tests/modules/calls.rb index 4996ed93bb3..6eafb0e033b 100644 --- a/ruby/ql/test/library-tests/modules/calls.rb +++ b/ruby/ql/test/library-tests/modules/calls.rb @@ -548,3 +548,22 @@ ProtectedMethodsSub.new.baz [C.new].each { |c| c.baz } ["a","b","c"].each { |s| s.capitalize } + +class SingletonUpCall_Base + def self.singleton + end +end +class SingletonUpCall_Sub < SingletonUpCall_Base + singleton + singleton2 # should not resolve + def self.mid_method + singleton + singleton2 # should resolve + end +end +class SingletonUpCall_SubSub < SingletonUpCall_Sub + def self.singleton2 + end + + mid_method +end diff --git a/ruby/ql/test/library-tests/modules/instance_fields.rb b/ruby/ql/test/library-tests/modules/instance_fields.rb new file mode 100644 index 00000000000..ac981f8d5ef --- /dev/null +++ b/ruby/ql/test/library-tests/modules/instance_fields.rb @@ -0,0 +1,29 @@ +class A + class << self + def create + @field = ::A_target.new + end + def use + @field.target + end + end +end +class A_target + def target + end +end + +class B + class << self + def create + @field = ::B_target.new + end + def use + @field.target + end + end +end +class B_target + def target + end +end diff --git a/ruby/ql/test/library-tests/modules/methods.expected b/ruby/ql/test/library-tests/modules/methods.expected index d7d30b4f2e7..bca145122b0 100644 --- a/ruby/ql/test/library-tests/modules/methods.expected +++ b/ruby/ql/test/library-tests/modules/methods.expected @@ -47,6 +47,8 @@ getMethod | hello.rb:1:1:8:3 | EnglishWords | world | hello.rb:5:5:7:7 | world | | hello.rb:11:1:16:3 | Greeting | message | hello.rb:13:5:15:7 | message | | hello.rb:18:1:22:3 | HelloWorld | message | hello.rb:19:5:21:7 | message | +| instance_fields.rb:11:1:14:3 | A_target | target | instance_fields.rb:12:5:13:7 | target | +| instance_fields.rb:26:1:29:3 | B_target | target | instance_fields.rb:27:5:28:7 | target | | modules.rb:4:1:24:3 | Foo | method_in_another_definition_of_foo | modules.rb:27:3:28:5 | method_in_another_definition_of_foo | | modules.rb:4:1:24:3 | Foo | method_in_foo | modules.rb:16:3:17:5 | method_in_foo | | modules.rb:5:3:14:5 | Foo::Bar | method_in_another_definition_of_foo_bar | modules.rb:52:3:53:5 | method_in_another_definition_of_foo_bar | @@ -388,6 +390,48 @@ lookupMethod | calls.rb:538:1:543:3 | ProtectedMethodsSub | private_on_main | calls.rb:185:1:186:3 | private_on_main | | calls.rb:538:1:543:3 | ProtectedMethodsSub | puts | calls.rb:102:5:102:30 | puts | | calls.rb:538:1:543:3 | ProtectedMethodsSub | to_s | calls.rb:172:5:173:7 | to_s | +| calls.rb:552:1:555:3 | SingletonUpCall_Base | add_singleton | calls.rb:367:1:371:3 | add_singleton | +| calls.rb:552:1:555:3 | SingletonUpCall_Base | call_block | calls.rb:81:1:83:3 | call_block | +| calls.rb:552:1:555:3 | SingletonUpCall_Base | call_instance_m | calls.rb:39:1:41:3 | call_instance_m | +| calls.rb:552:1:555:3 | SingletonUpCall_Base | create | calls.rb:278:1:286:3 | create | +| calls.rb:552:1:555:3 | SingletonUpCall_Base | foo | calls.rb:1:1:3:3 | foo | +| calls.rb:552:1:555:3 | SingletonUpCall_Base | foo | calls.rb:85:1:89:3 | foo | +| calls.rb:552:1:555:3 | SingletonUpCall_Base | funny | calls.rb:140:1:142:3 | funny | +| calls.rb:552:1:555:3 | SingletonUpCall_Base | indirect | calls.rb:158:1:160:3 | indirect | +| calls.rb:552:1:555:3 | SingletonUpCall_Base | new | calls.rb:117:5:117:16 | new | +| calls.rb:552:1:555:3 | SingletonUpCall_Base | optional_arg | calls.rb:76:1:79:3 | optional_arg | +| calls.rb:552:1:555:3 | SingletonUpCall_Base | pattern_dispatch | calls.rb:343:1:359:3 | pattern_dispatch | +| calls.rb:552:1:555:3 | SingletonUpCall_Base | private_on_main | calls.rb:185:1:186:3 | private_on_main | +| calls.rb:552:1:555:3 | SingletonUpCall_Base | puts | calls.rb:102:5:102:30 | puts | +| calls.rb:552:1:555:3 | SingletonUpCall_Base | to_s | calls.rb:172:5:173:7 | to_s | +| calls.rb:556:1:563:3 | SingletonUpCall_Sub | add_singleton | calls.rb:367:1:371:3 | add_singleton | +| calls.rb:556:1:563:3 | SingletonUpCall_Sub | call_block | calls.rb:81:1:83:3 | call_block | +| calls.rb:556:1:563:3 | SingletonUpCall_Sub | call_instance_m | calls.rb:39:1:41:3 | call_instance_m | +| calls.rb:556:1:563:3 | SingletonUpCall_Sub | create | calls.rb:278:1:286:3 | create | +| calls.rb:556:1:563:3 | SingletonUpCall_Sub | foo | calls.rb:1:1:3:3 | foo | +| calls.rb:556:1:563:3 | SingletonUpCall_Sub | foo | calls.rb:85:1:89:3 | foo | +| calls.rb:556:1:563:3 | SingletonUpCall_Sub | funny | calls.rb:140:1:142:3 | funny | +| calls.rb:556:1:563:3 | SingletonUpCall_Sub | indirect | calls.rb:158:1:160:3 | indirect | +| calls.rb:556:1:563:3 | SingletonUpCall_Sub | new | calls.rb:117:5:117:16 | new | +| calls.rb:556:1:563:3 | SingletonUpCall_Sub | optional_arg | calls.rb:76:1:79:3 | optional_arg | +| calls.rb:556:1:563:3 | SingletonUpCall_Sub | pattern_dispatch | calls.rb:343:1:359:3 | pattern_dispatch | +| calls.rb:556:1:563:3 | SingletonUpCall_Sub | private_on_main | calls.rb:185:1:186:3 | private_on_main | +| calls.rb:556:1:563:3 | SingletonUpCall_Sub | puts | calls.rb:102:5:102:30 | puts | +| calls.rb:556:1:563:3 | SingletonUpCall_Sub | to_s | calls.rb:172:5:173:7 | to_s | +| calls.rb:564:1:569:3 | SingletonUpCall_SubSub | add_singleton | calls.rb:367:1:371:3 | add_singleton | +| calls.rb:564:1:569:3 | SingletonUpCall_SubSub | call_block | calls.rb:81:1:83:3 | call_block | +| calls.rb:564:1:569:3 | SingletonUpCall_SubSub | call_instance_m | calls.rb:39:1:41:3 | call_instance_m | +| calls.rb:564:1:569:3 | SingletonUpCall_SubSub | create | calls.rb:278:1:286:3 | create | +| calls.rb:564:1:569:3 | SingletonUpCall_SubSub | foo | calls.rb:1:1:3:3 | foo | +| calls.rb:564:1:569:3 | SingletonUpCall_SubSub | foo | calls.rb:85:1:89:3 | foo | +| calls.rb:564:1:569:3 | SingletonUpCall_SubSub | funny | calls.rb:140:1:142:3 | funny | +| calls.rb:564:1:569:3 | SingletonUpCall_SubSub | indirect | calls.rb:158:1:160:3 | indirect | +| calls.rb:564:1:569:3 | SingletonUpCall_SubSub | new | calls.rb:117:5:117:16 | new | +| calls.rb:564:1:569:3 | SingletonUpCall_SubSub | optional_arg | calls.rb:76:1:79:3 | optional_arg | +| calls.rb:564:1:569:3 | SingletonUpCall_SubSub | pattern_dispatch | calls.rb:343:1:359:3 | pattern_dispatch | +| calls.rb:564:1:569:3 | SingletonUpCall_SubSub | private_on_main | calls.rb:185:1:186:3 | private_on_main | +| calls.rb:564:1:569:3 | SingletonUpCall_SubSub | puts | calls.rb:102:5:102:30 | puts | +| calls.rb:564:1:569:3 | SingletonUpCall_SubSub | to_s | calls.rb:172:5:173:7 | to_s | | file://:0:0:0:0 | Class | include | calls.rb:108:5:110:7 | include | | file://:0:0:0:0 | Class | module_eval | calls.rb:107:5:107:24 | module_eval | | file://:0:0:0:0 | Class | new | calls.rb:117:5:117:16 | new | @@ -430,6 +474,14 @@ lookupMethod | hello.rb:18:1:22:3 | HelloWorld | puts | calls.rb:102:5:102:30 | puts | | hello.rb:18:1:22:3 | HelloWorld | to_s | calls.rb:172:5:173:7 | to_s | | hello.rb:18:1:22:3 | HelloWorld | world | hello.rb:5:5:7:7 | world | +| instance_fields.rb:11:1:14:3 | A_target | new | calls.rb:117:5:117:16 | new | +| instance_fields.rb:11:1:14:3 | A_target | puts | calls.rb:102:5:102:30 | puts | +| instance_fields.rb:11:1:14:3 | A_target | target | instance_fields.rb:12:5:13:7 | target | +| instance_fields.rb:11:1:14:3 | A_target | to_s | calls.rb:172:5:173:7 | to_s | +| instance_fields.rb:26:1:29:3 | B_target | new | calls.rb:117:5:117:16 | new | +| instance_fields.rb:26:1:29:3 | B_target | puts | calls.rb:102:5:102:30 | puts | +| instance_fields.rb:26:1:29:3 | B_target | target | instance_fields.rb:27:5:28:7 | target | +| instance_fields.rb:26:1:29:3 | B_target | to_s | calls.rb:172:5:173:7 | to_s | | modules.rb:4:1:24:3 | Foo | method_in_another_definition_of_foo | modules.rb:27:3:28:5 | method_in_another_definition_of_foo | | modules.rb:4:1:24:3 | Foo | method_in_foo | modules.rb:16:3:17:5 | method_in_foo | | modules.rb:5:3:14:5 | Foo::Bar | method_in_another_definition_of_foo_bar | modules.rb:52:3:53:5 | method_in_another_definition_of_foo_bar | @@ -466,9 +518,6 @@ lookupMethod | modules_rec.rb:1:1:2:3 | B::A | new | calls.rb:117:5:117:16 | new | | modules_rec.rb:1:1:2:3 | B::A | puts | calls.rb:102:5:102:30 | puts | | modules_rec.rb:1:1:2:3 | B::A | to_s | calls.rb:172:5:173:7 | to_s | -| modules_rec.rb:4:1:5:3 | A::B | new | calls.rb:117:5:117:16 | new | -| modules_rec.rb:4:1:5:3 | A::B | puts | calls.rb:102:5:102:30 | puts | -| modules_rec.rb:4:1:5:3 | A::B | to_s | calls.rb:172:5:173:7 | to_s | | private.rb:1:1:49:3 | E | new | calls.rb:117:5:117:16 | new | | private.rb:1:1:49:3 | E | private1 | private.rb:2:11:3:5 | private1 | | private.rb:1:1:49:3 | E | private2 | private.rb:8:3:9:5 | private2 | @@ -501,6 +550,9 @@ lookupMethod | private.rb:96:1:102:3 | PrivateOverride2 | private_on_main | private.rb:51:1:52:3 | private_on_main | | private.rb:96:1:102:3 | PrivateOverride2 | puts | calls.rb:102:5:102:30 | puts | | private.rb:96:1:102:3 | PrivateOverride2 | to_s | calls.rb:172:5:173:7 | to_s | +| toplevel_self_singleton.rb:2:5:5:7 | A::B | new | calls.rb:117:5:117:16 | new | +| toplevel_self_singleton.rb:2:5:5:7 | A::B | puts | calls.rb:102:5:102:30 | puts | +| toplevel_self_singleton.rb:2:5:5:7 | A::B | to_s | calls.rb:172:5:173:7 | to_s | enclosingMethod | calls.rb:2:5:2:14 | call to puts | calls.rb:1:1:3:3 | foo | | calls.rb:2:5:2:14 | self | calls.rb:1:1:3:3 | foo | @@ -832,6 +884,10 @@ enclosingMethod | calls.rb:541:9:541:27 | ProtectedMethodsSub | calls.rb:539:5:542:7 | baz | | calls.rb:541:9:541:31 | call to new | calls.rb:539:5:542:7 | baz | | calls.rb:541:9:541:35 | call to foo | calls.rb:539:5:542:7 | baz | +| calls.rb:560:9:560:17 | call to singleton | calls.rb:559:5:562:7 | mid_method | +| calls.rb:560:9:560:17 | self | calls.rb:559:5:562:7 | mid_method | +| calls.rb:561:9:561:18 | call to singleton2 | calls.rb:559:5:562:7 | mid_method | +| calls.rb:561:9:561:18 | self | calls.rb:559:5:562:7 | mid_method | | hello.rb:3:9:3:22 | return | hello.rb:2:5:4:7 | hello | | hello.rb:3:16:3:22 | "hello" | hello.rb:2:5:4:7 | hello | | hello.rb:3:17:3:21 | hello | hello.rb:2:5:4:7 | hello | @@ -852,6 +908,22 @@ enclosingMethod | hello.rb:20:30:20:34 | self | hello.rb:19:5:21:7 | message | | hello.rb:20:38:20:40 | "!" | hello.rb:19:5:21:7 | message | | hello.rb:20:39:20:39 | ! | hello.rb:19:5:21:7 | message | +| instance_fields.rb:4:13:4:18 | @field | instance_fields.rb:3:9:5:11 | create | +| instance_fields.rb:4:13:4:18 | self | instance_fields.rb:3:9:5:11 | create | +| instance_fields.rb:4:13:4:35 | ... = ... | instance_fields.rb:3:9:5:11 | create | +| instance_fields.rb:4:22:4:31 | A_target | instance_fields.rb:3:9:5:11 | create | +| instance_fields.rb:4:22:4:35 | call to new | instance_fields.rb:3:9:5:11 | create | +| instance_fields.rb:7:13:7:18 | @field | instance_fields.rb:6:9:8:11 | use | +| instance_fields.rb:7:13:7:18 | self | instance_fields.rb:6:9:8:11 | use | +| instance_fields.rb:7:13:7:25 | call to target | instance_fields.rb:6:9:8:11 | use | +| instance_fields.rb:19:13:19:18 | @field | instance_fields.rb:18:9:20:11 | create | +| instance_fields.rb:19:13:19:18 | self | instance_fields.rb:18:9:20:11 | create | +| instance_fields.rb:19:13:19:35 | ... = ... | instance_fields.rb:18:9:20:11 | create | +| instance_fields.rb:19:22:19:31 | B_target | instance_fields.rb:18:9:20:11 | create | +| instance_fields.rb:19:22:19:35 | call to new | instance_fields.rb:18:9:20:11 | create | +| instance_fields.rb:22:13:22:18 | @field | instance_fields.rb:21:9:23:11 | use | +| instance_fields.rb:22:13:22:18 | self | instance_fields.rb:21:9:23:11 | use | +| instance_fields.rb:22:13:22:25 | call to target | instance_fields.rb:21:9:23:11 | use | | private.rb:84:7:84:32 | call to puts | private.rb:83:11:85:5 | m1 | | private.rb:84:7:84:32 | self | private.rb:83:11:85:5 | m1 | | private.rb:84:12:84:32 | "PrivateOverride1#m1" | private.rb:83:11:85:5 | m1 | @@ -871,3 +943,13 @@ enclosingMethod | private.rb:100:7:100:22 | PrivateOverride1 | private.rb:97:11:101:5 | m1 | | private.rb:100:7:100:26 | call to new | private.rb:97:11:101:5 | m1 | | private.rb:100:7:100:29 | call to m1 | private.rb:97:11:101:5 | m1 | +| toplevel_self_singleton.rb:10:9:10:27 | call to ab_singleton_method | toplevel_self_singleton.rb:9:5:11:7 | method_in_block | +| toplevel_self_singleton.rb:10:9:10:27 | self | toplevel_self_singleton.rb:9:5:11:7 | method_in_block | +| toplevel_self_singleton.rb:14:9:14:27 | call to ab_singleton_method | toplevel_self_singleton.rb:13:5:15:7 | method_in_block | +| toplevel_self_singleton.rb:14:9:14:27 | self | toplevel_self_singleton.rb:13:5:15:7 | method_in_block | +| toplevel_self_singleton.rb:20:9:20:27 | call to ab_singleton_method | toplevel_self_singleton.rb:19:5:21:7 | method_in_struct | +| toplevel_self_singleton.rb:20:9:20:27 | self | toplevel_self_singleton.rb:19:5:21:7 | method_in_struct | +| toplevel_self_singleton.rb:30:13:30:19 | call to call_me | toplevel_self_singleton.rb:29:9:32:11 | call_you | +| toplevel_self_singleton.rb:30:13:30:19 | self | toplevel_self_singleton.rb:29:9:32:11 | call_you | +| toplevel_self_singleton.rb:31:13:31:20 | call to call_you | toplevel_self_singleton.rb:29:9:32:11 | call_you | +| toplevel_self_singleton.rb:31:13:31:20 | self | toplevel_self_singleton.rb:29:9:32:11 | call_you | diff --git a/ruby/ql/test/library-tests/modules/modules.expected b/ruby/ql/test/library-tests/modules/modules.expected index 93bcb04aec5..b2ae8167d0e 100644 --- a/ruby/ql/test/library-tests/modules/modules.expected +++ b/ruby/ql/test/library-tests/modules/modules.expected @@ -26,6 +26,9 @@ getModule | calls.rb:513:1:517:3 | ProtectedMethodInModule | | calls.rb:519:1:532:3 | ProtectedMethods | | calls.rb:538:1:543:3 | ProtectedMethodsSub | +| calls.rb:552:1:555:3 | SingletonUpCall_Base | +| calls.rb:556:1:563:3 | SingletonUpCall_Sub | +| calls.rb:564:1:569:3 | SingletonUpCall_SubSub | | file://:0:0:0:0 | BasicObject | | file://:0:0:0:0 | Class | | file://:0:0:0:0 | Complex | @@ -40,6 +43,8 @@ getModule | hello.rb:1:1:8:3 | EnglishWords | | hello.rb:11:1:16:3 | Greeting | | hello.rb:18:1:22:3 | HelloWorld | +| instance_fields.rb:11:1:14:3 | A_target | +| instance_fields.rb:26:1:29:3 | B_target | | modules.rb:1:1:2:3 | Empty | | modules.rb:4:1:24:3 | Foo | | modules.rb:5:3:14:5 | Foo::Bar | @@ -71,11 +76,12 @@ getModule | modules.rb:116:7:117:9 | XX::YY | | modules.rb:123:1:124:3 | Test::Foo1::Bar::Baz | | modules_rec.rb:1:1:2:3 | B::A | -| modules_rec.rb:4:1:5:3 | A::B | | private.rb:1:1:49:3 | E | | private.rb:62:1:80:3 | F | | private.rb:82:1:94:3 | PrivateOverride1 | | private.rb:96:1:102:3 | PrivateOverride2 | +| toplevel_self_singleton.rb:2:5:5:7 | A::B | +| toplevel_self_singleton.rb:24:1:34:3 | Good | getADeclaration | calls.rb:21:1:34:3 | M | calls.rb:21:1:34:3 | M | | calls.rb:43:1:58:3 | C | calls.rb:43:1:58:3 | C | @@ -84,18 +90,23 @@ getADeclaration | calls.rb:96:1:98:3 | String | calls.rb:96:1:98:3 | String | | calls.rb:100:1:103:3 | Kernel | calls.rb:100:1:103:3 | Kernel | | calls.rb:105:1:113:3 | Module | calls.rb:105:1:113:3 | Module | -| calls.rb:115:1:118:3 | Object | calls.rb:1:1:550:40 | calls.rb | +| calls.rb:115:1:118:3 | Object | calls.rb:1:1:569:4 | calls.rb | | calls.rb:115:1:118:3 | Object | calls.rb:115:1:118:3 | Object | | calls.rb:115:1:118:3 | Object | hello.rb:1:1:22:3 | hello.rb | +| calls.rb:115:1:118:3 | Object | instance_fields.rb:1:1:29:4 | instance_fields.rb | | calls.rb:115:1:118:3 | Object | modules.rb:1:1:129:4 | modules.rb | | calls.rb:115:1:118:3 | Object | modules_rec.rb:1:1:11:26 | modules_rec.rb | | calls.rb:115:1:118:3 | Object | private.rb:1:1:105:40 | private.rb | +| calls.rb:115:1:118:3 | Object | toplevel_self_singleton.rb:1:1:34:4 | toplevel_self_singleton.rb | | calls.rb:120:1:123:3 | Hash | calls.rb:120:1:123:3 | Hash | | calls.rb:125:1:138:3 | Array | calls.rb:125:1:138:3 | Array | | calls.rb:165:1:169:3 | S | calls.rb:165:1:169:3 | S | | calls.rb:171:1:174:3 | A | calls.rb:171:1:174:3 | A | +| calls.rb:171:1:174:3 | A | instance_fields.rb:1:1:10:3 | A | | calls.rb:171:1:174:3 | A | modules_rec.rb:7:1:9:3 | A | +| calls.rb:171:1:174:3 | A | toplevel_self_singleton.rb:1:1:6:3 | A | | calls.rb:176:1:179:3 | B | calls.rb:176:1:179:3 | B | +| calls.rb:176:1:179:3 | B | instance_fields.rb:16:1:25:3 | B | | calls.rb:190:1:226:3 | Singletons | calls.rb:190:1:226:3 | Singletons | | calls.rb:310:1:321:3 | SelfNew | calls.rb:310:1:321:3 | SelfNew | | calls.rb:325:1:329:3 | C1 | calls.rb:325:1:329:3 | C1 | @@ -110,9 +121,14 @@ getADeclaration | calls.rb:513:1:517:3 | ProtectedMethodInModule | calls.rb:513:1:517:3 | ProtectedMethodInModule | | calls.rb:519:1:532:3 | ProtectedMethods | calls.rb:519:1:532:3 | ProtectedMethods | | calls.rb:538:1:543:3 | ProtectedMethodsSub | calls.rb:538:1:543:3 | ProtectedMethodsSub | +| calls.rb:552:1:555:3 | SingletonUpCall_Base | calls.rb:552:1:555:3 | SingletonUpCall_Base | +| calls.rb:556:1:563:3 | SingletonUpCall_Sub | calls.rb:556:1:563:3 | SingletonUpCall_Sub | +| calls.rb:564:1:569:3 | SingletonUpCall_SubSub | calls.rb:564:1:569:3 | SingletonUpCall_SubSub | | hello.rb:1:1:8:3 | EnglishWords | hello.rb:1:1:8:3 | EnglishWords | | hello.rb:11:1:16:3 | Greeting | hello.rb:11:1:16:3 | Greeting | | hello.rb:18:1:22:3 | HelloWorld | hello.rb:18:1:22:3 | HelloWorld | +| instance_fields.rb:11:1:14:3 | A_target | instance_fields.rb:11:1:14:3 | A_target | +| instance_fields.rb:26:1:29:3 | B_target | instance_fields.rb:26:1:29:3 | B_target | | modules.rb:1:1:2:3 | Empty | modules.rb:1:1:2:3 | Empty | | modules.rb:4:1:24:3 | Foo | modules.rb:4:1:24:3 | Foo | | modules.rb:4:1:24:3 | Foo | modules.rb:26:1:35:3 | Foo | @@ -147,11 +163,13 @@ getADeclaration | modules.rb:116:7:117:9 | XX::YY | modules.rb:116:7:117:9 | YY | | modules.rb:123:1:124:3 | Test::Foo1::Bar::Baz | modules.rb:123:1:124:3 | Baz | | modules_rec.rb:1:1:2:3 | B::A | modules_rec.rb:1:1:2:3 | A | -| modules_rec.rb:4:1:5:3 | A::B | modules_rec.rb:4:1:5:3 | B | | private.rb:1:1:49:3 | E | private.rb:1:1:49:3 | E | | private.rb:62:1:80:3 | F | private.rb:62:1:80:3 | F | | private.rb:82:1:94:3 | PrivateOverride1 | private.rb:82:1:94:3 | PrivateOverride1 | | private.rb:96:1:102:3 | PrivateOverride2 | private.rb:96:1:102:3 | PrivateOverride2 | +| toplevel_self_singleton.rb:2:5:5:7 | A::B | modules_rec.rb:4:1:5:3 | B | +| toplevel_self_singleton.rb:2:5:5:7 | A::B | toplevel_self_singleton.rb:2:5:5:7 | B | +| toplevel_self_singleton.rb:24:1:34:3 | Good | toplevel_self_singleton.rb:24:1:34:3 | Good | getSuperClass | calls.rb:43:1:58:3 | C | calls.rb:115:1:118:3 | Object | | calls.rb:65:1:69:3 | D | calls.rb:43:1:58:3 | C | @@ -175,6 +193,9 @@ getSuperClass | calls.rb:421:1:449:3 | ConditionalInstanceMethods | calls.rb:115:1:118:3 | Object | | calls.rb:519:1:532:3 | ProtectedMethods | calls.rb:115:1:118:3 | Object | | calls.rb:538:1:543:3 | ProtectedMethodsSub | calls.rb:519:1:532:3 | ProtectedMethods | +| calls.rb:552:1:555:3 | SingletonUpCall_Base | calls.rb:115:1:118:3 | Object | +| calls.rb:556:1:563:3 | SingletonUpCall_Sub | calls.rb:552:1:555:3 | SingletonUpCall_Base | +| calls.rb:564:1:569:3 | SingletonUpCall_SubSub | calls.rb:556:1:563:3 | SingletonUpCall_Sub | | file://:0:0:0:0 | Class | calls.rb:105:1:113:3 | Module | | file://:0:0:0:0 | Complex | file://:0:0:0:0 | Numeric | | file://:0:0:0:0 | FalseClass | calls.rb:115:1:118:3 | Object | @@ -185,6 +206,8 @@ getSuperClass | file://:0:0:0:0 | TrueClass | calls.rb:115:1:118:3 | Object | | hello.rb:11:1:16:3 | Greeting | calls.rb:115:1:118:3 | Object | | hello.rb:18:1:22:3 | HelloWorld | hello.rb:11:1:16:3 | Greeting | +| instance_fields.rb:11:1:14:3 | A_target | calls.rb:115:1:118:3 | Object | +| instance_fields.rb:26:1:29:3 | B_target | calls.rb:115:1:118:3 | Object | | modules.rb:6:5:7:7 | Foo::Bar::ClassInFooBar | calls.rb:115:1:118:3 | Object | | modules.rb:19:3:20:5 | Foo::ClassInFoo | calls.rb:115:1:118:3 | Object | | modules.rb:30:3:31:5 | Foo::ClassInAnotherDefinitionOfFoo | calls.rb:115:1:118:3 | Object | @@ -195,13 +218,13 @@ getSuperClass | modules.rb:112:1:113:3 | YY | calls.rb:115:1:118:3 | Object | | modules.rb:116:7:117:9 | XX::YY | modules.rb:112:1:113:3 | YY | | modules_rec.rb:1:1:2:3 | B::A | calls.rb:115:1:118:3 | Object | -| modules_rec.rb:4:1:5:3 | A::B | calls.rb:115:1:118:3 | Object | | private.rb:1:1:49:3 | E | calls.rb:115:1:118:3 | Object | | private.rb:82:1:94:3 | PrivateOverride1 | calls.rb:115:1:118:3 | Object | | private.rb:96:1:102:3 | PrivateOverride2 | private.rb:82:1:94:3 | PrivateOverride1 | +| toplevel_self_singleton.rb:2:5:5:7 | A::B | calls.rb:115:1:118:3 | Object | getAPrependedModule | calls.rb:115:1:118:3 | Object | calls.rb:171:1:174:3 | A | -| calls.rb:171:1:174:3 | A | modules_rec.rb:4:1:5:3 | A::B | +| calls.rb:171:1:174:3 | A | toplevel_self_singleton.rb:2:5:5:7 | A::B | | modules.rb:101:1:105:3 | PrependTest | modules.rb:63:1:81:3 | Test | getAnIncludedModule | calls.rb:43:1:58:3 | C | calls.rb:21:1:34:3 | M | @@ -297,8 +320,12 @@ resolveConstantReadAccess | calls.rb:549:1:549:7 | Array | Array | | calls.rb:549:2:549:2 | C | C | | calls.rb:550:1:550:13 | Array | Array | +| calls.rb:556:29:556:48 | SingletonUpCall_Base | SingletonUpCall_Base | +| calls.rb:564:32:564:50 | SingletonUpCall_Sub | SingletonUpCall_Sub | | hello.rb:12:13:12:24 | EnglishWords | EnglishWords | | hello.rb:18:20:18:27 | Greeting | Greeting | +| instance_fields.rb:4:22:4:31 | A_target | A_target | +| instance_fields.rb:19:22:19:31 | B_target | B_target | | modules.rb:48:8:48:10 | Foo | Foo | | modules.rb:66:11:66:14 | Foo1 | Test::Foo1 | | modules.rb:72:11:72:14 | Foo2 | Test::Foo2::Foo2 | @@ -361,9 +388,16 @@ resolveConstantWriteAccess | calls.rb:513:1:517:3 | ProtectedMethodInModule | ProtectedMethodInModule | | calls.rb:519:1:532:3 | ProtectedMethods | ProtectedMethods | | calls.rb:538:1:543:3 | ProtectedMethodsSub | ProtectedMethodsSub | +| calls.rb:552:1:555:3 | SingletonUpCall_Base | SingletonUpCall_Base | +| calls.rb:556:1:563:3 | SingletonUpCall_Sub | SingletonUpCall_Sub | +| calls.rb:564:1:569:3 | SingletonUpCall_SubSub | SingletonUpCall_SubSub | | hello.rb:1:1:8:3 | EnglishWords | EnglishWords | | hello.rb:11:1:16:3 | Greeting | Greeting | | hello.rb:18:1:22:3 | HelloWorld | HelloWorld | +| instance_fields.rb:1:1:10:3 | A | A | +| instance_fields.rb:11:1:14:3 | A_target | A_target | +| instance_fields.rb:16:1:25:3 | B | B | +| instance_fields.rb:26:1:29:3 | B_target | B_target | | modules.rb:1:1:2:3 | Empty | Empty | | modules.rb:4:1:24:3 | Foo | Foo | | modules.rb:5:3:14:5 | Bar | Foo::Bar | @@ -414,33 +448,37 @@ resolveConstantWriteAccess | private.rb:62:1:80:3 | F | F | | private.rb:82:1:94:3 | PrivateOverride1 | PrivateOverride1 | | private.rb:96:1:102:3 | PrivateOverride2 | PrivateOverride2 | +| toplevel_self_singleton.rb:1:1:6:3 | A | A | +| toplevel_self_singleton.rb:2:5:5:7 | B | A::B | +| toplevel_self_singleton.rb:18:1:18:8 | MyStruct | MyStruct | +| toplevel_self_singleton.rb:24:1:34:3 | Good | Good | enclosingModule -| calls.rb:1:1:3:3 | foo | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:2:5:2:14 | call to puts | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:2:5:2:14 | self | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:2:10:2:14 | "foo" | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:2:11:2:13 | foo | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:5:1:5:3 | call to foo | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:5:1:5:3 | self | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:7:1:9:3 | bar | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:7:5:7:8 | self | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:8:5:8:15 | call to puts | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:8:5:8:15 | self | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:8:10:8:15 | "bar1" | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:8:11:8:14 | bar1 | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:11:1:11:4 | self | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:11:1:11:8 | call to bar | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:13:1:15:3 | bar | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:13:5:13:8 | self | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:14:5:14:15 | call to puts | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:14:5:14:15 | self | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:14:10:14:15 | "bar2" | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:14:11:14:14 | bar2 | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:17:1:17:4 | self | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:17:1:17:8 | call to bar | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:19:1:19:4 | self | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:19:1:19:8 | call to foo | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:21:1:34:3 | M | calls.rb:1:1:550:40 | calls.rb | +| calls.rb:1:1:3:3 | foo | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:2:5:2:14 | call to puts | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:2:5:2:14 | self | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:2:10:2:14 | "foo" | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:2:11:2:13 | foo | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:5:1:5:3 | call to foo | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:5:1:5:3 | self | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:7:1:9:3 | bar | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:7:5:7:8 | self | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:8:5:8:15 | call to puts | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:8:5:8:15 | self | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:8:10:8:15 | "bar1" | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:8:11:8:14 | bar1 | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:11:1:11:4 | self | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:11:1:11:8 | call to bar | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:13:1:15:3 | bar | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:13:5:13:8 | self | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:14:5:14:15 | call to puts | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:14:5:14:15 | self | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:14:10:14:15 | "bar2" | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:14:11:14:14 | bar2 | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:17:1:17:4 | self | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:17:1:17:8 | call to bar | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:19:1:19:4 | self | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:19:1:19:8 | call to foo | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:21:1:34:3 | M | calls.rb:1:1:569:4 | calls.rb | | calls.rb:22:5:24:7 | instance_m | calls.rb:21:1:34:3 | M | | calls.rb:23:9:23:19 | call to singleton_m | calls.rb:21:1:34:3 | M | | calls.rb:23:9:23:19 | self | calls.rb:21:1:34:3 | M | @@ -456,14 +494,14 @@ enclosingModule | calls.rb:32:5:32:15 | self | calls.rb:21:1:34:3 | M | | calls.rb:33:5:33:8 | self | calls.rb:21:1:34:3 | M | | calls.rb:33:5:33:20 | call to singleton_m | calls.rb:21:1:34:3 | M | -| calls.rb:36:1:36:1 | M | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:36:1:36:12 | call to instance_m | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:37:1:37:1 | M | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:37:1:37:13 | call to singleton_m | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:39:1:41:3 | call_instance_m | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:40:5:40:14 | call to instance_m | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:40:5:40:14 | self | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:43:1:58:3 | C | calls.rb:1:1:550:40 | calls.rb | +| calls.rb:36:1:36:1 | M | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:36:1:36:12 | call to instance_m | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:37:1:37:1 | M | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:37:1:37:13 | call to singleton_m | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:39:1:41:3 | call_instance_m | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:40:5:40:14 | call to instance_m | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:40:5:40:14 | self | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:43:1:58:3 | C | calls.rb:1:1:569:4 | calls.rb | | calls.rb:44:5:44:13 | call to include | calls.rb:43:1:58:3 | C | | calls.rb:44:5:44:13 | self | calls.rb:43:1:58:3 | C | | calls.rb:44:13:44:13 | M | calls.rb:43:1:58:3 | C | @@ -484,66 +522,66 @@ enclosingModule | calls.rb:55:9:55:19 | self | calls.rb:43:1:58:3 | C | | calls.rb:56:9:56:12 | self | calls.rb:43:1:58:3 | C | | calls.rb:56:9:56:24 | call to singleton_m | calls.rb:43:1:58:3 | C | -| calls.rb:60:1:60:1 | c | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:60:1:60:9 | ... = ... | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:60:5:60:5 | C | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:60:5:60:9 | call to new | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:61:1:61:1 | c | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:61:1:61:5 | call to baz | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:62:1:62:1 | c | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:62:1:62:13 | call to singleton_m | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:63:1:63:1 | c | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:63:1:63:12 | call to instance_m | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:65:1:69:3 | D | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:65:11:65:11 | C | calls.rb:1:1:550:40 | calls.rb | +| calls.rb:60:1:60:1 | c | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:60:1:60:9 | ... = ... | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:60:5:60:5 | C | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:60:5:60:9 | call to new | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:61:1:61:1 | c | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:61:1:61:5 | call to baz | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:62:1:62:1 | c | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:62:1:62:13 | call to singleton_m | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:63:1:63:1 | c | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:63:1:63:12 | call to instance_m | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:65:1:69:3 | D | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:65:11:65:11 | C | calls.rb:1:1:569:4 | calls.rb | | calls.rb:66:5:68:7 | baz | calls.rb:65:1:69:3 | D | | calls.rb:67:9:67:13 | call to super | calls.rb:65:1:69:3 | D | -| calls.rb:71:1:71:1 | d | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:71:1:71:9 | ... = ... | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:71:5:71:5 | D | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:71:5:71:9 | call to new | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:72:1:72:1 | d | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:72:1:72:5 | call to baz | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:73:1:73:1 | d | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:73:1:73:13 | call to singleton_m | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:74:1:74:1 | d | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:74:1:74:12 | call to instance_m | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:76:1:79:3 | optional_arg | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:76:18:76:18 | a | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:76:18:76:18 | a | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:76:22:76:22 | 4 | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:76:25:76:25 | b | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:76:25:76:25 | b | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:76:28:76:28 | 5 | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:77:5:77:5 | a | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:77:5:77:16 | call to bit_length | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:78:5:78:5 | b | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:78:5:78:16 | call to bit_length | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:81:1:83:3 | call_block | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:82:5:82:11 | yield ... | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:82:11:82:11 | 1 | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:85:1:89:3 | foo | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:86:5:86:7 | var | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:86:5:86:18 | ... = ... | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:86:11:86:14 | Hash | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:86:11:86:18 | call to new | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:87:5:87:7 | var | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:87:5:87:10 | ...[...] | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:87:9:87:9 | 1 | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:88:5:88:29 | call to call_block | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:88:5:88:29 | self | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:88:16:88:29 | { ... } | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:88:19:88:19 | x | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:88:19:88:19 | x | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:88:22:88:24 | var | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:88:22:88:27 | ...[...] | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:88:26:88:26 | x | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:91:1:94:3 | Integer | calls.rb:1:1:550:40 | calls.rb | +| calls.rb:71:1:71:1 | d | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:71:1:71:9 | ... = ... | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:71:5:71:5 | D | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:71:5:71:9 | call to new | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:72:1:72:1 | d | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:72:1:72:5 | call to baz | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:73:1:73:1 | d | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:73:1:73:13 | call to singleton_m | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:74:1:74:1 | d | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:74:1:74:12 | call to instance_m | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:76:1:79:3 | optional_arg | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:76:18:76:18 | a | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:76:18:76:18 | a | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:76:22:76:22 | 4 | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:76:25:76:25 | b | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:76:25:76:25 | b | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:76:28:76:28 | 5 | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:77:5:77:5 | a | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:77:5:77:16 | call to bit_length | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:78:5:78:5 | b | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:78:5:78:16 | call to bit_length | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:81:1:83:3 | call_block | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:82:5:82:11 | yield ... | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:82:11:82:11 | 1 | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:85:1:89:3 | foo | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:86:5:86:7 | var | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:86:5:86:18 | ... = ... | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:86:11:86:14 | Hash | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:86:11:86:18 | call to new | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:87:5:87:7 | var | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:87:5:87:10 | ...[...] | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:87:9:87:9 | 1 | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:88:5:88:29 | call to call_block | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:88:5:88:29 | self | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:88:16:88:29 | { ... } | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:88:19:88:19 | x | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:88:19:88:19 | x | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:88:22:88:24 | var | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:88:22:88:27 | ...[...] | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:88:26:88:26 | x | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:91:1:94:3 | Integer | calls.rb:1:1:569:4 | calls.rb | | calls.rb:92:5:92:23 | bit_length | calls.rb:91:1:94:3 | Integer | | calls.rb:93:5:93:16 | abs | calls.rb:91:1:94:3 | Integer | -| calls.rb:96:1:98:3 | String | calls.rb:1:1:550:40 | calls.rb | +| calls.rb:96:1:98:3 | String | calls.rb:1:1:569:4 | calls.rb | | calls.rb:97:5:97:23 | capitalize | calls.rb:96:1:98:3 | String | -| calls.rb:100:1:103:3 | Kernel | calls.rb:1:1:550:40 | calls.rb | +| calls.rb:100:1:103:3 | Kernel | calls.rb:1:1:569:4 | calls.rb | | calls.rb:101:5:101:25 | alias ... | calls.rb:100:1:103:3 | Kernel | | calls.rb:101:11:101:19 | :old_puts | calls.rb:100:1:103:3 | Kernel | | calls.rb:101:11:101:19 | old_puts | calls.rb:100:1:103:3 | Kernel | @@ -555,7 +593,7 @@ enclosingModule | calls.rb:102:17:102:26 | call to old_puts | calls.rb:100:1:103:3 | Kernel | | calls.rb:102:17:102:26 | self | calls.rb:100:1:103:3 | Kernel | | calls.rb:102:26:102:26 | x | calls.rb:100:1:103:3 | Kernel | -| calls.rb:105:1:113:3 | Module | calls.rb:1:1:550:40 | calls.rb | +| calls.rb:105:1:113:3 | Module | calls.rb:1:1:569:4 | calls.rb | | calls.rb:106:5:106:31 | alias ... | calls.rb:105:1:113:3 | Module | | calls.rb:106:11:106:22 | :old_include | calls.rb:105:1:113:3 | Module | | calls.rb:106:11:106:22 | old_include | calls.rb:105:1:113:3 | Module | @@ -570,13 +608,13 @@ enclosingModule | calls.rb:109:21:109:21 | x | calls.rb:105:1:113:3 | Module | | calls.rb:111:5:111:20 | prepend | calls.rb:105:1:113:3 | Module | | calls.rb:112:5:112:20 | private | calls.rb:105:1:113:3 | Module | -| calls.rb:115:1:118:3 | Object | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:115:16:115:21 | Module | calls.rb:1:1:550:40 | calls.rb | +| calls.rb:115:1:118:3 | Object | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:115:16:115:21 | Module | calls.rb:1:1:569:4 | calls.rb | | calls.rb:116:5:116:18 | call to include | calls.rb:115:1:118:3 | Object | | calls.rb:116:5:116:18 | self | calls.rb:115:1:118:3 | Object | | calls.rb:116:13:116:18 | Kernel | calls.rb:115:1:118:3 | Object | | calls.rb:117:5:117:16 | new | calls.rb:115:1:118:3 | Object | -| calls.rb:120:1:123:3 | Hash | calls.rb:1:1:550:40 | calls.rb | +| calls.rb:120:1:123:3 | Hash | calls.rb:1:1:569:4 | calls.rb | | calls.rb:121:5:121:25 | alias ... | calls.rb:120:1:123:3 | Hash | | calls.rb:121:11:121:21 | :old_lookup | calls.rb:120:1:123:3 | Hash | | calls.rb:121:11:121:21 | old_lookup | calls.rb:120:1:123:3 | Hash | @@ -588,7 +626,7 @@ enclosingModule | calls.rb:122:15:122:27 | call to old_lookup | calls.rb:120:1:123:3 | Hash | | calls.rb:122:15:122:27 | self | calls.rb:120:1:123:3 | Hash | | calls.rb:122:26:122:26 | x | calls.rb:120:1:123:3 | Hash | -| calls.rb:125:1:138:3 | Array | calls.rb:1:1:550:40 | calls.rb | +| calls.rb:125:1:138:3 | Array | calls.rb:1:1:569:4 | calls.rb | | calls.rb:126:3:126:23 | alias ... | calls.rb:125:1:138:3 | Array | | calls.rb:126:9:126:19 | :old_lookup | calls.rb:125:1:138:3 | Array | | calls.rb:126:9:126:19 | old_lookup | calls.rb:125:1:138:3 | Array | @@ -624,130 +662,130 @@ enclosingModule | calls.rb:135:9:135:14 | ... = ... | calls.rb:125:1:138:3 | Array | | calls.rb:135:11:135:12 | ... + ... | calls.rb:125:1:138:3 | Array | | calls.rb:135:14:135:14 | 1 | calls.rb:125:1:138:3 | Array | -| calls.rb:140:1:142:3 | funny | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:141:5:141:20 | yield ... | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:141:11:141:20 | "prefix: " | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:141:12:141:19 | prefix: | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:144:1:144:30 | call to funny | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:144:1:144:30 | self | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:144:7:144:30 | { ... } | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:144:10:144:10 | i | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:144:10:144:10 | i | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:144:13:144:29 | call to puts | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:144:13:144:29 | self | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:144:18:144:18 | i | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:144:18:144:29 | call to capitalize | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:146:1:146:3 | "a" | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:146:1:146:14 | call to capitalize | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:146:2:146:2 | a | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:147:1:147:1 | 1 | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:147:1:147:12 | call to bit_length | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:148:1:148:1 | 1 | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:148:1:148:5 | call to abs | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:150:1:150:13 | Array | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:150:1:150:13 | [...] | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:150:1:150:13 | call to [] | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:150:1:150:62 | call to foreach | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:150:2:150:4 | "a" | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:150:3:150:3 | a | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:150:6:150:8 | "b" | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:150:7:150:7 | b | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:150:10:150:12 | "c" | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:150:11:150:11 | c | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:150:23:150:62 | { ... } | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:150:26:150:26 | i | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:150:26:150:26 | i | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:150:29:150:29 | v | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:150:29:150:29 | v | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:150:32:150:61 | call to puts | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:150:32:150:61 | self | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:150:37:150:61 | "#{...} -> #{...}" | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:150:38:150:41 | #{...} | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:150:40:150:40 | i | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:150:42:150:45 | -> | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:150:46:150:60 | #{...} | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:150:48:150:48 | v | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:150:48:150:59 | call to capitalize | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:152:1:152:7 | Array | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:152:1:152:7 | [...] | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:152:1:152:7 | call to [] | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:152:1:152:35 | call to foreach | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:152:2:152:2 | 1 | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:152:4:152:4 | 2 | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:152:6:152:6 | 3 | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:152:17:152:35 | { ... } | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:152:20:152:20 | i | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:152:20:152:20 | i | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:152:23:152:23 | i | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:152:23:152:34 | call to bit_length | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:154:1:154:7 | Array | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:154:1:154:7 | [...] | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:154:1:154:7 | call to [] | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:154:1:154:40 | call to foreach | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:154:2:154:2 | 1 | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:154:4:154:4 | 2 | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:154:6:154:6 | 3 | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:154:17:154:40 | { ... } | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:154:20:154:20 | i | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:154:20:154:20 | i | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:154:23:154:39 | call to puts | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:154:23:154:39 | self | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:154:28:154:28 | i | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:154:28:154:39 | call to capitalize | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:156:1:156:8 | Array | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:156:1:156:8 | [...] | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:156:1:156:8 | call to [] | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:156:1:156:37 | call to foreach | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:156:2:156:2 | 1 | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:156:4:156:5 | - ... | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:156:5:156:5 | 2 | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:156:7:156:7 | 3 | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:156:18:156:37 | { ... } | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:156:21:156:21 | _ | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:156:21:156:21 | _ | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:156:24:156:24 | v | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:156:24:156:24 | v | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:156:27:156:36 | call to puts | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:156:27:156:36 | self | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:156:32:156:32 | v | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:156:32:156:36 | call to abs | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:158:1:160:3 | indirect | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:158:14:158:15 | &b | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:158:15:158:15 | b | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:159:5:159:17 | call to call_block | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:159:5:159:17 | self | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:159:16:159:17 | &... | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:159:17:159:17 | b | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:162:1:162:28 | call to indirect | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:162:1:162:28 | self | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:162:10:162:28 | { ... } | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:162:13:162:13 | i | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:162:13:162:13 | i | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:162:16:162:16 | i | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:162:16:162:27 | call to bit_length | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:165:1:169:3 | S | calls.rb:1:1:550:40 | calls.rb | +| calls.rb:140:1:142:3 | funny | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:141:5:141:20 | yield ... | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:141:11:141:20 | "prefix: " | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:141:12:141:19 | prefix: | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:144:1:144:30 | call to funny | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:144:1:144:30 | self | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:144:7:144:30 | { ... } | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:144:10:144:10 | i | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:144:10:144:10 | i | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:144:13:144:29 | call to puts | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:144:13:144:29 | self | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:144:18:144:18 | i | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:144:18:144:29 | call to capitalize | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:146:1:146:3 | "a" | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:146:1:146:14 | call to capitalize | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:146:2:146:2 | a | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:147:1:147:1 | 1 | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:147:1:147:12 | call to bit_length | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:148:1:148:1 | 1 | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:148:1:148:5 | call to abs | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:150:1:150:13 | Array | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:150:1:150:13 | [...] | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:150:1:150:13 | call to [] | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:150:1:150:62 | call to foreach | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:150:2:150:4 | "a" | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:150:3:150:3 | a | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:150:6:150:8 | "b" | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:150:7:150:7 | b | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:150:10:150:12 | "c" | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:150:11:150:11 | c | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:150:23:150:62 | { ... } | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:150:26:150:26 | i | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:150:26:150:26 | i | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:150:29:150:29 | v | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:150:29:150:29 | v | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:150:32:150:61 | call to puts | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:150:32:150:61 | self | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:150:37:150:61 | "#{...} -> #{...}" | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:150:38:150:41 | #{...} | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:150:40:150:40 | i | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:150:42:150:45 | -> | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:150:46:150:60 | #{...} | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:150:48:150:48 | v | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:150:48:150:59 | call to capitalize | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:152:1:152:7 | Array | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:152:1:152:7 | [...] | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:152:1:152:7 | call to [] | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:152:1:152:35 | call to foreach | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:152:2:152:2 | 1 | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:152:4:152:4 | 2 | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:152:6:152:6 | 3 | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:152:17:152:35 | { ... } | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:152:20:152:20 | i | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:152:20:152:20 | i | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:152:23:152:23 | i | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:152:23:152:34 | call to bit_length | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:154:1:154:7 | Array | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:154:1:154:7 | [...] | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:154:1:154:7 | call to [] | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:154:1:154:40 | call to foreach | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:154:2:154:2 | 1 | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:154:4:154:4 | 2 | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:154:6:154:6 | 3 | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:154:17:154:40 | { ... } | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:154:20:154:20 | i | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:154:20:154:20 | i | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:154:23:154:39 | call to puts | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:154:23:154:39 | self | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:154:28:154:28 | i | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:154:28:154:39 | call to capitalize | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:156:1:156:8 | Array | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:156:1:156:8 | [...] | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:156:1:156:8 | call to [] | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:156:1:156:37 | call to foreach | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:156:2:156:2 | 1 | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:156:4:156:5 | - ... | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:156:5:156:5 | 2 | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:156:7:156:7 | 3 | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:156:18:156:37 | { ... } | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:156:21:156:21 | _ | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:156:21:156:21 | _ | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:156:24:156:24 | v | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:156:24:156:24 | v | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:156:27:156:36 | call to puts | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:156:27:156:36 | self | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:156:32:156:32 | v | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:156:32:156:36 | call to abs | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:158:1:160:3 | indirect | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:158:14:158:15 | &b | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:158:15:158:15 | b | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:159:5:159:17 | call to call_block | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:159:5:159:17 | self | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:159:16:159:17 | &... | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:159:17:159:17 | b | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:162:1:162:28 | call to indirect | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:162:1:162:28 | self | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:162:10:162:28 | { ... } | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:162:13:162:13 | i | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:162:13:162:13 | i | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:162:16:162:16 | i | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:162:16:162:27 | call to bit_length | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:165:1:169:3 | S | calls.rb:1:1:569:4 | calls.rb | | calls.rb:166:5:168:7 | s_method | calls.rb:165:1:169:3 | S | | calls.rb:167:9:167:12 | self | calls.rb:165:1:169:3 | S | | calls.rb:167:9:167:17 | call to to_s | calls.rb:165:1:169:3 | S | -| calls.rb:171:1:174:3 | A | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:171:11:171:11 | S | calls.rb:1:1:550:40 | calls.rb | +| calls.rb:171:1:174:3 | A | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:171:11:171:11 | S | calls.rb:1:1:569:4 | calls.rb | | calls.rb:172:5:173:7 | to_s | calls.rb:171:1:174:3 | A | -| calls.rb:176:1:179:3 | B | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:176:11:176:11 | S | calls.rb:1:1:550:40 | calls.rb | +| calls.rb:176:1:179:3 | B | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:176:11:176:11 | S | calls.rb:1:1:569:4 | calls.rb | | calls.rb:177:5:178:7 | to_s | calls.rb:176:1:179:3 | B | -| calls.rb:181:1:181:1 | S | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:181:1:181:5 | call to new | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:181:1:181:14 | call to s_method | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:182:1:182:1 | A | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:182:1:182:5 | call to new | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:182:1:182:14 | call to s_method | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:183:1:183:1 | B | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:183:1:183:5 | call to new | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:183:1:183:14 | call to s_method | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:185:1:186:3 | private_on_main | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:188:1:188:15 | call to private_on_main | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:188:1:188:15 | self | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:190:1:226:3 | Singletons | calls.rb:1:1:550:40 | calls.rb | +| calls.rb:181:1:181:1 | S | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:181:1:181:5 | call to new | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:181:1:181:14 | call to s_method | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:182:1:182:1 | A | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:182:1:182:5 | call to new | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:182:1:182:14 | call to s_method | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:183:1:183:1 | B | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:183:1:183:5 | call to new | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:183:1:183:14 | call to s_method | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:185:1:186:3 | private_on_main | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:188:1:188:15 | call to private_on_main | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:188:1:188:15 | self | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:190:1:226:3 | Singletons | calls.rb:1:1:569:4 | calls.rb | | calls.rb:191:5:194:7 | singleton_a | calls.rb:190:1:226:3 | Singletons | | calls.rb:191:9:191:12 | self | calls.rb:190:1:226:3 | Singletons | | calls.rb:192:9:192:26 | call to puts | calls.rb:190:1:226:3 | Singletons | @@ -797,126 +835,126 @@ enclosingModule | calls.rb:223:5:225:7 | call_singleton_g | calls.rb:190:1:226:3 | Singletons | | calls.rb:224:9:224:12 | self | calls.rb:190:1:226:3 | Singletons | | calls.rb:224:9:224:24 | call to singleton_g | calls.rb:190:1:226:3 | Singletons | -| calls.rb:228:1:228:10 | Singletons | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:228:1:228:22 | call to singleton_a | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:229:1:229:10 | Singletons | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:229:1:229:22 | call to singleton_f | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:231:1:231:2 | c1 | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:231:1:231:19 | ... = ... | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:231:6:231:15 | Singletons | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:231:6:231:19 | call to new | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:233:1:233:2 | c1 | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:233:1:233:11 | call to instance | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:234:1:234:2 | c1 | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:234:1:234:14 | call to singleton_e | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:236:1:238:3 | singleton_g | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:236:5:236:6 | c1 | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:237:5:237:24 | call to puts | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:237:5:237:24 | self | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:237:10:237:24 | "singleton_g_1" | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:237:11:237:23 | singleton_g_1 | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:240:1:240:2 | c1 | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:240:1:240:14 | call to singleton_g | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:241:1:241:2 | c1 | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:241:1:241:19 | call to call_singleton_g | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:243:1:245:3 | singleton_g | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:243:5:243:6 | c1 | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:244:5:244:24 | call to puts | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:244:5:244:24 | self | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:244:10:244:24 | "singleton_g_2" | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:244:11:244:23 | singleton_g_2 | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:247:1:247:2 | c1 | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:247:1:247:14 | call to singleton_g | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:248:1:248:2 | c1 | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:248:1:248:19 | call to call_singleton_g | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:250:1:254:3 | class << ... | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:250:10:250:11 | c1 | calls.rb:1:1:550:40 | calls.rb | +| calls.rb:228:1:228:10 | Singletons | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:228:1:228:22 | call to singleton_a | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:229:1:229:10 | Singletons | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:229:1:229:22 | call to singleton_f | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:231:1:231:2 | c1 | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:231:1:231:19 | ... = ... | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:231:6:231:15 | Singletons | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:231:6:231:19 | call to new | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:233:1:233:2 | c1 | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:233:1:233:11 | call to instance | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:234:1:234:2 | c1 | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:234:1:234:14 | call to singleton_e | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:236:1:238:3 | singleton_g | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:236:5:236:6 | c1 | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:237:5:237:24 | call to puts | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:237:5:237:24 | self | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:237:10:237:24 | "singleton_g_1" | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:237:11:237:23 | singleton_g_1 | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:240:1:240:2 | c1 | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:240:1:240:14 | call to singleton_g | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:241:1:241:2 | c1 | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:241:1:241:19 | call to call_singleton_g | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:243:1:245:3 | singleton_g | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:243:5:243:6 | c1 | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:244:5:244:24 | call to puts | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:244:5:244:24 | self | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:244:10:244:24 | "singleton_g_2" | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:244:11:244:23 | singleton_g_2 | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:247:1:247:2 | c1 | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:247:1:247:14 | call to singleton_g | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:248:1:248:2 | c1 | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:248:1:248:19 | call to call_singleton_g | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:250:1:254:3 | class << ... | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:250:10:250:11 | c1 | calls.rb:1:1:569:4 | calls.rb | | calls.rb:251:5:253:7 | singleton_g | calls.rb:250:1:254:3 | class << ... | | calls.rb:252:9:252:28 | call to puts | calls.rb:250:1:254:3 | class << ... | | calls.rb:252:9:252:28 | self | calls.rb:250:1:254:3 | class << ... | | calls.rb:252:14:252:28 | "singleton_g_3" | calls.rb:250:1:254:3 | class << ... | | calls.rb:252:15:252:27 | singleton_g_3 | calls.rb:250:1:254:3 | class << ... | -| calls.rb:256:1:256:2 | c1 | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:256:1:256:14 | call to singleton_g | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:257:1:257:2 | c1 | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:257:1:257:19 | call to call_singleton_g | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:259:1:259:2 | c2 | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:259:1:259:19 | ... = ... | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:259:6:259:15 | Singletons | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:259:6:259:19 | call to new | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:260:1:260:2 | c2 | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:260:1:260:14 | call to singleton_e | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:261:1:261:2 | c2 | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:261:1:261:14 | call to singleton_g | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:263:1:263:4 | self | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:263:1:263:8 | call to new | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:265:1:265:16 | call to puts | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:265:1:265:16 | self | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:265:6:265:16 | "top-level" | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:265:7:265:15 | top-level | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:267:1:269:3 | singleton_g | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:267:5:267:14 | Singletons | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:268:5:268:22 | call to puts | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:268:5:268:22 | self | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:268:10:268:22 | "singleton_g" | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:268:11:268:21 | singleton_g | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:271:1:271:10 | Singletons | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:271:1:271:22 | call to singleton_g | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:272:1:272:2 | c1 | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:272:1:272:14 | call to singleton_g | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:273:1:273:2 | c1 | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:273:1:273:19 | call to call_singleton_g | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:274:1:274:2 | c2 | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:274:1:274:14 | call to singleton_g | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:275:1:275:2 | c3 | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:275:1:275:19 | ... = ... | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:275:6:275:15 | Singletons | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:275:6:275:19 | call to new | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:276:1:276:2 | c3 | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:276:1:276:14 | call to singleton_g | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:278:1:286:3 | create | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:278:12:278:15 | type | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:278:12:278:15 | type | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:279:5:279:8 | type | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:279:5:279:12 | call to new | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:279:5:279:21 | call to instance | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:281:5:283:7 | singleton_h | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:281:9:281:12 | type | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:282:9:282:26 | call to puts | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:282:9:282:26 | self | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:282:14:282:26 | "singleton_h" | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:282:15:282:25 | singleton_h | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:285:5:285:8 | type | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:285:5:285:20 | call to singleton_h | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:288:1:288:17 | call to create | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:288:1:288:17 | self | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:288:8:288:17 | Singletons | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:289:1:289:10 | Singletons | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:289:1:289:22 | call to singleton_h | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:291:1:291:1 | x | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:291:1:291:14 | ... = ... | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:291:5:291:14 | Singletons | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:293:1:297:3 | class << ... | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:293:10:293:10 | x | calls.rb:1:1:550:40 | calls.rb | +| calls.rb:256:1:256:2 | c1 | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:256:1:256:14 | call to singleton_g | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:257:1:257:2 | c1 | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:257:1:257:19 | call to call_singleton_g | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:259:1:259:2 | c2 | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:259:1:259:19 | ... = ... | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:259:6:259:15 | Singletons | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:259:6:259:19 | call to new | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:260:1:260:2 | c2 | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:260:1:260:14 | call to singleton_e | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:261:1:261:2 | c2 | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:261:1:261:14 | call to singleton_g | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:263:1:263:4 | self | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:263:1:263:8 | call to new | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:265:1:265:16 | call to puts | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:265:1:265:16 | self | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:265:6:265:16 | "top-level" | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:265:7:265:15 | top-level | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:267:1:269:3 | singleton_g | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:267:5:267:14 | Singletons | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:268:5:268:22 | call to puts | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:268:5:268:22 | self | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:268:10:268:22 | "singleton_g" | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:268:11:268:21 | singleton_g | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:271:1:271:10 | Singletons | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:271:1:271:22 | call to singleton_g | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:272:1:272:2 | c1 | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:272:1:272:14 | call to singleton_g | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:273:1:273:2 | c1 | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:273:1:273:19 | call to call_singleton_g | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:274:1:274:2 | c2 | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:274:1:274:14 | call to singleton_g | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:275:1:275:2 | c3 | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:275:1:275:19 | ... = ... | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:275:6:275:15 | Singletons | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:275:6:275:19 | call to new | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:276:1:276:2 | c3 | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:276:1:276:14 | call to singleton_g | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:278:1:286:3 | create | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:278:12:278:15 | type | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:278:12:278:15 | type | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:279:5:279:8 | type | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:279:5:279:12 | call to new | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:279:5:279:21 | call to instance | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:281:5:283:7 | singleton_h | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:281:9:281:12 | type | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:282:9:282:26 | call to puts | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:282:9:282:26 | self | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:282:14:282:26 | "singleton_h" | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:282:15:282:25 | singleton_h | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:285:5:285:8 | type | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:285:5:285:20 | call to singleton_h | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:288:1:288:17 | call to create | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:288:1:288:17 | self | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:288:8:288:17 | Singletons | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:289:1:289:10 | Singletons | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:289:1:289:22 | call to singleton_h | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:291:1:291:1 | x | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:291:1:291:14 | ... = ... | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:291:5:291:14 | Singletons | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:293:1:297:3 | class << ... | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:293:10:293:10 | x | calls.rb:1:1:569:4 | calls.rb | | calls.rb:294:5:296:7 | singleton_i | calls.rb:293:1:297:3 | class << ... | | calls.rb:295:9:295:26 | call to puts | calls.rb:293:1:297:3 | class << ... | | calls.rb:295:9:295:26 | self | calls.rb:293:1:297:3 | class << ... | | calls.rb:295:14:295:26 | "singleton_i" | calls.rb:293:1:297:3 | class << ... | | calls.rb:295:15:295:25 | singleton_i | calls.rb:293:1:297:3 | class << ... | -| calls.rb:299:1:299:1 | x | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:299:1:299:13 | call to singleton_i | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:300:1:300:10 | Singletons | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:300:1:300:22 | call to singleton_i | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:302:1:306:3 | class << ... | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:302:10:302:19 | Singletons | calls.rb:1:1:550:40 | calls.rb | +| calls.rb:299:1:299:1 | x | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:299:1:299:13 | call to singleton_i | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:300:1:300:10 | Singletons | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:300:1:300:22 | call to singleton_i | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:302:1:306:3 | class << ... | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:302:10:302:19 | Singletons | calls.rb:1:1:569:4 | calls.rb | | calls.rb:303:5:305:7 | singleton_j | calls.rb:302:1:306:3 | class << ... | | calls.rb:304:9:304:26 | call to puts | calls.rb:302:1:306:3 | class << ... | | calls.rb:304:9:304:26 | self | calls.rb:302:1:306:3 | class << ... | | calls.rb:304:14:304:26 | "singleton_j" | calls.rb:302:1:306:3 | class << ... | | calls.rb:304:15:304:25 | singleton_j | calls.rb:302:1:306:3 | class << ... | -| calls.rb:308:1:308:10 | Singletons | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:308:1:308:22 | call to singleton_j | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:310:1:321:3 | SelfNew | calls.rb:1:1:550:40 | calls.rb | +| calls.rb:308:1:308:10 | Singletons | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:308:1:308:22 | call to singleton_j | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:310:1:321:3 | SelfNew | calls.rb:1:1:569:4 | calls.rb | | calls.rb:311:5:314:7 | instance | calls.rb:310:1:321:3 | SelfNew | | calls.rb:312:9:312:31 | call to puts | calls.rb:310:1:321:3 | SelfNew | | calls.rb:312:9:312:31 | self | calls.rb:310:1:321:3 | SelfNew | @@ -933,110 +971,110 @@ enclosingModule | calls.rb:320:5:320:7 | call to new | calls.rb:310:1:321:3 | SelfNew | | calls.rb:320:5:320:7 | self | calls.rb:310:1:321:3 | SelfNew | | calls.rb:320:5:320:16 | call to instance | calls.rb:310:1:321:3 | SelfNew | -| calls.rb:323:1:323:7 | SelfNew | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:323:1:323:17 | call to singleton | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:325:1:329:3 | C1 | calls.rb:1:1:550:40 | calls.rb | +| calls.rb:323:1:323:7 | SelfNew | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:323:1:323:17 | call to singleton | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:325:1:329:3 | C1 | calls.rb:1:1:569:4 | calls.rb | | calls.rb:326:5:328:7 | instance | calls.rb:325:1:329:3 | C1 | | calls.rb:327:9:327:26 | call to puts | calls.rb:325:1:329:3 | C1 | | calls.rb:327:9:327:26 | self | calls.rb:325:1:329:3 | C1 | | calls.rb:327:14:327:26 | "C1#instance" | calls.rb:325:1:329:3 | C1 | | calls.rb:327:15:327:25 | C1#instance | calls.rb:325:1:329:3 | C1 | -| calls.rb:331:1:335:3 | C2 | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:331:12:331:13 | C1 | calls.rb:1:1:550:40 | calls.rb | +| calls.rb:331:1:335:3 | C2 | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:331:12:331:13 | C1 | calls.rb:1:1:569:4 | calls.rb | | calls.rb:332:5:334:7 | instance | calls.rb:331:1:335:3 | C2 | | calls.rb:333:9:333:26 | call to puts | calls.rb:331:1:335:3 | C2 | | calls.rb:333:9:333:26 | self | calls.rb:331:1:335:3 | C2 | | calls.rb:333:14:333:26 | "C2#instance" | calls.rb:331:1:335:3 | C2 | | calls.rb:333:15:333:25 | C2#instance | calls.rb:331:1:335:3 | C2 | -| calls.rb:337:1:341:3 | C3 | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:337:12:337:13 | C2 | calls.rb:1:1:550:40 | calls.rb | +| calls.rb:337:1:341:3 | C3 | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:337:12:337:13 | C2 | calls.rb:1:1:569:4 | calls.rb | | calls.rb:338:5:340:7 | instance | calls.rb:337:1:341:3 | C3 | | calls.rb:339:9:339:26 | call to puts | calls.rb:337:1:341:3 | C3 | | calls.rb:339:9:339:26 | self | calls.rb:337:1:341:3 | C3 | | calls.rb:339:14:339:26 | "C3#instance" | calls.rb:337:1:341:3 | C3 | | calls.rb:339:15:339:25 | C3#instance | calls.rb:337:1:341:3 | C3 | -| calls.rb:343:1:359:3 | pattern_dispatch | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:343:22:343:22 | x | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:343:22:343:22 | x | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:344:5:352:7 | case ... | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:344:10:344:10 | x | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:345:5:346:18 | when ... | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:345:10:345:11 | C3 | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:345:12:346:18 | then ... | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:346:9:346:9 | x | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:346:9:346:18 | call to instance | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:347:5:348:18 | when ... | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:347:10:347:11 | C2 | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:347:12:348:18 | then ... | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:348:9:348:9 | x | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:348:9:348:18 | call to instance | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:349:5:350:18 | when ... | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:349:10:349:11 | C1 | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:349:12:350:18 | then ... | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:350:9:350:9 | x | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:350:9:350:18 | call to instance | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:351:5:351:8 | else ... | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:354:5:358:7 | case ... | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:354:10:354:10 | x | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:355:9:355:29 | in ... then ... | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:355:12:355:13 | C3 | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:355:15:355:29 | then ... | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:355:20:355:20 | x | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:355:20:355:29 | call to instance | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:356:9:356:36 | in ... then ... | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:356:12:356:13 | C2 | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:356:12:356:19 | ... => ... | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:356:18:356:19 | c2 | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:356:21:356:36 | then ... | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:356:26:356:27 | c2 | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:356:26:356:36 | call to instance | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:357:9:357:36 | in ... then ... | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:357:12:357:13 | C1 | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:357:12:357:19 | ... => ... | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:357:18:357:19 | c1 | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:357:21:357:36 | then ... | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:357:26:357:27 | c1 | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:357:26:357:36 | call to instance | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:361:1:361:2 | c1 | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:361:1:361:11 | ... = ... | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:361:6:361:7 | C1 | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:361:6:361:11 | call to new | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:362:1:362:2 | c1 | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:362:1:362:11 | call to instance | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:363:1:363:25 | call to pattern_dispatch | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:363:1:363:25 | self | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:363:18:363:25 | ( ... ) | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:363:19:363:20 | C1 | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:363:19:363:24 | call to new | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:364:1:364:25 | call to pattern_dispatch | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:364:1:364:25 | self | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:364:18:364:25 | ( ... ) | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:364:19:364:20 | C2 | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:364:19:364:24 | call to new | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:365:1:365:25 | call to pattern_dispatch | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:365:1:365:25 | self | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:365:18:365:25 | ( ... ) | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:365:19:365:20 | C3 | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:365:19:365:24 | call to new | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:367:1:371:3 | add_singleton | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:367:19:367:19 | x | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:367:19:367:19 | x | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:368:5:370:7 | instance | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:368:9:368:9 | x | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:369:9:369:28 | call to puts | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:369:9:369:28 | self | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:369:14:369:28 | "instance_on x" | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:369:15:369:27 | instance_on x | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:373:1:373:2 | c3 | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:373:1:373:11 | ... = ... | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:373:6:373:7 | C1 | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:373:6:373:11 | call to new | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:374:1:374:16 | call to add_singleton | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:374:1:374:16 | self | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:374:15:374:16 | c3 | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:375:1:375:2 | c3 | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:375:1:375:11 | call to instance | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:377:1:397:3 | SingletonOverride1 | calls.rb:1:1:550:40 | calls.rb | +| calls.rb:343:1:359:3 | pattern_dispatch | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:343:22:343:22 | x | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:343:22:343:22 | x | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:344:5:352:7 | case ... | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:344:10:344:10 | x | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:345:5:346:18 | when ... | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:345:10:345:11 | C3 | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:345:12:346:18 | then ... | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:346:9:346:9 | x | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:346:9:346:18 | call to instance | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:347:5:348:18 | when ... | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:347:10:347:11 | C2 | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:347:12:348:18 | then ... | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:348:9:348:9 | x | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:348:9:348:18 | call to instance | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:349:5:350:18 | when ... | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:349:10:349:11 | C1 | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:349:12:350:18 | then ... | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:350:9:350:9 | x | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:350:9:350:18 | call to instance | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:351:5:351:8 | else ... | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:354:5:358:7 | case ... | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:354:10:354:10 | x | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:355:9:355:29 | in ... then ... | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:355:12:355:13 | C3 | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:355:15:355:29 | then ... | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:355:20:355:20 | x | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:355:20:355:29 | call to instance | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:356:9:356:36 | in ... then ... | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:356:12:356:13 | C2 | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:356:12:356:19 | ... => ... | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:356:18:356:19 | c2 | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:356:21:356:36 | then ... | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:356:26:356:27 | c2 | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:356:26:356:36 | call to instance | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:357:9:357:36 | in ... then ... | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:357:12:357:13 | C1 | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:357:12:357:19 | ... => ... | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:357:18:357:19 | c1 | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:357:21:357:36 | then ... | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:357:26:357:27 | c1 | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:357:26:357:36 | call to instance | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:361:1:361:2 | c1 | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:361:1:361:11 | ... = ... | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:361:6:361:7 | C1 | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:361:6:361:11 | call to new | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:362:1:362:2 | c1 | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:362:1:362:11 | call to instance | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:363:1:363:25 | call to pattern_dispatch | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:363:1:363:25 | self | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:363:18:363:25 | ( ... ) | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:363:19:363:20 | C1 | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:363:19:363:24 | call to new | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:364:1:364:25 | call to pattern_dispatch | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:364:1:364:25 | self | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:364:18:364:25 | ( ... ) | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:364:19:364:20 | C2 | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:364:19:364:24 | call to new | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:365:1:365:25 | call to pattern_dispatch | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:365:1:365:25 | self | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:365:18:365:25 | ( ... ) | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:365:19:365:20 | C3 | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:365:19:365:24 | call to new | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:367:1:371:3 | add_singleton | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:367:19:367:19 | x | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:367:19:367:19 | x | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:368:5:370:7 | instance | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:368:9:368:9 | x | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:369:9:369:28 | call to puts | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:369:9:369:28 | self | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:369:14:369:28 | "instance_on x" | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:369:15:369:27 | instance_on x | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:373:1:373:2 | c3 | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:373:1:373:11 | ... = ... | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:373:6:373:7 | C1 | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:373:6:373:11 | call to new | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:374:1:374:16 | call to add_singleton | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:374:1:374:16 | self | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:374:15:374:16 | c3 | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:375:1:375:2 | c3 | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:375:1:375:11 | call to instance | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:377:1:397:3 | SingletonOverride1 | calls.rb:1:1:569:4 | calls.rb | | calls.rb:378:5:386:7 | class << ... | calls.rb:377:1:397:3 | SingletonOverride1 | | calls.rb:378:14:378:17 | self | calls.rb:377:1:397:3 | SingletonOverride1 | | calls.rb:379:9:381:11 | singleton1 | calls.rb:378:5:386:7 | class << ... | @@ -1059,16 +1097,16 @@ enclosingModule | calls.rb:393:9:393:18 | self | calls.rb:377:1:397:3 | SingletonOverride1 | | calls.rb:396:5:396:14 | call to singleton2 | calls.rb:377:1:397:3 | SingletonOverride1 | | calls.rb:396:5:396:14 | self | calls.rb:377:1:397:3 | SingletonOverride1 | -| calls.rb:399:1:399:18 | SingletonOverride1 | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:399:1:399:29 | call to singleton1 | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:400:1:400:18 | SingletonOverride1 | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:400:1:400:29 | call to singleton2 | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:401:1:401:18 | SingletonOverride1 | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:401:1:401:34 | call to call_singleton1 | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:402:1:402:18 | SingletonOverride1 | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:402:1:402:34 | call to call_singleton2 | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:404:1:414:3 | SingletonOverride2 | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:404:28:404:45 | SingletonOverride1 | calls.rb:1:1:550:40 | calls.rb | +| calls.rb:399:1:399:18 | SingletonOverride1 | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:399:1:399:29 | call to singleton1 | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:400:1:400:18 | SingletonOverride1 | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:400:1:400:29 | call to singleton2 | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:401:1:401:18 | SingletonOverride1 | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:401:1:401:34 | call to call_singleton1 | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:402:1:402:18 | SingletonOverride1 | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:402:1:402:34 | call to call_singleton2 | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:404:1:414:3 | SingletonOverride2 | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:404:28:404:45 | SingletonOverride1 | calls.rb:1:1:569:4 | calls.rb | | calls.rb:405:5:409:7 | class << ... | calls.rb:404:1:414:3 | SingletonOverride2 | | calls.rb:405:14:405:17 | self | calls.rb:404:1:414:3 | SingletonOverride2 | | calls.rb:406:9:408:11 | singleton1 | calls.rb:405:5:409:7 | class << ... | @@ -1082,15 +1120,15 @@ enclosingModule | calls.rb:412:9:412:44 | self | calls.rb:404:1:414:3 | SingletonOverride2 | | calls.rb:412:14:412:44 | "SingletonOverride2#singleton2" | calls.rb:404:1:414:3 | SingletonOverride2 | | calls.rb:412:15:412:43 | SingletonOverride2#singleton2 | calls.rb:404:1:414:3 | SingletonOverride2 | -| calls.rb:416:1:416:18 | SingletonOverride2 | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:416:1:416:29 | call to singleton1 | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:417:1:417:18 | SingletonOverride2 | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:417:1:417:29 | call to singleton2 | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:418:1:418:18 | SingletonOverride2 | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:418:1:418:34 | call to call_singleton1 | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:419:1:419:18 | SingletonOverride2 | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:419:1:419:34 | call to call_singleton2 | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:421:1:449:3 | ConditionalInstanceMethods | calls.rb:1:1:550:40 | calls.rb | +| calls.rb:416:1:416:18 | SingletonOverride2 | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:416:1:416:29 | call to singleton1 | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:417:1:417:18 | SingletonOverride2 | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:417:1:417:29 | call to singleton2 | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:418:1:418:18 | SingletonOverride2 | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:418:1:418:34 | call to call_singleton1 | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:419:1:419:18 | SingletonOverride2 | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:419:1:419:34 | call to call_singleton2 | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:421:1:449:3 | ConditionalInstanceMethods | calls.rb:1:1:569:4 | calls.rb | | calls.rb:422:5:426:7 | if ... | calls.rb:421:1:449:3 | ConditionalInstanceMethods | | calls.rb:422:8:422:13 | call to rand | calls.rb:421:1:449:3 | ConditionalInstanceMethods | | calls.rb:422:8:422:13 | self | calls.rb:421:1:449:3 | ConditionalInstanceMethods | @@ -1135,91 +1173,91 @@ enclosingModule | calls.rb:445:17:445:40 | self | calls.rb:421:1:449:3 | ConditionalInstanceMethods | | calls.rb:445:22:445:40 | "AnonymousClass#m5" | calls.rb:421:1:449:3 | ConditionalInstanceMethods | | calls.rb:445:23:445:39 | AnonymousClass#m5 | calls.rb:421:1:449:3 | ConditionalInstanceMethods | -| calls.rb:451:1:451:26 | ConditionalInstanceMethods | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:451:1:451:30 | call to new | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:451:1:451:33 | call to m1 | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:452:1:452:26 | ConditionalInstanceMethods | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:452:1:452:30 | call to new | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:452:1:452:33 | call to m3 | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:453:1:453:26 | ConditionalInstanceMethods | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:453:1:453:30 | call to new | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:453:1:453:33 | call to m2 | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:454:1:454:26 | ConditionalInstanceMethods | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:454:1:454:30 | call to new | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:454:1:454:33 | call to m3 | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:455:1:455:26 | ConditionalInstanceMethods | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:455:1:455:30 | call to new | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:455:1:455:33 | call to m4 | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:456:1:456:26 | ConditionalInstanceMethods | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:456:1:456:30 | call to new | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:456:1:456:33 | call to m5 | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:458:1:458:23 | EsotericInstanceMethods | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:458:1:476:3 | ... = ... | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:458:27:458:31 | Class | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:458:27:476:3 | call to new | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:458:37:476:3 | do ... end | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:459:5:459:11 | Array | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:459:5:459:11 | [...] | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:459:5:459:11 | call to [] | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:459:5:463:7 | call to each | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:459:6:459:6 | 0 | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:459:8:459:8 | 1 | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:459:10:459:10 | 2 | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:459:18:463:7 | do ... end | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:460:9:462:11 | foo | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:461:13:461:22 | call to puts | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:461:13:461:22 | self | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:461:18:461:22 | "foo" | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:461:19:461:21 | foo | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:465:5:465:9 | Class | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:465:5:469:7 | call to new | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:465:5:469:11 | call to new | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:465:5:469:15 | call to bar | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:465:15:469:7 | do ... end | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:466:9:468:11 | bar | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:467:13:467:22 | call to puts | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:467:13:467:22 | self | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:467:18:467:22 | "bar" | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:467:19:467:21 | bar | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:471:5:471:11 | Array | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:471:5:471:11 | [...] | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:471:5:471:11 | call to [] | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:471:5:475:7 | call to each | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:471:6:471:6 | 0 | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:471:8:471:8 | 1 | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:471:10:471:10 | 2 | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:471:18:475:7 | do ... end | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:471:22:471:22 | i | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:471:22:471:22 | i | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:472:9:474:11 | call to define_method | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:472:9:474:11 | self | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:472:23:472:32 | "baz_#{...}" | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:472:24:472:27 | baz_ | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:472:28:472:31 | #{...} | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:472:30:472:30 | i | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:472:35:474:11 | do ... end | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:473:13:473:27 | call to puts | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:473:13:473:27 | self | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:473:18:473:27 | "baz_#{...}" | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:473:19:473:22 | baz_ | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:473:23:473:26 | #{...} | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:473:25:473:25 | i | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:478:1:478:23 | EsotericInstanceMethods | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:478:1:478:27 | call to new | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:478:1:478:31 | call to foo | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:479:1:479:23 | EsotericInstanceMethods | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:479:1:479:27 | call to new | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:479:1:479:31 | call to bar | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:480:1:480:23 | EsotericInstanceMethods | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:480:1:480:27 | call to new | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:480:1:480:33 | call to baz_0 | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:481:1:481:23 | EsotericInstanceMethods | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:481:1:481:27 | call to new | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:481:1:481:33 | call to baz_1 | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:482:1:482:23 | EsotericInstanceMethods | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:482:1:482:27 | call to new | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:482:1:482:33 | call to baz_2 | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:484:1:490:3 | ExtendSingletonMethod | calls.rb:1:1:550:40 | calls.rb | +| calls.rb:451:1:451:26 | ConditionalInstanceMethods | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:451:1:451:30 | call to new | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:451:1:451:33 | call to m1 | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:452:1:452:26 | ConditionalInstanceMethods | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:452:1:452:30 | call to new | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:452:1:452:33 | call to m3 | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:453:1:453:26 | ConditionalInstanceMethods | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:453:1:453:30 | call to new | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:453:1:453:33 | call to m2 | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:454:1:454:26 | ConditionalInstanceMethods | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:454:1:454:30 | call to new | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:454:1:454:33 | call to m3 | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:455:1:455:26 | ConditionalInstanceMethods | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:455:1:455:30 | call to new | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:455:1:455:33 | call to m4 | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:456:1:456:26 | ConditionalInstanceMethods | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:456:1:456:30 | call to new | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:456:1:456:33 | call to m5 | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:458:1:458:23 | EsotericInstanceMethods | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:458:1:476:3 | ... = ... | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:458:27:458:31 | Class | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:458:27:476:3 | call to new | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:458:37:476:3 | do ... end | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:459:5:459:11 | Array | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:459:5:459:11 | [...] | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:459:5:459:11 | call to [] | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:459:5:463:7 | call to each | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:459:6:459:6 | 0 | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:459:8:459:8 | 1 | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:459:10:459:10 | 2 | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:459:18:463:7 | do ... end | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:460:9:462:11 | foo | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:461:13:461:22 | call to puts | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:461:13:461:22 | self | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:461:18:461:22 | "foo" | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:461:19:461:21 | foo | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:465:5:465:9 | Class | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:465:5:469:7 | call to new | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:465:5:469:11 | call to new | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:465:5:469:15 | call to bar | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:465:15:469:7 | do ... end | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:466:9:468:11 | bar | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:467:13:467:22 | call to puts | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:467:13:467:22 | self | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:467:18:467:22 | "bar" | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:467:19:467:21 | bar | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:471:5:471:11 | Array | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:471:5:471:11 | [...] | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:471:5:471:11 | call to [] | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:471:5:475:7 | call to each | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:471:6:471:6 | 0 | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:471:8:471:8 | 1 | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:471:10:471:10 | 2 | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:471:18:475:7 | do ... end | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:471:22:471:22 | i | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:471:22:471:22 | i | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:472:9:474:11 | call to define_method | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:472:9:474:11 | self | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:472:23:472:32 | "baz_#{...}" | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:472:24:472:27 | baz_ | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:472:28:472:31 | #{...} | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:472:30:472:30 | i | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:472:35:474:11 | do ... end | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:473:13:473:27 | call to puts | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:473:13:473:27 | self | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:473:18:473:27 | "baz_#{...}" | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:473:19:473:22 | baz_ | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:473:23:473:26 | #{...} | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:473:25:473:25 | i | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:478:1:478:23 | EsotericInstanceMethods | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:478:1:478:27 | call to new | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:478:1:478:31 | call to foo | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:479:1:479:23 | EsotericInstanceMethods | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:479:1:479:27 | call to new | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:479:1:479:31 | call to bar | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:480:1:480:23 | EsotericInstanceMethods | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:480:1:480:27 | call to new | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:480:1:480:33 | call to baz_0 | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:481:1:481:23 | EsotericInstanceMethods | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:481:1:481:27 | call to new | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:481:1:481:33 | call to baz_1 | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:482:1:482:23 | EsotericInstanceMethods | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:482:1:482:27 | call to new | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:482:1:482:33 | call to baz_2 | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:484:1:490:3 | ExtendSingletonMethod | calls.rb:1:1:569:4 | calls.rb | | calls.rb:485:5:487:7 | singleton | calls.rb:484:1:490:3 | ExtendSingletonMethod | | calls.rb:486:9:486:46 | call to puts | calls.rb:484:1:490:3 | ExtendSingletonMethod | | calls.rb:486:9:486:46 | self | calls.rb:484:1:490:3 | ExtendSingletonMethod | @@ -1228,32 +1266,32 @@ enclosingModule | calls.rb:489:5:489:15 | call to extend | calls.rb:484:1:490:3 | ExtendSingletonMethod | | calls.rb:489:5:489:15 | self | calls.rb:484:1:490:3 | ExtendSingletonMethod | | calls.rb:489:12:489:15 | self | calls.rb:484:1:490:3 | ExtendSingletonMethod | -| calls.rb:492:1:492:21 | ExtendSingletonMethod | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:492:1:492:31 | call to singleton | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:494:1:496:3 | ExtendSingletonMethod2 | calls.rb:1:1:550:40 | calls.rb | +| calls.rb:492:1:492:21 | ExtendSingletonMethod | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:492:1:492:31 | call to singleton | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:494:1:496:3 | ExtendSingletonMethod2 | calls.rb:1:1:569:4 | calls.rb | | calls.rb:495:5:495:32 | call to extend | calls.rb:494:1:496:3 | ExtendSingletonMethod2 | | calls.rb:495:5:495:32 | self | calls.rb:494:1:496:3 | ExtendSingletonMethod2 | | calls.rb:495:12:495:32 | ExtendSingletonMethod | calls.rb:494:1:496:3 | ExtendSingletonMethod2 | -| calls.rb:498:1:498:22 | ExtendSingletonMethod2 | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:498:1:498:32 | call to singleton | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:500:1:501:3 | ExtendSingletonMethod3 | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:503:1:503:22 | ExtendSingletonMethod3 | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:503:1:503:51 | call to extend | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:503:31:503:51 | ExtendSingletonMethod | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:505:1:505:22 | ExtendSingletonMethod3 | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:505:1:505:32 | call to singleton | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:507:1:507:3 | foo | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:507:1:507:13 | ... = ... | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:507:7:507:13 | "hello" | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:507:8:507:12 | hello | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:508:1:508:3 | foo | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:508:1:508:13 | call to singleton | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:509:1:509:3 | foo | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:509:1:509:32 | call to extend | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:509:12:509:32 | ExtendSingletonMethod | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:511:1:511:3 | foo | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:511:1:511:13 | call to singleton | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:513:1:517:3 | ProtectedMethodInModule | calls.rb:1:1:550:40 | calls.rb | +| calls.rb:498:1:498:22 | ExtendSingletonMethod2 | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:498:1:498:32 | call to singleton | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:500:1:501:3 | ExtendSingletonMethod3 | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:503:1:503:22 | ExtendSingletonMethod3 | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:503:1:503:51 | call to extend | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:503:31:503:51 | ExtendSingletonMethod | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:505:1:505:22 | ExtendSingletonMethod3 | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:505:1:505:32 | call to singleton | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:507:1:507:3 | foo | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:507:1:507:13 | ... = ... | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:507:7:507:13 | "hello" | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:507:8:507:12 | hello | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:508:1:508:3 | foo | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:508:1:508:13 | call to singleton | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:509:1:509:3 | foo | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:509:1:509:32 | call to extend | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:509:12:509:32 | ExtendSingletonMethod | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:511:1:511:3 | foo | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:511:1:511:13 | call to singleton | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:513:1:517:3 | ProtectedMethodInModule | calls.rb:1:1:569:4 | calls.rb | | calls.rb:514:5:516:7 | call to protected | calls.rb:513:1:517:3 | ProtectedMethodInModule | | calls.rb:514:5:516:7 | self | calls.rb:513:1:517:3 | ProtectedMethodInModule | | calls.rb:514:15:516:7 | foo | calls.rb:513:1:517:3 | ProtectedMethodInModule | @@ -1261,7 +1299,7 @@ enclosingModule | calls.rb:515:9:515:42 | self | calls.rb:513:1:517:3 | ProtectedMethodInModule | | calls.rb:515:14:515:42 | "ProtectedMethodInModule#foo" | calls.rb:513:1:517:3 | ProtectedMethodInModule | | calls.rb:515:15:515:41 | ProtectedMethodInModule#foo | calls.rb:513:1:517:3 | ProtectedMethodInModule | -| calls.rb:519:1:532:3 | ProtectedMethods | calls.rb:1:1:550:40 | calls.rb | +| calls.rb:519:1:532:3 | ProtectedMethods | calls.rb:1:1:569:4 | calls.rb | | calls.rb:520:5:520:35 | call to include | calls.rb:519:1:532:3 | ProtectedMethods | | calls.rb:520:5:520:35 | self | calls.rb:519:1:532:3 | ProtectedMethods | | calls.rb:520:13:520:35 | ProtectedMethodInModule | calls.rb:519:1:532:3 | ProtectedMethods | @@ -1283,58 +1321,79 @@ enclosingModule | calls.rb:530:9:530:24 | ProtectedMethods | calls.rb:519:1:532:3 | ProtectedMethods | | calls.rb:530:9:530:28 | call to new | calls.rb:519:1:532:3 | ProtectedMethods | | calls.rb:530:9:530:32 | call to bar | calls.rb:519:1:532:3 | ProtectedMethods | -| calls.rb:534:1:534:16 | ProtectedMethods | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:534:1:534:20 | call to new | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:534:1:534:24 | call to foo | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:535:1:535:16 | ProtectedMethods | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:535:1:535:20 | call to new | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:535:1:535:24 | call to bar | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:536:1:536:16 | ProtectedMethods | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:536:1:536:20 | call to new | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:536:1:536:24 | call to baz | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:538:1:543:3 | ProtectedMethodsSub | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:538:29:538:44 | ProtectedMethods | calls.rb:1:1:550:40 | calls.rb | +| calls.rb:534:1:534:16 | ProtectedMethods | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:534:1:534:20 | call to new | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:534:1:534:24 | call to foo | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:535:1:535:16 | ProtectedMethods | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:535:1:535:20 | call to new | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:535:1:535:24 | call to bar | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:536:1:536:16 | ProtectedMethods | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:536:1:536:20 | call to new | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:536:1:536:24 | call to baz | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:538:1:543:3 | ProtectedMethodsSub | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:538:29:538:44 | ProtectedMethods | calls.rb:1:1:569:4 | calls.rb | | calls.rb:539:5:542:7 | baz | calls.rb:538:1:543:3 | ProtectedMethodsSub | | calls.rb:540:9:540:11 | call to foo | calls.rb:538:1:543:3 | ProtectedMethodsSub | | calls.rb:540:9:540:11 | self | calls.rb:538:1:543:3 | ProtectedMethodsSub | | calls.rb:541:9:541:27 | ProtectedMethodsSub | calls.rb:538:1:543:3 | ProtectedMethodsSub | | calls.rb:541:9:541:31 | call to new | calls.rb:538:1:543:3 | ProtectedMethodsSub | | calls.rb:541:9:541:35 | call to foo | calls.rb:538:1:543:3 | ProtectedMethodsSub | -| calls.rb:545:1:545:19 | ProtectedMethodsSub | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:545:1:545:23 | call to new | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:545:1:545:27 | call to foo | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:546:1:546:19 | ProtectedMethodsSub | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:546:1:546:23 | call to new | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:546:1:546:27 | call to bar | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:547:1:547:19 | ProtectedMethodsSub | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:547:1:547:23 | call to new | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:547:1:547:27 | call to baz | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:549:1:549:7 | Array | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:549:1:549:7 | [...] | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:549:1:549:7 | call to [] | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:549:1:549:26 | call to each | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:549:2:549:2 | C | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:549:2:549:6 | call to new | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:549:14:549:26 | { ... } | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:549:17:549:17 | c | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:549:17:549:17 | c | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:549:20:549:20 | c | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:549:20:549:24 | call to baz | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:550:1:550:13 | Array | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:550:1:550:13 | [...] | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:550:1:550:13 | call to [] | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:550:1:550:39 | call to each | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:550:2:550:4 | "a" | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:550:3:550:3 | a | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:550:6:550:8 | "b" | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:550:7:550:7 | b | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:550:10:550:12 | "c" | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:550:11:550:11 | c | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:550:20:550:39 | { ... } | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:550:23:550:23 | s | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:550:23:550:23 | s | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:550:26:550:26 | s | calls.rb:1:1:550:40 | calls.rb | -| calls.rb:550:26:550:37 | call to capitalize | calls.rb:1:1:550:40 | calls.rb | +| calls.rb:545:1:545:19 | ProtectedMethodsSub | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:545:1:545:23 | call to new | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:545:1:545:27 | call to foo | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:546:1:546:19 | ProtectedMethodsSub | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:546:1:546:23 | call to new | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:546:1:546:27 | call to bar | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:547:1:547:19 | ProtectedMethodsSub | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:547:1:547:23 | call to new | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:547:1:547:27 | call to baz | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:549:1:549:7 | Array | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:549:1:549:7 | [...] | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:549:1:549:7 | call to [] | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:549:1:549:26 | call to each | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:549:2:549:2 | C | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:549:2:549:6 | call to new | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:549:14:549:26 | { ... } | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:549:17:549:17 | c | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:549:17:549:17 | c | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:549:20:549:20 | c | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:549:20:549:24 | call to baz | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:550:1:550:13 | Array | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:550:1:550:13 | [...] | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:550:1:550:13 | call to [] | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:550:1:550:39 | call to each | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:550:2:550:4 | "a" | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:550:3:550:3 | a | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:550:6:550:8 | "b" | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:550:7:550:7 | b | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:550:10:550:12 | "c" | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:550:11:550:11 | c | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:550:20:550:39 | { ... } | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:550:23:550:23 | s | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:550:23:550:23 | s | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:550:26:550:26 | s | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:550:26:550:37 | call to capitalize | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:552:1:555:3 | SingletonUpCall_Base | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:553:5:554:7 | singleton | calls.rb:552:1:555:3 | SingletonUpCall_Base | +| calls.rb:553:9:553:12 | self | calls.rb:552:1:555:3 | SingletonUpCall_Base | +| calls.rb:556:1:563:3 | SingletonUpCall_Sub | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:556:29:556:48 | SingletonUpCall_Base | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:557:5:557:13 | call to singleton | calls.rb:556:1:563:3 | SingletonUpCall_Sub | +| calls.rb:557:5:557:13 | self | calls.rb:556:1:563:3 | SingletonUpCall_Sub | +| calls.rb:558:5:558:14 | call to singleton2 | calls.rb:556:1:563:3 | SingletonUpCall_Sub | +| calls.rb:558:5:558:14 | self | calls.rb:556:1:563:3 | SingletonUpCall_Sub | +| calls.rb:559:5:562:7 | mid_method | calls.rb:556:1:563:3 | SingletonUpCall_Sub | +| calls.rb:559:9:559:12 | self | calls.rb:556:1:563:3 | SingletonUpCall_Sub | +| calls.rb:560:9:560:17 | call to singleton | calls.rb:556:1:563:3 | SingletonUpCall_Sub | +| calls.rb:560:9:560:17 | self | calls.rb:556:1:563:3 | SingletonUpCall_Sub | +| calls.rb:561:9:561:18 | call to singleton2 | calls.rb:556:1:563:3 | SingletonUpCall_Sub | +| calls.rb:561:9:561:18 | self | calls.rb:556:1:563:3 | SingletonUpCall_Sub | +| calls.rb:564:1:569:3 | SingletonUpCall_SubSub | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:564:32:564:50 | SingletonUpCall_Sub | calls.rb:1:1:569:4 | calls.rb | +| calls.rb:565:5:566:7 | singleton2 | calls.rb:564:1:569:3 | SingletonUpCall_SubSub | +| calls.rb:565:9:565:12 | self | calls.rb:564:1:569:3 | SingletonUpCall_SubSub | +| calls.rb:568:5:568:14 | call to mid_method | calls.rb:564:1:569:3 | SingletonUpCall_SubSub | +| calls.rb:568:5:568:14 | self | calls.rb:564:1:569:3 | SingletonUpCall_SubSub | | hello.rb:1:1:8:3 | EnglishWords | hello.rb:1:1:22:3 | hello.rb | | hello.rb:2:5:4:7 | hello | hello.rb:1:1:8:3 | EnglishWords | | hello.rb:3:9:3:22 | return | hello.rb:1:1:8:3 | EnglishWords | @@ -1366,6 +1425,36 @@ enclosingModule | hello.rb:20:30:20:34 | self | hello.rb:18:1:22:3 | HelloWorld | | hello.rb:20:38:20:40 | "!" | hello.rb:18:1:22:3 | HelloWorld | | hello.rb:20:39:20:39 | ! | hello.rb:18:1:22:3 | HelloWorld | +| instance_fields.rb:1:1:10:3 | A | instance_fields.rb:1:1:29:4 | instance_fields.rb | +| instance_fields.rb:2:5:9:7 | class << ... | instance_fields.rb:1:1:10:3 | A | +| instance_fields.rb:2:14:2:17 | self | instance_fields.rb:1:1:10:3 | A | +| instance_fields.rb:3:9:5:11 | create | instance_fields.rb:2:5:9:7 | class << ... | +| instance_fields.rb:4:13:4:18 | @field | instance_fields.rb:2:5:9:7 | class << ... | +| instance_fields.rb:4:13:4:18 | self | instance_fields.rb:2:5:9:7 | class << ... | +| instance_fields.rb:4:13:4:35 | ... = ... | instance_fields.rb:2:5:9:7 | class << ... | +| instance_fields.rb:4:22:4:31 | A_target | instance_fields.rb:2:5:9:7 | class << ... | +| instance_fields.rb:4:22:4:35 | call to new | instance_fields.rb:2:5:9:7 | class << ... | +| instance_fields.rb:6:9:8:11 | use | instance_fields.rb:2:5:9:7 | class << ... | +| instance_fields.rb:7:13:7:18 | @field | instance_fields.rb:2:5:9:7 | class << ... | +| instance_fields.rb:7:13:7:18 | self | instance_fields.rb:2:5:9:7 | class << ... | +| instance_fields.rb:7:13:7:25 | call to target | instance_fields.rb:2:5:9:7 | class << ... | +| instance_fields.rb:11:1:14:3 | A_target | instance_fields.rb:1:1:29:4 | instance_fields.rb | +| instance_fields.rb:12:5:13:7 | target | instance_fields.rb:11:1:14:3 | A_target | +| instance_fields.rb:16:1:25:3 | B | instance_fields.rb:1:1:29:4 | instance_fields.rb | +| instance_fields.rb:17:5:24:7 | class << ... | instance_fields.rb:16:1:25:3 | B | +| instance_fields.rb:17:14:17:17 | self | instance_fields.rb:16:1:25:3 | B | +| instance_fields.rb:18:9:20:11 | create | instance_fields.rb:17:5:24:7 | class << ... | +| instance_fields.rb:19:13:19:18 | @field | instance_fields.rb:17:5:24:7 | class << ... | +| instance_fields.rb:19:13:19:18 | self | instance_fields.rb:17:5:24:7 | class << ... | +| instance_fields.rb:19:13:19:35 | ... = ... | instance_fields.rb:17:5:24:7 | class << ... | +| instance_fields.rb:19:22:19:31 | B_target | instance_fields.rb:17:5:24:7 | class << ... | +| instance_fields.rb:19:22:19:35 | call to new | instance_fields.rb:17:5:24:7 | class << ... | +| instance_fields.rb:21:9:23:11 | use | instance_fields.rb:17:5:24:7 | class << ... | +| instance_fields.rb:22:13:22:18 | @field | instance_fields.rb:17:5:24:7 | class << ... | +| instance_fields.rb:22:13:22:18 | self | instance_fields.rb:17:5:24:7 | class << ... | +| instance_fields.rb:22:13:22:25 | call to target | instance_fields.rb:17:5:24:7 | class << ... | +| instance_fields.rb:26:1:29:3 | B_target | instance_fields.rb:1:1:29:4 | instance_fields.rb | +| instance_fields.rb:27:5:28:7 | target | instance_fields.rb:26:1:29:3 | B_target | | modules.rb:1:1:2:3 | Empty | modules.rb:1:1:129:4 | modules.rb | | modules.rb:4:1:24:3 | Foo | modules.rb:1:1:129:4 | modules.rb | | modules.rb:5:3:14:5 | Bar | modules.rb:4:1:24:3 | Foo | @@ -1600,3 +1689,42 @@ enclosingModule | private.rb:105:1:105:16 | PrivateOverride2 | private.rb:1:1:105:40 | private.rb | | private.rb:105:1:105:20 | call to new | private.rb:1:1:105:40 | private.rb | | private.rb:105:1:105:23 | call to m1 | private.rb:1:1:105:40 | private.rb | +| toplevel_self_singleton.rb:1:1:6:3 | A | toplevel_self_singleton.rb:1:1:34:4 | toplevel_self_singleton.rb | +| toplevel_self_singleton.rb:2:5:5:7 | B | toplevel_self_singleton.rb:1:1:6:3 | A | +| toplevel_self_singleton.rb:3:9:4:11 | ab_singleton_method | toplevel_self_singleton.rb:2:5:5:7 | B | +| toplevel_self_singleton.rb:3:13:3:16 | self | toplevel_self_singleton.rb:2:5:5:7 | B | +| toplevel_self_singleton.rb:8:1:16:3 | call to do_something | toplevel_self_singleton.rb:1:1:34:4 | toplevel_self_singleton.rb | +| toplevel_self_singleton.rb:8:1:16:3 | self | toplevel_self_singleton.rb:1:1:34:4 | toplevel_self_singleton.rb | +| toplevel_self_singleton.rb:8:14:16:3 | do ... end | toplevel_self_singleton.rb:1:1:34:4 | toplevel_self_singleton.rb | +| toplevel_self_singleton.rb:9:5:11:7 | method_in_block | toplevel_self_singleton.rb:1:1:34:4 | toplevel_self_singleton.rb | +| toplevel_self_singleton.rb:10:9:10:27 | call to ab_singleton_method | toplevel_self_singleton.rb:1:1:34:4 | toplevel_self_singleton.rb | +| toplevel_self_singleton.rb:10:9:10:27 | self | toplevel_self_singleton.rb:1:1:34:4 | toplevel_self_singleton.rb | +| toplevel_self_singleton.rb:12:5:12:7 | obj | toplevel_self_singleton.rb:1:1:34:4 | toplevel_self_singleton.rb | +| toplevel_self_singleton.rb:12:5:12:12 | ... = ... | toplevel_self_singleton.rb:1:1:34:4 | toplevel_self_singleton.rb | +| toplevel_self_singleton.rb:12:9:12:12 | self | toplevel_self_singleton.rb:1:1:34:4 | toplevel_self_singleton.rb | +| toplevel_self_singleton.rb:13:5:15:7 | method_in_block | toplevel_self_singleton.rb:1:1:34:4 | toplevel_self_singleton.rb | +| toplevel_self_singleton.rb:13:9:13:11 | obj | toplevel_self_singleton.rb:1:1:34:4 | toplevel_self_singleton.rb | +| toplevel_self_singleton.rb:14:9:14:27 | call to ab_singleton_method | toplevel_self_singleton.rb:1:1:34:4 | toplevel_self_singleton.rb | +| toplevel_self_singleton.rb:14:9:14:27 | self | toplevel_self_singleton.rb:1:1:34:4 | toplevel_self_singleton.rb | +| toplevel_self_singleton.rb:18:1:18:8 | MyStruct | toplevel_self_singleton.rb:1:1:34:4 | toplevel_self_singleton.rb | +| toplevel_self_singleton.rb:18:1:22:1 | ... = ... | toplevel_self_singleton.rb:1:1:34:4 | toplevel_self_singleton.rb | +| toplevel_self_singleton.rb:18:12:18:17 | Struct | toplevel_self_singleton.rb:1:1:34:4 | toplevel_self_singleton.rb | +| toplevel_self_singleton.rb:18:12:22:1 | call to new | toplevel_self_singleton.rb:1:1:34:4 | toplevel_self_singleton.rb | +| toplevel_self_singleton.rb:18:23:18:26 | :foo | toplevel_self_singleton.rb:1:1:34:4 | toplevel_self_singleton.rb | +| toplevel_self_singleton.rb:18:23:18:26 | foo | toplevel_self_singleton.rb:1:1:34:4 | toplevel_self_singleton.rb | +| toplevel_self_singleton.rb:18:29:18:32 | :bar | toplevel_self_singleton.rb:1:1:34:4 | toplevel_self_singleton.rb | +| toplevel_self_singleton.rb:18:29:18:32 | bar | toplevel_self_singleton.rb:1:1:34:4 | toplevel_self_singleton.rb | +| toplevel_self_singleton.rb:18:35:22:1 | { ... } | toplevel_self_singleton.rb:1:1:34:4 | toplevel_self_singleton.rb | +| toplevel_self_singleton.rb:19:5:21:7 | method_in_struct | toplevel_self_singleton.rb:1:1:34:4 | toplevel_self_singleton.rb | +| toplevel_self_singleton.rb:19:9:19:12 | self | toplevel_self_singleton.rb:1:1:34:4 | toplevel_self_singleton.rb | +| toplevel_self_singleton.rb:20:9:20:27 | call to ab_singleton_method | toplevel_self_singleton.rb:1:1:34:4 | toplevel_self_singleton.rb | +| toplevel_self_singleton.rb:20:9:20:27 | self | toplevel_self_singleton.rb:1:1:34:4 | toplevel_self_singleton.rb | +| toplevel_self_singleton.rb:24:1:34:3 | Good | toplevel_self_singleton.rb:1:1:34:4 | toplevel_self_singleton.rb | +| toplevel_self_singleton.rb:25:5:33:7 | class << ... | toplevel_self_singleton.rb:24:1:34:3 | Good | +| toplevel_self_singleton.rb:25:14:25:17 | self | toplevel_self_singleton.rb:24:1:34:3 | Good | +| toplevel_self_singleton.rb:26:9:27:11 | call_me | toplevel_self_singleton.rb:25:5:33:7 | class << ... | +| toplevel_self_singleton.rb:29:9:32:11 | call_you | toplevel_self_singleton.rb:25:5:33:7 | class << ... | +| toplevel_self_singleton.rb:30:13:30:19 | call to call_me | toplevel_self_singleton.rb:25:5:33:7 | class << ... | +| toplevel_self_singleton.rb:30:13:30:19 | self | toplevel_self_singleton.rb:25:5:33:7 | class << ... | +| toplevel_self_singleton.rb:31:13:31:20 | call to call_you | toplevel_self_singleton.rb:25:5:33:7 | class << ... | +| toplevel_self_singleton.rb:31:13:31:20 | self | toplevel_self_singleton.rb:25:5:33:7 | class << ... | diff --git a/ruby/ql/test/library-tests/modules/superclasses.expected b/ruby/ql/test/library-tests/modules/superclasses.expected index f73f7962731..15d5b740852 100644 --- a/ruby/ql/test/library-tests/modules/superclasses.expected +++ b/ruby/ql/test/library-tests/modules/superclasses.expected @@ -105,6 +105,15 @@ calls.rb: # 538| ProtectedMethodsSub #-----| -> ProtectedMethods +# 552| SingletonUpCall_Base +#-----| -> Object + +# 556| SingletonUpCall_Sub +#-----| -> SingletonUpCall_Base + +# 564| SingletonUpCall_SubSub +#-----| -> SingletonUpCall_Sub + hello.rb: # 1| EnglishWords @@ -114,6 +123,13 @@ hello.rb: # 18| HelloWorld #-----| -> Greeting +instance_fields.rb: +# 11| A_target +#-----| -> Object + +# 26| B_target +#-----| -> Object + modules.rb: # 1| Empty @@ -188,9 +204,6 @@ modules_rec.rb: # 1| B::A #-----| -> Object -# 4| A::B -#-----| -> Object - private.rb: # 1| E #-----| -> Object @@ -202,3 +215,9 @@ private.rb: # 96| PrivateOverride2 #-----| -> PrivateOverride1 + +toplevel_self_singleton.rb: +# 2| A::B +#-----| -> Object + +# 24| Good diff --git a/ruby/ql/test/library-tests/modules/toplevel_self_singleton.rb b/ruby/ql/test/library-tests/modules/toplevel_self_singleton.rb new file mode 100644 index 00000000000..4afb8e7be1b --- /dev/null +++ b/ruby/ql/test/library-tests/modules/toplevel_self_singleton.rb @@ -0,0 +1,34 @@ +module A + class B + def self.ab_singleton_method # should not be called + end + end +end + +do_something do + def method_in_block + ab_singleton_method # should not resolve to anything + end + obj=self + def obj.method_in_block + ab_singleton_method # should not resolve to anything + end +end + +MyStruct = Struct.new(:foo, :bar) { + def self.method_in_struct + ab_singleton_method # should not resolve to anything + end +} + +module Good + class << self + def call_me + end + + def call_you + call_me + call_you + end + end +end diff --git a/ruby/ql/test/query-tests/experimental/manually-check-http-verb/ManuallyCheckHttpVerb.expected b/ruby/ql/test/query-tests/experimental/manually-check-http-verb/ManuallyCheckHttpVerb.expected index 1fdf8045c23..b7dff706a1f 100644 --- a/ruby/ql/test/query-tests/experimental/manually-check-http-verb/ManuallyCheckHttpVerb.expected +++ b/ruby/ql/test/query-tests/experimental/manually-check-http-verb/ManuallyCheckHttpVerb.expected @@ -23,10 +23,10 @@ nodes | ManuallyCheckHttpVerb.rb:59:10:59:38 | ...[...] | semmle.label | ...[...] | subpaths #select -| ManuallyCheckHttpVerb.rb:4:8:4:19 | call to get? | ManuallyCheckHttpVerb.rb:4:8:4:19 | call to get? | ManuallyCheckHttpVerb.rb:4:8:4:19 | call to get? | Manually checking HTTP verbs is an indication that multiple requests are routed to the same controller action. This could lead to bypassing necessary authorization methods and other protections, like CSRF protection. Prefer using different controller actions for each HTTP method and relying Rails routing to handle mappting resources and verbs to specific methods. | -| ManuallyCheckHttpVerb.rb:12:8:12:22 | ... == ... | ManuallyCheckHttpVerb.rb:11:14:11:24 | call to env : | ManuallyCheckHttpVerb.rb:12:8:12:22 | ... == ... | Manually checking HTTP verbs is an indication that multiple requests are routed to the same controller action. This could lead to bypassing necessary authorization methods and other protections, like CSRF protection. Prefer using different controller actions for each HTTP method and relying Rails routing to handle mappting resources and verbs to specific methods. | -| ManuallyCheckHttpVerb.rb:20:8:20:22 | ... == ... | ManuallyCheckHttpVerb.rb:19:14:19:35 | call to request_method : | ManuallyCheckHttpVerb.rb:20:8:20:22 | ... == ... | Manually checking HTTP verbs is an indication that multiple requests are routed to the same controller action. This could lead to bypassing necessary authorization methods and other protections, like CSRF protection. Prefer using different controller actions for each HTTP method and relying Rails routing to handle mappting resources and verbs to specific methods. | -| ManuallyCheckHttpVerb.rb:28:8:28:22 | ... == ... | ManuallyCheckHttpVerb.rb:27:14:27:27 | call to method : | ManuallyCheckHttpVerb.rb:28:8:28:22 | ... == ... | Manually checking HTTP verbs is an indication that multiple requests are routed to the same controller action. This could lead to bypassing necessary authorization methods and other protections, like CSRF protection. Prefer using different controller actions for each HTTP method and relying Rails routing to handle mappting resources and verbs to specific methods. | -| ManuallyCheckHttpVerb.rb:36:8:36:22 | ... == ... | ManuallyCheckHttpVerb.rb:35:14:35:39 | call to raw_request_method : | ManuallyCheckHttpVerb.rb:36:8:36:22 | ... == ... | Manually checking HTTP verbs is an indication that multiple requests are routed to the same controller action. This could lead to bypassing necessary authorization methods and other protections, like CSRF protection. Prefer using different controller actions for each HTTP method and relying Rails routing to handle mappting resources and verbs to specific methods. | -| ManuallyCheckHttpVerb.rb:52:10:52:23 | ... == ... | ManuallyCheckHttpVerb.rb:51:16:51:44 | call to request_method_symbol : | ManuallyCheckHttpVerb.rb:52:10:52:23 | ... == ... | Manually checking HTTP verbs is an indication that multiple requests are routed to the same controller action. This could lead to bypassing necessary authorization methods and other protections, like CSRF protection. Prefer using different controller actions for each HTTP method and relying Rails routing to handle mappting resources and verbs to specific methods. | -| ManuallyCheckHttpVerb.rb:59:10:59:38 | ...[...] | ManuallyCheckHttpVerb.rb:59:10:59:20 | call to env : | ManuallyCheckHttpVerb.rb:59:10:59:38 | ...[...] | Manually checking HTTP verbs is an indication that multiple requests are routed to the same controller action. This could lead to bypassing necessary authorization methods and other protections, like CSRF protection. Prefer using different controller actions for each HTTP method and relying Rails routing to handle mappting resources and verbs to specific methods. | +| ManuallyCheckHttpVerb.rb:4:8:4:19 | call to get? | ManuallyCheckHttpVerb.rb:4:8:4:19 | call to get? | ManuallyCheckHttpVerb.rb:4:8:4:19 | call to get? | Manually checking HTTP verbs is an indication that multiple requests are routed to the same controller action. This could lead to bypassing necessary authorization methods and other protections, like CSRF protection. Prefer using different controller actions for each HTTP method and relying Rails routing to handle mapping resources and verbs to specific methods. | +| ManuallyCheckHttpVerb.rb:12:8:12:22 | ... == ... | ManuallyCheckHttpVerb.rb:11:14:11:24 | call to env : | ManuallyCheckHttpVerb.rb:12:8:12:22 | ... == ... | Manually checking HTTP verbs is an indication that multiple requests are routed to the same controller action. This could lead to bypassing necessary authorization methods and other protections, like CSRF protection. Prefer using different controller actions for each HTTP method and relying Rails routing to handle mapping resources and verbs to specific methods. | +| ManuallyCheckHttpVerb.rb:20:8:20:22 | ... == ... | ManuallyCheckHttpVerb.rb:19:14:19:35 | call to request_method : | ManuallyCheckHttpVerb.rb:20:8:20:22 | ... == ... | Manually checking HTTP verbs is an indication that multiple requests are routed to the same controller action. This could lead to bypassing necessary authorization methods and other protections, like CSRF protection. Prefer using different controller actions for each HTTP method and relying Rails routing to handle mapping resources and verbs to specific methods. | +| ManuallyCheckHttpVerb.rb:28:8:28:22 | ... == ... | ManuallyCheckHttpVerb.rb:27:14:27:27 | call to method : | ManuallyCheckHttpVerb.rb:28:8:28:22 | ... == ... | Manually checking HTTP verbs is an indication that multiple requests are routed to the same controller action. This could lead to bypassing necessary authorization methods and other protections, like CSRF protection. Prefer using different controller actions for each HTTP method and relying Rails routing to handle mapping resources and verbs to specific methods. | +| ManuallyCheckHttpVerb.rb:36:8:36:22 | ... == ... | ManuallyCheckHttpVerb.rb:35:14:35:39 | call to raw_request_method : | ManuallyCheckHttpVerb.rb:36:8:36:22 | ... == ... | Manually checking HTTP verbs is an indication that multiple requests are routed to the same controller action. This could lead to bypassing necessary authorization methods and other protections, like CSRF protection. Prefer using different controller actions for each HTTP method and relying Rails routing to handle mapping resources and verbs to specific methods. | +| ManuallyCheckHttpVerb.rb:52:10:52:23 | ... == ... | ManuallyCheckHttpVerb.rb:51:16:51:44 | call to request_method_symbol : | ManuallyCheckHttpVerb.rb:52:10:52:23 | ... == ... | Manually checking HTTP verbs is an indication that multiple requests are routed to the same controller action. This could lead to bypassing necessary authorization methods and other protections, like CSRF protection. Prefer using different controller actions for each HTTP method and relying Rails routing to handle mapping resources and verbs to specific methods. | +| ManuallyCheckHttpVerb.rb:59:10:59:38 | ...[...] | ManuallyCheckHttpVerb.rb:59:10:59:20 | call to env : | ManuallyCheckHttpVerb.rb:59:10:59:38 | ...[...] | Manually checking HTTP verbs is an indication that multiple requests are routed to the same controller action. This could lead to bypassing necessary authorization methods and other protections, like CSRF protection. Prefer using different controller actions for each HTTP method and relying Rails routing to handle mapping resources and verbs to specific methods. | diff --git a/ruby/ql/test/query-tests/security/cwe-078/KernelOpen/KernelOpen.expected b/ruby/ql/test/query-tests/security/cwe-078/KernelOpen/KernelOpen.expected index fc87de5c103..140dbca5371 100644 --- a/ruby/ql/test/query-tests/security/cwe-078/KernelOpen/KernelOpen.expected +++ b/ruby/ql/test/query-tests/security/cwe-078/KernelOpen/KernelOpen.expected @@ -9,5 +9,5 @@ nodes | KernelOpen.rb:5:13:5:16 | file | semmle.label | file | subpaths #select -| KernelOpen.rb:4:10:4:13 | file | KernelOpen.rb:3:12:3:17 | call to params : | KernelOpen.rb:4:10:4:13 | file | This call to Kernel.open depends on a $@. Replace it with File.open. | KernelOpen.rb:3:12:3:17 | call to params | user-provided value | -| KernelOpen.rb:5:13:5:16 | file | KernelOpen.rb:3:12:3:17 | call to params : | KernelOpen.rb:5:13:5:16 | file | This call to IO.read depends on a $@. Replace it with File.read. | KernelOpen.rb:3:12:3:17 | call to params | user-provided value | +| KernelOpen.rb:4:10:4:13 | file | KernelOpen.rb:3:12:3:17 | call to params : | KernelOpen.rb:4:10:4:13 | file | This call to Kernel.open depends on a $@. Consider replacing it with File.open. | KernelOpen.rb:3:12:3:17 | call to params | user-provided value | +| KernelOpen.rb:5:13:5:16 | file | KernelOpen.rb:3:12:3:17 | call to params : | KernelOpen.rb:5:13:5:16 | file | This call to IO.read depends on a $@. Consider replacing it with File.read. | KernelOpen.rb:3:12:3:17 | call to params | user-provided value | diff --git a/ruby/ql/test/query-tests/security/cwe-078/NonConstantKernelOpen/NonConstantKernelOpen.expected b/ruby/ql/test/query-tests/security/cwe-078/NonConstantKernelOpen/NonConstantKernelOpen.expected new file mode 100644 index 00000000000..920592aae3e --- /dev/null +++ b/ruby/ql/test/query-tests/security/cwe-078/NonConstantKernelOpen/NonConstantKernelOpen.expected @@ -0,0 +1,4 @@ +| NonConstantKernelOpen.rb:4:5:4:14 | call to open | Call to Kernel.open with a non-constant value. Consider replacing it with File.open. | +| NonConstantKernelOpen.rb:5:5:5:17 | call to read | Call to IO.read with a non-constant value. Consider replacing it with File.read. | +| NonConstantKernelOpen.rb:9:5:9:21 | call to open | Call to Kernel.open with a non-constant value. Consider replacing it with File.open. | +| NonConstantKernelOpen.rb:19:5:19:33 | call to open | Call to Kernel.open with a non-constant value. Consider replacing it with File.open. | diff --git a/ruby/ql/test/query-tests/security/cwe-078/NonConstantKernelOpen/NonConstantKernelOpen.qlref b/ruby/ql/test/query-tests/security/cwe-078/NonConstantKernelOpen/NonConstantKernelOpen.qlref new file mode 100644 index 00000000000..0b23d9102b9 --- /dev/null +++ b/ruby/ql/test/query-tests/security/cwe-078/NonConstantKernelOpen/NonConstantKernelOpen.qlref @@ -0,0 +1 @@ +queries/security/cwe-078/NonConstantKernelOpen.ql \ No newline at end of file diff --git a/ruby/ql/test/query-tests/security/cwe-078/NonConstantKernelOpen/NonConstantKernelOpen.rb b/ruby/ql/test/query-tests/security/cwe-078/NonConstantKernelOpen/NonConstantKernelOpen.rb new file mode 100644 index 00000000000..b22ba051722 --- /dev/null +++ b/ruby/ql/test/query-tests/security/cwe-078/NonConstantKernelOpen/NonConstantKernelOpen.rb @@ -0,0 +1,23 @@ +class UsersController < ActionController::Base + def create + file = params[:file] + open(file) # BAD + IO.read(file) # BAD + + File.open(file).read # GOOD + + Kernel.open(file) # BAD + + File.open(file, "r") # GOOD + + Kernel.open("constant") # GOOD + + IO.read("constant") # GOOD + + Kernel.open("this is #{fine}") # GOOD + + Kernel.open("#{this_is} bad") # BAD + + open("| #{this_is_an_explicit_command} foo bar") # GOOD + end +end diff --git a/ruby/ql/test/query-tests/security/cwe-079/ReflectedXSS.expected b/ruby/ql/test/query-tests/security/cwe-079/ReflectedXSS.expected index 9e238048dda..59599558af7 100644 --- a/ruby/ql/test/query-tests/security/cwe-079/ReflectedXSS.expected +++ b/ruby/ql/test/query-tests/security/cwe-079/ReflectedXSS.expected @@ -10,13 +10,17 @@ edges | app/controllers/foo/bars_controller.rb:17:21:17:36 | ...[...] : | app/views/foo/bars/show.html.erb:2:18:2:30 | @user_website | | app/controllers/foo/bars_controller.rb:18:10:18:15 | call to params : | app/controllers/foo/bars_controller.rb:18:10:18:22 | ...[...] : | | app/controllers/foo/bars_controller.rb:18:10:18:22 | ...[...] : | app/controllers/foo/bars_controller.rb:19:22:19:23 | dt : | -| app/controllers/foo/bars_controller.rb:18:10:18:22 | ...[...] : | app/controllers/foo/bars_controller.rb:23:53:23:54 | dt : | +| app/controllers/foo/bars_controller.rb:18:10:18:22 | ...[...] : | app/controllers/foo/bars_controller.rb:26:53:26:54 | dt : | | app/controllers/foo/bars_controller.rb:19:22:19:23 | dt : | app/views/foo/bars/show.html.erb:41:3:41:16 | @instance_text | -| app/controllers/foo/bars_controller.rb:23:53:23:54 | dt : | app/views/foo/bars/show.html.erb:5:9:5:20 | call to display_text | -| app/controllers/foo/bars_controller.rb:23:53:23:54 | dt : | app/views/foo/bars/show.html.erb:8:9:8:36 | ...[...] | -| app/controllers/foo/bars_controller.rb:23:53:23:54 | dt : | app/views/foo/bars/show.html.erb:12:9:12:26 | ...[...] | -| app/controllers/foo/bars_controller.rb:23:53:23:54 | dt : | app/views/foo/bars/show.html.erb:36:3:36:14 | call to display_text | -| app/controllers/foo/bars_controller.rb:23:53:23:54 | dt : | app/views/foo/bars/show.html.erb:44:76:44:87 | call to display_text : | +| app/controllers/foo/bars_controller.rb:24:39:24:44 | call to params : | app/controllers/foo/bars_controller.rb:24:39:24:59 | ...[...] : | +| app/controllers/foo/bars_controller.rb:24:39:24:59 | ...[...] : | app/controllers/foo/bars_controller.rb:24:39:24:59 | ... = ... | +| app/controllers/foo/bars_controller.rb:26:53:26:54 | dt : | app/views/foo/bars/show.html.erb:5:9:5:20 | call to display_text | +| app/controllers/foo/bars_controller.rb:26:53:26:54 | dt : | app/views/foo/bars/show.html.erb:8:9:8:36 | ...[...] | +| app/controllers/foo/bars_controller.rb:26:53:26:54 | dt : | app/views/foo/bars/show.html.erb:12:9:12:26 | ...[...] | +| app/controllers/foo/bars_controller.rb:26:53:26:54 | dt : | app/views/foo/bars/show.html.erb:36:3:36:14 | call to display_text | +| app/controllers/foo/bars_controller.rb:26:53:26:54 | dt : | app/views/foo/bars/show.html.erb:44:76:44:87 | call to display_text : | +| app/controllers/foo/bars_controller.rb:30:11:30:16 | call to params : | app/controllers/foo/bars_controller.rb:30:11:30:28 | ...[...] : | +| app/controllers/foo/bars_controller.rb:30:11:30:28 | ...[...] : | app/controllers/foo/bars_controller.rb:31:5:31:7 | str | | app/views/foo/bars/show.html.erb:44:64:44:87 | ... + ... : | app/views/foo/bars/_widget.html.erb:5:9:5:20 | call to display_text | | app/views/foo/bars/show.html.erb:44:64:44:87 | ... + ... : | app/views/foo/bars/_widget.html.erb:8:9:8:36 | ...[...] | | app/views/foo/bars/show.html.erb:44:76:44:87 | call to display_text : | app/views/foo/bars/show.html.erb:44:64:44:87 | ... + ... : | @@ -35,7 +39,13 @@ nodes | app/controllers/foo/bars_controller.rb:18:10:18:15 | call to params : | semmle.label | call to params : | | app/controllers/foo/bars_controller.rb:18:10:18:22 | ...[...] : | semmle.label | ...[...] : | | app/controllers/foo/bars_controller.rb:19:22:19:23 | dt : | semmle.label | dt : | -| app/controllers/foo/bars_controller.rb:23:53:23:54 | dt : | semmle.label | dt : | +| app/controllers/foo/bars_controller.rb:24:39:24:44 | call to params : | semmle.label | call to params : | +| app/controllers/foo/bars_controller.rb:24:39:24:59 | ... = ... | semmle.label | ... = ... | +| app/controllers/foo/bars_controller.rb:24:39:24:59 | ...[...] : | semmle.label | ...[...] : | +| app/controllers/foo/bars_controller.rb:26:53:26:54 | dt : | semmle.label | dt : | +| app/controllers/foo/bars_controller.rb:30:11:30:16 | call to params : | semmle.label | call to params : | +| app/controllers/foo/bars_controller.rb:30:11:30:28 | ...[...] : | semmle.label | ...[...] : | +| app/controllers/foo/bars_controller.rb:31:5:31:7 | str | semmle.label | str | | app/views/foo/bars/_widget.html.erb:5:9:5:20 | call to display_text | semmle.label | call to display_text | | app/views/foo/bars/_widget.html.erb:8:9:8:36 | ...[...] | semmle.label | ...[...] | | app/views/foo/bars/show.html.erb:2:18:2:30 | @user_website | semmle.label | @user_website | @@ -58,6 +68,8 @@ nodes | app/views/foo/bars/show.html.erb:77:28:77:39 | ...[...] | semmle.label | ...[...] | subpaths #select +| app/controllers/foo/bars_controller.rb:24:39:24:59 | ... = ... | app/controllers/foo/bars_controller.rb:24:39:24:44 | call to params : | app/controllers/foo/bars_controller.rb:24:39:24:59 | ... = ... | Cross-site scripting vulnerability due to a $@. | app/controllers/foo/bars_controller.rb:24:39:24:44 | call to params | user-provided value | +| app/controllers/foo/bars_controller.rb:31:5:31:7 | str | app/controllers/foo/bars_controller.rb:30:11:30:16 | call to params : | app/controllers/foo/bars_controller.rb:31:5:31:7 | str | Cross-site scripting vulnerability due to a $@. | app/controllers/foo/bars_controller.rb:30:11:30:16 | call to params | user-provided value | | app/views/foo/bars/_widget.html.erb:5:9:5:20 | call to display_text | app/controllers/foo/bars_controller.rb:18:10:18:15 | call to params : | app/views/foo/bars/_widget.html.erb:5:9:5:20 | call to display_text | Cross-site scripting vulnerability due to a $@. | app/controllers/foo/bars_controller.rb:18:10:18:15 | call to params | user-provided value | | app/views/foo/bars/_widget.html.erb:8:9:8:36 | ...[...] | app/controllers/foo/bars_controller.rb:18:10:18:15 | call to params : | app/views/foo/bars/_widget.html.erb:8:9:8:36 | ...[...] | Cross-site scripting vulnerability due to a $@. | app/controllers/foo/bars_controller.rb:18:10:18:15 | call to params | user-provided value | | app/views/foo/bars/show.html.erb:2:18:2:30 | @user_website | app/controllers/foo/bars_controller.rb:17:21:17:26 | call to params : | app/views/foo/bars/show.html.erb:2:18:2:30 | @user_website | Cross-site scripting vulnerability due to a $@. | app/controllers/foo/bars_controller.rb:17:21:17:26 | call to params | user-provided value | diff --git a/ruby/ql/test/query-tests/security/cwe-079/app/controllers/foo/bars_controller.rb b/ruby/ql/test/query-tests/security/cwe-079/app/controllers/foo/bars_controller.rb index 56df7b4d3dd..ce6adfda027 100644 --- a/ruby/ql/test/query-tests/security/cwe-079/app/controllers/foo/bars_controller.rb +++ b/ruby/ql/test/query-tests/security/cwe-079/app/controllers/foo/bars_controller.rb @@ -20,6 +20,14 @@ class BarsController < ApplicationController @safe_foo = params[:text] @safe_foo = "safe_foo" @html_escaped = ERB::Util.html_escape(params[:text]) + @header_escaped = ERB::Util.html_escape(cookies[:foo]) # OK - cookies not controllable by 3rd party + response.header["content-type"] = params[:content_type] + response.header["x-customer-header"] = params[:bar] # OK - header not relevant to XSS render "foo/bars/show", locals: { display_text: dt, safe_text: "hello" } end + + def make_safe_html + str = params[:user_name] + str.html_safe + end end diff --git a/ruby/ql/test/query-tests/security/cwe-079/app/views/foo/stores/show.html.erb b/ruby/ql/test/query-tests/security/cwe-079/app/views/foo/stores/show.html.erb index 90b70199767..cc1d9565039 100644 --- a/ruby/ql/test/query-tests/security/cwe-079/app/views/foo/stores/show.html.erb +++ b/ruby/ql/test/query-tests/security/cwe-079/app/views/foo/stores/show.html.erb @@ -81,3 +81,6 @@ <%# BAD: Indirect to a database value without escaping %> <%= @other_user_raw_name.html_safe %> + +<%# GOOD: The `foo.bar.baz` is not recognized as a source %> +<%= @other_user_raw_name.foo.bar.baz.html_safe %> \ No newline at end of file diff --git a/ruby/ql/test/query-tests/security/cwe-094/CodeInjection.expected b/ruby/ql/test/query-tests/security/cwe-094/CodeInjection.expected index fdf5b95aacc..f70ce6ca67e 100644 --- a/ruby/ql/test/query-tests/security/cwe-094/CodeInjection.expected +++ b/ruby/ql/test/query-tests/security/cwe-094/CodeInjection.expected @@ -1,29 +1,32 @@ edges -| CodeInjection.rb:3:12:3:17 | call to params : | CodeInjection.rb:3:12:3:24 | ...[...] : | -| CodeInjection.rb:3:12:3:24 | ...[...] : | CodeInjection.rb:6:10:6:13 | code | -| CodeInjection.rb:3:12:3:24 | ...[...] : | CodeInjection.rb:18:20:18:23 | code | -| CodeInjection.rb:3:12:3:24 | ...[...] : | CodeInjection.rb:21:21:21:24 | code | -| CodeInjection.rb:3:12:3:24 | ...[...] : | CodeInjection.rb:27:15:27:18 | code | -| CodeInjection.rb:3:12:3:24 | ...[...] : | CodeInjection.rb:30:19:30:22 | code | -| CodeInjection.rb:3:12:3:24 | ...[...] : | CodeInjection.rb:36:24:36:27 | code : | -| CodeInjection.rb:36:24:36:27 | code : | CodeInjection.rb:36:10:36:28 | call to escape | +| CodeInjection.rb:5:12:5:17 | call to params : | CodeInjection.rb:5:12:5:24 | ...[...] : | +| CodeInjection.rb:5:12:5:24 | ...[...] : | CodeInjection.rb:8:10:8:13 | code | +| CodeInjection.rb:5:12:5:24 | ...[...] : | CodeInjection.rb:20:20:20:23 | code | +| CodeInjection.rb:5:12:5:24 | ...[...] : | CodeInjection.rb:23:21:23:24 | code | +| CodeInjection.rb:5:12:5:24 | ...[...] : | CodeInjection.rb:29:15:29:18 | code | +| CodeInjection.rb:5:12:5:24 | ...[...] : | CodeInjection.rb:32:19:32:22 | code | +| CodeInjection.rb:5:12:5:24 | ...[...] : | CodeInjection.rb:38:24:38:27 | code : | +| CodeInjection.rb:5:12:5:24 | ...[...] : | CodeInjection.rb:41:40:41:43 | code | +| CodeInjection.rb:38:24:38:27 | code : | CodeInjection.rb:38:10:38:28 | call to escape | nodes -| CodeInjection.rb:3:12:3:17 | call to params : | semmle.label | call to params : | -| CodeInjection.rb:3:12:3:24 | ...[...] : | semmle.label | ...[...] : | -| CodeInjection.rb:6:10:6:13 | code | semmle.label | code | -| CodeInjection.rb:9:10:9:15 | call to params | semmle.label | call to params | -| CodeInjection.rb:18:20:18:23 | code | semmle.label | code | -| CodeInjection.rb:21:21:21:24 | code | semmle.label | code | -| CodeInjection.rb:27:15:27:18 | code | semmle.label | code | -| CodeInjection.rb:30:19:30:22 | code | semmle.label | code | -| CodeInjection.rb:36:10:36:28 | call to escape | semmle.label | call to escape | -| CodeInjection.rb:36:24:36:27 | code : | semmle.label | code : | +| CodeInjection.rb:5:12:5:17 | call to params : | semmle.label | call to params : | +| CodeInjection.rb:5:12:5:24 | ...[...] : | semmle.label | ...[...] : | +| CodeInjection.rb:8:10:8:13 | code | semmle.label | code | +| CodeInjection.rb:11:10:11:15 | call to params | semmle.label | call to params | +| CodeInjection.rb:20:20:20:23 | code | semmle.label | code | +| CodeInjection.rb:23:21:23:24 | code | semmle.label | code | +| CodeInjection.rb:29:15:29:18 | code | semmle.label | code | +| CodeInjection.rb:32:19:32:22 | code | semmle.label | code | +| CodeInjection.rb:38:10:38:28 | call to escape | semmle.label | call to escape | +| CodeInjection.rb:38:24:38:27 | code : | semmle.label | code : | +| CodeInjection.rb:41:40:41:43 | code | semmle.label | code | subpaths #select -| CodeInjection.rb:6:10:6:13 | code | CodeInjection.rb:3:12:3:17 | call to params : | CodeInjection.rb:6:10:6:13 | code | This code execution depends on a $@. | CodeInjection.rb:3:12:3:17 | call to params | user-provided value | -| CodeInjection.rb:9:10:9:15 | call to params | CodeInjection.rb:9:10:9:15 | call to params | CodeInjection.rb:9:10:9:15 | call to params | This code execution depends on a $@. | CodeInjection.rb:9:10:9:15 | call to params | user-provided value | -| CodeInjection.rb:18:20:18:23 | code | CodeInjection.rb:3:12:3:17 | call to params : | CodeInjection.rb:18:20:18:23 | code | This code execution depends on a $@. | CodeInjection.rb:3:12:3:17 | call to params | user-provided value | -| CodeInjection.rb:21:21:21:24 | code | CodeInjection.rb:3:12:3:17 | call to params : | CodeInjection.rb:21:21:21:24 | code | This code execution depends on a $@. | CodeInjection.rb:3:12:3:17 | call to params | user-provided value | -| CodeInjection.rb:27:15:27:18 | code | CodeInjection.rb:3:12:3:17 | call to params : | CodeInjection.rb:27:15:27:18 | code | This code execution depends on a $@. | CodeInjection.rb:3:12:3:17 | call to params | user-provided value | -| CodeInjection.rb:30:19:30:22 | code | CodeInjection.rb:3:12:3:17 | call to params : | CodeInjection.rb:30:19:30:22 | code | This code execution depends on a $@. | CodeInjection.rb:3:12:3:17 | call to params | user-provided value | -| CodeInjection.rb:36:10:36:28 | call to escape | CodeInjection.rb:3:12:3:17 | call to params : | CodeInjection.rb:36:10:36:28 | call to escape | This code execution depends on a $@. | CodeInjection.rb:3:12:3:17 | call to params | user-provided value | +| CodeInjection.rb:8:10:8:13 | code | CodeInjection.rb:5:12:5:17 | call to params : | CodeInjection.rb:8:10:8:13 | code | This code execution depends on a $@. | CodeInjection.rb:5:12:5:17 | call to params | user-provided value | +| CodeInjection.rb:11:10:11:15 | call to params | CodeInjection.rb:11:10:11:15 | call to params | CodeInjection.rb:11:10:11:15 | call to params | This code execution depends on a $@. | CodeInjection.rb:11:10:11:15 | call to params | user-provided value | +| CodeInjection.rb:20:20:20:23 | code | CodeInjection.rb:5:12:5:17 | call to params : | CodeInjection.rb:20:20:20:23 | code | This code execution depends on a $@. | CodeInjection.rb:5:12:5:17 | call to params | user-provided value | +| CodeInjection.rb:23:21:23:24 | code | CodeInjection.rb:5:12:5:17 | call to params : | CodeInjection.rb:23:21:23:24 | code | This code execution depends on a $@. | CodeInjection.rb:5:12:5:17 | call to params | user-provided value | +| CodeInjection.rb:29:15:29:18 | code | CodeInjection.rb:5:12:5:17 | call to params : | CodeInjection.rb:29:15:29:18 | code | This code execution depends on a $@. | CodeInjection.rb:5:12:5:17 | call to params | user-provided value | +| CodeInjection.rb:32:19:32:22 | code | CodeInjection.rb:5:12:5:17 | call to params : | CodeInjection.rb:32:19:32:22 | code | This code execution depends on a $@. | CodeInjection.rb:5:12:5:17 | call to params | user-provided value | +| CodeInjection.rb:38:10:38:28 | call to escape | CodeInjection.rb:5:12:5:17 | call to params : | CodeInjection.rb:38:10:38:28 | call to escape | This code execution depends on a $@. | CodeInjection.rb:5:12:5:17 | call to params | user-provided value | +| CodeInjection.rb:41:40:41:43 | code | CodeInjection.rb:5:12:5:17 | call to params : | CodeInjection.rb:41:40:41:43 | code | This code execution depends on a $@. | CodeInjection.rb:5:12:5:17 | call to params | user-provided value | diff --git a/ruby/ql/test/query-tests/security/cwe-094/CodeInjection.rb b/ruby/ql/test/query-tests/security/cwe-094/CodeInjection.rb index 5f58eebd92b..8a1d52fa176 100644 --- a/ruby/ql/test/query-tests/security/cwe-094/CodeInjection.rb +++ b/ruby/ql/test/query-tests/security/cwe-094/CodeInjection.rb @@ -1,3 +1,5 @@ +require 'active_job' + class UsersController < ActionController::Base def create code = params[:code] @@ -22,18 +24,21 @@ class UsersController < ActionController::Base # GOOD Bar.class_eval(code) - + # BAD const_get(code) - + # BAD Foo.const_get(code) - + # GOOD Bar.const_get(code) # BAD eval(Regexp.escape(code)) + + # BAD + ActiveJob::Serializers.deserialize(code) end def update @@ -62,8 +67,8 @@ class Bar def self.class_eval(x) true end - + def self.const_get(x) true end -end \ No newline at end of file +end diff --git a/ruby/ql/test/query-tests/security/cwe-1333-polynomial-redos/PolynomialReDoS.expected b/ruby/ql/test/query-tests/security/cwe-1333-polynomial-redos/PolynomialReDoS.expected index 8c333d612c3..975b3f9ce39 100644 --- a/ruby/ql/test/query-tests/security/cwe-1333-polynomial-redos/PolynomialReDoS.expected +++ b/ruby/ql/test/query-tests/security/cwe-1333-polynomial-redos/PolynomialReDoS.expected @@ -15,6 +15,8 @@ edges | PolynomialReDoS.rb:4:12:4:24 | ...[...] : | PolynomialReDoS.rb:22:5:22:8 | name | | PolynomialReDoS.rb:4:12:4:24 | ...[...] : | PolynomialReDoS.rb:23:17:23:20 | name | | PolynomialReDoS.rb:4:12:4:24 | ...[...] : | PolynomialReDoS.rb:24:18:24:21 | name | +| PolynomialReDoS.rb:4:12:4:24 | ...[...] : | PolynomialReDoS.rb:42:10:42:13 | name | +| PolynomialReDoS.rb:4:12:4:24 | ...[...] : | PolynomialReDoS.rb:47:10:47:13 | name | | PolynomialReDoS.rb:27:9:27:14 | call to params : | PolynomialReDoS.rb:27:9:27:18 | ...[...] : | | PolynomialReDoS.rb:27:9:27:18 | ...[...] : | PolynomialReDoS.rb:28:5:28:5 | a | | PolynomialReDoS.rb:29:9:29:14 | call to params : | PolynomialReDoS.rb:29:9:29:18 | ...[...] : | @@ -48,6 +50,8 @@ nodes | PolynomialReDoS.rb:31:9:31:14 | call to params : | semmle.label | call to params : | | PolynomialReDoS.rb:31:9:31:18 | ...[...] : | semmle.label | ...[...] : | | PolynomialReDoS.rb:32:5:32:5 | c | semmle.label | c | +| PolynomialReDoS.rb:42:10:42:13 | name | semmle.label | name | +| PolynomialReDoS.rb:47:10:47:13 | name | semmle.label | name | subpaths #select | PolynomialReDoS.rb:10:5:10:17 | ... =~ ... | PolynomialReDoS.rb:4:12:4:17 | call to params : | PolynomialReDoS.rb:10:5:10:8 | name | This $@ that depends on a $@ may run slow on strings with many repetitions of ' '. | PolynomialReDoS.rb:7:19:7:21 | \\s+ | regular expression | PolynomialReDoS.rb:4:12:4:17 | call to params | user-provided value | @@ -68,3 +72,5 @@ subpaths | PolynomialReDoS.rb:28:5:28:21 | call to gsub! | PolynomialReDoS.rb:27:9:27:14 | call to params : | PolynomialReDoS.rb:28:5:28:5 | a | This $@ that depends on a $@ may run slow on strings with many repetitions of ' '. | PolynomialReDoS.rb:7:19:7:21 | \\s+ | regular expression | PolynomialReDoS.rb:27:9:27:14 | call to params | user-provided value | | PolynomialReDoS.rb:30:5:30:18 | call to slice! | PolynomialReDoS.rb:29:9:29:14 | call to params : | PolynomialReDoS.rb:30:5:30:5 | b | This $@ that depends on a $@ may run slow on strings with many repetitions of ' '. | PolynomialReDoS.rb:7:19:7:21 | \\s+ | regular expression | PolynomialReDoS.rb:29:9:29:14 | call to params | user-provided value | | PolynomialReDoS.rb:32:5:32:20 | call to sub! | PolynomialReDoS.rb:31:9:31:14 | call to params : | PolynomialReDoS.rb:32:5:32:5 | c | This $@ that depends on a $@ may run slow on strings with many repetitions of ' '. | PolynomialReDoS.rb:7:19:7:21 | \\s+ | regular expression | PolynomialReDoS.rb:31:9:31:14 | call to params | user-provided value | +| PolynomialReDoS.rb:42:5:45:7 | case ... | PolynomialReDoS.rb:4:12:4:17 | call to params : | PolynomialReDoS.rb:42:10:42:13 | name | This $@ that depends on a $@ may run slow on strings with many repetitions of ' '. | PolynomialReDoS.rb:7:19:7:21 | \\s+ | regular expression | PolynomialReDoS.rb:4:12:4:17 | call to params | user-provided value | +| PolynomialReDoS.rb:47:5:50:7 | case ... | PolynomialReDoS.rb:4:12:4:17 | call to params : | PolynomialReDoS.rb:47:10:47:13 | name | This $@ that depends on a $@ may run slow on strings with many repetitions of ' '. | PolynomialReDoS.rb:48:14:48:16 | \\s+ | regular expression | PolynomialReDoS.rb:4:12:4:17 | call to params | user-provided value | diff --git a/ruby/ql/test/query-tests/security/cwe-1333-polynomial-redos/PolynomialReDoS.rb b/ruby/ql/test/query-tests/security/cwe-1333-polynomial-redos/PolynomialReDoS.rb index 55db9555584..0f9ec026d40 100644 --- a/ruby/ql/test/query-tests/security/cwe-1333-polynomial-redos/PolynomialReDoS.rb +++ b/ruby/ql/test/query-tests/security/cwe-1333-polynomial-redos/PolynomialReDoS.rb @@ -38,5 +38,15 @@ class FooController < ActionController::Base # GOOD - regex does not suffer from polynomial backtracking (regression test) params[:foo] =~ /\A[bc].*\Z/ + + case name # NOT GOOD + when regex + puts "foo" + end + + case name # NOT GOOD + in /^\s+|\s+$/ then + puts "foo" + end end end diff --git a/ruby/ql/test/query-tests/security/cwe-327/BrokenCryptoAlgorithm.expected b/ruby/ql/test/query-tests/security/cwe-327/BrokenCryptoAlgorithm.expected index 62f621fd8c4..d4378b8f719 100644 --- a/ruby/ql/test/query-tests/security/cwe-327/BrokenCryptoAlgorithm.expected +++ b/ruby/ql/test/query-tests/security/cwe-327/BrokenCryptoAlgorithm.expected @@ -17,3 +17,13 @@ | broken_crypto.rb:75:1:75:24 | call to new | The cryptographic algorithm RC4 is broken or weak, and should not be used. | | broken_crypto.rb:77:1:77:29 | call to new | The cryptographic algorithm RC4 is broken or weak, and should not be used. | | broken_crypto.rb:79:1:79:35 | call to new | The cryptographic algorithm RC4 is broken or weak, and should not be used. | +| broken_crypto.rb:81:1:81:28 | call to hexdigest | The cryptographic algorithm MD5 is broken or weak, and should not be used. | +| broken_crypto.rb:84:1:84:31 | call to base64digest | The cryptographic algorithm MD5 is broken or weak, and should not be used. | +| broken_crypto.rb:87:1:87:20 | call to digest | The cryptographic algorithm MD5 is broken or weak, and should not be used. | +| broken_crypto.rb:89:1:89:21 | call to update | The cryptographic algorithm MD5 is broken or weak, and should not be used. | +| broken_crypto.rb:90:1:90:17 | ... << ... | The cryptographic algorithm MD5 is broken or weak, and should not be used. | +| broken_crypto.rb:95:1:95:34 | call to bubblebabble | The cryptographic algorithm MD5 is broken or weak, and should not be used. | +| broken_crypto.rb:97:11:97:37 | call to file | The cryptographic algorithm MD5 is broken or weak, and should not be used. | +| broken_crypto.rb:103:1:103:21 | call to digest | The cryptographic algorithm SHA1 is broken or weak, and should not be used. | +| broken_crypto.rb:104:1:104:17 | ... << ... | The cryptographic algorithm SHA1 is broken or weak, and should not be used. | +| broken_crypto.rb:106:1:106:37 | call to digest | The cryptographic algorithm SHA1 is broken or weak, and should not be used. | diff --git a/ruby/ql/test/query-tests/security/cwe-327/broken_crypto.rb b/ruby/ql/test/query-tests/security/cwe-327/broken_crypto.rb index 3f2c5013e18..1de64c09130 100644 --- a/ruby/ql/test/query-tests/security/cwe-327/broken_crypto.rb +++ b/ruby/ql/test/query-tests/security/cwe-327/broken_crypto.rb @@ -77,3 +77,31 @@ OpenSSL::Cipher::RC4.new OpenSSL::Cipher::RC4.new '40' # BAD: weak encryption algorithm OpenSSL::Cipher::RC4.new 'hmac-md5' + +Digest::MD5.hexdigest('foo') # BAD: weak hash algorithm +Digest::SHA256.hexdigest('foo') # GOOD: strong hash algorithm + +Digest::MD5.base64digest('foo') # BAD: weak hash algorithm + +md5 = Digest::MD5.new +md5.digest 'message' # BAD: weak hash algorithm + +md5.update 'message1' # BAD: weak hash algorithm +md5 << 'message2' # << is an alias for update + +sha256 = Digest::SHA256.new +sha256.digest 'message' # GOOD: strong hash algorithm + +Digest::MD5.bubblebabble 'message' # BAD: weak hash algorithm + +filemd5 = Digest::MD5.file 'testfile' +filemd5.hexdigest + +Digest("MD5").hexdigest('foo') # BAD: weak hash algorithm + +sha1 = OpenSSL::Digest.new('SHA1') +sha1.digest 'message' # BAD: weak hash algorithm +sha1 << 'message' # << is an alias for update + +OpenSSL::Digest.digest('SHA1', "abc") # BAD: weak hash algorithm +OpenSSL::Digest.digest('SHA3-512', "abc") # GOOD: strong hash algorithm \ No newline at end of file diff --git a/ruby/ql/test/query-tests/security/cwe-502/unsafe-deserialization/UnsafeDeserialization.expected b/ruby/ql/test/query-tests/security/cwe-502/unsafe-deserialization/UnsafeDeserialization.expected index f6d213c9a9b..61e9d96b3e4 100644 --- a/ruby/ql/test/query-tests/security/cwe-502/unsafe-deserialization/UnsafeDeserialization.expected +++ b/ruby/ql/test/query-tests/security/cwe-502/unsafe-deserialization/UnsafeDeserialization.expected @@ -1,61 +1,69 @@ edges -| UnsafeDeserialization.rb:9:39:9:44 | call to params : | UnsafeDeserialization.rb:9:39:9:50 | ...[...] : | -| UnsafeDeserialization.rb:9:39:9:50 | ...[...] : | UnsafeDeserialization.rb:10:27:10:41 | serialized_data | -| UnsafeDeserialization.rb:15:39:15:44 | call to params : | UnsafeDeserialization.rb:15:39:15:50 | ...[...] : | -| UnsafeDeserialization.rb:15:39:15:50 | ...[...] : | UnsafeDeserialization.rb:16:30:16:44 | serialized_data | -| UnsafeDeserialization.rb:21:17:21:22 | call to params : | UnsafeDeserialization.rb:21:17:21:28 | ...[...] : | -| UnsafeDeserialization.rb:21:17:21:28 | ...[...] : | UnsafeDeserialization.rb:22:24:22:32 | json_data | -| UnsafeDeserialization.rb:27:17:27:22 | call to params : | UnsafeDeserialization.rb:27:17:27:28 | ...[...] : | -| UnsafeDeserialization.rb:27:17:27:28 | ...[...] : | UnsafeDeserialization.rb:28:27:28:35 | json_data | -| UnsafeDeserialization.rb:39:17:39:22 | call to params : | UnsafeDeserialization.rb:39:17:39:28 | ...[...] : | -| UnsafeDeserialization.rb:39:17:39:28 | ...[...] : | UnsafeDeserialization.rb:40:24:40:32 | yaml_data | -| UnsafeDeserialization.rb:51:17:51:22 | call to params : | UnsafeDeserialization.rb:51:17:51:28 | ...[...] : | -| UnsafeDeserialization.rb:51:17:51:28 | ...[...] : | UnsafeDeserialization.rb:52:22:52:30 | json_data | -| UnsafeDeserialization.rb:51:17:51:28 | ...[...] : | UnsafeDeserialization.rb:53:22:53:30 | json_data | -| UnsafeDeserialization.rb:58:17:58:22 | call to params : | UnsafeDeserialization.rb:58:17:58:28 | ...[...] : | -| UnsafeDeserialization.rb:58:17:58:28 | ...[...] : | UnsafeDeserialization.rb:68:23:68:31 | json_data | -| UnsafeDeserialization.rb:80:11:80:16 | call to params : | UnsafeDeserialization.rb:80:11:80:22 | ...[...] : | -| UnsafeDeserialization.rb:80:11:80:22 | ...[...] : | UnsafeDeserialization.rb:81:34:81:36 | xml | -| UnsafeDeserialization.rb:86:17:86:22 | call to params : | UnsafeDeserialization.rb:86:17:86:28 | ...[...] : | -| UnsafeDeserialization.rb:86:17:86:28 | ...[...] : | UnsafeDeserialization.rb:87:25:87:33 | yaml_data | +| UnsafeDeserialization.rb:10:39:10:44 | call to params : | UnsafeDeserialization.rb:10:39:10:50 | ...[...] : | +| UnsafeDeserialization.rb:10:39:10:50 | ...[...] : | UnsafeDeserialization.rb:11:27:11:41 | serialized_data | +| UnsafeDeserialization.rb:16:39:16:44 | call to params : | UnsafeDeserialization.rb:16:39:16:50 | ...[...] : | +| UnsafeDeserialization.rb:16:39:16:50 | ...[...] : | UnsafeDeserialization.rb:17:30:17:44 | serialized_data | +| UnsafeDeserialization.rb:22:17:22:22 | call to params : | UnsafeDeserialization.rb:22:17:22:28 | ...[...] : | +| UnsafeDeserialization.rb:22:17:22:28 | ...[...] : | UnsafeDeserialization.rb:23:24:23:32 | json_data | +| UnsafeDeserialization.rb:28:17:28:22 | call to params : | UnsafeDeserialization.rb:28:17:28:28 | ...[...] : | +| UnsafeDeserialization.rb:28:17:28:28 | ...[...] : | UnsafeDeserialization.rb:29:27:29:35 | json_data | +| UnsafeDeserialization.rb:40:17:40:22 | call to params : | UnsafeDeserialization.rb:40:17:40:28 | ...[...] : | +| UnsafeDeserialization.rb:40:17:40:28 | ...[...] : | UnsafeDeserialization.rb:41:24:41:32 | yaml_data | +| UnsafeDeserialization.rb:52:17:52:22 | call to params : | UnsafeDeserialization.rb:52:17:52:28 | ...[...] : | +| UnsafeDeserialization.rb:52:17:52:28 | ...[...] : | UnsafeDeserialization.rb:53:22:53:30 | json_data | +| UnsafeDeserialization.rb:52:17:52:28 | ...[...] : | UnsafeDeserialization.rb:54:22:54:30 | json_data | +| UnsafeDeserialization.rb:59:17:59:22 | call to params : | UnsafeDeserialization.rb:59:17:59:28 | ...[...] : | +| UnsafeDeserialization.rb:59:17:59:28 | ...[...] : | UnsafeDeserialization.rb:69:23:69:31 | json_data | +| UnsafeDeserialization.rb:81:11:81:16 | call to params : | UnsafeDeserialization.rb:81:11:81:22 | ...[...] : | +| UnsafeDeserialization.rb:81:11:81:22 | ...[...] : | UnsafeDeserialization.rb:82:34:82:36 | xml | +| UnsafeDeserialization.rb:87:17:87:22 | call to params : | UnsafeDeserialization.rb:87:17:87:28 | ...[...] : | +| UnsafeDeserialization.rb:87:17:87:28 | ...[...] : | UnsafeDeserialization.rb:88:25:88:33 | yaml_data | +| UnsafeDeserialization.rb:93:30:93:35 | call to params : | UnsafeDeserialization.rb:93:30:93:43 | ...[...] | +| UnsafeDeserialization.rb:99:48:99:53 | call to params : | UnsafeDeserialization.rb:99:48:99:61 | ...[...] | nodes -| UnsafeDeserialization.rb:9:39:9:44 | call to params : | semmle.label | call to params : | -| UnsafeDeserialization.rb:9:39:9:50 | ...[...] : | semmle.label | ...[...] : | -| UnsafeDeserialization.rb:10:27:10:41 | serialized_data | semmle.label | serialized_data | -| UnsafeDeserialization.rb:15:39:15:44 | call to params : | semmle.label | call to params : | -| UnsafeDeserialization.rb:15:39:15:50 | ...[...] : | semmle.label | ...[...] : | -| UnsafeDeserialization.rb:16:30:16:44 | serialized_data | semmle.label | serialized_data | -| UnsafeDeserialization.rb:21:17:21:22 | call to params : | semmle.label | call to params : | -| UnsafeDeserialization.rb:21:17:21:28 | ...[...] : | semmle.label | ...[...] : | -| UnsafeDeserialization.rb:22:24:22:32 | json_data | semmle.label | json_data | -| UnsafeDeserialization.rb:27:17:27:22 | call to params : | semmle.label | call to params : | -| UnsafeDeserialization.rb:27:17:27:28 | ...[...] : | semmle.label | ...[...] : | -| UnsafeDeserialization.rb:28:27:28:35 | json_data | semmle.label | json_data | -| UnsafeDeserialization.rb:39:17:39:22 | call to params : | semmle.label | call to params : | -| UnsafeDeserialization.rb:39:17:39:28 | ...[...] : | semmle.label | ...[...] : | -| UnsafeDeserialization.rb:40:24:40:32 | yaml_data | semmle.label | yaml_data | -| UnsafeDeserialization.rb:51:17:51:22 | call to params : | semmle.label | call to params : | -| UnsafeDeserialization.rb:51:17:51:28 | ...[...] : | semmle.label | ...[...] : | -| UnsafeDeserialization.rb:52:22:52:30 | json_data | semmle.label | json_data | +| UnsafeDeserialization.rb:10:39:10:44 | call to params : | semmle.label | call to params : | +| UnsafeDeserialization.rb:10:39:10:50 | ...[...] : | semmle.label | ...[...] : | +| UnsafeDeserialization.rb:11:27:11:41 | serialized_data | semmle.label | serialized_data | +| UnsafeDeserialization.rb:16:39:16:44 | call to params : | semmle.label | call to params : | +| UnsafeDeserialization.rb:16:39:16:50 | ...[...] : | semmle.label | ...[...] : | +| UnsafeDeserialization.rb:17:30:17:44 | serialized_data | semmle.label | serialized_data | +| UnsafeDeserialization.rb:22:17:22:22 | call to params : | semmle.label | call to params : | +| UnsafeDeserialization.rb:22:17:22:28 | ...[...] : | semmle.label | ...[...] : | +| UnsafeDeserialization.rb:23:24:23:32 | json_data | semmle.label | json_data | +| UnsafeDeserialization.rb:28:17:28:22 | call to params : | semmle.label | call to params : | +| UnsafeDeserialization.rb:28:17:28:28 | ...[...] : | semmle.label | ...[...] : | +| UnsafeDeserialization.rb:29:27:29:35 | json_data | semmle.label | json_data | +| UnsafeDeserialization.rb:40:17:40:22 | call to params : | semmle.label | call to params : | +| UnsafeDeserialization.rb:40:17:40:28 | ...[...] : | semmle.label | ...[...] : | +| UnsafeDeserialization.rb:41:24:41:32 | yaml_data | semmle.label | yaml_data | +| UnsafeDeserialization.rb:52:17:52:22 | call to params : | semmle.label | call to params : | +| UnsafeDeserialization.rb:52:17:52:28 | ...[...] : | semmle.label | ...[...] : | | UnsafeDeserialization.rb:53:22:53:30 | json_data | semmle.label | json_data | -| UnsafeDeserialization.rb:58:17:58:22 | call to params : | semmle.label | call to params : | -| UnsafeDeserialization.rb:58:17:58:28 | ...[...] : | semmle.label | ...[...] : | -| UnsafeDeserialization.rb:68:23:68:31 | json_data | semmle.label | json_data | -| UnsafeDeserialization.rb:80:11:80:16 | call to params : | semmle.label | call to params : | -| UnsafeDeserialization.rb:80:11:80:22 | ...[...] : | semmle.label | ...[...] : | -| UnsafeDeserialization.rb:81:34:81:36 | xml | semmle.label | xml | -| UnsafeDeserialization.rb:86:17:86:22 | call to params : | semmle.label | call to params : | -| UnsafeDeserialization.rb:86:17:86:28 | ...[...] : | semmle.label | ...[...] : | -| UnsafeDeserialization.rb:87:25:87:33 | yaml_data | semmle.label | yaml_data | +| UnsafeDeserialization.rb:54:22:54:30 | json_data | semmle.label | json_data | +| UnsafeDeserialization.rb:59:17:59:22 | call to params : | semmle.label | call to params : | +| UnsafeDeserialization.rb:59:17:59:28 | ...[...] : | semmle.label | ...[...] : | +| UnsafeDeserialization.rb:69:23:69:31 | json_data | semmle.label | json_data | +| UnsafeDeserialization.rb:81:11:81:16 | call to params : | semmle.label | call to params : | +| UnsafeDeserialization.rb:81:11:81:22 | ...[...] : | semmle.label | ...[...] : | +| UnsafeDeserialization.rb:82:34:82:36 | xml | semmle.label | xml | +| UnsafeDeserialization.rb:87:17:87:22 | call to params : | semmle.label | call to params : | +| UnsafeDeserialization.rb:87:17:87:28 | ...[...] : | semmle.label | ...[...] : | +| UnsafeDeserialization.rb:88:25:88:33 | yaml_data | semmle.label | yaml_data | +| UnsafeDeserialization.rb:93:30:93:35 | call to params : | semmle.label | call to params : | +| UnsafeDeserialization.rb:93:30:93:43 | ...[...] | semmle.label | ...[...] | +| UnsafeDeserialization.rb:99:48:99:53 | call to params : | semmle.label | call to params : | +| UnsafeDeserialization.rb:99:48:99:61 | ...[...] | semmle.label | ...[...] | subpaths #select -| UnsafeDeserialization.rb:10:27:10:41 | serialized_data | UnsafeDeserialization.rb:9:39:9:44 | call to params : | UnsafeDeserialization.rb:10:27:10:41 | serialized_data | Unsafe deserialization depends on a $@. | UnsafeDeserialization.rb:9:39:9:44 | call to params | user-provided value | -| UnsafeDeserialization.rb:16:30:16:44 | serialized_data | UnsafeDeserialization.rb:15:39:15:44 | call to params : | UnsafeDeserialization.rb:16:30:16:44 | serialized_data | Unsafe deserialization depends on a $@. | UnsafeDeserialization.rb:15:39:15:44 | call to params | user-provided value | -| UnsafeDeserialization.rb:22:24:22:32 | json_data | UnsafeDeserialization.rb:21:17:21:22 | call to params : | UnsafeDeserialization.rb:22:24:22:32 | json_data | Unsafe deserialization depends on a $@. | UnsafeDeserialization.rb:21:17:21:22 | call to params | user-provided value | -| UnsafeDeserialization.rb:28:27:28:35 | json_data | UnsafeDeserialization.rb:27:17:27:22 | call to params : | UnsafeDeserialization.rb:28:27:28:35 | json_data | Unsafe deserialization depends on a $@. | UnsafeDeserialization.rb:27:17:27:22 | call to params | user-provided value | -| UnsafeDeserialization.rb:40:24:40:32 | yaml_data | UnsafeDeserialization.rb:39:17:39:22 | call to params : | UnsafeDeserialization.rb:40:24:40:32 | yaml_data | Unsafe deserialization depends on a $@. | UnsafeDeserialization.rb:39:17:39:22 | call to params | user-provided value | -| UnsafeDeserialization.rb:52:22:52:30 | json_data | UnsafeDeserialization.rb:51:17:51:22 | call to params : | UnsafeDeserialization.rb:52:22:52:30 | json_data | Unsafe deserialization depends on a $@. | UnsafeDeserialization.rb:51:17:51:22 | call to params | user-provided value | -| UnsafeDeserialization.rb:53:22:53:30 | json_data | UnsafeDeserialization.rb:51:17:51:22 | call to params : | UnsafeDeserialization.rb:53:22:53:30 | json_data | Unsafe deserialization depends on a $@. | UnsafeDeserialization.rb:51:17:51:22 | call to params | user-provided value | -| UnsafeDeserialization.rb:68:23:68:31 | json_data | UnsafeDeserialization.rb:58:17:58:22 | call to params : | UnsafeDeserialization.rb:68:23:68:31 | json_data | Unsafe deserialization depends on a $@. | UnsafeDeserialization.rb:58:17:58:22 | call to params | user-provided value | -| UnsafeDeserialization.rb:81:34:81:36 | xml | UnsafeDeserialization.rb:80:11:80:16 | call to params : | UnsafeDeserialization.rb:81:34:81:36 | xml | Unsafe deserialization depends on a $@. | UnsafeDeserialization.rb:80:11:80:16 | call to params | user-provided value | -| UnsafeDeserialization.rb:87:25:87:33 | yaml_data | UnsafeDeserialization.rb:86:17:86:22 | call to params : | UnsafeDeserialization.rb:87:25:87:33 | yaml_data | Unsafe deserialization depends on a $@. | UnsafeDeserialization.rb:86:17:86:22 | call to params | user-provided value | +| UnsafeDeserialization.rb:11:27:11:41 | serialized_data | UnsafeDeserialization.rb:10:39:10:44 | call to params : | UnsafeDeserialization.rb:11:27:11:41 | serialized_data | Unsafe deserialization depends on a $@. | UnsafeDeserialization.rb:10:39:10:44 | call to params | user-provided value | +| UnsafeDeserialization.rb:17:30:17:44 | serialized_data | UnsafeDeserialization.rb:16:39:16:44 | call to params : | UnsafeDeserialization.rb:17:30:17:44 | serialized_data | Unsafe deserialization depends on a $@. | UnsafeDeserialization.rb:16:39:16:44 | call to params | user-provided value | +| UnsafeDeserialization.rb:23:24:23:32 | json_data | UnsafeDeserialization.rb:22:17:22:22 | call to params : | UnsafeDeserialization.rb:23:24:23:32 | json_data | Unsafe deserialization depends on a $@. | UnsafeDeserialization.rb:22:17:22:22 | call to params | user-provided value | +| UnsafeDeserialization.rb:29:27:29:35 | json_data | UnsafeDeserialization.rb:28:17:28:22 | call to params : | UnsafeDeserialization.rb:29:27:29:35 | json_data | Unsafe deserialization depends on a $@. | UnsafeDeserialization.rb:28:17:28:22 | call to params | user-provided value | +| UnsafeDeserialization.rb:41:24:41:32 | yaml_data | UnsafeDeserialization.rb:40:17:40:22 | call to params : | UnsafeDeserialization.rb:41:24:41:32 | yaml_data | Unsafe deserialization depends on a $@. | UnsafeDeserialization.rb:40:17:40:22 | call to params | user-provided value | +| UnsafeDeserialization.rb:53:22:53:30 | json_data | UnsafeDeserialization.rb:52:17:52:22 | call to params : | UnsafeDeserialization.rb:53:22:53:30 | json_data | Unsafe deserialization depends on a $@. | UnsafeDeserialization.rb:52:17:52:22 | call to params | user-provided value | +| UnsafeDeserialization.rb:54:22:54:30 | json_data | UnsafeDeserialization.rb:52:17:52:22 | call to params : | UnsafeDeserialization.rb:54:22:54:30 | json_data | Unsafe deserialization depends on a $@. | UnsafeDeserialization.rb:52:17:52:22 | call to params | user-provided value | +| UnsafeDeserialization.rb:69:23:69:31 | json_data | UnsafeDeserialization.rb:59:17:59:22 | call to params : | UnsafeDeserialization.rb:69:23:69:31 | json_data | Unsafe deserialization depends on a $@. | UnsafeDeserialization.rb:59:17:59:22 | call to params | user-provided value | +| UnsafeDeserialization.rb:82:34:82:36 | xml | UnsafeDeserialization.rb:81:11:81:16 | call to params : | UnsafeDeserialization.rb:82:34:82:36 | xml | Unsafe deserialization depends on a $@. | UnsafeDeserialization.rb:81:11:81:16 | call to params | user-provided value | +| UnsafeDeserialization.rb:88:25:88:33 | yaml_data | UnsafeDeserialization.rb:87:17:87:22 | call to params : | UnsafeDeserialization.rb:88:25:88:33 | yaml_data | Unsafe deserialization depends on a $@. | UnsafeDeserialization.rb:87:17:87:22 | call to params | user-provided value | +| UnsafeDeserialization.rb:93:30:93:43 | ...[...] | UnsafeDeserialization.rb:93:30:93:35 | call to params : | UnsafeDeserialization.rb:93:30:93:43 | ...[...] | Unsafe deserialization depends on a $@. | UnsafeDeserialization.rb:93:30:93:35 | call to params | user-provided value | +| UnsafeDeserialization.rb:99:48:99:61 | ...[...] | UnsafeDeserialization.rb:99:48:99:53 | call to params : | UnsafeDeserialization.rb:99:48:99:61 | ...[...] | Unsafe deserialization depends on a $@. | UnsafeDeserialization.rb:99:48:99:53 | call to params | user-provided value | diff --git a/ruby/ql/test/query-tests/security/cwe-502/unsafe-deserialization/UnsafeDeserialization.rb b/ruby/ql/test/query-tests/security/cwe-502/unsafe-deserialization/UnsafeDeserialization.rb index 707c098ff89..49816cd3592 100644 --- a/ruby/ql/test/query-tests/security/cwe-502/unsafe-deserialization/UnsafeDeserialization.rb +++ b/ruby/ql/test/query-tests/security/cwe-502/unsafe-deserialization/UnsafeDeserialization.rb @@ -1,3 +1,4 @@ +require "active_job" require "base64" require "json" require "oj" @@ -86,4 +87,16 @@ class UsersController < ActionController::Base yaml_data = params[:key] object = Psych.load yaml_data end + + # BAD - user input determines which class is instantiated + def route12 + klass = Module.const_get(params[:class]) + object = klass.new + end + + # BAD - user input determines which class is instantiated + def route13 + klass = ActiveJob::Serializers.deserialize(params[:class]) + object = klass.new + end end diff --git a/ruby/ql/test/query-tests/security/cwe-598/SensitiveGetQuery.expected b/ruby/ql/test/query-tests/security/cwe-598/SensitiveGetQuery.expected new file mode 100644 index 00000000000..005e2497be8 --- /dev/null +++ b/ruby/ql/test/query-tests/security/cwe-598/SensitiveGetQuery.expected @@ -0,0 +1,24 @@ +edges +| app/controllers/users_controller.rb:4:11:4:16 | call to params : | app/controllers/users_controller.rb:4:11:4:27 | ...[...] | +| app/controllers/users_controller.rb:9:16:9:21 | call to params : | app/controllers/users_controller.rb:9:16:9:27 | ...[...] : | +| app/controllers/users_controller.rb:9:16:9:27 | ...[...] : | app/controllers/users_controller.rb:10:42:10:49 | password | +| app/controllers/users_controller.rb:14:5:14:13 | [post] self [@password] : | app/controllers/users_controller.rb:15:42:15:50 | self [@password] : | +| app/controllers/users_controller.rb:14:17:14:22 | call to params : | app/controllers/users_controller.rb:14:17:14:28 | ...[...] : | +| app/controllers/users_controller.rb:14:17:14:28 | ...[...] : | app/controllers/users_controller.rb:14:5:14:13 | [post] self [@password] : | +| app/controllers/users_controller.rb:15:42:15:50 | self [@password] : | app/controllers/users_controller.rb:15:42:15:50 | @password | +nodes +| app/controllers/users_controller.rb:4:11:4:16 | call to params : | semmle.label | call to params : | +| app/controllers/users_controller.rb:4:11:4:27 | ...[...] | semmle.label | ...[...] | +| app/controllers/users_controller.rb:9:16:9:21 | call to params : | semmle.label | call to params : | +| app/controllers/users_controller.rb:9:16:9:27 | ...[...] : | semmle.label | ...[...] : | +| app/controllers/users_controller.rb:10:42:10:49 | password | semmle.label | password | +| app/controllers/users_controller.rb:14:5:14:13 | [post] self [@password] : | semmle.label | [post] self [@password] : | +| app/controllers/users_controller.rb:14:17:14:22 | call to params : | semmle.label | call to params : | +| app/controllers/users_controller.rb:14:17:14:28 | ...[...] : | semmle.label | ...[...] : | +| app/controllers/users_controller.rb:15:42:15:50 | @password | semmle.label | @password | +| app/controllers/users_controller.rb:15:42:15:50 | self [@password] : | semmle.label | self [@password] : | +subpaths +#select +| app/controllers/users_controller.rb:4:11:4:16 | call to params | app/controllers/users_controller.rb:4:11:4:16 | call to params : | app/controllers/users_controller.rb:4:11:4:27 | ...[...] | $@ for GET requests uses query parameter as sensitive data. | app/controllers/users_controller.rb:3:3:6:5 | login_get_1 | Route handler | +| app/controllers/users_controller.rb:9:16:9:21 | call to params | app/controllers/users_controller.rb:9:16:9:21 | call to params : | app/controllers/users_controller.rb:10:42:10:49 | password | $@ for GET requests uses query parameter as sensitive data. | app/controllers/users_controller.rb:8:3:11:5 | login_get_2 | Route handler | +| app/controllers/users_controller.rb:14:17:14:22 | call to params | app/controllers/users_controller.rb:14:17:14:22 | call to params : | app/controllers/users_controller.rb:15:42:15:50 | @password | $@ for GET requests uses query parameter as sensitive data. | app/controllers/users_controller.rb:13:3:16:5 | login_get_3 | Route handler | diff --git a/ruby/ql/test/query-tests/security/cwe-598/SensitiveGetQuery.qlref b/ruby/ql/test/query-tests/security/cwe-598/SensitiveGetQuery.qlref new file mode 100644 index 00000000000..98d0d8e6be7 --- /dev/null +++ b/ruby/ql/test/query-tests/security/cwe-598/SensitiveGetQuery.qlref @@ -0,0 +1 @@ +queries/security/cwe-598/SensitiveGetQuery.ql \ No newline at end of file diff --git a/ruby/ql/test/query-tests/security/cwe-598/app/controllers/users_controller.rb b/ruby/ql/test/query-tests/security/cwe-598/app/controllers/users_controller.rb new file mode 100644 index 00000000000..441d8b493ab --- /dev/null +++ b/ruby/ql/test/query-tests/security/cwe-598/app/controllers/users_controller.rb @@ -0,0 +1,32 @@ +class UsersController < ApplicationController + + def login_get_1 + foo = params[:password] # BAD: route handler uses GET query parameters to receive sensitive data + authenticate_user(params[:username], foo) + end + + def login_get_2 + password = params[:foo] # BAD: route handler uses GET query parameters to receive sensitive data + authenticate_user(params[:username], password) + end + + def login_get_3 + @password = params[:foo] # BAD: route handler uses GET query parameters to receive sensitive data + authenticate_user(params[:username], @password) + end + + def login_post + foo = params[:password] # GOOD: handler uses POST form parameters to receive sensitive data + authenticate_user(params[:username], foo) + end + + def login_get_cookies + foo = cookies[:password] # GOOD: data sourced from cookies rather than (plaintext) query params + authenticate_user(params[:username], foo) + end + + private + def authenticate_user(username, password) + # ... authenticate the user here + end +end diff --git a/ruby/ql/test/query-tests/security/cwe-598/config/routes.rb b/ruby/ql/test/query-tests/security/cwe-598/config/routes.rb new file mode 100644 index 00000000000..ce06a675637 --- /dev/null +++ b/ruby/ql/test/query-tests/security/cwe-598/config/routes.rb @@ -0,0 +1,7 @@ +Rails.application.routes.draw do + match "users/login1", to: "users#login_get_1", via: :get + get "users/login2", to: "users#login_get_2" + get "users/login3", to: "users#login_get_3" + post "users/login4", to: "users#login_post" + get "users/login5", to: "users#login_get_cookies" +end diff --git a/ruby/ql/test/query-tests/security/cwe-601/UrlRedirect.expected b/ruby/ql/test/query-tests/security/cwe-601/UrlRedirect.expected index 29daf82d53d..a07f42fda18 100644 --- a/ruby/ql/test/query-tests/security/cwe-601/UrlRedirect.expected +++ b/ruby/ql/test/query-tests/security/cwe-601/UrlRedirect.expected @@ -3,14 +3,14 @@ edges | UrlRedirect.rb:14:17:14:22 | call to params : | UrlRedirect.rb:14:17:14:43 | call to fetch | | UrlRedirect.rb:19:17:19:22 | call to params : | UrlRedirect.rb:19:17:19:37 | call to to_unsafe_hash | | UrlRedirect.rb:24:31:24:36 | call to params : | UrlRedirect.rb:24:17:24:37 | call to filter_params | -| UrlRedirect.rb:24:31:24:36 | call to params : | UrlRedirect.rb:88:21:88:32 | input_params : | +| UrlRedirect.rb:24:31:24:36 | call to params : | UrlRedirect.rb:93:21:93:32 | input_params : | | UrlRedirect.rb:34:20:34:25 | call to params : | UrlRedirect.rb:34:20:34:31 | ...[...] : | | UrlRedirect.rb:34:20:34:31 | ...[...] : | UrlRedirect.rb:34:17:34:37 | "#{...}/foo" | | UrlRedirect.rb:58:17:58:22 | call to params : | UrlRedirect.rb:58:17:58:28 | ...[...] | | UrlRedirect.rb:63:38:63:43 | call to params : | UrlRedirect.rb:63:38:63:49 | ...[...] | | UrlRedirect.rb:68:38:68:43 | call to params : | UrlRedirect.rb:68:38:68:49 | ...[...] | | UrlRedirect.rb:73:25:73:30 | call to params : | UrlRedirect.rb:73:25:73:36 | ...[...] | -| UrlRedirect.rb:88:21:88:32 | input_params : | UrlRedirect.rb:89:5:89:29 | call to permit : | +| UrlRedirect.rb:93:21:93:32 | input_params : | UrlRedirect.rb:94:5:94:29 | call to permit : | nodes | UrlRedirect.rb:4:17:4:22 | call to params | semmle.label | call to params | | UrlRedirect.rb:9:17:9:22 | call to params : | semmle.label | call to params : | @@ -32,10 +32,10 @@ nodes | UrlRedirect.rb:68:38:68:49 | ...[...] | semmle.label | ...[...] | | UrlRedirect.rb:73:25:73:30 | call to params : | semmle.label | call to params : | | UrlRedirect.rb:73:25:73:36 | ...[...] | semmle.label | ...[...] | -| UrlRedirect.rb:88:21:88:32 | input_params : | semmle.label | input_params : | -| UrlRedirect.rb:89:5:89:29 | call to permit : | semmle.label | call to permit : | +| UrlRedirect.rb:93:21:93:32 | input_params : | semmle.label | input_params : | +| UrlRedirect.rb:94:5:94:29 | call to permit : | semmle.label | call to permit : | subpaths -| UrlRedirect.rb:24:31:24:36 | call to params : | UrlRedirect.rb:88:21:88:32 | input_params : | UrlRedirect.rb:89:5:89:29 | call to permit : | UrlRedirect.rb:24:17:24:37 | call to filter_params | +| UrlRedirect.rb:24:31:24:36 | call to params : | UrlRedirect.rb:93:21:93:32 | input_params : | UrlRedirect.rb:94:5:94:29 | call to permit : | UrlRedirect.rb:24:17:24:37 | call to filter_params | #select | UrlRedirect.rb:4:17:4:22 | call to params | UrlRedirect.rb:4:17:4:22 | call to params | UrlRedirect.rb:4:17:4:22 | call to params | Untrusted URL redirection depends on a $@. | UrlRedirect.rb:4:17:4:22 | call to params | user-provided value | | UrlRedirect.rb:9:17:9:28 | ...[...] | UrlRedirect.rb:9:17:9:22 | call to params : | UrlRedirect.rb:9:17:9:28 | ...[...] | Untrusted URL redirection depends on a $@. | UrlRedirect.rb:9:17:9:22 | call to params | user-provided value | diff --git a/ruby/ql/test/query-tests/security/cwe-601/UrlRedirect.rb b/ruby/ql/test/query-tests/security/cwe-601/UrlRedirect.rb index fa941bc37a0..8484132c4c5 100644 --- a/ruby/ql/test/query-tests/security/cwe-601/UrlRedirect.rb +++ b/ruby/ql/test/query-tests/security/cwe-601/UrlRedirect.rb @@ -83,6 +83,11 @@ class UsersController < ActionController::Base redirect_back_or_to params[:key], allow_other_host: false end + # GOOD + def route15 + redirect_to cookies[:foo] + end + private def filter_params(input_params) diff --git a/swift/.gitignore b/swift/.gitignore index 22ffbac9dd2..28451c72aaa 100644 --- a/swift/.gitignore +++ b/swift/.gitignore @@ -3,3 +3,13 @@ # output files created by running tests *.o + +# compilation database +compile_commands.json + +# CLion project data and build directories +/.idea +/cmake* + +# VSCode default build directory +/build diff --git a/swift/.python-version b/swift/.python-version new file mode 100644 index 00000000000..c7413b842fc --- /dev/null +++ b/swift/.python-version @@ -0,0 +1 @@ +3.8.14 diff --git a/swift/BUILD.bazel b/swift/BUILD.bazel index 60344278ef2..e5c92dfcef0 100644 --- a/swift/BUILD.bazel +++ b/swift/BUILD.bazel @@ -24,8 +24,8 @@ pkg_files( ) pkg_files( - name = "qltest", - srcs = ["tools/qltest.sh"], + name = "scripts", + srcs = ["tools/qltest.sh", "tools/autobuild.sh"], attributes = pkg_attributes(mode = "0755"), prefix = "tools", ) @@ -46,8 +46,8 @@ pkg_filegroup( srcs = [ ":dbscheme_files", ":manifest", - ":qltest", ":tracing-config", + ":scripts", ], visibility = ["//visibility:public"], ) @@ -58,6 +58,12 @@ pkg_runfiles( prefix = "tools/" + codeql_platform, ) +pkg_runfiles( + name = "xcode-autobuilder", + srcs = ["//swift/xcode-autobuilder"], + prefix = "tools/" + codeql_platform, +) + pkg_files( name = "swift-test-sdk-arch", srcs = ["//swift/tools/prebuilt:swift-test-sdk"], @@ -70,7 +76,12 @@ pkg_filegroup( srcs = [ ":extractor", ":swift-test-sdk-arch", - ], + ] + select({ + "@platforms//os:linux": [], + "@platforms//os:macos": [ + ":xcode-autobuilder" + ], + }), visibility = ["//visibility:public"], ) diff --git a/swift/CMakeLists.txt b/swift/CMakeLists.txt new file mode 100644 index 00000000000..c04a8378661 --- /dev/null +++ b/swift/CMakeLists.txt @@ -0,0 +1,17 @@ +# this uses generated cmake files to setup cmake compilation of the swift extractor +# this is provided solely for IDE integration + +cmake_minimum_required(VERSION 3.21) + +set(CMAKE_CXX_STANDARD 17) +set(CMAKE_CXX_EXTENSIONS OFF) + +set(CMAKE_C_COMPILER clang) +set(CMAKE_CXX_COMPILER clang++) + +project(codeql) + +include(../misc/bazel/cmake/setup.cmake) + +include_generated(//swift/extractor:cmake) +include_generated(//swift/xcode-autobuilder:cmake) diff --git a/swift/README.md b/swift/README.md index d5b47fe9a4a..8f13b3b265d 100644 --- a/swift/README.md +++ b/swift/README.md @@ -1,8 +1,10 @@ +# Swift on CodeQL + ## Warning -The Swift codeql package is an experimental and unsupported work in progress. +The Swift CodeQL package is an experimental and unsupported work in progress. -## Usage +## Building the Swift extractor First ensure you have Bazel installed, for example with @@ -13,16 +15,17 @@ brew install bazelisk then from the `ql` directory run ```bash -bazel run //swift:create-extractor-pack +bazel run //swift:create-extractor-pack # --cpu=darwin_x86_64 # Uncomment on Arm-based Macs ``` which will install `swift/extractor-pack`. -Using `--search-path=swift/extractor-pack` will then pick up the Swift extractor. You can also use -`--search-path=.`, as the extractor pack is mentioned in the root `codeql-workspace.yml`. - Notice you can run `bazel run :create-extractor-pack` if you already are in the `swift` directory. +Using `codeql ... --search-path=swift/extractor-pack` will then pick up the Swift extractor. You can also use +`--search-path=.`, as the extractor pack is mentioned in the root `codeql-workspace.yml`. Alternatively, you can +set up the search path in [the per-user CodeQL configuration file](https://codeql.github.com/docs/codeql-cli/specifying-command-options-in-a-codeql-configuration-file/#using-a-codeql-configuration-file). + ## Code generation Run @@ -33,3 +36,20 @@ bazel run //swift/codegen to update generated files. This can be shortened to `bazel run codegen` if you are in the `swift` directory. + +## IDE setup + +### CLion and the native bazel plugin + +You can use [CLion][1] with the official [IntelliJ Bazel plugin][2], creating the project from scratch with default +options. This is known to have issues on non-Linux platforms. + +[1]: https://www.jetbrains.com/clion/ + +[2]: https://ij.bazel.build/ + +### CMake project + +The `CMakeLists.txt` file allows to load the Swift extractor as a CMake project, which allows integration into a wider +variety of IDEs. Building with CMake also creates a `compile_commands.json` compilation database that can be picked up +by even more IDEs. In particular, opening the `swift` directory in VSCode should work. diff --git a/swift/codegen/generators/qlgen.py b/swift/codegen/generators/qlgen.py index 84ecc27745b..13770fa9f86 100755 --- a/swift/codegen/generators/qlgen.py +++ b/swift/codegen/generators/qlgen.py @@ -157,10 +157,10 @@ def get_types_used_by(cls: ql.Class) -> typing.Iterable[str]: def get_classes_used_by(cls: ql.Class) -> typing.List[str]: - return sorted(set(t for t in get_types_used_by(cls) if t[0].isupper())) + return sorted(set(t for t in get_types_used_by(cls) if t[0].isupper() and t != cls.name)) -_generated_stub_re = re.compile(r"\n*private import .*\n+class \w+ extends \w+ \{[ \n]?\}", re.MULTILINE) +_generated_stub_re = re.compile(r"\n*private import .*\n+class \w+ extends Generated::\w+ \{[ \n]?\}", re.MULTILINE) def _is_generated_stub(file: pathlib.Path) -> bool: @@ -230,18 +230,18 @@ def _partition(l, pred): return map(list, _partition_iter(l, pred)) -def _is_in_qltest_collapsed_hierachy(cls: schema.Class, lookup: typing.Dict[str, schema.Class]): - return "qltest_collapse_hierarchy" in cls.pragmas or _is_under_qltest_collapsed_hierachy(cls, lookup) +def _is_in_qltest_collapsed_hierarchy(cls: schema.Class, lookup: typing.Dict[str, schema.Class]): + return "qltest_collapse_hierarchy" in cls.pragmas or _is_under_qltest_collapsed_hierarchy(cls, lookup) -def _is_under_qltest_collapsed_hierachy(cls: schema.Class, lookup: typing.Dict[str, schema.Class]): +def _is_under_qltest_collapsed_hierarchy(cls: schema.Class, lookup: typing.Dict[str, schema.Class]): return "qltest_uncollapse_hierarchy" not in cls.pragmas and any( - _is_in_qltest_collapsed_hierachy(lookup[b], lookup) for b in cls.bases) + _is_in_qltest_collapsed_hierarchy(lookup[b], lookup) for b in cls.bases) def _should_skip_qltest(cls: schema.Class, lookup: typing.Dict[str, schema.Class]): return "qltest_skip" in cls.pragmas or not ( - cls.final or "qltest_collapse_hierarchy" in cls.pragmas) or _is_under_qltest_collapsed_hierachy( + cls.final or "qltest_collapse_hierarchy" in cls.pragmas) or _is_under_qltest_collapsed_hierarchy( cls, lookup) @@ -304,7 +304,10 @@ def generate(opts, renderer): total_props, partial_props = _partition(_get_all_properties_to_be_tested(c, data.classes), lambda p: p.is_single or p.is_predicate) renderer.render(ql.ClassTester(class_name=c.name, - properties=total_props), test_dir / f"{c.name}.ql") + properties=total_props, + # in case of collapsed hierarchies we want to see the actual QL class in results + show_ql_class="qltest_collapse_hierarchy" in c.pragmas), + test_dir / f"{c.name}.ql") for p in partial_props: renderer.render(ql.PropertyTester(class_name=c.name, property=p), test_dir / f"{c.name}_{p.getter}.ql") diff --git a/swift/codegen/lib/ql.py b/swift/codegen/lib/ql.py index a220b2e25a5..00ed7190bbd 100644 --- a/swift/codegen/lib/ql.py +++ b/swift/codegen/lib/ql.py @@ -165,6 +165,7 @@ class ClassTester: class_name: str properties: List[PropertyForTest] = field(default_factory=list) + show_ql_class: bool = False @dataclass diff --git a/swift/codegen/schema.yml b/swift/codegen/schema.yml deleted file mode 100644 index d9fd36f698d..00000000000 --- a/swift/codegen/schema.yml +++ /dev/null @@ -1,1233 +0,0 @@ -# add dbscheme files to be added verbatim -_includes: - - prefix.dbscheme - -# organize generated class files in subdirectories according to these regexp rules -# a class can override this specifying `_dir` -_directories: - decl: Decl$|Context$ - pattern: Pattern$ - type: Type(Repr)?$ - expr: Expr$ - stmt: Stmt$ - -Element: - is_unknown: - type: predicate - _pragma: cpp_skip # this is emitted using trap entries directly - _pragma: qltest_skip - -UnresolvedElement: - _pragma: [ qltest_collapse_hierarchy, qltest_skip ] - -File: - name: string - _pragma: qltest_collapse_hierarchy - -DbFile: - _extends: File - -UnknownFile: - _extends: File - _synth: - on: { } - -Locatable: - location: - type: Location? - _pragma: cpp_skip # this is emitted using trap entries directly - _pragma: qltest_skip - -Location: - file: File - start_line: int - start_column: int - end_line: int - end_column: int - _pragma: [ qltest_skip, qltest_collapse_hierarchy ] - -DbLocation: - _extends: Location - -UnknownLocation: - _extends: Location - _synth: - on: { } - -Comment: - _extends: Locatable - text: string - -Type: - name: string - canonical_type: Type - -IterableDeclContext: - _children: - members: Decl* - -ExtensionDecl: - extended_type_decl: NominalTypeDecl - _extends: - - GenericContext - - IterableDeclContext - - Decl - -NominalTypeDecl: - _extends: - - GenericTypeDecl - - IterableDeclContext - type: Type - -AstNode: - _extends: Locatable - -Callable: - _children: - self_param: ParamDecl? - params: ParamDecl* - body: BraceStmt? - -ConditionElement: - _extends: AstNode - _children: - boolean: Expr? - pattern: Pattern? - initializer: Expr? - _dir: stmt - -AnyFunctionType: - _extends: Type - result: Type - param_types: Type* - param_labels: string* - is_throwing: predicate - is_async: predicate - -AnyGenericType: - _extends: Type - parent: Type? - declaration: Decl - -AnyMetatypeType: - _extends: Type - -BuiltinType: - _extends: Type - _pragma: qltest_collapse_hierarchy - -DependentMemberType: - _extends: Type - baseType: Type - associated_type_decl: AssociatedTypeDecl - -DynamicSelfType: - _extends: Type - static_self_type: Type - -ErrorType: - _extends: Type - -InOutType: - _extends: Type - object_type: Type - -LValueType: - _extends: Type - object_type: Type - -ModuleType: - _extends: Type - module: ModuleDecl - -PackType: - _extends: Type - -PackExpansionType: - _extends: Type - -ParameterizedProtocolType: - _extends: Type - -PlaceholderType: - _extends: Type - -ProtocolCompositionType: - _extends: Type - members: Type* - -ExistentialType: - _extends: Type - constraint: Type - -ReferenceStorageType: - _extends: Type - referent_type: Type - -SilBlockStorageType: - _extends: Type - -SilBoxType: - _extends: Type - -SilFunctionType: - _extends: Type - -SilTokenType: - _extends: Type - -SubstitutableType: - _extends: Type - -SugarType: - _extends: Type - -TupleType: - _extends: Type - types: Type* - names: string* - -TypeVariableType: - _extends: Type - -UnresolvedType: - _extends: - - Type - - UnresolvedElement - -ClassDecl: - _extends: NominalTypeDecl - -EnumDecl: - _extends: NominalTypeDecl - -ProtocolDecl: - _extends: NominalTypeDecl - -StructDecl: - _extends: NominalTypeDecl - -Decl: - _extends: AstNode - module: ModuleDecl - -Expr: - _extends: AstNode - type: Type? - -Pattern: - _extends: AstNode - -Stmt: - _extends: AstNode - -TypeRepr: - _extends: AstNode - type: Type - -FunctionType: - _extends: AnyFunctionType - -GenericFunctionType: - _extends: AnyFunctionType - generic_params: GenericTypeParamType* - -NominalOrBoundGenericNominalType: - _extends: AnyGenericType - -UnboundGenericType: - _extends: AnyGenericType - -ExistentialMetatypeType: - _extends: AnyMetatypeType - -MetatypeType: - _extends: AnyMetatypeType - -AnyBuiltinIntegerType: - _extends: BuiltinType - -BuiltinBridgeObjectType: - _extends: BuiltinType - -BuiltinDefaultActorStorageType: - _extends: BuiltinType - -BuiltinExecutorType: - _extends: BuiltinType - -BuiltinFloatType: - _extends: BuiltinType - -BuiltinJobType: - _extends: BuiltinType - -BuiltinNativeObjectType: - _extends: BuiltinType - -BuiltinRawPointerType: - _extends: BuiltinType - -BuiltinRawUnsafeContinuationType: - _extends: BuiltinType - -BuiltinUnsafeValueBufferType: - _extends: BuiltinType - -BuiltinVectorType: - _extends: BuiltinType - -UnmanagedStorageType: - _extends: ReferenceStorageType - -UnownedStorageType: - _extends: ReferenceStorageType - -WeakStorageType: - _extends: ReferenceStorageType - -ArchetypeType: - _extends: SubstitutableType - interface_type: Type - superclass: Type? - protocols: ProtocolDecl* - -GenericTypeParamType: - _extends: SubstitutableType - -ParenType: - _extends: SugarType - type: Type - -SyntaxSugarType: - _extends: SugarType - -TypeAliasType: - _extends: SugarType - decl: TypeAliasDecl - -EnumCaseDecl: - _extends: Decl - elements: EnumElementDecl* - -IfConfigDecl: - _extends: Decl - active_elements: AstNode* - -ImportDecl: - _extends: Decl - is_exported: predicate - imported_module: ModuleDecl? # may be none in inactive #if clauses - declarations: ValueDecl* - -MissingMemberDecl: - _extends: Decl - -OperatorDecl: - _extends: Decl - name: string - -PatternBindingDecl: - _extends: Decl - _children: - inits: Expr?* - patterns: Pattern* - -PoundDiagnosticDecl: - _extends: Decl - -PrecedenceGroupDecl: - _extends: Decl - -TopLevelCodeDecl: - _extends: Decl - _children: - body: BraceStmt - -ValueDecl: - _extends: Decl - interface_type: Type - -AbstractClosureExpr: - _extends: - - Expr - - Callable - -AnyTryExpr: - _extends: Expr - _children: - sub_expr: Expr - -AppliedPropertyWrapperExpr: - _extends: Expr - -Argument: - _extends: Locatable - label: string - _children: - expr: Expr - _dir: expr - -ApplyExpr: - _extends: Expr - _children: - function: Expr - arguments: Argument* - -ArrowExpr: - _extends: Expr - -AssignExpr: - _extends: Expr - _children: - dest: Expr - source: Expr - -BindOptionalExpr: - _extends: Expr - _children: - sub_expr: Expr - -CaptureListExpr: - _extends: Expr - _children: - binding_decls: PatternBindingDecl* - closure_body: ClosureExpr - -CodeCompletionExpr: - _extends: Expr - -CollectionExpr: - _extends: Expr - -DeclRefExpr: - _extends: Expr - decl: Decl - replacement_types: Type* - has_direct_to_storage_semantics: predicate - has_direct_to_implementation_semantics: predicate - has_ordinary_semantics: predicate - -DefaultArgumentExpr: - _extends: Expr - param_decl: ParamDecl - param_index: int - caller_side_default: Expr? - -DiscardAssignmentExpr: - _extends: Expr - -DotSyntaxBaseIgnoredExpr: - _extends: Expr - _children: - qualifier: Expr - sub_expr: Expr - -DynamicTypeExpr: - _extends: Expr - _children: - base: Expr - -EditorPlaceholderExpr: - _extends: Expr - -EnumIsCaseExpr: - _extends: Expr - _children: - sub_expr: Expr - element: EnumElementDecl - -ErrorExpr: - _extends: Expr - _pragma: qltest_skip # unexpected emission - -ExplicitCastExpr: - _extends: Expr - _children: - sub_expr: Expr - -ForceValueExpr: - _extends: Expr - _children: - sub_expr: Expr - -IdentityExpr: - _extends: Expr - _children: - sub_expr: Expr - -IfExpr: - _extends: Expr - _children: - condition: Expr - then_expr: Expr - else_expr: Expr - -ImplicitConversionExpr: - _extends: Expr - _children: - sub_expr: Expr - -InOutExpr: - _extends: Expr - _children: - sub_expr: Expr - -KeyPathApplicationExpr: - _extends: Expr - _children: - base: Expr - key_path: Expr - -KeyPathDotExpr: - _extends: Expr - -KeyPathExpr: - _extends: Expr - _children: - root: TypeRepr? - parsed_path: Expr? - -LazyInitializerExpr: - _extends: Expr - _children: - sub_expr: Expr - -LiteralExpr: - _extends: Expr - -LookupExpr: - _extends: Expr - _children: - base: Expr - member: Decl? - -MakeTemporarilyEscapableExpr: - _extends: Expr - _children: - escaping_closure: OpaqueValueExpr - nonescaping_closure: Expr - sub_expr: Expr - -ObjCSelectorExpr: - _extends: Expr - _children: - sub_expr: Expr - method: AbstractFunctionDecl - _pragma: qltest_skip # to be tested in integration tests - -OneWayExpr: - _extends: Expr - _children: - sub_expr: Expr - -OpaqueValueExpr: - _extends: Expr - -OpenExistentialExpr: - _extends: Expr - _children: - sub_expr: Expr - existential: Expr - opaque_expr: OpaqueValueExpr - -OptionalEvaluationExpr: - _extends: Expr - _children: - sub_expr: Expr - -OtherConstructorDeclRefExpr: - constructor_decl: ConstructorDecl - _extends: Expr - -OverloadSetRefExpr: - _extends: Expr - -PackExpr: - _extends: Expr - -PropertyWrapperValuePlaceholderExpr: - _extends: Expr - -RebindSelfInConstructorExpr: - _extends: Expr - _children: - sub_expr: Expr - self: VarDecl - -ReifyPackExpr: - _extends: ImplicitConversionExpr - -SequenceExpr: - _extends: Expr - _children: - elements: Expr* - _pragma: qltest_skip # we should really never extract these, as these should be resolved to trees of operations - -SuperRefExpr: - _extends: Expr - self: VarDecl - -TapExpr: - _extends: Expr - _children: - sub_expr: Expr? - body: BraceStmt - var: VarDecl - -TupleElementExpr: - _extends: Expr - _children: - sub_expr: Expr - index: int - -TupleExpr: - _extends: Expr - _children: - elements: Expr* - -TypeExpr: - _extends: Expr - _children: - type_repr: TypeRepr? - -UnresolvedDeclRefExpr: - _extends: - - Expr - - UnresolvedElement - name: string? - -UnresolvedDotExpr: - _extends: - - Expr - - UnresolvedElement - _children: - base: Expr - name: string - -UnresolvedMemberExpr: - _extends: - - Expr - - UnresolvedElement - name: string - -UnresolvedPatternExpr: - _extends: - - Expr - - UnresolvedElement - _children: - sub_pattern: Pattern - -UnresolvedSpecializeExpr: - _extends: - - Expr - - UnresolvedElement - -VarargExpansionExpr: - _extends: Expr - _children: - sub_expr: Expr - -AnyPattern: - _extends: Pattern - -BindingPattern: - _extends: Pattern - _children: - sub_pattern: Pattern - -BoolPattern: - _extends: Pattern - value: boolean - -EnumElementPattern: - _extends: Pattern - element: EnumElementDecl - _children: - sub_pattern: Pattern? - -ExprPattern: - _extends: Pattern - _children: - sub_expr: Expr - -IsPattern: - _extends: Pattern - _children: - cast_type_repr: TypeRepr? - sub_pattern: Pattern? - -NamedPattern: - _extends: Pattern - name: string - -OptionalSomePattern: - _extends: Pattern - _children: - sub_pattern: Pattern - -ParenPattern: - _extends: Pattern - _children: - sub_pattern: Pattern - -TuplePattern: - _extends: Pattern - _children: - elements: Pattern* - -TypedPattern: - _extends: Pattern - _children: - sub_pattern: Pattern - type_repr: TypeRepr? - -BraceStmt: - _extends: Stmt - _children: - elements: AstNode* - -BreakStmt: - _extends: Stmt - target_name: string? - target: Stmt? - -CaseStmt: - _extends: Stmt - _children: - body: Stmt - labels: CaseLabelItem* - variables: VarDecl* - -CaseLabelItem: - _extends: AstNode - _children: - pattern: Pattern - guard: Expr? - _dir: stmt - -ContinueStmt: - _extends: Stmt - target_name: string? - target: Stmt? - -DeferStmt: - _extends: Stmt - _children: - body: BraceStmt - -FailStmt: - _extends: Stmt - -FallthroughStmt: - _extends: Stmt - fallthrough_source: CaseStmt - fallthrough_dest: CaseStmt - -LabeledStmt: - _extends: Stmt - label: string? - -PoundAssertStmt: - _extends: Stmt - -ReturnStmt: - _extends: Stmt - _children: - result: Expr? - -ThrowStmt: - _extends: Stmt - _children: - sub_expr: Expr - -YieldStmt: - _extends: Stmt - _children: - results: Expr* - -BoundGenericType: - _extends: NominalOrBoundGenericNominalType - arg_types: Type* - -NominalType: - _extends: NominalOrBoundGenericNominalType - -BuiltinIntegerLiteralType: - _extends: AnyBuiltinIntegerType - -BuiltinIntegerType: - _extends: AnyBuiltinIntegerType - _pragma: qltest_uncollapse_hierarchy - width: int? - -SequenceArchetypeType: - _extends: ArchetypeType - -OpaqueTypeArchetypeType: - _extends: ArchetypeType - -OpenedArchetypeType: - _extends: ArchetypeType - -PrimaryArchetypeType: - _extends: ArchetypeType - -DictionaryType: - _extends: SyntaxSugarType - key_type: Type - value_type: Type - -UnarySyntaxSugarType: - _extends: SyntaxSugarType - base_type: Type - -InfixOperatorDecl: - _extends: OperatorDecl - precedence_group: PrecedenceGroupDecl? - -PostfixOperatorDecl: - _extends: OperatorDecl - -PrefixOperatorDecl: - _extends: OperatorDecl - -AbstractFunctionDecl: - _extends: - - GenericContext - - ValueDecl - - Callable - name: string - -AbstractStorageDecl: - _extends: ValueDecl - _children: - accessor_decls: AccessorDecl* - -EnumElementDecl: - _extends: ValueDecl - name: string - _children: - params: ParamDecl* - -TypeDecl: - _extends: ValueDecl - name: string - base_types: Type* - -AutoClosureExpr: - _extends: AbstractClosureExpr - -ClosureExpr: - _extends: AbstractClosureExpr - -ForceTryExpr: - _extends: AnyTryExpr - -OptionalTryExpr: - _extends: AnyTryExpr - -TryExpr: - _extends: AnyTryExpr - -#MethodCallExpr: -# _extends: ApplyExpr -# _synth: -# from: CallExpr -# qualifier: Expr - -BinaryExpr: - _extends: ApplyExpr - -CallExpr: - _extends: ApplyExpr - -PostfixUnaryExpr: - _extends: ApplyExpr - -PrefixUnaryExpr: - _extends: ApplyExpr - -SelfApplyExpr: - _extends: ApplyExpr - base: Expr - -ArrayExpr: - _extends: CollectionExpr - _children: - elements: Expr* - -DictionaryExpr: - _extends: CollectionExpr - _children: - elements: Expr* - -CheckedCastExpr: - _extends: ExplicitCastExpr - -CoerceExpr: - _extends: ExplicitCastExpr - -AwaitExpr: - _extends: IdentityExpr - -DotSelfExpr: - _extends: IdentityExpr - -ParenExpr: - _extends: IdentityExpr - -UnresolvedMemberChainResultExpr: - _extends: - - IdentityExpr - - UnresolvedElement - -AnyHashableErasureExpr: - _extends: ImplicitConversionExpr - -ArchetypeToSuperExpr: - _extends: ImplicitConversionExpr - -ArrayToPointerExpr: - _extends: ImplicitConversionExpr - -BridgeFromObjCExpr: - _extends: ImplicitConversionExpr - _pragma: qltest_skip # to be tested in integration tests - -BridgeToObjCExpr: - _extends: ImplicitConversionExpr - _pragma: qltest_skip # to be tested in integration tests - -ClassMetatypeToObjectExpr: - _extends: ImplicitConversionExpr - -CollectionUpcastConversionExpr: - _extends: ImplicitConversionExpr - -ConditionalBridgeFromObjCExpr: - _extends: ImplicitConversionExpr - _pragma: qltest_skip # to be tested in integration tests - -CovariantFunctionConversionExpr: - _extends: ImplicitConversionExpr - -CovariantReturnConversionExpr: - _extends: ImplicitConversionExpr - -DerivedToBaseExpr: - _extends: ImplicitConversionExpr - -DestructureTupleExpr: - _extends: ImplicitConversionExpr - -DifferentiableFunctionExpr: - _extends: ImplicitConversionExpr - -DifferentiableFunctionExtractOriginalExpr: - _extends: ImplicitConversionExpr - -ErasureExpr: - _extends: ImplicitConversionExpr - -ExistentialMetatypeToObjectExpr: - _extends: ImplicitConversionExpr - -ForeignObjectConversionExpr: - _extends: ImplicitConversionExpr - -FunctionConversionExpr: - _extends: ImplicitConversionExpr - -InOutToPointerExpr: - _extends: ImplicitConversionExpr - -InjectIntoOptionalExpr: - _extends: ImplicitConversionExpr - -LinearFunctionExpr: - _extends: ImplicitConversionExpr - -LinearFunctionExtractOriginalExpr: - _extends: ImplicitConversionExpr - -LinearToDifferentiableFunctionExpr: - _extends: ImplicitConversionExpr - -LoadExpr: - _extends: ImplicitConversionExpr - -MetatypeConversionExpr: - _extends: ImplicitConversionExpr - -PointerToPointerExpr: - _extends: ImplicitConversionExpr - -ProtocolMetatypeToObjectExpr: - _extends: ImplicitConversionExpr - -StringToPointerExpr: - _extends: ImplicitConversionExpr - -UnderlyingToOpaqueExpr: - _extends: ImplicitConversionExpr - -UnevaluatedInstanceExpr: - _extends: ImplicitConversionExpr - -UnresolvedTypeConversionExpr: - _extends: - - ImplicitConversionExpr - - UnresolvedElement - -BuiltinLiteralExpr: - _extends: LiteralExpr - -InterpolatedStringLiteralExpr: - _extends: LiteralExpr - interpolation_expr: OpaqueValueExpr? - _children: - interpolation_count_expr: Expr? - literal_capacity_expr: Expr? - appending_expr: TapExpr? - -RegexLiteralExpr: - _extends: LiteralExpr - -NilLiteralExpr: - _extends: LiteralExpr - -ObjectLiteralExpr: - _extends: LiteralExpr - -DynamicLookupExpr: - _extends: LookupExpr - -MemberRefExpr: - _extends: LookupExpr - has_direct_to_storage_semantics: predicate - has_direct_to_implementation_semantics: predicate - has_ordinary_semantics: predicate - -MethodRefExpr: - _extends: LookupExpr - _synth: - from: DotSyntaxCallExpr - -SubscriptExpr: - _extends: - - LookupExpr - _children: - arguments: Argument* - has_direct_to_storage_semantics: predicate - has_direct_to_implementation_semantics: predicate - has_ordinary_semantics: predicate - -OverloadedDeclRefExpr: - _extends: OverloadSetRefExpr - -DoCatchStmt: - _extends: LabeledStmt - _children: - body: Stmt - catches: CaseStmt* - -DoStmt: - _extends: LabeledStmt - _children: - body: BraceStmt - -ForEachStmt: - _extends: LabeledStmt - _children: - pattern: Pattern - sequence: Expr - where: Expr? - body: BraceStmt - -LabeledConditionalStmt: - _extends: LabeledStmt - _children: - condition: StmtCondition - -StmtCondition: - _extends: AstNode - _children: - elements: ConditionElement* - _dir: stmt - -RepeatWhileStmt: - _extends: LabeledStmt - _children: - condition: Expr - body: Stmt - -SwitchStmt: - _extends: LabeledStmt - _children: - expr: Expr - cases: CaseStmt* - -BoundGenericClassType: - _extends: BoundGenericType - -BoundGenericEnumType: - _extends: BoundGenericType - -BoundGenericStructType: - _extends: BoundGenericType - -ClassType: - _extends: NominalType - -EnumType: - _extends: NominalType - -ProtocolType: - _extends: NominalType - -StructType: - _extends: NominalType - -ArraySliceType: - _extends: UnarySyntaxSugarType - -OptionalType: - _extends: UnarySyntaxSugarType - -VariadicSequenceType: - _extends: UnarySyntaxSugarType - -ConstructorDecl: - _extends: AbstractFunctionDecl - -DestructorDecl: - _extends: AbstractFunctionDecl - -FuncDecl: - _extends: AbstractFunctionDecl - -SubscriptDecl: - _extends: - - AbstractStorageDecl - - GenericContext - _children: - params: ParamDecl* - element_type: Type - -VarDecl: - _extends: AbstractStorageDecl - name: string - type: Type - attached_property_wrapper_type: Type? - parent_pattern: Pattern? - parent_initializer: Expr? - -AbstractTypeParamDecl: - _extends: TypeDecl - -GenericContext: - _children: - generic_type_params: GenericTypeParamDecl* - -GenericTypeDecl: - _extends: - - GenericContext - - TypeDecl - -ModuleDecl: - _extends: TypeDecl - is_builtin_module: predicate - is_system_module: predicate - imported_modules: ModuleDecl* - exported_modules: ModuleDecl* - -ConstructorRefCallExpr: - _extends: SelfApplyExpr - -DotSyntaxCallExpr: - _extends: SelfApplyExpr - -ConditionalCheckedCastExpr: - _extends: CheckedCastExpr - -ForcedCheckedCastExpr: - _extends: CheckedCastExpr - -IsExpr: - _extends: CheckedCastExpr - -BooleanLiteralExpr: - _extends: BuiltinLiteralExpr - value: boolean - -MagicIdentifierLiteralExpr: - _extends: BuiltinLiteralExpr - kind: string - -NumberLiteralExpr: - _extends: BuiltinLiteralExpr - -StringLiteralExpr: - _extends: BuiltinLiteralExpr - value: string - -DynamicMemberRefExpr: - _extends: DynamicLookupExpr - -DynamicSubscriptExpr: - _extends: DynamicLookupExpr - -GuardStmt: - _extends: LabeledConditionalStmt - _children: - body: BraceStmt - -IfStmt: - _extends: LabeledConditionalStmt - _children: - then: Stmt - else: Stmt? - -WhileStmt: - _extends: LabeledConditionalStmt - _children: - body: Stmt - -AccessorDecl: - _extends: FuncDecl - is_getter: predicate - is_setter: predicate - is_will_set: predicate - is_did_set: predicate - -ConcreteFuncDecl: - _extends: FuncDecl - -ConcreteVarDecl: - _extends: VarDecl - introducer_int: int - -ParamDecl: - _extends: VarDecl - is_inout: predicate - -AssociatedTypeDecl: - _extends: AbstractTypeParamDecl - -GenericTypeParamDecl: - _extends: AbstractTypeParamDecl - -OpaqueTypeDecl: - _extends: GenericTypeDecl - -TypeAliasDecl: - _extends: GenericTypeDecl - -FloatLiteralExpr: - _extends: NumberLiteralExpr - string_value: string - -IntegerLiteralExpr: - _extends: NumberLiteralExpr - string_value: string diff --git a/swift/codegen/templates/ql_class.mustache b/swift/codegen/templates/ql_class.mustache index bcdf4b76cfa..3111e03dd11 100644 --- a/swift/codegen/templates/ql_class.mustache +++ b/swift/codegen/templates/ql_class.mustache @@ -5,69 +5,71 @@ private import codeql.swift.generated.Raw import {{.}} {{/imports}} -class {{name}}Base extends Synth::T{{name}}{{#bases}}, {{.}}{{/bases}} { - {{#root}} - string toString() { none() } // overridden by subclasses +module Generated { + class {{name}} extends Synth::T{{name}}{{#bases}}, {{.}}{{/bases}} { + {{#root}} + string toString() { none() } // overridden by subclasses - string getAPrimaryQlClass() { none() } // overridden by subclasses + string getAPrimaryQlClass() { none() } // overridden by subclasses - final string getPrimaryQlClasses() { result = concat(this.getAPrimaryQlClass(), ",") } + final string getPrimaryQlClasses() { result = concat(this.getAPrimaryQlClass(), ",") } - {{name}}Base getResolveStep() { none() } // overridden by subclasses + {{name}} getResolveStep() { none() } // overridden by subclasses - final {{name}}Base resolve() { - not exists(getResolveStep()) and result = this - or - result = getResolveStep().resolve() + final {{name}} resolve() { + not exists(getResolveStep()) and result = this + or + result = getResolveStep().resolve() + } + {{/root}} + {{#final}} + override string getAPrimaryQlClass() { result = "{{name}}" } + {{/final}} + {{#properties}} + + {{#type_is_class}} + {{type}} getImmediate{{singular}}({{#is_repeated}}int index{{/is_repeated}}) { + {{^ipa}} + result = Synth::convert{{type}}FromRaw(Synth::convert{{name}}ToRaw(this){{^root}}.(Raw::{{name}}){{/root}}.{{getter}}({{#is_repeated}}index{{/is_repeated}})) + {{/ipa}} + {{#ipa}} + none() + {{/ipa}} + } + + final {{type}} {{getter}}({{#is_repeated}}int index{{/is_repeated}}) { + result = getImmediate{{singular}}({{#is_repeated}}index{{/is_repeated}}).resolve() + } + + {{/type_is_class}} + {{^type_is_class}} + {{type}} {{getter}}({{#is_repeated}}int index{{/is_repeated}}) { + {{^ipa}} + {{^is_predicate}}result = {{/is_predicate}}Synth::convert{{name}}ToRaw(this){{^root}}.(Raw::{{name}}){{/root}}.{{getter}}({{#is_repeated}}index{{/is_repeated}}) + {{/ipa}} + {{#ipa}} + none() + {{/ipa}} + } + + {{/type_is_class}} + {{#is_optional}} + final predicate has{{singular}}({{#is_repeated}}int index{{/is_repeated}}) { + exists({{getter}}({{#is_repeated}}index{{/is_repeated}})) + } + {{/is_optional}} + {{#is_repeated}} + + final {{type}} {{indefinite_getter}}() { + result = {{getter}}(_) + } + {{^is_optional}} + + final int getNumberOf{{plural}}() { + result = count({{indefinite_getter}}()) + } + {{/is_optional}} + {{/is_repeated}} + {{/properties}} } - {{/root}} - {{#final}} - override string getAPrimaryQlClass() { result = "{{name}}" } - {{/final}} - {{#properties}} - - {{#type_is_class}} - {{type}} getImmediate{{singular}}({{#is_repeated}}int index{{/is_repeated}}) { - {{^ipa}} - result = Synth::convert{{type}}FromRaw(Synth::convert{{name}}ToRaw(this){{^root}}.(Raw::{{name}}){{/root}}.{{getter}}({{#is_repeated}}index{{/is_repeated}})) - {{/ipa}} - {{#ipa}} - none() - {{/ipa}} - } - - final {{type}} {{getter}}({{#is_repeated}}int index{{/is_repeated}}) { - result = getImmediate{{singular}}({{#is_repeated}}index{{/is_repeated}}).resolve() - } - - {{/type_is_class}} - {{^type_is_class}} - {{type}} {{getter}}({{#is_repeated}}int index{{/is_repeated}}) { - {{^ipa}} - {{^is_predicate}}result = {{/is_predicate}}Synth::convert{{name}}ToRaw(this){{^root}}.(Raw::{{name}}){{/root}}.{{getter}}({{#is_repeated}}index{{/is_repeated}}) - {{/ipa}} - {{#ipa}} - none() - {{/ipa}} - } - - {{/type_is_class}} - {{#is_optional}} - final predicate has{{singular}}({{#is_repeated}}int index{{/is_repeated}}) { - exists({{getter}}({{#is_repeated}}index{{/is_repeated}})) - } - {{/is_optional}} - {{#is_repeated}} - - final {{type}} {{indefinite_getter}}() { - result = {{getter}}(_) - } - {{^is_optional}} - - final int getNumberOf{{plural}}() { - result = count({{indefinite_getter}}()) - } - {{/is_optional}} - {{/is_repeated}} - {{/properties}} } diff --git a/swift/codegen/templates/ql_stub.mustache b/swift/codegen/templates/ql_stub.mustache index c49c829c613..ea6c3a997fe 100644 --- a/swift/codegen/templates/ql_stub.mustache +++ b/swift/codegen/templates/ql_stub.mustache @@ -1,4 +1,4 @@ // generated by {{generator}}, remove this comment if you wish to edit this file private import {{base_import}} -class {{name}} extends {{name}}Base {} +class {{name}} extends Generated::{{name}} {} diff --git a/swift/codegen/templates/ql_test_class.mustache b/swift/codegen/templates/ql_test_class.mustache index 11f41659e43..03d8b140525 100644 --- a/swift/codegen/templates/ql_test_class.mustache +++ b/swift/codegen/templates/ql_test_class.mustache @@ -13,4 +13,4 @@ and {{getter}} = x.{{getter}}() and if x.{{getter}}() then {{getter}} = "yes" else {{getter}} = "no" {{/is_predicate}} {{/properties}} -select x{{#properties}}, "{{getter}}:", {{getter}}{{/properties}} +select x{{#show_ql_class}}, x.getPrimaryQlClasses(){{/show_ql_class}}{{#properties}}, "{{getter}}:", {{getter}}{{/properties}} diff --git a/swift/codegen/test/test_qlgen.py b/swift/codegen/test/test_qlgen.py index f3468545b6b..fbc64eeeb6b 100644 --- a/swift/codegen/test/test_qlgen.py +++ b/swift/codegen/test/test_qlgen.py @@ -425,7 +425,7 @@ def test_non_empty_cleanup(opts, generate, renderer): test_c = opts.ql_test_output / "B.txt" write(ql_a) write(ql_b) - write(stub_a, "// generated\nprivate import bla\n\nclass foo extends bar {\n}\n") + write(stub_a, "// generated\nprivate import bla\n\nclass foo extends Generated::bar {\n}\n") write(stub_b, "bar\n") write(test_a) write(test_b) @@ -437,7 +437,7 @@ def test_non_empty_cleanup(opts, generate, renderer): def test_modified_stub_still_generated(qlgen_opts, renderer): stub = qlgen_opts.ql_stub_output / "A.qll" - write(stub, "// generated\nprivate import bla\n\nclass foo extends bar, baz {\n}\n") + write(stub, "// generated\nprivate import bla\n\nclass foo extends Generated::bar, baz {\n}\n") with pytest.raises(qlgen.ModifiedStubMarkedAsGeneratedError): run_generation(qlgen.generate, qlgen_opts, renderer) @@ -445,7 +445,8 @@ def test_modified_stub_still_generated(qlgen_opts, renderer): def test_extended_stub_still_generated(qlgen_opts, renderer): stub = qlgen_opts.ql_stub_output / "A.qll" write(stub, - "// generated\nprivate import bla\n\nclass foo extends bar {\n}\n\nclass other {\n other() { none() }\n}") + "// generated\nprivate import bla\n\nclass foo extends Generated::bar {\n}\n\n" + "class other {\n other() { none() }\n}") with pytest.raises(qlgen.ModifiedStubMarkedAsGeneratedError): run_generation(qlgen.generate, qlgen_opts, renderer) @@ -584,7 +585,7 @@ def test_test_class_hierarchy_collapse(opts, generate_tests): schema.Class("D2", bases=["Base"], derived={"D3"}, properties=[schema.SingleProperty("y", "string")]), schema.Class("D3", bases=["D2"], properties=[schema.SingleProperty("z", "string")]), ]) == { - "Base/Base.ql": ql.ClassTester(class_name="Base"), + "Base/Base.ql": ql.ClassTester(class_name="Base", show_ql_class=True), } @@ -598,7 +599,7 @@ def test_test_class_hierarchy_uncollapse(opts, generate_tests): schema.Class("D3", bases=["D2"]), schema.Class("D4", bases=["D2"]), ]) == { - "Base/Base.ql": ql.ClassTester(class_name="Base"), + "Base/Base.ql": ql.ClassTester(class_name="Base", show_ql_class=True), "D3/D3.ql": ql.ClassTester(class_name="D3"), "D4/D4.ql": ql.ClassTester(class_name="D4"), } @@ -613,7 +614,7 @@ def test_test_class_hierarchy_uncollapse_at_final(opts, generate_tests): schema.Class("D2", bases=["Base"], derived={"D3"}), schema.Class("D3", bases=["D2"], pragmas=["qltest_uncollapse_hierarchy", "bar"]), ]) == { - "Base/Base.ql": ql.ClassTester(class_name="Base"), + "Base/Base.ql": ql.ClassTester(class_name="Base", show_ql_class=True), "D3/D3.ql": ql.ClassTester(class_name="D3"), } diff --git a/swift/extractor/BUILD.bazel b/swift/extractor/BUILD.bazel index 28d89d920de..d6103350905 100644 --- a/swift/extractor/BUILD.bazel +++ b/swift/extractor/BUILD.bazel @@ -1,4 +1,5 @@ load("//swift:rules.bzl", "swift_cc_binary") +load("//misc/bazel/cmake:cmake.bzl", "generate_cmake") swift_cc_binary( name = "extractor", @@ -9,8 +10,14 @@ swift_cc_binary( visibility = ["//swift:__pkg__"], deps = [ "//swift/extractor/infra", - "//swift/extractor/visitors", "//swift/extractor/remapping", + "//swift/extractor/visitors", "//swift/tools/prebuilt:swift-llvm-support", ], ) + +generate_cmake( + name = "cmake", + targets = [":extractor"], + visibility = ["//visibility:public"], +) diff --git a/swift/extractor/infra/SwiftDispatcher.h b/swift/extractor/infra/SwiftDispatcher.h index 94edd44df44..f4db56d871c 100644 --- a/swift/extractor/infra/SwiftDispatcher.h +++ b/swift/extractor/infra/SwiftDispatcher.h @@ -308,7 +308,7 @@ class SwiftDispatcher { static FilePath getFilePath(llvm::StringRef path) { // TODO: this needs more testing - // TODO: check canonicaliztion of names on a case insensitive filesystems + // TODO: check canonicalization of names on a case insensitive filesystems // TODO: make symlink resolution conditional on CODEQL_PRESERVE_SYMLINKS=true llvm::SmallString realPath; if (std::error_code ec = llvm::sys::fs::real_path(path, realPath)) { diff --git a/swift/extractor/visitors/ExprVisitor.cpp b/swift/extractor/visitors/ExprVisitor.cpp index a4bc1639811..c640b0addb4 100644 --- a/swift/extractor/visitors/ExprVisitor.cpp +++ b/swift/extractor/visitors/ExprVisitor.cpp @@ -279,12 +279,6 @@ void ExprVisitor::visitArrayExpr(swift::ArrayExpr* expr) { } } -void ExprVisitor::visitErasureExpr(swift::ErasureExpr* expr) { - auto label = dispatcher_.assignNewLabel(expr); - dispatcher_.emit(ErasureExprsTrap{label}); - emitImplicitConversionExpr(expr, label); -} - codeql::TypeExpr ExprVisitor::translateTypeExpr(const swift::TypeExpr& expr) { TypeExpr entry{dispatcher_.assignNewLabel(expr)}; if (expr.getTypeRepr() && expr.getInstanceType()) { @@ -299,12 +293,6 @@ codeql::ParenExpr ExprVisitor::translateParenExpr(const swift::ParenExpr& expr) return entry; } -void ExprVisitor::visitLoadExpr(swift::LoadExpr* expr) { - auto label = dispatcher_.assignNewLabel(expr); - dispatcher_.emit(LoadExprsTrap{label}); - emitImplicitConversionExpr(expr, label); -} - void ExprVisitor::visitInOutExpr(swift::InOutExpr* expr) { auto label = dispatcher_.assignNewLabel(expr); assert(expr->getSubExpr() && "InOutExpr has getSubExpr()"); @@ -359,12 +347,6 @@ void ExprVisitor::visitOptionalTryExpr(swift::OptionalTryExpr* expr) { emitAnyTryExpr(expr, label); } -void ExprVisitor::visitInjectIntoOptionalExpr(swift::InjectIntoOptionalExpr* expr) { - auto label = dispatcher_.assignNewLabel(expr); - dispatcher_.emit(InjectIntoOptionalExprsTrap{label}); - emitImplicitConversionExpr(expr, label); -} - void ExprVisitor::visitConstructorRefCallExpr(swift::ConstructorRefCallExpr* expr) { auto label = dispatcher_.assignNewLabel(expr); dispatcher_.emit(ConstructorRefCallExprsTrap{label}); @@ -442,18 +424,6 @@ void ExprVisitor::visitDictionaryExpr(swift::DictionaryExpr* expr) { } } -void ExprVisitor::visitFunctionConversionExpr(swift::FunctionConversionExpr* expr) { - auto label = dispatcher_.assignNewLabel(expr); - dispatcher_.emit(FunctionConversionExprsTrap{label}); - emitImplicitConversionExpr(expr, label); -} - -void ExprVisitor::visitInOutToPointerExpr(swift::InOutToPointerExpr* expr) { - auto label = dispatcher_.assignNewLabel(expr); - dispatcher_.emit(InOutToPointerExprsTrap{label}); - emitImplicitConversionExpr(expr, label); -} - void ExprVisitor::visitMemberRefExpr(swift::MemberRefExpr* expr) { auto label = dispatcher_.assignNewLabel(expr); dispatcher_.emit(MemberRefExprsTrap{label}); @@ -465,12 +435,6 @@ void ExprVisitor::visitMemberRefExpr(swift::MemberRefExpr* expr) { emitLookupExpr(expr, label); } -void ExprVisitor::visitDerivedToBaseExpr(swift::DerivedToBaseExpr* expr) { - auto label = dispatcher_.assignNewLabel(expr); - dispatcher_.emit(DerivedToBaseExprsTrap{label}); - emitImplicitConversionExpr(expr, label); -} - void ExprVisitor::visitKeyPathExpr(swift::KeyPathExpr* expr) { auto label = dispatcher_.assignNewLabel(expr); dispatcher_.emit(KeyPathExprsTrap{label}); @@ -506,12 +470,6 @@ void ExprVisitor::visitForceValueExpr(swift::ForceValueExpr* expr) { dispatcher_.emit(ForceValueExprsTrap{label, subExprLabel}); } -void ExprVisitor::visitPointerToPointerExpr(swift::PointerToPointerExpr* expr) { - auto label = dispatcher_.assignNewLabel(expr); - dispatcher_.emit(PointerToPointerExprsTrap{label}); - emitImplicitConversionExpr(expr, label); -} - void ExprVisitor::visitIfExpr(swift::IfExpr* expr) { auto label = dispatcher_.assignNewLabel(expr); assert(expr->getCondExpr() && "IfExpr has getCond()"); @@ -583,20 +541,6 @@ codeql::SequenceExpr ExprVisitor::translateSequenceExpr(const swift::SequenceExp return entry; } -codeql::BridgeToObjCExpr ExprVisitor::translateBridgeToObjCExpr( - const swift::BridgeToObjCExpr& expr) { - BridgeToObjCExpr entry{dispatcher_.assignNewLabel(expr)}; - entry.sub_expr = dispatcher_.fetchLabel(expr.getSubExpr()); - return entry; -} - -codeql::BridgeFromObjCExpr ExprVisitor::translateBridgeFromObjCExpr( - const swift::BridgeFromObjCExpr& expr) { - BridgeFromObjCExpr entry{dispatcher_.assignNewLabel(expr)}; - entry.sub_expr = dispatcher_.fetchLabel(expr.getSubExpr()); - return entry; -} - codeql::DotSelfExpr ExprVisitor::translateDotSelfExpr(const swift::DotSelfExpr& expr) { DotSelfExpr entry{dispatcher_.assignNewLabel(expr)}; fillIdentityExpr(expr, entry); @@ -624,12 +568,6 @@ TrapLabel ExprVisitor::emitArgument(const swift::Argument& arg) { return entry.id; } -void ExprVisitor::emitImplicitConversionExpr(swift::ImplicitConversionExpr* expr, - TrapLabel label) { - assert(expr->getSubExpr() && "ImplicitConversionExpr has getSubExpr()"); - dispatcher_.emit(ImplicitConversionExprsTrap{label, dispatcher_.fetchLabel(expr->getSubExpr())}); -} - void ExprVisitor::emitExplicitCastExpr(swift::ExplicitCastExpr* expr, TrapLabel label) { assert(expr->getSubExpr() && "ExplicitCastExpr has getSubExpr()"); diff --git a/swift/extractor/visitors/ExprVisitor.h b/swift/extractor/visitors/ExprVisitor.h index 549049968ed..07b0d771b68 100644 --- a/swift/extractor/visitors/ExprVisitor.h +++ b/swift/extractor/visitors/ExprVisitor.h @@ -39,10 +39,16 @@ class ExprVisitor : public AstVisitorBase { void visitDotSyntaxCallExpr(swift::DotSyntaxCallExpr* expr); void visitVarargExpansionExpr(swift::VarargExpansionExpr* expr); void visitArrayExpr(swift::ArrayExpr* expr); - void visitErasureExpr(swift::ErasureExpr* expr); + + template + TrapClassOf translateImplicitConversionExpr(const E& expr) { + auto entry = dispatcher_.createEntry(expr); + entry.sub_expr = dispatcher_.fetchLabel(expr.getSubExpr()); + return entry; + } + codeql::TypeExpr translateTypeExpr(const swift::TypeExpr& expr); codeql::ParenExpr translateParenExpr(const swift::ParenExpr& expr); - void visitLoadExpr(swift::LoadExpr* expr); void visitInOutExpr(swift::InOutExpr* expr); void visitOpaqueValueExpr(swift::OpaqueValueExpr* expr); void visitTapExpr(swift::TapExpr* expr); @@ -50,7 +56,6 @@ class ExprVisitor : public AstVisitorBase { void visitTryExpr(swift::TryExpr* expr); void visitForceTryExpr(swift::ForceTryExpr* expr); void visitOptionalTryExpr(swift::OptionalTryExpr* expr); - void visitInjectIntoOptionalExpr(swift::InjectIntoOptionalExpr* expr); void visitConstructorRefCallExpr(swift::ConstructorRefCallExpr* expr); void visitDiscardAssignmentExpr(swift::DiscardAssignmentExpr* expr); codeql::ClosureExpr translateClosureExpr(const swift::ClosureExpr& expr); @@ -62,14 +67,10 @@ class ExprVisitor : public AstVisitorBase { void visitLookupExpr(swift::LookupExpr* expr); void visitSubscriptExpr(swift::SubscriptExpr* expr); void visitDictionaryExpr(swift::DictionaryExpr* expr); - void visitFunctionConversionExpr(swift::FunctionConversionExpr* expr); - void visitInOutToPointerExpr(swift::InOutToPointerExpr* expr); void visitMemberRefExpr(swift::MemberRefExpr* expr); - void visitDerivedToBaseExpr(swift::DerivedToBaseExpr* expr); void visitKeyPathExpr(swift::KeyPathExpr* expr); void visitLazyInitializerExpr(swift::LazyInitializerExpr* expr); void visitForceValueExpr(swift::ForceValueExpr* expr); - void visitPointerToPointerExpr(swift::PointerToPointerExpr* expr); void visitIfExpr(swift::IfExpr* expr); void visitKeyPathDotExpr(swift::KeyPathDotExpr* expr); void visitKeyPathApplicationExpr(swift::KeyPathApplicationExpr* expr); @@ -80,8 +81,6 @@ class ExprVisitor : public AstVisitorBase { codeql::UnresolvedMemberExpr translateUnresolvedMemberExpr( const swift::UnresolvedMemberExpr& expr); codeql::SequenceExpr translateSequenceExpr(const swift::SequenceExpr& expr); - codeql::BridgeToObjCExpr translateBridgeToObjCExpr(const swift::BridgeToObjCExpr& expr); - codeql::BridgeFromObjCExpr translateBridgeFromObjCExpr(const swift::BridgeFromObjCExpr& expr); codeql::DotSelfExpr translateDotSelfExpr(const swift::DotSelfExpr& expr); codeql::ErrorExpr translateErrorExpr(const swift::ErrorExpr& expr); // The following function requires a non-const parameter because: @@ -96,8 +95,6 @@ class ExprVisitor : public AstVisitorBase { void fillAbstractClosureExpr(const swift::AbstractClosureExpr& expr, codeql::AbstractClosureExpr& entry); TrapLabel emitArgument(const swift::Argument& arg); - void emitImplicitConversionExpr(swift::ImplicitConversionExpr* expr, - TrapLabel label); void emitExplicitCastExpr(swift::ExplicitCastExpr* expr, TrapLabel label); void fillIdentityExpr(const swift::IdentityExpr& expr, codeql::IdentityExpr& entry); void emitAnyTryExpr(swift::AnyTryExpr* expr, TrapLabel label); diff --git a/swift/extractor/visitors/VisitorBase.h b/swift/extractor/visitors/VisitorBase.h index b835492d00d..0b6dc73f8f0 100644 --- a/swift/extractor/visitors/VisitorBase.h +++ b/swift/extractor/visitors/VisitorBase.h @@ -17,31 +17,65 @@ class VisitorBase { VisitorBase(SwiftDispatcher& dispatcher) : dispatcher_{dispatcher} {} }; +// define by macro metaprogramming member checkers +// see https://fekir.info/post/detect-member-variables/ for technical details +#define DEFINE_TRANSLATE_CHECKER(KIND, CLASS, PARENT) \ + template \ + struct HasTranslate##CLASS##KIND : std::false_type {}; \ + \ + template \ + struct HasTranslate##CLASS##KIND().translate##CLASS##KIND( \ + std::declval()), \ + void())> : std::true_type {}; + +DEFINE_TRANSLATE_CHECKER(Decl, , ) +#define DECL(CLASS, PARENT) DEFINE_TRANSLATE_CHECKER(Decl, CLASS, PARENT) +#define ABSTRACT_DECL(CLASS, PARENT) DEFINE_TRANSLATE_CHECKER(Decl, CLASS, PARENT) +#include "swift/AST/DeclNodes.def" + +DEFINE_TRANSLATE_CHECKER(Stmt, , ) +#define STMT(CLASS, PARENT) DEFINE_TRANSLATE_CHECKER(Stmt, CLASS, PARENT) +#define ABSTRACT_STMT(CLASS, PARENT) DEFINE_TRANSLATE_CHECKER(Stmt, CLASS, PARENT) +#include "swift/AST/StmtNodes.def" + +DEFINE_TRANSLATE_CHECKER(Expr, , ) +#define EXPR(CLASS, PARENT) DEFINE_TRANSLATE_CHECKER(Expr, CLASS, PARENT) +#define ABSTRACT_EXPR(CLASS, PARENT) DEFINE_TRANSLATE_CHECKER(Expr, CLASS, PARENT) +#include "swift/AST/ExprNodes.def" + +DEFINE_TRANSLATE_CHECKER(Pattern, , ) +#define PATTERN(CLASS, PARENT) DEFINE_TRANSLATE_CHECKER(Pattern, CLASS, PARENT) +#include "swift/AST/PatternNodes.def" + +DEFINE_TRANSLATE_CHECKER(Type, , ) +#define TYPE(CLASS, PARENT) DEFINE_TRANSLATE_CHECKER(Type, CLASS, PARENT) +#define ABSTRACT_TYPE(CLASS, PARENT) DEFINE_TRANSLATE_CHECKER(Type, CLASS, PARENT) +#include "swift/AST/TypeNodes.def" + +DEFINE_TRANSLATE_CHECKER(TypeRepr, , ) +#define TYPEREPR(CLASS, PARENT) DEFINE_TRANSLATE_CHECKER(TypeRepr, CLASS, PARENT) +#define ABSTRACT_TYPEREPR(CLASS, PARENT) DEFINE_TRANSLATE_CHECKER(TypeRepr, CLASS, PARENT) +#include "swift/AST/TypeReprNodes.def" } // namespace detail // we want to override the default swift visitor behaviour of chaining calls to immediate // superclasses by default and instead provide our own TBD default (using the exact type). // Moreover, if the implementation class has translate##CLASS##KIND (that uses generated C++ -// classes), we want to use that. We detect that by checking its return type. If it is different -// from void (which is what is returned by a private unimplemented member function here) it means -// we have implemented it in the visitor. -#define DEFAULT(KIND, CLASS, PARENT) \ - public: \ - void visit##CLASS##KIND(swift::CLASS##KIND* e) { \ - using TranslateResult = std::invoke_result_t; \ - constexpr bool hasTranslateImplementation = !std::is_same_v; \ - if constexpr (hasTranslateImplementation) { \ - dispatcher_.emit(static_cast(this)->translate##CLASS##KIND(*e)); \ - } else { \ - dispatcher_.emitUnknown(e); \ - } \ - } \ - \ - private: \ - void translate##CLASS##KIND(const swift::CLASS##KIND&); +// classes), for the class of for a parent thereof, we want to use that. We detect that by using the +// type traits HasTranslate##CLASS##KIND defined above +#define DEFINE_VISIT(KIND, CLASS, PARENT) \ + public: \ + void visit##CLASS##KIND(swift::CLASS##KIND* e) { \ + if constexpr (detail::HasTranslate##CLASS##KIND::value) { \ + dispatcher_.emit(static_cast(this)->translate##CLASS##KIND(*e)); \ + } else if constexpr (detail::HasTranslate##PARENT::value) { \ + dispatcher_.emit(static_cast(this)->translate##PARENT(*e)); \ + } else { \ + dispatcher_.emitUnknown(e); \ + } \ + } -// base class for our AST visitors, getting a SwiftDispatcher member and default emission for +// base class for our AST visitors, getting a SwiftDispatcher member and define_visit emission for // unknown/TBD entities. Like `swift::ASTVisitor`, this uses CRTP (the Curiously Recurring Template // Pattern) template @@ -49,23 +83,23 @@ class AstVisitorBase : public swift::ASTVisitor, protected detail: public: using VisitorBase::VisitorBase; -#define DECL(CLASS, PARENT) DEFAULT(Decl, CLASS, PARENT) +#define DECL(CLASS, PARENT) DEFINE_VISIT(Decl, CLASS, PARENT) #include "swift/AST/DeclNodes.def" -#define STMT(CLASS, PARENT) DEFAULT(Stmt, CLASS, PARENT) +#define STMT(CLASS, PARENT) DEFINE_VISIT(Stmt, CLASS, PARENT) #include "swift/AST/StmtNodes.def" -#define EXPR(CLASS, PARENT) DEFAULT(Expr, CLASS, PARENT) +#define EXPR(CLASS, PARENT) DEFINE_VISIT(Expr, CLASS, PARENT) #include "swift/AST/ExprNodes.def" -#define PATTERN(CLASS, PARENT) DEFAULT(Pattern, CLASS, PARENT) +#define PATTERN(CLASS, PARENT) DEFINE_VISIT(Pattern, CLASS, PARENT) #include "swift/AST/PatternNodes.def" -#define TYPEREPR(CLASS, PARENT) DEFAULT(TypeRepr, CLASS, PARENT) +#define TYPEREPR(CLASS, PARENT) DEFINE_VISIT(TypeRepr, CLASS, PARENT) #include "swift/AST/TypeReprNodes.def" }; -// base class for our type visitor, getting a SwiftDispatcher member and default emission for +// base class for our type visitor, getting a SwiftDispatcher member and define_visit emission for // unknown/TBD types. Like `swift::TypeVisitor`, this uses CRTP (the Curiously Recurring Template // Pattern) template @@ -73,10 +107,11 @@ class TypeVisitorBase : public swift::TypeVisitor, protected detai public: using VisitorBase::VisitorBase; -#define TYPE(CLASS, PARENT) DEFAULT(Type, CLASS, PARENT) +#define TYPE(CLASS, PARENT) DEFINE_VISIT(Type, CLASS, PARENT) #include "swift/AST/TypeNodes.def" }; -#undef DEFAULT +#undef DEFINE_TRANSLATE_CHECKER +#undef DEFINE_VISIT } // namespace codeql diff --git a/swift/integration-tests/runner.py b/swift/integration-tests/runner.py index 77a62bfb81b..3c2521df8be 100755 --- a/swift/integration-tests/runner.py +++ b/swift/integration-tests/runner.py @@ -16,8 +16,7 @@ import argparse import shutil import platform -this_dir = pathlib.Path(__file__).parent - +this_dir = pathlib.Path(__file__).parent.resolve() def options(): p = argparse.ArgumentParser() diff --git a/swift/ql/lib/codeql/swift/controlflow/internal/Completion.qll b/swift/ql/lib/codeql/swift/controlflow/internal/Completion.qll index 912f2fb499a..142ec4a7a3c 100644 --- a/swift/ql/lib/codeql/swift/controlflow/internal/Completion.qll +++ b/swift/ql/lib/codeql/swift/controlflow/internal/Completion.qll @@ -94,7 +94,7 @@ private predicate isBooleanConstant(ControlFlowElement n, boolean value) { mustHaveBooleanCompletion(n) and value = n.asAstNode().(BooleanLiteralExpr).getValue() or - // Boolean consants hidden inside conversions are also + // Boolean constants hidden inside conversions are also // constants that resolve to the same value. exists(ControlFlowElement parent | parent.asAstNode() = n.asAstNode().getResolveStep() and diff --git a/swift/ql/lib/codeql/swift/controlflow/internal/ControlFlowGraphImpl.qll b/swift/ql/lib/codeql/swift/controlflow/internal/ControlFlowGraphImpl.qll index 29d5c1a95c9..e4f9c40d892 100644 --- a/swift/ql/lib/codeql/swift/controlflow/internal/ControlFlowGraphImpl.qll +++ b/swift/ql/lib/codeql/swift/controlflow/internal/ControlFlowGraphImpl.qll @@ -1074,7 +1074,7 @@ module Exprs { /** * The control-flow for assignments where the left-hand side has - * direct-to-implmentation-access semantics. + * direct-to-implementation-access semantics. */ class PropertyAssignExpr extends AssignExprTree { AccessorDecl accessorDecl; diff --git a/swift/ql/lib/codeql/swift/controlflow/internal/ControlFlowGraphImplShared.qll b/swift/ql/lib/codeql/swift/controlflow/internal/ControlFlowGraphImplShared.qll index 7d0dd10c084..dbd90ba0ae1 100644 --- a/swift/ql/lib/codeql/swift/controlflow/internal/ControlFlowGraphImplShared.qll +++ b/swift/ql/lib/codeql/swift/controlflow/internal/ControlFlowGraphImplShared.qll @@ -885,7 +885,7 @@ module TestOutput { /** * Gets a string used to resolve ties in node and edge ordering. */ - string getOrderDisambuigation() { result = "" } + string getOrderDisambiguation() { result = "" } } query predicate nodes(RelevantNode n, string attr, string val) { @@ -900,7 +900,7 @@ module TestOutput { order by l.getFile().getBaseName(), l.getFile().getAbsolutePath(), l.getStartLine(), l.getStartColumn(), l.getEndLine(), l.getEndColumn(), p.toString(), - p.getOrderDisambuigation() + p.getOrderDisambiguation() ) ).toString() } @@ -923,7 +923,7 @@ module TestOutput { order by l.getFile().getBaseName(), l.getFile().getAbsolutePath(), l.getStartLine(), l.getStartColumn(), l.getEndLine(), l.getEndColumn(), t.toString(), s.toString(), - s.getOrderDisambuigation() + s.getOrderDisambiguation() ) ).toString() } diff --git a/swift/ql/lib/codeql/swift/dataflow/ExternalFlow.qll b/swift/ql/lib/codeql/swift/dataflow/ExternalFlow.qll index 32e4cd8f5ff..52d102d21e0 100644 --- a/swift/ql/lib/codeql/swift/dataflow/ExternalFlow.qll +++ b/swift/ql/lib/codeql/swift/dataflow/ExternalFlow.qll @@ -78,6 +78,7 @@ private import internal.FlowSummaryImplSpecific * ensuring that they are visible to the taint tracking / data flow library. */ private module Frameworks { + private import codeql.swift.frameworks.StandardLibrary.CustomUrlSchemes private import codeql.swift.frameworks.StandardLibrary.String private import codeql.swift.frameworks.StandardLibrary.Url private import codeql.swift.frameworks.StandardLibrary.UrlSession diff --git a/swift/ql/lib/codeql/swift/dataflow/FlowSteps.qll b/swift/ql/lib/codeql/swift/dataflow/FlowSteps.qll new file mode 100644 index 00000000000..e538f44b957 --- /dev/null +++ b/swift/ql/lib/codeql/swift/dataflow/FlowSteps.qll @@ -0,0 +1,15 @@ +import swift +private import codeql.swift.dataflow.DataFlow + +/** + * A `Content` that should be implicitly regarded as tainted whenever an object with such `Content` + * is itself tainted. + * + * For example, if we had a type `class Container { var field: Contained }`, then by default a tainted + * `Container` and a `Container` with a tainted `Contained` stored in its `field` are distinct. + * + * If `any(DataFlow::FieldContent fc | fc.getField().hasQualifiedName("Container", "field"))` was + * included in this type however, then a tainted `Container` would imply that its `field` is also + * tainted (but not vice versa). + */ +abstract class TaintInheritingContent extends DataFlow::Content { } diff --git a/swift/ql/lib/codeql/swift/dataflow/internal/DataFlowDispatch.qll b/swift/ql/lib/codeql/swift/dataflow/internal/DataFlowDispatch.qll index f4073c1b503..9047ce68cfe 100644 --- a/swift/ql/lib/codeql/swift/dataflow/internal/DataFlowDispatch.qll +++ b/swift/ql/lib/codeql/swift/dataflow/internal/DataFlowDispatch.qll @@ -71,7 +71,7 @@ newtype TDataFlowCall = TNormalCall(ApplyExprCfgNode call) or TPropertyGetterCall(PropertyGetterCfgNode getter) or TPropertySetterCall(PropertySetterCfgNode setter) or - TPropertyObserverCall(PropertyObserverCfgNode obserer) or + TPropertyObserverCall(PropertyObserverCfgNode observer) or TSummaryCall(FlowSummaryImpl::Public::SummarizedCallable c, Node receiver) { FlowSummaryImpl::Private::summaryCallbackRange(c, receiver) } @@ -191,7 +191,7 @@ class PropertyObserverCall extends DataFlowCall, TPropertyObserverCall { result = observer.getBase() or // TODO: This is correct for `willSet` (which takes a `newValue` parameter), - // but for `didSet` (which takes an `oldValue` paramter) we need an rvalue + // but for `didSet` (which takes an `oldValue` parameter) we need an rvalue // for `getBase()`. i = 0 and result = observer.getSource() diff --git a/swift/ql/lib/codeql/swift/dataflow/internal/DataFlowImpl.qll b/swift/ql/lib/codeql/swift/dataflow/internal/DataFlowImpl.qll index 9053019a6d0..b5631b26b0b 100644 --- a/swift/ql/lib/codeql/swift/dataflow/internal/DataFlowImpl.qll +++ b/swift/ql/lib/codeql/swift/dataflow/internal/DataFlowImpl.qll @@ -838,13 +838,13 @@ private module Stage1 implements StageSig { * by `revFlow`. */ pragma[nomagic] - predicate revFlowIsReadAndStored(Content c, Configuration conf) { + additional predicate revFlowIsReadAndStored(Content c, Configuration conf) { revFlowConsCand(c, conf) and revFlowStore(c, _, _, conf) } pragma[nomagic] - predicate viableReturnPosOutNodeCandFwd1( + additional predicate viableReturnPosOutNodeCandFwd1( DataFlowCall call, ReturnPosition pos, NodeEx out, Configuration config ) { fwdFlowReturnPosition(pos, _, config) and @@ -860,7 +860,7 @@ private module Stage1 implements StageSig { } pragma[nomagic] - predicate viableParamArgNodeCandFwd1( + additional predicate viableParamArgNodeCandFwd1( DataFlowCall call, ParamNodeEx p, ArgNodeEx arg, Configuration config ) { viableParamArgEx(call, p, arg) and @@ -907,7 +907,7 @@ private module Stage1 implements StageSig { ) } - predicate revFlowState(FlowState state, Configuration config) { + additional predicate revFlowState(FlowState state, Configuration config) { exists(NodeEx node | sinkNode(node, state, config) and revFlow(node, _, pragma[only_bind_into](config)) and @@ -999,7 +999,7 @@ private module Stage1 implements StageSig { ) } - predicate stats( + additional predicate stats( boolean fwd, int nodes, int fields, int conscand, int states, int tuples, Configuration config ) { fwd = true and @@ -1260,7 +1260,7 @@ private module MkStage { * argument. */ pragma[nomagic] - predicate fwdFlow( + additional predicate fwdFlow( NodeEx node, FlowState state, Cc cc, ApOption argAp, Ap ap, Configuration config ) { fwdFlow0(node, state, cc, argAp, ap, config) and @@ -1484,7 +1484,7 @@ private module MkStage { * the access path of the returned value. */ pragma[nomagic] - predicate revFlow( + additional predicate revFlow( NodeEx node, FlowState state, boolean toReturn, ApOption returnAp, Ap ap, Configuration config ) { revFlow0(node, state, toReturn, returnAp, ap, config) and @@ -1662,7 +1662,7 @@ private module MkStage { ) } - predicate revFlow(NodeEx node, FlowState state, Configuration config) { + additional predicate revFlow(NodeEx node, FlowState state, Configuration config) { revFlow(node, state, _, _, _, config) } @@ -1675,11 +1675,13 @@ private module MkStage { // use an alias as a workaround for bad functionality-induced joins pragma[nomagic] - predicate revFlowAlias(NodeEx node, Configuration config) { revFlow(node, _, _, _, _, config) } + additional predicate revFlowAlias(NodeEx node, Configuration config) { + revFlow(node, _, _, _, _, config) + } // use an alias as a workaround for bad functionality-induced joins pragma[nomagic] - predicate revFlowAlias(NodeEx node, FlowState state, Ap ap, Configuration config) { + additional predicate revFlowAlias(NodeEx node, FlowState state, Ap ap, Configuration config) { revFlow(node, state, ap, config) } @@ -1700,7 +1702,7 @@ private module MkStage { ) } - predicate consCand(TypedContent tc, Ap ap, Configuration config) { + additional predicate consCand(TypedContent tc, Ap ap, Configuration config) { revConsCand(tc, ap, config) and validAp(ap, config) } @@ -1742,7 +1744,7 @@ private module MkStage { ) } - predicate stats( + additional predicate stats( boolean fwd, int nodes, int fields, int conscand, int states, int tuples, Configuration config ) { fwd = true and diff --git a/swift/ql/lib/codeql/swift/dataflow/internal/DataFlowPrivate.qll b/swift/ql/lib/codeql/swift/dataflow/internal/DataFlowPrivate.qll index a86272940f2..5d5813bf9bc 100644 --- a/swift/ql/lib/codeql/swift/dataflow/internal/DataFlowPrivate.qll +++ b/swift/ql/lib/codeql/swift/dataflow/internal/DataFlowPrivate.qll @@ -486,7 +486,9 @@ private module OutNodes { import OutNodes -predicate jumpStep(Node pred, Node succ) { none() } +predicate jumpStep(Node pred, Node succ) { + FlowSummaryImpl::Private::Steps::summaryJumpStep(pred, succ) +} predicate storeStep(Node node1, ContentSet c, Node node2) { exists(MemberRefExpr ref, AssignExpr assign | diff --git a/swift/ql/lib/codeql/swift/dataflow/internal/FlowSummaryImpl.qll b/swift/ql/lib/codeql/swift/dataflow/internal/FlowSummaryImpl.qll index a13c7cd1224..275569b4c02 100644 --- a/swift/ql/lib/codeql/swift/dataflow/internal/FlowSummaryImpl.qll +++ b/swift/ql/lib/codeql/swift/dataflow/internal/FlowSummaryImpl.qll @@ -61,6 +61,20 @@ module Public { /** Gets a summary component for a return of kind `rk`. */ SummaryComponent return(ReturnKind rk) { result = TReturnSummaryComponent(rk) } + + /** Gets a summary component for synthetic global `sg`. */ + SummaryComponent syntheticGlobal(SyntheticGlobal sg) { + result = TSyntheticGlobalSummaryComponent(sg) + } + + /** + * A synthetic global. This represents some form of global state, which + * summaries can read and write individually. + */ + abstract class SyntheticGlobal extends string { + bindingset[this] + SyntheticGlobal() { any() } + } } /** @@ -256,6 +270,7 @@ module Private { TParameterSummaryComponent(ArgumentPosition pos) or TArgumentSummaryComponent(ParameterPosition pos) or TReturnSummaryComponent(ReturnKind rk) or + TSyntheticGlobalSummaryComponent(SummaryComponent::SyntheticGlobal sg) or TWithoutContentSummaryComponent(ContentSet c) or TWithContentSummaryComponent(ContentSet c) @@ -563,6 +578,11 @@ module Private { getCallbackReturnType(getNodeType(summaryNodeInputState(pragma[only_bind_out](c), s.tail())), rk) ) + or + exists(SummaryComponent::SyntheticGlobal sg | + head = TSyntheticGlobalSummaryComponent(sg) and + result = getSyntheticGlobalType(sg) + ) ) or n = summaryNodeOutputState(c, s) and @@ -582,6 +602,11 @@ module Private { getCallbackParameterType(getNodeType(summaryNodeInputState(pragma[only_bind_out](c), s.tail())), pos) ) + or + exists(SummaryComponent::SyntheticGlobal sg | + head = TSyntheticGlobalSummaryComponent(sg) and + result = getSyntheticGlobalType(sg) + ) ) ) } @@ -692,6 +717,18 @@ module Private { ) } + /** + * Holds if there is a jump step from `pred` to `succ`, which is synthesized + * from a flow summary. + */ + predicate summaryJumpStep(Node pred, Node succ) { + exists(SummaryComponentStack s | + s = SummaryComponentStack::singleton(SummaryComponent::syntheticGlobal(_)) and + pred = summaryNodeOutputState(_, s) and + succ = summaryNodeInputState(_, s) + ) + } + /** * Holds if values stored inside content `c` are cleared at `n`. `n` is a * synthesized summary node, so in order for values to be cleared at calls @@ -871,18 +908,28 @@ module Private { AccessPathRange() { relevantSpec(this) } } - /** Holds if specification component `c` parses as parameter `n`. */ + /** Holds if specification component `token` parses as parameter `pos`. */ predicate parseParam(AccessPathToken token, ArgumentPosition pos) { token.getName() = "Parameter" and pos = parseParamBody(token.getAnArgument()) } - /** Holds if specification component `c` parses as argument `n`. */ + /** Holds if specification component `token` parses as argument `pos`. */ predicate parseArg(AccessPathToken token, ParameterPosition pos) { token.getName() = "Argument" and pos = parseArgBody(token.getAnArgument()) } + /** Holds if specification component `token` parses as synthetic global `sg`. */ + predicate parseSynthGlobal(AccessPathToken token, string sg) { + token.getName() = "SyntheticGlobal" and + sg = token.getAnArgument() + } + + private class SyntheticGlobalFromAccessPath extends SummaryComponent::SyntheticGlobal { + SyntheticGlobalFromAccessPath() { parseSynthGlobal(_, this) } + } + private SummaryComponent interpretComponent(AccessPathToken token) { exists(ParameterPosition pos | parseArg(token, pos) and result = SummaryComponent::argument(pos) @@ -894,6 +941,10 @@ module Private { or token = "ReturnValue" and result = SummaryComponent::return(getReturnValueKind()) or + exists(string sg | + parseSynthGlobal(token, sg) and result = SummaryComponent::syntheticGlobal(sg) + ) + or result = interpretComponentSpecific(token) } diff --git a/swift/ql/lib/codeql/swift/dataflow/internal/FlowSummaryImplSpecific.qll b/swift/ql/lib/codeql/swift/dataflow/internal/FlowSummaryImplSpecific.qll index fddedcbbf85..5c3b0643ede 100644 --- a/swift/ql/lib/codeql/swift/dataflow/internal/FlowSummaryImplSpecific.qll +++ b/swift/ql/lib/codeql/swift/dataflow/internal/FlowSummaryImplSpecific.qll @@ -51,6 +51,9 @@ DataFlowType getCallbackReturnType(DataFlowType t, ReturnKind rk) { any() // TODO once we have type pruning } +/** Gets the type of synthetic global `sg`. */ +DataFlowType getSyntheticGlobalType(SummaryComponent::SyntheticGlobal sg) { any() } + /** * Holds if an external flow summary exists for `c` with input specification * `input`, output specification `output`, kind `kind`, and a flag `generated` diff --git a/swift/ql/lib/codeql/swift/dataflow/internal/TaintTrackingPrivate.qll b/swift/ql/lib/codeql/swift/dataflow/internal/TaintTrackingPrivate.qll index c2fccb5a3f6..cd38648aef9 100644 --- a/swift/ql/lib/codeql/swift/dataflow/internal/TaintTrackingPrivate.qll +++ b/swift/ql/lib/codeql/swift/dataflow/internal/TaintTrackingPrivate.qll @@ -2,6 +2,7 @@ private import swift private import DataFlowPrivate private import TaintTrackingPublic private import codeql.swift.dataflow.DataFlow +private import codeql.swift.dataflow.FlowSteps private import codeql.swift.dataflow.Ssa private import codeql.swift.controlflow.CfgNodes private import FlowSummaryImpl as FlowSummaryImpl @@ -49,6 +50,18 @@ private module Cached { ae.getType().getName() = "String" ) or + // flow through a subscript access + exists(SubscriptExpr se | + se.getBase() = nodeFrom.asExpr() and + se = nodeTo.asExpr() + ) + or + // flow through the read of a content that inherits taint + exists(DataFlow::ContentSet f | + readStep(nodeFrom, f, nodeTo) and + f.getAReadContent() instanceof TaintInheritingContent + ) + or // flow through a flow summary (extension of `SummaryModelCsv`) FlowSummaryImpl::Private::Steps::summaryLocalStep(nodeFrom, nodeTo, false) } diff --git a/swift/ql/lib/codeql/swift/elements/AstNode.qll b/swift/ql/lib/codeql/swift/elements/AstNode.qll index 33b4da963b7..e6dca824a21 100644 --- a/swift/ql/lib/codeql/swift/elements/AstNode.qll +++ b/swift/ql/lib/codeql/swift/elements/AstNode.qll @@ -23,7 +23,7 @@ private module Cached { } } -class AstNode extends AstNodeBase { +class AstNode extends Generated::AstNode { final AbstractFunctionDecl getEnclosingFunction() { result = Cached::getEnclosingFunction(this) } final Decl getEnclosingDecl() { result = Cached::getEnclosingDecl(this) } diff --git a/swift/ql/lib/codeql/swift/elements/Callable.qll b/swift/ql/lib/codeql/swift/elements/Callable.qll index 75ed775e0a5..66a105e23e2 100644 --- a/swift/ql/lib/codeql/swift/elements/Callable.qll +++ b/swift/ql/lib/codeql/swift/elements/Callable.qll @@ -1,4 +1,4 @@ private import codeql.swift.generated.Callable private import codeql.swift.elements.AstNode -class Callable extends CallableBase, AstNode { } +class Callable extends Generated::Callable, AstNode { } diff --git a/swift/ql/lib/codeql/swift/elements/Comment.qll b/swift/ql/lib/codeql/swift/elements/Comment.qll index a0defd99ea2..b6dd7cd4545 100644 --- a/swift/ql/lib/codeql/swift/elements/Comment.qll +++ b/swift/ql/lib/codeql/swift/elements/Comment.qll @@ -1,6 +1,6 @@ private import codeql.swift.generated.Comment -class Comment extends CommentBase { +class Comment extends Generated::Comment { /** toString */ override string toString() { result = this.getText() } } diff --git a/swift/ql/lib/codeql/swift/elements/DbFile.qll b/swift/ql/lib/codeql/swift/elements/DbFile.qll index 7f989b31262..e659a9f1c00 100644 --- a/swift/ql/lib/codeql/swift/elements/DbFile.qll +++ b/swift/ql/lib/codeql/swift/elements/DbFile.qll @@ -1,4 +1,4 @@ // generated by codegen/codegen.py, remove this comment if you wish to edit this file private import codeql.swift.generated.DbFile -class DbFile extends DbFileBase { } +class DbFile extends Generated::DbFile { } diff --git a/swift/ql/lib/codeql/swift/elements/DbLocation.qll b/swift/ql/lib/codeql/swift/elements/DbLocation.qll index ae793f789e2..1fb4f7e5fcf 100644 --- a/swift/ql/lib/codeql/swift/elements/DbLocation.qll +++ b/swift/ql/lib/codeql/swift/elements/DbLocation.qll @@ -1,4 +1,4 @@ // generated by codegen/codegen.py, remove this comment if you wish to edit this file private import codeql.swift.generated.DbLocation -class DbLocation extends DbLocationBase { } +class DbLocation extends Generated::DbLocation { } diff --git a/swift/ql/lib/codeql/swift/elements/Element.qll b/swift/ql/lib/codeql/swift/elements/Element.qll index 1e65747c0d6..394d1caab3b 100644 --- a/swift/ql/lib/codeql/swift/elements/Element.qll +++ b/swift/ql/lib/codeql/swift/elements/Element.qll @@ -1,6 +1,6 @@ private import codeql.swift.generated.Element -class Element extends ElementBase { +class Element extends Generated::Element { private predicate resolvesFrom(Element e) { e.getResolveStep() = this } override string toString() { result = this.getPrimaryQlClasses() } diff --git a/swift/ql/lib/codeql/swift/elements/File.qll b/swift/ql/lib/codeql/swift/elements/File.qll index 5b9555569ac..1c47cd163c2 100644 --- a/swift/ql/lib/codeql/swift/elements/File.qll +++ b/swift/ql/lib/codeql/swift/elements/File.qll @@ -1,6 +1,6 @@ private import codeql.swift.generated.File -class File extends FileBase { +class File extends Generated::File { /** toString */ override string toString() { result = this.getAbsolutePath() } diff --git a/swift/ql/lib/codeql/swift/elements/Locatable.qll b/swift/ql/lib/codeql/swift/elements/Locatable.qll index 2dc0a07cc46..29648f70dfb 100644 --- a/swift/ql/lib/codeql/swift/elements/Locatable.qll +++ b/swift/ql/lib/codeql/swift/elements/Locatable.qll @@ -2,12 +2,13 @@ private import codeql.swift.generated.Locatable private import codeql.swift.elements.File private import codeql.swift.elements.UnknownLocation -class Locatable extends LocatableBase { +class Locatable extends Generated::Locatable { pragma[nomagic] override Location getImmediateLocation() { - result = LocatableBase.super.getImmediateLocation() + result = Generated::Locatable.super.getImmediateLocation() or - not exists(LocatableBase.super.getImmediateLocation()) and result instanceof UnknownLocation + not exists(Generated::Locatable.super.getImmediateLocation()) and + result instanceof UnknownLocation } /** diff --git a/swift/ql/lib/codeql/swift/elements/Location.qll b/swift/ql/lib/codeql/swift/elements/Location.qll index f5943426e58..6d4f3138a17 100644 --- a/swift/ql/lib/codeql/swift/elements/Location.qll +++ b/swift/ql/lib/codeql/swift/elements/Location.qll @@ -1,11 +1,28 @@ private import codeql.swift.generated.Location -class Location extends LocationBase { - predicate hasLocationInfo(string path, int sl, int sc, int el, int ec) { - path = getFile().getFullName() and - sl = getStartLine() and - sc = getStartColumn() and - el = getEndLine() and - ec = getEndColumn() +/** + * A location of a program element. + */ +class Location extends Generated::Location { + /** + * Holds if this location is described by `path`, `startLine`, `startColumn`, `endLine` and `endColumn`. + */ + predicate hasLocationInfo(string path, int startLine, int startColumn, int endLine, int endColumn) { + path = this.getFile().getFullName() and + startLine = this.getStartLine() and + startColumn = this.getStartColumn() and + endLine = this.getEndLine() and + endColumn = this.getEndColumn() + } + + /** + * Gets a textual representation of this location. + */ + override string toString() { + exists(string filePath, int startLine, int startColumn, int endLine, int endColumn | + this.hasLocationInfo(filePath, startLine, startColumn, endLine, endColumn) + | + toUrl(filePath, startLine, startColumn, endLine, endColumn, result) + ) } } diff --git a/swift/ql/lib/codeql/swift/elements/UnknownFile.qll b/swift/ql/lib/codeql/swift/elements/UnknownFile.qll index 5db043aed2e..796c29de6ac 100644 --- a/swift/ql/lib/codeql/swift/elements/UnknownFile.qll +++ b/swift/ql/lib/codeql/swift/elements/UnknownFile.qll @@ -1,5 +1,5 @@ private import codeql.swift.generated.UnknownFile -class UnknownFile extends UnknownFileBase { +class UnknownFile extends Generated::UnknownFile { override string getName() { result = "" } } diff --git a/swift/ql/lib/codeql/swift/elements/UnknownLocation.qll b/swift/ql/lib/codeql/swift/elements/UnknownLocation.qll index 33ee5e47d4f..b97ef6e4e8f 100644 --- a/swift/ql/lib/codeql/swift/elements/UnknownLocation.qll +++ b/swift/ql/lib/codeql/swift/elements/UnknownLocation.qll @@ -2,7 +2,10 @@ private import codeql.swift.generated.UnknownLocation private import codeql.swift.elements.UnknownFile private import codeql.swift.elements.File -class UnknownLocation extends UnknownLocationBase { +/** + * A `Location` that is given to something that is not associated with any position in the source code. + */ +class UnknownLocation extends Generated::UnknownLocation { override File getImmediateFile() { result instanceof UnknownFile } override int getStartLine() { result = 0 } @@ -12,4 +15,6 @@ class UnknownLocation extends UnknownLocationBase { override int getEndLine() { result = 0 } override int getEndColumn() { result = 0 } + + override string toString() { result = "UnknownLocation" } } diff --git a/swift/ql/lib/codeql/swift/elements/UnresolvedElement.qll b/swift/ql/lib/codeql/swift/elements/UnresolvedElement.qll index 0621ab6d599..06456d4c28c 100644 --- a/swift/ql/lib/codeql/swift/elements/UnresolvedElement.qll +++ b/swift/ql/lib/codeql/swift/elements/UnresolvedElement.qll @@ -1,4 +1,4 @@ // generated by codegen/codegen.py, remove this comment if you wish to edit this file private import codeql.swift.generated.UnresolvedElement -class UnresolvedElement extends UnresolvedElementBase { } +class UnresolvedElement extends Generated::UnresolvedElement { } diff --git a/swift/ql/lib/codeql/swift/elements/decl/AbstractFunctionDecl.qll b/swift/ql/lib/codeql/swift/elements/decl/AbstractFunctionDecl.qll index 514cec194fc..5d5629f5e72 100644 --- a/swift/ql/lib/codeql/swift/elements/decl/AbstractFunctionDecl.qll +++ b/swift/ql/lib/codeql/swift/elements/decl/AbstractFunctionDecl.qll @@ -1,5 +1,5 @@ private import codeql.swift.generated.decl.AbstractFunctionDecl -class AbstractFunctionDecl extends AbstractFunctionDeclBase { +class AbstractFunctionDecl extends Generated::AbstractFunctionDecl { override string toString() { result = this.getName() } } diff --git a/swift/ql/lib/codeql/swift/elements/decl/AbstractStorageDecl.qll b/swift/ql/lib/codeql/swift/elements/decl/AbstractStorageDecl.qll index fe8b86cfffe..a45ebb28175 100644 --- a/swift/ql/lib/codeql/swift/elements/decl/AbstractStorageDecl.qll +++ b/swift/ql/lib/codeql/swift/elements/decl/AbstractStorageDecl.qll @@ -1,4 +1,4 @@ // generated by codegen/codegen.py, remove this comment if you wish to edit this file private import codeql.swift.generated.decl.AbstractStorageDecl -class AbstractStorageDecl extends AbstractStorageDeclBase { } +class AbstractStorageDecl extends Generated::AbstractStorageDecl { } diff --git a/swift/ql/lib/codeql/swift/elements/decl/AbstractTypeParamDecl.qll b/swift/ql/lib/codeql/swift/elements/decl/AbstractTypeParamDecl.qll index 3322e13eac5..01484fac8da 100644 --- a/swift/ql/lib/codeql/swift/elements/decl/AbstractTypeParamDecl.qll +++ b/swift/ql/lib/codeql/swift/elements/decl/AbstractTypeParamDecl.qll @@ -1,4 +1,4 @@ // generated by codegen/codegen.py, remove this comment if you wish to edit this file private import codeql.swift.generated.decl.AbstractTypeParamDecl -class AbstractTypeParamDecl extends AbstractTypeParamDeclBase { } +class AbstractTypeParamDecl extends Generated::AbstractTypeParamDecl { } diff --git a/swift/ql/lib/codeql/swift/elements/decl/AccessorDecl.qll b/swift/ql/lib/codeql/swift/elements/decl/AccessorDecl.qll index bd1fb6b2998..da91edb6810 100644 --- a/swift/ql/lib/codeql/swift/elements/decl/AccessorDecl.qll +++ b/swift/ql/lib/codeql/swift/elements/decl/AccessorDecl.qll @@ -10,7 +10,7 @@ private predicate isKnownAccessorKind(AccessorDecl decl, string kind) { decl.isDidSet() and kind = "didSet" } -class AccessorDecl extends AccessorDeclBase { +class AccessorDecl extends Generated::AccessorDecl { predicate isPropertyObserver() { this instanceof WillSetObserver or this instanceof DidSetObserver } diff --git a/swift/ql/lib/codeql/swift/elements/decl/AssociatedTypeDecl.qll b/swift/ql/lib/codeql/swift/elements/decl/AssociatedTypeDecl.qll index a41344f4976..d3bb44152e7 100644 --- a/swift/ql/lib/codeql/swift/elements/decl/AssociatedTypeDecl.qll +++ b/swift/ql/lib/codeql/swift/elements/decl/AssociatedTypeDecl.qll @@ -1,4 +1,4 @@ // generated by codegen/codegen.py, remove this comment if you wish to edit this file private import codeql.swift.generated.decl.AssociatedTypeDecl -class AssociatedTypeDecl extends AssociatedTypeDeclBase { } +class AssociatedTypeDecl extends Generated::AssociatedTypeDecl { } diff --git a/swift/ql/lib/codeql/swift/elements/decl/ClassDecl.qll b/swift/ql/lib/codeql/swift/elements/decl/ClassDecl.qll index b33658a3bdf..c47047c7198 100644 --- a/swift/ql/lib/codeql/swift/elements/decl/ClassDecl.qll +++ b/swift/ql/lib/codeql/swift/elements/decl/ClassDecl.qll @@ -1,4 +1,4 @@ // generated by codegen/codegen.py, remove this comment if you wish to edit this file private import codeql.swift.generated.decl.ClassDecl -class ClassDecl extends ClassDeclBase { } +class ClassDecl extends Generated::ClassDecl { } diff --git a/swift/ql/lib/codeql/swift/elements/decl/ConcreteFuncDecl.qll b/swift/ql/lib/codeql/swift/elements/decl/ConcreteFuncDecl.qll index e0931ab8d0c..b3f71701748 100644 --- a/swift/ql/lib/codeql/swift/elements/decl/ConcreteFuncDecl.qll +++ b/swift/ql/lib/codeql/swift/elements/decl/ConcreteFuncDecl.qll @@ -1,4 +1,4 @@ // generated by codegen/codegen.py, remove this comment if you wish to edit this file private import codeql.swift.generated.decl.ConcreteFuncDecl -class ConcreteFuncDecl extends ConcreteFuncDeclBase { } +class ConcreteFuncDecl extends Generated::ConcreteFuncDecl { } diff --git a/swift/ql/lib/codeql/swift/elements/decl/ConcreteVarDecl.qll b/swift/ql/lib/codeql/swift/elements/decl/ConcreteVarDecl.qll index dee1770e906..6d1a928ce2c 100644 --- a/swift/ql/lib/codeql/swift/elements/decl/ConcreteVarDecl.qll +++ b/swift/ql/lib/codeql/swift/elements/decl/ConcreteVarDecl.qll @@ -1,4 +1,4 @@ // generated by codegen/codegen.py, remove this comment if you wish to edit this file private import codeql.swift.generated.decl.ConcreteVarDecl -class ConcreteVarDecl extends ConcreteVarDeclBase { } +class ConcreteVarDecl extends Generated::ConcreteVarDecl { } diff --git a/swift/ql/lib/codeql/swift/elements/decl/ConstructorDecl.qll b/swift/ql/lib/codeql/swift/elements/decl/ConstructorDecl.qll index 375eff6acc3..5905cf11cf6 100644 --- a/swift/ql/lib/codeql/swift/elements/decl/ConstructorDecl.qll +++ b/swift/ql/lib/codeql/swift/elements/decl/ConstructorDecl.qll @@ -1,4 +1,4 @@ // generated by codegen/codegen.py, remove this comment if you wish to edit this file private import codeql.swift.generated.decl.ConstructorDecl -class ConstructorDecl extends ConstructorDeclBase { } +class ConstructorDecl extends Generated::ConstructorDecl { } diff --git a/swift/ql/lib/codeql/swift/elements/decl/Decl.qll b/swift/ql/lib/codeql/swift/elements/decl/Decl.qll index 44d3571ad8f..3b440878dae 100644 --- a/swift/ql/lib/codeql/swift/elements/decl/Decl.qll +++ b/swift/ql/lib/codeql/swift/elements/decl/Decl.qll @@ -1,4 +1,4 @@ // generated by codegen/codegen.py, remove this comment if you wish to edit this file private import codeql.swift.generated.decl.Decl -class Decl extends DeclBase { } +class Decl extends Generated::Decl { } diff --git a/swift/ql/lib/codeql/swift/elements/decl/DestructorDecl.qll b/swift/ql/lib/codeql/swift/elements/decl/DestructorDecl.qll index 8cc68eaf7c8..fd331fb9be5 100644 --- a/swift/ql/lib/codeql/swift/elements/decl/DestructorDecl.qll +++ b/swift/ql/lib/codeql/swift/elements/decl/DestructorDecl.qll @@ -1,4 +1,4 @@ // generated by codegen/codegen.py, remove this comment if you wish to edit this file private import codeql.swift.generated.decl.DestructorDecl -class DestructorDecl extends DestructorDeclBase { } +class DestructorDecl extends Generated::DestructorDecl { } diff --git a/swift/ql/lib/codeql/swift/elements/decl/EnumCaseDecl.qll b/swift/ql/lib/codeql/swift/elements/decl/EnumCaseDecl.qll index d7aab6d9fe1..4533adf2d85 100644 --- a/swift/ql/lib/codeql/swift/elements/decl/EnumCaseDecl.qll +++ b/swift/ql/lib/codeql/swift/elements/decl/EnumCaseDecl.qll @@ -1,5 +1,5 @@ private import codeql.swift.generated.decl.EnumCaseDecl -class EnumCaseDecl extends EnumCaseDeclBase { +class EnumCaseDecl extends Generated::EnumCaseDecl { override string toString() { result = "case ..." } } diff --git a/swift/ql/lib/codeql/swift/elements/decl/EnumDecl.qll b/swift/ql/lib/codeql/swift/elements/decl/EnumDecl.qll index 0c4ec1ca849..f7c42dc9a2f 100644 --- a/swift/ql/lib/codeql/swift/elements/decl/EnumDecl.qll +++ b/swift/ql/lib/codeql/swift/elements/decl/EnumDecl.qll @@ -1,4 +1,4 @@ // generated by codegen/codegen.py, remove this comment if you wish to edit this file private import codeql.swift.generated.decl.EnumDecl -class EnumDecl extends EnumDeclBase { } +class EnumDecl extends Generated::EnumDecl { } diff --git a/swift/ql/lib/codeql/swift/elements/decl/EnumElementDecl.qll b/swift/ql/lib/codeql/swift/elements/decl/EnumElementDecl.qll index 965e0b3efdd..4d99dc4726f 100644 --- a/swift/ql/lib/codeql/swift/elements/decl/EnumElementDecl.qll +++ b/swift/ql/lib/codeql/swift/elements/decl/EnumElementDecl.qll @@ -1,5 +1,5 @@ private import codeql.swift.generated.decl.EnumElementDecl -class EnumElementDecl extends EnumElementDeclBase { +class EnumElementDecl extends Generated::EnumElementDecl { override string toString() { result = this.getName() } } diff --git a/swift/ql/lib/codeql/swift/elements/decl/ExtensionDecl.qll b/swift/ql/lib/codeql/swift/elements/decl/ExtensionDecl.qll index ce9e10da1af..b8cb7ffc0d8 100644 --- a/swift/ql/lib/codeql/swift/elements/decl/ExtensionDecl.qll +++ b/swift/ql/lib/codeql/swift/elements/decl/ExtensionDecl.qll @@ -1,6 +1,6 @@ private import codeql.swift.generated.decl.ExtensionDecl -class ExtensionDecl extends ExtensionDeclBase { +class ExtensionDecl extends Generated::ExtensionDecl { override string toString() { result = "extension" // TODO: Once we extract the name of this one we can provide a better `toString`. } diff --git a/swift/ql/lib/codeql/swift/elements/decl/FuncDecl.qll b/swift/ql/lib/codeql/swift/elements/decl/FuncDecl.qll index 0e4907105fd..194f61138f7 100644 --- a/swift/ql/lib/codeql/swift/elements/decl/FuncDecl.qll +++ b/swift/ql/lib/codeql/swift/elements/decl/FuncDecl.qll @@ -1,4 +1,4 @@ // generated by codegen/codegen.py, remove this comment if you wish to edit this file private import codeql.swift.generated.decl.FuncDecl -class FuncDecl extends FuncDeclBase { } +class FuncDecl extends Generated::FuncDecl { } diff --git a/swift/ql/lib/codeql/swift/elements/decl/GenericContext.qll b/swift/ql/lib/codeql/swift/elements/decl/GenericContext.qll index 2d0e58efdac..5370eaf8e4e 100644 --- a/swift/ql/lib/codeql/swift/elements/decl/GenericContext.qll +++ b/swift/ql/lib/codeql/swift/elements/decl/GenericContext.qll @@ -1,4 +1,4 @@ // generated by codegen/codegen.py, remove this comment if you wish to edit this file private import codeql.swift.generated.decl.GenericContext -class GenericContext extends GenericContextBase { } +class GenericContext extends Generated::GenericContext { } diff --git a/swift/ql/lib/codeql/swift/elements/decl/GenericTypeDecl.qll b/swift/ql/lib/codeql/swift/elements/decl/GenericTypeDecl.qll index 803f94da007..0c3df316c0a 100644 --- a/swift/ql/lib/codeql/swift/elements/decl/GenericTypeDecl.qll +++ b/swift/ql/lib/codeql/swift/elements/decl/GenericTypeDecl.qll @@ -1,4 +1,4 @@ // generated by codegen/codegen.py, remove this comment if you wish to edit this file private import codeql.swift.generated.decl.GenericTypeDecl -class GenericTypeDecl extends GenericTypeDeclBase { } +class GenericTypeDecl extends Generated::GenericTypeDecl { } diff --git a/swift/ql/lib/codeql/swift/elements/decl/GenericTypeParamDecl.qll b/swift/ql/lib/codeql/swift/elements/decl/GenericTypeParamDecl.qll index 3746c20dc2d..292f48fff13 100644 --- a/swift/ql/lib/codeql/swift/elements/decl/GenericTypeParamDecl.qll +++ b/swift/ql/lib/codeql/swift/elements/decl/GenericTypeParamDecl.qll @@ -1,4 +1,4 @@ // generated by codegen/codegen.py, remove this comment if you wish to edit this file private import codeql.swift.generated.decl.GenericTypeParamDecl -class GenericTypeParamDecl extends GenericTypeParamDeclBase { } +class GenericTypeParamDecl extends Generated::GenericTypeParamDecl { } diff --git a/swift/ql/lib/codeql/swift/elements/decl/IfConfigDecl.qll b/swift/ql/lib/codeql/swift/elements/decl/IfConfigDecl.qll index 6fe6302658c..d5f825c31f2 100644 --- a/swift/ql/lib/codeql/swift/elements/decl/IfConfigDecl.qll +++ b/swift/ql/lib/codeql/swift/elements/decl/IfConfigDecl.qll @@ -1,5 +1,5 @@ private import codeql.swift.generated.decl.IfConfigDecl -class IfConfigDecl extends IfConfigDeclBase { +class IfConfigDecl extends Generated::IfConfigDecl { override string toString() { result = "#if ..." } } diff --git a/swift/ql/lib/codeql/swift/elements/decl/ImportDecl.qll b/swift/ql/lib/codeql/swift/elements/decl/ImportDecl.qll index db687ecfad8..08f5820f103 100644 --- a/swift/ql/lib/codeql/swift/elements/decl/ImportDecl.qll +++ b/swift/ql/lib/codeql/swift/elements/decl/ImportDecl.qll @@ -1,5 +1,5 @@ private import codeql.swift.generated.decl.ImportDecl -class ImportDecl extends ImportDeclBase { +class ImportDecl extends Generated::ImportDecl { override string toString() { result = "import ..." } } diff --git a/swift/ql/lib/codeql/swift/elements/decl/InfixOperatorDecl.qll b/swift/ql/lib/codeql/swift/elements/decl/InfixOperatorDecl.qll index 5bbf9052ada..e6c761923a3 100644 --- a/swift/ql/lib/codeql/swift/elements/decl/InfixOperatorDecl.qll +++ b/swift/ql/lib/codeql/swift/elements/decl/InfixOperatorDecl.qll @@ -1,4 +1,4 @@ // generated by codegen/codegen.py, remove this comment if you wish to edit this file private import codeql.swift.generated.decl.InfixOperatorDecl -class InfixOperatorDecl extends InfixOperatorDeclBase { } +class InfixOperatorDecl extends Generated::InfixOperatorDecl { } diff --git a/swift/ql/lib/codeql/swift/elements/decl/IterableDeclContext.qll b/swift/ql/lib/codeql/swift/elements/decl/IterableDeclContext.qll index 9b5a843933b..6848baecd51 100644 --- a/swift/ql/lib/codeql/swift/elements/decl/IterableDeclContext.qll +++ b/swift/ql/lib/codeql/swift/elements/decl/IterableDeclContext.qll @@ -1,4 +1,4 @@ // generated by codegen/codegen.py, remove this comment if you wish to edit this file private import codeql.swift.generated.decl.IterableDeclContext -class IterableDeclContext extends IterableDeclContextBase { } +class IterableDeclContext extends Generated::IterableDeclContext { } diff --git a/swift/ql/lib/codeql/swift/elements/decl/MissingMemberDecl.qll b/swift/ql/lib/codeql/swift/elements/decl/MissingMemberDecl.qll index 438469db09a..9c69eff103c 100644 --- a/swift/ql/lib/codeql/swift/elements/decl/MissingMemberDecl.qll +++ b/swift/ql/lib/codeql/swift/elements/decl/MissingMemberDecl.qll @@ -1,4 +1,4 @@ // generated by codegen/codegen.py, remove this comment if you wish to edit this file private import codeql.swift.generated.decl.MissingMemberDecl -class MissingMemberDecl extends MissingMemberDeclBase { } +class MissingMemberDecl extends Generated::MissingMemberDecl { } diff --git a/swift/ql/lib/codeql/swift/elements/decl/ModuleDecl.qll b/swift/ql/lib/codeql/swift/elements/decl/ModuleDecl.qll index de44db5c958..bc01a6455a4 100644 --- a/swift/ql/lib/codeql/swift/elements/decl/ModuleDecl.qll +++ b/swift/ql/lib/codeql/swift/elements/decl/ModuleDecl.qll @@ -1,4 +1,4 @@ // generated by codegen/codegen.py, remove this comment if you wish to edit this file private import codeql.swift.generated.decl.ModuleDecl -class ModuleDecl extends ModuleDeclBase { } +class ModuleDecl extends Generated::ModuleDecl { } diff --git a/swift/ql/lib/codeql/swift/elements/decl/NominalTypeDecl.qll b/swift/ql/lib/codeql/swift/elements/decl/NominalTypeDecl.qll index c2d15066455..c05cac56367 100644 --- a/swift/ql/lib/codeql/swift/elements/decl/NominalTypeDecl.qll +++ b/swift/ql/lib/codeql/swift/elements/decl/NominalTypeDecl.qll @@ -1,4 +1,4 @@ // generated by codegen/codegen.py, remove this comment if you wish to edit this file private import codeql.swift.generated.decl.NominalTypeDecl -class NominalTypeDecl extends NominalTypeDeclBase { } +class NominalTypeDecl extends Generated::NominalTypeDecl { } diff --git a/swift/ql/lib/codeql/swift/elements/decl/OpaqueTypeDecl.qll b/swift/ql/lib/codeql/swift/elements/decl/OpaqueTypeDecl.qll index 32fd223f247..1930b649fe7 100644 --- a/swift/ql/lib/codeql/swift/elements/decl/OpaqueTypeDecl.qll +++ b/swift/ql/lib/codeql/swift/elements/decl/OpaqueTypeDecl.qll @@ -1,4 +1,4 @@ // generated by codegen/codegen.py, remove this comment if you wish to edit this file private import codeql.swift.generated.decl.OpaqueTypeDecl -class OpaqueTypeDecl extends OpaqueTypeDeclBase { } +class OpaqueTypeDecl extends Generated::OpaqueTypeDecl { } diff --git a/swift/ql/lib/codeql/swift/elements/decl/OperatorDecl.qll b/swift/ql/lib/codeql/swift/elements/decl/OperatorDecl.qll index 592cdf4fd50..b5e13c9f2ac 100644 --- a/swift/ql/lib/codeql/swift/elements/decl/OperatorDecl.qll +++ b/swift/ql/lib/codeql/swift/elements/decl/OperatorDecl.qll @@ -1,5 +1,5 @@ private import codeql.swift.generated.decl.OperatorDecl -class OperatorDecl extends OperatorDeclBase { +class OperatorDecl extends Generated::OperatorDecl { override string toString() { result = this.getName() } } diff --git a/swift/ql/lib/codeql/swift/elements/decl/ParamDecl.qll b/swift/ql/lib/codeql/swift/elements/decl/ParamDecl.qll index b0b48f98b36..93b749d9881 100644 --- a/swift/ql/lib/codeql/swift/elements/decl/ParamDecl.qll +++ b/swift/ql/lib/codeql/swift/elements/decl/ParamDecl.qll @@ -1,7 +1,7 @@ private import codeql.swift.generated.decl.ParamDecl private import codeql.swift.elements.Callable -class ParamDecl extends ParamDeclBase { +class ParamDecl extends Generated::ParamDecl { /** Gets the function which declares this parameter. */ Callable getDeclaringFunction() { result.getAParam() = this } diff --git a/swift/ql/lib/codeql/swift/elements/decl/PatternBindingDecl.qll b/swift/ql/lib/codeql/swift/elements/decl/PatternBindingDecl.qll index 6bf9c021224..b8b04651684 100644 --- a/swift/ql/lib/codeql/swift/elements/decl/PatternBindingDecl.qll +++ b/swift/ql/lib/codeql/swift/elements/decl/PatternBindingDecl.qll @@ -1,5 +1,5 @@ private import codeql.swift.generated.decl.PatternBindingDecl -class PatternBindingDecl extends PatternBindingDeclBase { +class PatternBindingDecl extends Generated::PatternBindingDecl { override string toString() { result = "var ... = ..." } } diff --git a/swift/ql/lib/codeql/swift/elements/decl/PostfixOperatorDecl.qll b/swift/ql/lib/codeql/swift/elements/decl/PostfixOperatorDecl.qll index a41c0358fa5..e4c19da54ef 100644 --- a/swift/ql/lib/codeql/swift/elements/decl/PostfixOperatorDecl.qll +++ b/swift/ql/lib/codeql/swift/elements/decl/PostfixOperatorDecl.qll @@ -1,4 +1,4 @@ // generated by codegen/codegen.py, remove this comment if you wish to edit this file private import codeql.swift.generated.decl.PostfixOperatorDecl -class PostfixOperatorDecl extends PostfixOperatorDeclBase { } +class PostfixOperatorDecl extends Generated::PostfixOperatorDecl { } diff --git a/swift/ql/lib/codeql/swift/elements/decl/PoundDiagnosticDecl.qll b/swift/ql/lib/codeql/swift/elements/decl/PoundDiagnosticDecl.qll index e80a0770dac..a6e0f43a378 100644 --- a/swift/ql/lib/codeql/swift/elements/decl/PoundDiagnosticDecl.qll +++ b/swift/ql/lib/codeql/swift/elements/decl/PoundDiagnosticDecl.qll @@ -1,6 +1,6 @@ private import codeql.swift.generated.decl.PoundDiagnosticDecl -class PoundDiagnosticDecl extends PoundDiagnosticDeclBase { +class PoundDiagnosticDecl extends Generated::PoundDiagnosticDecl { override string toString() { result = "#..." // TODO: Once we extract whether this is an error or a warning we can improve this. } diff --git a/swift/ql/lib/codeql/swift/elements/decl/PrecedenceGroupDecl.qll b/swift/ql/lib/codeql/swift/elements/decl/PrecedenceGroupDecl.qll index b2e59fcb896..a3dfce6c510 100644 --- a/swift/ql/lib/codeql/swift/elements/decl/PrecedenceGroupDecl.qll +++ b/swift/ql/lib/codeql/swift/elements/decl/PrecedenceGroupDecl.qll @@ -1,6 +1,6 @@ private import codeql.swift.generated.decl.PrecedenceGroupDecl -class PrecedenceGroupDecl extends PrecedenceGroupDeclBase { +class PrecedenceGroupDecl extends Generated::PrecedenceGroupDecl { override string toString() { result = "precedencegroup ..." // TODO: Once we extract the name we can improve this. } diff --git a/swift/ql/lib/codeql/swift/elements/decl/PrefixOperatorDecl.qll b/swift/ql/lib/codeql/swift/elements/decl/PrefixOperatorDecl.qll index ec64d3652e4..bd197eef454 100644 --- a/swift/ql/lib/codeql/swift/elements/decl/PrefixOperatorDecl.qll +++ b/swift/ql/lib/codeql/swift/elements/decl/PrefixOperatorDecl.qll @@ -1,4 +1,4 @@ // generated by codegen/codegen.py, remove this comment if you wish to edit this file private import codeql.swift.generated.decl.PrefixOperatorDecl -class PrefixOperatorDecl extends PrefixOperatorDeclBase { } +class PrefixOperatorDecl extends Generated::PrefixOperatorDecl { } diff --git a/swift/ql/lib/codeql/swift/elements/decl/ProtocolDecl.qll b/swift/ql/lib/codeql/swift/elements/decl/ProtocolDecl.qll index 9fc5d10d8e1..b1154231bd9 100644 --- a/swift/ql/lib/codeql/swift/elements/decl/ProtocolDecl.qll +++ b/swift/ql/lib/codeql/swift/elements/decl/ProtocolDecl.qll @@ -1,4 +1,4 @@ // generated by codegen/codegen.py, remove this comment if you wish to edit this file private import codeql.swift.generated.decl.ProtocolDecl -class ProtocolDecl extends ProtocolDeclBase { } +class ProtocolDecl extends Generated::ProtocolDecl { } diff --git a/swift/ql/lib/codeql/swift/elements/decl/StructDecl.qll b/swift/ql/lib/codeql/swift/elements/decl/StructDecl.qll index 71d55a033ee..c0428dd0a77 100644 --- a/swift/ql/lib/codeql/swift/elements/decl/StructDecl.qll +++ b/swift/ql/lib/codeql/swift/elements/decl/StructDecl.qll @@ -1,4 +1,4 @@ // generated by codegen/codegen.py, remove this comment if you wish to edit this file private import codeql.swift.generated.decl.StructDecl -class StructDecl extends StructDeclBase { } +class StructDecl extends Generated::StructDecl { } diff --git a/swift/ql/lib/codeql/swift/elements/decl/SubscriptDecl.qll b/swift/ql/lib/codeql/swift/elements/decl/SubscriptDecl.qll index 2da63cfb986..3cb0e844989 100644 --- a/swift/ql/lib/codeql/swift/elements/decl/SubscriptDecl.qll +++ b/swift/ql/lib/codeql/swift/elements/decl/SubscriptDecl.qll @@ -1,5 +1,5 @@ private import codeql.swift.generated.decl.SubscriptDecl -class SubscriptDecl extends SubscriptDeclBase { +class SubscriptDecl extends Generated::SubscriptDecl { override string toString() { result = "subscript ..." } } diff --git a/swift/ql/lib/codeql/swift/elements/decl/TopLevelCodeDecl.qll b/swift/ql/lib/codeql/swift/elements/decl/TopLevelCodeDecl.qll index a84dfec4dc0..cf421c65b39 100644 --- a/swift/ql/lib/codeql/swift/elements/decl/TopLevelCodeDecl.qll +++ b/swift/ql/lib/codeql/swift/elements/decl/TopLevelCodeDecl.qll @@ -1,5 +1,5 @@ private import codeql.swift.generated.decl.TopLevelCodeDecl -class TopLevelCodeDecl extends TopLevelCodeDeclBase { +class TopLevelCodeDecl extends Generated::TopLevelCodeDecl { override string toString() { result = this.getBody().toString() } } diff --git a/swift/ql/lib/codeql/swift/elements/decl/TypeAliasDecl.qll b/swift/ql/lib/codeql/swift/elements/decl/TypeAliasDecl.qll index f3f761ebc57..015ee32349e 100644 --- a/swift/ql/lib/codeql/swift/elements/decl/TypeAliasDecl.qll +++ b/swift/ql/lib/codeql/swift/elements/decl/TypeAliasDecl.qll @@ -1,4 +1,4 @@ // generated by codegen/codegen.py, remove this comment if you wish to edit this file private import codeql.swift.generated.decl.TypeAliasDecl -class TypeAliasDecl extends TypeAliasDeclBase { } +class TypeAliasDecl extends Generated::TypeAliasDecl { } diff --git a/swift/ql/lib/codeql/swift/elements/decl/TypeDecl.qll b/swift/ql/lib/codeql/swift/elements/decl/TypeDecl.qll index e1cbc88fb44..c54f1acdab6 100644 --- a/swift/ql/lib/codeql/swift/elements/decl/TypeDecl.qll +++ b/swift/ql/lib/codeql/swift/elements/decl/TypeDecl.qll @@ -1,9 +1,8 @@ private import codeql.swift.generated.decl.TypeDecl -private import codeql.swift.generated.type.Type private import codeql.swift.elements.type.AnyGenericType private import swift -class TypeDecl extends TypeDeclBase { +class TypeDecl extends Generated::TypeDecl { override string toString() { result = this.getName() } TypeDecl getBaseTypeDecl(int i) { result = this.getBaseType(i).(AnyGenericType).getDeclaration() } diff --git a/swift/ql/lib/codeql/swift/elements/decl/ValueDecl.qll b/swift/ql/lib/codeql/swift/elements/decl/ValueDecl.qll index 6c964867110..4c3e6d83007 100644 --- a/swift/ql/lib/codeql/swift/elements/decl/ValueDecl.qll +++ b/swift/ql/lib/codeql/swift/elements/decl/ValueDecl.qll @@ -1,4 +1,4 @@ // generated by codegen/codegen.py, remove this comment if you wish to edit this file private import codeql.swift.generated.decl.ValueDecl -class ValueDecl extends ValueDeclBase { } +class ValueDecl extends Generated::ValueDecl { } diff --git a/swift/ql/lib/codeql/swift/elements/decl/VarDecl.qll b/swift/ql/lib/codeql/swift/elements/decl/VarDecl.qll index b75ada67cda..baeb044a93d 100644 --- a/swift/ql/lib/codeql/swift/elements/decl/VarDecl.qll +++ b/swift/ql/lib/codeql/swift/elements/decl/VarDecl.qll @@ -2,7 +2,7 @@ private import codeql.swift.generated.decl.VarDecl private import codeql.swift.elements.expr.DeclRefExpr private import codeql.swift.elements.decl.IterableDeclContext -class VarDecl extends VarDeclBase { +class VarDecl extends Generated::VarDecl { override string toString() { result = this.getName() } DeclRefExpr getAnAccess() { result.getDecl() = this } diff --git a/swift/ql/lib/codeql/swift/elements/expr/AbstractClosureExpr.qll b/swift/ql/lib/codeql/swift/elements/expr/AbstractClosureExpr.qll index 29af35a1dda..72ab22a9053 100644 --- a/swift/ql/lib/codeql/swift/elements/expr/AbstractClosureExpr.qll +++ b/swift/ql/lib/codeql/swift/elements/expr/AbstractClosureExpr.qll @@ -1,4 +1,4 @@ // generated by codegen/codegen.py, remove this comment if you wish to edit this file private import codeql.swift.generated.expr.AbstractClosureExpr -class AbstractClosureExpr extends AbstractClosureExprBase { } +class AbstractClosureExpr extends Generated::AbstractClosureExpr { } diff --git a/swift/ql/lib/codeql/swift/elements/expr/AnyHashableErasureExpr.qll b/swift/ql/lib/codeql/swift/elements/expr/AnyHashableErasureExpr.qll index 8c636f0ddfe..b3f7c23c540 100644 --- a/swift/ql/lib/codeql/swift/elements/expr/AnyHashableErasureExpr.qll +++ b/swift/ql/lib/codeql/swift/elements/expr/AnyHashableErasureExpr.qll @@ -1,4 +1,4 @@ // generated by codegen/codegen.py, remove this comment if you wish to edit this file private import codeql.swift.generated.expr.AnyHashableErasureExpr -class AnyHashableErasureExpr extends AnyHashableErasureExprBase { } +class AnyHashableErasureExpr extends Generated::AnyHashableErasureExpr { } diff --git a/swift/ql/lib/codeql/swift/elements/expr/AnyTryExpr.qll b/swift/ql/lib/codeql/swift/elements/expr/AnyTryExpr.qll index 701b8012012..7e60cfd359b 100644 --- a/swift/ql/lib/codeql/swift/elements/expr/AnyTryExpr.qll +++ b/swift/ql/lib/codeql/swift/elements/expr/AnyTryExpr.qll @@ -1,4 +1,4 @@ // generated by codegen/codegen.py, remove this comment if you wish to edit this file private import codeql.swift.generated.expr.AnyTryExpr -class AnyTryExpr extends AnyTryExprBase { } +class AnyTryExpr extends Generated::AnyTryExpr { } diff --git a/swift/ql/lib/codeql/swift/elements/expr/AppliedPropertyWrapperExpr.qll b/swift/ql/lib/codeql/swift/elements/expr/AppliedPropertyWrapperExpr.qll index bbc68573bf7..fb43d28d66a 100644 --- a/swift/ql/lib/codeql/swift/elements/expr/AppliedPropertyWrapperExpr.qll +++ b/swift/ql/lib/codeql/swift/elements/expr/AppliedPropertyWrapperExpr.qll @@ -1,4 +1,4 @@ // generated by codegen/codegen.py, remove this comment if you wish to edit this file private import codeql.swift.generated.expr.AppliedPropertyWrapperExpr -class AppliedPropertyWrapperExpr extends AppliedPropertyWrapperExprBase { } +class AppliedPropertyWrapperExpr extends Generated::AppliedPropertyWrapperExpr { } diff --git a/swift/ql/lib/codeql/swift/elements/expr/ApplyExpr.qll b/swift/ql/lib/codeql/swift/elements/expr/ApplyExpr.qll index 63053cec32f..14bc6302c2b 100644 --- a/swift/ql/lib/codeql/swift/elements/expr/ApplyExpr.qll +++ b/swift/ql/lib/codeql/swift/elements/expr/ApplyExpr.qll @@ -4,7 +4,7 @@ private import codeql.swift.elements.expr.DeclRefExpr private import codeql.swift.elements.expr.MethodRefExpr private import codeql.swift.elements.expr.ConstructorRefCallExpr -class ApplyExpr extends ApplyExprBase { +class ApplyExpr extends Generated::ApplyExpr { AbstractFunctionDecl getStaticTarget() { exists(Expr f | f = this.getFunction() and diff --git a/swift/ql/lib/codeql/swift/elements/expr/ArchetypeToSuperExpr.qll b/swift/ql/lib/codeql/swift/elements/expr/ArchetypeToSuperExpr.qll index 5a74aafd452..3a2a162a2dd 100644 --- a/swift/ql/lib/codeql/swift/elements/expr/ArchetypeToSuperExpr.qll +++ b/swift/ql/lib/codeql/swift/elements/expr/ArchetypeToSuperExpr.qll @@ -1,4 +1,4 @@ // generated by codegen/codegen.py, remove this comment if you wish to edit this file private import codeql.swift.generated.expr.ArchetypeToSuperExpr -class ArchetypeToSuperExpr extends ArchetypeToSuperExprBase { } +class ArchetypeToSuperExpr extends Generated::ArchetypeToSuperExpr { } diff --git a/swift/ql/lib/codeql/swift/elements/expr/Argument.qll b/swift/ql/lib/codeql/swift/elements/expr/Argument.qll index bec912414a6..d95e410f081 100644 --- a/swift/ql/lib/codeql/swift/elements/expr/Argument.qll +++ b/swift/ql/lib/codeql/swift/elements/expr/Argument.qll @@ -1,7 +1,7 @@ private import codeql.swift.generated.expr.Argument private import codeql.swift.elements.expr.ApplyExpr -class Argument extends ArgumentBase { +class Argument extends Generated::Argument { override string toString() { result = this.getLabel() + ": " + this.getExpr().toString() } int getIndex() { any(ApplyExpr apply).getArgument(result) = this } diff --git a/swift/ql/lib/codeql/swift/elements/expr/ArrayExpr.qll b/swift/ql/lib/codeql/swift/elements/expr/ArrayExpr.qll index 8722a9ca601..1beef5e34b8 100644 --- a/swift/ql/lib/codeql/swift/elements/expr/ArrayExpr.qll +++ b/swift/ql/lib/codeql/swift/elements/expr/ArrayExpr.qll @@ -1,5 +1,5 @@ private import codeql.swift.generated.expr.ArrayExpr -class ArrayExpr extends ArrayExprBase { +class ArrayExpr extends Generated::ArrayExpr { override string toString() { result = "[...]" } } diff --git a/swift/ql/lib/codeql/swift/elements/expr/ArrayToPointerExpr.qll b/swift/ql/lib/codeql/swift/elements/expr/ArrayToPointerExpr.qll index b0df78a308b..961f3c1cb16 100644 --- a/swift/ql/lib/codeql/swift/elements/expr/ArrayToPointerExpr.qll +++ b/swift/ql/lib/codeql/swift/elements/expr/ArrayToPointerExpr.qll @@ -1,4 +1,4 @@ // generated by codegen/codegen.py, remove this comment if you wish to edit this file private import codeql.swift.generated.expr.ArrayToPointerExpr -class ArrayToPointerExpr extends ArrayToPointerExprBase { } +class ArrayToPointerExpr extends Generated::ArrayToPointerExpr { } diff --git a/swift/ql/lib/codeql/swift/elements/expr/ArrowExpr.qll b/swift/ql/lib/codeql/swift/elements/expr/ArrowExpr.qll index 94ea8624d68..220aaa883c2 100644 --- a/swift/ql/lib/codeql/swift/elements/expr/ArrowExpr.qll +++ b/swift/ql/lib/codeql/swift/elements/expr/ArrowExpr.qll @@ -1,5 +1,5 @@ private import codeql.swift.generated.expr.ArrowExpr -class ArrowExpr extends ArrowExprBase { +class ArrowExpr extends Generated::ArrowExpr { override string toString() { result = "... -> ..." } } diff --git a/swift/ql/lib/codeql/swift/elements/expr/AssignExpr.qll b/swift/ql/lib/codeql/swift/elements/expr/AssignExpr.qll index 4669306bea1..d3134d69813 100644 --- a/swift/ql/lib/codeql/swift/elements/expr/AssignExpr.qll +++ b/swift/ql/lib/codeql/swift/elements/expr/AssignExpr.qll @@ -1,5 +1,5 @@ private import codeql.swift.generated.expr.AssignExpr -class AssignExpr extends AssignExprBase { +class AssignExpr extends Generated::AssignExpr { override string toString() { result = " ... = ..." } } diff --git a/swift/ql/lib/codeql/swift/elements/expr/AutoClosureExpr.qll b/swift/ql/lib/codeql/swift/elements/expr/AutoClosureExpr.qll index 8782a913cca..6098a1e04cc 100644 --- a/swift/ql/lib/codeql/swift/elements/expr/AutoClosureExpr.qll +++ b/swift/ql/lib/codeql/swift/elements/expr/AutoClosureExpr.qll @@ -1,7 +1,7 @@ private import codeql.swift.generated.expr.AutoClosureExpr private import codeql.swift.elements.stmt.ReturnStmt -class AutoClosureExpr extends AutoClosureExprBase { +class AutoClosureExpr extends Generated::AutoClosureExpr { /** Gets the implicit return statement generated by this autoclosure expression. */ ReturnStmt getReturn() { result = unique( | | this.getBody().getAnElement()) } diff --git a/swift/ql/lib/codeql/swift/elements/expr/AwaitExpr.qll b/swift/ql/lib/codeql/swift/elements/expr/AwaitExpr.qll index 378296432bc..9aed11c7803 100644 --- a/swift/ql/lib/codeql/swift/elements/expr/AwaitExpr.qll +++ b/swift/ql/lib/codeql/swift/elements/expr/AwaitExpr.qll @@ -1,5 +1,5 @@ private import codeql.swift.generated.expr.AwaitExpr -class AwaitExpr extends AwaitExprBase { +class AwaitExpr extends Generated::AwaitExpr { override string toString() { result = "await ..." } } diff --git a/swift/ql/lib/codeql/swift/elements/expr/BinaryExpr.qll b/swift/ql/lib/codeql/swift/elements/expr/BinaryExpr.qll index 2ce90e38bb9..b75704bc1b1 100644 --- a/swift/ql/lib/codeql/swift/elements/expr/BinaryExpr.qll +++ b/swift/ql/lib/codeql/swift/elements/expr/BinaryExpr.qll @@ -1,7 +1,7 @@ private import codeql.swift.generated.expr.BinaryExpr private import codeql.swift.elements.expr.Expr -class BinaryExpr extends BinaryExprBase { +class BinaryExpr extends Generated::BinaryExpr { Expr getLeftOperand() { result = this.getArgument(0).getExpr() } Expr getRightOperand() { result = this.getArgument(1).getExpr() } diff --git a/swift/ql/lib/codeql/swift/elements/expr/BindOptionalExpr.qll b/swift/ql/lib/codeql/swift/elements/expr/BindOptionalExpr.qll index bcf3252ea17..44a82c661ed 100644 --- a/swift/ql/lib/codeql/swift/elements/expr/BindOptionalExpr.qll +++ b/swift/ql/lib/codeql/swift/elements/expr/BindOptionalExpr.qll @@ -1,5 +1,5 @@ private import codeql.swift.generated.expr.BindOptionalExpr -class BindOptionalExpr extends BindOptionalExprBase { +class BindOptionalExpr extends Generated::BindOptionalExpr { override string toString() { result = "...?" } } diff --git a/swift/ql/lib/codeql/swift/elements/expr/BooleanLiteralExpr.qll b/swift/ql/lib/codeql/swift/elements/expr/BooleanLiteralExpr.qll index 7f013a801dc..9b15e46f42c 100644 --- a/swift/ql/lib/codeql/swift/elements/expr/BooleanLiteralExpr.qll +++ b/swift/ql/lib/codeql/swift/elements/expr/BooleanLiteralExpr.qll @@ -1,5 +1,5 @@ private import codeql.swift.generated.expr.BooleanLiteralExpr -class BooleanLiteralExpr extends BooleanLiteralExprBase { +class BooleanLiteralExpr extends Generated::BooleanLiteralExpr { override string toString() { result = this.getValue().toString() } } diff --git a/swift/ql/lib/codeql/swift/elements/expr/BridgeFromObjCExpr.qll b/swift/ql/lib/codeql/swift/elements/expr/BridgeFromObjCExpr.qll index 722d3ff1e38..7bf7f3ce503 100644 --- a/swift/ql/lib/codeql/swift/elements/expr/BridgeFromObjCExpr.qll +++ b/swift/ql/lib/codeql/swift/elements/expr/BridgeFromObjCExpr.qll @@ -1,4 +1,4 @@ // generated by codegen/codegen.py, remove this comment if you wish to edit this file private import codeql.swift.generated.expr.BridgeFromObjCExpr -class BridgeFromObjCExpr extends BridgeFromObjCExprBase { } +class BridgeFromObjCExpr extends Generated::BridgeFromObjCExpr { } diff --git a/swift/ql/lib/codeql/swift/elements/expr/BridgeToObjCExpr.qll b/swift/ql/lib/codeql/swift/elements/expr/BridgeToObjCExpr.qll index c9b1c7d7490..c602505b34e 100644 --- a/swift/ql/lib/codeql/swift/elements/expr/BridgeToObjCExpr.qll +++ b/swift/ql/lib/codeql/swift/elements/expr/BridgeToObjCExpr.qll @@ -1,4 +1,4 @@ // generated by codegen/codegen.py, remove this comment if you wish to edit this file private import codeql.swift.generated.expr.BridgeToObjCExpr -class BridgeToObjCExpr extends BridgeToObjCExprBase { } +class BridgeToObjCExpr extends Generated::BridgeToObjCExpr { } diff --git a/swift/ql/lib/codeql/swift/elements/expr/BuiltinLiteralExpr.qll b/swift/ql/lib/codeql/swift/elements/expr/BuiltinLiteralExpr.qll index f1acd68338f..25831d5b7fa 100644 --- a/swift/ql/lib/codeql/swift/elements/expr/BuiltinLiteralExpr.qll +++ b/swift/ql/lib/codeql/swift/elements/expr/BuiltinLiteralExpr.qll @@ -1,4 +1,4 @@ // generated by codegen/codegen.py, remove this comment if you wish to edit this file private import codeql.swift.generated.expr.BuiltinLiteralExpr -class BuiltinLiteralExpr extends BuiltinLiteralExprBase { } +class BuiltinLiteralExpr extends Generated::BuiltinLiteralExpr { } diff --git a/swift/ql/lib/codeql/swift/elements/expr/CallExpr.qll b/swift/ql/lib/codeql/swift/elements/expr/CallExpr.qll index 224cd62b547..3e6a7ebaff2 100644 --- a/swift/ql/lib/codeql/swift/elements/expr/CallExpr.qll +++ b/swift/ql/lib/codeql/swift/elements/expr/CallExpr.qll @@ -1,4 +1,4 @@ // generated by codegen/codegen.py, remove this comment if you wish to edit this file private import codeql.swift.generated.expr.CallExpr -class CallExpr extends CallExprBase { } +class CallExpr extends Generated::CallExpr { } diff --git a/swift/ql/lib/codeql/swift/elements/expr/CaptureListExpr.qll b/swift/ql/lib/codeql/swift/elements/expr/CaptureListExpr.qll index c0fe030390d..430ba96fd4f 100644 --- a/swift/ql/lib/codeql/swift/elements/expr/CaptureListExpr.qll +++ b/swift/ql/lib/codeql/swift/elements/expr/CaptureListExpr.qll @@ -1,5 +1,5 @@ private import codeql.swift.generated.expr.CaptureListExpr -class CaptureListExpr extends CaptureListExprBase { +class CaptureListExpr extends Generated::CaptureListExpr { override string toString() { result = this.getClosureBody().toString() } } diff --git a/swift/ql/lib/codeql/swift/elements/expr/CheckedCastExpr.qll b/swift/ql/lib/codeql/swift/elements/expr/CheckedCastExpr.qll index 76805e2fb23..8eabaed6c60 100644 --- a/swift/ql/lib/codeql/swift/elements/expr/CheckedCastExpr.qll +++ b/swift/ql/lib/codeql/swift/elements/expr/CheckedCastExpr.qll @@ -1,4 +1,4 @@ // generated by codegen/codegen.py, remove this comment if you wish to edit this file private import codeql.swift.generated.expr.CheckedCastExpr -class CheckedCastExpr extends CheckedCastExprBase { } +class CheckedCastExpr extends Generated::CheckedCastExpr { } diff --git a/swift/ql/lib/codeql/swift/elements/expr/ClassMetatypeToObjectExpr.qll b/swift/ql/lib/codeql/swift/elements/expr/ClassMetatypeToObjectExpr.qll index b4e5a62cdaf..9c4dc673dc8 100644 --- a/swift/ql/lib/codeql/swift/elements/expr/ClassMetatypeToObjectExpr.qll +++ b/swift/ql/lib/codeql/swift/elements/expr/ClassMetatypeToObjectExpr.qll @@ -1,4 +1,4 @@ // generated by codegen/codegen.py, remove this comment if you wish to edit this file private import codeql.swift.generated.expr.ClassMetatypeToObjectExpr -class ClassMetatypeToObjectExpr extends ClassMetatypeToObjectExprBase { } +class ClassMetatypeToObjectExpr extends Generated::ClassMetatypeToObjectExpr { } diff --git a/swift/ql/lib/codeql/swift/elements/expr/ClosureExpr.qll b/swift/ql/lib/codeql/swift/elements/expr/ClosureExpr.qll index 093deb19577..4b542d9f38d 100644 --- a/swift/ql/lib/codeql/swift/elements/expr/ClosureExpr.qll +++ b/swift/ql/lib/codeql/swift/elements/expr/ClosureExpr.qll @@ -1,5 +1,5 @@ private import codeql.swift.generated.expr.ClosureExpr -class ClosureExpr extends ClosureExprBase { +class ClosureExpr extends Generated::ClosureExpr { override string toString() { result = "{ ... }" } } diff --git a/swift/ql/lib/codeql/swift/elements/expr/CodeCompletionExpr.qll b/swift/ql/lib/codeql/swift/elements/expr/CodeCompletionExpr.qll index ea630f2e7c2..7de9321abb7 100644 --- a/swift/ql/lib/codeql/swift/elements/expr/CodeCompletionExpr.qll +++ b/swift/ql/lib/codeql/swift/elements/expr/CodeCompletionExpr.qll @@ -1,4 +1,4 @@ // generated by codegen/codegen.py, remove this comment if you wish to edit this file private import codeql.swift.generated.expr.CodeCompletionExpr -class CodeCompletionExpr extends CodeCompletionExprBase { } +class CodeCompletionExpr extends Generated::CodeCompletionExpr { } diff --git a/swift/ql/lib/codeql/swift/elements/expr/CoerceExpr.qll b/swift/ql/lib/codeql/swift/elements/expr/CoerceExpr.qll index 2c89155dc56..ad364696d0e 100644 --- a/swift/ql/lib/codeql/swift/elements/expr/CoerceExpr.qll +++ b/swift/ql/lib/codeql/swift/elements/expr/CoerceExpr.qll @@ -1,4 +1,4 @@ // generated by codegen/codegen.py, remove this comment if you wish to edit this file private import codeql.swift.generated.expr.CoerceExpr -class CoerceExpr extends CoerceExprBase { } +class CoerceExpr extends Generated::CoerceExpr { } diff --git a/swift/ql/lib/codeql/swift/elements/expr/CollectionExpr.qll b/swift/ql/lib/codeql/swift/elements/expr/CollectionExpr.qll index bff536a3cc6..d2fa50b6a0a 100644 --- a/swift/ql/lib/codeql/swift/elements/expr/CollectionExpr.qll +++ b/swift/ql/lib/codeql/swift/elements/expr/CollectionExpr.qll @@ -1,4 +1,4 @@ // generated by codegen/codegen.py, remove this comment if you wish to edit this file private import codeql.swift.generated.expr.CollectionExpr -class CollectionExpr extends CollectionExprBase { } +class CollectionExpr extends Generated::CollectionExpr { } diff --git a/swift/ql/lib/codeql/swift/elements/expr/CollectionUpcastConversionExpr.qll b/swift/ql/lib/codeql/swift/elements/expr/CollectionUpcastConversionExpr.qll index cb7fb9d69b4..cce01e89304 100644 --- a/swift/ql/lib/codeql/swift/elements/expr/CollectionUpcastConversionExpr.qll +++ b/swift/ql/lib/codeql/swift/elements/expr/CollectionUpcastConversionExpr.qll @@ -1,4 +1,4 @@ // generated by codegen/codegen.py, remove this comment if you wish to edit this file private import codeql.swift.generated.expr.CollectionUpcastConversionExpr -class CollectionUpcastConversionExpr extends CollectionUpcastConversionExprBase { } +class CollectionUpcastConversionExpr extends Generated::CollectionUpcastConversionExpr { } diff --git a/swift/ql/lib/codeql/swift/elements/expr/ConditionalBridgeFromObjCExpr.qll b/swift/ql/lib/codeql/swift/elements/expr/ConditionalBridgeFromObjCExpr.qll index c25484bcd46..35fc33ddaf8 100644 --- a/swift/ql/lib/codeql/swift/elements/expr/ConditionalBridgeFromObjCExpr.qll +++ b/swift/ql/lib/codeql/swift/elements/expr/ConditionalBridgeFromObjCExpr.qll @@ -1,4 +1,4 @@ // generated by codegen/codegen.py, remove this comment if you wish to edit this file private import codeql.swift.generated.expr.ConditionalBridgeFromObjCExpr -class ConditionalBridgeFromObjCExpr extends ConditionalBridgeFromObjCExprBase { } +class ConditionalBridgeFromObjCExpr extends Generated::ConditionalBridgeFromObjCExpr { } diff --git a/swift/ql/lib/codeql/swift/elements/expr/ConditionalCheckedCastExpr.qll b/swift/ql/lib/codeql/swift/elements/expr/ConditionalCheckedCastExpr.qll index cec79ca2dc7..42f7aed5036 100644 --- a/swift/ql/lib/codeql/swift/elements/expr/ConditionalCheckedCastExpr.qll +++ b/swift/ql/lib/codeql/swift/elements/expr/ConditionalCheckedCastExpr.qll @@ -1,4 +1,4 @@ // generated by codegen/codegen.py, remove this comment if you wish to edit this file private import codeql.swift.generated.expr.ConditionalCheckedCastExpr -class ConditionalCheckedCastExpr extends ConditionalCheckedCastExprBase { } +class ConditionalCheckedCastExpr extends Generated::ConditionalCheckedCastExpr { } diff --git a/swift/ql/lib/codeql/swift/elements/expr/ConstructorRefCallExpr.qll b/swift/ql/lib/codeql/swift/elements/expr/ConstructorRefCallExpr.qll index 8b52c13ac1e..206d61b062e 100644 --- a/swift/ql/lib/codeql/swift/elements/expr/ConstructorRefCallExpr.qll +++ b/swift/ql/lib/codeql/swift/elements/expr/ConstructorRefCallExpr.qll @@ -1,4 +1,4 @@ // generated by codegen/codegen.py, remove this comment if you wish to edit this file private import codeql.swift.generated.expr.ConstructorRefCallExpr -class ConstructorRefCallExpr extends ConstructorRefCallExprBase { } +class ConstructorRefCallExpr extends Generated::ConstructorRefCallExpr { } diff --git a/swift/ql/lib/codeql/swift/elements/expr/CovariantFunctionConversionExpr.qll b/swift/ql/lib/codeql/swift/elements/expr/CovariantFunctionConversionExpr.qll index 7ca8118eb61..0f9f94f2563 100644 --- a/swift/ql/lib/codeql/swift/elements/expr/CovariantFunctionConversionExpr.qll +++ b/swift/ql/lib/codeql/swift/elements/expr/CovariantFunctionConversionExpr.qll @@ -1,4 +1,4 @@ // generated by codegen/codegen.py, remove this comment if you wish to edit this file private import codeql.swift.generated.expr.CovariantFunctionConversionExpr -class CovariantFunctionConversionExpr extends CovariantFunctionConversionExprBase { } +class CovariantFunctionConversionExpr extends Generated::CovariantFunctionConversionExpr { } diff --git a/swift/ql/lib/codeql/swift/elements/expr/CovariantReturnConversionExpr.qll b/swift/ql/lib/codeql/swift/elements/expr/CovariantReturnConversionExpr.qll index 6c8fe13e1c8..32a4cbbe751 100644 --- a/swift/ql/lib/codeql/swift/elements/expr/CovariantReturnConversionExpr.qll +++ b/swift/ql/lib/codeql/swift/elements/expr/CovariantReturnConversionExpr.qll @@ -1,4 +1,4 @@ // generated by codegen/codegen.py, remove this comment if you wish to edit this file private import codeql.swift.generated.expr.CovariantReturnConversionExpr -class CovariantReturnConversionExpr extends CovariantReturnConversionExprBase { } +class CovariantReturnConversionExpr extends Generated::CovariantReturnConversionExpr { } diff --git a/swift/ql/lib/codeql/swift/elements/expr/DeclRefExpr.qll b/swift/ql/lib/codeql/swift/elements/expr/DeclRefExpr.qll index 3e9ebb8d589..948fec77aef 100644 --- a/swift/ql/lib/codeql/swift/elements/expr/DeclRefExpr.qll +++ b/swift/ql/lib/codeql/swift/elements/expr/DeclRefExpr.qll @@ -1,5 +1,5 @@ private import codeql.swift.generated.expr.DeclRefExpr -class DeclRefExpr extends DeclRefExprBase { +class DeclRefExpr extends Generated::DeclRefExpr { override string toString() { result = this.getDecl().toString() } } diff --git a/swift/ql/lib/codeql/swift/elements/expr/DefaultArgumentExpr.qll b/swift/ql/lib/codeql/swift/elements/expr/DefaultArgumentExpr.qll index c61d2680d74..452beb072c1 100644 --- a/swift/ql/lib/codeql/swift/elements/expr/DefaultArgumentExpr.qll +++ b/swift/ql/lib/codeql/swift/elements/expr/DefaultArgumentExpr.qll @@ -1,5 +1,5 @@ private import codeql.swift.generated.expr.DefaultArgumentExpr -class DefaultArgumentExpr extends DefaultArgumentExprBase { +class DefaultArgumentExpr extends Generated::DefaultArgumentExpr { override string toString() { result = "default " + this.getParamDecl().getName() } } diff --git a/swift/ql/lib/codeql/swift/elements/expr/DerivedToBaseExpr.qll b/swift/ql/lib/codeql/swift/elements/expr/DerivedToBaseExpr.qll index f0052dece5e..9612cd1e9b6 100644 --- a/swift/ql/lib/codeql/swift/elements/expr/DerivedToBaseExpr.qll +++ b/swift/ql/lib/codeql/swift/elements/expr/DerivedToBaseExpr.qll @@ -1,4 +1,4 @@ // generated by codegen/codegen.py, remove this comment if you wish to edit this file private import codeql.swift.generated.expr.DerivedToBaseExpr -class DerivedToBaseExpr extends DerivedToBaseExprBase { } +class DerivedToBaseExpr extends Generated::DerivedToBaseExpr { } diff --git a/swift/ql/lib/codeql/swift/elements/expr/DestructureTupleExpr.qll b/swift/ql/lib/codeql/swift/elements/expr/DestructureTupleExpr.qll index 6c657d34097..3ca219d1f8b 100644 --- a/swift/ql/lib/codeql/swift/elements/expr/DestructureTupleExpr.qll +++ b/swift/ql/lib/codeql/swift/elements/expr/DestructureTupleExpr.qll @@ -1,4 +1,4 @@ // generated by codegen/codegen.py, remove this comment if you wish to edit this file private import codeql.swift.generated.expr.DestructureTupleExpr -class DestructureTupleExpr extends DestructureTupleExprBase { } +class DestructureTupleExpr extends Generated::DestructureTupleExpr { } diff --git a/swift/ql/lib/codeql/swift/elements/expr/DictionaryExpr.qll b/swift/ql/lib/codeql/swift/elements/expr/DictionaryExpr.qll index 6f4edce8e45..4e98d5ac3fa 100644 --- a/swift/ql/lib/codeql/swift/elements/expr/DictionaryExpr.qll +++ b/swift/ql/lib/codeql/swift/elements/expr/DictionaryExpr.qll @@ -1,5 +1,5 @@ private import codeql.swift.generated.expr.DictionaryExpr -class DictionaryExpr extends DictionaryExprBase { +class DictionaryExpr extends Generated::DictionaryExpr { override string toString() { result = "[...]" } } diff --git a/swift/ql/lib/codeql/swift/elements/expr/DifferentiableFunctionExpr.qll b/swift/ql/lib/codeql/swift/elements/expr/DifferentiableFunctionExpr.qll index de90a9cfe93..efbbc2aad72 100644 --- a/swift/ql/lib/codeql/swift/elements/expr/DifferentiableFunctionExpr.qll +++ b/swift/ql/lib/codeql/swift/elements/expr/DifferentiableFunctionExpr.qll @@ -1,4 +1,4 @@ // generated by codegen/codegen.py, remove this comment if you wish to edit this file private import codeql.swift.generated.expr.DifferentiableFunctionExpr -class DifferentiableFunctionExpr extends DifferentiableFunctionExprBase { } +class DifferentiableFunctionExpr extends Generated::DifferentiableFunctionExpr { } diff --git a/swift/ql/lib/codeql/swift/elements/expr/DifferentiableFunctionExtractOriginalExpr.qll b/swift/ql/lib/codeql/swift/elements/expr/DifferentiableFunctionExtractOriginalExpr.qll index 964c2438e6e..b4b51d16d82 100644 --- a/swift/ql/lib/codeql/swift/elements/expr/DifferentiableFunctionExtractOriginalExpr.qll +++ b/swift/ql/lib/codeql/swift/elements/expr/DifferentiableFunctionExtractOriginalExpr.qll @@ -1,4 +1,4 @@ private import codeql.swift.generated.expr.DifferentiableFunctionExtractOriginalExpr -class DifferentiableFunctionExtractOriginalExpr extends DifferentiableFunctionExtractOriginalExprBase { +class DifferentiableFunctionExtractOriginalExpr extends Generated::DifferentiableFunctionExtractOriginalExpr { } diff --git a/swift/ql/lib/codeql/swift/elements/expr/DiscardAssignmentExpr.qll b/swift/ql/lib/codeql/swift/elements/expr/DiscardAssignmentExpr.qll index a31c6167bb6..1a8bd47e69d 100644 --- a/swift/ql/lib/codeql/swift/elements/expr/DiscardAssignmentExpr.qll +++ b/swift/ql/lib/codeql/swift/elements/expr/DiscardAssignmentExpr.qll @@ -1,5 +1,5 @@ private import codeql.swift.generated.expr.DiscardAssignmentExpr -class DiscardAssignmentExpr extends DiscardAssignmentExprBase { +class DiscardAssignmentExpr extends Generated::DiscardAssignmentExpr { override string toString() { result = "_" } } diff --git a/swift/ql/lib/codeql/swift/elements/expr/DotSelfExpr.qll b/swift/ql/lib/codeql/swift/elements/expr/DotSelfExpr.qll index a82f55cc422..378672d9b8f 100644 --- a/swift/ql/lib/codeql/swift/elements/expr/DotSelfExpr.qll +++ b/swift/ql/lib/codeql/swift/elements/expr/DotSelfExpr.qll @@ -1,5 +1,5 @@ private import codeql.swift.generated.expr.DotSelfExpr -class DotSelfExpr extends DotSelfExprBase { +class DotSelfExpr extends Generated::DotSelfExpr { override string toString() { result = ".self" } } diff --git a/swift/ql/lib/codeql/swift/elements/expr/DotSyntaxBaseIgnoredExpr.qll b/swift/ql/lib/codeql/swift/elements/expr/DotSyntaxBaseIgnoredExpr.qll index 919bf1bfea1..465247c5a77 100644 --- a/swift/ql/lib/codeql/swift/elements/expr/DotSyntaxBaseIgnoredExpr.qll +++ b/swift/ql/lib/codeql/swift/elements/expr/DotSyntaxBaseIgnoredExpr.qll @@ -1,5 +1,5 @@ private import codeql.swift.generated.expr.DotSyntaxBaseIgnoredExpr -class DotSyntaxBaseIgnoredExpr extends DotSyntaxBaseIgnoredExprBase { +class DotSyntaxBaseIgnoredExpr extends Generated::DotSyntaxBaseIgnoredExpr { override string toString() { result = "." + this.getSubExpr().toString() } } diff --git a/swift/ql/lib/codeql/swift/elements/expr/DotSyntaxCallExpr.qll b/swift/ql/lib/codeql/swift/elements/expr/DotSyntaxCallExpr.qll index b7052e3aeec..8e8fbc4b363 100644 --- a/swift/ql/lib/codeql/swift/elements/expr/DotSyntaxCallExpr.qll +++ b/swift/ql/lib/codeql/swift/elements/expr/DotSyntaxCallExpr.qll @@ -1,4 +1,4 @@ // generated by codegen/codegen.py, remove this comment if you wish to edit this file private import codeql.swift.generated.expr.DotSyntaxCallExpr -class DotSyntaxCallExpr extends DotSyntaxCallExprBase { } +class DotSyntaxCallExpr extends Generated::DotSyntaxCallExpr { } diff --git a/swift/ql/lib/codeql/swift/elements/expr/DynamicLookupExpr.qll b/swift/ql/lib/codeql/swift/elements/expr/DynamicLookupExpr.qll index da1cff8ab2c..794661fe42d 100644 --- a/swift/ql/lib/codeql/swift/elements/expr/DynamicLookupExpr.qll +++ b/swift/ql/lib/codeql/swift/elements/expr/DynamicLookupExpr.qll @@ -1,4 +1,4 @@ // generated by codegen/codegen.py, remove this comment if you wish to edit this file private import codeql.swift.generated.expr.DynamicLookupExpr -class DynamicLookupExpr extends DynamicLookupExprBase { } +class DynamicLookupExpr extends Generated::DynamicLookupExpr { } diff --git a/swift/ql/lib/codeql/swift/elements/expr/DynamicMemberRefExpr.qll b/swift/ql/lib/codeql/swift/elements/expr/DynamicMemberRefExpr.qll index 757bc196e4d..2de645bc4e2 100644 --- a/swift/ql/lib/codeql/swift/elements/expr/DynamicMemberRefExpr.qll +++ b/swift/ql/lib/codeql/swift/elements/expr/DynamicMemberRefExpr.qll @@ -1,5 +1,5 @@ private import codeql.swift.generated.expr.DynamicMemberRefExpr -class DynamicMemberRefExpr extends DynamicMemberRefExprBase { +class DynamicMemberRefExpr extends Generated::DynamicMemberRefExpr { override string toString() { result = "." + this.getMember().toString() } } diff --git a/swift/ql/lib/codeql/swift/elements/expr/DynamicSubscriptExpr.qll b/swift/ql/lib/codeql/swift/elements/expr/DynamicSubscriptExpr.qll index 5114a6a4ebc..e054e54f17f 100644 --- a/swift/ql/lib/codeql/swift/elements/expr/DynamicSubscriptExpr.qll +++ b/swift/ql/lib/codeql/swift/elements/expr/DynamicSubscriptExpr.qll @@ -1,5 +1,5 @@ private import codeql.swift.generated.expr.DynamicSubscriptExpr -class DynamicSubscriptExpr extends DynamicSubscriptExprBase { +class DynamicSubscriptExpr extends Generated::DynamicSubscriptExpr { override string toString() { result = this.getMember().toString() + "[...]" } } diff --git a/swift/ql/lib/codeql/swift/elements/expr/DynamicTypeExpr.qll b/swift/ql/lib/codeql/swift/elements/expr/DynamicTypeExpr.qll index 3af1f67b7bb..27f2bf48927 100644 --- a/swift/ql/lib/codeql/swift/elements/expr/DynamicTypeExpr.qll +++ b/swift/ql/lib/codeql/swift/elements/expr/DynamicTypeExpr.qll @@ -1,5 +1,5 @@ private import codeql.swift.generated.expr.DynamicTypeExpr -class DynamicTypeExpr extends DynamicTypeExprBase { +class DynamicTypeExpr extends Generated::DynamicTypeExpr { override string toString() { result = "type(of: ...)" } } diff --git a/swift/ql/lib/codeql/swift/elements/expr/EditorPlaceholderExpr.qll b/swift/ql/lib/codeql/swift/elements/expr/EditorPlaceholderExpr.qll index 4598810896c..92424e41fcf 100644 --- a/swift/ql/lib/codeql/swift/elements/expr/EditorPlaceholderExpr.qll +++ b/swift/ql/lib/codeql/swift/elements/expr/EditorPlaceholderExpr.qll @@ -1,4 +1,4 @@ // generated by codegen/codegen.py, remove this comment if you wish to edit this file private import codeql.swift.generated.expr.EditorPlaceholderExpr -class EditorPlaceholderExpr extends EditorPlaceholderExprBase { } +class EditorPlaceholderExpr extends Generated::EditorPlaceholderExpr { } diff --git a/swift/ql/lib/codeql/swift/elements/expr/EnumIsCaseExpr.qll b/swift/ql/lib/codeql/swift/elements/expr/EnumIsCaseExpr.qll index 450fd199e49..ae1ea5a0b3d 100644 --- a/swift/ql/lib/codeql/swift/elements/expr/EnumIsCaseExpr.qll +++ b/swift/ql/lib/codeql/swift/elements/expr/EnumIsCaseExpr.qll @@ -1,5 +1,5 @@ private import codeql.swift.generated.expr.EnumIsCaseExpr -class EnumIsCaseExpr extends EnumIsCaseExprBase { +class EnumIsCaseExpr extends Generated::EnumIsCaseExpr { override string toString() { result = "... is " + this.getElement().toString() } } diff --git a/swift/ql/lib/codeql/swift/elements/expr/ErasureExpr.qll b/swift/ql/lib/codeql/swift/elements/expr/ErasureExpr.qll index 2067736182d..d5573a508a8 100644 --- a/swift/ql/lib/codeql/swift/elements/expr/ErasureExpr.qll +++ b/swift/ql/lib/codeql/swift/elements/expr/ErasureExpr.qll @@ -1,4 +1,4 @@ // generated by codegen/codegen.py, remove this comment if you wish to edit this file private import codeql.swift.generated.expr.ErasureExpr -class ErasureExpr extends ErasureExprBase { } +class ErasureExpr extends Generated::ErasureExpr { } diff --git a/swift/ql/lib/codeql/swift/elements/expr/ErrorExpr.qll b/swift/ql/lib/codeql/swift/elements/expr/ErrorExpr.qll index 294bf668755..8eeffef6e4b 100644 --- a/swift/ql/lib/codeql/swift/elements/expr/ErrorExpr.qll +++ b/swift/ql/lib/codeql/swift/elements/expr/ErrorExpr.qll @@ -1,4 +1,4 @@ // generated by codegen/codegen.py, remove this comment if you wish to edit this file private import codeql.swift.generated.expr.ErrorExpr -class ErrorExpr extends ErrorExprBase { } +class ErrorExpr extends Generated::ErrorExpr { } diff --git a/swift/ql/lib/codeql/swift/elements/expr/ExistentialMetatypeToObjectExpr.qll b/swift/ql/lib/codeql/swift/elements/expr/ExistentialMetatypeToObjectExpr.qll index 04e052ce2b5..7272a0ab319 100644 --- a/swift/ql/lib/codeql/swift/elements/expr/ExistentialMetatypeToObjectExpr.qll +++ b/swift/ql/lib/codeql/swift/elements/expr/ExistentialMetatypeToObjectExpr.qll @@ -1,4 +1,4 @@ // generated by codegen/codegen.py, remove this comment if you wish to edit this file private import codeql.swift.generated.expr.ExistentialMetatypeToObjectExpr -class ExistentialMetatypeToObjectExpr extends ExistentialMetatypeToObjectExprBase { } +class ExistentialMetatypeToObjectExpr extends Generated::ExistentialMetatypeToObjectExpr { } diff --git a/swift/ql/lib/codeql/swift/elements/expr/ExplicitCastExpr.qll b/swift/ql/lib/codeql/swift/elements/expr/ExplicitCastExpr.qll index 16bc95f459b..ff608b58ba9 100644 --- a/swift/ql/lib/codeql/swift/elements/expr/ExplicitCastExpr.qll +++ b/swift/ql/lib/codeql/swift/elements/expr/ExplicitCastExpr.qll @@ -1,6 +1,6 @@ private import codeql.swift.generated.expr.ExplicitCastExpr -class ExplicitCastExpr extends ExplicitCastExprBase { +class ExplicitCastExpr extends Generated::ExplicitCastExpr { override predicate convertsFrom(Expr e) { e = this.getImmediateSubExpr() } override string toString() { result = "(" + this.getType() + ") ..." } diff --git a/swift/ql/lib/codeql/swift/elements/expr/Expr.qll b/swift/ql/lib/codeql/swift/elements/expr/Expr.qll index 994e1c56a64..c513c4107b5 100644 --- a/swift/ql/lib/codeql/swift/elements/expr/Expr.qll +++ b/swift/ql/lib/codeql/swift/elements/expr/Expr.qll @@ -1,6 +1,6 @@ private import codeql.swift.generated.expr.Expr -class Expr extends ExprBase { +class Expr extends Generated::Expr { final override Expr getResolveStep() { this.convertsFrom(result) } predicate convertsFrom(Expr e) { none() } // overridden by subclasses diff --git a/swift/ql/lib/codeql/swift/elements/expr/FloatLiteralExpr.qll b/swift/ql/lib/codeql/swift/elements/expr/FloatLiteralExpr.qll index 5a40548d1fc..431be189b8f 100644 --- a/swift/ql/lib/codeql/swift/elements/expr/FloatLiteralExpr.qll +++ b/swift/ql/lib/codeql/swift/elements/expr/FloatLiteralExpr.qll @@ -1,5 +1,5 @@ private import codeql.swift.generated.expr.FloatLiteralExpr -class FloatLiteralExpr extends FloatLiteralExprBase { +class FloatLiteralExpr extends Generated::FloatLiteralExpr { override string toString() { result = this.getStringValue() } } diff --git a/swift/ql/lib/codeql/swift/elements/expr/ForceTryExpr.qll b/swift/ql/lib/codeql/swift/elements/expr/ForceTryExpr.qll index 90a1d4f82b6..36e3a395d09 100644 --- a/swift/ql/lib/codeql/swift/elements/expr/ForceTryExpr.qll +++ b/swift/ql/lib/codeql/swift/elements/expr/ForceTryExpr.qll @@ -1,5 +1,5 @@ private import codeql.swift.generated.expr.ForceTryExpr -class ForceTryExpr extends ForceTryExprBase { +class ForceTryExpr extends Generated::ForceTryExpr { override string toString() { result = "try! ..." } } diff --git a/swift/ql/lib/codeql/swift/elements/expr/ForceValueExpr.qll b/swift/ql/lib/codeql/swift/elements/expr/ForceValueExpr.qll index bdb0645226b..c54455ce7b7 100644 --- a/swift/ql/lib/codeql/swift/elements/expr/ForceValueExpr.qll +++ b/swift/ql/lib/codeql/swift/elements/expr/ForceValueExpr.qll @@ -1,5 +1,5 @@ private import codeql.swift.generated.expr.ForceValueExpr -class ForceValueExpr extends ForceValueExprBase { +class ForceValueExpr extends Generated::ForceValueExpr { override string toString() { result = "...!" } } diff --git a/swift/ql/lib/codeql/swift/elements/expr/ForcedCheckedCastExpr.qll b/swift/ql/lib/codeql/swift/elements/expr/ForcedCheckedCastExpr.qll index 2d8c443aeb4..a9fe81d7802 100644 --- a/swift/ql/lib/codeql/swift/elements/expr/ForcedCheckedCastExpr.qll +++ b/swift/ql/lib/codeql/swift/elements/expr/ForcedCheckedCastExpr.qll @@ -1,4 +1,4 @@ // generated by codegen/codegen.py, remove this comment if you wish to edit this file private import codeql.swift.generated.expr.ForcedCheckedCastExpr -class ForcedCheckedCastExpr extends ForcedCheckedCastExprBase { } +class ForcedCheckedCastExpr extends Generated::ForcedCheckedCastExpr { } diff --git a/swift/ql/lib/codeql/swift/elements/expr/ForeignObjectConversionExpr.qll b/swift/ql/lib/codeql/swift/elements/expr/ForeignObjectConversionExpr.qll index 953f833ef61..ae8b59cf2ee 100644 --- a/swift/ql/lib/codeql/swift/elements/expr/ForeignObjectConversionExpr.qll +++ b/swift/ql/lib/codeql/swift/elements/expr/ForeignObjectConversionExpr.qll @@ -1,4 +1,4 @@ // generated by codegen/codegen.py, remove this comment if you wish to edit this file private import codeql.swift.generated.expr.ForeignObjectConversionExpr -class ForeignObjectConversionExpr extends ForeignObjectConversionExprBase { } +class ForeignObjectConversionExpr extends Generated::ForeignObjectConversionExpr { } diff --git a/swift/ql/lib/codeql/swift/elements/expr/FunctionConversionExpr.qll b/swift/ql/lib/codeql/swift/elements/expr/FunctionConversionExpr.qll index bf5add5d2cc..209b2ad1355 100644 --- a/swift/ql/lib/codeql/swift/elements/expr/FunctionConversionExpr.qll +++ b/swift/ql/lib/codeql/swift/elements/expr/FunctionConversionExpr.qll @@ -1,4 +1,4 @@ // generated by codegen/codegen.py, remove this comment if you wish to edit this file private import codeql.swift.generated.expr.FunctionConversionExpr -class FunctionConversionExpr extends FunctionConversionExprBase { } +class FunctionConversionExpr extends Generated::FunctionConversionExpr { } diff --git a/swift/ql/lib/codeql/swift/elements/expr/IdentityExpr.qll b/swift/ql/lib/codeql/swift/elements/expr/IdentityExpr.qll index 4f5b8cc2053..e8d431731ff 100644 --- a/swift/ql/lib/codeql/swift/elements/expr/IdentityExpr.qll +++ b/swift/ql/lib/codeql/swift/elements/expr/IdentityExpr.qll @@ -1,5 +1,5 @@ private import codeql.swift.generated.expr.IdentityExpr -class IdentityExpr extends IdentityExprBase { +class IdentityExpr extends Generated::IdentityExpr { override predicate convertsFrom(Expr e) { e = getImmediateSubExpr() } } diff --git a/swift/ql/lib/codeql/swift/elements/expr/IfExpr.qll b/swift/ql/lib/codeql/swift/elements/expr/IfExpr.qll index 10a8a098180..3afcc992089 100644 --- a/swift/ql/lib/codeql/swift/elements/expr/IfExpr.qll +++ b/swift/ql/lib/codeql/swift/elements/expr/IfExpr.qll @@ -1,6 +1,6 @@ private import codeql.swift.generated.expr.IfExpr -class IfExpr extends IfExprBase { +class IfExpr extends Generated::IfExpr { Expr getBranch(boolean b) { b = true and result = this.getThenExpr() diff --git a/swift/ql/lib/codeql/swift/elements/expr/ImplicitConversionExpr.qll b/swift/ql/lib/codeql/swift/elements/expr/ImplicitConversionExpr.qll index a7d532ccada..37138ed3724 100644 --- a/swift/ql/lib/codeql/swift/elements/expr/ImplicitConversionExpr.qll +++ b/swift/ql/lib/codeql/swift/elements/expr/ImplicitConversionExpr.qll @@ -1,6 +1,6 @@ private import codeql.swift.generated.expr.ImplicitConversionExpr -class ImplicitConversionExpr extends ImplicitConversionExprBase { +class ImplicitConversionExpr extends Generated::ImplicitConversionExpr { override predicate convertsFrom(Expr e) { e = this.getImmediateSubExpr() } override string toString() { result = "(" + this.getType().toString() + ") ..." } diff --git a/swift/ql/lib/codeql/swift/elements/expr/InOutExpr.qll b/swift/ql/lib/codeql/swift/elements/expr/InOutExpr.qll index f1e40ed36fe..0b7fed74a3f 100644 --- a/swift/ql/lib/codeql/swift/elements/expr/InOutExpr.qll +++ b/swift/ql/lib/codeql/swift/elements/expr/InOutExpr.qll @@ -1,5 +1,5 @@ private import codeql.swift.generated.expr.InOutExpr -class InOutExpr extends InOutExprBase { +class InOutExpr extends Generated::InOutExpr { override string toString() { result = "&..." } } diff --git a/swift/ql/lib/codeql/swift/elements/expr/InOutToPointerExpr.qll b/swift/ql/lib/codeql/swift/elements/expr/InOutToPointerExpr.qll index a7f6a1c1a4e..51315f873a9 100644 --- a/swift/ql/lib/codeql/swift/elements/expr/InOutToPointerExpr.qll +++ b/swift/ql/lib/codeql/swift/elements/expr/InOutToPointerExpr.qll @@ -1,4 +1,4 @@ // generated by codegen/codegen.py, remove this comment if you wish to edit this file private import codeql.swift.generated.expr.InOutToPointerExpr -class InOutToPointerExpr extends InOutToPointerExprBase { } +class InOutToPointerExpr extends Generated::InOutToPointerExpr { } diff --git a/swift/ql/lib/codeql/swift/elements/expr/InjectIntoOptionalExpr.qll b/swift/ql/lib/codeql/swift/elements/expr/InjectIntoOptionalExpr.qll index 9473862e519..19cd9275582 100644 --- a/swift/ql/lib/codeql/swift/elements/expr/InjectIntoOptionalExpr.qll +++ b/swift/ql/lib/codeql/swift/elements/expr/InjectIntoOptionalExpr.qll @@ -1,4 +1,4 @@ // generated by codegen/codegen.py, remove this comment if you wish to edit this file private import codeql.swift.generated.expr.InjectIntoOptionalExpr -class InjectIntoOptionalExpr extends InjectIntoOptionalExprBase { } +class InjectIntoOptionalExpr extends Generated::InjectIntoOptionalExpr { } diff --git a/swift/ql/lib/codeql/swift/elements/expr/IntegerLiteralExpr.qll b/swift/ql/lib/codeql/swift/elements/expr/IntegerLiteralExpr.qll index 87e7bdffae2..7289214a61b 100644 --- a/swift/ql/lib/codeql/swift/elements/expr/IntegerLiteralExpr.qll +++ b/swift/ql/lib/codeql/swift/elements/expr/IntegerLiteralExpr.qll @@ -1,5 +1,5 @@ private import codeql.swift.generated.expr.IntegerLiteralExpr -class IntegerLiteralExpr extends IntegerLiteralExprBase { +class IntegerLiteralExpr extends Generated::IntegerLiteralExpr { override string toString() { result = this.getStringValue() } } diff --git a/swift/ql/lib/codeql/swift/elements/expr/InterpolatedStringLiteralExpr.qll b/swift/ql/lib/codeql/swift/elements/expr/InterpolatedStringLiteralExpr.qll index 599d780357f..f21b4492e8e 100644 --- a/swift/ql/lib/codeql/swift/elements/expr/InterpolatedStringLiteralExpr.qll +++ b/swift/ql/lib/codeql/swift/elements/expr/InterpolatedStringLiteralExpr.qll @@ -1,5 +1,5 @@ private import codeql.swift.generated.expr.InterpolatedStringLiteralExpr -class InterpolatedStringLiteralExpr extends InterpolatedStringLiteralExprBase { +class InterpolatedStringLiteralExpr extends Generated::InterpolatedStringLiteralExpr { override string toString() { result = "\"...\"" } } diff --git a/swift/ql/lib/codeql/swift/elements/expr/IsExpr.qll b/swift/ql/lib/codeql/swift/elements/expr/IsExpr.qll index d87fc7fe05a..8eae10827e2 100644 --- a/swift/ql/lib/codeql/swift/elements/expr/IsExpr.qll +++ b/swift/ql/lib/codeql/swift/elements/expr/IsExpr.qll @@ -1,5 +1,5 @@ private import codeql.swift.generated.expr.IsExpr -class IsExpr extends IsExprBase { +class IsExpr extends Generated::IsExpr { override string toString() { result = "... is ..." } } diff --git a/swift/ql/lib/codeql/swift/elements/expr/KeyPathApplicationExpr.qll b/swift/ql/lib/codeql/swift/elements/expr/KeyPathApplicationExpr.qll index 80c0f1d5678..1f996cf1e7d 100644 --- a/swift/ql/lib/codeql/swift/elements/expr/KeyPathApplicationExpr.qll +++ b/swift/ql/lib/codeql/swift/elements/expr/KeyPathApplicationExpr.qll @@ -1,5 +1,5 @@ private import codeql.swift.generated.expr.KeyPathApplicationExpr -class KeyPathApplicationExpr extends KeyPathApplicationExprBase { +class KeyPathApplicationExpr extends Generated::KeyPathApplicationExpr { override string toString() { result = "\\...[...]" } } diff --git a/swift/ql/lib/codeql/swift/elements/expr/KeyPathDotExpr.qll b/swift/ql/lib/codeql/swift/elements/expr/KeyPathDotExpr.qll index 18bd4ee4186..535d393e057 100644 --- a/swift/ql/lib/codeql/swift/elements/expr/KeyPathDotExpr.qll +++ b/swift/ql/lib/codeql/swift/elements/expr/KeyPathDotExpr.qll @@ -1,5 +1,5 @@ private import codeql.swift.generated.expr.KeyPathDotExpr -class KeyPathDotExpr extends KeyPathDotExprBase { +class KeyPathDotExpr extends Generated::KeyPathDotExpr { override string toString() { result = "\\...." } } diff --git a/swift/ql/lib/codeql/swift/elements/expr/KeyPathExpr.qll b/swift/ql/lib/codeql/swift/elements/expr/KeyPathExpr.qll index 4869ac44bde..214db59851c 100644 --- a/swift/ql/lib/codeql/swift/elements/expr/KeyPathExpr.qll +++ b/swift/ql/lib/codeql/swift/elements/expr/KeyPathExpr.qll @@ -1,5 +1,5 @@ private import codeql.swift.generated.expr.KeyPathExpr -class KeyPathExpr extends KeyPathExprBase { +class KeyPathExpr extends Generated::KeyPathExpr { override string toString() { result = "#keyPath(...)" } } diff --git a/swift/ql/lib/codeql/swift/elements/expr/LazyInitializerExpr.qll b/swift/ql/lib/codeql/swift/elements/expr/LazyInitializerExpr.qll index 9564ece75e3..31622166944 100644 --- a/swift/ql/lib/codeql/swift/elements/expr/LazyInitializerExpr.qll +++ b/swift/ql/lib/codeql/swift/elements/expr/LazyInitializerExpr.qll @@ -1,5 +1,5 @@ private import codeql.swift.generated.expr.LazyInitializerExpr -class LazyInitializerExpr extends LazyInitializerExprBase { +class LazyInitializerExpr extends Generated::LazyInitializerExpr { override string toString() { result = this.getSubExpr().toString() } } diff --git a/swift/ql/lib/codeql/swift/elements/expr/LinearFunctionExpr.qll b/swift/ql/lib/codeql/swift/elements/expr/LinearFunctionExpr.qll index 77175f78843..33bbb8b4baa 100644 --- a/swift/ql/lib/codeql/swift/elements/expr/LinearFunctionExpr.qll +++ b/swift/ql/lib/codeql/swift/elements/expr/LinearFunctionExpr.qll @@ -1,4 +1,4 @@ // generated by codegen/codegen.py, remove this comment if you wish to edit this file private import codeql.swift.generated.expr.LinearFunctionExpr -class LinearFunctionExpr extends LinearFunctionExprBase { } +class LinearFunctionExpr extends Generated::LinearFunctionExpr { } diff --git a/swift/ql/lib/codeql/swift/elements/expr/LinearFunctionExtractOriginalExpr.qll b/swift/ql/lib/codeql/swift/elements/expr/LinearFunctionExtractOriginalExpr.qll index 00173706dff..98945035f8d 100644 --- a/swift/ql/lib/codeql/swift/elements/expr/LinearFunctionExtractOriginalExpr.qll +++ b/swift/ql/lib/codeql/swift/elements/expr/LinearFunctionExtractOriginalExpr.qll @@ -1,4 +1,4 @@ // generated by codegen/codegen.py, remove this comment if you wish to edit this file private import codeql.swift.generated.expr.LinearFunctionExtractOriginalExpr -class LinearFunctionExtractOriginalExpr extends LinearFunctionExtractOriginalExprBase { } +class LinearFunctionExtractOriginalExpr extends Generated::LinearFunctionExtractOriginalExpr { } diff --git a/swift/ql/lib/codeql/swift/elements/expr/LinearToDifferentiableFunctionExpr.qll b/swift/ql/lib/codeql/swift/elements/expr/LinearToDifferentiableFunctionExpr.qll index 8db032afbbd..c593605fb71 100644 --- a/swift/ql/lib/codeql/swift/elements/expr/LinearToDifferentiableFunctionExpr.qll +++ b/swift/ql/lib/codeql/swift/elements/expr/LinearToDifferentiableFunctionExpr.qll @@ -1,4 +1,4 @@ // generated by codegen/codegen.py, remove this comment if you wish to edit this file private import codeql.swift.generated.expr.LinearToDifferentiableFunctionExpr -class LinearToDifferentiableFunctionExpr extends LinearToDifferentiableFunctionExprBase { } +class LinearToDifferentiableFunctionExpr extends Generated::LinearToDifferentiableFunctionExpr { } diff --git a/swift/ql/lib/codeql/swift/elements/expr/LiteralExpr.qll b/swift/ql/lib/codeql/swift/elements/expr/LiteralExpr.qll index def5c1d6a0e..7aeca19c41b 100644 --- a/swift/ql/lib/codeql/swift/elements/expr/LiteralExpr.qll +++ b/swift/ql/lib/codeql/swift/elements/expr/LiteralExpr.qll @@ -1,4 +1,4 @@ // generated by codegen/codegen.py, remove this comment if you wish to edit this file private import codeql.swift.generated.expr.LiteralExpr -class LiteralExpr extends LiteralExprBase { } +class LiteralExpr extends Generated::LiteralExpr { } diff --git a/swift/ql/lib/codeql/swift/elements/expr/LoadExpr.qll b/swift/ql/lib/codeql/swift/elements/expr/LoadExpr.qll index 14e08725b1e..0c12f8fbe23 100644 --- a/swift/ql/lib/codeql/swift/elements/expr/LoadExpr.qll +++ b/swift/ql/lib/codeql/swift/elements/expr/LoadExpr.qll @@ -1,4 +1,4 @@ // generated by codegen/codegen.py, remove this comment if you wish to edit this file private import codeql.swift.generated.expr.LoadExpr -class LoadExpr extends LoadExprBase { } +class LoadExpr extends Generated::LoadExpr { } diff --git a/swift/ql/lib/codeql/swift/elements/expr/LookupExpr.qll b/swift/ql/lib/codeql/swift/elements/expr/LookupExpr.qll index 65f508fe7c5..70d65277439 100644 --- a/swift/ql/lib/codeql/swift/elements/expr/LookupExpr.qll +++ b/swift/ql/lib/codeql/swift/elements/expr/LookupExpr.qll @@ -1,4 +1,4 @@ // generated by codegen/codegen.py, remove this comment if you wish to edit this file private import codeql.swift.generated.expr.LookupExpr -class LookupExpr extends LookupExprBase { } +class LookupExpr extends Generated::LookupExpr { } diff --git a/swift/ql/lib/codeql/swift/elements/expr/MagicIdentifierLiteralExpr.qll b/swift/ql/lib/codeql/swift/elements/expr/MagicIdentifierLiteralExpr.qll index fd435f47dce..3d8014a2540 100644 --- a/swift/ql/lib/codeql/swift/elements/expr/MagicIdentifierLiteralExpr.qll +++ b/swift/ql/lib/codeql/swift/elements/expr/MagicIdentifierLiteralExpr.qll @@ -1,5 +1,5 @@ private import codeql.swift.generated.expr.MagicIdentifierLiteralExpr -class MagicIdentifierLiteralExpr extends MagicIdentifierLiteralExprBase { +class MagicIdentifierLiteralExpr extends Generated::MagicIdentifierLiteralExpr { override string toString() { result = "#..." } } diff --git a/swift/ql/lib/codeql/swift/elements/expr/MakeTemporarilyEscapableExpr.qll b/swift/ql/lib/codeql/swift/elements/expr/MakeTemporarilyEscapableExpr.qll index 342a799e1c9..a38e5b3ad29 100644 --- a/swift/ql/lib/codeql/swift/elements/expr/MakeTemporarilyEscapableExpr.qll +++ b/swift/ql/lib/codeql/swift/elements/expr/MakeTemporarilyEscapableExpr.qll @@ -1,5 +1,5 @@ private import codeql.swift.generated.expr.MakeTemporarilyEscapableExpr -class MakeTemporarilyEscapableExpr extends MakeTemporarilyEscapableExprBase { +class MakeTemporarilyEscapableExpr extends Generated::MakeTemporarilyEscapableExpr { override string toString() { result = this.getSubExpr().toString() } } diff --git a/swift/ql/lib/codeql/swift/elements/expr/MemberRefExpr.qll b/swift/ql/lib/codeql/swift/elements/expr/MemberRefExpr.qll index fa56b0b8fba..acbe3cb943c 100644 --- a/swift/ql/lib/codeql/swift/elements/expr/MemberRefExpr.qll +++ b/swift/ql/lib/codeql/swift/elements/expr/MemberRefExpr.qll @@ -1,5 +1,5 @@ private import codeql.swift.generated.expr.MemberRefExpr -class MemberRefExpr extends MemberRefExprBase { +class MemberRefExpr extends Generated::MemberRefExpr { override string toString() { result = "." + this.getMember().toString() } } diff --git a/swift/ql/lib/codeql/swift/elements/expr/MetatypeConversionExpr.qll b/swift/ql/lib/codeql/swift/elements/expr/MetatypeConversionExpr.qll index d92172286a0..ca4a608370d 100644 --- a/swift/ql/lib/codeql/swift/elements/expr/MetatypeConversionExpr.qll +++ b/swift/ql/lib/codeql/swift/elements/expr/MetatypeConversionExpr.qll @@ -1,4 +1,4 @@ // generated by codegen/codegen.py, remove this comment if you wish to edit this file private import codeql.swift.generated.expr.MetatypeConversionExpr -class MetatypeConversionExpr extends MetatypeConversionExprBase { } +class MetatypeConversionExpr extends Generated::MetatypeConversionExpr { } diff --git a/swift/ql/lib/codeql/swift/elements/expr/MethodRefExpr.qll b/swift/ql/lib/codeql/swift/elements/expr/MethodRefExpr.qll index 4b44e05b415..8fd6eb32098 100644 --- a/swift/ql/lib/codeql/swift/elements/expr/MethodRefExpr.qll +++ b/swift/ql/lib/codeql/swift/elements/expr/MethodRefExpr.qll @@ -5,7 +5,7 @@ private import codeql.swift.elements.decl.AbstractFunctionDecl private import codeql.swift.generated.Raw private import codeql.swift.generated.Synth -class MethodRefExpr extends MethodRefExprBase { +class MethodRefExpr extends Generated::MethodRefExpr { override string toString() { result = "." + this.getMember().toString() } override Expr getImmediateBase() { diff --git a/swift/ql/lib/codeql/swift/elements/expr/NilLiteralExpr.qll b/swift/ql/lib/codeql/swift/elements/expr/NilLiteralExpr.qll index a2e2281888f..6f264279f1e 100644 --- a/swift/ql/lib/codeql/swift/elements/expr/NilLiteralExpr.qll +++ b/swift/ql/lib/codeql/swift/elements/expr/NilLiteralExpr.qll @@ -1,5 +1,5 @@ private import codeql.swift.generated.expr.NilLiteralExpr -class NilLiteralExpr extends NilLiteralExprBase { +class NilLiteralExpr extends Generated::NilLiteralExpr { override string toString() { result = "nil" } } diff --git a/swift/ql/lib/codeql/swift/elements/expr/NumberLiteralExpr.qll b/swift/ql/lib/codeql/swift/elements/expr/NumberLiteralExpr.qll index ca2171b2cac..2eae7fe3907 100644 --- a/swift/ql/lib/codeql/swift/elements/expr/NumberLiteralExpr.qll +++ b/swift/ql/lib/codeql/swift/elements/expr/NumberLiteralExpr.qll @@ -1,4 +1,4 @@ // generated by codegen/codegen.py, remove this comment if you wish to edit this file private import codeql.swift.generated.expr.NumberLiteralExpr -class NumberLiteralExpr extends NumberLiteralExprBase { } +class NumberLiteralExpr extends Generated::NumberLiteralExpr { } diff --git a/swift/ql/lib/codeql/swift/elements/expr/ObjCSelectorExpr.qll b/swift/ql/lib/codeql/swift/elements/expr/ObjCSelectorExpr.qll index 45ccb04ee55..f57555858da 100644 --- a/swift/ql/lib/codeql/swift/elements/expr/ObjCSelectorExpr.qll +++ b/swift/ql/lib/codeql/swift/elements/expr/ObjCSelectorExpr.qll @@ -1,5 +1,5 @@ private import codeql.swift.generated.expr.ObjCSelectorExpr -class ObjCSelectorExpr extends ObjCSelectorExprBase { +class ObjCSelectorExpr extends Generated::ObjCSelectorExpr { override string toString() { result = "#selector(...)" } } diff --git a/swift/ql/lib/codeql/swift/elements/expr/ObjectLiteralExpr.qll b/swift/ql/lib/codeql/swift/elements/expr/ObjectLiteralExpr.qll index 61e2408c79c..16adb0d7086 100644 --- a/swift/ql/lib/codeql/swift/elements/expr/ObjectLiteralExpr.qll +++ b/swift/ql/lib/codeql/swift/elements/expr/ObjectLiteralExpr.qll @@ -1,6 +1,6 @@ private import codeql.swift.generated.expr.ObjectLiteralExpr -class ObjectLiteralExpr extends ObjectLiteralExprBase { +class ObjectLiteralExpr extends Generated::ObjectLiteralExpr { override string toString() { result = "#...(...)" // TOOD: We can improve this once we extract the kind } diff --git a/swift/ql/lib/codeql/swift/elements/expr/OneWayExpr.qll b/swift/ql/lib/codeql/swift/elements/expr/OneWayExpr.qll index 34d507570df..27efdd4d402 100644 --- a/swift/ql/lib/codeql/swift/elements/expr/OneWayExpr.qll +++ b/swift/ql/lib/codeql/swift/elements/expr/OneWayExpr.qll @@ -1,6 +1,6 @@ private import codeql.swift.generated.expr.OneWayExpr -class OneWayExpr extends OneWayExprBase { +class OneWayExpr extends Generated::OneWayExpr { override predicate convertsFrom(Expr e) { e = this.getImmediateSubExpr() } override string toString() { result = this.getSubExpr().toString() } diff --git a/swift/ql/lib/codeql/swift/elements/expr/OpaqueValueExpr.qll b/swift/ql/lib/codeql/swift/elements/expr/OpaqueValueExpr.qll index 699113fa3c7..4aa8f41679f 100644 --- a/swift/ql/lib/codeql/swift/elements/expr/OpaqueValueExpr.qll +++ b/swift/ql/lib/codeql/swift/elements/expr/OpaqueValueExpr.qll @@ -1,4 +1,4 @@ // generated by codegen/codegen.py, remove this comment if you wish to edit this file private import codeql.swift.generated.expr.OpaqueValueExpr -class OpaqueValueExpr extends OpaqueValueExprBase { } +class OpaqueValueExpr extends Generated::OpaqueValueExpr { } diff --git a/swift/ql/lib/codeql/swift/elements/expr/OpenExistentialExpr.qll b/swift/ql/lib/codeql/swift/elements/expr/OpenExistentialExpr.qll index 7beaa9c602b..b665ede6cdb 100644 --- a/swift/ql/lib/codeql/swift/elements/expr/OpenExistentialExpr.qll +++ b/swift/ql/lib/codeql/swift/elements/expr/OpenExistentialExpr.qll @@ -1,4 +1,4 @@ // generated by codegen/codegen.py, remove this comment if you wish to edit this file private import codeql.swift.generated.expr.OpenExistentialExpr -class OpenExistentialExpr extends OpenExistentialExprBase { } +class OpenExistentialExpr extends Generated::OpenExistentialExpr { } diff --git a/swift/ql/lib/codeql/swift/elements/expr/OptionalEvaluationExpr.qll b/swift/ql/lib/codeql/swift/elements/expr/OptionalEvaluationExpr.qll index 67e06f809b9..1b70a92c300 100644 --- a/swift/ql/lib/codeql/swift/elements/expr/OptionalEvaluationExpr.qll +++ b/swift/ql/lib/codeql/swift/elements/expr/OptionalEvaluationExpr.qll @@ -1,4 +1,4 @@ // generated by codegen/codegen.py, remove this comment if you wish to edit this file private import codeql.swift.generated.expr.OptionalEvaluationExpr -class OptionalEvaluationExpr extends OptionalEvaluationExprBase { } +class OptionalEvaluationExpr extends Generated::OptionalEvaluationExpr { } diff --git a/swift/ql/lib/codeql/swift/elements/expr/OptionalTryExpr.qll b/swift/ql/lib/codeql/swift/elements/expr/OptionalTryExpr.qll index eb643b70079..98388c78858 100644 --- a/swift/ql/lib/codeql/swift/elements/expr/OptionalTryExpr.qll +++ b/swift/ql/lib/codeql/swift/elements/expr/OptionalTryExpr.qll @@ -1,5 +1,5 @@ private import codeql.swift.generated.expr.OptionalTryExpr -class OptionalTryExpr extends OptionalTryExprBase { +class OptionalTryExpr extends Generated::OptionalTryExpr { override string toString() { result = "try? ..." } } diff --git a/swift/ql/lib/codeql/swift/elements/expr/OtherConstructorDeclRefExpr.qll b/swift/ql/lib/codeql/swift/elements/expr/OtherConstructorDeclRefExpr.qll index b8498e4fa8d..b8fcee3f8d0 100644 --- a/swift/ql/lib/codeql/swift/elements/expr/OtherConstructorDeclRefExpr.qll +++ b/swift/ql/lib/codeql/swift/elements/expr/OtherConstructorDeclRefExpr.qll @@ -1,5 +1,5 @@ private import codeql.swift.generated.expr.OtherConstructorDeclRefExpr -class OtherConstructorDeclRefExpr extends OtherConstructorDeclRefExprBase { +class OtherConstructorDeclRefExpr extends Generated::OtherConstructorDeclRefExpr { override string toString() { result = this.getConstructorDecl().toString() } } diff --git a/swift/ql/lib/codeql/swift/elements/expr/OverloadSetRefExpr.qll b/swift/ql/lib/codeql/swift/elements/expr/OverloadSetRefExpr.qll index 0a4818b6da8..4ca53d89473 100644 --- a/swift/ql/lib/codeql/swift/elements/expr/OverloadSetRefExpr.qll +++ b/swift/ql/lib/codeql/swift/elements/expr/OverloadSetRefExpr.qll @@ -1,4 +1,4 @@ // generated by codegen/codegen.py, remove this comment if you wish to edit this file private import codeql.swift.generated.expr.OverloadSetRefExpr -class OverloadSetRefExpr extends OverloadSetRefExprBase { } +class OverloadSetRefExpr extends Generated::OverloadSetRefExpr { } diff --git a/swift/ql/lib/codeql/swift/elements/expr/OverloadedDeclRefExpr.qll b/swift/ql/lib/codeql/swift/elements/expr/OverloadedDeclRefExpr.qll index 2066218ec98..47172c6ff00 100644 --- a/swift/ql/lib/codeql/swift/elements/expr/OverloadedDeclRefExpr.qll +++ b/swift/ql/lib/codeql/swift/elements/expr/OverloadedDeclRefExpr.qll @@ -1,4 +1,4 @@ // generated by codegen/codegen.py, remove this comment if you wish to edit this file private import codeql.swift.generated.expr.OverloadedDeclRefExpr -class OverloadedDeclRefExpr extends OverloadedDeclRefExprBase { } +class OverloadedDeclRefExpr extends Generated::OverloadedDeclRefExpr { } diff --git a/swift/ql/lib/codeql/swift/elements/expr/PackExpr.qll b/swift/ql/lib/codeql/swift/elements/expr/PackExpr.qll index df071095960..444bf3298bb 100644 --- a/swift/ql/lib/codeql/swift/elements/expr/PackExpr.qll +++ b/swift/ql/lib/codeql/swift/elements/expr/PackExpr.qll @@ -1,4 +1,4 @@ // generated by codegen/codegen.py, remove this comment if you wish to edit this file private import codeql.swift.generated.expr.PackExpr -class PackExpr extends PackExprBase { } +class PackExpr extends Generated::PackExpr { } diff --git a/swift/ql/lib/codeql/swift/elements/expr/ParenExpr.qll b/swift/ql/lib/codeql/swift/elements/expr/ParenExpr.qll index 763a7106b98..072f47dd1bd 100644 --- a/swift/ql/lib/codeql/swift/elements/expr/ParenExpr.qll +++ b/swift/ql/lib/codeql/swift/elements/expr/ParenExpr.qll @@ -1,5 +1,5 @@ private import codeql.swift.generated.expr.ParenExpr -class ParenExpr extends ParenExprBase { +class ParenExpr extends Generated::ParenExpr { override string toString() { result = "(...)" } } diff --git a/swift/ql/lib/codeql/swift/elements/expr/PointerToPointerExpr.qll b/swift/ql/lib/codeql/swift/elements/expr/PointerToPointerExpr.qll index 929cd71c8c1..a10468970fc 100644 --- a/swift/ql/lib/codeql/swift/elements/expr/PointerToPointerExpr.qll +++ b/swift/ql/lib/codeql/swift/elements/expr/PointerToPointerExpr.qll @@ -1,4 +1,4 @@ // generated by codegen/codegen.py, remove this comment if you wish to edit this file private import codeql.swift.generated.expr.PointerToPointerExpr -class PointerToPointerExpr extends PointerToPointerExprBase { } +class PointerToPointerExpr extends Generated::PointerToPointerExpr { } diff --git a/swift/ql/lib/codeql/swift/elements/expr/PostfixUnaryExpr.qll b/swift/ql/lib/codeql/swift/elements/expr/PostfixUnaryExpr.qll index 062ddd9d30f..46742454650 100644 --- a/swift/ql/lib/codeql/swift/elements/expr/PostfixUnaryExpr.qll +++ b/swift/ql/lib/codeql/swift/elements/expr/PostfixUnaryExpr.qll @@ -1,4 +1,4 @@ // generated by codegen/codegen.py, remove this comment if you wish to edit this file private import codeql.swift.generated.expr.PostfixUnaryExpr -class PostfixUnaryExpr extends PostfixUnaryExprBase { } +class PostfixUnaryExpr extends Generated::PostfixUnaryExpr { } diff --git a/swift/ql/lib/codeql/swift/elements/expr/PrefixUnaryExpr.qll b/swift/ql/lib/codeql/swift/elements/expr/PrefixUnaryExpr.qll index 3fc6c822adf..b9a1ecd4ee9 100644 --- a/swift/ql/lib/codeql/swift/elements/expr/PrefixUnaryExpr.qll +++ b/swift/ql/lib/codeql/swift/elements/expr/PrefixUnaryExpr.qll @@ -1,6 +1,6 @@ private import codeql.swift.generated.expr.PrefixUnaryExpr private import codeql.swift.elements.expr.Expr -class PrefixUnaryExpr extends PrefixUnaryExprBase { +class PrefixUnaryExpr extends Generated::PrefixUnaryExpr { Expr getOperand() { result = this.getAnArgument().getExpr() } } diff --git a/swift/ql/lib/codeql/swift/elements/expr/PropertyWrapperValuePlaceholderExpr.qll b/swift/ql/lib/codeql/swift/elements/expr/PropertyWrapperValuePlaceholderExpr.qll index 19e2dc67199..b8499d8b5a9 100644 --- a/swift/ql/lib/codeql/swift/elements/expr/PropertyWrapperValuePlaceholderExpr.qll +++ b/swift/ql/lib/codeql/swift/elements/expr/PropertyWrapperValuePlaceholderExpr.qll @@ -1,4 +1,4 @@ // generated by codegen/codegen.py, remove this comment if you wish to edit this file private import codeql.swift.generated.expr.PropertyWrapperValuePlaceholderExpr -class PropertyWrapperValuePlaceholderExpr extends PropertyWrapperValuePlaceholderExprBase { } +class PropertyWrapperValuePlaceholderExpr extends Generated::PropertyWrapperValuePlaceholderExpr { } diff --git a/swift/ql/lib/codeql/swift/elements/expr/ProtocolMetatypeToObjectExpr.qll b/swift/ql/lib/codeql/swift/elements/expr/ProtocolMetatypeToObjectExpr.qll index 7e29233190c..d16cb8bf562 100644 --- a/swift/ql/lib/codeql/swift/elements/expr/ProtocolMetatypeToObjectExpr.qll +++ b/swift/ql/lib/codeql/swift/elements/expr/ProtocolMetatypeToObjectExpr.qll @@ -1,4 +1,4 @@ // generated by codegen/codegen.py, remove this comment if you wish to edit this file private import codeql.swift.generated.expr.ProtocolMetatypeToObjectExpr -class ProtocolMetatypeToObjectExpr extends ProtocolMetatypeToObjectExprBase { } +class ProtocolMetatypeToObjectExpr extends Generated::ProtocolMetatypeToObjectExpr { } diff --git a/swift/ql/lib/codeql/swift/elements/expr/RebindSelfInConstructorExpr.qll b/swift/ql/lib/codeql/swift/elements/expr/RebindSelfInConstructorExpr.qll index 8f42cf72c9e..17eefdac6c4 100644 --- a/swift/ql/lib/codeql/swift/elements/expr/RebindSelfInConstructorExpr.qll +++ b/swift/ql/lib/codeql/swift/elements/expr/RebindSelfInConstructorExpr.qll @@ -1,5 +1,5 @@ private import codeql.swift.generated.expr.RebindSelfInConstructorExpr -class RebindSelfInConstructorExpr extends RebindSelfInConstructorExprBase { +class RebindSelfInConstructorExpr extends Generated::RebindSelfInConstructorExpr { override string toString() { result = "self = ..." } } diff --git a/swift/ql/lib/codeql/swift/elements/expr/RegexLiteralExpr.qll b/swift/ql/lib/codeql/swift/elements/expr/RegexLiteralExpr.qll index dcb91129ca7..6976310f6f3 100644 --- a/swift/ql/lib/codeql/swift/elements/expr/RegexLiteralExpr.qll +++ b/swift/ql/lib/codeql/swift/elements/expr/RegexLiteralExpr.qll @@ -1,6 +1,6 @@ private import codeql.swift.generated.expr.RegexLiteralExpr -class RegexLiteralExpr extends RegexLiteralExprBase { +class RegexLiteralExpr extends Generated::RegexLiteralExpr { override string toString() { result = "..." // TODO: We can improve this once we extract the regex } diff --git a/swift/ql/lib/codeql/swift/elements/expr/ReifyPackExpr.qll b/swift/ql/lib/codeql/swift/elements/expr/ReifyPackExpr.qll index 8b9b4fcb64f..83d2c573fc9 100644 --- a/swift/ql/lib/codeql/swift/elements/expr/ReifyPackExpr.qll +++ b/swift/ql/lib/codeql/swift/elements/expr/ReifyPackExpr.qll @@ -1,4 +1,4 @@ // generated by codegen/codegen.py, remove this comment if you wish to edit this file private import codeql.swift.generated.expr.ReifyPackExpr -class ReifyPackExpr extends ReifyPackExprBase { } +class ReifyPackExpr extends Generated::ReifyPackExpr { } diff --git a/swift/ql/lib/codeql/swift/elements/expr/SelfApplyExpr.qll b/swift/ql/lib/codeql/swift/elements/expr/SelfApplyExpr.qll index dda4557a8ca..2521780e74d 100644 --- a/swift/ql/lib/codeql/swift/elements/expr/SelfApplyExpr.qll +++ b/swift/ql/lib/codeql/swift/elements/expr/SelfApplyExpr.qll @@ -1,4 +1,4 @@ // generated by codegen/codegen.py, remove this comment if you wish to edit this file private import codeql.swift.generated.expr.SelfApplyExpr -class SelfApplyExpr extends SelfApplyExprBase { } +class SelfApplyExpr extends Generated::SelfApplyExpr { } diff --git a/swift/ql/lib/codeql/swift/elements/expr/SequenceExpr.qll b/swift/ql/lib/codeql/swift/elements/expr/SequenceExpr.qll index eb72faeab26..970d3e3a200 100644 --- a/swift/ql/lib/codeql/swift/elements/expr/SequenceExpr.qll +++ b/swift/ql/lib/codeql/swift/elements/expr/SequenceExpr.qll @@ -1,4 +1,4 @@ // generated by codegen/codegen.py, remove this comment if you wish to edit this file private import codeql.swift.generated.expr.SequenceExpr -class SequenceExpr extends SequenceExprBase { } +class SequenceExpr extends Generated::SequenceExpr { } diff --git a/swift/ql/lib/codeql/swift/elements/expr/StringLiteralExpr.qll b/swift/ql/lib/codeql/swift/elements/expr/StringLiteralExpr.qll index 23b5dbab7bd..288eae6ea63 100644 --- a/swift/ql/lib/codeql/swift/elements/expr/StringLiteralExpr.qll +++ b/swift/ql/lib/codeql/swift/elements/expr/StringLiteralExpr.qll @@ -1,5 +1,5 @@ private import codeql.swift.generated.expr.StringLiteralExpr -class StringLiteralExpr extends StringLiteralExprBase { +class StringLiteralExpr extends Generated::StringLiteralExpr { override string toString() { result = this.getValue() } } diff --git a/swift/ql/lib/codeql/swift/elements/expr/StringToPointerExpr.qll b/swift/ql/lib/codeql/swift/elements/expr/StringToPointerExpr.qll index 04b21548988..5f9c74e4dc9 100644 --- a/swift/ql/lib/codeql/swift/elements/expr/StringToPointerExpr.qll +++ b/swift/ql/lib/codeql/swift/elements/expr/StringToPointerExpr.qll @@ -1,4 +1,4 @@ // generated by codegen/codegen.py, remove this comment if you wish to edit this file private import codeql.swift.generated.expr.StringToPointerExpr -class StringToPointerExpr extends StringToPointerExprBase { } +class StringToPointerExpr extends Generated::StringToPointerExpr { } diff --git a/swift/ql/lib/codeql/swift/elements/expr/SubscriptExpr.qll b/swift/ql/lib/codeql/swift/elements/expr/SubscriptExpr.qll index 4d681e189de..143e18523f8 100644 --- a/swift/ql/lib/codeql/swift/elements/expr/SubscriptExpr.qll +++ b/swift/ql/lib/codeql/swift/elements/expr/SubscriptExpr.qll @@ -1,6 +1,6 @@ private import codeql.swift.generated.expr.SubscriptExpr -class SubscriptExpr extends SubscriptExprBase { +class SubscriptExpr extends Generated::SubscriptExpr { Argument getFirstArgument() { exists(int i | result = this.getArgument(i) and diff --git a/swift/ql/lib/codeql/swift/elements/expr/SuperRefExpr.qll b/swift/ql/lib/codeql/swift/elements/expr/SuperRefExpr.qll index 2a2def26a84..401acca9945 100644 --- a/swift/ql/lib/codeql/swift/elements/expr/SuperRefExpr.qll +++ b/swift/ql/lib/codeql/swift/elements/expr/SuperRefExpr.qll @@ -1,5 +1,5 @@ private import codeql.swift.generated.expr.SuperRefExpr -class SuperRefExpr extends SuperRefExprBase { +class SuperRefExpr extends Generated::SuperRefExpr { override string toString() { result = "super" } } diff --git a/swift/ql/lib/codeql/swift/elements/expr/TapExpr.qll b/swift/ql/lib/codeql/swift/elements/expr/TapExpr.qll index e200b613823..9dc8f0a44a4 100644 --- a/swift/ql/lib/codeql/swift/elements/expr/TapExpr.qll +++ b/swift/ql/lib/codeql/swift/elements/expr/TapExpr.qll @@ -8,4 +8,4 @@ private import codeql.swift.generated.expr.TapExpr * 2. Execute `e.getBody()` which potentially modifies the local variable. * 3. Return the value of the local variable. */ -class TapExpr extends TapExprBase { } +class TapExpr extends Generated::TapExpr { } diff --git a/swift/ql/lib/codeql/swift/elements/expr/TryExpr.qll b/swift/ql/lib/codeql/swift/elements/expr/TryExpr.qll index 76a23bb2a7b..88f3955ba45 100644 --- a/swift/ql/lib/codeql/swift/elements/expr/TryExpr.qll +++ b/swift/ql/lib/codeql/swift/elements/expr/TryExpr.qll @@ -1,5 +1,5 @@ private import codeql.swift.generated.expr.TryExpr -class TryExpr extends TryExprBase { +class TryExpr extends Generated::TryExpr { override string toString() { result = "try ..." } } diff --git a/swift/ql/lib/codeql/swift/elements/expr/TupleElementExpr.qll b/swift/ql/lib/codeql/swift/elements/expr/TupleElementExpr.qll index f021deae540..cb6dbc5d7c4 100644 --- a/swift/ql/lib/codeql/swift/elements/expr/TupleElementExpr.qll +++ b/swift/ql/lib/codeql/swift/elements/expr/TupleElementExpr.qll @@ -1,6 +1,6 @@ private import codeql.swift.generated.expr.TupleElementExpr -class TupleElementExpr extends TupleElementExprBase { +class TupleElementExpr extends Generated::TupleElementExpr { override string toString() { result = "." + this.getIndex() // TODO: Can be improved once we extract the name } diff --git a/swift/ql/lib/codeql/swift/elements/expr/TupleExpr.qll b/swift/ql/lib/codeql/swift/elements/expr/TupleExpr.qll index c8465638645..0431ad5eb58 100644 --- a/swift/ql/lib/codeql/swift/elements/expr/TupleExpr.qll +++ b/swift/ql/lib/codeql/swift/elements/expr/TupleExpr.qll @@ -1,5 +1,5 @@ private import codeql.swift.generated.expr.TupleExpr -class TupleExpr extends TupleExprBase { +class TupleExpr extends Generated::TupleExpr { override string toString() { result = "(...)" } } diff --git a/swift/ql/lib/codeql/swift/elements/expr/TypeExpr.qll b/swift/ql/lib/codeql/swift/elements/expr/TypeExpr.qll index ad9077a4c25..1930c055f1c 100644 --- a/swift/ql/lib/codeql/swift/elements/expr/TypeExpr.qll +++ b/swift/ql/lib/codeql/swift/elements/expr/TypeExpr.qll @@ -1,5 +1,5 @@ private import codeql.swift.generated.expr.TypeExpr -class TypeExpr extends TypeExprBase { +class TypeExpr extends Generated::TypeExpr { override string toString() { result = this.getType().toString() } } diff --git a/swift/ql/lib/codeql/swift/elements/expr/UnderlyingToOpaqueExpr.qll b/swift/ql/lib/codeql/swift/elements/expr/UnderlyingToOpaqueExpr.qll index 24a5365e1fb..18208c04bdf 100644 --- a/swift/ql/lib/codeql/swift/elements/expr/UnderlyingToOpaqueExpr.qll +++ b/swift/ql/lib/codeql/swift/elements/expr/UnderlyingToOpaqueExpr.qll @@ -1,4 +1,4 @@ // generated by codegen/codegen.py, remove this comment if you wish to edit this file private import codeql.swift.generated.expr.UnderlyingToOpaqueExpr -class UnderlyingToOpaqueExpr extends UnderlyingToOpaqueExprBase { } +class UnderlyingToOpaqueExpr extends Generated::UnderlyingToOpaqueExpr { } diff --git a/swift/ql/lib/codeql/swift/elements/expr/UnevaluatedInstanceExpr.qll b/swift/ql/lib/codeql/swift/elements/expr/UnevaluatedInstanceExpr.qll index 25beeb6bf22..35949e24102 100644 --- a/swift/ql/lib/codeql/swift/elements/expr/UnevaluatedInstanceExpr.qll +++ b/swift/ql/lib/codeql/swift/elements/expr/UnevaluatedInstanceExpr.qll @@ -1,4 +1,4 @@ // generated by codegen/codegen.py, remove this comment if you wish to edit this file private import codeql.swift.generated.expr.UnevaluatedInstanceExpr -class UnevaluatedInstanceExpr extends UnevaluatedInstanceExprBase { } +class UnevaluatedInstanceExpr extends Generated::UnevaluatedInstanceExpr { } diff --git a/swift/ql/lib/codeql/swift/elements/expr/UnresolvedDeclRefExpr.qll b/swift/ql/lib/codeql/swift/elements/expr/UnresolvedDeclRefExpr.qll index 3cbe55fe9a6..c82a4f92248 100644 --- a/swift/ql/lib/codeql/swift/elements/expr/UnresolvedDeclRefExpr.qll +++ b/swift/ql/lib/codeql/swift/elements/expr/UnresolvedDeclRefExpr.qll @@ -1,6 +1,6 @@ private import codeql.swift.generated.expr.UnresolvedDeclRefExpr -class UnresolvedDeclRefExpr extends UnresolvedDeclRefExprBase { +class UnresolvedDeclRefExpr extends Generated::UnresolvedDeclRefExpr { override string toString() { result = getName() + " (unresolved)" or diff --git a/swift/ql/lib/codeql/swift/elements/expr/UnresolvedDotExpr.qll b/swift/ql/lib/codeql/swift/elements/expr/UnresolvedDotExpr.qll index 315a4d42231..7c0fefc3ba9 100644 --- a/swift/ql/lib/codeql/swift/elements/expr/UnresolvedDotExpr.qll +++ b/swift/ql/lib/codeql/swift/elements/expr/UnresolvedDotExpr.qll @@ -1,5 +1,5 @@ private import codeql.swift.generated.expr.UnresolvedDotExpr -class UnresolvedDotExpr extends UnresolvedDotExprBase { +class UnresolvedDotExpr extends Generated::UnresolvedDotExpr { override string toString() { result = "... ." + getName() } } diff --git a/swift/ql/lib/codeql/swift/elements/expr/UnresolvedMemberChainResultExpr.qll b/swift/ql/lib/codeql/swift/elements/expr/UnresolvedMemberChainResultExpr.qll index 9632eb15408..88238ecdc25 100644 --- a/swift/ql/lib/codeql/swift/elements/expr/UnresolvedMemberChainResultExpr.qll +++ b/swift/ql/lib/codeql/swift/elements/expr/UnresolvedMemberChainResultExpr.qll @@ -1,4 +1,4 @@ // generated by codegen/codegen.py, remove this comment if you wish to edit this file private import codeql.swift.generated.expr.UnresolvedMemberChainResultExpr -class UnresolvedMemberChainResultExpr extends UnresolvedMemberChainResultExprBase { } +class UnresolvedMemberChainResultExpr extends Generated::UnresolvedMemberChainResultExpr { } diff --git a/swift/ql/lib/codeql/swift/elements/expr/UnresolvedMemberExpr.qll b/swift/ql/lib/codeql/swift/elements/expr/UnresolvedMemberExpr.qll index 9e8ef3e6379..835496fc5be 100644 --- a/swift/ql/lib/codeql/swift/elements/expr/UnresolvedMemberExpr.qll +++ b/swift/ql/lib/codeql/swift/elements/expr/UnresolvedMemberExpr.qll @@ -1,4 +1,4 @@ // generated by codegen/codegen.py, remove this comment if you wish to edit this file private import codeql.swift.generated.expr.UnresolvedMemberExpr -class UnresolvedMemberExpr extends UnresolvedMemberExprBase { } +class UnresolvedMemberExpr extends Generated::UnresolvedMemberExpr { } diff --git a/swift/ql/lib/codeql/swift/elements/expr/UnresolvedPatternExpr.qll b/swift/ql/lib/codeql/swift/elements/expr/UnresolvedPatternExpr.qll index adee187b3d7..96c93e0737a 100644 --- a/swift/ql/lib/codeql/swift/elements/expr/UnresolvedPatternExpr.qll +++ b/swift/ql/lib/codeql/swift/elements/expr/UnresolvedPatternExpr.qll @@ -1,4 +1,4 @@ // generated by codegen/codegen.py, remove this comment if you wish to edit this file private import codeql.swift.generated.expr.UnresolvedPatternExpr -class UnresolvedPatternExpr extends UnresolvedPatternExprBase { } +class UnresolvedPatternExpr extends Generated::UnresolvedPatternExpr { } diff --git a/swift/ql/lib/codeql/swift/elements/expr/UnresolvedSpecializeExpr.qll b/swift/ql/lib/codeql/swift/elements/expr/UnresolvedSpecializeExpr.qll index 0971f55a0d9..58b7c4afc45 100644 --- a/swift/ql/lib/codeql/swift/elements/expr/UnresolvedSpecializeExpr.qll +++ b/swift/ql/lib/codeql/swift/elements/expr/UnresolvedSpecializeExpr.qll @@ -1,4 +1,4 @@ // generated by codegen/codegen.py, remove this comment if you wish to edit this file private import codeql.swift.generated.expr.UnresolvedSpecializeExpr -class UnresolvedSpecializeExpr extends UnresolvedSpecializeExprBase { } +class UnresolvedSpecializeExpr extends Generated::UnresolvedSpecializeExpr { } diff --git a/swift/ql/lib/codeql/swift/elements/expr/UnresolvedTypeConversionExpr.qll b/swift/ql/lib/codeql/swift/elements/expr/UnresolvedTypeConversionExpr.qll index 694d83c0543..d7b326f4479 100644 --- a/swift/ql/lib/codeql/swift/elements/expr/UnresolvedTypeConversionExpr.qll +++ b/swift/ql/lib/codeql/swift/elements/expr/UnresolvedTypeConversionExpr.qll @@ -1,4 +1,4 @@ // generated by codegen/codegen.py, remove this comment if you wish to edit this file private import codeql.swift.generated.expr.UnresolvedTypeConversionExpr -class UnresolvedTypeConversionExpr extends UnresolvedTypeConversionExprBase { } +class UnresolvedTypeConversionExpr extends Generated::UnresolvedTypeConversionExpr { } diff --git a/swift/ql/lib/codeql/swift/elements/expr/VarargExpansionExpr.qll b/swift/ql/lib/codeql/swift/elements/expr/VarargExpansionExpr.qll index 200c8735f07..2547237c1e8 100644 --- a/swift/ql/lib/codeql/swift/elements/expr/VarargExpansionExpr.qll +++ b/swift/ql/lib/codeql/swift/elements/expr/VarargExpansionExpr.qll @@ -1,5 +1,5 @@ private import codeql.swift.generated.expr.VarargExpansionExpr -class VarargExpansionExpr extends VarargExpansionExprBase { +class VarargExpansionExpr extends Generated::VarargExpansionExpr { override string toString() { result = this.getSubExpr().toString() } } diff --git a/swift/ql/lib/codeql/swift/elements/pattern/AnyPattern.qll b/swift/ql/lib/codeql/swift/elements/pattern/AnyPattern.qll index f2f62d42906..0f57e9c7f83 100644 --- a/swift/ql/lib/codeql/swift/elements/pattern/AnyPattern.qll +++ b/swift/ql/lib/codeql/swift/elements/pattern/AnyPattern.qll @@ -1,5 +1,5 @@ private import codeql.swift.generated.pattern.AnyPattern -class AnyPattern extends AnyPatternBase { +class AnyPattern extends Generated::AnyPattern { override string toString() { result = "_" } } diff --git a/swift/ql/lib/codeql/swift/elements/pattern/BindingPattern.qll b/swift/ql/lib/codeql/swift/elements/pattern/BindingPattern.qll index ef081d052c6..b8422f49dfb 100644 --- a/swift/ql/lib/codeql/swift/elements/pattern/BindingPattern.qll +++ b/swift/ql/lib/codeql/swift/elements/pattern/BindingPattern.qll @@ -1,5 +1,5 @@ private import codeql.swift.generated.pattern.BindingPattern -class BindingPattern extends BindingPatternBase { +class BindingPattern extends Generated::BindingPattern { override string toString() { result = "let ..." } } diff --git a/swift/ql/lib/codeql/swift/elements/pattern/BoolPattern.qll b/swift/ql/lib/codeql/swift/elements/pattern/BoolPattern.qll index 5fa2ec249a8..bbe3e57291f 100644 --- a/swift/ql/lib/codeql/swift/elements/pattern/BoolPattern.qll +++ b/swift/ql/lib/codeql/swift/elements/pattern/BoolPattern.qll @@ -1,5 +1,5 @@ private import codeql.swift.generated.pattern.BoolPattern -class BoolPattern extends BoolPatternBase { +class BoolPattern extends Generated::BoolPattern { override string toString() { result = this.getValue().toString() } } diff --git a/swift/ql/lib/codeql/swift/elements/pattern/EnumElementPattern.qll b/swift/ql/lib/codeql/swift/elements/pattern/EnumElementPattern.qll index 0244bce6cd3..b7d97a03a53 100644 --- a/swift/ql/lib/codeql/swift/elements/pattern/EnumElementPattern.qll +++ b/swift/ql/lib/codeql/swift/elements/pattern/EnumElementPattern.qll @@ -1,6 +1,6 @@ private import codeql.swift.generated.pattern.EnumElementPattern -class EnumElementPattern extends EnumElementPatternBase { +class EnumElementPattern extends Generated::EnumElementPattern { override string toString() { if this.hasSubPattern() then result = "." + this.getElement().toString() + "(...)" diff --git a/swift/ql/lib/codeql/swift/elements/pattern/ExprPattern.qll b/swift/ql/lib/codeql/swift/elements/pattern/ExprPattern.qll index 97b14263e06..16e0d3f024b 100644 --- a/swift/ql/lib/codeql/swift/elements/pattern/ExprPattern.qll +++ b/swift/ql/lib/codeql/swift/elements/pattern/ExprPattern.qll @@ -1,5 +1,5 @@ private import codeql.swift.generated.pattern.ExprPattern -class ExprPattern extends ExprPatternBase { +class ExprPattern extends Generated::ExprPattern { override string toString() { result = "=~ ..." } } diff --git a/swift/ql/lib/codeql/swift/elements/pattern/IsPattern.qll b/swift/ql/lib/codeql/swift/elements/pattern/IsPattern.qll index b1a9594c927..c594952d83f 100644 --- a/swift/ql/lib/codeql/swift/elements/pattern/IsPattern.qll +++ b/swift/ql/lib/codeql/swift/elements/pattern/IsPattern.qll @@ -1,5 +1,5 @@ private import codeql.swift.generated.pattern.IsPattern -class IsPattern extends IsPatternBase { +class IsPattern extends Generated::IsPattern { override string toString() { result = "... is ..." } } diff --git a/swift/ql/lib/codeql/swift/elements/pattern/NamedPattern.qll b/swift/ql/lib/codeql/swift/elements/pattern/NamedPattern.qll index 7f980677196..29e77edc5b5 100644 --- a/swift/ql/lib/codeql/swift/elements/pattern/NamedPattern.qll +++ b/swift/ql/lib/codeql/swift/elements/pattern/NamedPattern.qll @@ -1,5 +1,5 @@ private import codeql.swift.generated.pattern.NamedPattern -class NamedPattern extends NamedPatternBase { +class NamedPattern extends Generated::NamedPattern { override string toString() { result = this.getName() } } diff --git a/swift/ql/lib/codeql/swift/elements/pattern/OptionalSomePattern.qll b/swift/ql/lib/codeql/swift/elements/pattern/OptionalSomePattern.qll index 9fb71e55d6f..870e24766a0 100644 --- a/swift/ql/lib/codeql/swift/elements/pattern/OptionalSomePattern.qll +++ b/swift/ql/lib/codeql/swift/elements/pattern/OptionalSomePattern.qll @@ -1,5 +1,5 @@ private import codeql.swift.generated.pattern.OptionalSomePattern -class OptionalSomePattern extends OptionalSomePatternBase { +class OptionalSomePattern extends Generated::OptionalSomePattern { override string toString() { result = "let ...?" } } diff --git a/swift/ql/lib/codeql/swift/elements/pattern/ParenPattern.qll b/swift/ql/lib/codeql/swift/elements/pattern/ParenPattern.qll index adb902ef12a..f936edf0d3d 100644 --- a/swift/ql/lib/codeql/swift/elements/pattern/ParenPattern.qll +++ b/swift/ql/lib/codeql/swift/elements/pattern/ParenPattern.qll @@ -1,6 +1,6 @@ private import codeql.swift.generated.pattern.ParenPattern -class ParenPattern extends ParenPatternBase { +class ParenPattern extends Generated::ParenPattern { final override Pattern getResolveStep() { result = getImmediateSubPattern() } override string toString() { result = "(...)" } diff --git a/swift/ql/lib/codeql/swift/elements/pattern/Pattern.qll b/swift/ql/lib/codeql/swift/elements/pattern/Pattern.qll index c28623881dd..7388d7836e7 100644 --- a/swift/ql/lib/codeql/swift/elements/pattern/Pattern.qll +++ b/swift/ql/lib/codeql/swift/elements/pattern/Pattern.qll @@ -1,4 +1,4 @@ // generated by codegen/codegen.py, remove this comment if you wish to edit this file private import codeql.swift.generated.pattern.Pattern -class Pattern extends PatternBase { } +class Pattern extends Generated::Pattern { } diff --git a/swift/ql/lib/codeql/swift/elements/pattern/TuplePattern.qll b/swift/ql/lib/codeql/swift/elements/pattern/TuplePattern.qll index fcd7f7fc238..03579631ca0 100644 --- a/swift/ql/lib/codeql/swift/elements/pattern/TuplePattern.qll +++ b/swift/ql/lib/codeql/swift/elements/pattern/TuplePattern.qll @@ -1,6 +1,6 @@ private import codeql.swift.generated.pattern.TuplePattern -class TuplePattern extends TuplePatternBase { +class TuplePattern extends Generated::TuplePattern { Pattern getFirstElement() { result = this.getElement(0) } Pattern getLastElement() { diff --git a/swift/ql/lib/codeql/swift/elements/pattern/TypedPattern.qll b/swift/ql/lib/codeql/swift/elements/pattern/TypedPattern.qll index 728dede4977..852437a60f1 100644 --- a/swift/ql/lib/codeql/swift/elements/pattern/TypedPattern.qll +++ b/swift/ql/lib/codeql/swift/elements/pattern/TypedPattern.qll @@ -1,6 +1,6 @@ private import codeql.swift.generated.pattern.TypedPattern -class TypedPattern extends TypedPatternBase { +class TypedPattern extends Generated::TypedPattern { override string toString() { if exists(this.getSubPattern()) then result = "... as ..." else result = "is ..." } diff --git a/swift/ql/lib/codeql/swift/elements/stmt/BraceStmt.qll b/swift/ql/lib/codeql/swift/elements/stmt/BraceStmt.qll index d22afad3efa..7922c1fb47f 100644 --- a/swift/ql/lib/codeql/swift/elements/stmt/BraceStmt.qll +++ b/swift/ql/lib/codeql/swift/elements/stmt/BraceStmt.qll @@ -1,6 +1,6 @@ private import codeql.swift.generated.stmt.BraceStmt -class BraceStmt extends BraceStmtBase { +class BraceStmt extends Generated::BraceStmt { AstNode getFirstElement() { result = this.getElement(0) } AstNode getLastElement() { diff --git a/swift/ql/lib/codeql/swift/elements/stmt/BreakStmt.qll b/swift/ql/lib/codeql/swift/elements/stmt/BreakStmt.qll index 02caf1b8cc8..a92663eb724 100644 --- a/swift/ql/lib/codeql/swift/elements/stmt/BreakStmt.qll +++ b/swift/ql/lib/codeql/swift/elements/stmt/BreakStmt.qll @@ -1,6 +1,6 @@ private import codeql.swift.generated.stmt.BreakStmt -class BreakStmt extends BreakStmtBase { +class BreakStmt extends Generated::BreakStmt { override string toString() { result = "break " + this.getTargetName() or diff --git a/swift/ql/lib/codeql/swift/elements/stmt/CaseLabelItem.qll b/swift/ql/lib/codeql/swift/elements/stmt/CaseLabelItem.qll index 8a8ea2e358e..bdd176d322a 100644 --- a/swift/ql/lib/codeql/swift/elements/stmt/CaseLabelItem.qll +++ b/swift/ql/lib/codeql/swift/elements/stmt/CaseLabelItem.qll @@ -1,6 +1,6 @@ private import codeql.swift.generated.stmt.CaseLabelItem -class CaseLabelItem extends CaseLabelItemBase { +class CaseLabelItem extends Generated::CaseLabelItem { override string toString() { if this.hasGuard() then result = this.getPattern().toString() + " where ..." diff --git a/swift/ql/lib/codeql/swift/elements/stmt/CaseStmt.qll b/swift/ql/lib/codeql/swift/elements/stmt/CaseStmt.qll index b2f3d5d952f..6236178ebb3 100644 --- a/swift/ql/lib/codeql/swift/elements/stmt/CaseStmt.qll +++ b/swift/ql/lib/codeql/swift/elements/stmt/CaseStmt.qll @@ -1,6 +1,6 @@ private import codeql.swift.generated.stmt.CaseStmt -class CaseStmt extends CaseStmtBase { +class CaseStmt extends Generated::CaseStmt { CaseLabelItem getFirstLabel() { result = this.getLabel(0) } CaseLabelItem getLastLabel() { diff --git a/swift/ql/lib/codeql/swift/elements/stmt/ConditionElement.qll b/swift/ql/lib/codeql/swift/elements/stmt/ConditionElement.qll index e7fa7159d0d..03ec93baf9a 100644 --- a/swift/ql/lib/codeql/swift/elements/stmt/ConditionElement.qll +++ b/swift/ql/lib/codeql/swift/elements/stmt/ConditionElement.qll @@ -1,7 +1,7 @@ private import codeql.swift.generated.stmt.ConditionElement private import codeql.swift.elements.AstNode -class ConditionElement extends ConditionElementBase { +class ConditionElement extends Generated::ConditionElement { override string toString() { result = this.getBoolean().toString() or diff --git a/swift/ql/lib/codeql/swift/elements/stmt/ContinueStmt.qll b/swift/ql/lib/codeql/swift/elements/stmt/ContinueStmt.qll index 9e0dbc7eb65..44311720dd6 100644 --- a/swift/ql/lib/codeql/swift/elements/stmt/ContinueStmt.qll +++ b/swift/ql/lib/codeql/swift/elements/stmt/ContinueStmt.qll @@ -1,6 +1,6 @@ private import codeql.swift.generated.stmt.ContinueStmt -class ContinueStmt extends ContinueStmtBase { +class ContinueStmt extends Generated::ContinueStmt { override string toString() { result = "continue " + this.getTargetName() or diff --git a/swift/ql/lib/codeql/swift/elements/stmt/DeferStmt.qll b/swift/ql/lib/codeql/swift/elements/stmt/DeferStmt.qll index 017b13e6d59..2f10e417506 100644 --- a/swift/ql/lib/codeql/swift/elements/stmt/DeferStmt.qll +++ b/swift/ql/lib/codeql/swift/elements/stmt/DeferStmt.qll @@ -1,5 +1,5 @@ private import codeql.swift.generated.stmt.DeferStmt -class DeferStmt extends DeferStmtBase { +class DeferStmt extends Generated::DeferStmt { override string toString() { result = "defer { ... }" } } diff --git a/swift/ql/lib/codeql/swift/elements/stmt/DoCatchStmt.qll b/swift/ql/lib/codeql/swift/elements/stmt/DoCatchStmt.qll index c9fa1f85794..3795087b97b 100644 --- a/swift/ql/lib/codeql/swift/elements/stmt/DoCatchStmt.qll +++ b/swift/ql/lib/codeql/swift/elements/stmt/DoCatchStmt.qll @@ -1,6 +1,6 @@ private import codeql.swift.generated.stmt.DoCatchStmt -class DoCatchStmt extends DoCatchStmtBase { +class DoCatchStmt extends Generated::DoCatchStmt { CaseStmt getFirstCatch() { result = this.getCatch(0) } CaseStmt getLastCatch() { diff --git a/swift/ql/lib/codeql/swift/elements/stmt/DoStmt.qll b/swift/ql/lib/codeql/swift/elements/stmt/DoStmt.qll index 057abb1d8c5..275f5dd53ad 100644 --- a/swift/ql/lib/codeql/swift/elements/stmt/DoStmt.qll +++ b/swift/ql/lib/codeql/swift/elements/stmt/DoStmt.qll @@ -1,5 +1,5 @@ private import codeql.swift.generated.stmt.DoStmt -class DoStmt extends DoStmtBase { +class DoStmt extends Generated::DoStmt { override string toString() { result = "do { ... }" } } diff --git a/swift/ql/lib/codeql/swift/elements/stmt/FailStmt.qll b/swift/ql/lib/codeql/swift/elements/stmt/FailStmt.qll index c6ca7a0c923..8fa73e170c8 100644 --- a/swift/ql/lib/codeql/swift/elements/stmt/FailStmt.qll +++ b/swift/ql/lib/codeql/swift/elements/stmt/FailStmt.qll @@ -1,5 +1,5 @@ private import codeql.swift.generated.stmt.FailStmt -class FailStmt extends FailStmtBase { +class FailStmt extends Generated::FailStmt { override string toString() { result = "fail" } } diff --git a/swift/ql/lib/codeql/swift/elements/stmt/FallthroughStmt.qll b/swift/ql/lib/codeql/swift/elements/stmt/FallthroughStmt.qll index 50a81c511f2..8ee330c72f9 100644 --- a/swift/ql/lib/codeql/swift/elements/stmt/FallthroughStmt.qll +++ b/swift/ql/lib/codeql/swift/elements/stmt/FallthroughStmt.qll @@ -1,5 +1,5 @@ private import codeql.swift.generated.stmt.FallthroughStmt -class FallthroughStmt extends FallthroughStmtBase { +class FallthroughStmt extends Generated::FallthroughStmt { override string toString() { result = "fallthrough" } } diff --git a/swift/ql/lib/codeql/swift/elements/stmt/ForEachStmt.qll b/swift/ql/lib/codeql/swift/elements/stmt/ForEachStmt.qll index 9024cea2cd2..ef260f1c92e 100644 --- a/swift/ql/lib/codeql/swift/elements/stmt/ForEachStmt.qll +++ b/swift/ql/lib/codeql/swift/elements/stmt/ForEachStmt.qll @@ -1,6 +1,6 @@ private import codeql.swift.generated.stmt.ForEachStmt -class ForEachStmt extends ForEachStmtBase { +class ForEachStmt extends Generated::ForEachStmt { override string toString() { if this.hasWhere() then result = "for ... in ... where ... { ... }" diff --git a/swift/ql/lib/codeql/swift/elements/stmt/GuardStmt.qll b/swift/ql/lib/codeql/swift/elements/stmt/GuardStmt.qll index d2955b3d294..f3566ec4074 100644 --- a/swift/ql/lib/codeql/swift/elements/stmt/GuardStmt.qll +++ b/swift/ql/lib/codeql/swift/elements/stmt/GuardStmt.qll @@ -1,5 +1,5 @@ private import codeql.swift.generated.stmt.GuardStmt -class GuardStmt extends GuardStmtBase { +class GuardStmt extends Generated::GuardStmt { override string toString() { result = "guard ... else { ... }" } } diff --git a/swift/ql/lib/codeql/swift/elements/stmt/IfStmt.qll b/swift/ql/lib/codeql/swift/elements/stmt/IfStmt.qll index d7b274f3d21..79da7b24414 100644 --- a/swift/ql/lib/codeql/swift/elements/stmt/IfStmt.qll +++ b/swift/ql/lib/codeql/swift/elements/stmt/IfStmt.qll @@ -1,7 +1,7 @@ private import codeql.swift.generated.stmt.IfStmt private import codeql.swift.elements.stmt.ConditionElement -class IfStmt extends IfStmtBase { +class IfStmt extends Generated::IfStmt { ConditionElement getACondition() { result = this.getCondition(_) } ConditionElement getCondition(int i) { result = this.getCondition().getElement(i) } diff --git a/swift/ql/lib/codeql/swift/elements/stmt/LabeledConditionalStmt.qll b/swift/ql/lib/codeql/swift/elements/stmt/LabeledConditionalStmt.qll index 54c4a9c3391..9fcf5616cf8 100644 --- a/swift/ql/lib/codeql/swift/elements/stmt/LabeledConditionalStmt.qll +++ b/swift/ql/lib/codeql/swift/elements/stmt/LabeledConditionalStmt.qll @@ -1,4 +1,4 @@ // generated by codegen/codegen.py, remove this comment if you wish to edit this file private import codeql.swift.generated.stmt.LabeledConditionalStmt -class LabeledConditionalStmt extends LabeledConditionalStmtBase { } +class LabeledConditionalStmt extends Generated::LabeledConditionalStmt { } diff --git a/swift/ql/lib/codeql/swift/elements/stmt/LabeledStmt.qll b/swift/ql/lib/codeql/swift/elements/stmt/LabeledStmt.qll index 77bbe2129ad..1d31de51b88 100644 --- a/swift/ql/lib/codeql/swift/elements/stmt/LabeledStmt.qll +++ b/swift/ql/lib/codeql/swift/elements/stmt/LabeledStmt.qll @@ -1,5 +1,5 @@ private import codeql.swift.generated.stmt.LabeledStmt -class LabeledStmt extends LabeledStmtBase { +class LabeledStmt extends Generated::LabeledStmt { override string toString() { result = this.getLabel() + ": ..." } } diff --git a/swift/ql/lib/codeql/swift/elements/stmt/PoundAssertStmt.qll b/swift/ql/lib/codeql/swift/elements/stmt/PoundAssertStmt.qll index f2d9f2d74df..ed35a59f8ee 100644 --- a/swift/ql/lib/codeql/swift/elements/stmt/PoundAssertStmt.qll +++ b/swift/ql/lib/codeql/swift/elements/stmt/PoundAssertStmt.qll @@ -1,5 +1,5 @@ private import codeql.swift.generated.stmt.PoundAssertStmt -class PoundAssertStmt extends PoundAssertStmtBase { +class PoundAssertStmt extends Generated::PoundAssertStmt { override string toString() { result = "#assert ..." } } diff --git a/swift/ql/lib/codeql/swift/elements/stmt/RepeatWhileStmt.qll b/swift/ql/lib/codeql/swift/elements/stmt/RepeatWhileStmt.qll index 6bc3c44ec3a..a21ed2c89ec 100644 --- a/swift/ql/lib/codeql/swift/elements/stmt/RepeatWhileStmt.qll +++ b/swift/ql/lib/codeql/swift/elements/stmt/RepeatWhileStmt.qll @@ -1,5 +1,5 @@ private import codeql.swift.generated.stmt.RepeatWhileStmt -class RepeatWhileStmt extends RepeatWhileStmtBase { +class RepeatWhileStmt extends Generated::RepeatWhileStmt { override string toString() { result = "repeat { ... } while ... " } } diff --git a/swift/ql/lib/codeql/swift/elements/stmt/ReturnStmt.qll b/swift/ql/lib/codeql/swift/elements/stmt/ReturnStmt.qll index ba3762a23bc..9ee511913b1 100644 --- a/swift/ql/lib/codeql/swift/elements/stmt/ReturnStmt.qll +++ b/swift/ql/lib/codeql/swift/elements/stmt/ReturnStmt.qll @@ -1,6 +1,6 @@ private import codeql.swift.generated.stmt.ReturnStmt -class ReturnStmt extends ReturnStmtBase { +class ReturnStmt extends Generated::ReturnStmt { override string toString() { if this.hasResult() then result = "return ..." else result = "return" } diff --git a/swift/ql/lib/codeql/swift/elements/stmt/Stmt.qll b/swift/ql/lib/codeql/swift/elements/stmt/Stmt.qll index fb7aaa9bf0e..bb98d195845 100644 --- a/swift/ql/lib/codeql/swift/elements/stmt/Stmt.qll +++ b/swift/ql/lib/codeql/swift/elements/stmt/Stmt.qll @@ -1,4 +1,4 @@ // generated by codegen/codegen.py, remove this comment if you wish to edit this file private import codeql.swift.generated.stmt.Stmt -class Stmt extends StmtBase { } +class Stmt extends Generated::Stmt { } diff --git a/swift/ql/lib/codeql/swift/elements/stmt/StmtCondition.qll b/swift/ql/lib/codeql/swift/elements/stmt/StmtCondition.qll index 9f7d4db9929..8344a631eee 100644 --- a/swift/ql/lib/codeql/swift/elements/stmt/StmtCondition.qll +++ b/swift/ql/lib/codeql/swift/elements/stmt/StmtCondition.qll @@ -1,6 +1,6 @@ private import codeql.swift.generated.stmt.StmtCondition -class StmtCondition extends StmtConditionBase { +class StmtCondition extends Generated::StmtCondition { ConditionElement getFirstElement() { result = this.getElement(0) } ConditionElement getLastElement() { diff --git a/swift/ql/lib/codeql/swift/elements/stmt/SwitchStmt.qll b/swift/ql/lib/codeql/swift/elements/stmt/SwitchStmt.qll index e71a211d69f..41c531b2311 100644 --- a/swift/ql/lib/codeql/swift/elements/stmt/SwitchStmt.qll +++ b/swift/ql/lib/codeql/swift/elements/stmt/SwitchStmt.qll @@ -1,6 +1,6 @@ private import codeql.swift.generated.stmt.SwitchStmt -class SwitchStmt extends SwitchStmtBase { +class SwitchStmt extends Generated::SwitchStmt { CaseStmt getFirstCase() { result = this.getCase(0) } CaseStmt getLastCase() { diff --git a/swift/ql/lib/codeql/swift/elements/stmt/ThrowStmt.qll b/swift/ql/lib/codeql/swift/elements/stmt/ThrowStmt.qll index 9296fd4d05c..74c5058c2d0 100644 --- a/swift/ql/lib/codeql/swift/elements/stmt/ThrowStmt.qll +++ b/swift/ql/lib/codeql/swift/elements/stmt/ThrowStmt.qll @@ -1,5 +1,5 @@ private import codeql.swift.generated.stmt.ThrowStmt -class ThrowStmt extends ThrowStmtBase { +class ThrowStmt extends Generated::ThrowStmt { override string toString() { result = "throw ..." } } diff --git a/swift/ql/lib/codeql/swift/elements/stmt/WhileStmt.qll b/swift/ql/lib/codeql/swift/elements/stmt/WhileStmt.qll index 28ff0bc1f66..89eec1e4c64 100644 --- a/swift/ql/lib/codeql/swift/elements/stmt/WhileStmt.qll +++ b/swift/ql/lib/codeql/swift/elements/stmt/WhileStmt.qll @@ -1,5 +1,5 @@ private import codeql.swift.generated.stmt.WhileStmt -class WhileStmt extends WhileStmtBase { +class WhileStmt extends Generated::WhileStmt { override string toString() { result = "while ... { ... }" } } diff --git a/swift/ql/lib/codeql/swift/elements/stmt/YieldStmt.qll b/swift/ql/lib/codeql/swift/elements/stmt/YieldStmt.qll index 6380e6ddb61..9c830c5e655 100644 --- a/swift/ql/lib/codeql/swift/elements/stmt/YieldStmt.qll +++ b/swift/ql/lib/codeql/swift/elements/stmt/YieldStmt.qll @@ -1,5 +1,5 @@ private import codeql.swift.generated.stmt.YieldStmt -class YieldStmt extends YieldStmtBase { +class YieldStmt extends Generated::YieldStmt { override string toString() { result = "yield ..." } } diff --git a/swift/ql/lib/codeql/swift/elements/type/AnyBuiltinIntegerType.qll b/swift/ql/lib/codeql/swift/elements/type/AnyBuiltinIntegerType.qll index 20039a87c10..a078b13e819 100644 --- a/swift/ql/lib/codeql/swift/elements/type/AnyBuiltinIntegerType.qll +++ b/swift/ql/lib/codeql/swift/elements/type/AnyBuiltinIntegerType.qll @@ -1,4 +1,4 @@ // generated by codegen/codegen.py, remove this comment if you wish to edit this file private import codeql.swift.generated.type.AnyBuiltinIntegerType -class AnyBuiltinIntegerType extends AnyBuiltinIntegerTypeBase { } +class AnyBuiltinIntegerType extends Generated::AnyBuiltinIntegerType { } diff --git a/swift/ql/lib/codeql/swift/elements/type/AnyFunctionType.qll b/swift/ql/lib/codeql/swift/elements/type/AnyFunctionType.qll index db15a0242fb..8047831a479 100644 --- a/swift/ql/lib/codeql/swift/elements/type/AnyFunctionType.qll +++ b/swift/ql/lib/codeql/swift/elements/type/AnyFunctionType.qll @@ -1,4 +1,4 @@ // generated by codegen/codegen.py, remove this comment if you wish to edit this file private import codeql.swift.generated.type.AnyFunctionType -class AnyFunctionType extends AnyFunctionTypeBase { } +class AnyFunctionType extends Generated::AnyFunctionType { } diff --git a/swift/ql/lib/codeql/swift/elements/type/AnyGenericType.qll b/swift/ql/lib/codeql/swift/elements/type/AnyGenericType.qll index 1dac1499152..b075d1f4fde 100644 --- a/swift/ql/lib/codeql/swift/elements/type/AnyGenericType.qll +++ b/swift/ql/lib/codeql/swift/elements/type/AnyGenericType.qll @@ -1,4 +1,4 @@ // generated by codegen/codegen.py, remove this comment if you wish to edit this file private import codeql.swift.generated.type.AnyGenericType -class AnyGenericType extends AnyGenericTypeBase { } +class AnyGenericType extends Generated::AnyGenericType { } diff --git a/swift/ql/lib/codeql/swift/elements/type/AnyMetatypeType.qll b/swift/ql/lib/codeql/swift/elements/type/AnyMetatypeType.qll index 17c5c4a5f7f..2f588a4d10c 100644 --- a/swift/ql/lib/codeql/swift/elements/type/AnyMetatypeType.qll +++ b/swift/ql/lib/codeql/swift/elements/type/AnyMetatypeType.qll @@ -1,4 +1,4 @@ // generated by codegen/codegen.py, remove this comment if you wish to edit this file private import codeql.swift.generated.type.AnyMetatypeType -class AnyMetatypeType extends AnyMetatypeTypeBase { } +class AnyMetatypeType extends Generated::AnyMetatypeType { } diff --git a/swift/ql/lib/codeql/swift/elements/type/ArchetypeType.qll b/swift/ql/lib/codeql/swift/elements/type/ArchetypeType.qll index 9df11089169..517e91336b6 100644 --- a/swift/ql/lib/codeql/swift/elements/type/ArchetypeType.qll +++ b/swift/ql/lib/codeql/swift/elements/type/ArchetypeType.qll @@ -1,4 +1,4 @@ // generated by codegen/codegen.py, remove this comment if you wish to edit this file private import codeql.swift.generated.type.ArchetypeType -class ArchetypeType extends ArchetypeTypeBase { } +class ArchetypeType extends Generated::ArchetypeType { } diff --git a/swift/ql/lib/codeql/swift/elements/type/ArraySliceType.qll b/swift/ql/lib/codeql/swift/elements/type/ArraySliceType.qll index c7e8e9d90a8..89e612e5158 100644 --- a/swift/ql/lib/codeql/swift/elements/type/ArraySliceType.qll +++ b/swift/ql/lib/codeql/swift/elements/type/ArraySliceType.qll @@ -1,4 +1,4 @@ // generated by codegen/codegen.py, remove this comment if you wish to edit this file private import codeql.swift.generated.type.ArraySliceType -class ArraySliceType extends ArraySliceTypeBase { } +class ArraySliceType extends Generated::ArraySliceType { } diff --git a/swift/ql/lib/codeql/swift/elements/type/BoundGenericClassType.qll b/swift/ql/lib/codeql/swift/elements/type/BoundGenericClassType.qll index f21d398cea5..16b8516923c 100644 --- a/swift/ql/lib/codeql/swift/elements/type/BoundGenericClassType.qll +++ b/swift/ql/lib/codeql/swift/elements/type/BoundGenericClassType.qll @@ -1,4 +1,4 @@ // generated by codegen/codegen.py, remove this comment if you wish to edit this file private import codeql.swift.generated.type.BoundGenericClassType -class BoundGenericClassType extends BoundGenericClassTypeBase { } +class BoundGenericClassType extends Generated::BoundGenericClassType { } diff --git a/swift/ql/lib/codeql/swift/elements/type/BoundGenericEnumType.qll b/swift/ql/lib/codeql/swift/elements/type/BoundGenericEnumType.qll index ecc5556f50e..605ad3eda68 100644 --- a/swift/ql/lib/codeql/swift/elements/type/BoundGenericEnumType.qll +++ b/swift/ql/lib/codeql/swift/elements/type/BoundGenericEnumType.qll @@ -1,4 +1,4 @@ // generated by codegen/codegen.py, remove this comment if you wish to edit this file private import codeql.swift.generated.type.BoundGenericEnumType -class BoundGenericEnumType extends BoundGenericEnumTypeBase { } +class BoundGenericEnumType extends Generated::BoundGenericEnumType { } diff --git a/swift/ql/lib/codeql/swift/elements/type/BoundGenericStructType.qll b/swift/ql/lib/codeql/swift/elements/type/BoundGenericStructType.qll index c680bef2a64..70729ce1883 100644 --- a/swift/ql/lib/codeql/swift/elements/type/BoundGenericStructType.qll +++ b/swift/ql/lib/codeql/swift/elements/type/BoundGenericStructType.qll @@ -1,4 +1,4 @@ // generated by codegen/codegen.py, remove this comment if you wish to edit this file private import codeql.swift.generated.type.BoundGenericStructType -class BoundGenericStructType extends BoundGenericStructTypeBase { } +class BoundGenericStructType extends Generated::BoundGenericStructType { } diff --git a/swift/ql/lib/codeql/swift/elements/type/BoundGenericType.qll b/swift/ql/lib/codeql/swift/elements/type/BoundGenericType.qll index 011ef8af1ff..094f78d2e45 100644 --- a/swift/ql/lib/codeql/swift/elements/type/BoundGenericType.qll +++ b/swift/ql/lib/codeql/swift/elements/type/BoundGenericType.qll @@ -1,4 +1,4 @@ // generated by codegen/codegen.py, remove this comment if you wish to edit this file private import codeql.swift.generated.type.BoundGenericType -class BoundGenericType extends BoundGenericTypeBase { } +class BoundGenericType extends Generated::BoundGenericType { } diff --git a/swift/ql/lib/codeql/swift/elements/type/BuiltinBridgeObjectType.qll b/swift/ql/lib/codeql/swift/elements/type/BuiltinBridgeObjectType.qll index fa99caf26a3..b54a03865fe 100644 --- a/swift/ql/lib/codeql/swift/elements/type/BuiltinBridgeObjectType.qll +++ b/swift/ql/lib/codeql/swift/elements/type/BuiltinBridgeObjectType.qll @@ -1,4 +1,4 @@ // generated by codegen/codegen.py, remove this comment if you wish to edit this file private import codeql.swift.generated.type.BuiltinBridgeObjectType -class BuiltinBridgeObjectType extends BuiltinBridgeObjectTypeBase { } +class BuiltinBridgeObjectType extends Generated::BuiltinBridgeObjectType { } diff --git a/swift/ql/lib/codeql/swift/elements/type/BuiltinDefaultActorStorageType.qll b/swift/ql/lib/codeql/swift/elements/type/BuiltinDefaultActorStorageType.qll index fe99dd581bf..88405181d52 100644 --- a/swift/ql/lib/codeql/swift/elements/type/BuiltinDefaultActorStorageType.qll +++ b/swift/ql/lib/codeql/swift/elements/type/BuiltinDefaultActorStorageType.qll @@ -1,4 +1,4 @@ // generated by codegen/codegen.py, remove this comment if you wish to edit this file private import codeql.swift.generated.type.BuiltinDefaultActorStorageType -class BuiltinDefaultActorStorageType extends BuiltinDefaultActorStorageTypeBase { } +class BuiltinDefaultActorStorageType extends Generated::BuiltinDefaultActorStorageType { } diff --git a/swift/ql/lib/codeql/swift/elements/type/BuiltinExecutorType.qll b/swift/ql/lib/codeql/swift/elements/type/BuiltinExecutorType.qll index 12634702f41..069f89b22cf 100644 --- a/swift/ql/lib/codeql/swift/elements/type/BuiltinExecutorType.qll +++ b/swift/ql/lib/codeql/swift/elements/type/BuiltinExecutorType.qll @@ -1,4 +1,4 @@ // generated by codegen/codegen.py, remove this comment if you wish to edit this file private import codeql.swift.generated.type.BuiltinExecutorType -class BuiltinExecutorType extends BuiltinExecutorTypeBase { } +class BuiltinExecutorType extends Generated::BuiltinExecutorType { } diff --git a/swift/ql/lib/codeql/swift/elements/type/BuiltinFloatType.qll b/swift/ql/lib/codeql/swift/elements/type/BuiltinFloatType.qll index ff597765617..777d5ecdf83 100644 --- a/swift/ql/lib/codeql/swift/elements/type/BuiltinFloatType.qll +++ b/swift/ql/lib/codeql/swift/elements/type/BuiltinFloatType.qll @@ -1,4 +1,4 @@ // generated by codegen/codegen.py, remove this comment if you wish to edit this file private import codeql.swift.generated.type.BuiltinFloatType -class BuiltinFloatType extends BuiltinFloatTypeBase { } +class BuiltinFloatType extends Generated::BuiltinFloatType { } diff --git a/swift/ql/lib/codeql/swift/elements/type/BuiltinIntegerLiteralType.qll b/swift/ql/lib/codeql/swift/elements/type/BuiltinIntegerLiteralType.qll index bd67fa0ab5c..938a19ae139 100644 --- a/swift/ql/lib/codeql/swift/elements/type/BuiltinIntegerLiteralType.qll +++ b/swift/ql/lib/codeql/swift/elements/type/BuiltinIntegerLiteralType.qll @@ -1,4 +1,4 @@ // generated by codegen/codegen.py, remove this comment if you wish to edit this file private import codeql.swift.generated.type.BuiltinIntegerLiteralType -class BuiltinIntegerLiteralType extends BuiltinIntegerLiteralTypeBase { } +class BuiltinIntegerLiteralType extends Generated::BuiltinIntegerLiteralType { } diff --git a/swift/ql/lib/codeql/swift/elements/type/BuiltinIntegerType.qll b/swift/ql/lib/codeql/swift/elements/type/BuiltinIntegerType.qll index b1eaa6fd78a..75484ad84de 100644 --- a/swift/ql/lib/codeql/swift/elements/type/BuiltinIntegerType.qll +++ b/swift/ql/lib/codeql/swift/elements/type/BuiltinIntegerType.qll @@ -1,4 +1,4 @@ // generated by codegen/codegen.py, remove this comment if you wish to edit this file private import codeql.swift.generated.type.BuiltinIntegerType -class BuiltinIntegerType extends BuiltinIntegerTypeBase { } +class BuiltinIntegerType extends Generated::BuiltinIntegerType { } diff --git a/swift/ql/lib/codeql/swift/elements/type/BuiltinJobType.qll b/swift/ql/lib/codeql/swift/elements/type/BuiltinJobType.qll index 93b860976ad..4767630af8c 100644 --- a/swift/ql/lib/codeql/swift/elements/type/BuiltinJobType.qll +++ b/swift/ql/lib/codeql/swift/elements/type/BuiltinJobType.qll @@ -1,4 +1,4 @@ // generated by codegen/codegen.py, remove this comment if you wish to edit this file private import codeql.swift.generated.type.BuiltinJobType -class BuiltinJobType extends BuiltinJobTypeBase { } +class BuiltinJobType extends Generated::BuiltinJobType { } diff --git a/swift/ql/lib/codeql/swift/elements/type/BuiltinNativeObjectType.qll b/swift/ql/lib/codeql/swift/elements/type/BuiltinNativeObjectType.qll index bcd88b370b9..39fdbcf6561 100644 --- a/swift/ql/lib/codeql/swift/elements/type/BuiltinNativeObjectType.qll +++ b/swift/ql/lib/codeql/swift/elements/type/BuiltinNativeObjectType.qll @@ -1,4 +1,4 @@ // generated by codegen/codegen.py, remove this comment if you wish to edit this file private import codeql.swift.generated.type.BuiltinNativeObjectType -class BuiltinNativeObjectType extends BuiltinNativeObjectTypeBase { } +class BuiltinNativeObjectType extends Generated::BuiltinNativeObjectType { } diff --git a/swift/ql/lib/codeql/swift/elements/type/BuiltinRawPointerType.qll b/swift/ql/lib/codeql/swift/elements/type/BuiltinRawPointerType.qll index 73f188a9398..bb73540aeb4 100644 --- a/swift/ql/lib/codeql/swift/elements/type/BuiltinRawPointerType.qll +++ b/swift/ql/lib/codeql/swift/elements/type/BuiltinRawPointerType.qll @@ -1,4 +1,4 @@ // generated by codegen/codegen.py, remove this comment if you wish to edit this file private import codeql.swift.generated.type.BuiltinRawPointerType -class BuiltinRawPointerType extends BuiltinRawPointerTypeBase { } +class BuiltinRawPointerType extends Generated::BuiltinRawPointerType { } diff --git a/swift/ql/lib/codeql/swift/elements/type/BuiltinRawUnsafeContinuationType.qll b/swift/ql/lib/codeql/swift/elements/type/BuiltinRawUnsafeContinuationType.qll index 02c814b20f8..3352cf70cdf 100644 --- a/swift/ql/lib/codeql/swift/elements/type/BuiltinRawUnsafeContinuationType.qll +++ b/swift/ql/lib/codeql/swift/elements/type/BuiltinRawUnsafeContinuationType.qll @@ -1,4 +1,4 @@ // generated by codegen/codegen.py, remove this comment if you wish to edit this file private import codeql.swift.generated.type.BuiltinRawUnsafeContinuationType -class BuiltinRawUnsafeContinuationType extends BuiltinRawUnsafeContinuationTypeBase { } +class BuiltinRawUnsafeContinuationType extends Generated::BuiltinRawUnsafeContinuationType { } diff --git a/swift/ql/lib/codeql/swift/elements/type/BuiltinType.qll b/swift/ql/lib/codeql/swift/elements/type/BuiltinType.qll index 5e6c65ed00a..391484cf95e 100644 --- a/swift/ql/lib/codeql/swift/elements/type/BuiltinType.qll +++ b/swift/ql/lib/codeql/swift/elements/type/BuiltinType.qll @@ -1,4 +1,4 @@ // generated by codegen/codegen.py, remove this comment if you wish to edit this file private import codeql.swift.generated.type.BuiltinType -class BuiltinType extends BuiltinTypeBase { } +class BuiltinType extends Generated::BuiltinType { } diff --git a/swift/ql/lib/codeql/swift/elements/type/BuiltinUnsafeValueBufferType.qll b/swift/ql/lib/codeql/swift/elements/type/BuiltinUnsafeValueBufferType.qll index 8d4e2c5a781..10f11a8b7ba 100644 --- a/swift/ql/lib/codeql/swift/elements/type/BuiltinUnsafeValueBufferType.qll +++ b/swift/ql/lib/codeql/swift/elements/type/BuiltinUnsafeValueBufferType.qll @@ -1,4 +1,4 @@ // generated by codegen/codegen.py, remove this comment if you wish to edit this file private import codeql.swift.generated.type.BuiltinUnsafeValueBufferType -class BuiltinUnsafeValueBufferType extends BuiltinUnsafeValueBufferTypeBase { } +class BuiltinUnsafeValueBufferType extends Generated::BuiltinUnsafeValueBufferType { } diff --git a/swift/ql/lib/codeql/swift/elements/type/BuiltinVectorType.qll b/swift/ql/lib/codeql/swift/elements/type/BuiltinVectorType.qll index dd8b696c05a..a6430ff374c 100644 --- a/swift/ql/lib/codeql/swift/elements/type/BuiltinVectorType.qll +++ b/swift/ql/lib/codeql/swift/elements/type/BuiltinVectorType.qll @@ -1,4 +1,4 @@ // generated by codegen/codegen.py, remove this comment if you wish to edit this file private import codeql.swift.generated.type.BuiltinVectorType -class BuiltinVectorType extends BuiltinVectorTypeBase { } +class BuiltinVectorType extends Generated::BuiltinVectorType { } diff --git a/swift/ql/lib/codeql/swift/elements/type/ClassType.qll b/swift/ql/lib/codeql/swift/elements/type/ClassType.qll index 224e1694fd3..ef38d58229a 100644 --- a/swift/ql/lib/codeql/swift/elements/type/ClassType.qll +++ b/swift/ql/lib/codeql/swift/elements/type/ClassType.qll @@ -1,4 +1,4 @@ // generated by codegen/codegen.py, remove this comment if you wish to edit this file private import codeql.swift.generated.type.ClassType -class ClassType extends ClassTypeBase { } +class ClassType extends Generated::ClassType { } diff --git a/swift/ql/lib/codeql/swift/elements/type/DependentMemberType.qll b/swift/ql/lib/codeql/swift/elements/type/DependentMemberType.qll index 1ab6a37b188..96e8a474917 100644 --- a/swift/ql/lib/codeql/swift/elements/type/DependentMemberType.qll +++ b/swift/ql/lib/codeql/swift/elements/type/DependentMemberType.qll @@ -1,4 +1,4 @@ // generated by codegen/codegen.py, remove this comment if you wish to edit this file private import codeql.swift.generated.type.DependentMemberType -class DependentMemberType extends DependentMemberTypeBase { } +class DependentMemberType extends Generated::DependentMemberType { } diff --git a/swift/ql/lib/codeql/swift/elements/type/DictionaryType.qll b/swift/ql/lib/codeql/swift/elements/type/DictionaryType.qll index 5007515b07c..dead063bafa 100644 --- a/swift/ql/lib/codeql/swift/elements/type/DictionaryType.qll +++ b/swift/ql/lib/codeql/swift/elements/type/DictionaryType.qll @@ -1,4 +1,4 @@ // generated by codegen/codegen.py, remove this comment if you wish to edit this file private import codeql.swift.generated.type.DictionaryType -class DictionaryType extends DictionaryTypeBase { } +class DictionaryType extends Generated::DictionaryType { } diff --git a/swift/ql/lib/codeql/swift/elements/type/DynamicSelfType.qll b/swift/ql/lib/codeql/swift/elements/type/DynamicSelfType.qll index 1d5923d4aad..f0d7cf63645 100644 --- a/swift/ql/lib/codeql/swift/elements/type/DynamicSelfType.qll +++ b/swift/ql/lib/codeql/swift/elements/type/DynamicSelfType.qll @@ -1,4 +1,4 @@ // generated by codegen/codegen.py, remove this comment if you wish to edit this file private import codeql.swift.generated.type.DynamicSelfType -class DynamicSelfType extends DynamicSelfTypeBase { } +class DynamicSelfType extends Generated::DynamicSelfType { } diff --git a/swift/ql/lib/codeql/swift/elements/type/EnumType.qll b/swift/ql/lib/codeql/swift/elements/type/EnumType.qll index 79b0654629a..77fa3f813ae 100644 --- a/swift/ql/lib/codeql/swift/elements/type/EnumType.qll +++ b/swift/ql/lib/codeql/swift/elements/type/EnumType.qll @@ -1,4 +1,4 @@ // generated by codegen/codegen.py, remove this comment if you wish to edit this file private import codeql.swift.generated.type.EnumType -class EnumType extends EnumTypeBase { } +class EnumType extends Generated::EnumType { } diff --git a/swift/ql/lib/codeql/swift/elements/type/ErrorType.qll b/swift/ql/lib/codeql/swift/elements/type/ErrorType.qll index c63eec4471c..0653be90022 100644 --- a/swift/ql/lib/codeql/swift/elements/type/ErrorType.qll +++ b/swift/ql/lib/codeql/swift/elements/type/ErrorType.qll @@ -1,4 +1,4 @@ // generated by codegen/codegen.py, remove this comment if you wish to edit this file private import codeql.swift.generated.type.ErrorType -class ErrorType extends ErrorTypeBase { } +class ErrorType extends Generated::ErrorType { } diff --git a/swift/ql/lib/codeql/swift/elements/type/ExistentialMetatypeType.qll b/swift/ql/lib/codeql/swift/elements/type/ExistentialMetatypeType.qll index 0e8da0628bc..b4ed4a3402c 100644 --- a/swift/ql/lib/codeql/swift/elements/type/ExistentialMetatypeType.qll +++ b/swift/ql/lib/codeql/swift/elements/type/ExistentialMetatypeType.qll @@ -1,4 +1,4 @@ // generated by codegen/codegen.py, remove this comment if you wish to edit this file private import codeql.swift.generated.type.ExistentialMetatypeType -class ExistentialMetatypeType extends ExistentialMetatypeTypeBase { } +class ExistentialMetatypeType extends Generated::ExistentialMetatypeType { } diff --git a/swift/ql/lib/codeql/swift/elements/type/ExistentialType.qll b/swift/ql/lib/codeql/swift/elements/type/ExistentialType.qll index 6730daf49cf..0618b9619b4 100644 --- a/swift/ql/lib/codeql/swift/elements/type/ExistentialType.qll +++ b/swift/ql/lib/codeql/swift/elements/type/ExistentialType.qll @@ -1,4 +1,4 @@ // generated by codegen/codegen.py, remove this comment if you wish to edit this file private import codeql.swift.generated.type.ExistentialType -class ExistentialType extends ExistentialTypeBase { } +class ExistentialType extends Generated::ExistentialType { } diff --git a/swift/ql/lib/codeql/swift/elements/type/FunctionType.qll b/swift/ql/lib/codeql/swift/elements/type/FunctionType.qll index 9e795e9a008..1a7472156f9 100644 --- a/swift/ql/lib/codeql/swift/elements/type/FunctionType.qll +++ b/swift/ql/lib/codeql/swift/elements/type/FunctionType.qll @@ -1,4 +1,4 @@ // generated by codegen/codegen.py, remove this comment if you wish to edit this file private import codeql.swift.generated.type.FunctionType -class FunctionType extends FunctionTypeBase { } +class FunctionType extends Generated::FunctionType { } diff --git a/swift/ql/lib/codeql/swift/elements/type/GenericFunctionType.qll b/swift/ql/lib/codeql/swift/elements/type/GenericFunctionType.qll index 427e2f22b8a..194591df71a 100644 --- a/swift/ql/lib/codeql/swift/elements/type/GenericFunctionType.qll +++ b/swift/ql/lib/codeql/swift/elements/type/GenericFunctionType.qll @@ -1,4 +1,4 @@ // generated by codegen/codegen.py, remove this comment if you wish to edit this file private import codeql.swift.generated.type.GenericFunctionType -class GenericFunctionType extends GenericFunctionTypeBase { } +class GenericFunctionType extends Generated::GenericFunctionType { } diff --git a/swift/ql/lib/codeql/swift/elements/type/GenericTypeParamType.qll b/swift/ql/lib/codeql/swift/elements/type/GenericTypeParamType.qll index 7b026cf73b4..58d38f80c72 100644 --- a/swift/ql/lib/codeql/swift/elements/type/GenericTypeParamType.qll +++ b/swift/ql/lib/codeql/swift/elements/type/GenericTypeParamType.qll @@ -1,4 +1,4 @@ // generated by codegen/codegen.py, remove this comment if you wish to edit this file private import codeql.swift.generated.type.GenericTypeParamType -class GenericTypeParamType extends GenericTypeParamTypeBase { } +class GenericTypeParamType extends Generated::GenericTypeParamType { } diff --git a/swift/ql/lib/codeql/swift/elements/type/InOutType.qll b/swift/ql/lib/codeql/swift/elements/type/InOutType.qll index d344ded881a..799e304daa6 100644 --- a/swift/ql/lib/codeql/swift/elements/type/InOutType.qll +++ b/swift/ql/lib/codeql/swift/elements/type/InOutType.qll @@ -1,4 +1,4 @@ // generated by codegen/codegen.py, remove this comment if you wish to edit this file private import codeql.swift.generated.type.InOutType -class InOutType extends InOutTypeBase { } +class InOutType extends Generated::InOutType { } diff --git a/swift/ql/lib/codeql/swift/elements/type/LValueType.qll b/swift/ql/lib/codeql/swift/elements/type/LValueType.qll index c8425ea42de..1ce57b2db20 100644 --- a/swift/ql/lib/codeql/swift/elements/type/LValueType.qll +++ b/swift/ql/lib/codeql/swift/elements/type/LValueType.qll @@ -1,4 +1,4 @@ // generated by codegen/codegen.py, remove this comment if you wish to edit this file private import codeql.swift.generated.type.LValueType -class LValueType extends LValueTypeBase { } +class LValueType extends Generated::LValueType { } diff --git a/swift/ql/lib/codeql/swift/elements/type/MetatypeType.qll b/swift/ql/lib/codeql/swift/elements/type/MetatypeType.qll index 05b8b1c0171..1b2976d97c6 100644 --- a/swift/ql/lib/codeql/swift/elements/type/MetatypeType.qll +++ b/swift/ql/lib/codeql/swift/elements/type/MetatypeType.qll @@ -1,4 +1,4 @@ // generated by codegen/codegen.py, remove this comment if you wish to edit this file private import codeql.swift.generated.type.MetatypeType -class MetatypeType extends MetatypeTypeBase { } +class MetatypeType extends Generated::MetatypeType { } diff --git a/swift/ql/lib/codeql/swift/elements/type/ModuleType.qll b/swift/ql/lib/codeql/swift/elements/type/ModuleType.qll index 2716ceb63bf..19b0f3b7376 100644 --- a/swift/ql/lib/codeql/swift/elements/type/ModuleType.qll +++ b/swift/ql/lib/codeql/swift/elements/type/ModuleType.qll @@ -1,4 +1,4 @@ // generated by codegen/codegen.py, remove this comment if you wish to edit this file private import codeql.swift.generated.type.ModuleType -class ModuleType extends ModuleTypeBase { } +class ModuleType extends Generated::ModuleType { } diff --git a/swift/ql/lib/codeql/swift/elements/type/NominalOrBoundGenericNominalType.qll b/swift/ql/lib/codeql/swift/elements/type/NominalOrBoundGenericNominalType.qll index 45b6c084f07..6d457a7d8ec 100644 --- a/swift/ql/lib/codeql/swift/elements/type/NominalOrBoundGenericNominalType.qll +++ b/swift/ql/lib/codeql/swift/elements/type/NominalOrBoundGenericNominalType.qll @@ -1,4 +1,4 @@ // generated by codegen/codegen.py, remove this comment if you wish to edit this file private import codeql.swift.generated.type.NominalOrBoundGenericNominalType -class NominalOrBoundGenericNominalType extends NominalOrBoundGenericNominalTypeBase { } +class NominalOrBoundGenericNominalType extends Generated::NominalOrBoundGenericNominalType { } diff --git a/swift/ql/lib/codeql/swift/elements/type/NominalType.qll b/swift/ql/lib/codeql/swift/elements/type/NominalType.qll index 43893d75bef..7456c18085f 100644 --- a/swift/ql/lib/codeql/swift/elements/type/NominalType.qll +++ b/swift/ql/lib/codeql/swift/elements/type/NominalType.qll @@ -1,7 +1,7 @@ private import codeql.swift.generated.type.NominalType private import codeql.swift.elements.decl.NominalTypeDecl -class NominalType extends NominalTypeBase { +class NominalType extends Generated::NominalType { NominalType getABaseType() { result = this.getDeclaration().(NominalTypeDecl).getABaseType() } NominalType getADerivedType() { result.getABaseType() = this } diff --git a/swift/ql/lib/codeql/swift/elements/type/OpaqueTypeArchetypeType.qll b/swift/ql/lib/codeql/swift/elements/type/OpaqueTypeArchetypeType.qll index 1a78e018d88..59cdf56c5be 100644 --- a/swift/ql/lib/codeql/swift/elements/type/OpaqueTypeArchetypeType.qll +++ b/swift/ql/lib/codeql/swift/elements/type/OpaqueTypeArchetypeType.qll @@ -1,4 +1,4 @@ // generated by codegen/codegen.py, remove this comment if you wish to edit this file private import codeql.swift.generated.type.OpaqueTypeArchetypeType -class OpaqueTypeArchetypeType extends OpaqueTypeArchetypeTypeBase { } +class OpaqueTypeArchetypeType extends Generated::OpaqueTypeArchetypeType { } diff --git a/swift/ql/lib/codeql/swift/elements/type/OpenedArchetypeType.qll b/swift/ql/lib/codeql/swift/elements/type/OpenedArchetypeType.qll index 0d0d8946abd..f3ff50ad68e 100644 --- a/swift/ql/lib/codeql/swift/elements/type/OpenedArchetypeType.qll +++ b/swift/ql/lib/codeql/swift/elements/type/OpenedArchetypeType.qll @@ -1,4 +1,4 @@ // generated by codegen/codegen.py, remove this comment if you wish to edit this file private import codeql.swift.generated.type.OpenedArchetypeType -class OpenedArchetypeType extends OpenedArchetypeTypeBase { } +class OpenedArchetypeType extends Generated::OpenedArchetypeType { } diff --git a/swift/ql/lib/codeql/swift/elements/type/OptionalType.qll b/swift/ql/lib/codeql/swift/elements/type/OptionalType.qll index 104b0b01a41..b5456dcfedc 100644 --- a/swift/ql/lib/codeql/swift/elements/type/OptionalType.qll +++ b/swift/ql/lib/codeql/swift/elements/type/OptionalType.qll @@ -1,4 +1,4 @@ // generated by codegen/codegen.py, remove this comment if you wish to edit this file private import codeql.swift.generated.type.OptionalType -class OptionalType extends OptionalTypeBase { } +class OptionalType extends Generated::OptionalType { } diff --git a/swift/ql/lib/codeql/swift/elements/type/PackExpansionType.qll b/swift/ql/lib/codeql/swift/elements/type/PackExpansionType.qll index 960b546e24d..f44d1b3076d 100644 --- a/swift/ql/lib/codeql/swift/elements/type/PackExpansionType.qll +++ b/swift/ql/lib/codeql/swift/elements/type/PackExpansionType.qll @@ -1,4 +1,4 @@ // generated by codegen/codegen.py, remove this comment if you wish to edit this file private import codeql.swift.generated.type.PackExpansionType -class PackExpansionType extends PackExpansionTypeBase { } +class PackExpansionType extends Generated::PackExpansionType { } diff --git a/swift/ql/lib/codeql/swift/elements/type/PackType.qll b/swift/ql/lib/codeql/swift/elements/type/PackType.qll index 318e71b99aa..e76e1027ff5 100644 --- a/swift/ql/lib/codeql/swift/elements/type/PackType.qll +++ b/swift/ql/lib/codeql/swift/elements/type/PackType.qll @@ -1,4 +1,4 @@ // generated by codegen/codegen.py, remove this comment if you wish to edit this file private import codeql.swift.generated.type.PackType -class PackType extends PackTypeBase { } +class PackType extends Generated::PackType { } diff --git a/swift/ql/lib/codeql/swift/elements/type/ParameterizedProtocolType.qll b/swift/ql/lib/codeql/swift/elements/type/ParameterizedProtocolType.qll index ab012c16e5b..7b767684330 100644 --- a/swift/ql/lib/codeql/swift/elements/type/ParameterizedProtocolType.qll +++ b/swift/ql/lib/codeql/swift/elements/type/ParameterizedProtocolType.qll @@ -1,4 +1,4 @@ // generated by codegen/codegen.py, remove this comment if you wish to edit this file private import codeql.swift.generated.type.ParameterizedProtocolType -class ParameterizedProtocolType extends ParameterizedProtocolTypeBase { } +class ParameterizedProtocolType extends Generated::ParameterizedProtocolType { } diff --git a/swift/ql/lib/codeql/swift/elements/type/ParenType.qll b/swift/ql/lib/codeql/swift/elements/type/ParenType.qll index e8bf52ec9be..f3d2dd53a21 100644 --- a/swift/ql/lib/codeql/swift/elements/type/ParenType.qll +++ b/swift/ql/lib/codeql/swift/elements/type/ParenType.qll @@ -1,4 +1,4 @@ // generated by codegen/codegen.py, remove this comment if you wish to edit this file private import codeql.swift.generated.type.ParenType -class ParenType extends ParenTypeBase { } +class ParenType extends Generated::ParenType { } diff --git a/swift/ql/lib/codeql/swift/elements/type/PlaceholderType.qll b/swift/ql/lib/codeql/swift/elements/type/PlaceholderType.qll index 5a8e64bf29f..03e09b4365f 100644 --- a/swift/ql/lib/codeql/swift/elements/type/PlaceholderType.qll +++ b/swift/ql/lib/codeql/swift/elements/type/PlaceholderType.qll @@ -1,4 +1,4 @@ // generated by codegen/codegen.py, remove this comment if you wish to edit this file private import codeql.swift.generated.type.PlaceholderType -class PlaceholderType extends PlaceholderTypeBase { } +class PlaceholderType extends Generated::PlaceholderType { } diff --git a/swift/ql/lib/codeql/swift/elements/type/PrimaryArchetypeType.qll b/swift/ql/lib/codeql/swift/elements/type/PrimaryArchetypeType.qll index c94a943bbcf..abf60c4d962 100644 --- a/swift/ql/lib/codeql/swift/elements/type/PrimaryArchetypeType.qll +++ b/swift/ql/lib/codeql/swift/elements/type/PrimaryArchetypeType.qll @@ -1,4 +1,4 @@ // generated by codegen/codegen.py, remove this comment if you wish to edit this file private import codeql.swift.generated.type.PrimaryArchetypeType -class PrimaryArchetypeType extends PrimaryArchetypeTypeBase { } +class PrimaryArchetypeType extends Generated::PrimaryArchetypeType { } diff --git a/swift/ql/lib/codeql/swift/elements/type/ProtocolCompositionType.qll b/swift/ql/lib/codeql/swift/elements/type/ProtocolCompositionType.qll index 3a38777384c..2ce4e85f7df 100644 --- a/swift/ql/lib/codeql/swift/elements/type/ProtocolCompositionType.qll +++ b/swift/ql/lib/codeql/swift/elements/type/ProtocolCompositionType.qll @@ -1,4 +1,4 @@ // generated by codegen/codegen.py, remove this comment if you wish to edit this file private import codeql.swift.generated.type.ProtocolCompositionType -class ProtocolCompositionType extends ProtocolCompositionTypeBase { } +class ProtocolCompositionType extends Generated::ProtocolCompositionType { } diff --git a/swift/ql/lib/codeql/swift/elements/type/ProtocolType.qll b/swift/ql/lib/codeql/swift/elements/type/ProtocolType.qll index 1ea30950138..18a92029df5 100644 --- a/swift/ql/lib/codeql/swift/elements/type/ProtocolType.qll +++ b/swift/ql/lib/codeql/swift/elements/type/ProtocolType.qll @@ -1,4 +1,4 @@ // generated by codegen/codegen.py, remove this comment if you wish to edit this file private import codeql.swift.generated.type.ProtocolType -class ProtocolType extends ProtocolTypeBase { } +class ProtocolType extends Generated::ProtocolType { } diff --git a/swift/ql/lib/codeql/swift/elements/type/ReferenceStorageType.qll b/swift/ql/lib/codeql/swift/elements/type/ReferenceStorageType.qll index d2af3d9b416..516e82acf37 100644 --- a/swift/ql/lib/codeql/swift/elements/type/ReferenceStorageType.qll +++ b/swift/ql/lib/codeql/swift/elements/type/ReferenceStorageType.qll @@ -1,4 +1,4 @@ // generated by codegen/codegen.py, remove this comment if you wish to edit this file private import codeql.swift.generated.type.ReferenceStorageType -class ReferenceStorageType extends ReferenceStorageTypeBase { } +class ReferenceStorageType extends Generated::ReferenceStorageType { } diff --git a/swift/ql/lib/codeql/swift/elements/type/SequenceArchetypeType.qll b/swift/ql/lib/codeql/swift/elements/type/SequenceArchetypeType.qll index 2d6a4cb962e..be02ac063a1 100644 --- a/swift/ql/lib/codeql/swift/elements/type/SequenceArchetypeType.qll +++ b/swift/ql/lib/codeql/swift/elements/type/SequenceArchetypeType.qll @@ -1,4 +1,4 @@ // generated by codegen/codegen.py, remove this comment if you wish to edit this file private import codeql.swift.generated.type.SequenceArchetypeType -class SequenceArchetypeType extends SequenceArchetypeTypeBase { } +class SequenceArchetypeType extends Generated::SequenceArchetypeType { } diff --git a/swift/ql/lib/codeql/swift/elements/type/SilBlockStorageType.qll b/swift/ql/lib/codeql/swift/elements/type/SilBlockStorageType.qll index 50aa5ede168..29517a6aec6 100644 --- a/swift/ql/lib/codeql/swift/elements/type/SilBlockStorageType.qll +++ b/swift/ql/lib/codeql/swift/elements/type/SilBlockStorageType.qll @@ -1,4 +1,4 @@ // generated by codegen/codegen.py, remove this comment if you wish to edit this file private import codeql.swift.generated.type.SilBlockStorageType -class SilBlockStorageType extends SilBlockStorageTypeBase { } +class SilBlockStorageType extends Generated::SilBlockStorageType { } diff --git a/swift/ql/lib/codeql/swift/elements/type/SilBoxType.qll b/swift/ql/lib/codeql/swift/elements/type/SilBoxType.qll index 99d131ea41a..128ee98b74f 100644 --- a/swift/ql/lib/codeql/swift/elements/type/SilBoxType.qll +++ b/swift/ql/lib/codeql/swift/elements/type/SilBoxType.qll @@ -1,4 +1,4 @@ // generated by codegen/codegen.py, remove this comment if you wish to edit this file private import codeql.swift.generated.type.SilBoxType -class SilBoxType extends SilBoxTypeBase { } +class SilBoxType extends Generated::SilBoxType { } diff --git a/swift/ql/lib/codeql/swift/elements/type/SilFunctionType.qll b/swift/ql/lib/codeql/swift/elements/type/SilFunctionType.qll index 9f75cc41933..daeccf75b1c 100644 --- a/swift/ql/lib/codeql/swift/elements/type/SilFunctionType.qll +++ b/swift/ql/lib/codeql/swift/elements/type/SilFunctionType.qll @@ -1,4 +1,4 @@ // generated by codegen/codegen.py, remove this comment if you wish to edit this file private import codeql.swift.generated.type.SilFunctionType -class SilFunctionType extends SilFunctionTypeBase { } +class SilFunctionType extends Generated::SilFunctionType { } diff --git a/swift/ql/lib/codeql/swift/elements/type/SilTokenType.qll b/swift/ql/lib/codeql/swift/elements/type/SilTokenType.qll index 2ab43b77fd9..28464d1b4e0 100644 --- a/swift/ql/lib/codeql/swift/elements/type/SilTokenType.qll +++ b/swift/ql/lib/codeql/swift/elements/type/SilTokenType.qll @@ -1,4 +1,4 @@ // generated by codegen/codegen.py, remove this comment if you wish to edit this file private import codeql.swift.generated.type.SilTokenType -class SilTokenType extends SilTokenTypeBase { } +class SilTokenType extends Generated::SilTokenType { } diff --git a/swift/ql/lib/codeql/swift/elements/type/StructType.qll b/swift/ql/lib/codeql/swift/elements/type/StructType.qll index 1026b9ebd3a..b1c074ffbf6 100644 --- a/swift/ql/lib/codeql/swift/elements/type/StructType.qll +++ b/swift/ql/lib/codeql/swift/elements/type/StructType.qll @@ -1,4 +1,4 @@ // generated by codegen/codegen.py, remove this comment if you wish to edit this file private import codeql.swift.generated.type.StructType -class StructType extends StructTypeBase { } +class StructType extends Generated::StructType { } diff --git a/swift/ql/lib/codeql/swift/elements/type/SubstitutableType.qll b/swift/ql/lib/codeql/swift/elements/type/SubstitutableType.qll index cb5b8ff3d96..a355cc7ef80 100644 --- a/swift/ql/lib/codeql/swift/elements/type/SubstitutableType.qll +++ b/swift/ql/lib/codeql/swift/elements/type/SubstitutableType.qll @@ -1,4 +1,4 @@ // generated by codegen/codegen.py, remove this comment if you wish to edit this file private import codeql.swift.generated.type.SubstitutableType -class SubstitutableType extends SubstitutableTypeBase { } +class SubstitutableType extends Generated::SubstitutableType { } diff --git a/swift/ql/lib/codeql/swift/elements/type/SugarType.qll b/swift/ql/lib/codeql/swift/elements/type/SugarType.qll index f5c90cd58d8..4ad1d2c7dfe 100644 --- a/swift/ql/lib/codeql/swift/elements/type/SugarType.qll +++ b/swift/ql/lib/codeql/swift/elements/type/SugarType.qll @@ -1,4 +1,4 @@ // generated by codegen/codegen.py, remove this comment if you wish to edit this file private import codeql.swift.generated.type.SugarType -class SugarType extends SugarTypeBase { } +class SugarType extends Generated::SugarType { } diff --git a/swift/ql/lib/codeql/swift/elements/type/SyntaxSugarType.qll b/swift/ql/lib/codeql/swift/elements/type/SyntaxSugarType.qll index fffd8204a4f..53a1a480e9a 100644 --- a/swift/ql/lib/codeql/swift/elements/type/SyntaxSugarType.qll +++ b/swift/ql/lib/codeql/swift/elements/type/SyntaxSugarType.qll @@ -1,4 +1,4 @@ // generated by codegen/codegen.py, remove this comment if you wish to edit this file private import codeql.swift.generated.type.SyntaxSugarType -class SyntaxSugarType extends SyntaxSugarTypeBase { } +class SyntaxSugarType extends Generated::SyntaxSugarType { } diff --git a/swift/ql/lib/codeql/swift/elements/type/TupleType.qll b/swift/ql/lib/codeql/swift/elements/type/TupleType.qll index fdc081f8e62..b475d73e26c 100644 --- a/swift/ql/lib/codeql/swift/elements/type/TupleType.qll +++ b/swift/ql/lib/codeql/swift/elements/type/TupleType.qll @@ -1,4 +1,4 @@ // generated by codegen/codegen.py, remove this comment if you wish to edit this file private import codeql.swift.generated.type.TupleType -class TupleType extends TupleTypeBase { } +class TupleType extends Generated::TupleType { } diff --git a/swift/ql/lib/codeql/swift/elements/type/Type.qll b/swift/ql/lib/codeql/swift/elements/type/Type.qll index 1b357e65560..8a40c906ff6 100644 --- a/swift/ql/lib/codeql/swift/elements/type/Type.qll +++ b/swift/ql/lib/codeql/swift/elements/type/Type.qll @@ -1,5 +1,5 @@ private import codeql.swift.generated.type.Type -class Type extends TypeBase { +class Type extends Generated::Type { override string toString() { result = this.getName() } } diff --git a/swift/ql/lib/codeql/swift/elements/type/TypeAliasType.qll b/swift/ql/lib/codeql/swift/elements/type/TypeAliasType.qll index beac2b51732..a1ec5d3ba20 100644 --- a/swift/ql/lib/codeql/swift/elements/type/TypeAliasType.qll +++ b/swift/ql/lib/codeql/swift/elements/type/TypeAliasType.qll @@ -1,4 +1,4 @@ // generated by codegen/codegen.py, remove this comment if you wish to edit this file private import codeql.swift.generated.type.TypeAliasType -class TypeAliasType extends TypeAliasTypeBase { } +class TypeAliasType extends Generated::TypeAliasType { } diff --git a/swift/ql/lib/codeql/swift/elements/type/TypeRepr.qll b/swift/ql/lib/codeql/swift/elements/type/TypeRepr.qll index 8462ceb1b6b..cbfc1395189 100644 --- a/swift/ql/lib/codeql/swift/elements/type/TypeRepr.qll +++ b/swift/ql/lib/codeql/swift/elements/type/TypeRepr.qll @@ -1,5 +1,5 @@ private import codeql.swift.generated.type.TypeRepr -class TypeRepr extends TypeReprBase { +class TypeRepr extends Generated::TypeRepr { override string toString() { result = getType().toString() } } diff --git a/swift/ql/lib/codeql/swift/elements/type/TypeVariableType.qll b/swift/ql/lib/codeql/swift/elements/type/TypeVariableType.qll index 51818fbfbf2..116d03f7877 100644 --- a/swift/ql/lib/codeql/swift/elements/type/TypeVariableType.qll +++ b/swift/ql/lib/codeql/swift/elements/type/TypeVariableType.qll @@ -1,4 +1,4 @@ // generated by codegen/codegen.py, remove this comment if you wish to edit this file private import codeql.swift.generated.type.TypeVariableType -class TypeVariableType extends TypeVariableTypeBase { } +class TypeVariableType extends Generated::TypeVariableType { } diff --git a/swift/ql/lib/codeql/swift/elements/type/UnarySyntaxSugarType.qll b/swift/ql/lib/codeql/swift/elements/type/UnarySyntaxSugarType.qll index a512e4ecf1a..ebe607861b5 100644 --- a/swift/ql/lib/codeql/swift/elements/type/UnarySyntaxSugarType.qll +++ b/swift/ql/lib/codeql/swift/elements/type/UnarySyntaxSugarType.qll @@ -1,4 +1,4 @@ // generated by codegen/codegen.py, remove this comment if you wish to edit this file private import codeql.swift.generated.type.UnarySyntaxSugarType -class UnarySyntaxSugarType extends UnarySyntaxSugarTypeBase { } +class UnarySyntaxSugarType extends Generated::UnarySyntaxSugarType { } diff --git a/swift/ql/lib/codeql/swift/elements/type/UnboundGenericType.qll b/swift/ql/lib/codeql/swift/elements/type/UnboundGenericType.qll index 2cf2b99f791..aec63b47eba 100644 --- a/swift/ql/lib/codeql/swift/elements/type/UnboundGenericType.qll +++ b/swift/ql/lib/codeql/swift/elements/type/UnboundGenericType.qll @@ -1,4 +1,4 @@ // generated by codegen/codegen.py, remove this comment if you wish to edit this file private import codeql.swift.generated.type.UnboundGenericType -class UnboundGenericType extends UnboundGenericTypeBase { } +class UnboundGenericType extends Generated::UnboundGenericType { } diff --git a/swift/ql/lib/codeql/swift/elements/type/UnmanagedStorageType.qll b/swift/ql/lib/codeql/swift/elements/type/UnmanagedStorageType.qll index c0161b07fc0..ba2a573eff7 100644 --- a/swift/ql/lib/codeql/swift/elements/type/UnmanagedStorageType.qll +++ b/swift/ql/lib/codeql/swift/elements/type/UnmanagedStorageType.qll @@ -1,4 +1,4 @@ // generated by codegen/codegen.py, remove this comment if you wish to edit this file private import codeql.swift.generated.type.UnmanagedStorageType -class UnmanagedStorageType extends UnmanagedStorageTypeBase { } +class UnmanagedStorageType extends Generated::UnmanagedStorageType { } diff --git a/swift/ql/lib/codeql/swift/elements/type/UnownedStorageType.qll b/swift/ql/lib/codeql/swift/elements/type/UnownedStorageType.qll index fa7fb75edc1..e8cbb13c941 100644 --- a/swift/ql/lib/codeql/swift/elements/type/UnownedStorageType.qll +++ b/swift/ql/lib/codeql/swift/elements/type/UnownedStorageType.qll @@ -1,4 +1,4 @@ // generated by codegen/codegen.py, remove this comment if you wish to edit this file private import codeql.swift.generated.type.UnownedStorageType -class UnownedStorageType extends UnownedStorageTypeBase { } +class UnownedStorageType extends Generated::UnownedStorageType { } diff --git a/swift/ql/lib/codeql/swift/elements/type/UnresolvedType.qll b/swift/ql/lib/codeql/swift/elements/type/UnresolvedType.qll index 4f8a63b7563..382eea8f903 100644 --- a/swift/ql/lib/codeql/swift/elements/type/UnresolvedType.qll +++ b/swift/ql/lib/codeql/swift/elements/type/UnresolvedType.qll @@ -1,4 +1,4 @@ // generated by codegen/codegen.py, remove this comment if you wish to edit this file private import codeql.swift.generated.type.UnresolvedType -class UnresolvedType extends UnresolvedTypeBase { } +class UnresolvedType extends Generated::UnresolvedType { } diff --git a/swift/ql/lib/codeql/swift/elements/type/VariadicSequenceType.qll b/swift/ql/lib/codeql/swift/elements/type/VariadicSequenceType.qll index 59f64bf9f33..58845cc2b94 100644 --- a/swift/ql/lib/codeql/swift/elements/type/VariadicSequenceType.qll +++ b/swift/ql/lib/codeql/swift/elements/type/VariadicSequenceType.qll @@ -1,4 +1,4 @@ // generated by codegen/codegen.py, remove this comment if you wish to edit this file private import codeql.swift.generated.type.VariadicSequenceType -class VariadicSequenceType extends VariadicSequenceTypeBase { } +class VariadicSequenceType extends Generated::VariadicSequenceType { } diff --git a/swift/ql/lib/codeql/swift/elements/type/WeakStorageType.qll b/swift/ql/lib/codeql/swift/elements/type/WeakStorageType.qll index 381ddf57da7..6c906586b9d 100644 --- a/swift/ql/lib/codeql/swift/elements/type/WeakStorageType.qll +++ b/swift/ql/lib/codeql/swift/elements/type/WeakStorageType.qll @@ -1,4 +1,4 @@ // generated by codegen/codegen.py, remove this comment if you wish to edit this file private import codeql.swift.generated.type.WeakStorageType -class WeakStorageType extends WeakStorageTypeBase { } +class WeakStorageType extends Generated::WeakStorageType { } diff --git a/swift/ql/lib/codeql/swift/frameworks/StandardLibrary/CustomUrlSchemes.qll b/swift/ql/lib/codeql/swift/frameworks/StandardLibrary/CustomUrlSchemes.qll new file mode 100644 index 00000000000..78b9486a1a0 --- /dev/null +++ b/swift/ql/lib/codeql/swift/frameworks/StandardLibrary/CustomUrlSchemes.qll @@ -0,0 +1,13 @@ +import swift +private import codeql.swift.dataflow.ExternalFlow + +private class UrlRemoteFlowSource extends SourceModelCsv { + override predicate row(string row) { + row = + [ + ";UIApplicationDelegate;true;application(_:open:options:);;;Parameter[1];remote", + ";UIApplicationDelegate;true;application(_:handleOpen:);;;Parameter[1];remote", + ";UIApplicationDelegate;true;application(_:open:sourceApplication:annotation:);;;Parameter[1];remote" + ] + } +} diff --git a/swift/ql/lib/codeql/swift/frameworks/StandardLibrary/Url.qll b/swift/ql/lib/codeql/swift/frameworks/StandardLibrary/Url.qll index febce9afa23..b30d8902e7c 100644 --- a/swift/ql/lib/codeql/swift/frameworks/StandardLibrary/Url.qll +++ b/swift/ql/lib/codeql/swift/frameworks/StandardLibrary/Url.qll @@ -1,5 +1,19 @@ import swift +private import codeql.swift.dataflow.DataFlow private import codeql.swift.dataflow.ExternalFlow +private import codeql.swift.dataflow.FlowSteps + +/** The struct `URL`. */ +class UrlDecl extends StructDecl { + UrlDecl() { this.getFullName() = "URL" } +} + +/** + * A content implying that, if a `URL` is tainted, then all its fields are tainted. + */ +private class UriFieldsInheritTaint extends TaintInheritingContent, DataFlow::Content::FieldContent { + UriFieldsInheritTaint() { this.getField().getEnclosingDecl() instanceof UrlDecl } +} /** * A model for `URL` members that are sources of remote flow. diff --git a/swift/ql/lib/codeql/swift/generated/AstNode.qll b/swift/ql/lib/codeql/swift/generated/AstNode.qll index 501f8be4921..7605784aafd 100644 --- a/swift/ql/lib/codeql/swift/generated/AstNode.qll +++ b/swift/ql/lib/codeql/swift/generated/AstNode.qll @@ -3,4 +3,6 @@ private import codeql.swift.generated.Synth private import codeql.swift.generated.Raw import codeql.swift.elements.Locatable -class AstNodeBase extends Synth::TAstNode, Locatable { } +module Generated { + class AstNode extends Synth::TAstNode, Locatable { } +} diff --git a/swift/ql/lib/codeql/swift/generated/Callable.qll b/swift/ql/lib/codeql/swift/generated/Callable.qll index 4b97524744c..7ac23bcf813 100644 --- a/swift/ql/lib/codeql/swift/generated/Callable.qll +++ b/swift/ql/lib/codeql/swift/generated/Callable.qll @@ -5,37 +5,39 @@ import codeql.swift.elements.stmt.BraceStmt import codeql.swift.elements.Element import codeql.swift.elements.decl.ParamDecl -class CallableBase extends Synth::TCallable, Element { - ParamDecl getImmediateSelfParam() { - result = - Synth::convertParamDeclFromRaw(Synth::convertCallableToRaw(this) - .(Raw::Callable) - .getSelfParam()) +module Generated { + class Callable extends Synth::TCallable, Element { + ParamDecl getImmediateSelfParam() { + result = + Synth::convertParamDeclFromRaw(Synth::convertCallableToRaw(this) + .(Raw::Callable) + .getSelfParam()) + } + + final ParamDecl getSelfParam() { result = getImmediateSelfParam().resolve() } + + final predicate hasSelfParam() { exists(getSelfParam()) } + + ParamDecl getImmediateParam(int index) { + result = + Synth::convertParamDeclFromRaw(Synth::convertCallableToRaw(this) + .(Raw::Callable) + .getParam(index)) + } + + final ParamDecl getParam(int index) { result = getImmediateParam(index).resolve() } + + final ParamDecl getAParam() { result = getParam(_) } + + final int getNumberOfParams() { result = count(getAParam()) } + + BraceStmt getImmediateBody() { + result = + Synth::convertBraceStmtFromRaw(Synth::convertCallableToRaw(this).(Raw::Callable).getBody()) + } + + final BraceStmt getBody() { result = getImmediateBody().resolve() } + + final predicate hasBody() { exists(getBody()) } } - - final ParamDecl getSelfParam() { result = getImmediateSelfParam().resolve() } - - final predicate hasSelfParam() { exists(getSelfParam()) } - - ParamDecl getImmediateParam(int index) { - result = - Synth::convertParamDeclFromRaw(Synth::convertCallableToRaw(this) - .(Raw::Callable) - .getParam(index)) - } - - final ParamDecl getParam(int index) { result = getImmediateParam(index).resolve() } - - final ParamDecl getAParam() { result = getParam(_) } - - final int getNumberOfParams() { result = count(getAParam()) } - - BraceStmt getImmediateBody() { - result = - Synth::convertBraceStmtFromRaw(Synth::convertCallableToRaw(this).(Raw::Callable).getBody()) - } - - final BraceStmt getBody() { result = getImmediateBody().resolve() } - - final predicate hasBody() { exists(getBody()) } } diff --git a/swift/ql/lib/codeql/swift/generated/Comment.qll b/swift/ql/lib/codeql/swift/generated/Comment.qll index 4e44b4048c6..635ab49d1e4 100644 --- a/swift/ql/lib/codeql/swift/generated/Comment.qll +++ b/swift/ql/lib/codeql/swift/generated/Comment.qll @@ -3,8 +3,10 @@ private import codeql.swift.generated.Synth private import codeql.swift.generated.Raw import codeql.swift.elements.Locatable -class CommentBase extends Synth::TComment, Locatable { - override string getAPrimaryQlClass() { result = "Comment" } +module Generated { + class Comment extends Synth::TComment, Locatable { + override string getAPrimaryQlClass() { result = "Comment" } - string getText() { result = Synth::convertCommentToRaw(this).(Raw::Comment).getText() } + string getText() { result = Synth::convertCommentToRaw(this).(Raw::Comment).getText() } + } } diff --git a/swift/ql/lib/codeql/swift/generated/DbFile.qll b/swift/ql/lib/codeql/swift/generated/DbFile.qll index 02eca478b32..ac001777b18 100644 --- a/swift/ql/lib/codeql/swift/generated/DbFile.qll +++ b/swift/ql/lib/codeql/swift/generated/DbFile.qll @@ -3,6 +3,8 @@ private import codeql.swift.generated.Synth private import codeql.swift.generated.Raw import codeql.swift.elements.File -class DbFileBase extends Synth::TDbFile, File { - override string getAPrimaryQlClass() { result = "DbFile" } +module Generated { + class DbFile extends Synth::TDbFile, File { + override string getAPrimaryQlClass() { result = "DbFile" } + } } diff --git a/swift/ql/lib/codeql/swift/generated/DbLocation.qll b/swift/ql/lib/codeql/swift/generated/DbLocation.qll index 7a9becfdd03..a24a6aef382 100644 --- a/swift/ql/lib/codeql/swift/generated/DbLocation.qll +++ b/swift/ql/lib/codeql/swift/generated/DbLocation.qll @@ -3,6 +3,8 @@ private import codeql.swift.generated.Synth private import codeql.swift.generated.Raw import codeql.swift.elements.Location -class DbLocationBase extends Synth::TDbLocation, Location { - override string getAPrimaryQlClass() { result = "DbLocation" } +module Generated { + class DbLocation extends Synth::TDbLocation, Location { + override string getAPrimaryQlClass() { result = "DbLocation" } + } } diff --git a/swift/ql/lib/codeql/swift/generated/Element.qll b/swift/ql/lib/codeql/swift/generated/Element.qll index 94256c5905f..1b794dba99b 100644 --- a/swift/ql/lib/codeql/swift/generated/Element.qll +++ b/swift/ql/lib/codeql/swift/generated/Element.qll @@ -2,20 +2,22 @@ private import codeql.swift.generated.Synth private import codeql.swift.generated.Raw -class ElementBase extends Synth::TElement { - string toString() { none() } // overridden by subclasses +module Generated { + class Element extends Synth::TElement { + string toString() { none() } // overridden by subclasses - string getAPrimaryQlClass() { none() } // overridden by subclasses + string getAPrimaryQlClass() { none() } // overridden by subclasses - final string getPrimaryQlClasses() { result = concat(this.getAPrimaryQlClass(), ",") } + final string getPrimaryQlClasses() { result = concat(this.getAPrimaryQlClass(), ",") } - ElementBase getResolveStep() { none() } // overridden by subclasses + Element getResolveStep() { none() } // overridden by subclasses - final ElementBase resolve() { - not exists(getResolveStep()) and result = this - or - result = getResolveStep().resolve() + final Element resolve() { + not exists(getResolveStep()) and result = this + or + result = getResolveStep().resolve() + } + + predicate isUnknown() { Synth::convertElementToRaw(this).isUnknown() } } - - predicate isUnknown() { Synth::convertElementToRaw(this).isUnknown() } } diff --git a/swift/ql/lib/codeql/swift/generated/File.qll b/swift/ql/lib/codeql/swift/generated/File.qll index 6c168e841a0..30b0968f30d 100644 --- a/swift/ql/lib/codeql/swift/generated/File.qll +++ b/swift/ql/lib/codeql/swift/generated/File.qll @@ -3,6 +3,8 @@ private import codeql.swift.generated.Synth private import codeql.swift.generated.Raw import codeql.swift.elements.Element -class FileBase extends Synth::TFile, Element { - string getName() { result = Synth::convertFileToRaw(this).(Raw::File).getName() } +module Generated { + class File extends Synth::TFile, Element { + string getName() { result = Synth::convertFileToRaw(this).(Raw::File).getName() } + } } diff --git a/swift/ql/lib/codeql/swift/generated/Locatable.qll b/swift/ql/lib/codeql/swift/generated/Locatable.qll index 4b0948d7ff2..8ca1e234b2e 100644 --- a/swift/ql/lib/codeql/swift/generated/Locatable.qll +++ b/swift/ql/lib/codeql/swift/generated/Locatable.qll @@ -4,15 +4,17 @@ private import codeql.swift.generated.Raw import codeql.swift.elements.Element import codeql.swift.elements.Location -class LocatableBase extends Synth::TLocatable, Element { - Location getImmediateLocation() { - result = - Synth::convertLocationFromRaw(Synth::convertLocatableToRaw(this) - .(Raw::Locatable) - .getLocation()) +module Generated { + class Locatable extends Synth::TLocatable, Element { + Location getImmediateLocation() { + result = + Synth::convertLocationFromRaw(Synth::convertLocatableToRaw(this) + .(Raw::Locatable) + .getLocation()) + } + + final Location getLocation() { result = getImmediateLocation().resolve() } + + final predicate hasLocation() { exists(getLocation()) } } - - final Location getLocation() { result = getImmediateLocation().resolve() } - - final predicate hasLocation() { exists(getLocation()) } } diff --git a/swift/ql/lib/codeql/swift/generated/Location.qll b/swift/ql/lib/codeql/swift/generated/Location.qll index d1a99922264..fa390de4b0b 100644 --- a/swift/ql/lib/codeql/swift/generated/Location.qll +++ b/swift/ql/lib/codeql/swift/generated/Location.qll @@ -4,20 +4,23 @@ private import codeql.swift.generated.Raw import codeql.swift.elements.Element import codeql.swift.elements.File -class LocationBase extends Synth::TLocation, Element { - File getImmediateFile() { - result = Synth::convertFileFromRaw(Synth::convertLocationToRaw(this).(Raw::Location).getFile()) +module Generated { + class Location extends Synth::TLocation, Element { + File getImmediateFile() { + result = + Synth::convertFileFromRaw(Synth::convertLocationToRaw(this).(Raw::Location).getFile()) + } + + final File getFile() { result = getImmediateFile().resolve() } + + int getStartLine() { result = Synth::convertLocationToRaw(this).(Raw::Location).getStartLine() } + + int getStartColumn() { + result = Synth::convertLocationToRaw(this).(Raw::Location).getStartColumn() + } + + int getEndLine() { result = Synth::convertLocationToRaw(this).(Raw::Location).getEndLine() } + + int getEndColumn() { result = Synth::convertLocationToRaw(this).(Raw::Location).getEndColumn() } } - - final File getFile() { result = getImmediateFile().resolve() } - - int getStartLine() { result = Synth::convertLocationToRaw(this).(Raw::Location).getStartLine() } - - int getStartColumn() { - result = Synth::convertLocationToRaw(this).(Raw::Location).getStartColumn() - } - - int getEndLine() { result = Synth::convertLocationToRaw(this).(Raw::Location).getEndLine() } - - int getEndColumn() { result = Synth::convertLocationToRaw(this).(Raw::Location).getEndColumn() } } diff --git a/swift/ql/lib/codeql/swift/generated/UnknownFile.qll b/swift/ql/lib/codeql/swift/generated/UnknownFile.qll index c80b265d856..065cf04ec38 100644 --- a/swift/ql/lib/codeql/swift/generated/UnknownFile.qll +++ b/swift/ql/lib/codeql/swift/generated/UnknownFile.qll @@ -3,6 +3,8 @@ private import codeql.swift.generated.Synth private import codeql.swift.generated.Raw import codeql.swift.elements.File -class UnknownFileBase extends Synth::TUnknownFile, File { - override string getAPrimaryQlClass() { result = "UnknownFile" } +module Generated { + class UnknownFile extends Synth::TUnknownFile, File { + override string getAPrimaryQlClass() { result = "UnknownFile" } + } } diff --git a/swift/ql/lib/codeql/swift/generated/UnknownLocation.qll b/swift/ql/lib/codeql/swift/generated/UnknownLocation.qll index e2bbe53cc8d..8ccc4c330a9 100644 --- a/swift/ql/lib/codeql/swift/generated/UnknownLocation.qll +++ b/swift/ql/lib/codeql/swift/generated/UnknownLocation.qll @@ -3,6 +3,8 @@ private import codeql.swift.generated.Synth private import codeql.swift.generated.Raw import codeql.swift.elements.Location -class UnknownLocationBase extends Synth::TUnknownLocation, Location { - override string getAPrimaryQlClass() { result = "UnknownLocation" } +module Generated { + class UnknownLocation extends Synth::TUnknownLocation, Location { + override string getAPrimaryQlClass() { result = "UnknownLocation" } + } } diff --git a/swift/ql/lib/codeql/swift/generated/UnresolvedElement.qll b/swift/ql/lib/codeql/swift/generated/UnresolvedElement.qll index 74090494867..60c3ad5ab34 100644 --- a/swift/ql/lib/codeql/swift/generated/UnresolvedElement.qll +++ b/swift/ql/lib/codeql/swift/generated/UnresolvedElement.qll @@ -3,4 +3,6 @@ private import codeql.swift.generated.Synth private import codeql.swift.generated.Raw import codeql.swift.elements.Element -class UnresolvedElementBase extends Synth::TUnresolvedElement, Element { } +module Generated { + class UnresolvedElement extends Synth::TUnresolvedElement, Element { } +} diff --git a/swift/ql/lib/codeql/swift/generated/decl/AbstractFunctionDecl.qll b/swift/ql/lib/codeql/swift/generated/decl/AbstractFunctionDecl.qll index 118fb91be79..fb8f1c0d54e 100644 --- a/swift/ql/lib/codeql/swift/generated/decl/AbstractFunctionDecl.qll +++ b/swift/ql/lib/codeql/swift/generated/decl/AbstractFunctionDecl.qll @@ -5,9 +5,11 @@ import codeql.swift.elements.Callable import codeql.swift.elements.decl.GenericContext import codeql.swift.elements.decl.ValueDecl -class AbstractFunctionDeclBase extends Synth::TAbstractFunctionDecl, GenericContext, ValueDecl, - Callable { - string getName() { - result = Synth::convertAbstractFunctionDeclToRaw(this).(Raw::AbstractFunctionDecl).getName() +module Generated { + class AbstractFunctionDecl extends Synth::TAbstractFunctionDecl, GenericContext, ValueDecl, + Callable { + string getName() { + result = Synth::convertAbstractFunctionDeclToRaw(this).(Raw::AbstractFunctionDecl).getName() + } } } diff --git a/swift/ql/lib/codeql/swift/generated/decl/AbstractStorageDecl.qll b/swift/ql/lib/codeql/swift/generated/decl/AbstractStorageDecl.qll index abc034ac54a..e95d19ef63a 100644 --- a/swift/ql/lib/codeql/swift/generated/decl/AbstractStorageDecl.qll +++ b/swift/ql/lib/codeql/swift/generated/decl/AbstractStorageDecl.qll @@ -4,19 +4,21 @@ private import codeql.swift.generated.Raw import codeql.swift.elements.decl.AccessorDecl import codeql.swift.elements.decl.ValueDecl -class AbstractStorageDeclBase extends Synth::TAbstractStorageDecl, ValueDecl { - AccessorDecl getImmediateAccessorDecl(int index) { - result = - Synth::convertAccessorDeclFromRaw(Synth::convertAbstractStorageDeclToRaw(this) - .(Raw::AbstractStorageDecl) - .getAccessorDecl(index)) +module Generated { + class AbstractStorageDecl extends Synth::TAbstractStorageDecl, ValueDecl { + AccessorDecl getImmediateAccessorDecl(int index) { + result = + Synth::convertAccessorDeclFromRaw(Synth::convertAbstractStorageDeclToRaw(this) + .(Raw::AbstractStorageDecl) + .getAccessorDecl(index)) + } + + final AccessorDecl getAccessorDecl(int index) { + result = getImmediateAccessorDecl(index).resolve() + } + + final AccessorDecl getAnAccessorDecl() { result = getAccessorDecl(_) } + + final int getNumberOfAccessorDecls() { result = count(getAnAccessorDecl()) } } - - final AccessorDecl getAccessorDecl(int index) { - result = getImmediateAccessorDecl(index).resolve() - } - - final AccessorDecl getAnAccessorDecl() { result = getAccessorDecl(_) } - - final int getNumberOfAccessorDecls() { result = count(getAnAccessorDecl()) } } diff --git a/swift/ql/lib/codeql/swift/generated/decl/AbstractTypeParamDecl.qll b/swift/ql/lib/codeql/swift/generated/decl/AbstractTypeParamDecl.qll index fccef5cbe14..6cccd315ce9 100644 --- a/swift/ql/lib/codeql/swift/generated/decl/AbstractTypeParamDecl.qll +++ b/swift/ql/lib/codeql/swift/generated/decl/AbstractTypeParamDecl.qll @@ -3,4 +3,6 @@ private import codeql.swift.generated.Synth private import codeql.swift.generated.Raw import codeql.swift.elements.decl.TypeDecl -class AbstractTypeParamDeclBase extends Synth::TAbstractTypeParamDecl, TypeDecl { } +module Generated { + class AbstractTypeParamDecl extends Synth::TAbstractTypeParamDecl, TypeDecl { } +} diff --git a/swift/ql/lib/codeql/swift/generated/decl/AccessorDecl.qll b/swift/ql/lib/codeql/swift/generated/decl/AccessorDecl.qll index 5d9d927dc11..269af7034bd 100644 --- a/swift/ql/lib/codeql/swift/generated/decl/AccessorDecl.qll +++ b/swift/ql/lib/codeql/swift/generated/decl/AccessorDecl.qll @@ -3,14 +3,16 @@ private import codeql.swift.generated.Synth private import codeql.swift.generated.Raw import codeql.swift.elements.decl.FuncDecl -class AccessorDeclBase extends Synth::TAccessorDecl, FuncDecl { - override string getAPrimaryQlClass() { result = "AccessorDecl" } +module Generated { + class AccessorDecl extends Synth::TAccessorDecl, FuncDecl { + override string getAPrimaryQlClass() { result = "AccessorDecl" } - predicate isGetter() { Synth::convertAccessorDeclToRaw(this).(Raw::AccessorDecl).isGetter() } + predicate isGetter() { Synth::convertAccessorDeclToRaw(this).(Raw::AccessorDecl).isGetter() } - predicate isSetter() { Synth::convertAccessorDeclToRaw(this).(Raw::AccessorDecl).isSetter() } + predicate isSetter() { Synth::convertAccessorDeclToRaw(this).(Raw::AccessorDecl).isSetter() } - predicate isWillSet() { Synth::convertAccessorDeclToRaw(this).(Raw::AccessorDecl).isWillSet() } + predicate isWillSet() { Synth::convertAccessorDeclToRaw(this).(Raw::AccessorDecl).isWillSet() } - predicate isDidSet() { Synth::convertAccessorDeclToRaw(this).(Raw::AccessorDecl).isDidSet() } + predicate isDidSet() { Synth::convertAccessorDeclToRaw(this).(Raw::AccessorDecl).isDidSet() } + } } diff --git a/swift/ql/lib/codeql/swift/generated/decl/AssociatedTypeDecl.qll b/swift/ql/lib/codeql/swift/generated/decl/AssociatedTypeDecl.qll index 93397599728..5adc4fa7466 100644 --- a/swift/ql/lib/codeql/swift/generated/decl/AssociatedTypeDecl.qll +++ b/swift/ql/lib/codeql/swift/generated/decl/AssociatedTypeDecl.qll @@ -3,6 +3,8 @@ private import codeql.swift.generated.Synth private import codeql.swift.generated.Raw import codeql.swift.elements.decl.AbstractTypeParamDecl -class AssociatedTypeDeclBase extends Synth::TAssociatedTypeDecl, AbstractTypeParamDecl { - override string getAPrimaryQlClass() { result = "AssociatedTypeDecl" } +module Generated { + class AssociatedTypeDecl extends Synth::TAssociatedTypeDecl, AbstractTypeParamDecl { + override string getAPrimaryQlClass() { result = "AssociatedTypeDecl" } + } } diff --git a/swift/ql/lib/codeql/swift/generated/decl/ClassDecl.qll b/swift/ql/lib/codeql/swift/generated/decl/ClassDecl.qll index 6d9d03b7120..1a49af2c8b9 100644 --- a/swift/ql/lib/codeql/swift/generated/decl/ClassDecl.qll +++ b/swift/ql/lib/codeql/swift/generated/decl/ClassDecl.qll @@ -3,6 +3,8 @@ private import codeql.swift.generated.Synth private import codeql.swift.generated.Raw import codeql.swift.elements.decl.NominalTypeDecl -class ClassDeclBase extends Synth::TClassDecl, NominalTypeDecl { - override string getAPrimaryQlClass() { result = "ClassDecl" } +module Generated { + class ClassDecl extends Synth::TClassDecl, NominalTypeDecl { + override string getAPrimaryQlClass() { result = "ClassDecl" } + } } diff --git a/swift/ql/lib/codeql/swift/generated/decl/ConcreteFuncDecl.qll b/swift/ql/lib/codeql/swift/generated/decl/ConcreteFuncDecl.qll index 92109e6e9af..8e634daba28 100644 --- a/swift/ql/lib/codeql/swift/generated/decl/ConcreteFuncDecl.qll +++ b/swift/ql/lib/codeql/swift/generated/decl/ConcreteFuncDecl.qll @@ -3,6 +3,8 @@ private import codeql.swift.generated.Synth private import codeql.swift.generated.Raw import codeql.swift.elements.decl.FuncDecl -class ConcreteFuncDeclBase extends Synth::TConcreteFuncDecl, FuncDecl { - override string getAPrimaryQlClass() { result = "ConcreteFuncDecl" } +module Generated { + class ConcreteFuncDecl extends Synth::TConcreteFuncDecl, FuncDecl { + override string getAPrimaryQlClass() { result = "ConcreteFuncDecl" } + } } diff --git a/swift/ql/lib/codeql/swift/generated/decl/ConcreteVarDecl.qll b/swift/ql/lib/codeql/swift/generated/decl/ConcreteVarDecl.qll index b6531d99105..27a50df90e5 100644 --- a/swift/ql/lib/codeql/swift/generated/decl/ConcreteVarDecl.qll +++ b/swift/ql/lib/codeql/swift/generated/decl/ConcreteVarDecl.qll @@ -3,10 +3,12 @@ private import codeql.swift.generated.Synth private import codeql.swift.generated.Raw import codeql.swift.elements.decl.VarDecl -class ConcreteVarDeclBase extends Synth::TConcreteVarDecl, VarDecl { - override string getAPrimaryQlClass() { result = "ConcreteVarDecl" } +module Generated { + class ConcreteVarDecl extends Synth::TConcreteVarDecl, VarDecl { + override string getAPrimaryQlClass() { result = "ConcreteVarDecl" } - int getIntroducerInt() { - result = Synth::convertConcreteVarDeclToRaw(this).(Raw::ConcreteVarDecl).getIntroducerInt() + int getIntroducerInt() { + result = Synth::convertConcreteVarDeclToRaw(this).(Raw::ConcreteVarDecl).getIntroducerInt() + } } } diff --git a/swift/ql/lib/codeql/swift/generated/decl/ConstructorDecl.qll b/swift/ql/lib/codeql/swift/generated/decl/ConstructorDecl.qll index 0f891803c72..8884eb0347e 100644 --- a/swift/ql/lib/codeql/swift/generated/decl/ConstructorDecl.qll +++ b/swift/ql/lib/codeql/swift/generated/decl/ConstructorDecl.qll @@ -3,6 +3,8 @@ private import codeql.swift.generated.Synth private import codeql.swift.generated.Raw import codeql.swift.elements.decl.AbstractFunctionDecl -class ConstructorDeclBase extends Synth::TConstructorDecl, AbstractFunctionDecl { - override string getAPrimaryQlClass() { result = "ConstructorDecl" } +module Generated { + class ConstructorDecl extends Synth::TConstructorDecl, AbstractFunctionDecl { + override string getAPrimaryQlClass() { result = "ConstructorDecl" } + } } diff --git a/swift/ql/lib/codeql/swift/generated/decl/Decl.qll b/swift/ql/lib/codeql/swift/generated/decl/Decl.qll index f987cd2dd59..b905214ec71 100644 --- a/swift/ql/lib/codeql/swift/generated/decl/Decl.qll +++ b/swift/ql/lib/codeql/swift/generated/decl/Decl.qll @@ -4,10 +4,13 @@ private import codeql.swift.generated.Raw import codeql.swift.elements.AstNode import codeql.swift.elements.decl.ModuleDecl -class DeclBase extends Synth::TDecl, AstNode { - ModuleDecl getImmediateModule() { - result = Synth::convertModuleDeclFromRaw(Synth::convertDeclToRaw(this).(Raw::Decl).getModule()) - } +module Generated { + class Decl extends Synth::TDecl, AstNode { + ModuleDecl getImmediateModule() { + result = + Synth::convertModuleDeclFromRaw(Synth::convertDeclToRaw(this).(Raw::Decl).getModule()) + } - final ModuleDecl getModule() { result = getImmediateModule().resolve() } + final ModuleDecl getModule() { result = getImmediateModule().resolve() } + } } diff --git a/swift/ql/lib/codeql/swift/generated/decl/DestructorDecl.qll b/swift/ql/lib/codeql/swift/generated/decl/DestructorDecl.qll index ef1a9cfcf84..bf67c447e5d 100644 --- a/swift/ql/lib/codeql/swift/generated/decl/DestructorDecl.qll +++ b/swift/ql/lib/codeql/swift/generated/decl/DestructorDecl.qll @@ -3,6 +3,8 @@ private import codeql.swift.generated.Synth private import codeql.swift.generated.Raw import codeql.swift.elements.decl.AbstractFunctionDecl -class DestructorDeclBase extends Synth::TDestructorDecl, AbstractFunctionDecl { - override string getAPrimaryQlClass() { result = "DestructorDecl" } +module Generated { + class DestructorDecl extends Synth::TDestructorDecl, AbstractFunctionDecl { + override string getAPrimaryQlClass() { result = "DestructorDecl" } + } } diff --git a/swift/ql/lib/codeql/swift/generated/decl/EnumCaseDecl.qll b/swift/ql/lib/codeql/swift/generated/decl/EnumCaseDecl.qll index 81fd24f7bc9..bafe390cee8 100644 --- a/swift/ql/lib/codeql/swift/generated/decl/EnumCaseDecl.qll +++ b/swift/ql/lib/codeql/swift/generated/decl/EnumCaseDecl.qll @@ -4,19 +4,21 @@ private import codeql.swift.generated.Raw import codeql.swift.elements.decl.Decl import codeql.swift.elements.decl.EnumElementDecl -class EnumCaseDeclBase extends Synth::TEnumCaseDecl, Decl { - override string getAPrimaryQlClass() { result = "EnumCaseDecl" } +module Generated { + class EnumCaseDecl extends Synth::TEnumCaseDecl, Decl { + override string getAPrimaryQlClass() { result = "EnumCaseDecl" } - EnumElementDecl getImmediateElement(int index) { - result = - Synth::convertEnumElementDeclFromRaw(Synth::convertEnumCaseDeclToRaw(this) - .(Raw::EnumCaseDecl) - .getElement(index)) + EnumElementDecl getImmediateElement(int index) { + result = + Synth::convertEnumElementDeclFromRaw(Synth::convertEnumCaseDeclToRaw(this) + .(Raw::EnumCaseDecl) + .getElement(index)) + } + + final EnumElementDecl getElement(int index) { result = getImmediateElement(index).resolve() } + + final EnumElementDecl getAnElement() { result = getElement(_) } + + final int getNumberOfElements() { result = count(getAnElement()) } } - - final EnumElementDecl getElement(int index) { result = getImmediateElement(index).resolve() } - - final EnumElementDecl getAnElement() { result = getElement(_) } - - final int getNumberOfElements() { result = count(getAnElement()) } } diff --git a/swift/ql/lib/codeql/swift/generated/decl/EnumDecl.qll b/swift/ql/lib/codeql/swift/generated/decl/EnumDecl.qll index 9534f0ea3a1..cd6e1182b20 100644 --- a/swift/ql/lib/codeql/swift/generated/decl/EnumDecl.qll +++ b/swift/ql/lib/codeql/swift/generated/decl/EnumDecl.qll @@ -3,6 +3,8 @@ private import codeql.swift.generated.Synth private import codeql.swift.generated.Raw import codeql.swift.elements.decl.NominalTypeDecl -class EnumDeclBase extends Synth::TEnumDecl, NominalTypeDecl { - override string getAPrimaryQlClass() { result = "EnumDecl" } +module Generated { + class EnumDecl extends Synth::TEnumDecl, NominalTypeDecl { + override string getAPrimaryQlClass() { result = "EnumDecl" } + } } diff --git a/swift/ql/lib/codeql/swift/generated/decl/EnumElementDecl.qll b/swift/ql/lib/codeql/swift/generated/decl/EnumElementDecl.qll index 01e54493f0d..de26c390a5e 100644 --- a/swift/ql/lib/codeql/swift/generated/decl/EnumElementDecl.qll +++ b/swift/ql/lib/codeql/swift/generated/decl/EnumElementDecl.qll @@ -4,23 +4,25 @@ private import codeql.swift.generated.Raw import codeql.swift.elements.decl.ParamDecl import codeql.swift.elements.decl.ValueDecl -class EnumElementDeclBase extends Synth::TEnumElementDecl, ValueDecl { - override string getAPrimaryQlClass() { result = "EnumElementDecl" } +module Generated { + class EnumElementDecl extends Synth::TEnumElementDecl, ValueDecl { + override string getAPrimaryQlClass() { result = "EnumElementDecl" } - string getName() { - result = Synth::convertEnumElementDeclToRaw(this).(Raw::EnumElementDecl).getName() + string getName() { + result = Synth::convertEnumElementDeclToRaw(this).(Raw::EnumElementDecl).getName() + } + + ParamDecl getImmediateParam(int index) { + result = + Synth::convertParamDeclFromRaw(Synth::convertEnumElementDeclToRaw(this) + .(Raw::EnumElementDecl) + .getParam(index)) + } + + final ParamDecl getParam(int index) { result = getImmediateParam(index).resolve() } + + final ParamDecl getAParam() { result = getParam(_) } + + final int getNumberOfParams() { result = count(getAParam()) } } - - ParamDecl getImmediateParam(int index) { - result = - Synth::convertParamDeclFromRaw(Synth::convertEnumElementDeclToRaw(this) - .(Raw::EnumElementDecl) - .getParam(index)) - } - - final ParamDecl getParam(int index) { result = getImmediateParam(index).resolve() } - - final ParamDecl getAParam() { result = getParam(_) } - - final int getNumberOfParams() { result = count(getAParam()) } } diff --git a/swift/ql/lib/codeql/swift/generated/decl/ExtensionDecl.qll b/swift/ql/lib/codeql/swift/generated/decl/ExtensionDecl.qll index 4e526560f3b..5d8e43168c7 100644 --- a/swift/ql/lib/codeql/swift/generated/decl/ExtensionDecl.qll +++ b/swift/ql/lib/codeql/swift/generated/decl/ExtensionDecl.qll @@ -6,15 +6,19 @@ import codeql.swift.elements.decl.GenericContext import codeql.swift.elements.decl.IterableDeclContext import codeql.swift.elements.decl.NominalTypeDecl -class ExtensionDeclBase extends Synth::TExtensionDecl, GenericContext, IterableDeclContext, Decl { - override string getAPrimaryQlClass() { result = "ExtensionDecl" } +module Generated { + class ExtensionDecl extends Synth::TExtensionDecl, GenericContext, IterableDeclContext, Decl { + override string getAPrimaryQlClass() { result = "ExtensionDecl" } - NominalTypeDecl getImmediateExtendedTypeDecl() { - result = - Synth::convertNominalTypeDeclFromRaw(Synth::convertExtensionDeclToRaw(this) - .(Raw::ExtensionDecl) - .getExtendedTypeDecl()) + NominalTypeDecl getImmediateExtendedTypeDecl() { + result = + Synth::convertNominalTypeDeclFromRaw(Synth::convertExtensionDeclToRaw(this) + .(Raw::ExtensionDecl) + .getExtendedTypeDecl()) + } + + final NominalTypeDecl getExtendedTypeDecl() { + result = getImmediateExtendedTypeDecl().resolve() + } } - - final NominalTypeDecl getExtendedTypeDecl() { result = getImmediateExtendedTypeDecl().resolve() } } diff --git a/swift/ql/lib/codeql/swift/generated/decl/FuncDecl.qll b/swift/ql/lib/codeql/swift/generated/decl/FuncDecl.qll index e25ad46b3a8..5d19472ba95 100644 --- a/swift/ql/lib/codeql/swift/generated/decl/FuncDecl.qll +++ b/swift/ql/lib/codeql/swift/generated/decl/FuncDecl.qll @@ -3,4 +3,6 @@ private import codeql.swift.generated.Synth private import codeql.swift.generated.Raw import codeql.swift.elements.decl.AbstractFunctionDecl -class FuncDeclBase extends Synth::TFuncDecl, AbstractFunctionDecl { } +module Generated { + class FuncDecl extends Synth::TFuncDecl, AbstractFunctionDecl { } +} diff --git a/swift/ql/lib/codeql/swift/generated/decl/GenericContext.qll b/swift/ql/lib/codeql/swift/generated/decl/GenericContext.qll index 65af0d03604..67aabacbc29 100644 --- a/swift/ql/lib/codeql/swift/generated/decl/GenericContext.qll +++ b/swift/ql/lib/codeql/swift/generated/decl/GenericContext.qll @@ -4,19 +4,21 @@ private import codeql.swift.generated.Raw import codeql.swift.elements.Element import codeql.swift.elements.decl.GenericTypeParamDecl -class GenericContextBase extends Synth::TGenericContext, Element { - GenericTypeParamDecl getImmediateGenericTypeParam(int index) { - result = - Synth::convertGenericTypeParamDeclFromRaw(Synth::convertGenericContextToRaw(this) - .(Raw::GenericContext) - .getGenericTypeParam(index)) +module Generated { + class GenericContext extends Synth::TGenericContext, Element { + GenericTypeParamDecl getImmediateGenericTypeParam(int index) { + result = + Synth::convertGenericTypeParamDeclFromRaw(Synth::convertGenericContextToRaw(this) + .(Raw::GenericContext) + .getGenericTypeParam(index)) + } + + final GenericTypeParamDecl getGenericTypeParam(int index) { + result = getImmediateGenericTypeParam(index).resolve() + } + + final GenericTypeParamDecl getAGenericTypeParam() { result = getGenericTypeParam(_) } + + final int getNumberOfGenericTypeParams() { result = count(getAGenericTypeParam()) } } - - final GenericTypeParamDecl getGenericTypeParam(int index) { - result = getImmediateGenericTypeParam(index).resolve() - } - - final GenericTypeParamDecl getAGenericTypeParam() { result = getGenericTypeParam(_) } - - final int getNumberOfGenericTypeParams() { result = count(getAGenericTypeParam()) } } diff --git a/swift/ql/lib/codeql/swift/generated/decl/GenericTypeDecl.qll b/swift/ql/lib/codeql/swift/generated/decl/GenericTypeDecl.qll index 369d3008a1e..3a6f7958595 100644 --- a/swift/ql/lib/codeql/swift/generated/decl/GenericTypeDecl.qll +++ b/swift/ql/lib/codeql/swift/generated/decl/GenericTypeDecl.qll @@ -4,4 +4,6 @@ private import codeql.swift.generated.Raw import codeql.swift.elements.decl.GenericContext import codeql.swift.elements.decl.TypeDecl -class GenericTypeDeclBase extends Synth::TGenericTypeDecl, GenericContext, TypeDecl { } +module Generated { + class GenericTypeDecl extends Synth::TGenericTypeDecl, GenericContext, TypeDecl { } +} diff --git a/swift/ql/lib/codeql/swift/generated/decl/GenericTypeParamDecl.qll b/swift/ql/lib/codeql/swift/generated/decl/GenericTypeParamDecl.qll index 4f29fb10986..d65a11cb0e7 100644 --- a/swift/ql/lib/codeql/swift/generated/decl/GenericTypeParamDecl.qll +++ b/swift/ql/lib/codeql/swift/generated/decl/GenericTypeParamDecl.qll @@ -3,6 +3,8 @@ private import codeql.swift.generated.Synth private import codeql.swift.generated.Raw import codeql.swift.elements.decl.AbstractTypeParamDecl -class GenericTypeParamDeclBase extends Synth::TGenericTypeParamDecl, AbstractTypeParamDecl { - override string getAPrimaryQlClass() { result = "GenericTypeParamDecl" } +module Generated { + class GenericTypeParamDecl extends Synth::TGenericTypeParamDecl, AbstractTypeParamDecl { + override string getAPrimaryQlClass() { result = "GenericTypeParamDecl" } + } } diff --git a/swift/ql/lib/codeql/swift/generated/decl/IfConfigDecl.qll b/swift/ql/lib/codeql/swift/generated/decl/IfConfigDecl.qll index a2daf391620..af10e24c832 100644 --- a/swift/ql/lib/codeql/swift/generated/decl/IfConfigDecl.qll +++ b/swift/ql/lib/codeql/swift/generated/decl/IfConfigDecl.qll @@ -4,19 +4,23 @@ private import codeql.swift.generated.Raw import codeql.swift.elements.AstNode import codeql.swift.elements.decl.Decl -class IfConfigDeclBase extends Synth::TIfConfigDecl, Decl { - override string getAPrimaryQlClass() { result = "IfConfigDecl" } +module Generated { + class IfConfigDecl extends Synth::TIfConfigDecl, Decl { + override string getAPrimaryQlClass() { result = "IfConfigDecl" } - AstNode getImmediateActiveElement(int index) { - result = - Synth::convertAstNodeFromRaw(Synth::convertIfConfigDeclToRaw(this) - .(Raw::IfConfigDecl) - .getActiveElement(index)) + AstNode getImmediateActiveElement(int index) { + result = + Synth::convertAstNodeFromRaw(Synth::convertIfConfigDeclToRaw(this) + .(Raw::IfConfigDecl) + .getActiveElement(index)) + } + + final AstNode getActiveElement(int index) { + result = getImmediateActiveElement(index).resolve() + } + + final AstNode getAnActiveElement() { result = getActiveElement(_) } + + final int getNumberOfActiveElements() { result = count(getAnActiveElement()) } } - - final AstNode getActiveElement(int index) { result = getImmediateActiveElement(index).resolve() } - - final AstNode getAnActiveElement() { result = getActiveElement(_) } - - final int getNumberOfActiveElements() { result = count(getAnActiveElement()) } } diff --git a/swift/ql/lib/codeql/swift/generated/decl/ImportDecl.qll b/swift/ql/lib/codeql/swift/generated/decl/ImportDecl.qll index 46ba324bc46..c20a7424062 100644 --- a/swift/ql/lib/codeql/swift/generated/decl/ImportDecl.qll +++ b/swift/ql/lib/codeql/swift/generated/decl/ImportDecl.qll @@ -5,32 +5,34 @@ import codeql.swift.elements.decl.Decl import codeql.swift.elements.decl.ModuleDecl import codeql.swift.elements.decl.ValueDecl -class ImportDeclBase extends Synth::TImportDecl, Decl { - override string getAPrimaryQlClass() { result = "ImportDecl" } +module Generated { + class ImportDecl extends Synth::TImportDecl, Decl { + override string getAPrimaryQlClass() { result = "ImportDecl" } - predicate isExported() { Synth::convertImportDeclToRaw(this).(Raw::ImportDecl).isExported() } + predicate isExported() { Synth::convertImportDeclToRaw(this).(Raw::ImportDecl).isExported() } - ModuleDecl getImmediateImportedModule() { - result = - Synth::convertModuleDeclFromRaw(Synth::convertImportDeclToRaw(this) - .(Raw::ImportDecl) - .getImportedModule()) + ModuleDecl getImmediateImportedModule() { + result = + Synth::convertModuleDeclFromRaw(Synth::convertImportDeclToRaw(this) + .(Raw::ImportDecl) + .getImportedModule()) + } + + final ModuleDecl getImportedModule() { result = getImmediateImportedModule().resolve() } + + final predicate hasImportedModule() { exists(getImportedModule()) } + + ValueDecl getImmediateDeclaration(int index) { + result = + Synth::convertValueDeclFromRaw(Synth::convertImportDeclToRaw(this) + .(Raw::ImportDecl) + .getDeclaration(index)) + } + + final ValueDecl getDeclaration(int index) { result = getImmediateDeclaration(index).resolve() } + + final ValueDecl getADeclaration() { result = getDeclaration(_) } + + final int getNumberOfDeclarations() { result = count(getADeclaration()) } } - - final ModuleDecl getImportedModule() { result = getImmediateImportedModule().resolve() } - - final predicate hasImportedModule() { exists(getImportedModule()) } - - ValueDecl getImmediateDeclaration(int index) { - result = - Synth::convertValueDeclFromRaw(Synth::convertImportDeclToRaw(this) - .(Raw::ImportDecl) - .getDeclaration(index)) - } - - final ValueDecl getDeclaration(int index) { result = getImmediateDeclaration(index).resolve() } - - final ValueDecl getADeclaration() { result = getDeclaration(_) } - - final int getNumberOfDeclarations() { result = count(getADeclaration()) } } diff --git a/swift/ql/lib/codeql/swift/generated/decl/InfixOperatorDecl.qll b/swift/ql/lib/codeql/swift/generated/decl/InfixOperatorDecl.qll index bd36ee14c54..cbd6f0880f2 100644 --- a/swift/ql/lib/codeql/swift/generated/decl/InfixOperatorDecl.qll +++ b/swift/ql/lib/codeql/swift/generated/decl/InfixOperatorDecl.qll @@ -4,19 +4,21 @@ private import codeql.swift.generated.Raw import codeql.swift.elements.decl.OperatorDecl import codeql.swift.elements.decl.PrecedenceGroupDecl -class InfixOperatorDeclBase extends Synth::TInfixOperatorDecl, OperatorDecl { - override string getAPrimaryQlClass() { result = "InfixOperatorDecl" } +module Generated { + class InfixOperatorDecl extends Synth::TInfixOperatorDecl, OperatorDecl { + override string getAPrimaryQlClass() { result = "InfixOperatorDecl" } - PrecedenceGroupDecl getImmediatePrecedenceGroup() { - result = - Synth::convertPrecedenceGroupDeclFromRaw(Synth::convertInfixOperatorDeclToRaw(this) - .(Raw::InfixOperatorDecl) - .getPrecedenceGroup()) + PrecedenceGroupDecl getImmediatePrecedenceGroup() { + result = + Synth::convertPrecedenceGroupDeclFromRaw(Synth::convertInfixOperatorDeclToRaw(this) + .(Raw::InfixOperatorDecl) + .getPrecedenceGroup()) + } + + final PrecedenceGroupDecl getPrecedenceGroup() { + result = getImmediatePrecedenceGroup().resolve() + } + + final predicate hasPrecedenceGroup() { exists(getPrecedenceGroup()) } } - - final PrecedenceGroupDecl getPrecedenceGroup() { - result = getImmediatePrecedenceGroup().resolve() - } - - final predicate hasPrecedenceGroup() { exists(getPrecedenceGroup()) } } diff --git a/swift/ql/lib/codeql/swift/generated/decl/IterableDeclContext.qll b/swift/ql/lib/codeql/swift/generated/decl/IterableDeclContext.qll index 88229407ef0..8ceed578897 100644 --- a/swift/ql/lib/codeql/swift/generated/decl/IterableDeclContext.qll +++ b/swift/ql/lib/codeql/swift/generated/decl/IterableDeclContext.qll @@ -4,17 +4,19 @@ private import codeql.swift.generated.Raw import codeql.swift.elements.decl.Decl import codeql.swift.elements.Element -class IterableDeclContextBase extends Synth::TIterableDeclContext, Element { - Decl getImmediateMember(int index) { - result = - Synth::convertDeclFromRaw(Synth::convertIterableDeclContextToRaw(this) - .(Raw::IterableDeclContext) - .getMember(index)) +module Generated { + class IterableDeclContext extends Synth::TIterableDeclContext, Element { + Decl getImmediateMember(int index) { + result = + Synth::convertDeclFromRaw(Synth::convertIterableDeclContextToRaw(this) + .(Raw::IterableDeclContext) + .getMember(index)) + } + + final Decl getMember(int index) { result = getImmediateMember(index).resolve() } + + final Decl getAMember() { result = getMember(_) } + + final int getNumberOfMembers() { result = count(getAMember()) } } - - final Decl getMember(int index) { result = getImmediateMember(index).resolve() } - - final Decl getAMember() { result = getMember(_) } - - final int getNumberOfMembers() { result = count(getAMember()) } } diff --git a/swift/ql/lib/codeql/swift/generated/decl/MissingMemberDecl.qll b/swift/ql/lib/codeql/swift/generated/decl/MissingMemberDecl.qll index f13324dd445..df1377a7fec 100644 --- a/swift/ql/lib/codeql/swift/generated/decl/MissingMemberDecl.qll +++ b/swift/ql/lib/codeql/swift/generated/decl/MissingMemberDecl.qll @@ -3,6 +3,8 @@ private import codeql.swift.generated.Synth private import codeql.swift.generated.Raw import codeql.swift.elements.decl.Decl -class MissingMemberDeclBase extends Synth::TMissingMemberDecl, Decl { - override string getAPrimaryQlClass() { result = "MissingMemberDecl" } +module Generated { + class MissingMemberDecl extends Synth::TMissingMemberDecl, Decl { + override string getAPrimaryQlClass() { result = "MissingMemberDecl" } + } } diff --git a/swift/ql/lib/codeql/swift/generated/decl/ModuleDecl.qll b/swift/ql/lib/codeql/swift/generated/decl/ModuleDecl.qll index eb064816333..5afb38cda0b 100644 --- a/swift/ql/lib/codeql/swift/generated/decl/ModuleDecl.qll +++ b/swift/ql/lib/codeql/swift/generated/decl/ModuleDecl.qll @@ -1,47 +1,48 @@ // generated by codegen/codegen.py private import codeql.swift.generated.Synth private import codeql.swift.generated.Raw -import codeql.swift.elements.decl.ModuleDecl import codeql.swift.elements.decl.TypeDecl -class ModuleDeclBase extends Synth::TModuleDecl, TypeDecl { - override string getAPrimaryQlClass() { result = "ModuleDecl" } +module Generated { + class ModuleDecl extends Synth::TModuleDecl, TypeDecl { + override string getAPrimaryQlClass() { result = "ModuleDecl" } - predicate isBuiltinModule() { - Synth::convertModuleDeclToRaw(this).(Raw::ModuleDecl).isBuiltinModule() + predicate isBuiltinModule() { + Synth::convertModuleDeclToRaw(this).(Raw::ModuleDecl).isBuiltinModule() + } + + predicate isSystemModule() { + Synth::convertModuleDeclToRaw(this).(Raw::ModuleDecl).isSystemModule() + } + + ModuleDecl getImmediateImportedModule(int index) { + result = + Synth::convertModuleDeclFromRaw(Synth::convertModuleDeclToRaw(this) + .(Raw::ModuleDecl) + .getImportedModule(index)) + } + + final ModuleDecl getImportedModule(int index) { + result = getImmediateImportedModule(index).resolve() + } + + final ModuleDecl getAnImportedModule() { result = getImportedModule(_) } + + final int getNumberOfImportedModules() { result = count(getAnImportedModule()) } + + ModuleDecl getImmediateExportedModule(int index) { + result = + Synth::convertModuleDeclFromRaw(Synth::convertModuleDeclToRaw(this) + .(Raw::ModuleDecl) + .getExportedModule(index)) + } + + final ModuleDecl getExportedModule(int index) { + result = getImmediateExportedModule(index).resolve() + } + + final ModuleDecl getAnExportedModule() { result = getExportedModule(_) } + + final int getNumberOfExportedModules() { result = count(getAnExportedModule()) } } - - predicate isSystemModule() { - Synth::convertModuleDeclToRaw(this).(Raw::ModuleDecl).isSystemModule() - } - - ModuleDecl getImmediateImportedModule(int index) { - result = - Synth::convertModuleDeclFromRaw(Synth::convertModuleDeclToRaw(this) - .(Raw::ModuleDecl) - .getImportedModule(index)) - } - - final ModuleDecl getImportedModule(int index) { - result = getImmediateImportedModule(index).resolve() - } - - final ModuleDecl getAnImportedModule() { result = getImportedModule(_) } - - final int getNumberOfImportedModules() { result = count(getAnImportedModule()) } - - ModuleDecl getImmediateExportedModule(int index) { - result = - Synth::convertModuleDeclFromRaw(Synth::convertModuleDeclToRaw(this) - .(Raw::ModuleDecl) - .getExportedModule(index)) - } - - final ModuleDecl getExportedModule(int index) { - result = getImmediateExportedModule(index).resolve() - } - - final ModuleDecl getAnExportedModule() { result = getExportedModule(_) } - - final int getNumberOfExportedModules() { result = count(getAnExportedModule()) } } diff --git a/swift/ql/lib/codeql/swift/generated/decl/NominalTypeDecl.qll b/swift/ql/lib/codeql/swift/generated/decl/NominalTypeDecl.qll index 19d6be25f17..63d63da969c 100644 --- a/swift/ql/lib/codeql/swift/generated/decl/NominalTypeDecl.qll +++ b/swift/ql/lib/codeql/swift/generated/decl/NominalTypeDecl.qll @@ -5,13 +5,15 @@ import codeql.swift.elements.decl.GenericTypeDecl import codeql.swift.elements.decl.IterableDeclContext import codeql.swift.elements.type.Type -class NominalTypeDeclBase extends Synth::TNominalTypeDecl, GenericTypeDecl, IterableDeclContext { - Type getImmediateType() { - result = - Synth::convertTypeFromRaw(Synth::convertNominalTypeDeclToRaw(this) - .(Raw::NominalTypeDecl) - .getType()) - } +module Generated { + class NominalTypeDecl extends Synth::TNominalTypeDecl, GenericTypeDecl, IterableDeclContext { + Type getImmediateType() { + result = + Synth::convertTypeFromRaw(Synth::convertNominalTypeDeclToRaw(this) + .(Raw::NominalTypeDecl) + .getType()) + } - final Type getType() { result = getImmediateType().resolve() } + final Type getType() { result = getImmediateType().resolve() } + } } diff --git a/swift/ql/lib/codeql/swift/generated/decl/OpaqueTypeDecl.qll b/swift/ql/lib/codeql/swift/generated/decl/OpaqueTypeDecl.qll index 190e3901b14..a4493d1a7fb 100644 --- a/swift/ql/lib/codeql/swift/generated/decl/OpaqueTypeDecl.qll +++ b/swift/ql/lib/codeql/swift/generated/decl/OpaqueTypeDecl.qll @@ -3,6 +3,8 @@ private import codeql.swift.generated.Synth private import codeql.swift.generated.Raw import codeql.swift.elements.decl.GenericTypeDecl -class OpaqueTypeDeclBase extends Synth::TOpaqueTypeDecl, GenericTypeDecl { - override string getAPrimaryQlClass() { result = "OpaqueTypeDecl" } +module Generated { + class OpaqueTypeDecl extends Synth::TOpaqueTypeDecl, GenericTypeDecl { + override string getAPrimaryQlClass() { result = "OpaqueTypeDecl" } + } } diff --git a/swift/ql/lib/codeql/swift/generated/decl/OperatorDecl.qll b/swift/ql/lib/codeql/swift/generated/decl/OperatorDecl.qll index 5f761333704..b7ae000ed38 100644 --- a/swift/ql/lib/codeql/swift/generated/decl/OperatorDecl.qll +++ b/swift/ql/lib/codeql/swift/generated/decl/OperatorDecl.qll @@ -3,6 +3,10 @@ private import codeql.swift.generated.Synth private import codeql.swift.generated.Raw import codeql.swift.elements.decl.Decl -class OperatorDeclBase extends Synth::TOperatorDecl, Decl { - string getName() { result = Synth::convertOperatorDeclToRaw(this).(Raw::OperatorDecl).getName() } +module Generated { + class OperatorDecl extends Synth::TOperatorDecl, Decl { + string getName() { + result = Synth::convertOperatorDeclToRaw(this).(Raw::OperatorDecl).getName() + } + } } diff --git a/swift/ql/lib/codeql/swift/generated/decl/ParamDecl.qll b/swift/ql/lib/codeql/swift/generated/decl/ParamDecl.qll index fecd39d3ee8..1c4de4aba40 100644 --- a/swift/ql/lib/codeql/swift/generated/decl/ParamDecl.qll +++ b/swift/ql/lib/codeql/swift/generated/decl/ParamDecl.qll @@ -3,8 +3,10 @@ private import codeql.swift.generated.Synth private import codeql.swift.generated.Raw import codeql.swift.elements.decl.VarDecl -class ParamDeclBase extends Synth::TParamDecl, VarDecl { - override string getAPrimaryQlClass() { result = "ParamDecl" } +module Generated { + class ParamDecl extends Synth::TParamDecl, VarDecl { + override string getAPrimaryQlClass() { result = "ParamDecl" } - predicate isInout() { Synth::convertParamDeclToRaw(this).(Raw::ParamDecl).isInout() } + predicate isInout() { Synth::convertParamDeclToRaw(this).(Raw::ParamDecl).isInout() } + } } diff --git a/swift/ql/lib/codeql/swift/generated/decl/PatternBindingDecl.qll b/swift/ql/lib/codeql/swift/generated/decl/PatternBindingDecl.qll index e68cdeb451d..87e0a7eb649 100644 --- a/swift/ql/lib/codeql/swift/generated/decl/PatternBindingDecl.qll +++ b/swift/ql/lib/codeql/swift/generated/decl/PatternBindingDecl.qll @@ -5,32 +5,34 @@ import codeql.swift.elements.decl.Decl import codeql.swift.elements.expr.Expr import codeql.swift.elements.pattern.Pattern -class PatternBindingDeclBase extends Synth::TPatternBindingDecl, Decl { - override string getAPrimaryQlClass() { result = "PatternBindingDecl" } +module Generated { + class PatternBindingDecl extends Synth::TPatternBindingDecl, Decl { + override string getAPrimaryQlClass() { result = "PatternBindingDecl" } - Expr getImmediateInit(int index) { - result = - Synth::convertExprFromRaw(Synth::convertPatternBindingDeclToRaw(this) - .(Raw::PatternBindingDecl) - .getInit(index)) + Expr getImmediateInit(int index) { + result = + Synth::convertExprFromRaw(Synth::convertPatternBindingDeclToRaw(this) + .(Raw::PatternBindingDecl) + .getInit(index)) + } + + final Expr getInit(int index) { result = getImmediateInit(index).resolve() } + + final predicate hasInit(int index) { exists(getInit(index)) } + + final Expr getAnInit() { result = getInit(_) } + + Pattern getImmediatePattern(int index) { + result = + Synth::convertPatternFromRaw(Synth::convertPatternBindingDeclToRaw(this) + .(Raw::PatternBindingDecl) + .getPattern(index)) + } + + final Pattern getPattern(int index) { result = getImmediatePattern(index).resolve() } + + final Pattern getAPattern() { result = getPattern(_) } + + final int getNumberOfPatterns() { result = count(getAPattern()) } } - - final Expr getInit(int index) { result = getImmediateInit(index).resolve() } - - final predicate hasInit(int index) { exists(getInit(index)) } - - final Expr getAnInit() { result = getInit(_) } - - Pattern getImmediatePattern(int index) { - result = - Synth::convertPatternFromRaw(Synth::convertPatternBindingDeclToRaw(this) - .(Raw::PatternBindingDecl) - .getPattern(index)) - } - - final Pattern getPattern(int index) { result = getImmediatePattern(index).resolve() } - - final Pattern getAPattern() { result = getPattern(_) } - - final int getNumberOfPatterns() { result = count(getAPattern()) } } diff --git a/swift/ql/lib/codeql/swift/generated/decl/PostfixOperatorDecl.qll b/swift/ql/lib/codeql/swift/generated/decl/PostfixOperatorDecl.qll index 98e302d1bc1..2d160c3ae5d 100644 --- a/swift/ql/lib/codeql/swift/generated/decl/PostfixOperatorDecl.qll +++ b/swift/ql/lib/codeql/swift/generated/decl/PostfixOperatorDecl.qll @@ -3,6 +3,8 @@ private import codeql.swift.generated.Synth private import codeql.swift.generated.Raw import codeql.swift.elements.decl.OperatorDecl -class PostfixOperatorDeclBase extends Synth::TPostfixOperatorDecl, OperatorDecl { - override string getAPrimaryQlClass() { result = "PostfixOperatorDecl" } +module Generated { + class PostfixOperatorDecl extends Synth::TPostfixOperatorDecl, OperatorDecl { + override string getAPrimaryQlClass() { result = "PostfixOperatorDecl" } + } } diff --git a/swift/ql/lib/codeql/swift/generated/decl/PoundDiagnosticDecl.qll b/swift/ql/lib/codeql/swift/generated/decl/PoundDiagnosticDecl.qll index 766bfa2af3e..efa71409638 100644 --- a/swift/ql/lib/codeql/swift/generated/decl/PoundDiagnosticDecl.qll +++ b/swift/ql/lib/codeql/swift/generated/decl/PoundDiagnosticDecl.qll @@ -3,6 +3,8 @@ private import codeql.swift.generated.Synth private import codeql.swift.generated.Raw import codeql.swift.elements.decl.Decl -class PoundDiagnosticDeclBase extends Synth::TPoundDiagnosticDecl, Decl { - override string getAPrimaryQlClass() { result = "PoundDiagnosticDecl" } +module Generated { + class PoundDiagnosticDecl extends Synth::TPoundDiagnosticDecl, Decl { + override string getAPrimaryQlClass() { result = "PoundDiagnosticDecl" } + } } diff --git a/swift/ql/lib/codeql/swift/generated/decl/PrecedenceGroupDecl.qll b/swift/ql/lib/codeql/swift/generated/decl/PrecedenceGroupDecl.qll index 4a9da0b0b80..e8b0b7f49e5 100644 --- a/swift/ql/lib/codeql/swift/generated/decl/PrecedenceGroupDecl.qll +++ b/swift/ql/lib/codeql/swift/generated/decl/PrecedenceGroupDecl.qll @@ -3,6 +3,8 @@ private import codeql.swift.generated.Synth private import codeql.swift.generated.Raw import codeql.swift.elements.decl.Decl -class PrecedenceGroupDeclBase extends Synth::TPrecedenceGroupDecl, Decl { - override string getAPrimaryQlClass() { result = "PrecedenceGroupDecl" } +module Generated { + class PrecedenceGroupDecl extends Synth::TPrecedenceGroupDecl, Decl { + override string getAPrimaryQlClass() { result = "PrecedenceGroupDecl" } + } } diff --git a/swift/ql/lib/codeql/swift/generated/decl/PrefixOperatorDecl.qll b/swift/ql/lib/codeql/swift/generated/decl/PrefixOperatorDecl.qll index 06fb56cf59d..e82d3e73665 100644 --- a/swift/ql/lib/codeql/swift/generated/decl/PrefixOperatorDecl.qll +++ b/swift/ql/lib/codeql/swift/generated/decl/PrefixOperatorDecl.qll @@ -3,6 +3,8 @@ private import codeql.swift.generated.Synth private import codeql.swift.generated.Raw import codeql.swift.elements.decl.OperatorDecl -class PrefixOperatorDeclBase extends Synth::TPrefixOperatorDecl, OperatorDecl { - override string getAPrimaryQlClass() { result = "PrefixOperatorDecl" } +module Generated { + class PrefixOperatorDecl extends Synth::TPrefixOperatorDecl, OperatorDecl { + override string getAPrimaryQlClass() { result = "PrefixOperatorDecl" } + } } diff --git a/swift/ql/lib/codeql/swift/generated/decl/ProtocolDecl.qll b/swift/ql/lib/codeql/swift/generated/decl/ProtocolDecl.qll index 513a5bd9cbb..8ab909a2a06 100644 --- a/swift/ql/lib/codeql/swift/generated/decl/ProtocolDecl.qll +++ b/swift/ql/lib/codeql/swift/generated/decl/ProtocolDecl.qll @@ -3,6 +3,8 @@ private import codeql.swift.generated.Synth private import codeql.swift.generated.Raw import codeql.swift.elements.decl.NominalTypeDecl -class ProtocolDeclBase extends Synth::TProtocolDecl, NominalTypeDecl { - override string getAPrimaryQlClass() { result = "ProtocolDecl" } +module Generated { + class ProtocolDecl extends Synth::TProtocolDecl, NominalTypeDecl { + override string getAPrimaryQlClass() { result = "ProtocolDecl" } + } } diff --git a/swift/ql/lib/codeql/swift/generated/decl/StructDecl.qll b/swift/ql/lib/codeql/swift/generated/decl/StructDecl.qll index 21a08fb39bf..8ab94db5864 100644 --- a/swift/ql/lib/codeql/swift/generated/decl/StructDecl.qll +++ b/swift/ql/lib/codeql/swift/generated/decl/StructDecl.qll @@ -3,6 +3,8 @@ private import codeql.swift.generated.Synth private import codeql.swift.generated.Raw import codeql.swift.elements.decl.NominalTypeDecl -class StructDeclBase extends Synth::TStructDecl, NominalTypeDecl { - override string getAPrimaryQlClass() { result = "StructDecl" } +module Generated { + class StructDecl extends Synth::TStructDecl, NominalTypeDecl { + override string getAPrimaryQlClass() { result = "StructDecl" } + } } diff --git a/swift/ql/lib/codeql/swift/generated/decl/SubscriptDecl.qll b/swift/ql/lib/codeql/swift/generated/decl/SubscriptDecl.qll index fabd9a9e22f..b2242cff5d3 100644 --- a/swift/ql/lib/codeql/swift/generated/decl/SubscriptDecl.qll +++ b/swift/ql/lib/codeql/swift/generated/decl/SubscriptDecl.qll @@ -6,28 +6,30 @@ import codeql.swift.elements.decl.GenericContext import codeql.swift.elements.decl.ParamDecl import codeql.swift.elements.type.Type -class SubscriptDeclBase extends Synth::TSubscriptDecl, AbstractStorageDecl, GenericContext { - override string getAPrimaryQlClass() { result = "SubscriptDecl" } +module Generated { + class SubscriptDecl extends Synth::TSubscriptDecl, AbstractStorageDecl, GenericContext { + override string getAPrimaryQlClass() { result = "SubscriptDecl" } - ParamDecl getImmediateParam(int index) { - result = - Synth::convertParamDeclFromRaw(Synth::convertSubscriptDeclToRaw(this) - .(Raw::SubscriptDecl) - .getParam(index)) + ParamDecl getImmediateParam(int index) { + result = + Synth::convertParamDeclFromRaw(Synth::convertSubscriptDeclToRaw(this) + .(Raw::SubscriptDecl) + .getParam(index)) + } + + final ParamDecl getParam(int index) { result = getImmediateParam(index).resolve() } + + final ParamDecl getAParam() { result = getParam(_) } + + final int getNumberOfParams() { result = count(getAParam()) } + + Type getImmediateElementType() { + result = + Synth::convertTypeFromRaw(Synth::convertSubscriptDeclToRaw(this) + .(Raw::SubscriptDecl) + .getElementType()) + } + + final Type getElementType() { result = getImmediateElementType().resolve() } } - - final ParamDecl getParam(int index) { result = getImmediateParam(index).resolve() } - - final ParamDecl getAParam() { result = getParam(_) } - - final int getNumberOfParams() { result = count(getAParam()) } - - Type getImmediateElementType() { - result = - Synth::convertTypeFromRaw(Synth::convertSubscriptDeclToRaw(this) - .(Raw::SubscriptDecl) - .getElementType()) - } - - final Type getElementType() { result = getImmediateElementType().resolve() } } diff --git a/swift/ql/lib/codeql/swift/generated/decl/TopLevelCodeDecl.qll b/swift/ql/lib/codeql/swift/generated/decl/TopLevelCodeDecl.qll index fa534c08520..94b40eba8ab 100644 --- a/swift/ql/lib/codeql/swift/generated/decl/TopLevelCodeDecl.qll +++ b/swift/ql/lib/codeql/swift/generated/decl/TopLevelCodeDecl.qll @@ -4,15 +4,17 @@ private import codeql.swift.generated.Raw import codeql.swift.elements.stmt.BraceStmt import codeql.swift.elements.decl.Decl -class TopLevelCodeDeclBase extends Synth::TTopLevelCodeDecl, Decl { - override string getAPrimaryQlClass() { result = "TopLevelCodeDecl" } +module Generated { + class TopLevelCodeDecl extends Synth::TTopLevelCodeDecl, Decl { + override string getAPrimaryQlClass() { result = "TopLevelCodeDecl" } - BraceStmt getImmediateBody() { - result = - Synth::convertBraceStmtFromRaw(Synth::convertTopLevelCodeDeclToRaw(this) - .(Raw::TopLevelCodeDecl) - .getBody()) + BraceStmt getImmediateBody() { + result = + Synth::convertBraceStmtFromRaw(Synth::convertTopLevelCodeDeclToRaw(this) + .(Raw::TopLevelCodeDecl) + .getBody()) + } + + final BraceStmt getBody() { result = getImmediateBody().resolve() } } - - final BraceStmt getBody() { result = getImmediateBody().resolve() } } diff --git a/swift/ql/lib/codeql/swift/generated/decl/TypeAliasDecl.qll b/swift/ql/lib/codeql/swift/generated/decl/TypeAliasDecl.qll index 0df40ceffbe..1e9dbd7bc46 100644 --- a/swift/ql/lib/codeql/swift/generated/decl/TypeAliasDecl.qll +++ b/swift/ql/lib/codeql/swift/generated/decl/TypeAliasDecl.qll @@ -3,6 +3,8 @@ private import codeql.swift.generated.Synth private import codeql.swift.generated.Raw import codeql.swift.elements.decl.GenericTypeDecl -class TypeAliasDeclBase extends Synth::TTypeAliasDecl, GenericTypeDecl { - override string getAPrimaryQlClass() { result = "TypeAliasDecl" } +module Generated { + class TypeAliasDecl extends Synth::TTypeAliasDecl, GenericTypeDecl { + override string getAPrimaryQlClass() { result = "TypeAliasDecl" } + } } diff --git a/swift/ql/lib/codeql/swift/generated/decl/TypeDecl.qll b/swift/ql/lib/codeql/swift/generated/decl/TypeDecl.qll index dcc82d1cdaa..889fa712f87 100644 --- a/swift/ql/lib/codeql/swift/generated/decl/TypeDecl.qll +++ b/swift/ql/lib/codeql/swift/generated/decl/TypeDecl.qll @@ -4,17 +4,21 @@ private import codeql.swift.generated.Raw import codeql.swift.elements.type.Type import codeql.swift.elements.decl.ValueDecl -class TypeDeclBase extends Synth::TTypeDecl, ValueDecl { - string getName() { result = Synth::convertTypeDeclToRaw(this).(Raw::TypeDecl).getName() } +module Generated { + class TypeDecl extends Synth::TTypeDecl, ValueDecl { + string getName() { result = Synth::convertTypeDeclToRaw(this).(Raw::TypeDecl).getName() } - Type getImmediateBaseType(int index) { - result = - Synth::convertTypeFromRaw(Synth::convertTypeDeclToRaw(this).(Raw::TypeDecl).getBaseType(index)) + Type getImmediateBaseType(int index) { + result = + Synth::convertTypeFromRaw(Synth::convertTypeDeclToRaw(this) + .(Raw::TypeDecl) + .getBaseType(index)) + } + + final Type getBaseType(int index) { result = getImmediateBaseType(index).resolve() } + + final Type getABaseType() { result = getBaseType(_) } + + final int getNumberOfBaseTypes() { result = count(getABaseType()) } } - - final Type getBaseType(int index) { result = getImmediateBaseType(index).resolve() } - - final Type getABaseType() { result = getBaseType(_) } - - final int getNumberOfBaseTypes() { result = count(getABaseType()) } } diff --git a/swift/ql/lib/codeql/swift/generated/decl/ValueDecl.qll b/swift/ql/lib/codeql/swift/generated/decl/ValueDecl.qll index 2d70489ddd4..cb0a97dd859 100644 --- a/swift/ql/lib/codeql/swift/generated/decl/ValueDecl.qll +++ b/swift/ql/lib/codeql/swift/generated/decl/ValueDecl.qll @@ -4,13 +4,15 @@ private import codeql.swift.generated.Raw import codeql.swift.elements.decl.Decl import codeql.swift.elements.type.Type -class ValueDeclBase extends Synth::TValueDecl, Decl { - Type getImmediateInterfaceType() { - result = - Synth::convertTypeFromRaw(Synth::convertValueDeclToRaw(this) - .(Raw::ValueDecl) - .getInterfaceType()) - } +module Generated { + class ValueDecl extends Synth::TValueDecl, Decl { + Type getImmediateInterfaceType() { + result = + Synth::convertTypeFromRaw(Synth::convertValueDeclToRaw(this) + .(Raw::ValueDecl) + .getInterfaceType()) + } - final Type getInterfaceType() { result = getImmediateInterfaceType().resolve() } + final Type getInterfaceType() { result = getImmediateInterfaceType().resolve() } + } } diff --git a/swift/ql/lib/codeql/swift/generated/decl/VarDecl.qll b/swift/ql/lib/codeql/swift/generated/decl/VarDecl.qll index c1788d6b0df..ec70e55d8fd 100644 --- a/swift/ql/lib/codeql/swift/generated/decl/VarDecl.qll +++ b/swift/ql/lib/codeql/swift/generated/decl/VarDecl.qll @@ -6,47 +6,49 @@ import codeql.swift.elements.expr.Expr import codeql.swift.elements.pattern.Pattern import codeql.swift.elements.type.Type -class VarDeclBase extends Synth::TVarDecl, AbstractStorageDecl { - string getName() { result = Synth::convertVarDeclToRaw(this).(Raw::VarDecl).getName() } +module Generated { + class VarDecl extends Synth::TVarDecl, AbstractStorageDecl { + string getName() { result = Synth::convertVarDeclToRaw(this).(Raw::VarDecl).getName() } - Type getImmediateType() { - result = Synth::convertTypeFromRaw(Synth::convertVarDeclToRaw(this).(Raw::VarDecl).getType()) + Type getImmediateType() { + result = Synth::convertTypeFromRaw(Synth::convertVarDeclToRaw(this).(Raw::VarDecl).getType()) + } + + final Type getType() { result = getImmediateType().resolve() } + + Type getImmediateAttachedPropertyWrapperType() { + result = + Synth::convertTypeFromRaw(Synth::convertVarDeclToRaw(this) + .(Raw::VarDecl) + .getAttachedPropertyWrapperType()) + } + + final Type getAttachedPropertyWrapperType() { + result = getImmediateAttachedPropertyWrapperType().resolve() + } + + final predicate hasAttachedPropertyWrapperType() { exists(getAttachedPropertyWrapperType()) } + + Pattern getImmediateParentPattern() { + result = + Synth::convertPatternFromRaw(Synth::convertVarDeclToRaw(this) + .(Raw::VarDecl) + .getParentPattern()) + } + + final Pattern getParentPattern() { result = getImmediateParentPattern().resolve() } + + final predicate hasParentPattern() { exists(getParentPattern()) } + + Expr getImmediateParentInitializer() { + result = + Synth::convertExprFromRaw(Synth::convertVarDeclToRaw(this) + .(Raw::VarDecl) + .getParentInitializer()) + } + + final Expr getParentInitializer() { result = getImmediateParentInitializer().resolve() } + + final predicate hasParentInitializer() { exists(getParentInitializer()) } } - - final Type getType() { result = getImmediateType().resolve() } - - Type getImmediateAttachedPropertyWrapperType() { - result = - Synth::convertTypeFromRaw(Synth::convertVarDeclToRaw(this) - .(Raw::VarDecl) - .getAttachedPropertyWrapperType()) - } - - final Type getAttachedPropertyWrapperType() { - result = getImmediateAttachedPropertyWrapperType().resolve() - } - - final predicate hasAttachedPropertyWrapperType() { exists(getAttachedPropertyWrapperType()) } - - Pattern getImmediateParentPattern() { - result = - Synth::convertPatternFromRaw(Synth::convertVarDeclToRaw(this) - .(Raw::VarDecl) - .getParentPattern()) - } - - final Pattern getParentPattern() { result = getImmediateParentPattern().resolve() } - - final predicate hasParentPattern() { exists(getParentPattern()) } - - Expr getImmediateParentInitializer() { - result = - Synth::convertExprFromRaw(Synth::convertVarDeclToRaw(this) - .(Raw::VarDecl) - .getParentInitializer()) - } - - final Expr getParentInitializer() { result = getImmediateParentInitializer().resolve() } - - final predicate hasParentInitializer() { exists(getParentInitializer()) } } diff --git a/swift/ql/lib/codeql/swift/generated/expr/AbstractClosureExpr.qll b/swift/ql/lib/codeql/swift/generated/expr/AbstractClosureExpr.qll index 8c4353e513e..1865251d61d 100644 --- a/swift/ql/lib/codeql/swift/generated/expr/AbstractClosureExpr.qll +++ b/swift/ql/lib/codeql/swift/generated/expr/AbstractClosureExpr.qll @@ -4,4 +4,6 @@ private import codeql.swift.generated.Raw import codeql.swift.elements.Callable import codeql.swift.elements.expr.Expr -class AbstractClosureExprBase extends Synth::TAbstractClosureExpr, Expr, Callable { } +module Generated { + class AbstractClosureExpr extends Synth::TAbstractClosureExpr, Expr, Callable { } +} diff --git a/swift/ql/lib/codeql/swift/generated/expr/AnyHashableErasureExpr.qll b/swift/ql/lib/codeql/swift/generated/expr/AnyHashableErasureExpr.qll index 76e8eaacfa3..c73c9f17553 100644 --- a/swift/ql/lib/codeql/swift/generated/expr/AnyHashableErasureExpr.qll +++ b/swift/ql/lib/codeql/swift/generated/expr/AnyHashableErasureExpr.qll @@ -3,6 +3,8 @@ private import codeql.swift.generated.Synth private import codeql.swift.generated.Raw import codeql.swift.elements.expr.ImplicitConversionExpr -class AnyHashableErasureExprBase extends Synth::TAnyHashableErasureExpr, ImplicitConversionExpr { - override string getAPrimaryQlClass() { result = "AnyHashableErasureExpr" } +module Generated { + class AnyHashableErasureExpr extends Synth::TAnyHashableErasureExpr, ImplicitConversionExpr { + override string getAPrimaryQlClass() { result = "AnyHashableErasureExpr" } + } } diff --git a/swift/ql/lib/codeql/swift/generated/expr/AnyTryExpr.qll b/swift/ql/lib/codeql/swift/generated/expr/AnyTryExpr.qll index aa2f44edd6c..2587ccf4ef4 100644 --- a/swift/ql/lib/codeql/swift/generated/expr/AnyTryExpr.qll +++ b/swift/ql/lib/codeql/swift/generated/expr/AnyTryExpr.qll @@ -3,11 +3,13 @@ private import codeql.swift.generated.Synth private import codeql.swift.generated.Raw import codeql.swift.elements.expr.Expr -class AnyTryExprBase extends Synth::TAnyTryExpr, Expr { - Expr getImmediateSubExpr() { - result = - Synth::convertExprFromRaw(Synth::convertAnyTryExprToRaw(this).(Raw::AnyTryExpr).getSubExpr()) - } +module Generated { + class AnyTryExpr extends Synth::TAnyTryExpr, Expr { + Expr getImmediateSubExpr() { + result = + Synth::convertExprFromRaw(Synth::convertAnyTryExprToRaw(this).(Raw::AnyTryExpr).getSubExpr()) + } - final Expr getSubExpr() { result = getImmediateSubExpr().resolve() } + final Expr getSubExpr() { result = getImmediateSubExpr().resolve() } + } } diff --git a/swift/ql/lib/codeql/swift/generated/expr/AppliedPropertyWrapperExpr.qll b/swift/ql/lib/codeql/swift/generated/expr/AppliedPropertyWrapperExpr.qll index 8fa041e5ad7..d97f087f5ea 100644 --- a/swift/ql/lib/codeql/swift/generated/expr/AppliedPropertyWrapperExpr.qll +++ b/swift/ql/lib/codeql/swift/generated/expr/AppliedPropertyWrapperExpr.qll @@ -3,6 +3,8 @@ private import codeql.swift.generated.Synth private import codeql.swift.generated.Raw import codeql.swift.elements.expr.Expr -class AppliedPropertyWrapperExprBase extends Synth::TAppliedPropertyWrapperExpr, Expr { - override string getAPrimaryQlClass() { result = "AppliedPropertyWrapperExpr" } +module Generated { + class AppliedPropertyWrapperExpr extends Synth::TAppliedPropertyWrapperExpr, Expr { + override string getAPrimaryQlClass() { result = "AppliedPropertyWrapperExpr" } + } } diff --git a/swift/ql/lib/codeql/swift/generated/expr/ApplyExpr.qll b/swift/ql/lib/codeql/swift/generated/expr/ApplyExpr.qll index 0cc7c401ec3..bf0c7adf781 100644 --- a/swift/ql/lib/codeql/swift/generated/expr/ApplyExpr.qll +++ b/swift/ql/lib/codeql/swift/generated/expr/ApplyExpr.qll @@ -4,24 +4,26 @@ private import codeql.swift.generated.Raw import codeql.swift.elements.expr.Argument import codeql.swift.elements.expr.Expr -class ApplyExprBase extends Synth::TApplyExpr, Expr { - Expr getImmediateFunction() { - result = - Synth::convertExprFromRaw(Synth::convertApplyExprToRaw(this).(Raw::ApplyExpr).getFunction()) +module Generated { + class ApplyExpr extends Synth::TApplyExpr, Expr { + Expr getImmediateFunction() { + result = + Synth::convertExprFromRaw(Synth::convertApplyExprToRaw(this).(Raw::ApplyExpr).getFunction()) + } + + final Expr getFunction() { result = getImmediateFunction().resolve() } + + Argument getImmediateArgument(int index) { + result = + Synth::convertArgumentFromRaw(Synth::convertApplyExprToRaw(this) + .(Raw::ApplyExpr) + .getArgument(index)) + } + + final Argument getArgument(int index) { result = getImmediateArgument(index).resolve() } + + final Argument getAnArgument() { result = getArgument(_) } + + final int getNumberOfArguments() { result = count(getAnArgument()) } } - - final Expr getFunction() { result = getImmediateFunction().resolve() } - - Argument getImmediateArgument(int index) { - result = - Synth::convertArgumentFromRaw(Synth::convertApplyExprToRaw(this) - .(Raw::ApplyExpr) - .getArgument(index)) - } - - final Argument getArgument(int index) { result = getImmediateArgument(index).resolve() } - - final Argument getAnArgument() { result = getArgument(_) } - - final int getNumberOfArguments() { result = count(getAnArgument()) } } diff --git a/swift/ql/lib/codeql/swift/generated/expr/ArchetypeToSuperExpr.qll b/swift/ql/lib/codeql/swift/generated/expr/ArchetypeToSuperExpr.qll index 8543f7ed210..e08742167b2 100644 --- a/swift/ql/lib/codeql/swift/generated/expr/ArchetypeToSuperExpr.qll +++ b/swift/ql/lib/codeql/swift/generated/expr/ArchetypeToSuperExpr.qll @@ -3,6 +3,8 @@ private import codeql.swift.generated.Synth private import codeql.swift.generated.Raw import codeql.swift.elements.expr.ImplicitConversionExpr -class ArchetypeToSuperExprBase extends Synth::TArchetypeToSuperExpr, ImplicitConversionExpr { - override string getAPrimaryQlClass() { result = "ArchetypeToSuperExpr" } +module Generated { + class ArchetypeToSuperExpr extends Synth::TArchetypeToSuperExpr, ImplicitConversionExpr { + override string getAPrimaryQlClass() { result = "ArchetypeToSuperExpr" } + } } diff --git a/swift/ql/lib/codeql/swift/generated/expr/Argument.qll b/swift/ql/lib/codeql/swift/generated/expr/Argument.qll index 23ad4cf1fc3..bff1265d553 100644 --- a/swift/ql/lib/codeql/swift/generated/expr/Argument.qll +++ b/swift/ql/lib/codeql/swift/generated/expr/Argument.qll @@ -4,14 +4,17 @@ private import codeql.swift.generated.Raw import codeql.swift.elements.expr.Expr import codeql.swift.elements.Locatable -class ArgumentBase extends Synth::TArgument, Locatable { - override string getAPrimaryQlClass() { result = "Argument" } +module Generated { + class Argument extends Synth::TArgument, Locatable { + override string getAPrimaryQlClass() { result = "Argument" } - string getLabel() { result = Synth::convertArgumentToRaw(this).(Raw::Argument).getLabel() } + string getLabel() { result = Synth::convertArgumentToRaw(this).(Raw::Argument).getLabel() } - Expr getImmediateExpr() { - result = Synth::convertExprFromRaw(Synth::convertArgumentToRaw(this).(Raw::Argument).getExpr()) + Expr getImmediateExpr() { + result = + Synth::convertExprFromRaw(Synth::convertArgumentToRaw(this).(Raw::Argument).getExpr()) + } + + final Expr getExpr() { result = getImmediateExpr().resolve() } } - - final Expr getExpr() { result = getImmediateExpr().resolve() } } diff --git a/swift/ql/lib/codeql/swift/generated/expr/ArrayExpr.qll b/swift/ql/lib/codeql/swift/generated/expr/ArrayExpr.qll index dc01fd51a0b..cfa7b5bc9e5 100644 --- a/swift/ql/lib/codeql/swift/generated/expr/ArrayExpr.qll +++ b/swift/ql/lib/codeql/swift/generated/expr/ArrayExpr.qll @@ -4,19 +4,21 @@ private import codeql.swift.generated.Raw import codeql.swift.elements.expr.CollectionExpr import codeql.swift.elements.expr.Expr -class ArrayExprBase extends Synth::TArrayExpr, CollectionExpr { - override string getAPrimaryQlClass() { result = "ArrayExpr" } +module Generated { + class ArrayExpr extends Synth::TArrayExpr, CollectionExpr { + override string getAPrimaryQlClass() { result = "ArrayExpr" } - Expr getImmediateElement(int index) { - result = - Synth::convertExprFromRaw(Synth::convertArrayExprToRaw(this) - .(Raw::ArrayExpr) - .getElement(index)) + Expr getImmediateElement(int index) { + result = + Synth::convertExprFromRaw(Synth::convertArrayExprToRaw(this) + .(Raw::ArrayExpr) + .getElement(index)) + } + + final Expr getElement(int index) { result = getImmediateElement(index).resolve() } + + final Expr getAnElement() { result = getElement(_) } + + final int getNumberOfElements() { result = count(getAnElement()) } } - - final Expr getElement(int index) { result = getImmediateElement(index).resolve() } - - final Expr getAnElement() { result = getElement(_) } - - final int getNumberOfElements() { result = count(getAnElement()) } } diff --git a/swift/ql/lib/codeql/swift/generated/expr/ArrayToPointerExpr.qll b/swift/ql/lib/codeql/swift/generated/expr/ArrayToPointerExpr.qll index 6c53368d924..9189a293045 100644 --- a/swift/ql/lib/codeql/swift/generated/expr/ArrayToPointerExpr.qll +++ b/swift/ql/lib/codeql/swift/generated/expr/ArrayToPointerExpr.qll @@ -3,6 +3,8 @@ private import codeql.swift.generated.Synth private import codeql.swift.generated.Raw import codeql.swift.elements.expr.ImplicitConversionExpr -class ArrayToPointerExprBase extends Synth::TArrayToPointerExpr, ImplicitConversionExpr { - override string getAPrimaryQlClass() { result = "ArrayToPointerExpr" } +module Generated { + class ArrayToPointerExpr extends Synth::TArrayToPointerExpr, ImplicitConversionExpr { + override string getAPrimaryQlClass() { result = "ArrayToPointerExpr" } + } } diff --git a/swift/ql/lib/codeql/swift/generated/expr/ArrowExpr.qll b/swift/ql/lib/codeql/swift/generated/expr/ArrowExpr.qll index 1c902944e47..323b8fae036 100644 --- a/swift/ql/lib/codeql/swift/generated/expr/ArrowExpr.qll +++ b/swift/ql/lib/codeql/swift/generated/expr/ArrowExpr.qll @@ -3,6 +3,8 @@ private import codeql.swift.generated.Synth private import codeql.swift.generated.Raw import codeql.swift.elements.expr.Expr -class ArrowExprBase extends Synth::TArrowExpr, Expr { - override string getAPrimaryQlClass() { result = "ArrowExpr" } +module Generated { + class ArrowExpr extends Synth::TArrowExpr, Expr { + override string getAPrimaryQlClass() { result = "ArrowExpr" } + } } diff --git a/swift/ql/lib/codeql/swift/generated/expr/AssignExpr.qll b/swift/ql/lib/codeql/swift/generated/expr/AssignExpr.qll index d994276534f..ab243fe9c8b 100644 --- a/swift/ql/lib/codeql/swift/generated/expr/AssignExpr.qll +++ b/swift/ql/lib/codeql/swift/generated/expr/AssignExpr.qll @@ -3,20 +3,22 @@ private import codeql.swift.generated.Synth private import codeql.swift.generated.Raw import codeql.swift.elements.expr.Expr -class AssignExprBase extends Synth::TAssignExpr, Expr { - override string getAPrimaryQlClass() { result = "AssignExpr" } +module Generated { + class AssignExpr extends Synth::TAssignExpr, Expr { + override string getAPrimaryQlClass() { result = "AssignExpr" } - Expr getImmediateDest() { - result = - Synth::convertExprFromRaw(Synth::convertAssignExprToRaw(this).(Raw::AssignExpr).getDest()) + Expr getImmediateDest() { + result = + Synth::convertExprFromRaw(Synth::convertAssignExprToRaw(this).(Raw::AssignExpr).getDest()) + } + + final Expr getDest() { result = getImmediateDest().resolve() } + + Expr getImmediateSource() { + result = + Synth::convertExprFromRaw(Synth::convertAssignExprToRaw(this).(Raw::AssignExpr).getSource()) + } + + final Expr getSource() { result = getImmediateSource().resolve() } } - - final Expr getDest() { result = getImmediateDest().resolve() } - - Expr getImmediateSource() { - result = - Synth::convertExprFromRaw(Synth::convertAssignExprToRaw(this).(Raw::AssignExpr).getSource()) - } - - final Expr getSource() { result = getImmediateSource().resolve() } } diff --git a/swift/ql/lib/codeql/swift/generated/expr/AutoClosureExpr.qll b/swift/ql/lib/codeql/swift/generated/expr/AutoClosureExpr.qll index bebca8f02a8..1eb3018958c 100644 --- a/swift/ql/lib/codeql/swift/generated/expr/AutoClosureExpr.qll +++ b/swift/ql/lib/codeql/swift/generated/expr/AutoClosureExpr.qll @@ -3,6 +3,8 @@ private import codeql.swift.generated.Synth private import codeql.swift.generated.Raw import codeql.swift.elements.expr.AbstractClosureExpr -class AutoClosureExprBase extends Synth::TAutoClosureExpr, AbstractClosureExpr { - override string getAPrimaryQlClass() { result = "AutoClosureExpr" } +module Generated { + class AutoClosureExpr extends Synth::TAutoClosureExpr, AbstractClosureExpr { + override string getAPrimaryQlClass() { result = "AutoClosureExpr" } + } } diff --git a/swift/ql/lib/codeql/swift/generated/expr/AwaitExpr.qll b/swift/ql/lib/codeql/swift/generated/expr/AwaitExpr.qll index 798898372f3..d4b7c1f3ade 100644 --- a/swift/ql/lib/codeql/swift/generated/expr/AwaitExpr.qll +++ b/swift/ql/lib/codeql/swift/generated/expr/AwaitExpr.qll @@ -3,6 +3,8 @@ private import codeql.swift.generated.Synth private import codeql.swift.generated.Raw import codeql.swift.elements.expr.IdentityExpr -class AwaitExprBase extends Synth::TAwaitExpr, IdentityExpr { - override string getAPrimaryQlClass() { result = "AwaitExpr" } +module Generated { + class AwaitExpr extends Synth::TAwaitExpr, IdentityExpr { + override string getAPrimaryQlClass() { result = "AwaitExpr" } + } } diff --git a/swift/ql/lib/codeql/swift/generated/expr/BinaryExpr.qll b/swift/ql/lib/codeql/swift/generated/expr/BinaryExpr.qll index cfe6e58ac28..6a13e33ee23 100644 --- a/swift/ql/lib/codeql/swift/generated/expr/BinaryExpr.qll +++ b/swift/ql/lib/codeql/swift/generated/expr/BinaryExpr.qll @@ -3,6 +3,8 @@ private import codeql.swift.generated.Synth private import codeql.swift.generated.Raw import codeql.swift.elements.expr.ApplyExpr -class BinaryExprBase extends Synth::TBinaryExpr, ApplyExpr { - override string getAPrimaryQlClass() { result = "BinaryExpr" } +module Generated { + class BinaryExpr extends Synth::TBinaryExpr, ApplyExpr { + override string getAPrimaryQlClass() { result = "BinaryExpr" } + } } diff --git a/swift/ql/lib/codeql/swift/generated/expr/BindOptionalExpr.qll b/swift/ql/lib/codeql/swift/generated/expr/BindOptionalExpr.qll index 6051a18eba2..694ee0bd9a6 100644 --- a/swift/ql/lib/codeql/swift/generated/expr/BindOptionalExpr.qll +++ b/swift/ql/lib/codeql/swift/generated/expr/BindOptionalExpr.qll @@ -3,15 +3,17 @@ private import codeql.swift.generated.Synth private import codeql.swift.generated.Raw import codeql.swift.elements.expr.Expr -class BindOptionalExprBase extends Synth::TBindOptionalExpr, Expr { - override string getAPrimaryQlClass() { result = "BindOptionalExpr" } +module Generated { + class BindOptionalExpr extends Synth::TBindOptionalExpr, Expr { + override string getAPrimaryQlClass() { result = "BindOptionalExpr" } - Expr getImmediateSubExpr() { - result = - Synth::convertExprFromRaw(Synth::convertBindOptionalExprToRaw(this) - .(Raw::BindOptionalExpr) - .getSubExpr()) + Expr getImmediateSubExpr() { + result = + Synth::convertExprFromRaw(Synth::convertBindOptionalExprToRaw(this) + .(Raw::BindOptionalExpr) + .getSubExpr()) + } + + final Expr getSubExpr() { result = getImmediateSubExpr().resolve() } } - - final Expr getSubExpr() { result = getImmediateSubExpr().resolve() } } diff --git a/swift/ql/lib/codeql/swift/generated/expr/BooleanLiteralExpr.qll b/swift/ql/lib/codeql/swift/generated/expr/BooleanLiteralExpr.qll index 5851375793b..dfeb8ea7e0c 100644 --- a/swift/ql/lib/codeql/swift/generated/expr/BooleanLiteralExpr.qll +++ b/swift/ql/lib/codeql/swift/generated/expr/BooleanLiteralExpr.qll @@ -3,10 +3,12 @@ private import codeql.swift.generated.Synth private import codeql.swift.generated.Raw import codeql.swift.elements.expr.BuiltinLiteralExpr -class BooleanLiteralExprBase extends Synth::TBooleanLiteralExpr, BuiltinLiteralExpr { - override string getAPrimaryQlClass() { result = "BooleanLiteralExpr" } +module Generated { + class BooleanLiteralExpr extends Synth::TBooleanLiteralExpr, BuiltinLiteralExpr { + override string getAPrimaryQlClass() { result = "BooleanLiteralExpr" } - boolean getValue() { - result = Synth::convertBooleanLiteralExprToRaw(this).(Raw::BooleanLiteralExpr).getValue() + boolean getValue() { + result = Synth::convertBooleanLiteralExprToRaw(this).(Raw::BooleanLiteralExpr).getValue() + } } } diff --git a/swift/ql/lib/codeql/swift/generated/expr/BridgeFromObjCExpr.qll b/swift/ql/lib/codeql/swift/generated/expr/BridgeFromObjCExpr.qll index abbe80782bc..55780cefe6d 100644 --- a/swift/ql/lib/codeql/swift/generated/expr/BridgeFromObjCExpr.qll +++ b/swift/ql/lib/codeql/swift/generated/expr/BridgeFromObjCExpr.qll @@ -3,6 +3,8 @@ private import codeql.swift.generated.Synth private import codeql.swift.generated.Raw import codeql.swift.elements.expr.ImplicitConversionExpr -class BridgeFromObjCExprBase extends Synth::TBridgeFromObjCExpr, ImplicitConversionExpr { - override string getAPrimaryQlClass() { result = "BridgeFromObjCExpr" } +module Generated { + class BridgeFromObjCExpr extends Synth::TBridgeFromObjCExpr, ImplicitConversionExpr { + override string getAPrimaryQlClass() { result = "BridgeFromObjCExpr" } + } } diff --git a/swift/ql/lib/codeql/swift/generated/expr/BridgeToObjCExpr.qll b/swift/ql/lib/codeql/swift/generated/expr/BridgeToObjCExpr.qll index 01b1ebda00a..6dd2a9512d1 100644 --- a/swift/ql/lib/codeql/swift/generated/expr/BridgeToObjCExpr.qll +++ b/swift/ql/lib/codeql/swift/generated/expr/BridgeToObjCExpr.qll @@ -3,6 +3,8 @@ private import codeql.swift.generated.Synth private import codeql.swift.generated.Raw import codeql.swift.elements.expr.ImplicitConversionExpr -class BridgeToObjCExprBase extends Synth::TBridgeToObjCExpr, ImplicitConversionExpr { - override string getAPrimaryQlClass() { result = "BridgeToObjCExpr" } +module Generated { + class BridgeToObjCExpr extends Synth::TBridgeToObjCExpr, ImplicitConversionExpr { + override string getAPrimaryQlClass() { result = "BridgeToObjCExpr" } + } } diff --git a/swift/ql/lib/codeql/swift/generated/expr/BuiltinLiteralExpr.qll b/swift/ql/lib/codeql/swift/generated/expr/BuiltinLiteralExpr.qll index 336d15eea69..eec283575f3 100644 --- a/swift/ql/lib/codeql/swift/generated/expr/BuiltinLiteralExpr.qll +++ b/swift/ql/lib/codeql/swift/generated/expr/BuiltinLiteralExpr.qll @@ -3,4 +3,6 @@ private import codeql.swift.generated.Synth private import codeql.swift.generated.Raw import codeql.swift.elements.expr.LiteralExpr -class BuiltinLiteralExprBase extends Synth::TBuiltinLiteralExpr, LiteralExpr { } +module Generated { + class BuiltinLiteralExpr extends Synth::TBuiltinLiteralExpr, LiteralExpr { } +} diff --git a/swift/ql/lib/codeql/swift/generated/expr/CallExpr.qll b/swift/ql/lib/codeql/swift/generated/expr/CallExpr.qll index 3b51c27ba8f..39fda3a2005 100644 --- a/swift/ql/lib/codeql/swift/generated/expr/CallExpr.qll +++ b/swift/ql/lib/codeql/swift/generated/expr/CallExpr.qll @@ -3,6 +3,8 @@ private import codeql.swift.generated.Synth private import codeql.swift.generated.Raw import codeql.swift.elements.expr.ApplyExpr -class CallExprBase extends Synth::TCallExpr, ApplyExpr { - override string getAPrimaryQlClass() { result = "CallExpr" } +module Generated { + class CallExpr extends Synth::TCallExpr, ApplyExpr { + override string getAPrimaryQlClass() { result = "CallExpr" } + } } diff --git a/swift/ql/lib/codeql/swift/generated/expr/CaptureListExpr.qll b/swift/ql/lib/codeql/swift/generated/expr/CaptureListExpr.qll index 398228083c3..cadf1a8938e 100644 --- a/swift/ql/lib/codeql/swift/generated/expr/CaptureListExpr.qll +++ b/swift/ql/lib/codeql/swift/generated/expr/CaptureListExpr.qll @@ -5,30 +5,32 @@ import codeql.swift.elements.expr.ClosureExpr import codeql.swift.elements.expr.Expr import codeql.swift.elements.decl.PatternBindingDecl -class CaptureListExprBase extends Synth::TCaptureListExpr, Expr { - override string getAPrimaryQlClass() { result = "CaptureListExpr" } +module Generated { + class CaptureListExpr extends Synth::TCaptureListExpr, Expr { + override string getAPrimaryQlClass() { result = "CaptureListExpr" } - PatternBindingDecl getImmediateBindingDecl(int index) { - result = - Synth::convertPatternBindingDeclFromRaw(Synth::convertCaptureListExprToRaw(this) - .(Raw::CaptureListExpr) - .getBindingDecl(index)) + PatternBindingDecl getImmediateBindingDecl(int index) { + result = + Synth::convertPatternBindingDeclFromRaw(Synth::convertCaptureListExprToRaw(this) + .(Raw::CaptureListExpr) + .getBindingDecl(index)) + } + + final PatternBindingDecl getBindingDecl(int index) { + result = getImmediateBindingDecl(index).resolve() + } + + final PatternBindingDecl getABindingDecl() { result = getBindingDecl(_) } + + final int getNumberOfBindingDecls() { result = count(getABindingDecl()) } + + ClosureExpr getImmediateClosureBody() { + result = + Synth::convertClosureExprFromRaw(Synth::convertCaptureListExprToRaw(this) + .(Raw::CaptureListExpr) + .getClosureBody()) + } + + final ClosureExpr getClosureBody() { result = getImmediateClosureBody().resolve() } } - - final PatternBindingDecl getBindingDecl(int index) { - result = getImmediateBindingDecl(index).resolve() - } - - final PatternBindingDecl getABindingDecl() { result = getBindingDecl(_) } - - final int getNumberOfBindingDecls() { result = count(getABindingDecl()) } - - ClosureExpr getImmediateClosureBody() { - result = - Synth::convertClosureExprFromRaw(Synth::convertCaptureListExprToRaw(this) - .(Raw::CaptureListExpr) - .getClosureBody()) - } - - final ClosureExpr getClosureBody() { result = getImmediateClosureBody().resolve() } } diff --git a/swift/ql/lib/codeql/swift/generated/expr/CheckedCastExpr.qll b/swift/ql/lib/codeql/swift/generated/expr/CheckedCastExpr.qll index 9dc6d8f4b9b..851f39d3f53 100644 --- a/swift/ql/lib/codeql/swift/generated/expr/CheckedCastExpr.qll +++ b/swift/ql/lib/codeql/swift/generated/expr/CheckedCastExpr.qll @@ -3,4 +3,6 @@ private import codeql.swift.generated.Synth private import codeql.swift.generated.Raw import codeql.swift.elements.expr.ExplicitCastExpr -class CheckedCastExprBase extends Synth::TCheckedCastExpr, ExplicitCastExpr { } +module Generated { + class CheckedCastExpr extends Synth::TCheckedCastExpr, ExplicitCastExpr { } +} diff --git a/swift/ql/lib/codeql/swift/generated/expr/ClassMetatypeToObjectExpr.qll b/swift/ql/lib/codeql/swift/generated/expr/ClassMetatypeToObjectExpr.qll index d8b9feb575b..130fa841ec8 100644 --- a/swift/ql/lib/codeql/swift/generated/expr/ClassMetatypeToObjectExpr.qll +++ b/swift/ql/lib/codeql/swift/generated/expr/ClassMetatypeToObjectExpr.qll @@ -3,7 +3,8 @@ private import codeql.swift.generated.Synth private import codeql.swift.generated.Raw import codeql.swift.elements.expr.ImplicitConversionExpr -class ClassMetatypeToObjectExprBase extends Synth::TClassMetatypeToObjectExpr, - ImplicitConversionExpr { - override string getAPrimaryQlClass() { result = "ClassMetatypeToObjectExpr" } +module Generated { + class ClassMetatypeToObjectExpr extends Synth::TClassMetatypeToObjectExpr, ImplicitConversionExpr { + override string getAPrimaryQlClass() { result = "ClassMetatypeToObjectExpr" } + } } diff --git a/swift/ql/lib/codeql/swift/generated/expr/ClosureExpr.qll b/swift/ql/lib/codeql/swift/generated/expr/ClosureExpr.qll index 881564a1d39..ca6078d07ae 100644 --- a/swift/ql/lib/codeql/swift/generated/expr/ClosureExpr.qll +++ b/swift/ql/lib/codeql/swift/generated/expr/ClosureExpr.qll @@ -3,6 +3,8 @@ private import codeql.swift.generated.Synth private import codeql.swift.generated.Raw import codeql.swift.elements.expr.AbstractClosureExpr -class ClosureExprBase extends Synth::TClosureExpr, AbstractClosureExpr { - override string getAPrimaryQlClass() { result = "ClosureExpr" } +module Generated { + class ClosureExpr extends Synth::TClosureExpr, AbstractClosureExpr { + override string getAPrimaryQlClass() { result = "ClosureExpr" } + } } diff --git a/swift/ql/lib/codeql/swift/generated/expr/CodeCompletionExpr.qll b/swift/ql/lib/codeql/swift/generated/expr/CodeCompletionExpr.qll index c80f5d32d44..64eef55ca58 100644 --- a/swift/ql/lib/codeql/swift/generated/expr/CodeCompletionExpr.qll +++ b/swift/ql/lib/codeql/swift/generated/expr/CodeCompletionExpr.qll @@ -3,6 +3,8 @@ private import codeql.swift.generated.Synth private import codeql.swift.generated.Raw import codeql.swift.elements.expr.Expr -class CodeCompletionExprBase extends Synth::TCodeCompletionExpr, Expr { - override string getAPrimaryQlClass() { result = "CodeCompletionExpr" } +module Generated { + class CodeCompletionExpr extends Synth::TCodeCompletionExpr, Expr { + override string getAPrimaryQlClass() { result = "CodeCompletionExpr" } + } } diff --git a/swift/ql/lib/codeql/swift/generated/expr/CoerceExpr.qll b/swift/ql/lib/codeql/swift/generated/expr/CoerceExpr.qll index c2538d4feb3..059bb94717a 100644 --- a/swift/ql/lib/codeql/swift/generated/expr/CoerceExpr.qll +++ b/swift/ql/lib/codeql/swift/generated/expr/CoerceExpr.qll @@ -3,6 +3,8 @@ private import codeql.swift.generated.Synth private import codeql.swift.generated.Raw import codeql.swift.elements.expr.ExplicitCastExpr -class CoerceExprBase extends Synth::TCoerceExpr, ExplicitCastExpr { - override string getAPrimaryQlClass() { result = "CoerceExpr" } +module Generated { + class CoerceExpr extends Synth::TCoerceExpr, ExplicitCastExpr { + override string getAPrimaryQlClass() { result = "CoerceExpr" } + } } diff --git a/swift/ql/lib/codeql/swift/generated/expr/CollectionExpr.qll b/swift/ql/lib/codeql/swift/generated/expr/CollectionExpr.qll index cdedb3725bc..006bd7861e7 100644 --- a/swift/ql/lib/codeql/swift/generated/expr/CollectionExpr.qll +++ b/swift/ql/lib/codeql/swift/generated/expr/CollectionExpr.qll @@ -3,4 +3,6 @@ private import codeql.swift.generated.Synth private import codeql.swift.generated.Raw import codeql.swift.elements.expr.Expr -class CollectionExprBase extends Synth::TCollectionExpr, Expr { } +module Generated { + class CollectionExpr extends Synth::TCollectionExpr, Expr { } +} diff --git a/swift/ql/lib/codeql/swift/generated/expr/CollectionUpcastConversionExpr.qll b/swift/ql/lib/codeql/swift/generated/expr/CollectionUpcastConversionExpr.qll index 7d8dba25fef..61a7a22fb92 100644 --- a/swift/ql/lib/codeql/swift/generated/expr/CollectionUpcastConversionExpr.qll +++ b/swift/ql/lib/codeql/swift/generated/expr/CollectionUpcastConversionExpr.qll @@ -3,7 +3,9 @@ private import codeql.swift.generated.Synth private import codeql.swift.generated.Raw import codeql.swift.elements.expr.ImplicitConversionExpr -class CollectionUpcastConversionExprBase extends Synth::TCollectionUpcastConversionExpr, - ImplicitConversionExpr { - override string getAPrimaryQlClass() { result = "CollectionUpcastConversionExpr" } +module Generated { + class CollectionUpcastConversionExpr extends Synth::TCollectionUpcastConversionExpr, + ImplicitConversionExpr { + override string getAPrimaryQlClass() { result = "CollectionUpcastConversionExpr" } + } } diff --git a/swift/ql/lib/codeql/swift/generated/expr/ConditionalBridgeFromObjCExpr.qll b/swift/ql/lib/codeql/swift/generated/expr/ConditionalBridgeFromObjCExpr.qll index 5a3fe045d10..71ee8f22e41 100644 --- a/swift/ql/lib/codeql/swift/generated/expr/ConditionalBridgeFromObjCExpr.qll +++ b/swift/ql/lib/codeql/swift/generated/expr/ConditionalBridgeFromObjCExpr.qll @@ -3,7 +3,9 @@ private import codeql.swift.generated.Synth private import codeql.swift.generated.Raw import codeql.swift.elements.expr.ImplicitConversionExpr -class ConditionalBridgeFromObjCExprBase extends Synth::TConditionalBridgeFromObjCExpr, - ImplicitConversionExpr { - override string getAPrimaryQlClass() { result = "ConditionalBridgeFromObjCExpr" } +module Generated { + class ConditionalBridgeFromObjCExpr extends Synth::TConditionalBridgeFromObjCExpr, + ImplicitConversionExpr { + override string getAPrimaryQlClass() { result = "ConditionalBridgeFromObjCExpr" } + } } diff --git a/swift/ql/lib/codeql/swift/generated/expr/ConditionalCheckedCastExpr.qll b/swift/ql/lib/codeql/swift/generated/expr/ConditionalCheckedCastExpr.qll index 2d95fe7be5b..0750fac5882 100644 --- a/swift/ql/lib/codeql/swift/generated/expr/ConditionalCheckedCastExpr.qll +++ b/swift/ql/lib/codeql/swift/generated/expr/ConditionalCheckedCastExpr.qll @@ -3,6 +3,8 @@ private import codeql.swift.generated.Synth private import codeql.swift.generated.Raw import codeql.swift.elements.expr.CheckedCastExpr -class ConditionalCheckedCastExprBase extends Synth::TConditionalCheckedCastExpr, CheckedCastExpr { - override string getAPrimaryQlClass() { result = "ConditionalCheckedCastExpr" } +module Generated { + class ConditionalCheckedCastExpr extends Synth::TConditionalCheckedCastExpr, CheckedCastExpr { + override string getAPrimaryQlClass() { result = "ConditionalCheckedCastExpr" } + } } diff --git a/swift/ql/lib/codeql/swift/generated/expr/ConstructorRefCallExpr.qll b/swift/ql/lib/codeql/swift/generated/expr/ConstructorRefCallExpr.qll index 20bc87bd88c..a118877b631 100644 --- a/swift/ql/lib/codeql/swift/generated/expr/ConstructorRefCallExpr.qll +++ b/swift/ql/lib/codeql/swift/generated/expr/ConstructorRefCallExpr.qll @@ -3,6 +3,8 @@ private import codeql.swift.generated.Synth private import codeql.swift.generated.Raw import codeql.swift.elements.expr.SelfApplyExpr -class ConstructorRefCallExprBase extends Synth::TConstructorRefCallExpr, SelfApplyExpr { - override string getAPrimaryQlClass() { result = "ConstructorRefCallExpr" } +module Generated { + class ConstructorRefCallExpr extends Synth::TConstructorRefCallExpr, SelfApplyExpr { + override string getAPrimaryQlClass() { result = "ConstructorRefCallExpr" } + } } diff --git a/swift/ql/lib/codeql/swift/generated/expr/CovariantFunctionConversionExpr.qll b/swift/ql/lib/codeql/swift/generated/expr/CovariantFunctionConversionExpr.qll index 2a3622cfb03..a29bd60a7d8 100644 --- a/swift/ql/lib/codeql/swift/generated/expr/CovariantFunctionConversionExpr.qll +++ b/swift/ql/lib/codeql/swift/generated/expr/CovariantFunctionConversionExpr.qll @@ -3,7 +3,9 @@ private import codeql.swift.generated.Synth private import codeql.swift.generated.Raw import codeql.swift.elements.expr.ImplicitConversionExpr -class CovariantFunctionConversionExprBase extends Synth::TCovariantFunctionConversionExpr, - ImplicitConversionExpr { - override string getAPrimaryQlClass() { result = "CovariantFunctionConversionExpr" } +module Generated { + class CovariantFunctionConversionExpr extends Synth::TCovariantFunctionConversionExpr, + ImplicitConversionExpr { + override string getAPrimaryQlClass() { result = "CovariantFunctionConversionExpr" } + } } diff --git a/swift/ql/lib/codeql/swift/generated/expr/CovariantReturnConversionExpr.qll b/swift/ql/lib/codeql/swift/generated/expr/CovariantReturnConversionExpr.qll index c8a028b6083..4bc898ccb82 100644 --- a/swift/ql/lib/codeql/swift/generated/expr/CovariantReturnConversionExpr.qll +++ b/swift/ql/lib/codeql/swift/generated/expr/CovariantReturnConversionExpr.qll @@ -3,7 +3,9 @@ private import codeql.swift.generated.Synth private import codeql.swift.generated.Raw import codeql.swift.elements.expr.ImplicitConversionExpr -class CovariantReturnConversionExprBase extends Synth::TCovariantReturnConversionExpr, - ImplicitConversionExpr { - override string getAPrimaryQlClass() { result = "CovariantReturnConversionExpr" } +module Generated { + class CovariantReturnConversionExpr extends Synth::TCovariantReturnConversionExpr, + ImplicitConversionExpr { + override string getAPrimaryQlClass() { result = "CovariantReturnConversionExpr" } + } } diff --git a/swift/ql/lib/codeql/swift/generated/expr/DeclRefExpr.qll b/swift/ql/lib/codeql/swift/generated/expr/DeclRefExpr.qll index b397e93a5d8..0eed7d1b3da 100644 --- a/swift/ql/lib/codeql/swift/generated/expr/DeclRefExpr.qll +++ b/swift/ql/lib/codeql/swift/generated/expr/DeclRefExpr.qll @@ -5,38 +5,42 @@ import codeql.swift.elements.decl.Decl import codeql.swift.elements.expr.Expr import codeql.swift.elements.type.Type -class DeclRefExprBase extends Synth::TDeclRefExpr, Expr { - override string getAPrimaryQlClass() { result = "DeclRefExpr" } +module Generated { + class DeclRefExpr extends Synth::TDeclRefExpr, Expr { + override string getAPrimaryQlClass() { result = "DeclRefExpr" } - Decl getImmediateDecl() { - result = - Synth::convertDeclFromRaw(Synth::convertDeclRefExprToRaw(this).(Raw::DeclRefExpr).getDecl()) - } + Decl getImmediateDecl() { + result = + Synth::convertDeclFromRaw(Synth::convertDeclRefExprToRaw(this).(Raw::DeclRefExpr).getDecl()) + } - final Decl getDecl() { result = getImmediateDecl().resolve() } + final Decl getDecl() { result = getImmediateDecl().resolve() } - Type getImmediateReplacementType(int index) { - result = - Synth::convertTypeFromRaw(Synth::convertDeclRefExprToRaw(this) - .(Raw::DeclRefExpr) - .getReplacementType(index)) - } + Type getImmediateReplacementType(int index) { + result = + Synth::convertTypeFromRaw(Synth::convertDeclRefExprToRaw(this) + .(Raw::DeclRefExpr) + .getReplacementType(index)) + } - final Type getReplacementType(int index) { result = getImmediateReplacementType(index).resolve() } + final Type getReplacementType(int index) { + result = getImmediateReplacementType(index).resolve() + } - final Type getAReplacementType() { result = getReplacementType(_) } + final Type getAReplacementType() { result = getReplacementType(_) } - final int getNumberOfReplacementTypes() { result = count(getAReplacementType()) } + final int getNumberOfReplacementTypes() { result = count(getAReplacementType()) } - predicate hasDirectToStorageSemantics() { - Synth::convertDeclRefExprToRaw(this).(Raw::DeclRefExpr).hasDirectToStorageSemantics() - } + predicate hasDirectToStorageSemantics() { + Synth::convertDeclRefExprToRaw(this).(Raw::DeclRefExpr).hasDirectToStorageSemantics() + } - predicate hasDirectToImplementationSemantics() { - Synth::convertDeclRefExprToRaw(this).(Raw::DeclRefExpr).hasDirectToImplementationSemantics() - } + predicate hasDirectToImplementationSemantics() { + Synth::convertDeclRefExprToRaw(this).(Raw::DeclRefExpr).hasDirectToImplementationSemantics() + } - predicate hasOrdinarySemantics() { - Synth::convertDeclRefExprToRaw(this).(Raw::DeclRefExpr).hasOrdinarySemantics() + predicate hasOrdinarySemantics() { + Synth::convertDeclRefExprToRaw(this).(Raw::DeclRefExpr).hasOrdinarySemantics() + } } } diff --git a/swift/ql/lib/codeql/swift/generated/expr/DefaultArgumentExpr.qll b/swift/ql/lib/codeql/swift/generated/expr/DefaultArgumentExpr.qll index 5167ef49890..240c838f3f6 100644 --- a/swift/ql/lib/codeql/swift/generated/expr/DefaultArgumentExpr.qll +++ b/swift/ql/lib/codeql/swift/generated/expr/DefaultArgumentExpr.qll @@ -4,30 +4,33 @@ private import codeql.swift.generated.Raw import codeql.swift.elements.expr.Expr import codeql.swift.elements.decl.ParamDecl -class DefaultArgumentExprBase extends Synth::TDefaultArgumentExpr, Expr { - override string getAPrimaryQlClass() { result = "DefaultArgumentExpr" } +module Generated { + class DefaultArgumentExpr extends Synth::TDefaultArgumentExpr, Expr { + override string getAPrimaryQlClass() { result = "DefaultArgumentExpr" } - ParamDecl getImmediateParamDecl() { - result = - Synth::convertParamDeclFromRaw(Synth::convertDefaultArgumentExprToRaw(this) - .(Raw::DefaultArgumentExpr) - .getParamDecl()) + ParamDecl getImmediateParamDecl() { + result = + Synth::convertParamDeclFromRaw(Synth::convertDefaultArgumentExprToRaw(this) + .(Raw::DefaultArgumentExpr) + .getParamDecl()) + } + + final ParamDecl getParamDecl() { result = getImmediateParamDecl().resolve() } + + int getParamIndex() { + result = + Synth::convertDefaultArgumentExprToRaw(this).(Raw::DefaultArgumentExpr).getParamIndex() + } + + Expr getImmediateCallerSideDefault() { + result = + Synth::convertExprFromRaw(Synth::convertDefaultArgumentExprToRaw(this) + .(Raw::DefaultArgumentExpr) + .getCallerSideDefault()) + } + + final Expr getCallerSideDefault() { result = getImmediateCallerSideDefault().resolve() } + + final predicate hasCallerSideDefault() { exists(getCallerSideDefault()) } } - - final ParamDecl getParamDecl() { result = getImmediateParamDecl().resolve() } - - int getParamIndex() { - result = Synth::convertDefaultArgumentExprToRaw(this).(Raw::DefaultArgumentExpr).getParamIndex() - } - - Expr getImmediateCallerSideDefault() { - result = - Synth::convertExprFromRaw(Synth::convertDefaultArgumentExprToRaw(this) - .(Raw::DefaultArgumentExpr) - .getCallerSideDefault()) - } - - final Expr getCallerSideDefault() { result = getImmediateCallerSideDefault().resolve() } - - final predicate hasCallerSideDefault() { exists(getCallerSideDefault()) } } diff --git a/swift/ql/lib/codeql/swift/generated/expr/DerivedToBaseExpr.qll b/swift/ql/lib/codeql/swift/generated/expr/DerivedToBaseExpr.qll index 061bab06c10..28caf849c38 100644 --- a/swift/ql/lib/codeql/swift/generated/expr/DerivedToBaseExpr.qll +++ b/swift/ql/lib/codeql/swift/generated/expr/DerivedToBaseExpr.qll @@ -3,6 +3,8 @@ private import codeql.swift.generated.Synth private import codeql.swift.generated.Raw import codeql.swift.elements.expr.ImplicitConversionExpr -class DerivedToBaseExprBase extends Synth::TDerivedToBaseExpr, ImplicitConversionExpr { - override string getAPrimaryQlClass() { result = "DerivedToBaseExpr" } +module Generated { + class DerivedToBaseExpr extends Synth::TDerivedToBaseExpr, ImplicitConversionExpr { + override string getAPrimaryQlClass() { result = "DerivedToBaseExpr" } + } } diff --git a/swift/ql/lib/codeql/swift/generated/expr/DestructureTupleExpr.qll b/swift/ql/lib/codeql/swift/generated/expr/DestructureTupleExpr.qll index f3728d2ad90..8e0d9437413 100644 --- a/swift/ql/lib/codeql/swift/generated/expr/DestructureTupleExpr.qll +++ b/swift/ql/lib/codeql/swift/generated/expr/DestructureTupleExpr.qll @@ -3,6 +3,8 @@ private import codeql.swift.generated.Synth private import codeql.swift.generated.Raw import codeql.swift.elements.expr.ImplicitConversionExpr -class DestructureTupleExprBase extends Synth::TDestructureTupleExpr, ImplicitConversionExpr { - override string getAPrimaryQlClass() { result = "DestructureTupleExpr" } +module Generated { + class DestructureTupleExpr extends Synth::TDestructureTupleExpr, ImplicitConversionExpr { + override string getAPrimaryQlClass() { result = "DestructureTupleExpr" } + } } diff --git a/swift/ql/lib/codeql/swift/generated/expr/DictionaryExpr.qll b/swift/ql/lib/codeql/swift/generated/expr/DictionaryExpr.qll index 3ff2034fb6e..9df47038d6f 100644 --- a/swift/ql/lib/codeql/swift/generated/expr/DictionaryExpr.qll +++ b/swift/ql/lib/codeql/swift/generated/expr/DictionaryExpr.qll @@ -4,19 +4,21 @@ private import codeql.swift.generated.Raw import codeql.swift.elements.expr.CollectionExpr import codeql.swift.elements.expr.Expr -class DictionaryExprBase extends Synth::TDictionaryExpr, CollectionExpr { - override string getAPrimaryQlClass() { result = "DictionaryExpr" } +module Generated { + class DictionaryExpr extends Synth::TDictionaryExpr, CollectionExpr { + override string getAPrimaryQlClass() { result = "DictionaryExpr" } - Expr getImmediateElement(int index) { - result = - Synth::convertExprFromRaw(Synth::convertDictionaryExprToRaw(this) - .(Raw::DictionaryExpr) - .getElement(index)) + Expr getImmediateElement(int index) { + result = + Synth::convertExprFromRaw(Synth::convertDictionaryExprToRaw(this) + .(Raw::DictionaryExpr) + .getElement(index)) + } + + final Expr getElement(int index) { result = getImmediateElement(index).resolve() } + + final Expr getAnElement() { result = getElement(_) } + + final int getNumberOfElements() { result = count(getAnElement()) } } - - final Expr getElement(int index) { result = getImmediateElement(index).resolve() } - - final Expr getAnElement() { result = getElement(_) } - - final int getNumberOfElements() { result = count(getAnElement()) } } diff --git a/swift/ql/lib/codeql/swift/generated/expr/DifferentiableFunctionExpr.qll b/swift/ql/lib/codeql/swift/generated/expr/DifferentiableFunctionExpr.qll index eb441e20a23..7166a9e1e9a 100644 --- a/swift/ql/lib/codeql/swift/generated/expr/DifferentiableFunctionExpr.qll +++ b/swift/ql/lib/codeql/swift/generated/expr/DifferentiableFunctionExpr.qll @@ -3,7 +3,9 @@ private import codeql.swift.generated.Synth private import codeql.swift.generated.Raw import codeql.swift.elements.expr.ImplicitConversionExpr -class DifferentiableFunctionExprBase extends Synth::TDifferentiableFunctionExpr, - ImplicitConversionExpr { - override string getAPrimaryQlClass() { result = "DifferentiableFunctionExpr" } +module Generated { + class DifferentiableFunctionExpr extends Synth::TDifferentiableFunctionExpr, + ImplicitConversionExpr { + override string getAPrimaryQlClass() { result = "DifferentiableFunctionExpr" } + } } diff --git a/swift/ql/lib/codeql/swift/generated/expr/DifferentiableFunctionExtractOriginalExpr.qll b/swift/ql/lib/codeql/swift/generated/expr/DifferentiableFunctionExtractOriginalExpr.qll index ce088a6812a..ba00837dceb 100644 --- a/swift/ql/lib/codeql/swift/generated/expr/DifferentiableFunctionExtractOriginalExpr.qll +++ b/swift/ql/lib/codeql/swift/generated/expr/DifferentiableFunctionExtractOriginalExpr.qll @@ -3,7 +3,9 @@ private import codeql.swift.generated.Synth private import codeql.swift.generated.Raw import codeql.swift.elements.expr.ImplicitConversionExpr -class DifferentiableFunctionExtractOriginalExprBase extends Synth::TDifferentiableFunctionExtractOriginalExpr, - ImplicitConversionExpr { - override string getAPrimaryQlClass() { result = "DifferentiableFunctionExtractOriginalExpr" } +module Generated { + class DifferentiableFunctionExtractOriginalExpr extends Synth::TDifferentiableFunctionExtractOriginalExpr, + ImplicitConversionExpr { + override string getAPrimaryQlClass() { result = "DifferentiableFunctionExtractOriginalExpr" } + } } diff --git a/swift/ql/lib/codeql/swift/generated/expr/DiscardAssignmentExpr.qll b/swift/ql/lib/codeql/swift/generated/expr/DiscardAssignmentExpr.qll index 6ad7294f7f2..6d7e308e8d6 100644 --- a/swift/ql/lib/codeql/swift/generated/expr/DiscardAssignmentExpr.qll +++ b/swift/ql/lib/codeql/swift/generated/expr/DiscardAssignmentExpr.qll @@ -3,6 +3,8 @@ private import codeql.swift.generated.Synth private import codeql.swift.generated.Raw import codeql.swift.elements.expr.Expr -class DiscardAssignmentExprBase extends Synth::TDiscardAssignmentExpr, Expr { - override string getAPrimaryQlClass() { result = "DiscardAssignmentExpr" } +module Generated { + class DiscardAssignmentExpr extends Synth::TDiscardAssignmentExpr, Expr { + override string getAPrimaryQlClass() { result = "DiscardAssignmentExpr" } + } } diff --git a/swift/ql/lib/codeql/swift/generated/expr/DotSelfExpr.qll b/swift/ql/lib/codeql/swift/generated/expr/DotSelfExpr.qll index 2a124a3e1a3..dde94c1e317 100644 --- a/swift/ql/lib/codeql/swift/generated/expr/DotSelfExpr.qll +++ b/swift/ql/lib/codeql/swift/generated/expr/DotSelfExpr.qll @@ -3,6 +3,8 @@ private import codeql.swift.generated.Synth private import codeql.swift.generated.Raw import codeql.swift.elements.expr.IdentityExpr -class DotSelfExprBase extends Synth::TDotSelfExpr, IdentityExpr { - override string getAPrimaryQlClass() { result = "DotSelfExpr" } +module Generated { + class DotSelfExpr extends Synth::TDotSelfExpr, IdentityExpr { + override string getAPrimaryQlClass() { result = "DotSelfExpr" } + } } diff --git a/swift/ql/lib/codeql/swift/generated/expr/DotSyntaxBaseIgnoredExpr.qll b/swift/ql/lib/codeql/swift/generated/expr/DotSyntaxBaseIgnoredExpr.qll index 7b25b431f1e..2fb9478e0e3 100644 --- a/swift/ql/lib/codeql/swift/generated/expr/DotSyntaxBaseIgnoredExpr.qll +++ b/swift/ql/lib/codeql/swift/generated/expr/DotSyntaxBaseIgnoredExpr.qll @@ -3,24 +3,26 @@ private import codeql.swift.generated.Synth private import codeql.swift.generated.Raw import codeql.swift.elements.expr.Expr -class DotSyntaxBaseIgnoredExprBase extends Synth::TDotSyntaxBaseIgnoredExpr, Expr { - override string getAPrimaryQlClass() { result = "DotSyntaxBaseIgnoredExpr" } +module Generated { + class DotSyntaxBaseIgnoredExpr extends Synth::TDotSyntaxBaseIgnoredExpr, Expr { + override string getAPrimaryQlClass() { result = "DotSyntaxBaseIgnoredExpr" } - Expr getImmediateQualifier() { - result = - Synth::convertExprFromRaw(Synth::convertDotSyntaxBaseIgnoredExprToRaw(this) - .(Raw::DotSyntaxBaseIgnoredExpr) - .getQualifier()) + Expr getImmediateQualifier() { + result = + Synth::convertExprFromRaw(Synth::convertDotSyntaxBaseIgnoredExprToRaw(this) + .(Raw::DotSyntaxBaseIgnoredExpr) + .getQualifier()) + } + + final Expr getQualifier() { result = getImmediateQualifier().resolve() } + + Expr getImmediateSubExpr() { + result = + Synth::convertExprFromRaw(Synth::convertDotSyntaxBaseIgnoredExprToRaw(this) + .(Raw::DotSyntaxBaseIgnoredExpr) + .getSubExpr()) + } + + final Expr getSubExpr() { result = getImmediateSubExpr().resolve() } } - - final Expr getQualifier() { result = getImmediateQualifier().resolve() } - - Expr getImmediateSubExpr() { - result = - Synth::convertExprFromRaw(Synth::convertDotSyntaxBaseIgnoredExprToRaw(this) - .(Raw::DotSyntaxBaseIgnoredExpr) - .getSubExpr()) - } - - final Expr getSubExpr() { result = getImmediateSubExpr().resolve() } } diff --git a/swift/ql/lib/codeql/swift/generated/expr/DotSyntaxCallExpr.qll b/swift/ql/lib/codeql/swift/generated/expr/DotSyntaxCallExpr.qll index 91a5fc1a267..ba2cb92d695 100644 --- a/swift/ql/lib/codeql/swift/generated/expr/DotSyntaxCallExpr.qll +++ b/swift/ql/lib/codeql/swift/generated/expr/DotSyntaxCallExpr.qll @@ -3,6 +3,8 @@ private import codeql.swift.generated.Synth private import codeql.swift.generated.Raw import codeql.swift.elements.expr.SelfApplyExpr -class DotSyntaxCallExprBase extends Synth::TDotSyntaxCallExpr, SelfApplyExpr { - override string getAPrimaryQlClass() { result = "DotSyntaxCallExpr" } +module Generated { + class DotSyntaxCallExpr extends Synth::TDotSyntaxCallExpr, SelfApplyExpr { + override string getAPrimaryQlClass() { result = "DotSyntaxCallExpr" } + } } diff --git a/swift/ql/lib/codeql/swift/generated/expr/DynamicLookupExpr.qll b/swift/ql/lib/codeql/swift/generated/expr/DynamicLookupExpr.qll index a586af0c105..b6169064c7c 100644 --- a/swift/ql/lib/codeql/swift/generated/expr/DynamicLookupExpr.qll +++ b/swift/ql/lib/codeql/swift/generated/expr/DynamicLookupExpr.qll @@ -3,4 +3,6 @@ private import codeql.swift.generated.Synth private import codeql.swift.generated.Raw import codeql.swift.elements.expr.LookupExpr -class DynamicLookupExprBase extends Synth::TDynamicLookupExpr, LookupExpr { } +module Generated { + class DynamicLookupExpr extends Synth::TDynamicLookupExpr, LookupExpr { } +} diff --git a/swift/ql/lib/codeql/swift/generated/expr/DynamicMemberRefExpr.qll b/swift/ql/lib/codeql/swift/generated/expr/DynamicMemberRefExpr.qll index 3bccc148c82..7185657dc4c 100644 --- a/swift/ql/lib/codeql/swift/generated/expr/DynamicMemberRefExpr.qll +++ b/swift/ql/lib/codeql/swift/generated/expr/DynamicMemberRefExpr.qll @@ -3,6 +3,8 @@ private import codeql.swift.generated.Synth private import codeql.swift.generated.Raw import codeql.swift.elements.expr.DynamicLookupExpr -class DynamicMemberRefExprBase extends Synth::TDynamicMemberRefExpr, DynamicLookupExpr { - override string getAPrimaryQlClass() { result = "DynamicMemberRefExpr" } +module Generated { + class DynamicMemberRefExpr extends Synth::TDynamicMemberRefExpr, DynamicLookupExpr { + override string getAPrimaryQlClass() { result = "DynamicMemberRefExpr" } + } } diff --git a/swift/ql/lib/codeql/swift/generated/expr/DynamicSubscriptExpr.qll b/swift/ql/lib/codeql/swift/generated/expr/DynamicSubscriptExpr.qll index c0e295731c2..20045ff6e86 100644 --- a/swift/ql/lib/codeql/swift/generated/expr/DynamicSubscriptExpr.qll +++ b/swift/ql/lib/codeql/swift/generated/expr/DynamicSubscriptExpr.qll @@ -3,6 +3,8 @@ private import codeql.swift.generated.Synth private import codeql.swift.generated.Raw import codeql.swift.elements.expr.DynamicLookupExpr -class DynamicSubscriptExprBase extends Synth::TDynamicSubscriptExpr, DynamicLookupExpr { - override string getAPrimaryQlClass() { result = "DynamicSubscriptExpr" } +module Generated { + class DynamicSubscriptExpr extends Synth::TDynamicSubscriptExpr, DynamicLookupExpr { + override string getAPrimaryQlClass() { result = "DynamicSubscriptExpr" } + } } diff --git a/swift/ql/lib/codeql/swift/generated/expr/DynamicTypeExpr.qll b/swift/ql/lib/codeql/swift/generated/expr/DynamicTypeExpr.qll index 0ba1907a2a9..fda839f2d75 100644 --- a/swift/ql/lib/codeql/swift/generated/expr/DynamicTypeExpr.qll +++ b/swift/ql/lib/codeql/swift/generated/expr/DynamicTypeExpr.qll @@ -3,15 +3,17 @@ private import codeql.swift.generated.Synth private import codeql.swift.generated.Raw import codeql.swift.elements.expr.Expr -class DynamicTypeExprBase extends Synth::TDynamicTypeExpr, Expr { - override string getAPrimaryQlClass() { result = "DynamicTypeExpr" } +module Generated { + class DynamicTypeExpr extends Synth::TDynamicTypeExpr, Expr { + override string getAPrimaryQlClass() { result = "DynamicTypeExpr" } - Expr getImmediateBase() { - result = - Synth::convertExprFromRaw(Synth::convertDynamicTypeExprToRaw(this) - .(Raw::DynamicTypeExpr) - .getBase()) + Expr getImmediateBase() { + result = + Synth::convertExprFromRaw(Synth::convertDynamicTypeExprToRaw(this) + .(Raw::DynamicTypeExpr) + .getBase()) + } + + final Expr getBase() { result = getImmediateBase().resolve() } } - - final Expr getBase() { result = getImmediateBase().resolve() } } diff --git a/swift/ql/lib/codeql/swift/generated/expr/EditorPlaceholderExpr.qll b/swift/ql/lib/codeql/swift/generated/expr/EditorPlaceholderExpr.qll index 48a54cfca7b..bc4f856fb7c 100644 --- a/swift/ql/lib/codeql/swift/generated/expr/EditorPlaceholderExpr.qll +++ b/swift/ql/lib/codeql/swift/generated/expr/EditorPlaceholderExpr.qll @@ -3,6 +3,8 @@ private import codeql.swift.generated.Synth private import codeql.swift.generated.Raw import codeql.swift.elements.expr.Expr -class EditorPlaceholderExprBase extends Synth::TEditorPlaceholderExpr, Expr { - override string getAPrimaryQlClass() { result = "EditorPlaceholderExpr" } +module Generated { + class EditorPlaceholderExpr extends Synth::TEditorPlaceholderExpr, Expr { + override string getAPrimaryQlClass() { result = "EditorPlaceholderExpr" } + } } diff --git a/swift/ql/lib/codeql/swift/generated/expr/EnumIsCaseExpr.qll b/swift/ql/lib/codeql/swift/generated/expr/EnumIsCaseExpr.qll index efc550c4a0f..84089b09256 100644 --- a/swift/ql/lib/codeql/swift/generated/expr/EnumIsCaseExpr.qll +++ b/swift/ql/lib/codeql/swift/generated/expr/EnumIsCaseExpr.qll @@ -4,24 +4,26 @@ private import codeql.swift.generated.Raw import codeql.swift.elements.decl.EnumElementDecl import codeql.swift.elements.expr.Expr -class EnumIsCaseExprBase extends Synth::TEnumIsCaseExpr, Expr { - override string getAPrimaryQlClass() { result = "EnumIsCaseExpr" } +module Generated { + class EnumIsCaseExpr extends Synth::TEnumIsCaseExpr, Expr { + override string getAPrimaryQlClass() { result = "EnumIsCaseExpr" } - Expr getImmediateSubExpr() { - result = - Synth::convertExprFromRaw(Synth::convertEnumIsCaseExprToRaw(this) - .(Raw::EnumIsCaseExpr) - .getSubExpr()) + Expr getImmediateSubExpr() { + result = + Synth::convertExprFromRaw(Synth::convertEnumIsCaseExprToRaw(this) + .(Raw::EnumIsCaseExpr) + .getSubExpr()) + } + + final Expr getSubExpr() { result = getImmediateSubExpr().resolve() } + + EnumElementDecl getImmediateElement() { + result = + Synth::convertEnumElementDeclFromRaw(Synth::convertEnumIsCaseExprToRaw(this) + .(Raw::EnumIsCaseExpr) + .getElement()) + } + + final EnumElementDecl getElement() { result = getImmediateElement().resolve() } } - - final Expr getSubExpr() { result = getImmediateSubExpr().resolve() } - - EnumElementDecl getImmediateElement() { - result = - Synth::convertEnumElementDeclFromRaw(Synth::convertEnumIsCaseExprToRaw(this) - .(Raw::EnumIsCaseExpr) - .getElement()) - } - - final EnumElementDecl getElement() { result = getImmediateElement().resolve() } } diff --git a/swift/ql/lib/codeql/swift/generated/expr/ErasureExpr.qll b/swift/ql/lib/codeql/swift/generated/expr/ErasureExpr.qll index cb3ae383549..e6b52a25da2 100644 --- a/swift/ql/lib/codeql/swift/generated/expr/ErasureExpr.qll +++ b/swift/ql/lib/codeql/swift/generated/expr/ErasureExpr.qll @@ -3,6 +3,8 @@ private import codeql.swift.generated.Synth private import codeql.swift.generated.Raw import codeql.swift.elements.expr.ImplicitConversionExpr -class ErasureExprBase extends Synth::TErasureExpr, ImplicitConversionExpr { - override string getAPrimaryQlClass() { result = "ErasureExpr" } +module Generated { + class ErasureExpr extends Synth::TErasureExpr, ImplicitConversionExpr { + override string getAPrimaryQlClass() { result = "ErasureExpr" } + } } diff --git a/swift/ql/lib/codeql/swift/generated/expr/ErrorExpr.qll b/swift/ql/lib/codeql/swift/generated/expr/ErrorExpr.qll index 5de6c0b8a01..0c0ab658ba4 100644 --- a/swift/ql/lib/codeql/swift/generated/expr/ErrorExpr.qll +++ b/swift/ql/lib/codeql/swift/generated/expr/ErrorExpr.qll @@ -3,6 +3,8 @@ private import codeql.swift.generated.Synth private import codeql.swift.generated.Raw import codeql.swift.elements.expr.Expr -class ErrorExprBase extends Synth::TErrorExpr, Expr { - override string getAPrimaryQlClass() { result = "ErrorExpr" } +module Generated { + class ErrorExpr extends Synth::TErrorExpr, Expr { + override string getAPrimaryQlClass() { result = "ErrorExpr" } + } } diff --git a/swift/ql/lib/codeql/swift/generated/expr/ExistentialMetatypeToObjectExpr.qll b/swift/ql/lib/codeql/swift/generated/expr/ExistentialMetatypeToObjectExpr.qll index f4a995936e4..5d7f57cde50 100644 --- a/swift/ql/lib/codeql/swift/generated/expr/ExistentialMetatypeToObjectExpr.qll +++ b/swift/ql/lib/codeql/swift/generated/expr/ExistentialMetatypeToObjectExpr.qll @@ -3,7 +3,9 @@ private import codeql.swift.generated.Synth private import codeql.swift.generated.Raw import codeql.swift.elements.expr.ImplicitConversionExpr -class ExistentialMetatypeToObjectExprBase extends Synth::TExistentialMetatypeToObjectExpr, - ImplicitConversionExpr { - override string getAPrimaryQlClass() { result = "ExistentialMetatypeToObjectExpr" } +module Generated { + class ExistentialMetatypeToObjectExpr extends Synth::TExistentialMetatypeToObjectExpr, + ImplicitConversionExpr { + override string getAPrimaryQlClass() { result = "ExistentialMetatypeToObjectExpr" } + } } diff --git a/swift/ql/lib/codeql/swift/generated/expr/ExplicitCastExpr.qll b/swift/ql/lib/codeql/swift/generated/expr/ExplicitCastExpr.qll index 6e2be74857f..f75b906fca4 100644 --- a/swift/ql/lib/codeql/swift/generated/expr/ExplicitCastExpr.qll +++ b/swift/ql/lib/codeql/swift/generated/expr/ExplicitCastExpr.qll @@ -3,13 +3,15 @@ private import codeql.swift.generated.Synth private import codeql.swift.generated.Raw import codeql.swift.elements.expr.Expr -class ExplicitCastExprBase extends Synth::TExplicitCastExpr, Expr { - Expr getImmediateSubExpr() { - result = - Synth::convertExprFromRaw(Synth::convertExplicitCastExprToRaw(this) - .(Raw::ExplicitCastExpr) - .getSubExpr()) - } +module Generated { + class ExplicitCastExpr extends Synth::TExplicitCastExpr, Expr { + Expr getImmediateSubExpr() { + result = + Synth::convertExprFromRaw(Synth::convertExplicitCastExprToRaw(this) + .(Raw::ExplicitCastExpr) + .getSubExpr()) + } - final Expr getSubExpr() { result = getImmediateSubExpr().resolve() } + final Expr getSubExpr() { result = getImmediateSubExpr().resolve() } + } } diff --git a/swift/ql/lib/codeql/swift/generated/expr/Expr.qll b/swift/ql/lib/codeql/swift/generated/expr/Expr.qll index 29faed7e07e..fceca0769cc 100644 --- a/swift/ql/lib/codeql/swift/generated/expr/Expr.qll +++ b/swift/ql/lib/codeql/swift/generated/expr/Expr.qll @@ -4,12 +4,14 @@ private import codeql.swift.generated.Raw import codeql.swift.elements.AstNode import codeql.swift.elements.type.Type -class ExprBase extends Synth::TExpr, AstNode { - Type getImmediateType() { - result = Synth::convertTypeFromRaw(Synth::convertExprToRaw(this).(Raw::Expr).getType()) +module Generated { + class Expr extends Synth::TExpr, AstNode { + Type getImmediateType() { + result = Synth::convertTypeFromRaw(Synth::convertExprToRaw(this).(Raw::Expr).getType()) + } + + final Type getType() { result = getImmediateType().resolve() } + + final predicate hasType() { exists(getType()) } } - - final Type getType() { result = getImmediateType().resolve() } - - final predicate hasType() { exists(getType()) } } diff --git a/swift/ql/lib/codeql/swift/generated/expr/FloatLiteralExpr.qll b/swift/ql/lib/codeql/swift/generated/expr/FloatLiteralExpr.qll index f5f8b4abd51..7fcfeb89889 100644 --- a/swift/ql/lib/codeql/swift/generated/expr/FloatLiteralExpr.qll +++ b/swift/ql/lib/codeql/swift/generated/expr/FloatLiteralExpr.qll @@ -3,10 +3,12 @@ private import codeql.swift.generated.Synth private import codeql.swift.generated.Raw import codeql.swift.elements.expr.NumberLiteralExpr -class FloatLiteralExprBase extends Synth::TFloatLiteralExpr, NumberLiteralExpr { - override string getAPrimaryQlClass() { result = "FloatLiteralExpr" } +module Generated { + class FloatLiteralExpr extends Synth::TFloatLiteralExpr, NumberLiteralExpr { + override string getAPrimaryQlClass() { result = "FloatLiteralExpr" } - string getStringValue() { - result = Synth::convertFloatLiteralExprToRaw(this).(Raw::FloatLiteralExpr).getStringValue() + string getStringValue() { + result = Synth::convertFloatLiteralExprToRaw(this).(Raw::FloatLiteralExpr).getStringValue() + } } } diff --git a/swift/ql/lib/codeql/swift/generated/expr/ForceTryExpr.qll b/swift/ql/lib/codeql/swift/generated/expr/ForceTryExpr.qll index 5958cf6f7f4..c22a7792a0d 100644 --- a/swift/ql/lib/codeql/swift/generated/expr/ForceTryExpr.qll +++ b/swift/ql/lib/codeql/swift/generated/expr/ForceTryExpr.qll @@ -3,6 +3,8 @@ private import codeql.swift.generated.Synth private import codeql.swift.generated.Raw import codeql.swift.elements.expr.AnyTryExpr -class ForceTryExprBase extends Synth::TForceTryExpr, AnyTryExpr { - override string getAPrimaryQlClass() { result = "ForceTryExpr" } +module Generated { + class ForceTryExpr extends Synth::TForceTryExpr, AnyTryExpr { + override string getAPrimaryQlClass() { result = "ForceTryExpr" } + } } diff --git a/swift/ql/lib/codeql/swift/generated/expr/ForceValueExpr.qll b/swift/ql/lib/codeql/swift/generated/expr/ForceValueExpr.qll index 2f6d70015fc..19260223257 100644 --- a/swift/ql/lib/codeql/swift/generated/expr/ForceValueExpr.qll +++ b/swift/ql/lib/codeql/swift/generated/expr/ForceValueExpr.qll @@ -3,15 +3,17 @@ private import codeql.swift.generated.Synth private import codeql.swift.generated.Raw import codeql.swift.elements.expr.Expr -class ForceValueExprBase extends Synth::TForceValueExpr, Expr { - override string getAPrimaryQlClass() { result = "ForceValueExpr" } +module Generated { + class ForceValueExpr extends Synth::TForceValueExpr, Expr { + override string getAPrimaryQlClass() { result = "ForceValueExpr" } - Expr getImmediateSubExpr() { - result = - Synth::convertExprFromRaw(Synth::convertForceValueExprToRaw(this) - .(Raw::ForceValueExpr) - .getSubExpr()) + Expr getImmediateSubExpr() { + result = + Synth::convertExprFromRaw(Synth::convertForceValueExprToRaw(this) + .(Raw::ForceValueExpr) + .getSubExpr()) + } + + final Expr getSubExpr() { result = getImmediateSubExpr().resolve() } } - - final Expr getSubExpr() { result = getImmediateSubExpr().resolve() } } diff --git a/swift/ql/lib/codeql/swift/generated/expr/ForcedCheckedCastExpr.qll b/swift/ql/lib/codeql/swift/generated/expr/ForcedCheckedCastExpr.qll index 2a4824133eb..5553f99516e 100644 --- a/swift/ql/lib/codeql/swift/generated/expr/ForcedCheckedCastExpr.qll +++ b/swift/ql/lib/codeql/swift/generated/expr/ForcedCheckedCastExpr.qll @@ -3,6 +3,8 @@ private import codeql.swift.generated.Synth private import codeql.swift.generated.Raw import codeql.swift.elements.expr.CheckedCastExpr -class ForcedCheckedCastExprBase extends Synth::TForcedCheckedCastExpr, CheckedCastExpr { - override string getAPrimaryQlClass() { result = "ForcedCheckedCastExpr" } +module Generated { + class ForcedCheckedCastExpr extends Synth::TForcedCheckedCastExpr, CheckedCastExpr { + override string getAPrimaryQlClass() { result = "ForcedCheckedCastExpr" } + } } diff --git a/swift/ql/lib/codeql/swift/generated/expr/ForeignObjectConversionExpr.qll b/swift/ql/lib/codeql/swift/generated/expr/ForeignObjectConversionExpr.qll index d79cd67f064..67b9a587651 100644 --- a/swift/ql/lib/codeql/swift/generated/expr/ForeignObjectConversionExpr.qll +++ b/swift/ql/lib/codeql/swift/generated/expr/ForeignObjectConversionExpr.qll @@ -3,7 +3,9 @@ private import codeql.swift.generated.Synth private import codeql.swift.generated.Raw import codeql.swift.elements.expr.ImplicitConversionExpr -class ForeignObjectConversionExprBase extends Synth::TForeignObjectConversionExpr, - ImplicitConversionExpr { - override string getAPrimaryQlClass() { result = "ForeignObjectConversionExpr" } +module Generated { + class ForeignObjectConversionExpr extends Synth::TForeignObjectConversionExpr, + ImplicitConversionExpr { + override string getAPrimaryQlClass() { result = "ForeignObjectConversionExpr" } + } } diff --git a/swift/ql/lib/codeql/swift/generated/expr/FunctionConversionExpr.qll b/swift/ql/lib/codeql/swift/generated/expr/FunctionConversionExpr.qll index 6352a6e595f..d76823d6b3d 100644 --- a/swift/ql/lib/codeql/swift/generated/expr/FunctionConversionExpr.qll +++ b/swift/ql/lib/codeql/swift/generated/expr/FunctionConversionExpr.qll @@ -3,6 +3,8 @@ private import codeql.swift.generated.Synth private import codeql.swift.generated.Raw import codeql.swift.elements.expr.ImplicitConversionExpr -class FunctionConversionExprBase extends Synth::TFunctionConversionExpr, ImplicitConversionExpr { - override string getAPrimaryQlClass() { result = "FunctionConversionExpr" } +module Generated { + class FunctionConversionExpr extends Synth::TFunctionConversionExpr, ImplicitConversionExpr { + override string getAPrimaryQlClass() { result = "FunctionConversionExpr" } + } } diff --git a/swift/ql/lib/codeql/swift/generated/expr/IdentityExpr.qll b/swift/ql/lib/codeql/swift/generated/expr/IdentityExpr.qll index 361ba08d2e6..a9b8209b1ac 100644 --- a/swift/ql/lib/codeql/swift/generated/expr/IdentityExpr.qll +++ b/swift/ql/lib/codeql/swift/generated/expr/IdentityExpr.qll @@ -3,13 +3,15 @@ private import codeql.swift.generated.Synth private import codeql.swift.generated.Raw import codeql.swift.elements.expr.Expr -class IdentityExprBase extends Synth::TIdentityExpr, Expr { - Expr getImmediateSubExpr() { - result = - Synth::convertExprFromRaw(Synth::convertIdentityExprToRaw(this) - .(Raw::IdentityExpr) - .getSubExpr()) - } +module Generated { + class IdentityExpr extends Synth::TIdentityExpr, Expr { + Expr getImmediateSubExpr() { + result = + Synth::convertExprFromRaw(Synth::convertIdentityExprToRaw(this) + .(Raw::IdentityExpr) + .getSubExpr()) + } - final Expr getSubExpr() { result = getImmediateSubExpr().resolve() } + final Expr getSubExpr() { result = getImmediateSubExpr().resolve() } + } } diff --git a/swift/ql/lib/codeql/swift/generated/expr/IfExpr.qll b/swift/ql/lib/codeql/swift/generated/expr/IfExpr.qll index 979d98a9fc7..c43ba69305d 100644 --- a/swift/ql/lib/codeql/swift/generated/expr/IfExpr.qll +++ b/swift/ql/lib/codeql/swift/generated/expr/IfExpr.qll @@ -3,24 +3,29 @@ private import codeql.swift.generated.Synth private import codeql.swift.generated.Raw import codeql.swift.elements.expr.Expr -class IfExprBase extends Synth::TIfExpr, Expr { - override string getAPrimaryQlClass() { result = "IfExpr" } +module Generated { + class IfExpr extends Synth::TIfExpr, Expr { + override string getAPrimaryQlClass() { result = "IfExpr" } - Expr getImmediateCondition() { - result = Synth::convertExprFromRaw(Synth::convertIfExprToRaw(this).(Raw::IfExpr).getCondition()) + Expr getImmediateCondition() { + result = + Synth::convertExprFromRaw(Synth::convertIfExprToRaw(this).(Raw::IfExpr).getCondition()) + } + + final Expr getCondition() { result = getImmediateCondition().resolve() } + + Expr getImmediateThenExpr() { + result = + Synth::convertExprFromRaw(Synth::convertIfExprToRaw(this).(Raw::IfExpr).getThenExpr()) + } + + final Expr getThenExpr() { result = getImmediateThenExpr().resolve() } + + Expr getImmediateElseExpr() { + result = + Synth::convertExprFromRaw(Synth::convertIfExprToRaw(this).(Raw::IfExpr).getElseExpr()) + } + + final Expr getElseExpr() { result = getImmediateElseExpr().resolve() } } - - final Expr getCondition() { result = getImmediateCondition().resolve() } - - Expr getImmediateThenExpr() { - result = Synth::convertExprFromRaw(Synth::convertIfExprToRaw(this).(Raw::IfExpr).getThenExpr()) - } - - final Expr getThenExpr() { result = getImmediateThenExpr().resolve() } - - Expr getImmediateElseExpr() { - result = Synth::convertExprFromRaw(Synth::convertIfExprToRaw(this).(Raw::IfExpr).getElseExpr()) - } - - final Expr getElseExpr() { result = getImmediateElseExpr().resolve() } } diff --git a/swift/ql/lib/codeql/swift/generated/expr/ImplicitConversionExpr.qll b/swift/ql/lib/codeql/swift/generated/expr/ImplicitConversionExpr.qll index a02da4b8d31..40cdb7ef900 100644 --- a/swift/ql/lib/codeql/swift/generated/expr/ImplicitConversionExpr.qll +++ b/swift/ql/lib/codeql/swift/generated/expr/ImplicitConversionExpr.qll @@ -3,13 +3,15 @@ private import codeql.swift.generated.Synth private import codeql.swift.generated.Raw import codeql.swift.elements.expr.Expr -class ImplicitConversionExprBase extends Synth::TImplicitConversionExpr, Expr { - Expr getImmediateSubExpr() { - result = - Synth::convertExprFromRaw(Synth::convertImplicitConversionExprToRaw(this) - .(Raw::ImplicitConversionExpr) - .getSubExpr()) - } +module Generated { + class ImplicitConversionExpr extends Synth::TImplicitConversionExpr, Expr { + Expr getImmediateSubExpr() { + result = + Synth::convertExprFromRaw(Synth::convertImplicitConversionExprToRaw(this) + .(Raw::ImplicitConversionExpr) + .getSubExpr()) + } - final Expr getSubExpr() { result = getImmediateSubExpr().resolve() } + final Expr getSubExpr() { result = getImmediateSubExpr().resolve() } + } } diff --git a/swift/ql/lib/codeql/swift/generated/expr/InOutExpr.qll b/swift/ql/lib/codeql/swift/generated/expr/InOutExpr.qll index 0242062315c..1eed11458bf 100644 --- a/swift/ql/lib/codeql/swift/generated/expr/InOutExpr.qll +++ b/swift/ql/lib/codeql/swift/generated/expr/InOutExpr.qll @@ -3,13 +3,15 @@ private import codeql.swift.generated.Synth private import codeql.swift.generated.Raw import codeql.swift.elements.expr.Expr -class InOutExprBase extends Synth::TInOutExpr, Expr { - override string getAPrimaryQlClass() { result = "InOutExpr" } +module Generated { + class InOutExpr extends Synth::TInOutExpr, Expr { + override string getAPrimaryQlClass() { result = "InOutExpr" } - Expr getImmediateSubExpr() { - result = - Synth::convertExprFromRaw(Synth::convertInOutExprToRaw(this).(Raw::InOutExpr).getSubExpr()) + Expr getImmediateSubExpr() { + result = + Synth::convertExprFromRaw(Synth::convertInOutExprToRaw(this).(Raw::InOutExpr).getSubExpr()) + } + + final Expr getSubExpr() { result = getImmediateSubExpr().resolve() } } - - final Expr getSubExpr() { result = getImmediateSubExpr().resolve() } } diff --git a/swift/ql/lib/codeql/swift/generated/expr/InOutToPointerExpr.qll b/swift/ql/lib/codeql/swift/generated/expr/InOutToPointerExpr.qll index 120503ef256..2c30f9b0016 100644 --- a/swift/ql/lib/codeql/swift/generated/expr/InOutToPointerExpr.qll +++ b/swift/ql/lib/codeql/swift/generated/expr/InOutToPointerExpr.qll @@ -3,6 +3,8 @@ private import codeql.swift.generated.Synth private import codeql.swift.generated.Raw import codeql.swift.elements.expr.ImplicitConversionExpr -class InOutToPointerExprBase extends Synth::TInOutToPointerExpr, ImplicitConversionExpr { - override string getAPrimaryQlClass() { result = "InOutToPointerExpr" } +module Generated { + class InOutToPointerExpr extends Synth::TInOutToPointerExpr, ImplicitConversionExpr { + override string getAPrimaryQlClass() { result = "InOutToPointerExpr" } + } } diff --git a/swift/ql/lib/codeql/swift/generated/expr/InjectIntoOptionalExpr.qll b/swift/ql/lib/codeql/swift/generated/expr/InjectIntoOptionalExpr.qll index 8aa55e774a7..8ea0773a177 100644 --- a/swift/ql/lib/codeql/swift/generated/expr/InjectIntoOptionalExpr.qll +++ b/swift/ql/lib/codeql/swift/generated/expr/InjectIntoOptionalExpr.qll @@ -3,6 +3,8 @@ private import codeql.swift.generated.Synth private import codeql.swift.generated.Raw import codeql.swift.elements.expr.ImplicitConversionExpr -class InjectIntoOptionalExprBase extends Synth::TInjectIntoOptionalExpr, ImplicitConversionExpr { - override string getAPrimaryQlClass() { result = "InjectIntoOptionalExpr" } +module Generated { + class InjectIntoOptionalExpr extends Synth::TInjectIntoOptionalExpr, ImplicitConversionExpr { + override string getAPrimaryQlClass() { result = "InjectIntoOptionalExpr" } + } } diff --git a/swift/ql/lib/codeql/swift/generated/expr/IntegerLiteralExpr.qll b/swift/ql/lib/codeql/swift/generated/expr/IntegerLiteralExpr.qll index b6b7a0bbcff..e20c8622a45 100644 --- a/swift/ql/lib/codeql/swift/generated/expr/IntegerLiteralExpr.qll +++ b/swift/ql/lib/codeql/swift/generated/expr/IntegerLiteralExpr.qll @@ -3,10 +3,13 @@ private import codeql.swift.generated.Synth private import codeql.swift.generated.Raw import codeql.swift.elements.expr.NumberLiteralExpr -class IntegerLiteralExprBase extends Synth::TIntegerLiteralExpr, NumberLiteralExpr { - override string getAPrimaryQlClass() { result = "IntegerLiteralExpr" } +module Generated { + class IntegerLiteralExpr extends Synth::TIntegerLiteralExpr, NumberLiteralExpr { + override string getAPrimaryQlClass() { result = "IntegerLiteralExpr" } - string getStringValue() { - result = Synth::convertIntegerLiteralExprToRaw(this).(Raw::IntegerLiteralExpr).getStringValue() + string getStringValue() { + result = + Synth::convertIntegerLiteralExprToRaw(this).(Raw::IntegerLiteralExpr).getStringValue() + } } } diff --git a/swift/ql/lib/codeql/swift/generated/expr/InterpolatedStringLiteralExpr.qll b/swift/ql/lib/codeql/swift/generated/expr/InterpolatedStringLiteralExpr.qll index 0eed4c2f02c..b9aa103e0d9 100644 --- a/swift/ql/lib/codeql/swift/generated/expr/InterpolatedStringLiteralExpr.qll +++ b/swift/ql/lib/codeql/swift/generated/expr/InterpolatedStringLiteralExpr.qll @@ -6,52 +6,56 @@ import codeql.swift.elements.expr.LiteralExpr import codeql.swift.elements.expr.OpaqueValueExpr import codeql.swift.elements.expr.TapExpr -class InterpolatedStringLiteralExprBase extends Synth::TInterpolatedStringLiteralExpr, LiteralExpr { - override string getAPrimaryQlClass() { result = "InterpolatedStringLiteralExpr" } +module Generated { + class InterpolatedStringLiteralExpr extends Synth::TInterpolatedStringLiteralExpr, LiteralExpr { + override string getAPrimaryQlClass() { result = "InterpolatedStringLiteralExpr" } - OpaqueValueExpr getImmediateInterpolationExpr() { - result = - Synth::convertOpaqueValueExprFromRaw(Synth::convertInterpolatedStringLiteralExprToRaw(this) - .(Raw::InterpolatedStringLiteralExpr) - .getInterpolationExpr()) + OpaqueValueExpr getImmediateInterpolationExpr() { + result = + Synth::convertOpaqueValueExprFromRaw(Synth::convertInterpolatedStringLiteralExprToRaw(this) + .(Raw::InterpolatedStringLiteralExpr) + .getInterpolationExpr()) + } + + final OpaqueValueExpr getInterpolationExpr() { + result = getImmediateInterpolationExpr().resolve() + } + + final predicate hasInterpolationExpr() { exists(getInterpolationExpr()) } + + Expr getImmediateInterpolationCountExpr() { + result = + Synth::convertExprFromRaw(Synth::convertInterpolatedStringLiteralExprToRaw(this) + .(Raw::InterpolatedStringLiteralExpr) + .getInterpolationCountExpr()) + } + + final Expr getInterpolationCountExpr() { + result = getImmediateInterpolationCountExpr().resolve() + } + + final predicate hasInterpolationCountExpr() { exists(getInterpolationCountExpr()) } + + Expr getImmediateLiteralCapacityExpr() { + result = + Synth::convertExprFromRaw(Synth::convertInterpolatedStringLiteralExprToRaw(this) + .(Raw::InterpolatedStringLiteralExpr) + .getLiteralCapacityExpr()) + } + + final Expr getLiteralCapacityExpr() { result = getImmediateLiteralCapacityExpr().resolve() } + + final predicate hasLiteralCapacityExpr() { exists(getLiteralCapacityExpr()) } + + TapExpr getImmediateAppendingExpr() { + result = + Synth::convertTapExprFromRaw(Synth::convertInterpolatedStringLiteralExprToRaw(this) + .(Raw::InterpolatedStringLiteralExpr) + .getAppendingExpr()) + } + + final TapExpr getAppendingExpr() { result = getImmediateAppendingExpr().resolve() } + + final predicate hasAppendingExpr() { exists(getAppendingExpr()) } } - - final OpaqueValueExpr getInterpolationExpr() { - result = getImmediateInterpolationExpr().resolve() - } - - final predicate hasInterpolationExpr() { exists(getInterpolationExpr()) } - - Expr getImmediateInterpolationCountExpr() { - result = - Synth::convertExprFromRaw(Synth::convertInterpolatedStringLiteralExprToRaw(this) - .(Raw::InterpolatedStringLiteralExpr) - .getInterpolationCountExpr()) - } - - final Expr getInterpolationCountExpr() { result = getImmediateInterpolationCountExpr().resolve() } - - final predicate hasInterpolationCountExpr() { exists(getInterpolationCountExpr()) } - - Expr getImmediateLiteralCapacityExpr() { - result = - Synth::convertExprFromRaw(Synth::convertInterpolatedStringLiteralExprToRaw(this) - .(Raw::InterpolatedStringLiteralExpr) - .getLiteralCapacityExpr()) - } - - final Expr getLiteralCapacityExpr() { result = getImmediateLiteralCapacityExpr().resolve() } - - final predicate hasLiteralCapacityExpr() { exists(getLiteralCapacityExpr()) } - - TapExpr getImmediateAppendingExpr() { - result = - Synth::convertTapExprFromRaw(Synth::convertInterpolatedStringLiteralExprToRaw(this) - .(Raw::InterpolatedStringLiteralExpr) - .getAppendingExpr()) - } - - final TapExpr getAppendingExpr() { result = getImmediateAppendingExpr().resolve() } - - final predicate hasAppendingExpr() { exists(getAppendingExpr()) } } diff --git a/swift/ql/lib/codeql/swift/generated/expr/IsExpr.qll b/swift/ql/lib/codeql/swift/generated/expr/IsExpr.qll index 252c098c805..21008dcc2cf 100644 --- a/swift/ql/lib/codeql/swift/generated/expr/IsExpr.qll +++ b/swift/ql/lib/codeql/swift/generated/expr/IsExpr.qll @@ -3,6 +3,8 @@ private import codeql.swift.generated.Synth private import codeql.swift.generated.Raw import codeql.swift.elements.expr.CheckedCastExpr -class IsExprBase extends Synth::TIsExpr, CheckedCastExpr { - override string getAPrimaryQlClass() { result = "IsExpr" } +module Generated { + class IsExpr extends Synth::TIsExpr, CheckedCastExpr { + override string getAPrimaryQlClass() { result = "IsExpr" } + } } diff --git a/swift/ql/lib/codeql/swift/generated/expr/KeyPathApplicationExpr.qll b/swift/ql/lib/codeql/swift/generated/expr/KeyPathApplicationExpr.qll index f72a41b96c4..2f61e5c08b1 100644 --- a/swift/ql/lib/codeql/swift/generated/expr/KeyPathApplicationExpr.qll +++ b/swift/ql/lib/codeql/swift/generated/expr/KeyPathApplicationExpr.qll @@ -3,24 +3,26 @@ private import codeql.swift.generated.Synth private import codeql.swift.generated.Raw import codeql.swift.elements.expr.Expr -class KeyPathApplicationExprBase extends Synth::TKeyPathApplicationExpr, Expr { - override string getAPrimaryQlClass() { result = "KeyPathApplicationExpr" } +module Generated { + class KeyPathApplicationExpr extends Synth::TKeyPathApplicationExpr, Expr { + override string getAPrimaryQlClass() { result = "KeyPathApplicationExpr" } - Expr getImmediateBase() { - result = - Synth::convertExprFromRaw(Synth::convertKeyPathApplicationExprToRaw(this) - .(Raw::KeyPathApplicationExpr) - .getBase()) + Expr getImmediateBase() { + result = + Synth::convertExprFromRaw(Synth::convertKeyPathApplicationExprToRaw(this) + .(Raw::KeyPathApplicationExpr) + .getBase()) + } + + final Expr getBase() { result = getImmediateBase().resolve() } + + Expr getImmediateKeyPath() { + result = + Synth::convertExprFromRaw(Synth::convertKeyPathApplicationExprToRaw(this) + .(Raw::KeyPathApplicationExpr) + .getKeyPath()) + } + + final Expr getKeyPath() { result = getImmediateKeyPath().resolve() } } - - final Expr getBase() { result = getImmediateBase().resolve() } - - Expr getImmediateKeyPath() { - result = - Synth::convertExprFromRaw(Synth::convertKeyPathApplicationExprToRaw(this) - .(Raw::KeyPathApplicationExpr) - .getKeyPath()) - } - - final Expr getKeyPath() { result = getImmediateKeyPath().resolve() } } diff --git a/swift/ql/lib/codeql/swift/generated/expr/KeyPathDotExpr.qll b/swift/ql/lib/codeql/swift/generated/expr/KeyPathDotExpr.qll index 92dea5afa3b..d0e7c74f163 100644 --- a/swift/ql/lib/codeql/swift/generated/expr/KeyPathDotExpr.qll +++ b/swift/ql/lib/codeql/swift/generated/expr/KeyPathDotExpr.qll @@ -3,6 +3,8 @@ private import codeql.swift.generated.Synth private import codeql.swift.generated.Raw import codeql.swift.elements.expr.Expr -class KeyPathDotExprBase extends Synth::TKeyPathDotExpr, Expr { - override string getAPrimaryQlClass() { result = "KeyPathDotExpr" } +module Generated { + class KeyPathDotExpr extends Synth::TKeyPathDotExpr, Expr { + override string getAPrimaryQlClass() { result = "KeyPathDotExpr" } + } } diff --git a/swift/ql/lib/codeql/swift/generated/expr/KeyPathExpr.qll b/swift/ql/lib/codeql/swift/generated/expr/KeyPathExpr.qll index 6271eedc133..c977264238d 100644 --- a/swift/ql/lib/codeql/swift/generated/expr/KeyPathExpr.qll +++ b/swift/ql/lib/codeql/swift/generated/expr/KeyPathExpr.qll @@ -4,28 +4,30 @@ private import codeql.swift.generated.Raw import codeql.swift.elements.expr.Expr import codeql.swift.elements.type.TypeRepr -class KeyPathExprBase extends Synth::TKeyPathExpr, Expr { - override string getAPrimaryQlClass() { result = "KeyPathExpr" } +module Generated { + class KeyPathExpr extends Synth::TKeyPathExpr, Expr { + override string getAPrimaryQlClass() { result = "KeyPathExpr" } - TypeRepr getImmediateRoot() { - result = - Synth::convertTypeReprFromRaw(Synth::convertKeyPathExprToRaw(this) - .(Raw::KeyPathExpr) - .getRoot()) + TypeRepr getImmediateRoot() { + result = + Synth::convertTypeReprFromRaw(Synth::convertKeyPathExprToRaw(this) + .(Raw::KeyPathExpr) + .getRoot()) + } + + final TypeRepr getRoot() { result = getImmediateRoot().resolve() } + + final predicate hasRoot() { exists(getRoot()) } + + Expr getImmediateParsedPath() { + result = + Synth::convertExprFromRaw(Synth::convertKeyPathExprToRaw(this) + .(Raw::KeyPathExpr) + .getParsedPath()) + } + + final Expr getParsedPath() { result = getImmediateParsedPath().resolve() } + + final predicate hasParsedPath() { exists(getParsedPath()) } } - - final TypeRepr getRoot() { result = getImmediateRoot().resolve() } - - final predicate hasRoot() { exists(getRoot()) } - - Expr getImmediateParsedPath() { - result = - Synth::convertExprFromRaw(Synth::convertKeyPathExprToRaw(this) - .(Raw::KeyPathExpr) - .getParsedPath()) - } - - final Expr getParsedPath() { result = getImmediateParsedPath().resolve() } - - final predicate hasParsedPath() { exists(getParsedPath()) } } diff --git a/swift/ql/lib/codeql/swift/generated/expr/LazyInitializerExpr.qll b/swift/ql/lib/codeql/swift/generated/expr/LazyInitializerExpr.qll index beada0f3b05..e4e1b0c4726 100644 --- a/swift/ql/lib/codeql/swift/generated/expr/LazyInitializerExpr.qll +++ b/swift/ql/lib/codeql/swift/generated/expr/LazyInitializerExpr.qll @@ -3,15 +3,17 @@ private import codeql.swift.generated.Synth private import codeql.swift.generated.Raw import codeql.swift.elements.expr.Expr -class LazyInitializerExprBase extends Synth::TLazyInitializerExpr, Expr { - override string getAPrimaryQlClass() { result = "LazyInitializerExpr" } +module Generated { + class LazyInitializerExpr extends Synth::TLazyInitializerExpr, Expr { + override string getAPrimaryQlClass() { result = "LazyInitializerExpr" } - Expr getImmediateSubExpr() { - result = - Synth::convertExprFromRaw(Synth::convertLazyInitializerExprToRaw(this) - .(Raw::LazyInitializerExpr) - .getSubExpr()) + Expr getImmediateSubExpr() { + result = + Synth::convertExprFromRaw(Synth::convertLazyInitializerExprToRaw(this) + .(Raw::LazyInitializerExpr) + .getSubExpr()) + } + + final Expr getSubExpr() { result = getImmediateSubExpr().resolve() } } - - final Expr getSubExpr() { result = getImmediateSubExpr().resolve() } } diff --git a/swift/ql/lib/codeql/swift/generated/expr/LinearFunctionExpr.qll b/swift/ql/lib/codeql/swift/generated/expr/LinearFunctionExpr.qll index 9d820bb1e0a..241b9b769d7 100644 --- a/swift/ql/lib/codeql/swift/generated/expr/LinearFunctionExpr.qll +++ b/swift/ql/lib/codeql/swift/generated/expr/LinearFunctionExpr.qll @@ -3,6 +3,8 @@ private import codeql.swift.generated.Synth private import codeql.swift.generated.Raw import codeql.swift.elements.expr.ImplicitConversionExpr -class LinearFunctionExprBase extends Synth::TLinearFunctionExpr, ImplicitConversionExpr { - override string getAPrimaryQlClass() { result = "LinearFunctionExpr" } +module Generated { + class LinearFunctionExpr extends Synth::TLinearFunctionExpr, ImplicitConversionExpr { + override string getAPrimaryQlClass() { result = "LinearFunctionExpr" } + } } diff --git a/swift/ql/lib/codeql/swift/generated/expr/LinearFunctionExtractOriginalExpr.qll b/swift/ql/lib/codeql/swift/generated/expr/LinearFunctionExtractOriginalExpr.qll index c743f26d348..c4b0cfcac6f 100644 --- a/swift/ql/lib/codeql/swift/generated/expr/LinearFunctionExtractOriginalExpr.qll +++ b/swift/ql/lib/codeql/swift/generated/expr/LinearFunctionExtractOriginalExpr.qll @@ -3,7 +3,9 @@ private import codeql.swift.generated.Synth private import codeql.swift.generated.Raw import codeql.swift.elements.expr.ImplicitConversionExpr -class LinearFunctionExtractOriginalExprBase extends Synth::TLinearFunctionExtractOriginalExpr, - ImplicitConversionExpr { - override string getAPrimaryQlClass() { result = "LinearFunctionExtractOriginalExpr" } +module Generated { + class LinearFunctionExtractOriginalExpr extends Synth::TLinearFunctionExtractOriginalExpr, + ImplicitConversionExpr { + override string getAPrimaryQlClass() { result = "LinearFunctionExtractOriginalExpr" } + } } diff --git a/swift/ql/lib/codeql/swift/generated/expr/LinearToDifferentiableFunctionExpr.qll b/swift/ql/lib/codeql/swift/generated/expr/LinearToDifferentiableFunctionExpr.qll index 93c130c411c..2ade2216be7 100644 --- a/swift/ql/lib/codeql/swift/generated/expr/LinearToDifferentiableFunctionExpr.qll +++ b/swift/ql/lib/codeql/swift/generated/expr/LinearToDifferentiableFunctionExpr.qll @@ -3,7 +3,9 @@ private import codeql.swift.generated.Synth private import codeql.swift.generated.Raw import codeql.swift.elements.expr.ImplicitConversionExpr -class LinearToDifferentiableFunctionExprBase extends Synth::TLinearToDifferentiableFunctionExpr, - ImplicitConversionExpr { - override string getAPrimaryQlClass() { result = "LinearToDifferentiableFunctionExpr" } +module Generated { + class LinearToDifferentiableFunctionExpr extends Synth::TLinearToDifferentiableFunctionExpr, + ImplicitConversionExpr { + override string getAPrimaryQlClass() { result = "LinearToDifferentiableFunctionExpr" } + } } diff --git a/swift/ql/lib/codeql/swift/generated/expr/LiteralExpr.qll b/swift/ql/lib/codeql/swift/generated/expr/LiteralExpr.qll index 7ee4b60c763..5bfc9b21f03 100644 --- a/swift/ql/lib/codeql/swift/generated/expr/LiteralExpr.qll +++ b/swift/ql/lib/codeql/swift/generated/expr/LiteralExpr.qll @@ -3,4 +3,6 @@ private import codeql.swift.generated.Synth private import codeql.swift.generated.Raw import codeql.swift.elements.expr.Expr -class LiteralExprBase extends Synth::TLiteralExpr, Expr { } +module Generated { + class LiteralExpr extends Synth::TLiteralExpr, Expr { } +} diff --git a/swift/ql/lib/codeql/swift/generated/expr/LoadExpr.qll b/swift/ql/lib/codeql/swift/generated/expr/LoadExpr.qll index 3efed3ac23e..5b59d7a6555 100644 --- a/swift/ql/lib/codeql/swift/generated/expr/LoadExpr.qll +++ b/swift/ql/lib/codeql/swift/generated/expr/LoadExpr.qll @@ -3,6 +3,8 @@ private import codeql.swift.generated.Synth private import codeql.swift.generated.Raw import codeql.swift.elements.expr.ImplicitConversionExpr -class LoadExprBase extends Synth::TLoadExpr, ImplicitConversionExpr { - override string getAPrimaryQlClass() { result = "LoadExpr" } +module Generated { + class LoadExpr extends Synth::TLoadExpr, ImplicitConversionExpr { + override string getAPrimaryQlClass() { result = "LoadExpr" } + } } diff --git a/swift/ql/lib/codeql/swift/generated/expr/LookupExpr.qll b/swift/ql/lib/codeql/swift/generated/expr/LookupExpr.qll index 30668251d85..011ebd8347f 100644 --- a/swift/ql/lib/codeql/swift/generated/expr/LookupExpr.qll +++ b/swift/ql/lib/codeql/swift/generated/expr/LookupExpr.qll @@ -4,20 +4,22 @@ private import codeql.swift.generated.Raw import codeql.swift.elements.decl.Decl import codeql.swift.elements.expr.Expr -class LookupExprBase extends Synth::TLookupExpr, Expr { - Expr getImmediateBase() { - result = - Synth::convertExprFromRaw(Synth::convertLookupExprToRaw(this).(Raw::LookupExpr).getBase()) +module Generated { + class LookupExpr extends Synth::TLookupExpr, Expr { + Expr getImmediateBase() { + result = + Synth::convertExprFromRaw(Synth::convertLookupExprToRaw(this).(Raw::LookupExpr).getBase()) + } + + final Expr getBase() { result = getImmediateBase().resolve() } + + Decl getImmediateMember() { + result = + Synth::convertDeclFromRaw(Synth::convertLookupExprToRaw(this).(Raw::LookupExpr).getMember()) + } + + final Decl getMember() { result = getImmediateMember().resolve() } + + final predicate hasMember() { exists(getMember()) } } - - final Expr getBase() { result = getImmediateBase().resolve() } - - Decl getImmediateMember() { - result = - Synth::convertDeclFromRaw(Synth::convertLookupExprToRaw(this).(Raw::LookupExpr).getMember()) - } - - final Decl getMember() { result = getImmediateMember().resolve() } - - final predicate hasMember() { exists(getMember()) } } diff --git a/swift/ql/lib/codeql/swift/generated/expr/MagicIdentifierLiteralExpr.qll b/swift/ql/lib/codeql/swift/generated/expr/MagicIdentifierLiteralExpr.qll index 5c15dc4f9b3..be81d0e4344 100644 --- a/swift/ql/lib/codeql/swift/generated/expr/MagicIdentifierLiteralExpr.qll +++ b/swift/ql/lib/codeql/swift/generated/expr/MagicIdentifierLiteralExpr.qll @@ -3,13 +3,15 @@ private import codeql.swift.generated.Synth private import codeql.swift.generated.Raw import codeql.swift.elements.expr.BuiltinLiteralExpr -class MagicIdentifierLiteralExprBase extends Synth::TMagicIdentifierLiteralExpr, BuiltinLiteralExpr { - override string getAPrimaryQlClass() { result = "MagicIdentifierLiteralExpr" } +module Generated { + class MagicIdentifierLiteralExpr extends Synth::TMagicIdentifierLiteralExpr, BuiltinLiteralExpr { + override string getAPrimaryQlClass() { result = "MagicIdentifierLiteralExpr" } - string getKind() { - result = - Synth::convertMagicIdentifierLiteralExprToRaw(this) - .(Raw::MagicIdentifierLiteralExpr) - .getKind() + string getKind() { + result = + Synth::convertMagicIdentifierLiteralExprToRaw(this) + .(Raw::MagicIdentifierLiteralExpr) + .getKind() + } } } diff --git a/swift/ql/lib/codeql/swift/generated/expr/MakeTemporarilyEscapableExpr.qll b/swift/ql/lib/codeql/swift/generated/expr/MakeTemporarilyEscapableExpr.qll index aa584160d84..2b3c8f084b7 100644 --- a/swift/ql/lib/codeql/swift/generated/expr/MakeTemporarilyEscapableExpr.qll +++ b/swift/ql/lib/codeql/swift/generated/expr/MakeTemporarilyEscapableExpr.qll @@ -4,33 +4,35 @@ private import codeql.swift.generated.Raw import codeql.swift.elements.expr.Expr import codeql.swift.elements.expr.OpaqueValueExpr -class MakeTemporarilyEscapableExprBase extends Synth::TMakeTemporarilyEscapableExpr, Expr { - override string getAPrimaryQlClass() { result = "MakeTemporarilyEscapableExpr" } +module Generated { + class MakeTemporarilyEscapableExpr extends Synth::TMakeTemporarilyEscapableExpr, Expr { + override string getAPrimaryQlClass() { result = "MakeTemporarilyEscapableExpr" } - OpaqueValueExpr getImmediateEscapingClosure() { - result = - Synth::convertOpaqueValueExprFromRaw(Synth::convertMakeTemporarilyEscapableExprToRaw(this) - .(Raw::MakeTemporarilyEscapableExpr) - .getEscapingClosure()) + OpaqueValueExpr getImmediateEscapingClosure() { + result = + Synth::convertOpaqueValueExprFromRaw(Synth::convertMakeTemporarilyEscapableExprToRaw(this) + .(Raw::MakeTemporarilyEscapableExpr) + .getEscapingClosure()) + } + + final OpaqueValueExpr getEscapingClosure() { result = getImmediateEscapingClosure().resolve() } + + Expr getImmediateNonescapingClosure() { + result = + Synth::convertExprFromRaw(Synth::convertMakeTemporarilyEscapableExprToRaw(this) + .(Raw::MakeTemporarilyEscapableExpr) + .getNonescapingClosure()) + } + + final Expr getNonescapingClosure() { result = getImmediateNonescapingClosure().resolve() } + + Expr getImmediateSubExpr() { + result = + Synth::convertExprFromRaw(Synth::convertMakeTemporarilyEscapableExprToRaw(this) + .(Raw::MakeTemporarilyEscapableExpr) + .getSubExpr()) + } + + final Expr getSubExpr() { result = getImmediateSubExpr().resolve() } } - - final OpaqueValueExpr getEscapingClosure() { result = getImmediateEscapingClosure().resolve() } - - Expr getImmediateNonescapingClosure() { - result = - Synth::convertExprFromRaw(Synth::convertMakeTemporarilyEscapableExprToRaw(this) - .(Raw::MakeTemporarilyEscapableExpr) - .getNonescapingClosure()) - } - - final Expr getNonescapingClosure() { result = getImmediateNonescapingClosure().resolve() } - - Expr getImmediateSubExpr() { - result = - Synth::convertExprFromRaw(Synth::convertMakeTemporarilyEscapableExprToRaw(this) - .(Raw::MakeTemporarilyEscapableExpr) - .getSubExpr()) - } - - final Expr getSubExpr() { result = getImmediateSubExpr().resolve() } } diff --git a/swift/ql/lib/codeql/swift/generated/expr/MemberRefExpr.qll b/swift/ql/lib/codeql/swift/generated/expr/MemberRefExpr.qll index 44007f17546..fd92f1f22cb 100644 --- a/swift/ql/lib/codeql/swift/generated/expr/MemberRefExpr.qll +++ b/swift/ql/lib/codeql/swift/generated/expr/MemberRefExpr.qll @@ -3,18 +3,22 @@ private import codeql.swift.generated.Synth private import codeql.swift.generated.Raw import codeql.swift.elements.expr.LookupExpr -class MemberRefExprBase extends Synth::TMemberRefExpr, LookupExpr { - override string getAPrimaryQlClass() { result = "MemberRefExpr" } +module Generated { + class MemberRefExpr extends Synth::TMemberRefExpr, LookupExpr { + override string getAPrimaryQlClass() { result = "MemberRefExpr" } - predicate hasDirectToStorageSemantics() { - Synth::convertMemberRefExprToRaw(this).(Raw::MemberRefExpr).hasDirectToStorageSemantics() - } + predicate hasDirectToStorageSemantics() { + Synth::convertMemberRefExprToRaw(this).(Raw::MemberRefExpr).hasDirectToStorageSemantics() + } - predicate hasDirectToImplementationSemantics() { - Synth::convertMemberRefExprToRaw(this).(Raw::MemberRefExpr).hasDirectToImplementationSemantics() - } + predicate hasDirectToImplementationSemantics() { + Synth::convertMemberRefExprToRaw(this) + .(Raw::MemberRefExpr) + .hasDirectToImplementationSemantics() + } - predicate hasOrdinarySemantics() { - Synth::convertMemberRefExprToRaw(this).(Raw::MemberRefExpr).hasOrdinarySemantics() + predicate hasOrdinarySemantics() { + Synth::convertMemberRefExprToRaw(this).(Raw::MemberRefExpr).hasOrdinarySemantics() + } } } diff --git a/swift/ql/lib/codeql/swift/generated/expr/MetatypeConversionExpr.qll b/swift/ql/lib/codeql/swift/generated/expr/MetatypeConversionExpr.qll index f5fa51beac3..9f474195828 100644 --- a/swift/ql/lib/codeql/swift/generated/expr/MetatypeConversionExpr.qll +++ b/swift/ql/lib/codeql/swift/generated/expr/MetatypeConversionExpr.qll @@ -3,6 +3,8 @@ private import codeql.swift.generated.Synth private import codeql.swift.generated.Raw import codeql.swift.elements.expr.ImplicitConversionExpr -class MetatypeConversionExprBase extends Synth::TMetatypeConversionExpr, ImplicitConversionExpr { - override string getAPrimaryQlClass() { result = "MetatypeConversionExpr" } +module Generated { + class MetatypeConversionExpr extends Synth::TMetatypeConversionExpr, ImplicitConversionExpr { + override string getAPrimaryQlClass() { result = "MetatypeConversionExpr" } + } } diff --git a/swift/ql/lib/codeql/swift/generated/expr/MethodRefExpr.qll b/swift/ql/lib/codeql/swift/generated/expr/MethodRefExpr.qll index 859cda871a6..aff65f89db8 100644 --- a/swift/ql/lib/codeql/swift/generated/expr/MethodRefExpr.qll +++ b/swift/ql/lib/codeql/swift/generated/expr/MethodRefExpr.qll @@ -3,6 +3,8 @@ private import codeql.swift.generated.Synth private import codeql.swift.generated.Raw import codeql.swift.elements.expr.LookupExpr -class MethodRefExprBase extends Synth::TMethodRefExpr, LookupExpr { - override string getAPrimaryQlClass() { result = "MethodRefExpr" } +module Generated { + class MethodRefExpr extends Synth::TMethodRefExpr, LookupExpr { + override string getAPrimaryQlClass() { result = "MethodRefExpr" } + } } diff --git a/swift/ql/lib/codeql/swift/generated/expr/NilLiteralExpr.qll b/swift/ql/lib/codeql/swift/generated/expr/NilLiteralExpr.qll index 56004817aed..744632fd4d3 100644 --- a/swift/ql/lib/codeql/swift/generated/expr/NilLiteralExpr.qll +++ b/swift/ql/lib/codeql/swift/generated/expr/NilLiteralExpr.qll @@ -3,6 +3,8 @@ private import codeql.swift.generated.Synth private import codeql.swift.generated.Raw import codeql.swift.elements.expr.LiteralExpr -class NilLiteralExprBase extends Synth::TNilLiteralExpr, LiteralExpr { - override string getAPrimaryQlClass() { result = "NilLiteralExpr" } +module Generated { + class NilLiteralExpr extends Synth::TNilLiteralExpr, LiteralExpr { + override string getAPrimaryQlClass() { result = "NilLiteralExpr" } + } } diff --git a/swift/ql/lib/codeql/swift/generated/expr/NumberLiteralExpr.qll b/swift/ql/lib/codeql/swift/generated/expr/NumberLiteralExpr.qll index 5a4550e33dd..e4f54bdf2e1 100644 --- a/swift/ql/lib/codeql/swift/generated/expr/NumberLiteralExpr.qll +++ b/swift/ql/lib/codeql/swift/generated/expr/NumberLiteralExpr.qll @@ -3,4 +3,6 @@ private import codeql.swift.generated.Synth private import codeql.swift.generated.Raw import codeql.swift.elements.expr.BuiltinLiteralExpr -class NumberLiteralExprBase extends Synth::TNumberLiteralExpr, BuiltinLiteralExpr { } +module Generated { + class NumberLiteralExpr extends Synth::TNumberLiteralExpr, BuiltinLiteralExpr { } +} diff --git a/swift/ql/lib/codeql/swift/generated/expr/ObjCSelectorExpr.qll b/swift/ql/lib/codeql/swift/generated/expr/ObjCSelectorExpr.qll index 2d359f0f7e7..9cf7a3952c2 100644 --- a/swift/ql/lib/codeql/swift/generated/expr/ObjCSelectorExpr.qll +++ b/swift/ql/lib/codeql/swift/generated/expr/ObjCSelectorExpr.qll @@ -4,24 +4,26 @@ private import codeql.swift.generated.Raw import codeql.swift.elements.decl.AbstractFunctionDecl import codeql.swift.elements.expr.Expr -class ObjCSelectorExprBase extends Synth::TObjCSelectorExpr, Expr { - override string getAPrimaryQlClass() { result = "ObjCSelectorExpr" } +module Generated { + class ObjCSelectorExpr extends Synth::TObjCSelectorExpr, Expr { + override string getAPrimaryQlClass() { result = "ObjCSelectorExpr" } - Expr getImmediateSubExpr() { - result = - Synth::convertExprFromRaw(Synth::convertObjCSelectorExprToRaw(this) - .(Raw::ObjCSelectorExpr) - .getSubExpr()) + Expr getImmediateSubExpr() { + result = + Synth::convertExprFromRaw(Synth::convertObjCSelectorExprToRaw(this) + .(Raw::ObjCSelectorExpr) + .getSubExpr()) + } + + final Expr getSubExpr() { result = getImmediateSubExpr().resolve() } + + AbstractFunctionDecl getImmediateMethod() { + result = + Synth::convertAbstractFunctionDeclFromRaw(Synth::convertObjCSelectorExprToRaw(this) + .(Raw::ObjCSelectorExpr) + .getMethod()) + } + + final AbstractFunctionDecl getMethod() { result = getImmediateMethod().resolve() } } - - final Expr getSubExpr() { result = getImmediateSubExpr().resolve() } - - AbstractFunctionDecl getImmediateMethod() { - result = - Synth::convertAbstractFunctionDeclFromRaw(Synth::convertObjCSelectorExprToRaw(this) - .(Raw::ObjCSelectorExpr) - .getMethod()) - } - - final AbstractFunctionDecl getMethod() { result = getImmediateMethod().resolve() } } diff --git a/swift/ql/lib/codeql/swift/generated/expr/ObjectLiteralExpr.qll b/swift/ql/lib/codeql/swift/generated/expr/ObjectLiteralExpr.qll index 3905a666d58..f24676f7db4 100644 --- a/swift/ql/lib/codeql/swift/generated/expr/ObjectLiteralExpr.qll +++ b/swift/ql/lib/codeql/swift/generated/expr/ObjectLiteralExpr.qll @@ -3,6 +3,8 @@ private import codeql.swift.generated.Synth private import codeql.swift.generated.Raw import codeql.swift.elements.expr.LiteralExpr -class ObjectLiteralExprBase extends Synth::TObjectLiteralExpr, LiteralExpr { - override string getAPrimaryQlClass() { result = "ObjectLiteralExpr" } +module Generated { + class ObjectLiteralExpr extends Synth::TObjectLiteralExpr, LiteralExpr { + override string getAPrimaryQlClass() { result = "ObjectLiteralExpr" } + } } diff --git a/swift/ql/lib/codeql/swift/generated/expr/OneWayExpr.qll b/swift/ql/lib/codeql/swift/generated/expr/OneWayExpr.qll index e04c5097176..dbda0a416ac 100644 --- a/swift/ql/lib/codeql/swift/generated/expr/OneWayExpr.qll +++ b/swift/ql/lib/codeql/swift/generated/expr/OneWayExpr.qll @@ -3,13 +3,15 @@ private import codeql.swift.generated.Synth private import codeql.swift.generated.Raw import codeql.swift.elements.expr.Expr -class OneWayExprBase extends Synth::TOneWayExpr, Expr { - override string getAPrimaryQlClass() { result = "OneWayExpr" } +module Generated { + class OneWayExpr extends Synth::TOneWayExpr, Expr { + override string getAPrimaryQlClass() { result = "OneWayExpr" } - Expr getImmediateSubExpr() { - result = - Synth::convertExprFromRaw(Synth::convertOneWayExprToRaw(this).(Raw::OneWayExpr).getSubExpr()) + Expr getImmediateSubExpr() { + result = + Synth::convertExprFromRaw(Synth::convertOneWayExprToRaw(this).(Raw::OneWayExpr).getSubExpr()) + } + + final Expr getSubExpr() { result = getImmediateSubExpr().resolve() } } - - final Expr getSubExpr() { result = getImmediateSubExpr().resolve() } } diff --git a/swift/ql/lib/codeql/swift/generated/expr/OpaqueValueExpr.qll b/swift/ql/lib/codeql/swift/generated/expr/OpaqueValueExpr.qll index 57ab5506d7f..69ee4df0e19 100644 --- a/swift/ql/lib/codeql/swift/generated/expr/OpaqueValueExpr.qll +++ b/swift/ql/lib/codeql/swift/generated/expr/OpaqueValueExpr.qll @@ -3,6 +3,8 @@ private import codeql.swift.generated.Synth private import codeql.swift.generated.Raw import codeql.swift.elements.expr.Expr -class OpaqueValueExprBase extends Synth::TOpaqueValueExpr, Expr { - override string getAPrimaryQlClass() { result = "OpaqueValueExpr" } +module Generated { + class OpaqueValueExpr extends Synth::TOpaqueValueExpr, Expr { + override string getAPrimaryQlClass() { result = "OpaqueValueExpr" } + } } diff --git a/swift/ql/lib/codeql/swift/generated/expr/OpenExistentialExpr.qll b/swift/ql/lib/codeql/swift/generated/expr/OpenExistentialExpr.qll index 73c12fd5ecd..55dc5b7b721 100644 --- a/swift/ql/lib/codeql/swift/generated/expr/OpenExistentialExpr.qll +++ b/swift/ql/lib/codeql/swift/generated/expr/OpenExistentialExpr.qll @@ -4,33 +4,35 @@ private import codeql.swift.generated.Raw import codeql.swift.elements.expr.Expr import codeql.swift.elements.expr.OpaqueValueExpr -class OpenExistentialExprBase extends Synth::TOpenExistentialExpr, Expr { - override string getAPrimaryQlClass() { result = "OpenExistentialExpr" } +module Generated { + class OpenExistentialExpr extends Synth::TOpenExistentialExpr, Expr { + override string getAPrimaryQlClass() { result = "OpenExistentialExpr" } - Expr getImmediateSubExpr() { - result = - Synth::convertExprFromRaw(Synth::convertOpenExistentialExprToRaw(this) - .(Raw::OpenExistentialExpr) - .getSubExpr()) + Expr getImmediateSubExpr() { + result = + Synth::convertExprFromRaw(Synth::convertOpenExistentialExprToRaw(this) + .(Raw::OpenExistentialExpr) + .getSubExpr()) + } + + final Expr getSubExpr() { result = getImmediateSubExpr().resolve() } + + Expr getImmediateExistential() { + result = + Synth::convertExprFromRaw(Synth::convertOpenExistentialExprToRaw(this) + .(Raw::OpenExistentialExpr) + .getExistential()) + } + + final Expr getExistential() { result = getImmediateExistential().resolve() } + + OpaqueValueExpr getImmediateOpaqueExpr() { + result = + Synth::convertOpaqueValueExprFromRaw(Synth::convertOpenExistentialExprToRaw(this) + .(Raw::OpenExistentialExpr) + .getOpaqueExpr()) + } + + final OpaqueValueExpr getOpaqueExpr() { result = getImmediateOpaqueExpr().resolve() } } - - final Expr getSubExpr() { result = getImmediateSubExpr().resolve() } - - Expr getImmediateExistential() { - result = - Synth::convertExprFromRaw(Synth::convertOpenExistentialExprToRaw(this) - .(Raw::OpenExistentialExpr) - .getExistential()) - } - - final Expr getExistential() { result = getImmediateExistential().resolve() } - - OpaqueValueExpr getImmediateOpaqueExpr() { - result = - Synth::convertOpaqueValueExprFromRaw(Synth::convertOpenExistentialExprToRaw(this) - .(Raw::OpenExistentialExpr) - .getOpaqueExpr()) - } - - final OpaqueValueExpr getOpaqueExpr() { result = getImmediateOpaqueExpr().resolve() } } diff --git a/swift/ql/lib/codeql/swift/generated/expr/OptionalEvaluationExpr.qll b/swift/ql/lib/codeql/swift/generated/expr/OptionalEvaluationExpr.qll index cf4ca868e03..7e23a719f5e 100644 --- a/swift/ql/lib/codeql/swift/generated/expr/OptionalEvaluationExpr.qll +++ b/swift/ql/lib/codeql/swift/generated/expr/OptionalEvaluationExpr.qll @@ -3,15 +3,17 @@ private import codeql.swift.generated.Synth private import codeql.swift.generated.Raw import codeql.swift.elements.expr.Expr -class OptionalEvaluationExprBase extends Synth::TOptionalEvaluationExpr, Expr { - override string getAPrimaryQlClass() { result = "OptionalEvaluationExpr" } +module Generated { + class OptionalEvaluationExpr extends Synth::TOptionalEvaluationExpr, Expr { + override string getAPrimaryQlClass() { result = "OptionalEvaluationExpr" } - Expr getImmediateSubExpr() { - result = - Synth::convertExprFromRaw(Synth::convertOptionalEvaluationExprToRaw(this) - .(Raw::OptionalEvaluationExpr) - .getSubExpr()) + Expr getImmediateSubExpr() { + result = + Synth::convertExprFromRaw(Synth::convertOptionalEvaluationExprToRaw(this) + .(Raw::OptionalEvaluationExpr) + .getSubExpr()) + } + + final Expr getSubExpr() { result = getImmediateSubExpr().resolve() } } - - final Expr getSubExpr() { result = getImmediateSubExpr().resolve() } } diff --git a/swift/ql/lib/codeql/swift/generated/expr/OptionalTryExpr.qll b/swift/ql/lib/codeql/swift/generated/expr/OptionalTryExpr.qll index 3d10e1d7822..dba52cad249 100644 --- a/swift/ql/lib/codeql/swift/generated/expr/OptionalTryExpr.qll +++ b/swift/ql/lib/codeql/swift/generated/expr/OptionalTryExpr.qll @@ -3,6 +3,8 @@ private import codeql.swift.generated.Synth private import codeql.swift.generated.Raw import codeql.swift.elements.expr.AnyTryExpr -class OptionalTryExprBase extends Synth::TOptionalTryExpr, AnyTryExpr { - override string getAPrimaryQlClass() { result = "OptionalTryExpr" } +module Generated { + class OptionalTryExpr extends Synth::TOptionalTryExpr, AnyTryExpr { + override string getAPrimaryQlClass() { result = "OptionalTryExpr" } + } } diff --git a/swift/ql/lib/codeql/swift/generated/expr/OtherConstructorDeclRefExpr.qll b/swift/ql/lib/codeql/swift/generated/expr/OtherConstructorDeclRefExpr.qll index b80d3fab2fa..6f826ca5ba8 100644 --- a/swift/ql/lib/codeql/swift/generated/expr/OtherConstructorDeclRefExpr.qll +++ b/swift/ql/lib/codeql/swift/generated/expr/OtherConstructorDeclRefExpr.qll @@ -4,15 +4,17 @@ private import codeql.swift.generated.Raw import codeql.swift.elements.decl.ConstructorDecl import codeql.swift.elements.expr.Expr -class OtherConstructorDeclRefExprBase extends Synth::TOtherConstructorDeclRefExpr, Expr { - override string getAPrimaryQlClass() { result = "OtherConstructorDeclRefExpr" } +module Generated { + class OtherConstructorDeclRefExpr extends Synth::TOtherConstructorDeclRefExpr, Expr { + override string getAPrimaryQlClass() { result = "OtherConstructorDeclRefExpr" } - ConstructorDecl getImmediateConstructorDecl() { - result = - Synth::convertConstructorDeclFromRaw(Synth::convertOtherConstructorDeclRefExprToRaw(this) - .(Raw::OtherConstructorDeclRefExpr) - .getConstructorDecl()) + ConstructorDecl getImmediateConstructorDecl() { + result = + Synth::convertConstructorDeclFromRaw(Synth::convertOtherConstructorDeclRefExprToRaw(this) + .(Raw::OtherConstructorDeclRefExpr) + .getConstructorDecl()) + } + + final ConstructorDecl getConstructorDecl() { result = getImmediateConstructorDecl().resolve() } } - - final ConstructorDecl getConstructorDecl() { result = getImmediateConstructorDecl().resolve() } } diff --git a/swift/ql/lib/codeql/swift/generated/expr/OverloadSetRefExpr.qll b/swift/ql/lib/codeql/swift/generated/expr/OverloadSetRefExpr.qll index df5c60f75cf..5ea4be250a7 100644 --- a/swift/ql/lib/codeql/swift/generated/expr/OverloadSetRefExpr.qll +++ b/swift/ql/lib/codeql/swift/generated/expr/OverloadSetRefExpr.qll @@ -3,4 +3,6 @@ private import codeql.swift.generated.Synth private import codeql.swift.generated.Raw import codeql.swift.elements.expr.Expr -class OverloadSetRefExprBase extends Synth::TOverloadSetRefExpr, Expr { } +module Generated { + class OverloadSetRefExpr extends Synth::TOverloadSetRefExpr, Expr { } +} diff --git a/swift/ql/lib/codeql/swift/generated/expr/OverloadedDeclRefExpr.qll b/swift/ql/lib/codeql/swift/generated/expr/OverloadedDeclRefExpr.qll index 5e39d0c27e1..b8c35e5aab7 100644 --- a/swift/ql/lib/codeql/swift/generated/expr/OverloadedDeclRefExpr.qll +++ b/swift/ql/lib/codeql/swift/generated/expr/OverloadedDeclRefExpr.qll @@ -3,6 +3,8 @@ private import codeql.swift.generated.Synth private import codeql.swift.generated.Raw import codeql.swift.elements.expr.OverloadSetRefExpr -class OverloadedDeclRefExprBase extends Synth::TOverloadedDeclRefExpr, OverloadSetRefExpr { - override string getAPrimaryQlClass() { result = "OverloadedDeclRefExpr" } +module Generated { + class OverloadedDeclRefExpr extends Synth::TOverloadedDeclRefExpr, OverloadSetRefExpr { + override string getAPrimaryQlClass() { result = "OverloadedDeclRefExpr" } + } } diff --git a/swift/ql/lib/codeql/swift/generated/expr/PackExpr.qll b/swift/ql/lib/codeql/swift/generated/expr/PackExpr.qll index cb871529b0c..039585e7e8e 100644 --- a/swift/ql/lib/codeql/swift/generated/expr/PackExpr.qll +++ b/swift/ql/lib/codeql/swift/generated/expr/PackExpr.qll @@ -3,6 +3,8 @@ private import codeql.swift.generated.Synth private import codeql.swift.generated.Raw import codeql.swift.elements.expr.Expr -class PackExprBase extends Synth::TPackExpr, Expr { - override string getAPrimaryQlClass() { result = "PackExpr" } +module Generated { + class PackExpr extends Synth::TPackExpr, Expr { + override string getAPrimaryQlClass() { result = "PackExpr" } + } } diff --git a/swift/ql/lib/codeql/swift/generated/expr/ParenExpr.qll b/swift/ql/lib/codeql/swift/generated/expr/ParenExpr.qll index 8e77ded72f6..9d14cedb26f 100644 --- a/swift/ql/lib/codeql/swift/generated/expr/ParenExpr.qll +++ b/swift/ql/lib/codeql/swift/generated/expr/ParenExpr.qll @@ -3,6 +3,8 @@ private import codeql.swift.generated.Synth private import codeql.swift.generated.Raw import codeql.swift.elements.expr.IdentityExpr -class ParenExprBase extends Synth::TParenExpr, IdentityExpr { - override string getAPrimaryQlClass() { result = "ParenExpr" } +module Generated { + class ParenExpr extends Synth::TParenExpr, IdentityExpr { + override string getAPrimaryQlClass() { result = "ParenExpr" } + } } diff --git a/swift/ql/lib/codeql/swift/generated/expr/PointerToPointerExpr.qll b/swift/ql/lib/codeql/swift/generated/expr/PointerToPointerExpr.qll index 483114d704e..84624db1bb0 100644 --- a/swift/ql/lib/codeql/swift/generated/expr/PointerToPointerExpr.qll +++ b/swift/ql/lib/codeql/swift/generated/expr/PointerToPointerExpr.qll @@ -3,6 +3,8 @@ private import codeql.swift.generated.Synth private import codeql.swift.generated.Raw import codeql.swift.elements.expr.ImplicitConversionExpr -class PointerToPointerExprBase extends Synth::TPointerToPointerExpr, ImplicitConversionExpr { - override string getAPrimaryQlClass() { result = "PointerToPointerExpr" } +module Generated { + class PointerToPointerExpr extends Synth::TPointerToPointerExpr, ImplicitConversionExpr { + override string getAPrimaryQlClass() { result = "PointerToPointerExpr" } + } } diff --git a/swift/ql/lib/codeql/swift/generated/expr/PostfixUnaryExpr.qll b/swift/ql/lib/codeql/swift/generated/expr/PostfixUnaryExpr.qll index 8d927800af5..9b4c922a3d3 100644 --- a/swift/ql/lib/codeql/swift/generated/expr/PostfixUnaryExpr.qll +++ b/swift/ql/lib/codeql/swift/generated/expr/PostfixUnaryExpr.qll @@ -3,6 +3,8 @@ private import codeql.swift.generated.Synth private import codeql.swift.generated.Raw import codeql.swift.elements.expr.ApplyExpr -class PostfixUnaryExprBase extends Synth::TPostfixUnaryExpr, ApplyExpr { - override string getAPrimaryQlClass() { result = "PostfixUnaryExpr" } +module Generated { + class PostfixUnaryExpr extends Synth::TPostfixUnaryExpr, ApplyExpr { + override string getAPrimaryQlClass() { result = "PostfixUnaryExpr" } + } } diff --git a/swift/ql/lib/codeql/swift/generated/expr/PrefixUnaryExpr.qll b/swift/ql/lib/codeql/swift/generated/expr/PrefixUnaryExpr.qll index 1b411dda46e..036a0e12040 100644 --- a/swift/ql/lib/codeql/swift/generated/expr/PrefixUnaryExpr.qll +++ b/swift/ql/lib/codeql/swift/generated/expr/PrefixUnaryExpr.qll @@ -3,6 +3,8 @@ private import codeql.swift.generated.Synth private import codeql.swift.generated.Raw import codeql.swift.elements.expr.ApplyExpr -class PrefixUnaryExprBase extends Synth::TPrefixUnaryExpr, ApplyExpr { - override string getAPrimaryQlClass() { result = "PrefixUnaryExpr" } +module Generated { + class PrefixUnaryExpr extends Synth::TPrefixUnaryExpr, ApplyExpr { + override string getAPrimaryQlClass() { result = "PrefixUnaryExpr" } + } } diff --git a/swift/ql/lib/codeql/swift/generated/expr/PropertyWrapperValuePlaceholderExpr.qll b/swift/ql/lib/codeql/swift/generated/expr/PropertyWrapperValuePlaceholderExpr.qll index 587a51d00a3..6b89831ee99 100644 --- a/swift/ql/lib/codeql/swift/generated/expr/PropertyWrapperValuePlaceholderExpr.qll +++ b/swift/ql/lib/codeql/swift/generated/expr/PropertyWrapperValuePlaceholderExpr.qll @@ -3,7 +3,9 @@ private import codeql.swift.generated.Synth private import codeql.swift.generated.Raw import codeql.swift.elements.expr.Expr -class PropertyWrapperValuePlaceholderExprBase extends Synth::TPropertyWrapperValuePlaceholderExpr, - Expr { - override string getAPrimaryQlClass() { result = "PropertyWrapperValuePlaceholderExpr" } +module Generated { + class PropertyWrapperValuePlaceholderExpr extends Synth::TPropertyWrapperValuePlaceholderExpr, + Expr { + override string getAPrimaryQlClass() { result = "PropertyWrapperValuePlaceholderExpr" } + } } diff --git a/swift/ql/lib/codeql/swift/generated/expr/ProtocolMetatypeToObjectExpr.qll b/swift/ql/lib/codeql/swift/generated/expr/ProtocolMetatypeToObjectExpr.qll index de84f05009f..18a2999a736 100644 --- a/swift/ql/lib/codeql/swift/generated/expr/ProtocolMetatypeToObjectExpr.qll +++ b/swift/ql/lib/codeql/swift/generated/expr/ProtocolMetatypeToObjectExpr.qll @@ -3,7 +3,9 @@ private import codeql.swift.generated.Synth private import codeql.swift.generated.Raw import codeql.swift.elements.expr.ImplicitConversionExpr -class ProtocolMetatypeToObjectExprBase extends Synth::TProtocolMetatypeToObjectExpr, - ImplicitConversionExpr { - override string getAPrimaryQlClass() { result = "ProtocolMetatypeToObjectExpr" } +module Generated { + class ProtocolMetatypeToObjectExpr extends Synth::TProtocolMetatypeToObjectExpr, + ImplicitConversionExpr { + override string getAPrimaryQlClass() { result = "ProtocolMetatypeToObjectExpr" } + } } diff --git a/swift/ql/lib/codeql/swift/generated/expr/RebindSelfInConstructorExpr.qll b/swift/ql/lib/codeql/swift/generated/expr/RebindSelfInConstructorExpr.qll index 873212cd35d..cfc94664fb9 100644 --- a/swift/ql/lib/codeql/swift/generated/expr/RebindSelfInConstructorExpr.qll +++ b/swift/ql/lib/codeql/swift/generated/expr/RebindSelfInConstructorExpr.qll @@ -4,24 +4,26 @@ private import codeql.swift.generated.Raw import codeql.swift.elements.expr.Expr import codeql.swift.elements.decl.VarDecl -class RebindSelfInConstructorExprBase extends Synth::TRebindSelfInConstructorExpr, Expr { - override string getAPrimaryQlClass() { result = "RebindSelfInConstructorExpr" } +module Generated { + class RebindSelfInConstructorExpr extends Synth::TRebindSelfInConstructorExpr, Expr { + override string getAPrimaryQlClass() { result = "RebindSelfInConstructorExpr" } - Expr getImmediateSubExpr() { - result = - Synth::convertExprFromRaw(Synth::convertRebindSelfInConstructorExprToRaw(this) - .(Raw::RebindSelfInConstructorExpr) - .getSubExpr()) + Expr getImmediateSubExpr() { + result = + Synth::convertExprFromRaw(Synth::convertRebindSelfInConstructorExprToRaw(this) + .(Raw::RebindSelfInConstructorExpr) + .getSubExpr()) + } + + final Expr getSubExpr() { result = getImmediateSubExpr().resolve() } + + VarDecl getImmediateSelf() { + result = + Synth::convertVarDeclFromRaw(Synth::convertRebindSelfInConstructorExprToRaw(this) + .(Raw::RebindSelfInConstructorExpr) + .getSelf()) + } + + final VarDecl getSelf() { result = getImmediateSelf().resolve() } } - - final Expr getSubExpr() { result = getImmediateSubExpr().resolve() } - - VarDecl getImmediateSelf() { - result = - Synth::convertVarDeclFromRaw(Synth::convertRebindSelfInConstructorExprToRaw(this) - .(Raw::RebindSelfInConstructorExpr) - .getSelf()) - } - - final VarDecl getSelf() { result = getImmediateSelf().resolve() } } diff --git a/swift/ql/lib/codeql/swift/generated/expr/RegexLiteralExpr.qll b/swift/ql/lib/codeql/swift/generated/expr/RegexLiteralExpr.qll index f4e31a45347..47728a30703 100644 --- a/swift/ql/lib/codeql/swift/generated/expr/RegexLiteralExpr.qll +++ b/swift/ql/lib/codeql/swift/generated/expr/RegexLiteralExpr.qll @@ -3,6 +3,8 @@ private import codeql.swift.generated.Synth private import codeql.swift.generated.Raw import codeql.swift.elements.expr.LiteralExpr -class RegexLiteralExprBase extends Synth::TRegexLiteralExpr, LiteralExpr { - override string getAPrimaryQlClass() { result = "RegexLiteralExpr" } +module Generated { + class RegexLiteralExpr extends Synth::TRegexLiteralExpr, LiteralExpr { + override string getAPrimaryQlClass() { result = "RegexLiteralExpr" } + } } diff --git a/swift/ql/lib/codeql/swift/generated/expr/ReifyPackExpr.qll b/swift/ql/lib/codeql/swift/generated/expr/ReifyPackExpr.qll index c2a69f131f7..7caaa8b1498 100644 --- a/swift/ql/lib/codeql/swift/generated/expr/ReifyPackExpr.qll +++ b/swift/ql/lib/codeql/swift/generated/expr/ReifyPackExpr.qll @@ -3,6 +3,8 @@ private import codeql.swift.generated.Synth private import codeql.swift.generated.Raw import codeql.swift.elements.expr.ImplicitConversionExpr -class ReifyPackExprBase extends Synth::TReifyPackExpr, ImplicitConversionExpr { - override string getAPrimaryQlClass() { result = "ReifyPackExpr" } +module Generated { + class ReifyPackExpr extends Synth::TReifyPackExpr, ImplicitConversionExpr { + override string getAPrimaryQlClass() { result = "ReifyPackExpr" } + } } diff --git a/swift/ql/lib/codeql/swift/generated/expr/SelfApplyExpr.qll b/swift/ql/lib/codeql/swift/generated/expr/SelfApplyExpr.qll index f3a32aee807..78e13755d6f 100644 --- a/swift/ql/lib/codeql/swift/generated/expr/SelfApplyExpr.qll +++ b/swift/ql/lib/codeql/swift/generated/expr/SelfApplyExpr.qll @@ -4,13 +4,15 @@ private import codeql.swift.generated.Raw import codeql.swift.elements.expr.ApplyExpr import codeql.swift.elements.expr.Expr -class SelfApplyExprBase extends Synth::TSelfApplyExpr, ApplyExpr { - Expr getImmediateBase() { - result = - Synth::convertExprFromRaw(Synth::convertSelfApplyExprToRaw(this) - .(Raw::SelfApplyExpr) - .getBase()) - } +module Generated { + class SelfApplyExpr extends Synth::TSelfApplyExpr, ApplyExpr { + Expr getImmediateBase() { + result = + Synth::convertExprFromRaw(Synth::convertSelfApplyExprToRaw(this) + .(Raw::SelfApplyExpr) + .getBase()) + } - final Expr getBase() { result = getImmediateBase().resolve() } + final Expr getBase() { result = getImmediateBase().resolve() } + } } diff --git a/swift/ql/lib/codeql/swift/generated/expr/SequenceExpr.qll b/swift/ql/lib/codeql/swift/generated/expr/SequenceExpr.qll index ecd6c614fa1..18e0d63158f 100644 --- a/swift/ql/lib/codeql/swift/generated/expr/SequenceExpr.qll +++ b/swift/ql/lib/codeql/swift/generated/expr/SequenceExpr.qll @@ -3,19 +3,21 @@ private import codeql.swift.generated.Synth private import codeql.swift.generated.Raw import codeql.swift.elements.expr.Expr -class SequenceExprBase extends Synth::TSequenceExpr, Expr { - override string getAPrimaryQlClass() { result = "SequenceExpr" } +module Generated { + class SequenceExpr extends Synth::TSequenceExpr, Expr { + override string getAPrimaryQlClass() { result = "SequenceExpr" } - Expr getImmediateElement(int index) { - result = - Synth::convertExprFromRaw(Synth::convertSequenceExprToRaw(this) - .(Raw::SequenceExpr) - .getElement(index)) + Expr getImmediateElement(int index) { + result = + Synth::convertExprFromRaw(Synth::convertSequenceExprToRaw(this) + .(Raw::SequenceExpr) + .getElement(index)) + } + + final Expr getElement(int index) { result = getImmediateElement(index).resolve() } + + final Expr getAnElement() { result = getElement(_) } + + final int getNumberOfElements() { result = count(getAnElement()) } } - - final Expr getElement(int index) { result = getImmediateElement(index).resolve() } - - final Expr getAnElement() { result = getElement(_) } - - final int getNumberOfElements() { result = count(getAnElement()) } } diff --git a/swift/ql/lib/codeql/swift/generated/expr/StringLiteralExpr.qll b/swift/ql/lib/codeql/swift/generated/expr/StringLiteralExpr.qll index 9b7e6416234..883108ff6e9 100644 --- a/swift/ql/lib/codeql/swift/generated/expr/StringLiteralExpr.qll +++ b/swift/ql/lib/codeql/swift/generated/expr/StringLiteralExpr.qll @@ -3,10 +3,12 @@ private import codeql.swift.generated.Synth private import codeql.swift.generated.Raw import codeql.swift.elements.expr.BuiltinLiteralExpr -class StringLiteralExprBase extends Synth::TStringLiteralExpr, BuiltinLiteralExpr { - override string getAPrimaryQlClass() { result = "StringLiteralExpr" } +module Generated { + class StringLiteralExpr extends Synth::TStringLiteralExpr, BuiltinLiteralExpr { + override string getAPrimaryQlClass() { result = "StringLiteralExpr" } - string getValue() { - result = Synth::convertStringLiteralExprToRaw(this).(Raw::StringLiteralExpr).getValue() + string getValue() { + result = Synth::convertStringLiteralExprToRaw(this).(Raw::StringLiteralExpr).getValue() + } } } diff --git a/swift/ql/lib/codeql/swift/generated/expr/StringToPointerExpr.qll b/swift/ql/lib/codeql/swift/generated/expr/StringToPointerExpr.qll index e3fb143ae40..1da483a0a6e 100644 --- a/swift/ql/lib/codeql/swift/generated/expr/StringToPointerExpr.qll +++ b/swift/ql/lib/codeql/swift/generated/expr/StringToPointerExpr.qll @@ -3,6 +3,8 @@ private import codeql.swift.generated.Synth private import codeql.swift.generated.Raw import codeql.swift.elements.expr.ImplicitConversionExpr -class StringToPointerExprBase extends Synth::TStringToPointerExpr, ImplicitConversionExpr { - override string getAPrimaryQlClass() { result = "StringToPointerExpr" } +module Generated { + class StringToPointerExpr extends Synth::TStringToPointerExpr, ImplicitConversionExpr { + override string getAPrimaryQlClass() { result = "StringToPointerExpr" } + } } diff --git a/swift/ql/lib/codeql/swift/generated/expr/SubscriptExpr.qll b/swift/ql/lib/codeql/swift/generated/expr/SubscriptExpr.qll index a7d464e96af..5927aa2dda9 100644 --- a/swift/ql/lib/codeql/swift/generated/expr/SubscriptExpr.qll +++ b/swift/ql/lib/codeql/swift/generated/expr/SubscriptExpr.qll @@ -4,31 +4,35 @@ private import codeql.swift.generated.Raw import codeql.swift.elements.expr.Argument import codeql.swift.elements.expr.LookupExpr -class SubscriptExprBase extends Synth::TSubscriptExpr, LookupExpr { - override string getAPrimaryQlClass() { result = "SubscriptExpr" } +module Generated { + class SubscriptExpr extends Synth::TSubscriptExpr, LookupExpr { + override string getAPrimaryQlClass() { result = "SubscriptExpr" } - Argument getImmediateArgument(int index) { - result = - Synth::convertArgumentFromRaw(Synth::convertSubscriptExprToRaw(this) - .(Raw::SubscriptExpr) - .getArgument(index)) - } + Argument getImmediateArgument(int index) { + result = + Synth::convertArgumentFromRaw(Synth::convertSubscriptExprToRaw(this) + .(Raw::SubscriptExpr) + .getArgument(index)) + } - final Argument getArgument(int index) { result = getImmediateArgument(index).resolve() } + final Argument getArgument(int index) { result = getImmediateArgument(index).resolve() } - final Argument getAnArgument() { result = getArgument(_) } + final Argument getAnArgument() { result = getArgument(_) } - final int getNumberOfArguments() { result = count(getAnArgument()) } + final int getNumberOfArguments() { result = count(getAnArgument()) } - predicate hasDirectToStorageSemantics() { - Synth::convertSubscriptExprToRaw(this).(Raw::SubscriptExpr).hasDirectToStorageSemantics() - } + predicate hasDirectToStorageSemantics() { + Synth::convertSubscriptExprToRaw(this).(Raw::SubscriptExpr).hasDirectToStorageSemantics() + } - predicate hasDirectToImplementationSemantics() { - Synth::convertSubscriptExprToRaw(this).(Raw::SubscriptExpr).hasDirectToImplementationSemantics() - } + predicate hasDirectToImplementationSemantics() { + Synth::convertSubscriptExprToRaw(this) + .(Raw::SubscriptExpr) + .hasDirectToImplementationSemantics() + } - predicate hasOrdinarySemantics() { - Synth::convertSubscriptExprToRaw(this).(Raw::SubscriptExpr).hasOrdinarySemantics() + predicate hasOrdinarySemantics() { + Synth::convertSubscriptExprToRaw(this).(Raw::SubscriptExpr).hasOrdinarySemantics() + } } } diff --git a/swift/ql/lib/codeql/swift/generated/expr/SuperRefExpr.qll b/swift/ql/lib/codeql/swift/generated/expr/SuperRefExpr.qll index d4b78843f20..205dccba330 100644 --- a/swift/ql/lib/codeql/swift/generated/expr/SuperRefExpr.qll +++ b/swift/ql/lib/codeql/swift/generated/expr/SuperRefExpr.qll @@ -4,15 +4,17 @@ private import codeql.swift.generated.Raw import codeql.swift.elements.expr.Expr import codeql.swift.elements.decl.VarDecl -class SuperRefExprBase extends Synth::TSuperRefExpr, Expr { - override string getAPrimaryQlClass() { result = "SuperRefExpr" } +module Generated { + class SuperRefExpr extends Synth::TSuperRefExpr, Expr { + override string getAPrimaryQlClass() { result = "SuperRefExpr" } - VarDecl getImmediateSelf() { - result = - Synth::convertVarDeclFromRaw(Synth::convertSuperRefExprToRaw(this) - .(Raw::SuperRefExpr) - .getSelf()) + VarDecl getImmediateSelf() { + result = + Synth::convertVarDeclFromRaw(Synth::convertSuperRefExprToRaw(this) + .(Raw::SuperRefExpr) + .getSelf()) + } + + final VarDecl getSelf() { result = getImmediateSelf().resolve() } } - - final VarDecl getSelf() { result = getImmediateSelf().resolve() } } diff --git a/swift/ql/lib/codeql/swift/generated/expr/TapExpr.qll b/swift/ql/lib/codeql/swift/generated/expr/TapExpr.qll index 9878747e4ae..e0f9f8f8018 100644 --- a/swift/ql/lib/codeql/swift/generated/expr/TapExpr.qll +++ b/swift/ql/lib/codeql/swift/generated/expr/TapExpr.qll @@ -5,27 +5,31 @@ import codeql.swift.elements.stmt.BraceStmt import codeql.swift.elements.expr.Expr import codeql.swift.elements.decl.VarDecl -class TapExprBase extends Synth::TTapExpr, Expr { - override string getAPrimaryQlClass() { result = "TapExpr" } +module Generated { + class TapExpr extends Synth::TTapExpr, Expr { + override string getAPrimaryQlClass() { result = "TapExpr" } - Expr getImmediateSubExpr() { - result = Synth::convertExprFromRaw(Synth::convertTapExprToRaw(this).(Raw::TapExpr).getSubExpr()) + Expr getImmediateSubExpr() { + result = + Synth::convertExprFromRaw(Synth::convertTapExprToRaw(this).(Raw::TapExpr).getSubExpr()) + } + + final Expr getSubExpr() { result = getImmediateSubExpr().resolve() } + + final predicate hasSubExpr() { exists(getSubExpr()) } + + BraceStmt getImmediateBody() { + result = + Synth::convertBraceStmtFromRaw(Synth::convertTapExprToRaw(this).(Raw::TapExpr).getBody()) + } + + final BraceStmt getBody() { result = getImmediateBody().resolve() } + + VarDecl getImmediateVar() { + result = + Synth::convertVarDeclFromRaw(Synth::convertTapExprToRaw(this).(Raw::TapExpr).getVar()) + } + + final VarDecl getVar() { result = getImmediateVar().resolve() } } - - final Expr getSubExpr() { result = getImmediateSubExpr().resolve() } - - final predicate hasSubExpr() { exists(getSubExpr()) } - - BraceStmt getImmediateBody() { - result = - Synth::convertBraceStmtFromRaw(Synth::convertTapExprToRaw(this).(Raw::TapExpr).getBody()) - } - - final BraceStmt getBody() { result = getImmediateBody().resolve() } - - VarDecl getImmediateVar() { - result = Synth::convertVarDeclFromRaw(Synth::convertTapExprToRaw(this).(Raw::TapExpr).getVar()) - } - - final VarDecl getVar() { result = getImmediateVar().resolve() } } diff --git a/swift/ql/lib/codeql/swift/generated/expr/TryExpr.qll b/swift/ql/lib/codeql/swift/generated/expr/TryExpr.qll index 7b7974a6abd..135dd5b8594 100644 --- a/swift/ql/lib/codeql/swift/generated/expr/TryExpr.qll +++ b/swift/ql/lib/codeql/swift/generated/expr/TryExpr.qll @@ -3,6 +3,8 @@ private import codeql.swift.generated.Synth private import codeql.swift.generated.Raw import codeql.swift.elements.expr.AnyTryExpr -class TryExprBase extends Synth::TTryExpr, AnyTryExpr { - override string getAPrimaryQlClass() { result = "TryExpr" } +module Generated { + class TryExpr extends Synth::TTryExpr, AnyTryExpr { + override string getAPrimaryQlClass() { result = "TryExpr" } + } } diff --git a/swift/ql/lib/codeql/swift/generated/expr/TupleElementExpr.qll b/swift/ql/lib/codeql/swift/generated/expr/TupleElementExpr.qll index 4ad0f66e38b..fa4573d6577 100644 --- a/swift/ql/lib/codeql/swift/generated/expr/TupleElementExpr.qll +++ b/swift/ql/lib/codeql/swift/generated/expr/TupleElementExpr.qll @@ -3,19 +3,21 @@ private import codeql.swift.generated.Synth private import codeql.swift.generated.Raw import codeql.swift.elements.expr.Expr -class TupleElementExprBase extends Synth::TTupleElementExpr, Expr { - override string getAPrimaryQlClass() { result = "TupleElementExpr" } +module Generated { + class TupleElementExpr extends Synth::TTupleElementExpr, Expr { + override string getAPrimaryQlClass() { result = "TupleElementExpr" } - Expr getImmediateSubExpr() { - result = - Synth::convertExprFromRaw(Synth::convertTupleElementExprToRaw(this) - .(Raw::TupleElementExpr) - .getSubExpr()) - } + Expr getImmediateSubExpr() { + result = + Synth::convertExprFromRaw(Synth::convertTupleElementExprToRaw(this) + .(Raw::TupleElementExpr) + .getSubExpr()) + } - final Expr getSubExpr() { result = getImmediateSubExpr().resolve() } + final Expr getSubExpr() { result = getImmediateSubExpr().resolve() } - int getIndex() { - result = Synth::convertTupleElementExprToRaw(this).(Raw::TupleElementExpr).getIndex() + int getIndex() { + result = Synth::convertTupleElementExprToRaw(this).(Raw::TupleElementExpr).getIndex() + } } } diff --git a/swift/ql/lib/codeql/swift/generated/expr/TupleExpr.qll b/swift/ql/lib/codeql/swift/generated/expr/TupleExpr.qll index c8622343a87..693edecc005 100644 --- a/swift/ql/lib/codeql/swift/generated/expr/TupleExpr.qll +++ b/swift/ql/lib/codeql/swift/generated/expr/TupleExpr.qll @@ -3,19 +3,21 @@ private import codeql.swift.generated.Synth private import codeql.swift.generated.Raw import codeql.swift.elements.expr.Expr -class TupleExprBase extends Synth::TTupleExpr, Expr { - override string getAPrimaryQlClass() { result = "TupleExpr" } +module Generated { + class TupleExpr extends Synth::TTupleExpr, Expr { + override string getAPrimaryQlClass() { result = "TupleExpr" } - Expr getImmediateElement(int index) { - result = - Synth::convertExprFromRaw(Synth::convertTupleExprToRaw(this) - .(Raw::TupleExpr) - .getElement(index)) + Expr getImmediateElement(int index) { + result = + Synth::convertExprFromRaw(Synth::convertTupleExprToRaw(this) + .(Raw::TupleExpr) + .getElement(index)) + } + + final Expr getElement(int index) { result = getImmediateElement(index).resolve() } + + final Expr getAnElement() { result = getElement(_) } + + final int getNumberOfElements() { result = count(getAnElement()) } } - - final Expr getElement(int index) { result = getImmediateElement(index).resolve() } - - final Expr getAnElement() { result = getElement(_) } - - final int getNumberOfElements() { result = count(getAnElement()) } } diff --git a/swift/ql/lib/codeql/swift/generated/expr/TypeExpr.qll b/swift/ql/lib/codeql/swift/generated/expr/TypeExpr.qll index 0aa45c11276..a443ccd4023 100644 --- a/swift/ql/lib/codeql/swift/generated/expr/TypeExpr.qll +++ b/swift/ql/lib/codeql/swift/generated/expr/TypeExpr.qll @@ -4,15 +4,19 @@ private import codeql.swift.generated.Raw import codeql.swift.elements.expr.Expr import codeql.swift.elements.type.TypeRepr -class TypeExprBase extends Synth::TTypeExpr, Expr { - override string getAPrimaryQlClass() { result = "TypeExpr" } +module Generated { + class TypeExpr extends Synth::TTypeExpr, Expr { + override string getAPrimaryQlClass() { result = "TypeExpr" } - TypeRepr getImmediateTypeRepr() { - result = - Synth::convertTypeReprFromRaw(Synth::convertTypeExprToRaw(this).(Raw::TypeExpr).getTypeRepr()) + TypeRepr getImmediateTypeRepr() { + result = + Synth::convertTypeReprFromRaw(Synth::convertTypeExprToRaw(this) + .(Raw::TypeExpr) + .getTypeRepr()) + } + + final TypeRepr getTypeRepr() { result = getImmediateTypeRepr().resolve() } + + final predicate hasTypeRepr() { exists(getTypeRepr()) } } - - final TypeRepr getTypeRepr() { result = getImmediateTypeRepr().resolve() } - - final predicate hasTypeRepr() { exists(getTypeRepr()) } } diff --git a/swift/ql/lib/codeql/swift/generated/expr/UnderlyingToOpaqueExpr.qll b/swift/ql/lib/codeql/swift/generated/expr/UnderlyingToOpaqueExpr.qll index 9a5e8ac0a9b..ad85460fe48 100644 --- a/swift/ql/lib/codeql/swift/generated/expr/UnderlyingToOpaqueExpr.qll +++ b/swift/ql/lib/codeql/swift/generated/expr/UnderlyingToOpaqueExpr.qll @@ -3,6 +3,8 @@ private import codeql.swift.generated.Synth private import codeql.swift.generated.Raw import codeql.swift.elements.expr.ImplicitConversionExpr -class UnderlyingToOpaqueExprBase extends Synth::TUnderlyingToOpaqueExpr, ImplicitConversionExpr { - override string getAPrimaryQlClass() { result = "UnderlyingToOpaqueExpr" } +module Generated { + class UnderlyingToOpaqueExpr extends Synth::TUnderlyingToOpaqueExpr, ImplicitConversionExpr { + override string getAPrimaryQlClass() { result = "UnderlyingToOpaqueExpr" } + } } diff --git a/swift/ql/lib/codeql/swift/generated/expr/UnevaluatedInstanceExpr.qll b/swift/ql/lib/codeql/swift/generated/expr/UnevaluatedInstanceExpr.qll index 7ee5d3e7c30..c11dce7dd81 100644 --- a/swift/ql/lib/codeql/swift/generated/expr/UnevaluatedInstanceExpr.qll +++ b/swift/ql/lib/codeql/swift/generated/expr/UnevaluatedInstanceExpr.qll @@ -3,6 +3,8 @@ private import codeql.swift.generated.Synth private import codeql.swift.generated.Raw import codeql.swift.elements.expr.ImplicitConversionExpr -class UnevaluatedInstanceExprBase extends Synth::TUnevaluatedInstanceExpr, ImplicitConversionExpr { - override string getAPrimaryQlClass() { result = "UnevaluatedInstanceExpr" } +module Generated { + class UnevaluatedInstanceExpr extends Synth::TUnevaluatedInstanceExpr, ImplicitConversionExpr { + override string getAPrimaryQlClass() { result = "UnevaluatedInstanceExpr" } + } } diff --git a/swift/ql/lib/codeql/swift/generated/expr/UnresolvedDeclRefExpr.qll b/swift/ql/lib/codeql/swift/generated/expr/UnresolvedDeclRefExpr.qll index ab4232dd171..c395197c221 100644 --- a/swift/ql/lib/codeql/swift/generated/expr/UnresolvedDeclRefExpr.qll +++ b/swift/ql/lib/codeql/swift/generated/expr/UnresolvedDeclRefExpr.qll @@ -4,12 +4,14 @@ private import codeql.swift.generated.Raw import codeql.swift.elements.expr.Expr import codeql.swift.elements.UnresolvedElement -class UnresolvedDeclRefExprBase extends Synth::TUnresolvedDeclRefExpr, Expr, UnresolvedElement { - override string getAPrimaryQlClass() { result = "UnresolvedDeclRefExpr" } +module Generated { + class UnresolvedDeclRefExpr extends Synth::TUnresolvedDeclRefExpr, Expr, UnresolvedElement { + override string getAPrimaryQlClass() { result = "UnresolvedDeclRefExpr" } - string getName() { - result = Synth::convertUnresolvedDeclRefExprToRaw(this).(Raw::UnresolvedDeclRefExpr).getName() + string getName() { + result = Synth::convertUnresolvedDeclRefExprToRaw(this).(Raw::UnresolvedDeclRefExpr).getName() + } + + final predicate hasName() { exists(getName()) } } - - final predicate hasName() { exists(getName()) } } diff --git a/swift/ql/lib/codeql/swift/generated/expr/UnresolvedDotExpr.qll b/swift/ql/lib/codeql/swift/generated/expr/UnresolvedDotExpr.qll index 0af7123b7c2..25466076145 100644 --- a/swift/ql/lib/codeql/swift/generated/expr/UnresolvedDotExpr.qll +++ b/swift/ql/lib/codeql/swift/generated/expr/UnresolvedDotExpr.qll @@ -4,19 +4,21 @@ private import codeql.swift.generated.Raw import codeql.swift.elements.expr.Expr import codeql.swift.elements.UnresolvedElement -class UnresolvedDotExprBase extends Synth::TUnresolvedDotExpr, Expr, UnresolvedElement { - override string getAPrimaryQlClass() { result = "UnresolvedDotExpr" } +module Generated { + class UnresolvedDotExpr extends Synth::TUnresolvedDotExpr, Expr, UnresolvedElement { + override string getAPrimaryQlClass() { result = "UnresolvedDotExpr" } - Expr getImmediateBase() { - result = - Synth::convertExprFromRaw(Synth::convertUnresolvedDotExprToRaw(this) - .(Raw::UnresolvedDotExpr) - .getBase()) - } + Expr getImmediateBase() { + result = + Synth::convertExprFromRaw(Synth::convertUnresolvedDotExprToRaw(this) + .(Raw::UnresolvedDotExpr) + .getBase()) + } - final Expr getBase() { result = getImmediateBase().resolve() } + final Expr getBase() { result = getImmediateBase().resolve() } - string getName() { - result = Synth::convertUnresolvedDotExprToRaw(this).(Raw::UnresolvedDotExpr).getName() + string getName() { + result = Synth::convertUnresolvedDotExprToRaw(this).(Raw::UnresolvedDotExpr).getName() + } } } diff --git a/swift/ql/lib/codeql/swift/generated/expr/UnresolvedMemberChainResultExpr.qll b/swift/ql/lib/codeql/swift/generated/expr/UnresolvedMemberChainResultExpr.qll index 7d76a2a6e00..d35b1436f8a 100644 --- a/swift/ql/lib/codeql/swift/generated/expr/UnresolvedMemberChainResultExpr.qll +++ b/swift/ql/lib/codeql/swift/generated/expr/UnresolvedMemberChainResultExpr.qll @@ -4,7 +4,9 @@ private import codeql.swift.generated.Raw import codeql.swift.elements.expr.IdentityExpr import codeql.swift.elements.UnresolvedElement -class UnresolvedMemberChainResultExprBase extends Synth::TUnresolvedMemberChainResultExpr, - IdentityExpr, UnresolvedElement { - override string getAPrimaryQlClass() { result = "UnresolvedMemberChainResultExpr" } +module Generated { + class UnresolvedMemberChainResultExpr extends Synth::TUnresolvedMemberChainResultExpr, + IdentityExpr, UnresolvedElement { + override string getAPrimaryQlClass() { result = "UnresolvedMemberChainResultExpr" } + } } diff --git a/swift/ql/lib/codeql/swift/generated/expr/UnresolvedMemberExpr.qll b/swift/ql/lib/codeql/swift/generated/expr/UnresolvedMemberExpr.qll index d3fdef7544b..6d3eafcaeef 100644 --- a/swift/ql/lib/codeql/swift/generated/expr/UnresolvedMemberExpr.qll +++ b/swift/ql/lib/codeql/swift/generated/expr/UnresolvedMemberExpr.qll @@ -4,10 +4,12 @@ private import codeql.swift.generated.Raw import codeql.swift.elements.expr.Expr import codeql.swift.elements.UnresolvedElement -class UnresolvedMemberExprBase extends Synth::TUnresolvedMemberExpr, Expr, UnresolvedElement { - override string getAPrimaryQlClass() { result = "UnresolvedMemberExpr" } +module Generated { + class UnresolvedMemberExpr extends Synth::TUnresolvedMemberExpr, Expr, UnresolvedElement { + override string getAPrimaryQlClass() { result = "UnresolvedMemberExpr" } - string getName() { - result = Synth::convertUnresolvedMemberExprToRaw(this).(Raw::UnresolvedMemberExpr).getName() + string getName() { + result = Synth::convertUnresolvedMemberExprToRaw(this).(Raw::UnresolvedMemberExpr).getName() + } } } diff --git a/swift/ql/lib/codeql/swift/generated/expr/UnresolvedPatternExpr.qll b/swift/ql/lib/codeql/swift/generated/expr/UnresolvedPatternExpr.qll index 92e536c025b..0a1c50dd68e 100644 --- a/swift/ql/lib/codeql/swift/generated/expr/UnresolvedPatternExpr.qll +++ b/swift/ql/lib/codeql/swift/generated/expr/UnresolvedPatternExpr.qll @@ -5,15 +5,17 @@ import codeql.swift.elements.expr.Expr import codeql.swift.elements.pattern.Pattern import codeql.swift.elements.UnresolvedElement -class UnresolvedPatternExprBase extends Synth::TUnresolvedPatternExpr, Expr, UnresolvedElement { - override string getAPrimaryQlClass() { result = "UnresolvedPatternExpr" } +module Generated { + class UnresolvedPatternExpr extends Synth::TUnresolvedPatternExpr, Expr, UnresolvedElement { + override string getAPrimaryQlClass() { result = "UnresolvedPatternExpr" } - Pattern getImmediateSubPattern() { - result = - Synth::convertPatternFromRaw(Synth::convertUnresolvedPatternExprToRaw(this) - .(Raw::UnresolvedPatternExpr) - .getSubPattern()) + Pattern getImmediateSubPattern() { + result = + Synth::convertPatternFromRaw(Synth::convertUnresolvedPatternExprToRaw(this) + .(Raw::UnresolvedPatternExpr) + .getSubPattern()) + } + + final Pattern getSubPattern() { result = getImmediateSubPattern().resolve() } } - - final Pattern getSubPattern() { result = getImmediateSubPattern().resolve() } } diff --git a/swift/ql/lib/codeql/swift/generated/expr/UnresolvedSpecializeExpr.qll b/swift/ql/lib/codeql/swift/generated/expr/UnresolvedSpecializeExpr.qll index 430bdfcb4ab..3dc9d6cb7d6 100644 --- a/swift/ql/lib/codeql/swift/generated/expr/UnresolvedSpecializeExpr.qll +++ b/swift/ql/lib/codeql/swift/generated/expr/UnresolvedSpecializeExpr.qll @@ -4,6 +4,8 @@ private import codeql.swift.generated.Raw import codeql.swift.elements.expr.Expr import codeql.swift.elements.UnresolvedElement -class UnresolvedSpecializeExprBase extends Synth::TUnresolvedSpecializeExpr, Expr, UnresolvedElement { - override string getAPrimaryQlClass() { result = "UnresolvedSpecializeExpr" } +module Generated { + class UnresolvedSpecializeExpr extends Synth::TUnresolvedSpecializeExpr, Expr, UnresolvedElement { + override string getAPrimaryQlClass() { result = "UnresolvedSpecializeExpr" } + } } diff --git a/swift/ql/lib/codeql/swift/generated/expr/UnresolvedTypeConversionExpr.qll b/swift/ql/lib/codeql/swift/generated/expr/UnresolvedTypeConversionExpr.qll index 647ae1e72a2..10d3fc7a0d5 100644 --- a/swift/ql/lib/codeql/swift/generated/expr/UnresolvedTypeConversionExpr.qll +++ b/swift/ql/lib/codeql/swift/generated/expr/UnresolvedTypeConversionExpr.qll @@ -4,7 +4,9 @@ private import codeql.swift.generated.Raw import codeql.swift.elements.expr.ImplicitConversionExpr import codeql.swift.elements.UnresolvedElement -class UnresolvedTypeConversionExprBase extends Synth::TUnresolvedTypeConversionExpr, - ImplicitConversionExpr, UnresolvedElement { - override string getAPrimaryQlClass() { result = "UnresolvedTypeConversionExpr" } +module Generated { + class UnresolvedTypeConversionExpr extends Synth::TUnresolvedTypeConversionExpr, + ImplicitConversionExpr, UnresolvedElement { + override string getAPrimaryQlClass() { result = "UnresolvedTypeConversionExpr" } + } } diff --git a/swift/ql/lib/codeql/swift/generated/expr/VarargExpansionExpr.qll b/swift/ql/lib/codeql/swift/generated/expr/VarargExpansionExpr.qll index f63c3c0bef1..405bb00f51c 100644 --- a/swift/ql/lib/codeql/swift/generated/expr/VarargExpansionExpr.qll +++ b/swift/ql/lib/codeql/swift/generated/expr/VarargExpansionExpr.qll @@ -3,15 +3,17 @@ private import codeql.swift.generated.Synth private import codeql.swift.generated.Raw import codeql.swift.elements.expr.Expr -class VarargExpansionExprBase extends Synth::TVarargExpansionExpr, Expr { - override string getAPrimaryQlClass() { result = "VarargExpansionExpr" } +module Generated { + class VarargExpansionExpr extends Synth::TVarargExpansionExpr, Expr { + override string getAPrimaryQlClass() { result = "VarargExpansionExpr" } - Expr getImmediateSubExpr() { - result = - Synth::convertExprFromRaw(Synth::convertVarargExpansionExprToRaw(this) - .(Raw::VarargExpansionExpr) - .getSubExpr()) + Expr getImmediateSubExpr() { + result = + Synth::convertExprFromRaw(Synth::convertVarargExpansionExprToRaw(this) + .(Raw::VarargExpansionExpr) + .getSubExpr()) + } + + final Expr getSubExpr() { result = getImmediateSubExpr().resolve() } } - - final Expr getSubExpr() { result = getImmediateSubExpr().resolve() } } diff --git a/swift/ql/lib/codeql/swift/generated/pattern/AnyPattern.qll b/swift/ql/lib/codeql/swift/generated/pattern/AnyPattern.qll index 8575d132d0e..4d22a2ce1b9 100644 --- a/swift/ql/lib/codeql/swift/generated/pattern/AnyPattern.qll +++ b/swift/ql/lib/codeql/swift/generated/pattern/AnyPattern.qll @@ -3,6 +3,8 @@ private import codeql.swift.generated.Synth private import codeql.swift.generated.Raw import codeql.swift.elements.pattern.Pattern -class AnyPatternBase extends Synth::TAnyPattern, Pattern { - override string getAPrimaryQlClass() { result = "AnyPattern" } +module Generated { + class AnyPattern extends Synth::TAnyPattern, Pattern { + override string getAPrimaryQlClass() { result = "AnyPattern" } + } } diff --git a/swift/ql/lib/codeql/swift/generated/pattern/BindingPattern.qll b/swift/ql/lib/codeql/swift/generated/pattern/BindingPattern.qll index 47f04fe6027..fee7c687ac5 100644 --- a/swift/ql/lib/codeql/swift/generated/pattern/BindingPattern.qll +++ b/swift/ql/lib/codeql/swift/generated/pattern/BindingPattern.qll @@ -3,15 +3,17 @@ private import codeql.swift.generated.Synth private import codeql.swift.generated.Raw import codeql.swift.elements.pattern.Pattern -class BindingPatternBase extends Synth::TBindingPattern, Pattern { - override string getAPrimaryQlClass() { result = "BindingPattern" } +module Generated { + class BindingPattern extends Synth::TBindingPattern, Pattern { + override string getAPrimaryQlClass() { result = "BindingPattern" } - Pattern getImmediateSubPattern() { - result = - Synth::convertPatternFromRaw(Synth::convertBindingPatternToRaw(this) - .(Raw::BindingPattern) - .getSubPattern()) + Pattern getImmediateSubPattern() { + result = + Synth::convertPatternFromRaw(Synth::convertBindingPatternToRaw(this) + .(Raw::BindingPattern) + .getSubPattern()) + } + + final Pattern getSubPattern() { result = getImmediateSubPattern().resolve() } } - - final Pattern getSubPattern() { result = getImmediateSubPattern().resolve() } } diff --git a/swift/ql/lib/codeql/swift/generated/pattern/BoolPattern.qll b/swift/ql/lib/codeql/swift/generated/pattern/BoolPattern.qll index f4fac7a5600..adca3017c35 100644 --- a/swift/ql/lib/codeql/swift/generated/pattern/BoolPattern.qll +++ b/swift/ql/lib/codeql/swift/generated/pattern/BoolPattern.qll @@ -3,8 +3,12 @@ private import codeql.swift.generated.Synth private import codeql.swift.generated.Raw import codeql.swift.elements.pattern.Pattern -class BoolPatternBase extends Synth::TBoolPattern, Pattern { - override string getAPrimaryQlClass() { result = "BoolPattern" } +module Generated { + class BoolPattern extends Synth::TBoolPattern, Pattern { + override string getAPrimaryQlClass() { result = "BoolPattern" } - boolean getValue() { result = Synth::convertBoolPatternToRaw(this).(Raw::BoolPattern).getValue() } + boolean getValue() { + result = Synth::convertBoolPatternToRaw(this).(Raw::BoolPattern).getValue() + } + } } diff --git a/swift/ql/lib/codeql/swift/generated/pattern/EnumElementPattern.qll b/swift/ql/lib/codeql/swift/generated/pattern/EnumElementPattern.qll index c4e976e9322..479dcd7ff8b 100644 --- a/swift/ql/lib/codeql/swift/generated/pattern/EnumElementPattern.qll +++ b/swift/ql/lib/codeql/swift/generated/pattern/EnumElementPattern.qll @@ -4,26 +4,28 @@ private import codeql.swift.generated.Raw import codeql.swift.elements.decl.EnumElementDecl import codeql.swift.elements.pattern.Pattern -class EnumElementPatternBase extends Synth::TEnumElementPattern, Pattern { - override string getAPrimaryQlClass() { result = "EnumElementPattern" } +module Generated { + class EnumElementPattern extends Synth::TEnumElementPattern, Pattern { + override string getAPrimaryQlClass() { result = "EnumElementPattern" } - EnumElementDecl getImmediateElement() { - result = - Synth::convertEnumElementDeclFromRaw(Synth::convertEnumElementPatternToRaw(this) - .(Raw::EnumElementPattern) - .getElement()) + EnumElementDecl getImmediateElement() { + result = + Synth::convertEnumElementDeclFromRaw(Synth::convertEnumElementPatternToRaw(this) + .(Raw::EnumElementPattern) + .getElement()) + } + + final EnumElementDecl getElement() { result = getImmediateElement().resolve() } + + Pattern getImmediateSubPattern() { + result = + Synth::convertPatternFromRaw(Synth::convertEnumElementPatternToRaw(this) + .(Raw::EnumElementPattern) + .getSubPattern()) + } + + final Pattern getSubPattern() { result = getImmediateSubPattern().resolve() } + + final predicate hasSubPattern() { exists(getSubPattern()) } } - - final EnumElementDecl getElement() { result = getImmediateElement().resolve() } - - Pattern getImmediateSubPattern() { - result = - Synth::convertPatternFromRaw(Synth::convertEnumElementPatternToRaw(this) - .(Raw::EnumElementPattern) - .getSubPattern()) - } - - final Pattern getSubPattern() { result = getImmediateSubPattern().resolve() } - - final predicate hasSubPattern() { exists(getSubPattern()) } } diff --git a/swift/ql/lib/codeql/swift/generated/pattern/ExprPattern.qll b/swift/ql/lib/codeql/swift/generated/pattern/ExprPattern.qll index 4d994e21980..b1b643ba26a 100644 --- a/swift/ql/lib/codeql/swift/generated/pattern/ExprPattern.qll +++ b/swift/ql/lib/codeql/swift/generated/pattern/ExprPattern.qll @@ -4,13 +4,17 @@ private import codeql.swift.generated.Raw import codeql.swift.elements.expr.Expr import codeql.swift.elements.pattern.Pattern -class ExprPatternBase extends Synth::TExprPattern, Pattern { - override string getAPrimaryQlClass() { result = "ExprPattern" } +module Generated { + class ExprPattern extends Synth::TExprPattern, Pattern { + override string getAPrimaryQlClass() { result = "ExprPattern" } - Expr getImmediateSubExpr() { - result = - Synth::convertExprFromRaw(Synth::convertExprPatternToRaw(this).(Raw::ExprPattern).getSubExpr()) + Expr getImmediateSubExpr() { + result = + Synth::convertExprFromRaw(Synth::convertExprPatternToRaw(this) + .(Raw::ExprPattern) + .getSubExpr()) + } + + final Expr getSubExpr() { result = getImmediateSubExpr().resolve() } } - - final Expr getSubExpr() { result = getImmediateSubExpr().resolve() } } diff --git a/swift/ql/lib/codeql/swift/generated/pattern/IsPattern.qll b/swift/ql/lib/codeql/swift/generated/pattern/IsPattern.qll index f5381784a75..4dc7a37dcc7 100644 --- a/swift/ql/lib/codeql/swift/generated/pattern/IsPattern.qll +++ b/swift/ql/lib/codeql/swift/generated/pattern/IsPattern.qll @@ -4,28 +4,30 @@ private import codeql.swift.generated.Raw import codeql.swift.elements.pattern.Pattern import codeql.swift.elements.type.TypeRepr -class IsPatternBase extends Synth::TIsPattern, Pattern { - override string getAPrimaryQlClass() { result = "IsPattern" } +module Generated { + class IsPattern extends Synth::TIsPattern, Pattern { + override string getAPrimaryQlClass() { result = "IsPattern" } - TypeRepr getImmediateCastTypeRepr() { - result = - Synth::convertTypeReprFromRaw(Synth::convertIsPatternToRaw(this) - .(Raw::IsPattern) - .getCastTypeRepr()) + TypeRepr getImmediateCastTypeRepr() { + result = + Synth::convertTypeReprFromRaw(Synth::convertIsPatternToRaw(this) + .(Raw::IsPattern) + .getCastTypeRepr()) + } + + final TypeRepr getCastTypeRepr() { result = getImmediateCastTypeRepr().resolve() } + + final predicate hasCastTypeRepr() { exists(getCastTypeRepr()) } + + Pattern getImmediateSubPattern() { + result = + Synth::convertPatternFromRaw(Synth::convertIsPatternToRaw(this) + .(Raw::IsPattern) + .getSubPattern()) + } + + final Pattern getSubPattern() { result = getImmediateSubPattern().resolve() } + + final predicate hasSubPattern() { exists(getSubPattern()) } } - - final TypeRepr getCastTypeRepr() { result = getImmediateCastTypeRepr().resolve() } - - final predicate hasCastTypeRepr() { exists(getCastTypeRepr()) } - - Pattern getImmediateSubPattern() { - result = - Synth::convertPatternFromRaw(Synth::convertIsPatternToRaw(this) - .(Raw::IsPattern) - .getSubPattern()) - } - - final Pattern getSubPattern() { result = getImmediateSubPattern().resolve() } - - final predicate hasSubPattern() { exists(getSubPattern()) } } diff --git a/swift/ql/lib/codeql/swift/generated/pattern/NamedPattern.qll b/swift/ql/lib/codeql/swift/generated/pattern/NamedPattern.qll index 85cdd89f106..159dcbe3088 100644 --- a/swift/ql/lib/codeql/swift/generated/pattern/NamedPattern.qll +++ b/swift/ql/lib/codeql/swift/generated/pattern/NamedPattern.qll @@ -3,8 +3,12 @@ private import codeql.swift.generated.Synth private import codeql.swift.generated.Raw import codeql.swift.elements.pattern.Pattern -class NamedPatternBase extends Synth::TNamedPattern, Pattern { - override string getAPrimaryQlClass() { result = "NamedPattern" } +module Generated { + class NamedPattern extends Synth::TNamedPattern, Pattern { + override string getAPrimaryQlClass() { result = "NamedPattern" } - string getName() { result = Synth::convertNamedPatternToRaw(this).(Raw::NamedPattern).getName() } + string getName() { + result = Synth::convertNamedPatternToRaw(this).(Raw::NamedPattern).getName() + } + } } diff --git a/swift/ql/lib/codeql/swift/generated/pattern/OptionalSomePattern.qll b/swift/ql/lib/codeql/swift/generated/pattern/OptionalSomePattern.qll index 9a9bde343a4..e5c9d0c8213 100644 --- a/swift/ql/lib/codeql/swift/generated/pattern/OptionalSomePattern.qll +++ b/swift/ql/lib/codeql/swift/generated/pattern/OptionalSomePattern.qll @@ -3,15 +3,17 @@ private import codeql.swift.generated.Synth private import codeql.swift.generated.Raw import codeql.swift.elements.pattern.Pattern -class OptionalSomePatternBase extends Synth::TOptionalSomePattern, Pattern { - override string getAPrimaryQlClass() { result = "OptionalSomePattern" } +module Generated { + class OptionalSomePattern extends Synth::TOptionalSomePattern, Pattern { + override string getAPrimaryQlClass() { result = "OptionalSomePattern" } - Pattern getImmediateSubPattern() { - result = - Synth::convertPatternFromRaw(Synth::convertOptionalSomePatternToRaw(this) - .(Raw::OptionalSomePattern) - .getSubPattern()) + Pattern getImmediateSubPattern() { + result = + Synth::convertPatternFromRaw(Synth::convertOptionalSomePatternToRaw(this) + .(Raw::OptionalSomePattern) + .getSubPattern()) + } + + final Pattern getSubPattern() { result = getImmediateSubPattern().resolve() } } - - final Pattern getSubPattern() { result = getImmediateSubPattern().resolve() } } diff --git a/swift/ql/lib/codeql/swift/generated/pattern/ParenPattern.qll b/swift/ql/lib/codeql/swift/generated/pattern/ParenPattern.qll index 08bde0387ae..5ff80bceb80 100644 --- a/swift/ql/lib/codeql/swift/generated/pattern/ParenPattern.qll +++ b/swift/ql/lib/codeql/swift/generated/pattern/ParenPattern.qll @@ -3,15 +3,17 @@ private import codeql.swift.generated.Synth private import codeql.swift.generated.Raw import codeql.swift.elements.pattern.Pattern -class ParenPatternBase extends Synth::TParenPattern, Pattern { - override string getAPrimaryQlClass() { result = "ParenPattern" } +module Generated { + class ParenPattern extends Synth::TParenPattern, Pattern { + override string getAPrimaryQlClass() { result = "ParenPattern" } - Pattern getImmediateSubPattern() { - result = - Synth::convertPatternFromRaw(Synth::convertParenPatternToRaw(this) - .(Raw::ParenPattern) - .getSubPattern()) + Pattern getImmediateSubPattern() { + result = + Synth::convertPatternFromRaw(Synth::convertParenPatternToRaw(this) + .(Raw::ParenPattern) + .getSubPattern()) + } + + final Pattern getSubPattern() { result = getImmediateSubPattern().resolve() } } - - final Pattern getSubPattern() { result = getImmediateSubPattern().resolve() } } diff --git a/swift/ql/lib/codeql/swift/generated/pattern/Pattern.qll b/swift/ql/lib/codeql/swift/generated/pattern/Pattern.qll index fbe3af208b9..5c795e45107 100644 --- a/swift/ql/lib/codeql/swift/generated/pattern/Pattern.qll +++ b/swift/ql/lib/codeql/swift/generated/pattern/Pattern.qll @@ -3,4 +3,6 @@ private import codeql.swift.generated.Synth private import codeql.swift.generated.Raw import codeql.swift.elements.AstNode -class PatternBase extends Synth::TPattern, AstNode { } +module Generated { + class Pattern extends Synth::TPattern, AstNode { } +} diff --git a/swift/ql/lib/codeql/swift/generated/pattern/TuplePattern.qll b/swift/ql/lib/codeql/swift/generated/pattern/TuplePattern.qll index 4a7acc8dbd0..0eb4f55d6af 100644 --- a/swift/ql/lib/codeql/swift/generated/pattern/TuplePattern.qll +++ b/swift/ql/lib/codeql/swift/generated/pattern/TuplePattern.qll @@ -3,19 +3,21 @@ private import codeql.swift.generated.Synth private import codeql.swift.generated.Raw import codeql.swift.elements.pattern.Pattern -class TuplePatternBase extends Synth::TTuplePattern, Pattern { - override string getAPrimaryQlClass() { result = "TuplePattern" } +module Generated { + class TuplePattern extends Synth::TTuplePattern, Pattern { + override string getAPrimaryQlClass() { result = "TuplePattern" } - Pattern getImmediateElement(int index) { - result = - Synth::convertPatternFromRaw(Synth::convertTuplePatternToRaw(this) - .(Raw::TuplePattern) - .getElement(index)) + Pattern getImmediateElement(int index) { + result = + Synth::convertPatternFromRaw(Synth::convertTuplePatternToRaw(this) + .(Raw::TuplePattern) + .getElement(index)) + } + + final Pattern getElement(int index) { result = getImmediateElement(index).resolve() } + + final Pattern getAnElement() { result = getElement(_) } + + final int getNumberOfElements() { result = count(getAnElement()) } } - - final Pattern getElement(int index) { result = getImmediateElement(index).resolve() } - - final Pattern getAnElement() { result = getElement(_) } - - final int getNumberOfElements() { result = count(getAnElement()) } } diff --git a/swift/ql/lib/codeql/swift/generated/pattern/TypedPattern.qll b/swift/ql/lib/codeql/swift/generated/pattern/TypedPattern.qll index 53432b9d2ee..264d13d975a 100644 --- a/swift/ql/lib/codeql/swift/generated/pattern/TypedPattern.qll +++ b/swift/ql/lib/codeql/swift/generated/pattern/TypedPattern.qll @@ -4,26 +4,28 @@ private import codeql.swift.generated.Raw import codeql.swift.elements.pattern.Pattern import codeql.swift.elements.type.TypeRepr -class TypedPatternBase extends Synth::TTypedPattern, Pattern { - override string getAPrimaryQlClass() { result = "TypedPattern" } +module Generated { + class TypedPattern extends Synth::TTypedPattern, Pattern { + override string getAPrimaryQlClass() { result = "TypedPattern" } - Pattern getImmediateSubPattern() { - result = - Synth::convertPatternFromRaw(Synth::convertTypedPatternToRaw(this) - .(Raw::TypedPattern) - .getSubPattern()) + Pattern getImmediateSubPattern() { + result = + Synth::convertPatternFromRaw(Synth::convertTypedPatternToRaw(this) + .(Raw::TypedPattern) + .getSubPattern()) + } + + final Pattern getSubPattern() { result = getImmediateSubPattern().resolve() } + + TypeRepr getImmediateTypeRepr() { + result = + Synth::convertTypeReprFromRaw(Synth::convertTypedPatternToRaw(this) + .(Raw::TypedPattern) + .getTypeRepr()) + } + + final TypeRepr getTypeRepr() { result = getImmediateTypeRepr().resolve() } + + final predicate hasTypeRepr() { exists(getTypeRepr()) } } - - final Pattern getSubPattern() { result = getImmediateSubPattern().resolve() } - - TypeRepr getImmediateTypeRepr() { - result = - Synth::convertTypeReprFromRaw(Synth::convertTypedPatternToRaw(this) - .(Raw::TypedPattern) - .getTypeRepr()) - } - - final TypeRepr getTypeRepr() { result = getImmediateTypeRepr().resolve() } - - final predicate hasTypeRepr() { exists(getTypeRepr()) } } diff --git a/swift/ql/lib/codeql/swift/generated/stmt/BraceStmt.qll b/swift/ql/lib/codeql/swift/generated/stmt/BraceStmt.qll index ee4cc5b1c46..2dbb97cbd92 100644 --- a/swift/ql/lib/codeql/swift/generated/stmt/BraceStmt.qll +++ b/swift/ql/lib/codeql/swift/generated/stmt/BraceStmt.qll @@ -4,19 +4,21 @@ private import codeql.swift.generated.Raw import codeql.swift.elements.AstNode import codeql.swift.elements.stmt.Stmt -class BraceStmtBase extends Synth::TBraceStmt, Stmt { - override string getAPrimaryQlClass() { result = "BraceStmt" } +module Generated { + class BraceStmt extends Synth::TBraceStmt, Stmt { + override string getAPrimaryQlClass() { result = "BraceStmt" } - AstNode getImmediateElement(int index) { - result = - Synth::convertAstNodeFromRaw(Synth::convertBraceStmtToRaw(this) - .(Raw::BraceStmt) - .getElement(index)) + AstNode getImmediateElement(int index) { + result = + Synth::convertAstNodeFromRaw(Synth::convertBraceStmtToRaw(this) + .(Raw::BraceStmt) + .getElement(index)) + } + + final AstNode getElement(int index) { result = getImmediateElement(index).resolve() } + + final AstNode getAnElement() { result = getElement(_) } + + final int getNumberOfElements() { result = count(getAnElement()) } } - - final AstNode getElement(int index) { result = getImmediateElement(index).resolve() } - - final AstNode getAnElement() { result = getElement(_) } - - final int getNumberOfElements() { result = count(getAnElement()) } } diff --git a/swift/ql/lib/codeql/swift/generated/stmt/BreakStmt.qll b/swift/ql/lib/codeql/swift/generated/stmt/BreakStmt.qll index 141ae257e53..798969a55ad 100644 --- a/swift/ql/lib/codeql/swift/generated/stmt/BreakStmt.qll +++ b/swift/ql/lib/codeql/swift/generated/stmt/BreakStmt.qll @@ -3,21 +3,23 @@ private import codeql.swift.generated.Synth private import codeql.swift.generated.Raw import codeql.swift.elements.stmt.Stmt -class BreakStmtBase extends Synth::TBreakStmt, Stmt { - override string getAPrimaryQlClass() { result = "BreakStmt" } +module Generated { + class BreakStmt extends Synth::TBreakStmt, Stmt { + override string getAPrimaryQlClass() { result = "BreakStmt" } - string getTargetName() { - result = Synth::convertBreakStmtToRaw(this).(Raw::BreakStmt).getTargetName() + string getTargetName() { + result = Synth::convertBreakStmtToRaw(this).(Raw::BreakStmt).getTargetName() + } + + final predicate hasTargetName() { exists(getTargetName()) } + + Stmt getImmediateTarget() { + result = + Synth::convertStmtFromRaw(Synth::convertBreakStmtToRaw(this).(Raw::BreakStmt).getTarget()) + } + + final Stmt getTarget() { result = getImmediateTarget().resolve() } + + final predicate hasTarget() { exists(getTarget()) } } - - final predicate hasTargetName() { exists(getTargetName()) } - - Stmt getImmediateTarget() { - result = - Synth::convertStmtFromRaw(Synth::convertBreakStmtToRaw(this).(Raw::BreakStmt).getTarget()) - } - - final Stmt getTarget() { result = getImmediateTarget().resolve() } - - final predicate hasTarget() { exists(getTarget()) } } diff --git a/swift/ql/lib/codeql/swift/generated/stmt/CaseLabelItem.qll b/swift/ql/lib/codeql/swift/generated/stmt/CaseLabelItem.qll index d2f3108d381..30c45615cae 100644 --- a/swift/ql/lib/codeql/swift/generated/stmt/CaseLabelItem.qll +++ b/swift/ql/lib/codeql/swift/generated/stmt/CaseLabelItem.qll @@ -5,26 +5,28 @@ import codeql.swift.elements.AstNode import codeql.swift.elements.expr.Expr import codeql.swift.elements.pattern.Pattern -class CaseLabelItemBase extends Synth::TCaseLabelItem, AstNode { - override string getAPrimaryQlClass() { result = "CaseLabelItem" } +module Generated { + class CaseLabelItem extends Synth::TCaseLabelItem, AstNode { + override string getAPrimaryQlClass() { result = "CaseLabelItem" } - Pattern getImmediatePattern() { - result = - Synth::convertPatternFromRaw(Synth::convertCaseLabelItemToRaw(this) - .(Raw::CaseLabelItem) - .getPattern()) + Pattern getImmediatePattern() { + result = + Synth::convertPatternFromRaw(Synth::convertCaseLabelItemToRaw(this) + .(Raw::CaseLabelItem) + .getPattern()) + } + + final Pattern getPattern() { result = getImmediatePattern().resolve() } + + Expr getImmediateGuard() { + result = + Synth::convertExprFromRaw(Synth::convertCaseLabelItemToRaw(this) + .(Raw::CaseLabelItem) + .getGuard()) + } + + final Expr getGuard() { result = getImmediateGuard().resolve() } + + final predicate hasGuard() { exists(getGuard()) } } - - final Pattern getPattern() { result = getImmediatePattern().resolve() } - - Expr getImmediateGuard() { - result = - Synth::convertExprFromRaw(Synth::convertCaseLabelItemToRaw(this) - .(Raw::CaseLabelItem) - .getGuard()) - } - - final Expr getGuard() { result = getImmediateGuard().resolve() } - - final predicate hasGuard() { exists(getGuard()) } } diff --git a/swift/ql/lib/codeql/swift/generated/stmt/CaseStmt.qll b/swift/ql/lib/codeql/swift/generated/stmt/CaseStmt.qll index f00cc696534..0cf6439f190 100644 --- a/swift/ql/lib/codeql/swift/generated/stmt/CaseStmt.qll +++ b/swift/ql/lib/codeql/swift/generated/stmt/CaseStmt.qll @@ -5,38 +5,41 @@ import codeql.swift.elements.stmt.CaseLabelItem import codeql.swift.elements.stmt.Stmt import codeql.swift.elements.decl.VarDecl -class CaseStmtBase extends Synth::TCaseStmt, Stmt { - override string getAPrimaryQlClass() { result = "CaseStmt" } +module Generated { + class CaseStmt extends Synth::TCaseStmt, Stmt { + override string getAPrimaryQlClass() { result = "CaseStmt" } - Stmt getImmediateBody() { - result = Synth::convertStmtFromRaw(Synth::convertCaseStmtToRaw(this).(Raw::CaseStmt).getBody()) + Stmt getImmediateBody() { + result = + Synth::convertStmtFromRaw(Synth::convertCaseStmtToRaw(this).(Raw::CaseStmt).getBody()) + } + + final Stmt getBody() { result = getImmediateBody().resolve() } + + CaseLabelItem getImmediateLabel(int index) { + result = + Synth::convertCaseLabelItemFromRaw(Synth::convertCaseStmtToRaw(this) + .(Raw::CaseStmt) + .getLabel(index)) + } + + final CaseLabelItem getLabel(int index) { result = getImmediateLabel(index).resolve() } + + final CaseLabelItem getALabel() { result = getLabel(_) } + + final int getNumberOfLabels() { result = count(getALabel()) } + + VarDecl getImmediateVariable(int index) { + result = + Synth::convertVarDeclFromRaw(Synth::convertCaseStmtToRaw(this) + .(Raw::CaseStmt) + .getVariable(index)) + } + + final VarDecl getVariable(int index) { result = getImmediateVariable(index).resolve() } + + final VarDecl getAVariable() { result = getVariable(_) } + + final int getNumberOfVariables() { result = count(getAVariable()) } } - - final Stmt getBody() { result = getImmediateBody().resolve() } - - CaseLabelItem getImmediateLabel(int index) { - result = - Synth::convertCaseLabelItemFromRaw(Synth::convertCaseStmtToRaw(this) - .(Raw::CaseStmt) - .getLabel(index)) - } - - final CaseLabelItem getLabel(int index) { result = getImmediateLabel(index).resolve() } - - final CaseLabelItem getALabel() { result = getLabel(_) } - - final int getNumberOfLabels() { result = count(getALabel()) } - - VarDecl getImmediateVariable(int index) { - result = - Synth::convertVarDeclFromRaw(Synth::convertCaseStmtToRaw(this) - .(Raw::CaseStmt) - .getVariable(index)) - } - - final VarDecl getVariable(int index) { result = getImmediateVariable(index).resolve() } - - final VarDecl getAVariable() { result = getVariable(_) } - - final int getNumberOfVariables() { result = count(getAVariable()) } } diff --git a/swift/ql/lib/codeql/swift/generated/stmt/ConditionElement.qll b/swift/ql/lib/codeql/swift/generated/stmt/ConditionElement.qll index 86971d8ad1a..4ac112e674a 100644 --- a/swift/ql/lib/codeql/swift/generated/stmt/ConditionElement.qll +++ b/swift/ql/lib/codeql/swift/generated/stmt/ConditionElement.qll @@ -5,39 +5,41 @@ import codeql.swift.elements.AstNode import codeql.swift.elements.expr.Expr import codeql.swift.elements.pattern.Pattern -class ConditionElementBase extends Synth::TConditionElement, AstNode { - override string getAPrimaryQlClass() { result = "ConditionElement" } +module Generated { + class ConditionElement extends Synth::TConditionElement, AstNode { + override string getAPrimaryQlClass() { result = "ConditionElement" } - Expr getImmediateBoolean() { - result = - Synth::convertExprFromRaw(Synth::convertConditionElementToRaw(this) - .(Raw::ConditionElement) - .getBoolean()) + Expr getImmediateBoolean() { + result = + Synth::convertExprFromRaw(Synth::convertConditionElementToRaw(this) + .(Raw::ConditionElement) + .getBoolean()) + } + + final Expr getBoolean() { result = getImmediateBoolean().resolve() } + + final predicate hasBoolean() { exists(getBoolean()) } + + Pattern getImmediatePattern() { + result = + Synth::convertPatternFromRaw(Synth::convertConditionElementToRaw(this) + .(Raw::ConditionElement) + .getPattern()) + } + + final Pattern getPattern() { result = getImmediatePattern().resolve() } + + final predicate hasPattern() { exists(getPattern()) } + + Expr getImmediateInitializer() { + result = + Synth::convertExprFromRaw(Synth::convertConditionElementToRaw(this) + .(Raw::ConditionElement) + .getInitializer()) + } + + final Expr getInitializer() { result = getImmediateInitializer().resolve() } + + final predicate hasInitializer() { exists(getInitializer()) } } - - final Expr getBoolean() { result = getImmediateBoolean().resolve() } - - final predicate hasBoolean() { exists(getBoolean()) } - - Pattern getImmediatePattern() { - result = - Synth::convertPatternFromRaw(Synth::convertConditionElementToRaw(this) - .(Raw::ConditionElement) - .getPattern()) - } - - final Pattern getPattern() { result = getImmediatePattern().resolve() } - - final predicate hasPattern() { exists(getPattern()) } - - Expr getImmediateInitializer() { - result = - Synth::convertExprFromRaw(Synth::convertConditionElementToRaw(this) - .(Raw::ConditionElement) - .getInitializer()) - } - - final Expr getInitializer() { result = getImmediateInitializer().resolve() } - - final predicate hasInitializer() { exists(getInitializer()) } } diff --git a/swift/ql/lib/codeql/swift/generated/stmt/ContinueStmt.qll b/swift/ql/lib/codeql/swift/generated/stmt/ContinueStmt.qll index 5140bbd8aac..585f2f0e17c 100644 --- a/swift/ql/lib/codeql/swift/generated/stmt/ContinueStmt.qll +++ b/swift/ql/lib/codeql/swift/generated/stmt/ContinueStmt.qll @@ -3,23 +3,25 @@ private import codeql.swift.generated.Synth private import codeql.swift.generated.Raw import codeql.swift.elements.stmt.Stmt -class ContinueStmtBase extends Synth::TContinueStmt, Stmt { - override string getAPrimaryQlClass() { result = "ContinueStmt" } +module Generated { + class ContinueStmt extends Synth::TContinueStmt, Stmt { + override string getAPrimaryQlClass() { result = "ContinueStmt" } - string getTargetName() { - result = Synth::convertContinueStmtToRaw(this).(Raw::ContinueStmt).getTargetName() + string getTargetName() { + result = Synth::convertContinueStmtToRaw(this).(Raw::ContinueStmt).getTargetName() + } + + final predicate hasTargetName() { exists(getTargetName()) } + + Stmt getImmediateTarget() { + result = + Synth::convertStmtFromRaw(Synth::convertContinueStmtToRaw(this) + .(Raw::ContinueStmt) + .getTarget()) + } + + final Stmt getTarget() { result = getImmediateTarget().resolve() } + + final predicate hasTarget() { exists(getTarget()) } } - - final predicate hasTargetName() { exists(getTargetName()) } - - Stmt getImmediateTarget() { - result = - Synth::convertStmtFromRaw(Synth::convertContinueStmtToRaw(this) - .(Raw::ContinueStmt) - .getTarget()) - } - - final Stmt getTarget() { result = getImmediateTarget().resolve() } - - final predicate hasTarget() { exists(getTarget()) } } diff --git a/swift/ql/lib/codeql/swift/generated/stmt/DeferStmt.qll b/swift/ql/lib/codeql/swift/generated/stmt/DeferStmt.qll index 00b31b1c463..f03065b2f82 100644 --- a/swift/ql/lib/codeql/swift/generated/stmt/DeferStmt.qll +++ b/swift/ql/lib/codeql/swift/generated/stmt/DeferStmt.qll @@ -4,13 +4,15 @@ private import codeql.swift.generated.Raw import codeql.swift.elements.stmt.BraceStmt import codeql.swift.elements.stmt.Stmt -class DeferStmtBase extends Synth::TDeferStmt, Stmt { - override string getAPrimaryQlClass() { result = "DeferStmt" } +module Generated { + class DeferStmt extends Synth::TDeferStmt, Stmt { + override string getAPrimaryQlClass() { result = "DeferStmt" } - BraceStmt getImmediateBody() { - result = - Synth::convertBraceStmtFromRaw(Synth::convertDeferStmtToRaw(this).(Raw::DeferStmt).getBody()) + BraceStmt getImmediateBody() { + result = + Synth::convertBraceStmtFromRaw(Synth::convertDeferStmtToRaw(this).(Raw::DeferStmt).getBody()) + } + + final BraceStmt getBody() { result = getImmediateBody().resolve() } } - - final BraceStmt getBody() { result = getImmediateBody().resolve() } } diff --git a/swift/ql/lib/codeql/swift/generated/stmt/DoCatchStmt.qll b/swift/ql/lib/codeql/swift/generated/stmt/DoCatchStmt.qll index 31aad80dfbc..ad1aa2b3f92 100644 --- a/swift/ql/lib/codeql/swift/generated/stmt/DoCatchStmt.qll +++ b/swift/ql/lib/codeql/swift/generated/stmt/DoCatchStmt.qll @@ -5,26 +5,28 @@ import codeql.swift.elements.stmt.CaseStmt import codeql.swift.elements.stmt.LabeledStmt import codeql.swift.elements.stmt.Stmt -class DoCatchStmtBase extends Synth::TDoCatchStmt, LabeledStmt { - override string getAPrimaryQlClass() { result = "DoCatchStmt" } +module Generated { + class DoCatchStmt extends Synth::TDoCatchStmt, LabeledStmt { + override string getAPrimaryQlClass() { result = "DoCatchStmt" } - Stmt getImmediateBody() { - result = - Synth::convertStmtFromRaw(Synth::convertDoCatchStmtToRaw(this).(Raw::DoCatchStmt).getBody()) + Stmt getImmediateBody() { + result = + Synth::convertStmtFromRaw(Synth::convertDoCatchStmtToRaw(this).(Raw::DoCatchStmt).getBody()) + } + + final Stmt getBody() { result = getImmediateBody().resolve() } + + CaseStmt getImmediateCatch(int index) { + result = + Synth::convertCaseStmtFromRaw(Synth::convertDoCatchStmtToRaw(this) + .(Raw::DoCatchStmt) + .getCatch(index)) + } + + final CaseStmt getCatch(int index) { result = getImmediateCatch(index).resolve() } + + final CaseStmt getACatch() { result = getCatch(_) } + + final int getNumberOfCatches() { result = count(getACatch()) } } - - final Stmt getBody() { result = getImmediateBody().resolve() } - - CaseStmt getImmediateCatch(int index) { - result = - Synth::convertCaseStmtFromRaw(Synth::convertDoCatchStmtToRaw(this) - .(Raw::DoCatchStmt) - .getCatch(index)) - } - - final CaseStmt getCatch(int index) { result = getImmediateCatch(index).resolve() } - - final CaseStmt getACatch() { result = getCatch(_) } - - final int getNumberOfCatches() { result = count(getACatch()) } } diff --git a/swift/ql/lib/codeql/swift/generated/stmt/DoStmt.qll b/swift/ql/lib/codeql/swift/generated/stmt/DoStmt.qll index f3ea5383d0e..5a3af5b99c8 100644 --- a/swift/ql/lib/codeql/swift/generated/stmt/DoStmt.qll +++ b/swift/ql/lib/codeql/swift/generated/stmt/DoStmt.qll @@ -4,12 +4,15 @@ private import codeql.swift.generated.Raw import codeql.swift.elements.stmt.BraceStmt import codeql.swift.elements.stmt.LabeledStmt -class DoStmtBase extends Synth::TDoStmt, LabeledStmt { - override string getAPrimaryQlClass() { result = "DoStmt" } +module Generated { + class DoStmt extends Synth::TDoStmt, LabeledStmt { + override string getAPrimaryQlClass() { result = "DoStmt" } - BraceStmt getImmediateBody() { - result = Synth::convertBraceStmtFromRaw(Synth::convertDoStmtToRaw(this).(Raw::DoStmt).getBody()) + BraceStmt getImmediateBody() { + result = + Synth::convertBraceStmtFromRaw(Synth::convertDoStmtToRaw(this).(Raw::DoStmt).getBody()) + } + + final BraceStmt getBody() { result = getImmediateBody().resolve() } } - - final BraceStmt getBody() { result = getImmediateBody().resolve() } } diff --git a/swift/ql/lib/codeql/swift/generated/stmt/FailStmt.qll b/swift/ql/lib/codeql/swift/generated/stmt/FailStmt.qll index 82a74004eba..96b60dbbfe4 100644 --- a/swift/ql/lib/codeql/swift/generated/stmt/FailStmt.qll +++ b/swift/ql/lib/codeql/swift/generated/stmt/FailStmt.qll @@ -3,6 +3,8 @@ private import codeql.swift.generated.Synth private import codeql.swift.generated.Raw import codeql.swift.elements.stmt.Stmt -class FailStmtBase extends Synth::TFailStmt, Stmt { - override string getAPrimaryQlClass() { result = "FailStmt" } +module Generated { + class FailStmt extends Synth::TFailStmt, Stmt { + override string getAPrimaryQlClass() { result = "FailStmt" } + } } diff --git a/swift/ql/lib/codeql/swift/generated/stmt/FallthroughStmt.qll b/swift/ql/lib/codeql/swift/generated/stmt/FallthroughStmt.qll index 1685b5378eb..bbf17772686 100644 --- a/swift/ql/lib/codeql/swift/generated/stmt/FallthroughStmt.qll +++ b/swift/ql/lib/codeql/swift/generated/stmt/FallthroughStmt.qll @@ -4,24 +4,26 @@ private import codeql.swift.generated.Raw import codeql.swift.elements.stmt.CaseStmt import codeql.swift.elements.stmt.Stmt -class FallthroughStmtBase extends Synth::TFallthroughStmt, Stmt { - override string getAPrimaryQlClass() { result = "FallthroughStmt" } +module Generated { + class FallthroughStmt extends Synth::TFallthroughStmt, Stmt { + override string getAPrimaryQlClass() { result = "FallthroughStmt" } - CaseStmt getImmediateFallthroughSource() { - result = - Synth::convertCaseStmtFromRaw(Synth::convertFallthroughStmtToRaw(this) - .(Raw::FallthroughStmt) - .getFallthroughSource()) + CaseStmt getImmediateFallthroughSource() { + result = + Synth::convertCaseStmtFromRaw(Synth::convertFallthroughStmtToRaw(this) + .(Raw::FallthroughStmt) + .getFallthroughSource()) + } + + final CaseStmt getFallthroughSource() { result = getImmediateFallthroughSource().resolve() } + + CaseStmt getImmediateFallthroughDest() { + result = + Synth::convertCaseStmtFromRaw(Synth::convertFallthroughStmtToRaw(this) + .(Raw::FallthroughStmt) + .getFallthroughDest()) + } + + final CaseStmt getFallthroughDest() { result = getImmediateFallthroughDest().resolve() } } - - final CaseStmt getFallthroughSource() { result = getImmediateFallthroughSource().resolve() } - - CaseStmt getImmediateFallthroughDest() { - result = - Synth::convertCaseStmtFromRaw(Synth::convertFallthroughStmtToRaw(this) - .(Raw::FallthroughStmt) - .getFallthroughDest()) - } - - final CaseStmt getFallthroughDest() { result = getImmediateFallthroughDest().resolve() } } diff --git a/swift/ql/lib/codeql/swift/generated/stmt/ForEachStmt.qll b/swift/ql/lib/codeql/swift/generated/stmt/ForEachStmt.qll index 786001e36ef..91aa12a982a 100644 --- a/swift/ql/lib/codeql/swift/generated/stmt/ForEachStmt.qll +++ b/swift/ql/lib/codeql/swift/generated/stmt/ForEachStmt.qll @@ -6,42 +6,44 @@ import codeql.swift.elements.expr.Expr import codeql.swift.elements.stmt.LabeledStmt import codeql.swift.elements.pattern.Pattern -class ForEachStmtBase extends Synth::TForEachStmt, LabeledStmt { - override string getAPrimaryQlClass() { result = "ForEachStmt" } +module Generated { + class ForEachStmt extends Synth::TForEachStmt, LabeledStmt { + override string getAPrimaryQlClass() { result = "ForEachStmt" } - Pattern getImmediatePattern() { - result = - Synth::convertPatternFromRaw(Synth::convertForEachStmtToRaw(this) - .(Raw::ForEachStmt) - .getPattern()) + Pattern getImmediatePattern() { + result = + Synth::convertPatternFromRaw(Synth::convertForEachStmtToRaw(this) + .(Raw::ForEachStmt) + .getPattern()) + } + + final Pattern getPattern() { result = getImmediatePattern().resolve() } + + Expr getImmediateSequence() { + result = + Synth::convertExprFromRaw(Synth::convertForEachStmtToRaw(this) + .(Raw::ForEachStmt) + .getSequence()) + } + + final Expr getSequence() { result = getImmediateSequence().resolve() } + + Expr getImmediateWhere() { + result = + Synth::convertExprFromRaw(Synth::convertForEachStmtToRaw(this).(Raw::ForEachStmt).getWhere()) + } + + final Expr getWhere() { result = getImmediateWhere().resolve() } + + final predicate hasWhere() { exists(getWhere()) } + + BraceStmt getImmediateBody() { + result = + Synth::convertBraceStmtFromRaw(Synth::convertForEachStmtToRaw(this) + .(Raw::ForEachStmt) + .getBody()) + } + + final BraceStmt getBody() { result = getImmediateBody().resolve() } } - - final Pattern getPattern() { result = getImmediatePattern().resolve() } - - Expr getImmediateSequence() { - result = - Synth::convertExprFromRaw(Synth::convertForEachStmtToRaw(this) - .(Raw::ForEachStmt) - .getSequence()) - } - - final Expr getSequence() { result = getImmediateSequence().resolve() } - - Expr getImmediateWhere() { - result = - Synth::convertExprFromRaw(Synth::convertForEachStmtToRaw(this).(Raw::ForEachStmt).getWhere()) - } - - final Expr getWhere() { result = getImmediateWhere().resolve() } - - final predicate hasWhere() { exists(getWhere()) } - - BraceStmt getImmediateBody() { - result = - Synth::convertBraceStmtFromRaw(Synth::convertForEachStmtToRaw(this) - .(Raw::ForEachStmt) - .getBody()) - } - - final BraceStmt getBody() { result = getImmediateBody().resolve() } } diff --git a/swift/ql/lib/codeql/swift/generated/stmt/GuardStmt.qll b/swift/ql/lib/codeql/swift/generated/stmt/GuardStmt.qll index 6b4aa5b59ce..8539579a0fc 100644 --- a/swift/ql/lib/codeql/swift/generated/stmt/GuardStmt.qll +++ b/swift/ql/lib/codeql/swift/generated/stmt/GuardStmt.qll @@ -4,13 +4,15 @@ private import codeql.swift.generated.Raw import codeql.swift.elements.stmt.BraceStmt import codeql.swift.elements.stmt.LabeledConditionalStmt -class GuardStmtBase extends Synth::TGuardStmt, LabeledConditionalStmt { - override string getAPrimaryQlClass() { result = "GuardStmt" } +module Generated { + class GuardStmt extends Synth::TGuardStmt, LabeledConditionalStmt { + override string getAPrimaryQlClass() { result = "GuardStmt" } - BraceStmt getImmediateBody() { - result = - Synth::convertBraceStmtFromRaw(Synth::convertGuardStmtToRaw(this).(Raw::GuardStmt).getBody()) + BraceStmt getImmediateBody() { + result = + Synth::convertBraceStmtFromRaw(Synth::convertGuardStmtToRaw(this).(Raw::GuardStmt).getBody()) + } + + final BraceStmt getBody() { result = getImmediateBody().resolve() } } - - final BraceStmt getBody() { result = getImmediateBody().resolve() } } diff --git a/swift/ql/lib/codeql/swift/generated/stmt/IfStmt.qll b/swift/ql/lib/codeql/swift/generated/stmt/IfStmt.qll index 2d9bfe9f36c..d60d7ad2eba 100644 --- a/swift/ql/lib/codeql/swift/generated/stmt/IfStmt.qll +++ b/swift/ql/lib/codeql/swift/generated/stmt/IfStmt.qll @@ -4,20 +4,22 @@ private import codeql.swift.generated.Raw import codeql.swift.elements.stmt.LabeledConditionalStmt import codeql.swift.elements.stmt.Stmt -class IfStmtBase extends Synth::TIfStmt, LabeledConditionalStmt { - override string getAPrimaryQlClass() { result = "IfStmt" } +module Generated { + class IfStmt extends Synth::TIfStmt, LabeledConditionalStmt { + override string getAPrimaryQlClass() { result = "IfStmt" } - Stmt getImmediateThen() { - result = Synth::convertStmtFromRaw(Synth::convertIfStmtToRaw(this).(Raw::IfStmt).getThen()) + Stmt getImmediateThen() { + result = Synth::convertStmtFromRaw(Synth::convertIfStmtToRaw(this).(Raw::IfStmt).getThen()) + } + + final Stmt getThen() { result = getImmediateThen().resolve() } + + Stmt getImmediateElse() { + result = Synth::convertStmtFromRaw(Synth::convertIfStmtToRaw(this).(Raw::IfStmt).getElse()) + } + + final Stmt getElse() { result = getImmediateElse().resolve() } + + final predicate hasElse() { exists(getElse()) } } - - final Stmt getThen() { result = getImmediateThen().resolve() } - - Stmt getImmediateElse() { - result = Synth::convertStmtFromRaw(Synth::convertIfStmtToRaw(this).(Raw::IfStmt).getElse()) - } - - final Stmt getElse() { result = getImmediateElse().resolve() } - - final predicate hasElse() { exists(getElse()) } } diff --git a/swift/ql/lib/codeql/swift/generated/stmt/LabeledConditionalStmt.qll b/swift/ql/lib/codeql/swift/generated/stmt/LabeledConditionalStmt.qll index b3bd485a1ae..143b245c9e5 100644 --- a/swift/ql/lib/codeql/swift/generated/stmt/LabeledConditionalStmt.qll +++ b/swift/ql/lib/codeql/swift/generated/stmt/LabeledConditionalStmt.qll @@ -4,13 +4,15 @@ private import codeql.swift.generated.Raw import codeql.swift.elements.stmt.LabeledStmt import codeql.swift.elements.stmt.StmtCondition -class LabeledConditionalStmtBase extends Synth::TLabeledConditionalStmt, LabeledStmt { - StmtCondition getImmediateCondition() { - result = - Synth::convertStmtConditionFromRaw(Synth::convertLabeledConditionalStmtToRaw(this) - .(Raw::LabeledConditionalStmt) - .getCondition()) - } +module Generated { + class LabeledConditionalStmt extends Synth::TLabeledConditionalStmt, LabeledStmt { + StmtCondition getImmediateCondition() { + result = + Synth::convertStmtConditionFromRaw(Synth::convertLabeledConditionalStmtToRaw(this) + .(Raw::LabeledConditionalStmt) + .getCondition()) + } - final StmtCondition getCondition() { result = getImmediateCondition().resolve() } + final StmtCondition getCondition() { result = getImmediateCondition().resolve() } + } } diff --git a/swift/ql/lib/codeql/swift/generated/stmt/LabeledStmt.qll b/swift/ql/lib/codeql/swift/generated/stmt/LabeledStmt.qll index a7682c95746..93d1ff141a0 100644 --- a/swift/ql/lib/codeql/swift/generated/stmt/LabeledStmt.qll +++ b/swift/ql/lib/codeql/swift/generated/stmt/LabeledStmt.qll @@ -3,8 +3,12 @@ private import codeql.swift.generated.Synth private import codeql.swift.generated.Raw import codeql.swift.elements.stmt.Stmt -class LabeledStmtBase extends Synth::TLabeledStmt, Stmt { - string getLabel() { result = Synth::convertLabeledStmtToRaw(this).(Raw::LabeledStmt).getLabel() } +module Generated { + class LabeledStmt extends Synth::TLabeledStmt, Stmt { + string getLabel() { + result = Synth::convertLabeledStmtToRaw(this).(Raw::LabeledStmt).getLabel() + } - final predicate hasLabel() { exists(getLabel()) } + final predicate hasLabel() { exists(getLabel()) } + } } diff --git a/swift/ql/lib/codeql/swift/generated/stmt/PoundAssertStmt.qll b/swift/ql/lib/codeql/swift/generated/stmt/PoundAssertStmt.qll index 538dd77f11a..89703530084 100644 --- a/swift/ql/lib/codeql/swift/generated/stmt/PoundAssertStmt.qll +++ b/swift/ql/lib/codeql/swift/generated/stmt/PoundAssertStmt.qll @@ -3,6 +3,8 @@ private import codeql.swift.generated.Synth private import codeql.swift.generated.Raw import codeql.swift.elements.stmt.Stmt -class PoundAssertStmtBase extends Synth::TPoundAssertStmt, Stmt { - override string getAPrimaryQlClass() { result = "PoundAssertStmt" } +module Generated { + class PoundAssertStmt extends Synth::TPoundAssertStmt, Stmt { + override string getAPrimaryQlClass() { result = "PoundAssertStmt" } + } } diff --git a/swift/ql/lib/codeql/swift/generated/stmt/RepeatWhileStmt.qll b/swift/ql/lib/codeql/swift/generated/stmt/RepeatWhileStmt.qll index 3057a986cb2..af955802fb7 100644 --- a/swift/ql/lib/codeql/swift/generated/stmt/RepeatWhileStmt.qll +++ b/swift/ql/lib/codeql/swift/generated/stmt/RepeatWhileStmt.qll @@ -5,24 +5,26 @@ import codeql.swift.elements.expr.Expr import codeql.swift.elements.stmt.LabeledStmt import codeql.swift.elements.stmt.Stmt -class RepeatWhileStmtBase extends Synth::TRepeatWhileStmt, LabeledStmt { - override string getAPrimaryQlClass() { result = "RepeatWhileStmt" } +module Generated { + class RepeatWhileStmt extends Synth::TRepeatWhileStmt, LabeledStmt { + override string getAPrimaryQlClass() { result = "RepeatWhileStmt" } - Expr getImmediateCondition() { - result = - Synth::convertExprFromRaw(Synth::convertRepeatWhileStmtToRaw(this) - .(Raw::RepeatWhileStmt) - .getCondition()) + Expr getImmediateCondition() { + result = + Synth::convertExprFromRaw(Synth::convertRepeatWhileStmtToRaw(this) + .(Raw::RepeatWhileStmt) + .getCondition()) + } + + final Expr getCondition() { result = getImmediateCondition().resolve() } + + Stmt getImmediateBody() { + result = + Synth::convertStmtFromRaw(Synth::convertRepeatWhileStmtToRaw(this) + .(Raw::RepeatWhileStmt) + .getBody()) + } + + final Stmt getBody() { result = getImmediateBody().resolve() } } - - final Expr getCondition() { result = getImmediateCondition().resolve() } - - Stmt getImmediateBody() { - result = - Synth::convertStmtFromRaw(Synth::convertRepeatWhileStmtToRaw(this) - .(Raw::RepeatWhileStmt) - .getBody()) - } - - final Stmt getBody() { result = getImmediateBody().resolve() } } diff --git a/swift/ql/lib/codeql/swift/generated/stmt/ReturnStmt.qll b/swift/ql/lib/codeql/swift/generated/stmt/ReturnStmt.qll index 1234eeb7d85..a40775cc6e7 100644 --- a/swift/ql/lib/codeql/swift/generated/stmt/ReturnStmt.qll +++ b/swift/ql/lib/codeql/swift/generated/stmt/ReturnStmt.qll @@ -4,15 +4,17 @@ private import codeql.swift.generated.Raw import codeql.swift.elements.expr.Expr import codeql.swift.elements.stmt.Stmt -class ReturnStmtBase extends Synth::TReturnStmt, Stmt { - override string getAPrimaryQlClass() { result = "ReturnStmt" } +module Generated { + class ReturnStmt extends Synth::TReturnStmt, Stmt { + override string getAPrimaryQlClass() { result = "ReturnStmt" } - Expr getImmediateResult() { - result = - Synth::convertExprFromRaw(Synth::convertReturnStmtToRaw(this).(Raw::ReturnStmt).getResult()) + Expr getImmediateResult() { + result = + Synth::convertExprFromRaw(Synth::convertReturnStmtToRaw(this).(Raw::ReturnStmt).getResult()) + } + + final Expr getResult() { result = getImmediateResult().resolve() } + + final predicate hasResult() { exists(getResult()) } } - - final Expr getResult() { result = getImmediateResult().resolve() } - - final predicate hasResult() { exists(getResult()) } } diff --git a/swift/ql/lib/codeql/swift/generated/stmt/Stmt.qll b/swift/ql/lib/codeql/swift/generated/stmt/Stmt.qll index 362cbf60b9c..9311889dfd7 100644 --- a/swift/ql/lib/codeql/swift/generated/stmt/Stmt.qll +++ b/swift/ql/lib/codeql/swift/generated/stmt/Stmt.qll @@ -3,4 +3,6 @@ private import codeql.swift.generated.Synth private import codeql.swift.generated.Raw import codeql.swift.elements.AstNode -class StmtBase extends Synth::TStmt, AstNode { } +module Generated { + class Stmt extends Synth::TStmt, AstNode { } +} diff --git a/swift/ql/lib/codeql/swift/generated/stmt/StmtCondition.qll b/swift/ql/lib/codeql/swift/generated/stmt/StmtCondition.qll index b581619551a..6c75f640a11 100644 --- a/swift/ql/lib/codeql/swift/generated/stmt/StmtCondition.qll +++ b/swift/ql/lib/codeql/swift/generated/stmt/StmtCondition.qll @@ -4,19 +4,21 @@ private import codeql.swift.generated.Raw import codeql.swift.elements.AstNode import codeql.swift.elements.stmt.ConditionElement -class StmtConditionBase extends Synth::TStmtCondition, AstNode { - override string getAPrimaryQlClass() { result = "StmtCondition" } +module Generated { + class StmtCondition extends Synth::TStmtCondition, AstNode { + override string getAPrimaryQlClass() { result = "StmtCondition" } - ConditionElement getImmediateElement(int index) { - result = - Synth::convertConditionElementFromRaw(Synth::convertStmtConditionToRaw(this) - .(Raw::StmtCondition) - .getElement(index)) + ConditionElement getImmediateElement(int index) { + result = + Synth::convertConditionElementFromRaw(Synth::convertStmtConditionToRaw(this) + .(Raw::StmtCondition) + .getElement(index)) + } + + final ConditionElement getElement(int index) { result = getImmediateElement(index).resolve() } + + final ConditionElement getAnElement() { result = getElement(_) } + + final int getNumberOfElements() { result = count(getAnElement()) } } - - final ConditionElement getElement(int index) { result = getImmediateElement(index).resolve() } - - final ConditionElement getAnElement() { result = getElement(_) } - - final int getNumberOfElements() { result = count(getAnElement()) } } diff --git a/swift/ql/lib/codeql/swift/generated/stmt/SwitchStmt.qll b/swift/ql/lib/codeql/swift/generated/stmt/SwitchStmt.qll index d9e5e524e75..e4461f43472 100644 --- a/swift/ql/lib/codeql/swift/generated/stmt/SwitchStmt.qll +++ b/swift/ql/lib/codeql/swift/generated/stmt/SwitchStmt.qll @@ -5,26 +5,28 @@ import codeql.swift.elements.stmt.CaseStmt import codeql.swift.elements.expr.Expr import codeql.swift.elements.stmt.LabeledStmt -class SwitchStmtBase extends Synth::TSwitchStmt, LabeledStmt { - override string getAPrimaryQlClass() { result = "SwitchStmt" } +module Generated { + class SwitchStmt extends Synth::TSwitchStmt, LabeledStmt { + override string getAPrimaryQlClass() { result = "SwitchStmt" } - Expr getImmediateExpr() { - result = - Synth::convertExprFromRaw(Synth::convertSwitchStmtToRaw(this).(Raw::SwitchStmt).getExpr()) + Expr getImmediateExpr() { + result = + Synth::convertExprFromRaw(Synth::convertSwitchStmtToRaw(this).(Raw::SwitchStmt).getExpr()) + } + + final Expr getExpr() { result = getImmediateExpr().resolve() } + + CaseStmt getImmediateCase(int index) { + result = + Synth::convertCaseStmtFromRaw(Synth::convertSwitchStmtToRaw(this) + .(Raw::SwitchStmt) + .getCase(index)) + } + + final CaseStmt getCase(int index) { result = getImmediateCase(index).resolve() } + + final CaseStmt getACase() { result = getCase(_) } + + final int getNumberOfCases() { result = count(getACase()) } } - - final Expr getExpr() { result = getImmediateExpr().resolve() } - - CaseStmt getImmediateCase(int index) { - result = - Synth::convertCaseStmtFromRaw(Synth::convertSwitchStmtToRaw(this) - .(Raw::SwitchStmt) - .getCase(index)) - } - - final CaseStmt getCase(int index) { result = getImmediateCase(index).resolve() } - - final CaseStmt getACase() { result = getCase(_) } - - final int getNumberOfCases() { result = count(getACase()) } } diff --git a/swift/ql/lib/codeql/swift/generated/stmt/ThrowStmt.qll b/swift/ql/lib/codeql/swift/generated/stmt/ThrowStmt.qll index d14aa5af5e9..b8360131ac8 100644 --- a/swift/ql/lib/codeql/swift/generated/stmt/ThrowStmt.qll +++ b/swift/ql/lib/codeql/swift/generated/stmt/ThrowStmt.qll @@ -4,13 +4,15 @@ private import codeql.swift.generated.Raw import codeql.swift.elements.expr.Expr import codeql.swift.elements.stmt.Stmt -class ThrowStmtBase extends Synth::TThrowStmt, Stmt { - override string getAPrimaryQlClass() { result = "ThrowStmt" } +module Generated { + class ThrowStmt extends Synth::TThrowStmt, Stmt { + override string getAPrimaryQlClass() { result = "ThrowStmt" } - Expr getImmediateSubExpr() { - result = - Synth::convertExprFromRaw(Synth::convertThrowStmtToRaw(this).(Raw::ThrowStmt).getSubExpr()) + Expr getImmediateSubExpr() { + result = + Synth::convertExprFromRaw(Synth::convertThrowStmtToRaw(this).(Raw::ThrowStmt).getSubExpr()) + } + + final Expr getSubExpr() { result = getImmediateSubExpr().resolve() } } - - final Expr getSubExpr() { result = getImmediateSubExpr().resolve() } } diff --git a/swift/ql/lib/codeql/swift/generated/stmt/WhileStmt.qll b/swift/ql/lib/codeql/swift/generated/stmt/WhileStmt.qll index b0e436142ac..d932c98543e 100644 --- a/swift/ql/lib/codeql/swift/generated/stmt/WhileStmt.qll +++ b/swift/ql/lib/codeql/swift/generated/stmt/WhileStmt.qll @@ -4,13 +4,15 @@ private import codeql.swift.generated.Raw import codeql.swift.elements.stmt.LabeledConditionalStmt import codeql.swift.elements.stmt.Stmt -class WhileStmtBase extends Synth::TWhileStmt, LabeledConditionalStmt { - override string getAPrimaryQlClass() { result = "WhileStmt" } +module Generated { + class WhileStmt extends Synth::TWhileStmt, LabeledConditionalStmt { + override string getAPrimaryQlClass() { result = "WhileStmt" } - Stmt getImmediateBody() { - result = - Synth::convertStmtFromRaw(Synth::convertWhileStmtToRaw(this).(Raw::WhileStmt).getBody()) + Stmt getImmediateBody() { + result = + Synth::convertStmtFromRaw(Synth::convertWhileStmtToRaw(this).(Raw::WhileStmt).getBody()) + } + + final Stmt getBody() { result = getImmediateBody().resolve() } } - - final Stmt getBody() { result = getImmediateBody().resolve() } } diff --git a/swift/ql/lib/codeql/swift/generated/stmt/YieldStmt.qll b/swift/ql/lib/codeql/swift/generated/stmt/YieldStmt.qll index c5a6c85dafc..7618e76d911 100644 --- a/swift/ql/lib/codeql/swift/generated/stmt/YieldStmt.qll +++ b/swift/ql/lib/codeql/swift/generated/stmt/YieldStmt.qll @@ -4,17 +4,21 @@ private import codeql.swift.generated.Raw import codeql.swift.elements.expr.Expr import codeql.swift.elements.stmt.Stmt -class YieldStmtBase extends Synth::TYieldStmt, Stmt { - override string getAPrimaryQlClass() { result = "YieldStmt" } +module Generated { + class YieldStmt extends Synth::TYieldStmt, Stmt { + override string getAPrimaryQlClass() { result = "YieldStmt" } - Expr getImmediateResult(int index) { - result = - Synth::convertExprFromRaw(Synth::convertYieldStmtToRaw(this).(Raw::YieldStmt).getResult(index)) + Expr getImmediateResult(int index) { + result = + Synth::convertExprFromRaw(Synth::convertYieldStmtToRaw(this) + .(Raw::YieldStmt) + .getResult(index)) + } + + final Expr getResult(int index) { result = getImmediateResult(index).resolve() } + + final Expr getAResult() { result = getResult(_) } + + final int getNumberOfResults() { result = count(getAResult()) } } - - final Expr getResult(int index) { result = getImmediateResult(index).resolve() } - - final Expr getAResult() { result = getResult(_) } - - final int getNumberOfResults() { result = count(getAResult()) } } diff --git a/swift/ql/lib/codeql/swift/generated/type/AnyBuiltinIntegerType.qll b/swift/ql/lib/codeql/swift/generated/type/AnyBuiltinIntegerType.qll index dae6a158fd4..9b915cf8bcf 100644 --- a/swift/ql/lib/codeql/swift/generated/type/AnyBuiltinIntegerType.qll +++ b/swift/ql/lib/codeql/swift/generated/type/AnyBuiltinIntegerType.qll @@ -3,4 +3,6 @@ private import codeql.swift.generated.Synth private import codeql.swift.generated.Raw import codeql.swift.elements.type.BuiltinType -class AnyBuiltinIntegerTypeBase extends Synth::TAnyBuiltinIntegerType, BuiltinType { } +module Generated { + class AnyBuiltinIntegerType extends Synth::TAnyBuiltinIntegerType, BuiltinType { } +} diff --git a/swift/ql/lib/codeql/swift/generated/type/AnyFunctionType.qll b/swift/ql/lib/codeql/swift/generated/type/AnyFunctionType.qll index 3913bf308de..6e8b66ed247 100644 --- a/swift/ql/lib/codeql/swift/generated/type/AnyFunctionType.qll +++ b/swift/ql/lib/codeql/swift/generated/type/AnyFunctionType.qll @@ -3,40 +3,44 @@ private import codeql.swift.generated.Synth private import codeql.swift.generated.Raw import codeql.swift.elements.type.Type -class AnyFunctionTypeBase extends Synth::TAnyFunctionType, Type { - Type getImmediateResult() { - result = - Synth::convertTypeFromRaw(Synth::convertAnyFunctionTypeToRaw(this) - .(Raw::AnyFunctionType) - .getResult()) +module Generated { + class AnyFunctionType extends Synth::TAnyFunctionType, Type { + Type getImmediateResult() { + result = + Synth::convertTypeFromRaw(Synth::convertAnyFunctionTypeToRaw(this) + .(Raw::AnyFunctionType) + .getResult()) + } + + final Type getResult() { result = getImmediateResult().resolve() } + + Type getImmediateParamType(int index) { + result = + Synth::convertTypeFromRaw(Synth::convertAnyFunctionTypeToRaw(this) + .(Raw::AnyFunctionType) + .getParamType(index)) + } + + final Type getParamType(int index) { result = getImmediateParamType(index).resolve() } + + final Type getAParamType() { result = getParamType(_) } + + final int getNumberOfParamTypes() { result = count(getAParamType()) } + + string getParamLabel(int index) { + result = Synth::convertAnyFunctionTypeToRaw(this).(Raw::AnyFunctionType).getParamLabel(index) + } + + final string getAParamLabel() { result = getParamLabel(_) } + + final int getNumberOfParamLabels() { result = count(getAParamLabel()) } + + predicate isThrowing() { + Synth::convertAnyFunctionTypeToRaw(this).(Raw::AnyFunctionType).isThrowing() + } + + predicate isAsync() { + Synth::convertAnyFunctionTypeToRaw(this).(Raw::AnyFunctionType).isAsync() + } } - - final Type getResult() { result = getImmediateResult().resolve() } - - Type getImmediateParamType(int index) { - result = - Synth::convertTypeFromRaw(Synth::convertAnyFunctionTypeToRaw(this) - .(Raw::AnyFunctionType) - .getParamType(index)) - } - - final Type getParamType(int index) { result = getImmediateParamType(index).resolve() } - - final Type getAParamType() { result = getParamType(_) } - - final int getNumberOfParamTypes() { result = count(getAParamType()) } - - string getParamLabel(int index) { - result = Synth::convertAnyFunctionTypeToRaw(this).(Raw::AnyFunctionType).getParamLabel(index) - } - - final string getAParamLabel() { result = getParamLabel(_) } - - final int getNumberOfParamLabels() { result = count(getAParamLabel()) } - - predicate isThrowing() { - Synth::convertAnyFunctionTypeToRaw(this).(Raw::AnyFunctionType).isThrowing() - } - - predicate isAsync() { Synth::convertAnyFunctionTypeToRaw(this).(Raw::AnyFunctionType).isAsync() } } diff --git a/swift/ql/lib/codeql/swift/generated/type/AnyGenericType.qll b/swift/ql/lib/codeql/swift/generated/type/AnyGenericType.qll index 543d9f8dfda..daf24de1b98 100644 --- a/swift/ql/lib/codeql/swift/generated/type/AnyGenericType.qll +++ b/swift/ql/lib/codeql/swift/generated/type/AnyGenericType.qll @@ -4,24 +4,26 @@ private import codeql.swift.generated.Raw import codeql.swift.elements.decl.Decl import codeql.swift.elements.type.Type -class AnyGenericTypeBase extends Synth::TAnyGenericType, Type { - Type getImmediateParent() { - result = - Synth::convertTypeFromRaw(Synth::convertAnyGenericTypeToRaw(this) - .(Raw::AnyGenericType) - .getParent()) +module Generated { + class AnyGenericType extends Synth::TAnyGenericType, Type { + Type getImmediateParent() { + result = + Synth::convertTypeFromRaw(Synth::convertAnyGenericTypeToRaw(this) + .(Raw::AnyGenericType) + .getParent()) + } + + final Type getParent() { result = getImmediateParent().resolve() } + + final predicate hasParent() { exists(getParent()) } + + Decl getImmediateDeclaration() { + result = + Synth::convertDeclFromRaw(Synth::convertAnyGenericTypeToRaw(this) + .(Raw::AnyGenericType) + .getDeclaration()) + } + + final Decl getDeclaration() { result = getImmediateDeclaration().resolve() } } - - final Type getParent() { result = getImmediateParent().resolve() } - - final predicate hasParent() { exists(getParent()) } - - Decl getImmediateDeclaration() { - result = - Synth::convertDeclFromRaw(Synth::convertAnyGenericTypeToRaw(this) - .(Raw::AnyGenericType) - .getDeclaration()) - } - - final Decl getDeclaration() { result = getImmediateDeclaration().resolve() } } diff --git a/swift/ql/lib/codeql/swift/generated/type/AnyMetatypeType.qll b/swift/ql/lib/codeql/swift/generated/type/AnyMetatypeType.qll index 88733d4abe6..6e060340734 100644 --- a/swift/ql/lib/codeql/swift/generated/type/AnyMetatypeType.qll +++ b/swift/ql/lib/codeql/swift/generated/type/AnyMetatypeType.qll @@ -3,4 +3,6 @@ private import codeql.swift.generated.Synth private import codeql.swift.generated.Raw import codeql.swift.elements.type.Type -class AnyMetatypeTypeBase extends Synth::TAnyMetatypeType, Type { } +module Generated { + class AnyMetatypeType extends Synth::TAnyMetatypeType, Type { } +} diff --git a/swift/ql/lib/codeql/swift/generated/type/ArchetypeType.qll b/swift/ql/lib/codeql/swift/generated/type/ArchetypeType.qll index 71189800833..6a539c3bc65 100644 --- a/swift/ql/lib/codeql/swift/generated/type/ArchetypeType.qll +++ b/swift/ql/lib/codeql/swift/generated/type/ArchetypeType.qll @@ -5,37 +5,39 @@ import codeql.swift.elements.decl.ProtocolDecl import codeql.swift.elements.type.SubstitutableType import codeql.swift.elements.type.Type -class ArchetypeTypeBase extends Synth::TArchetypeType, SubstitutableType { - Type getImmediateInterfaceType() { - result = - Synth::convertTypeFromRaw(Synth::convertArchetypeTypeToRaw(this) - .(Raw::ArchetypeType) - .getInterfaceType()) +module Generated { + class ArchetypeType extends Synth::TArchetypeType, SubstitutableType { + Type getImmediateInterfaceType() { + result = + Synth::convertTypeFromRaw(Synth::convertArchetypeTypeToRaw(this) + .(Raw::ArchetypeType) + .getInterfaceType()) + } + + final Type getInterfaceType() { result = getImmediateInterfaceType().resolve() } + + Type getImmediateSuperclass() { + result = + Synth::convertTypeFromRaw(Synth::convertArchetypeTypeToRaw(this) + .(Raw::ArchetypeType) + .getSuperclass()) + } + + final Type getSuperclass() { result = getImmediateSuperclass().resolve() } + + final predicate hasSuperclass() { exists(getSuperclass()) } + + ProtocolDecl getImmediateProtocol(int index) { + result = + Synth::convertProtocolDeclFromRaw(Synth::convertArchetypeTypeToRaw(this) + .(Raw::ArchetypeType) + .getProtocol(index)) + } + + final ProtocolDecl getProtocol(int index) { result = getImmediateProtocol(index).resolve() } + + final ProtocolDecl getAProtocol() { result = getProtocol(_) } + + final int getNumberOfProtocols() { result = count(getAProtocol()) } } - - final Type getInterfaceType() { result = getImmediateInterfaceType().resolve() } - - Type getImmediateSuperclass() { - result = - Synth::convertTypeFromRaw(Synth::convertArchetypeTypeToRaw(this) - .(Raw::ArchetypeType) - .getSuperclass()) - } - - final Type getSuperclass() { result = getImmediateSuperclass().resolve() } - - final predicate hasSuperclass() { exists(getSuperclass()) } - - ProtocolDecl getImmediateProtocol(int index) { - result = - Synth::convertProtocolDeclFromRaw(Synth::convertArchetypeTypeToRaw(this) - .(Raw::ArchetypeType) - .getProtocol(index)) - } - - final ProtocolDecl getProtocol(int index) { result = getImmediateProtocol(index).resolve() } - - final ProtocolDecl getAProtocol() { result = getProtocol(_) } - - final int getNumberOfProtocols() { result = count(getAProtocol()) } } diff --git a/swift/ql/lib/codeql/swift/generated/type/ArraySliceType.qll b/swift/ql/lib/codeql/swift/generated/type/ArraySliceType.qll index e02b00efdbc..c27b42c44d5 100644 --- a/swift/ql/lib/codeql/swift/generated/type/ArraySliceType.qll +++ b/swift/ql/lib/codeql/swift/generated/type/ArraySliceType.qll @@ -3,6 +3,8 @@ private import codeql.swift.generated.Synth private import codeql.swift.generated.Raw import codeql.swift.elements.type.UnarySyntaxSugarType -class ArraySliceTypeBase extends Synth::TArraySliceType, UnarySyntaxSugarType { - override string getAPrimaryQlClass() { result = "ArraySliceType" } +module Generated { + class ArraySliceType extends Synth::TArraySliceType, UnarySyntaxSugarType { + override string getAPrimaryQlClass() { result = "ArraySliceType" } + } } diff --git a/swift/ql/lib/codeql/swift/generated/type/BoundGenericClassType.qll b/swift/ql/lib/codeql/swift/generated/type/BoundGenericClassType.qll index 85a29870b44..c5881cd34e9 100644 --- a/swift/ql/lib/codeql/swift/generated/type/BoundGenericClassType.qll +++ b/swift/ql/lib/codeql/swift/generated/type/BoundGenericClassType.qll @@ -3,6 +3,8 @@ private import codeql.swift.generated.Synth private import codeql.swift.generated.Raw import codeql.swift.elements.type.BoundGenericType -class BoundGenericClassTypeBase extends Synth::TBoundGenericClassType, BoundGenericType { - override string getAPrimaryQlClass() { result = "BoundGenericClassType" } +module Generated { + class BoundGenericClassType extends Synth::TBoundGenericClassType, BoundGenericType { + override string getAPrimaryQlClass() { result = "BoundGenericClassType" } + } } diff --git a/swift/ql/lib/codeql/swift/generated/type/BoundGenericEnumType.qll b/swift/ql/lib/codeql/swift/generated/type/BoundGenericEnumType.qll index 92e2a1a0dc6..581743c8ab5 100644 --- a/swift/ql/lib/codeql/swift/generated/type/BoundGenericEnumType.qll +++ b/swift/ql/lib/codeql/swift/generated/type/BoundGenericEnumType.qll @@ -3,6 +3,8 @@ private import codeql.swift.generated.Synth private import codeql.swift.generated.Raw import codeql.swift.elements.type.BoundGenericType -class BoundGenericEnumTypeBase extends Synth::TBoundGenericEnumType, BoundGenericType { - override string getAPrimaryQlClass() { result = "BoundGenericEnumType" } +module Generated { + class BoundGenericEnumType extends Synth::TBoundGenericEnumType, BoundGenericType { + override string getAPrimaryQlClass() { result = "BoundGenericEnumType" } + } } diff --git a/swift/ql/lib/codeql/swift/generated/type/BoundGenericStructType.qll b/swift/ql/lib/codeql/swift/generated/type/BoundGenericStructType.qll index 7b53de883a9..aa64950872f 100644 --- a/swift/ql/lib/codeql/swift/generated/type/BoundGenericStructType.qll +++ b/swift/ql/lib/codeql/swift/generated/type/BoundGenericStructType.qll @@ -3,6 +3,8 @@ private import codeql.swift.generated.Synth private import codeql.swift.generated.Raw import codeql.swift.elements.type.BoundGenericType -class BoundGenericStructTypeBase extends Synth::TBoundGenericStructType, BoundGenericType { - override string getAPrimaryQlClass() { result = "BoundGenericStructType" } +module Generated { + class BoundGenericStructType extends Synth::TBoundGenericStructType, BoundGenericType { + override string getAPrimaryQlClass() { result = "BoundGenericStructType" } + } } diff --git a/swift/ql/lib/codeql/swift/generated/type/BoundGenericType.qll b/swift/ql/lib/codeql/swift/generated/type/BoundGenericType.qll index 436df96f904..26295f266b0 100644 --- a/swift/ql/lib/codeql/swift/generated/type/BoundGenericType.qll +++ b/swift/ql/lib/codeql/swift/generated/type/BoundGenericType.qll @@ -4,17 +4,19 @@ private import codeql.swift.generated.Raw import codeql.swift.elements.type.NominalOrBoundGenericNominalType import codeql.swift.elements.type.Type -class BoundGenericTypeBase extends Synth::TBoundGenericType, NominalOrBoundGenericNominalType { - Type getImmediateArgType(int index) { - result = - Synth::convertTypeFromRaw(Synth::convertBoundGenericTypeToRaw(this) - .(Raw::BoundGenericType) - .getArgType(index)) +module Generated { + class BoundGenericType extends Synth::TBoundGenericType, NominalOrBoundGenericNominalType { + Type getImmediateArgType(int index) { + result = + Synth::convertTypeFromRaw(Synth::convertBoundGenericTypeToRaw(this) + .(Raw::BoundGenericType) + .getArgType(index)) + } + + final Type getArgType(int index) { result = getImmediateArgType(index).resolve() } + + final Type getAnArgType() { result = getArgType(_) } + + final int getNumberOfArgTypes() { result = count(getAnArgType()) } } - - final Type getArgType(int index) { result = getImmediateArgType(index).resolve() } - - final Type getAnArgType() { result = getArgType(_) } - - final int getNumberOfArgTypes() { result = count(getAnArgType()) } } diff --git a/swift/ql/lib/codeql/swift/generated/type/BuiltinBridgeObjectType.qll b/swift/ql/lib/codeql/swift/generated/type/BuiltinBridgeObjectType.qll index 5e4db29140b..0576b0f5ebb 100644 --- a/swift/ql/lib/codeql/swift/generated/type/BuiltinBridgeObjectType.qll +++ b/swift/ql/lib/codeql/swift/generated/type/BuiltinBridgeObjectType.qll @@ -3,6 +3,8 @@ private import codeql.swift.generated.Synth private import codeql.swift.generated.Raw import codeql.swift.elements.type.BuiltinType -class BuiltinBridgeObjectTypeBase extends Synth::TBuiltinBridgeObjectType, BuiltinType { - override string getAPrimaryQlClass() { result = "BuiltinBridgeObjectType" } +module Generated { + class BuiltinBridgeObjectType extends Synth::TBuiltinBridgeObjectType, BuiltinType { + override string getAPrimaryQlClass() { result = "BuiltinBridgeObjectType" } + } } diff --git a/swift/ql/lib/codeql/swift/generated/type/BuiltinDefaultActorStorageType.qll b/swift/ql/lib/codeql/swift/generated/type/BuiltinDefaultActorStorageType.qll index 6068dd89a0a..a41c0251318 100644 --- a/swift/ql/lib/codeql/swift/generated/type/BuiltinDefaultActorStorageType.qll +++ b/swift/ql/lib/codeql/swift/generated/type/BuiltinDefaultActorStorageType.qll @@ -3,6 +3,8 @@ private import codeql.swift.generated.Synth private import codeql.swift.generated.Raw import codeql.swift.elements.type.BuiltinType -class BuiltinDefaultActorStorageTypeBase extends Synth::TBuiltinDefaultActorStorageType, BuiltinType { - override string getAPrimaryQlClass() { result = "BuiltinDefaultActorStorageType" } +module Generated { + class BuiltinDefaultActorStorageType extends Synth::TBuiltinDefaultActorStorageType, BuiltinType { + override string getAPrimaryQlClass() { result = "BuiltinDefaultActorStorageType" } + } } diff --git a/swift/ql/lib/codeql/swift/generated/type/BuiltinExecutorType.qll b/swift/ql/lib/codeql/swift/generated/type/BuiltinExecutorType.qll index cf031b4cf74..c3e86b4b6c5 100644 --- a/swift/ql/lib/codeql/swift/generated/type/BuiltinExecutorType.qll +++ b/swift/ql/lib/codeql/swift/generated/type/BuiltinExecutorType.qll @@ -3,6 +3,8 @@ private import codeql.swift.generated.Synth private import codeql.swift.generated.Raw import codeql.swift.elements.type.BuiltinType -class BuiltinExecutorTypeBase extends Synth::TBuiltinExecutorType, BuiltinType { - override string getAPrimaryQlClass() { result = "BuiltinExecutorType" } +module Generated { + class BuiltinExecutorType extends Synth::TBuiltinExecutorType, BuiltinType { + override string getAPrimaryQlClass() { result = "BuiltinExecutorType" } + } } diff --git a/swift/ql/lib/codeql/swift/generated/type/BuiltinFloatType.qll b/swift/ql/lib/codeql/swift/generated/type/BuiltinFloatType.qll index fa81a40c7f2..c83dea9f06c 100644 --- a/swift/ql/lib/codeql/swift/generated/type/BuiltinFloatType.qll +++ b/swift/ql/lib/codeql/swift/generated/type/BuiltinFloatType.qll @@ -3,6 +3,8 @@ private import codeql.swift.generated.Synth private import codeql.swift.generated.Raw import codeql.swift.elements.type.BuiltinType -class BuiltinFloatTypeBase extends Synth::TBuiltinFloatType, BuiltinType { - override string getAPrimaryQlClass() { result = "BuiltinFloatType" } +module Generated { + class BuiltinFloatType extends Synth::TBuiltinFloatType, BuiltinType { + override string getAPrimaryQlClass() { result = "BuiltinFloatType" } + } } diff --git a/swift/ql/lib/codeql/swift/generated/type/BuiltinIntegerLiteralType.qll b/swift/ql/lib/codeql/swift/generated/type/BuiltinIntegerLiteralType.qll index f829cdc56b0..9f47df5eae8 100644 --- a/swift/ql/lib/codeql/swift/generated/type/BuiltinIntegerLiteralType.qll +++ b/swift/ql/lib/codeql/swift/generated/type/BuiltinIntegerLiteralType.qll @@ -3,6 +3,8 @@ private import codeql.swift.generated.Synth private import codeql.swift.generated.Raw import codeql.swift.elements.type.AnyBuiltinIntegerType -class BuiltinIntegerLiteralTypeBase extends Synth::TBuiltinIntegerLiteralType, AnyBuiltinIntegerType { - override string getAPrimaryQlClass() { result = "BuiltinIntegerLiteralType" } +module Generated { + class BuiltinIntegerLiteralType extends Synth::TBuiltinIntegerLiteralType, AnyBuiltinIntegerType { + override string getAPrimaryQlClass() { result = "BuiltinIntegerLiteralType" } + } } diff --git a/swift/ql/lib/codeql/swift/generated/type/BuiltinIntegerType.qll b/swift/ql/lib/codeql/swift/generated/type/BuiltinIntegerType.qll index b07263f8785..114190a77e2 100644 --- a/swift/ql/lib/codeql/swift/generated/type/BuiltinIntegerType.qll +++ b/swift/ql/lib/codeql/swift/generated/type/BuiltinIntegerType.qll @@ -3,12 +3,14 @@ private import codeql.swift.generated.Synth private import codeql.swift.generated.Raw import codeql.swift.elements.type.AnyBuiltinIntegerType -class BuiltinIntegerTypeBase extends Synth::TBuiltinIntegerType, AnyBuiltinIntegerType { - override string getAPrimaryQlClass() { result = "BuiltinIntegerType" } +module Generated { + class BuiltinIntegerType extends Synth::TBuiltinIntegerType, AnyBuiltinIntegerType { + override string getAPrimaryQlClass() { result = "BuiltinIntegerType" } - int getWidth() { - result = Synth::convertBuiltinIntegerTypeToRaw(this).(Raw::BuiltinIntegerType).getWidth() + int getWidth() { + result = Synth::convertBuiltinIntegerTypeToRaw(this).(Raw::BuiltinIntegerType).getWidth() + } + + final predicate hasWidth() { exists(getWidth()) } } - - final predicate hasWidth() { exists(getWidth()) } } diff --git a/swift/ql/lib/codeql/swift/generated/type/BuiltinJobType.qll b/swift/ql/lib/codeql/swift/generated/type/BuiltinJobType.qll index 6be5264a8db..537cf282f9b 100644 --- a/swift/ql/lib/codeql/swift/generated/type/BuiltinJobType.qll +++ b/swift/ql/lib/codeql/swift/generated/type/BuiltinJobType.qll @@ -3,6 +3,8 @@ private import codeql.swift.generated.Synth private import codeql.swift.generated.Raw import codeql.swift.elements.type.BuiltinType -class BuiltinJobTypeBase extends Synth::TBuiltinJobType, BuiltinType { - override string getAPrimaryQlClass() { result = "BuiltinJobType" } +module Generated { + class BuiltinJobType extends Synth::TBuiltinJobType, BuiltinType { + override string getAPrimaryQlClass() { result = "BuiltinJobType" } + } } diff --git a/swift/ql/lib/codeql/swift/generated/type/BuiltinNativeObjectType.qll b/swift/ql/lib/codeql/swift/generated/type/BuiltinNativeObjectType.qll index 5734352686d..25634355543 100644 --- a/swift/ql/lib/codeql/swift/generated/type/BuiltinNativeObjectType.qll +++ b/swift/ql/lib/codeql/swift/generated/type/BuiltinNativeObjectType.qll @@ -3,6 +3,8 @@ private import codeql.swift.generated.Synth private import codeql.swift.generated.Raw import codeql.swift.elements.type.BuiltinType -class BuiltinNativeObjectTypeBase extends Synth::TBuiltinNativeObjectType, BuiltinType { - override string getAPrimaryQlClass() { result = "BuiltinNativeObjectType" } +module Generated { + class BuiltinNativeObjectType extends Synth::TBuiltinNativeObjectType, BuiltinType { + override string getAPrimaryQlClass() { result = "BuiltinNativeObjectType" } + } } diff --git a/swift/ql/lib/codeql/swift/generated/type/BuiltinRawPointerType.qll b/swift/ql/lib/codeql/swift/generated/type/BuiltinRawPointerType.qll index 95bc6e8fc86..52425067fbf 100644 --- a/swift/ql/lib/codeql/swift/generated/type/BuiltinRawPointerType.qll +++ b/swift/ql/lib/codeql/swift/generated/type/BuiltinRawPointerType.qll @@ -3,6 +3,8 @@ private import codeql.swift.generated.Synth private import codeql.swift.generated.Raw import codeql.swift.elements.type.BuiltinType -class BuiltinRawPointerTypeBase extends Synth::TBuiltinRawPointerType, BuiltinType { - override string getAPrimaryQlClass() { result = "BuiltinRawPointerType" } +module Generated { + class BuiltinRawPointerType extends Synth::TBuiltinRawPointerType, BuiltinType { + override string getAPrimaryQlClass() { result = "BuiltinRawPointerType" } + } } diff --git a/swift/ql/lib/codeql/swift/generated/type/BuiltinRawUnsafeContinuationType.qll b/swift/ql/lib/codeql/swift/generated/type/BuiltinRawUnsafeContinuationType.qll index 0ea732e1357..40e4cfc7218 100644 --- a/swift/ql/lib/codeql/swift/generated/type/BuiltinRawUnsafeContinuationType.qll +++ b/swift/ql/lib/codeql/swift/generated/type/BuiltinRawUnsafeContinuationType.qll @@ -3,7 +3,9 @@ private import codeql.swift.generated.Synth private import codeql.swift.generated.Raw import codeql.swift.elements.type.BuiltinType -class BuiltinRawUnsafeContinuationTypeBase extends Synth::TBuiltinRawUnsafeContinuationType, - BuiltinType { - override string getAPrimaryQlClass() { result = "BuiltinRawUnsafeContinuationType" } +module Generated { + class BuiltinRawUnsafeContinuationType extends Synth::TBuiltinRawUnsafeContinuationType, + BuiltinType { + override string getAPrimaryQlClass() { result = "BuiltinRawUnsafeContinuationType" } + } } diff --git a/swift/ql/lib/codeql/swift/generated/type/BuiltinType.qll b/swift/ql/lib/codeql/swift/generated/type/BuiltinType.qll index 14cd507fb81..03a9c2b8405 100644 --- a/swift/ql/lib/codeql/swift/generated/type/BuiltinType.qll +++ b/swift/ql/lib/codeql/swift/generated/type/BuiltinType.qll @@ -3,4 +3,6 @@ private import codeql.swift.generated.Synth private import codeql.swift.generated.Raw import codeql.swift.elements.type.Type -class BuiltinTypeBase extends Synth::TBuiltinType, Type { } +module Generated { + class BuiltinType extends Synth::TBuiltinType, Type { } +} diff --git a/swift/ql/lib/codeql/swift/generated/type/BuiltinUnsafeValueBufferType.qll b/swift/ql/lib/codeql/swift/generated/type/BuiltinUnsafeValueBufferType.qll index 36dc39871b6..0399b13e908 100644 --- a/swift/ql/lib/codeql/swift/generated/type/BuiltinUnsafeValueBufferType.qll +++ b/swift/ql/lib/codeql/swift/generated/type/BuiltinUnsafeValueBufferType.qll @@ -3,6 +3,8 @@ private import codeql.swift.generated.Synth private import codeql.swift.generated.Raw import codeql.swift.elements.type.BuiltinType -class BuiltinUnsafeValueBufferTypeBase extends Synth::TBuiltinUnsafeValueBufferType, BuiltinType { - override string getAPrimaryQlClass() { result = "BuiltinUnsafeValueBufferType" } +module Generated { + class BuiltinUnsafeValueBufferType extends Synth::TBuiltinUnsafeValueBufferType, BuiltinType { + override string getAPrimaryQlClass() { result = "BuiltinUnsafeValueBufferType" } + } } diff --git a/swift/ql/lib/codeql/swift/generated/type/BuiltinVectorType.qll b/swift/ql/lib/codeql/swift/generated/type/BuiltinVectorType.qll index 2ed8e9283fe..88795dcf78a 100644 --- a/swift/ql/lib/codeql/swift/generated/type/BuiltinVectorType.qll +++ b/swift/ql/lib/codeql/swift/generated/type/BuiltinVectorType.qll @@ -3,6 +3,8 @@ private import codeql.swift.generated.Synth private import codeql.swift.generated.Raw import codeql.swift.elements.type.BuiltinType -class BuiltinVectorTypeBase extends Synth::TBuiltinVectorType, BuiltinType { - override string getAPrimaryQlClass() { result = "BuiltinVectorType" } +module Generated { + class BuiltinVectorType extends Synth::TBuiltinVectorType, BuiltinType { + override string getAPrimaryQlClass() { result = "BuiltinVectorType" } + } } diff --git a/swift/ql/lib/codeql/swift/generated/type/ClassType.qll b/swift/ql/lib/codeql/swift/generated/type/ClassType.qll index be682e0f664..b4f70bf1e19 100644 --- a/swift/ql/lib/codeql/swift/generated/type/ClassType.qll +++ b/swift/ql/lib/codeql/swift/generated/type/ClassType.qll @@ -3,6 +3,8 @@ private import codeql.swift.generated.Synth private import codeql.swift.generated.Raw import codeql.swift.elements.type.NominalType -class ClassTypeBase extends Synth::TClassType, NominalType { - override string getAPrimaryQlClass() { result = "ClassType" } +module Generated { + class ClassType extends Synth::TClassType, NominalType { + override string getAPrimaryQlClass() { result = "ClassType" } + } } diff --git a/swift/ql/lib/codeql/swift/generated/type/DependentMemberType.qll b/swift/ql/lib/codeql/swift/generated/type/DependentMemberType.qll index 0982d253449..5ceabb29ac0 100644 --- a/swift/ql/lib/codeql/swift/generated/type/DependentMemberType.qll +++ b/swift/ql/lib/codeql/swift/generated/type/DependentMemberType.qll @@ -4,26 +4,28 @@ private import codeql.swift.generated.Raw import codeql.swift.elements.decl.AssociatedTypeDecl import codeql.swift.elements.type.Type -class DependentMemberTypeBase extends Synth::TDependentMemberType, Type { - override string getAPrimaryQlClass() { result = "DependentMemberType" } +module Generated { + class DependentMemberType extends Synth::TDependentMemberType, Type { + override string getAPrimaryQlClass() { result = "DependentMemberType" } - Type getImmediateBaseType() { - result = - Synth::convertTypeFromRaw(Synth::convertDependentMemberTypeToRaw(this) - .(Raw::DependentMemberType) - .getBaseType()) - } + Type getImmediateBaseType() { + result = + Synth::convertTypeFromRaw(Synth::convertDependentMemberTypeToRaw(this) + .(Raw::DependentMemberType) + .getBaseType()) + } - final Type getBaseType() { result = getImmediateBaseType().resolve() } + final Type getBaseType() { result = getImmediateBaseType().resolve() } - AssociatedTypeDecl getImmediateAssociatedTypeDecl() { - result = - Synth::convertAssociatedTypeDeclFromRaw(Synth::convertDependentMemberTypeToRaw(this) - .(Raw::DependentMemberType) - .getAssociatedTypeDecl()) - } + AssociatedTypeDecl getImmediateAssociatedTypeDecl() { + result = + Synth::convertAssociatedTypeDeclFromRaw(Synth::convertDependentMemberTypeToRaw(this) + .(Raw::DependentMemberType) + .getAssociatedTypeDecl()) + } - final AssociatedTypeDecl getAssociatedTypeDecl() { - result = getImmediateAssociatedTypeDecl().resolve() + final AssociatedTypeDecl getAssociatedTypeDecl() { + result = getImmediateAssociatedTypeDecl().resolve() + } } } diff --git a/swift/ql/lib/codeql/swift/generated/type/DictionaryType.qll b/swift/ql/lib/codeql/swift/generated/type/DictionaryType.qll index 73183fa0cb2..72072233bb0 100644 --- a/swift/ql/lib/codeql/swift/generated/type/DictionaryType.qll +++ b/swift/ql/lib/codeql/swift/generated/type/DictionaryType.qll @@ -4,24 +4,26 @@ private import codeql.swift.generated.Raw import codeql.swift.elements.type.SyntaxSugarType import codeql.swift.elements.type.Type -class DictionaryTypeBase extends Synth::TDictionaryType, SyntaxSugarType { - override string getAPrimaryQlClass() { result = "DictionaryType" } +module Generated { + class DictionaryType extends Synth::TDictionaryType, SyntaxSugarType { + override string getAPrimaryQlClass() { result = "DictionaryType" } - Type getImmediateKeyType() { - result = - Synth::convertTypeFromRaw(Synth::convertDictionaryTypeToRaw(this) - .(Raw::DictionaryType) - .getKeyType()) + Type getImmediateKeyType() { + result = + Synth::convertTypeFromRaw(Synth::convertDictionaryTypeToRaw(this) + .(Raw::DictionaryType) + .getKeyType()) + } + + final Type getKeyType() { result = getImmediateKeyType().resolve() } + + Type getImmediateValueType() { + result = + Synth::convertTypeFromRaw(Synth::convertDictionaryTypeToRaw(this) + .(Raw::DictionaryType) + .getValueType()) + } + + final Type getValueType() { result = getImmediateValueType().resolve() } } - - final Type getKeyType() { result = getImmediateKeyType().resolve() } - - Type getImmediateValueType() { - result = - Synth::convertTypeFromRaw(Synth::convertDictionaryTypeToRaw(this) - .(Raw::DictionaryType) - .getValueType()) - } - - final Type getValueType() { result = getImmediateValueType().resolve() } } diff --git a/swift/ql/lib/codeql/swift/generated/type/DynamicSelfType.qll b/swift/ql/lib/codeql/swift/generated/type/DynamicSelfType.qll index 5f325d2ef8b..57c46e5e40f 100644 --- a/swift/ql/lib/codeql/swift/generated/type/DynamicSelfType.qll +++ b/swift/ql/lib/codeql/swift/generated/type/DynamicSelfType.qll @@ -3,15 +3,17 @@ private import codeql.swift.generated.Synth private import codeql.swift.generated.Raw import codeql.swift.elements.type.Type -class DynamicSelfTypeBase extends Synth::TDynamicSelfType, Type { - override string getAPrimaryQlClass() { result = "DynamicSelfType" } +module Generated { + class DynamicSelfType extends Synth::TDynamicSelfType, Type { + override string getAPrimaryQlClass() { result = "DynamicSelfType" } - Type getImmediateStaticSelfType() { - result = - Synth::convertTypeFromRaw(Synth::convertDynamicSelfTypeToRaw(this) - .(Raw::DynamicSelfType) - .getStaticSelfType()) + Type getImmediateStaticSelfType() { + result = + Synth::convertTypeFromRaw(Synth::convertDynamicSelfTypeToRaw(this) + .(Raw::DynamicSelfType) + .getStaticSelfType()) + } + + final Type getStaticSelfType() { result = getImmediateStaticSelfType().resolve() } } - - final Type getStaticSelfType() { result = getImmediateStaticSelfType().resolve() } } diff --git a/swift/ql/lib/codeql/swift/generated/type/EnumType.qll b/swift/ql/lib/codeql/swift/generated/type/EnumType.qll index 9f488a6e4d1..b5f2abe5036 100644 --- a/swift/ql/lib/codeql/swift/generated/type/EnumType.qll +++ b/swift/ql/lib/codeql/swift/generated/type/EnumType.qll @@ -3,6 +3,8 @@ private import codeql.swift.generated.Synth private import codeql.swift.generated.Raw import codeql.swift.elements.type.NominalType -class EnumTypeBase extends Synth::TEnumType, NominalType { - override string getAPrimaryQlClass() { result = "EnumType" } +module Generated { + class EnumType extends Synth::TEnumType, NominalType { + override string getAPrimaryQlClass() { result = "EnumType" } + } } diff --git a/swift/ql/lib/codeql/swift/generated/type/ErrorType.qll b/swift/ql/lib/codeql/swift/generated/type/ErrorType.qll index 1f85f67b392..d347a8dc501 100644 --- a/swift/ql/lib/codeql/swift/generated/type/ErrorType.qll +++ b/swift/ql/lib/codeql/swift/generated/type/ErrorType.qll @@ -3,6 +3,8 @@ private import codeql.swift.generated.Synth private import codeql.swift.generated.Raw import codeql.swift.elements.type.Type -class ErrorTypeBase extends Synth::TErrorType, Type { - override string getAPrimaryQlClass() { result = "ErrorType" } +module Generated { + class ErrorType extends Synth::TErrorType, Type { + override string getAPrimaryQlClass() { result = "ErrorType" } + } } diff --git a/swift/ql/lib/codeql/swift/generated/type/ExistentialMetatypeType.qll b/swift/ql/lib/codeql/swift/generated/type/ExistentialMetatypeType.qll index eeba8303835..72b85a87830 100644 --- a/swift/ql/lib/codeql/swift/generated/type/ExistentialMetatypeType.qll +++ b/swift/ql/lib/codeql/swift/generated/type/ExistentialMetatypeType.qll @@ -3,6 +3,8 @@ private import codeql.swift.generated.Synth private import codeql.swift.generated.Raw import codeql.swift.elements.type.AnyMetatypeType -class ExistentialMetatypeTypeBase extends Synth::TExistentialMetatypeType, AnyMetatypeType { - override string getAPrimaryQlClass() { result = "ExistentialMetatypeType" } +module Generated { + class ExistentialMetatypeType extends Synth::TExistentialMetatypeType, AnyMetatypeType { + override string getAPrimaryQlClass() { result = "ExistentialMetatypeType" } + } } diff --git a/swift/ql/lib/codeql/swift/generated/type/ExistentialType.qll b/swift/ql/lib/codeql/swift/generated/type/ExistentialType.qll index 7511dee3dff..674f46e522a 100644 --- a/swift/ql/lib/codeql/swift/generated/type/ExistentialType.qll +++ b/swift/ql/lib/codeql/swift/generated/type/ExistentialType.qll @@ -3,15 +3,17 @@ private import codeql.swift.generated.Synth private import codeql.swift.generated.Raw import codeql.swift.elements.type.Type -class ExistentialTypeBase extends Synth::TExistentialType, Type { - override string getAPrimaryQlClass() { result = "ExistentialType" } +module Generated { + class ExistentialType extends Synth::TExistentialType, Type { + override string getAPrimaryQlClass() { result = "ExistentialType" } - Type getImmediateConstraint() { - result = - Synth::convertTypeFromRaw(Synth::convertExistentialTypeToRaw(this) - .(Raw::ExistentialType) - .getConstraint()) + Type getImmediateConstraint() { + result = + Synth::convertTypeFromRaw(Synth::convertExistentialTypeToRaw(this) + .(Raw::ExistentialType) + .getConstraint()) + } + + final Type getConstraint() { result = getImmediateConstraint().resolve() } } - - final Type getConstraint() { result = getImmediateConstraint().resolve() } } diff --git a/swift/ql/lib/codeql/swift/generated/type/FunctionType.qll b/swift/ql/lib/codeql/swift/generated/type/FunctionType.qll index e939bf2fca0..dba2459464b 100644 --- a/swift/ql/lib/codeql/swift/generated/type/FunctionType.qll +++ b/swift/ql/lib/codeql/swift/generated/type/FunctionType.qll @@ -3,6 +3,8 @@ private import codeql.swift.generated.Synth private import codeql.swift.generated.Raw import codeql.swift.elements.type.AnyFunctionType -class FunctionTypeBase extends Synth::TFunctionType, AnyFunctionType { - override string getAPrimaryQlClass() { result = "FunctionType" } +module Generated { + class FunctionType extends Synth::TFunctionType, AnyFunctionType { + override string getAPrimaryQlClass() { result = "FunctionType" } + } } diff --git a/swift/ql/lib/codeql/swift/generated/type/GenericFunctionType.qll b/swift/ql/lib/codeql/swift/generated/type/GenericFunctionType.qll index 8a20891df5c..f56c4820ea9 100644 --- a/swift/ql/lib/codeql/swift/generated/type/GenericFunctionType.qll +++ b/swift/ql/lib/codeql/swift/generated/type/GenericFunctionType.qll @@ -4,21 +4,23 @@ private import codeql.swift.generated.Raw import codeql.swift.elements.type.AnyFunctionType import codeql.swift.elements.type.GenericTypeParamType -class GenericFunctionTypeBase extends Synth::TGenericFunctionType, AnyFunctionType { - override string getAPrimaryQlClass() { result = "GenericFunctionType" } +module Generated { + class GenericFunctionType extends Synth::TGenericFunctionType, AnyFunctionType { + override string getAPrimaryQlClass() { result = "GenericFunctionType" } - GenericTypeParamType getImmediateGenericParam(int index) { - result = - Synth::convertGenericTypeParamTypeFromRaw(Synth::convertGenericFunctionTypeToRaw(this) - .(Raw::GenericFunctionType) - .getGenericParam(index)) + GenericTypeParamType getImmediateGenericParam(int index) { + result = + Synth::convertGenericTypeParamTypeFromRaw(Synth::convertGenericFunctionTypeToRaw(this) + .(Raw::GenericFunctionType) + .getGenericParam(index)) + } + + final GenericTypeParamType getGenericParam(int index) { + result = getImmediateGenericParam(index).resolve() + } + + final GenericTypeParamType getAGenericParam() { result = getGenericParam(_) } + + final int getNumberOfGenericParams() { result = count(getAGenericParam()) } } - - final GenericTypeParamType getGenericParam(int index) { - result = getImmediateGenericParam(index).resolve() - } - - final GenericTypeParamType getAGenericParam() { result = getGenericParam(_) } - - final int getNumberOfGenericParams() { result = count(getAGenericParam()) } } diff --git a/swift/ql/lib/codeql/swift/generated/type/GenericTypeParamType.qll b/swift/ql/lib/codeql/swift/generated/type/GenericTypeParamType.qll index f9572bacc21..2535b4bdcdd 100644 --- a/swift/ql/lib/codeql/swift/generated/type/GenericTypeParamType.qll +++ b/swift/ql/lib/codeql/swift/generated/type/GenericTypeParamType.qll @@ -3,6 +3,8 @@ private import codeql.swift.generated.Synth private import codeql.swift.generated.Raw import codeql.swift.elements.type.SubstitutableType -class GenericTypeParamTypeBase extends Synth::TGenericTypeParamType, SubstitutableType { - override string getAPrimaryQlClass() { result = "GenericTypeParamType" } +module Generated { + class GenericTypeParamType extends Synth::TGenericTypeParamType, SubstitutableType { + override string getAPrimaryQlClass() { result = "GenericTypeParamType" } + } } diff --git a/swift/ql/lib/codeql/swift/generated/type/InOutType.qll b/swift/ql/lib/codeql/swift/generated/type/InOutType.qll index 3590d654cb3..b3a383f8019 100644 --- a/swift/ql/lib/codeql/swift/generated/type/InOutType.qll +++ b/swift/ql/lib/codeql/swift/generated/type/InOutType.qll @@ -3,13 +3,17 @@ private import codeql.swift.generated.Synth private import codeql.swift.generated.Raw import codeql.swift.elements.type.Type -class InOutTypeBase extends Synth::TInOutType, Type { - override string getAPrimaryQlClass() { result = "InOutType" } +module Generated { + class InOutType extends Synth::TInOutType, Type { + override string getAPrimaryQlClass() { result = "InOutType" } - Type getImmediateObjectType() { - result = - Synth::convertTypeFromRaw(Synth::convertInOutTypeToRaw(this).(Raw::InOutType).getObjectType()) + Type getImmediateObjectType() { + result = + Synth::convertTypeFromRaw(Synth::convertInOutTypeToRaw(this) + .(Raw::InOutType) + .getObjectType()) + } + + final Type getObjectType() { result = getImmediateObjectType().resolve() } } - - final Type getObjectType() { result = getImmediateObjectType().resolve() } } diff --git a/swift/ql/lib/codeql/swift/generated/type/LValueType.qll b/swift/ql/lib/codeql/swift/generated/type/LValueType.qll index ae9efae983b..ec689b34ed7 100644 --- a/swift/ql/lib/codeql/swift/generated/type/LValueType.qll +++ b/swift/ql/lib/codeql/swift/generated/type/LValueType.qll @@ -3,15 +3,17 @@ private import codeql.swift.generated.Synth private import codeql.swift.generated.Raw import codeql.swift.elements.type.Type -class LValueTypeBase extends Synth::TLValueType, Type { - override string getAPrimaryQlClass() { result = "LValueType" } +module Generated { + class LValueType extends Synth::TLValueType, Type { + override string getAPrimaryQlClass() { result = "LValueType" } - Type getImmediateObjectType() { - result = - Synth::convertTypeFromRaw(Synth::convertLValueTypeToRaw(this) - .(Raw::LValueType) - .getObjectType()) + Type getImmediateObjectType() { + result = + Synth::convertTypeFromRaw(Synth::convertLValueTypeToRaw(this) + .(Raw::LValueType) + .getObjectType()) + } + + final Type getObjectType() { result = getImmediateObjectType().resolve() } } - - final Type getObjectType() { result = getImmediateObjectType().resolve() } } diff --git a/swift/ql/lib/codeql/swift/generated/type/MetatypeType.qll b/swift/ql/lib/codeql/swift/generated/type/MetatypeType.qll index 0a3956bf323..917eed048e1 100644 --- a/swift/ql/lib/codeql/swift/generated/type/MetatypeType.qll +++ b/swift/ql/lib/codeql/swift/generated/type/MetatypeType.qll @@ -3,6 +3,8 @@ private import codeql.swift.generated.Synth private import codeql.swift.generated.Raw import codeql.swift.elements.type.AnyMetatypeType -class MetatypeTypeBase extends Synth::TMetatypeType, AnyMetatypeType { - override string getAPrimaryQlClass() { result = "MetatypeType" } +module Generated { + class MetatypeType extends Synth::TMetatypeType, AnyMetatypeType { + override string getAPrimaryQlClass() { result = "MetatypeType" } + } } diff --git a/swift/ql/lib/codeql/swift/generated/type/ModuleType.qll b/swift/ql/lib/codeql/swift/generated/type/ModuleType.qll index 756367ad963..a97b42bdd5c 100644 --- a/swift/ql/lib/codeql/swift/generated/type/ModuleType.qll +++ b/swift/ql/lib/codeql/swift/generated/type/ModuleType.qll @@ -4,15 +4,17 @@ private import codeql.swift.generated.Raw import codeql.swift.elements.decl.ModuleDecl import codeql.swift.elements.type.Type -class ModuleTypeBase extends Synth::TModuleType, Type { - override string getAPrimaryQlClass() { result = "ModuleType" } +module Generated { + class ModuleType extends Synth::TModuleType, Type { + override string getAPrimaryQlClass() { result = "ModuleType" } - ModuleDecl getImmediateModule() { - result = - Synth::convertModuleDeclFromRaw(Synth::convertModuleTypeToRaw(this) - .(Raw::ModuleType) - .getModule()) + ModuleDecl getImmediateModule() { + result = + Synth::convertModuleDeclFromRaw(Synth::convertModuleTypeToRaw(this) + .(Raw::ModuleType) + .getModule()) + } + + final ModuleDecl getModule() { result = getImmediateModule().resolve() } } - - final ModuleDecl getModule() { result = getImmediateModule().resolve() } } diff --git a/swift/ql/lib/codeql/swift/generated/type/NominalOrBoundGenericNominalType.qll b/swift/ql/lib/codeql/swift/generated/type/NominalOrBoundGenericNominalType.qll index f17cd5032fe..44cd5d36c62 100644 --- a/swift/ql/lib/codeql/swift/generated/type/NominalOrBoundGenericNominalType.qll +++ b/swift/ql/lib/codeql/swift/generated/type/NominalOrBoundGenericNominalType.qll @@ -3,5 +3,7 @@ private import codeql.swift.generated.Synth private import codeql.swift.generated.Raw import codeql.swift.elements.type.AnyGenericType -class NominalOrBoundGenericNominalTypeBase extends Synth::TNominalOrBoundGenericNominalType, - AnyGenericType { } +module Generated { + class NominalOrBoundGenericNominalType extends Synth::TNominalOrBoundGenericNominalType, + AnyGenericType { } +} diff --git a/swift/ql/lib/codeql/swift/generated/type/NominalType.qll b/swift/ql/lib/codeql/swift/generated/type/NominalType.qll index fb1eca0fc68..db810f18b49 100644 --- a/swift/ql/lib/codeql/swift/generated/type/NominalType.qll +++ b/swift/ql/lib/codeql/swift/generated/type/NominalType.qll @@ -3,4 +3,6 @@ private import codeql.swift.generated.Synth private import codeql.swift.generated.Raw import codeql.swift.elements.type.NominalOrBoundGenericNominalType -class NominalTypeBase extends Synth::TNominalType, NominalOrBoundGenericNominalType { } +module Generated { + class NominalType extends Synth::TNominalType, NominalOrBoundGenericNominalType { } +} diff --git a/swift/ql/lib/codeql/swift/generated/type/OpaqueTypeArchetypeType.qll b/swift/ql/lib/codeql/swift/generated/type/OpaqueTypeArchetypeType.qll index 22b8027c479..a2cf236dd87 100644 --- a/swift/ql/lib/codeql/swift/generated/type/OpaqueTypeArchetypeType.qll +++ b/swift/ql/lib/codeql/swift/generated/type/OpaqueTypeArchetypeType.qll @@ -3,6 +3,8 @@ private import codeql.swift.generated.Synth private import codeql.swift.generated.Raw import codeql.swift.elements.type.ArchetypeType -class OpaqueTypeArchetypeTypeBase extends Synth::TOpaqueTypeArchetypeType, ArchetypeType { - override string getAPrimaryQlClass() { result = "OpaqueTypeArchetypeType" } +module Generated { + class OpaqueTypeArchetypeType extends Synth::TOpaqueTypeArchetypeType, ArchetypeType { + override string getAPrimaryQlClass() { result = "OpaqueTypeArchetypeType" } + } } diff --git a/swift/ql/lib/codeql/swift/generated/type/OpenedArchetypeType.qll b/swift/ql/lib/codeql/swift/generated/type/OpenedArchetypeType.qll index 92bf5e1bf07..ae7ae69e847 100644 --- a/swift/ql/lib/codeql/swift/generated/type/OpenedArchetypeType.qll +++ b/swift/ql/lib/codeql/swift/generated/type/OpenedArchetypeType.qll @@ -3,6 +3,8 @@ private import codeql.swift.generated.Synth private import codeql.swift.generated.Raw import codeql.swift.elements.type.ArchetypeType -class OpenedArchetypeTypeBase extends Synth::TOpenedArchetypeType, ArchetypeType { - override string getAPrimaryQlClass() { result = "OpenedArchetypeType" } +module Generated { + class OpenedArchetypeType extends Synth::TOpenedArchetypeType, ArchetypeType { + override string getAPrimaryQlClass() { result = "OpenedArchetypeType" } + } } diff --git a/swift/ql/lib/codeql/swift/generated/type/OptionalType.qll b/swift/ql/lib/codeql/swift/generated/type/OptionalType.qll index ffebc89b649..3b87f0ceab5 100644 --- a/swift/ql/lib/codeql/swift/generated/type/OptionalType.qll +++ b/swift/ql/lib/codeql/swift/generated/type/OptionalType.qll @@ -3,6 +3,8 @@ private import codeql.swift.generated.Synth private import codeql.swift.generated.Raw import codeql.swift.elements.type.UnarySyntaxSugarType -class OptionalTypeBase extends Synth::TOptionalType, UnarySyntaxSugarType { - override string getAPrimaryQlClass() { result = "OptionalType" } +module Generated { + class OptionalType extends Synth::TOptionalType, UnarySyntaxSugarType { + override string getAPrimaryQlClass() { result = "OptionalType" } + } } diff --git a/swift/ql/lib/codeql/swift/generated/type/PackExpansionType.qll b/swift/ql/lib/codeql/swift/generated/type/PackExpansionType.qll index 778aaaa84e5..38a1a18da37 100644 --- a/swift/ql/lib/codeql/swift/generated/type/PackExpansionType.qll +++ b/swift/ql/lib/codeql/swift/generated/type/PackExpansionType.qll @@ -3,6 +3,8 @@ private import codeql.swift.generated.Synth private import codeql.swift.generated.Raw import codeql.swift.elements.type.Type -class PackExpansionTypeBase extends Synth::TPackExpansionType, Type { - override string getAPrimaryQlClass() { result = "PackExpansionType" } +module Generated { + class PackExpansionType extends Synth::TPackExpansionType, Type { + override string getAPrimaryQlClass() { result = "PackExpansionType" } + } } diff --git a/swift/ql/lib/codeql/swift/generated/type/PackType.qll b/swift/ql/lib/codeql/swift/generated/type/PackType.qll index 6926db6636b..67f619d92ed 100644 --- a/swift/ql/lib/codeql/swift/generated/type/PackType.qll +++ b/swift/ql/lib/codeql/swift/generated/type/PackType.qll @@ -3,6 +3,8 @@ private import codeql.swift.generated.Synth private import codeql.swift.generated.Raw import codeql.swift.elements.type.Type -class PackTypeBase extends Synth::TPackType, Type { - override string getAPrimaryQlClass() { result = "PackType" } +module Generated { + class PackType extends Synth::TPackType, Type { + override string getAPrimaryQlClass() { result = "PackType" } + } } diff --git a/swift/ql/lib/codeql/swift/generated/type/ParameterizedProtocolType.qll b/swift/ql/lib/codeql/swift/generated/type/ParameterizedProtocolType.qll index aab59057e05..0a969fd5256 100644 --- a/swift/ql/lib/codeql/swift/generated/type/ParameterizedProtocolType.qll +++ b/swift/ql/lib/codeql/swift/generated/type/ParameterizedProtocolType.qll @@ -3,6 +3,8 @@ private import codeql.swift.generated.Synth private import codeql.swift.generated.Raw import codeql.swift.elements.type.Type -class ParameterizedProtocolTypeBase extends Synth::TParameterizedProtocolType, Type { - override string getAPrimaryQlClass() { result = "ParameterizedProtocolType" } +module Generated { + class ParameterizedProtocolType extends Synth::TParameterizedProtocolType, Type { + override string getAPrimaryQlClass() { result = "ParameterizedProtocolType" } + } } diff --git a/swift/ql/lib/codeql/swift/generated/type/ParenType.qll b/swift/ql/lib/codeql/swift/generated/type/ParenType.qll index 97135bad16c..3532fc6abce 100644 --- a/swift/ql/lib/codeql/swift/generated/type/ParenType.qll +++ b/swift/ql/lib/codeql/swift/generated/type/ParenType.qll @@ -4,13 +4,15 @@ private import codeql.swift.generated.Raw import codeql.swift.elements.type.SugarType import codeql.swift.elements.type.Type -class ParenTypeBase extends Synth::TParenType, SugarType { - override string getAPrimaryQlClass() { result = "ParenType" } +module Generated { + class ParenType extends Synth::TParenType, SugarType { + override string getAPrimaryQlClass() { result = "ParenType" } - Type getImmediateType() { - result = - Synth::convertTypeFromRaw(Synth::convertParenTypeToRaw(this).(Raw::ParenType).getType()) + Type getImmediateType() { + result = + Synth::convertTypeFromRaw(Synth::convertParenTypeToRaw(this).(Raw::ParenType).getType()) + } + + final Type getType() { result = getImmediateType().resolve() } } - - final Type getType() { result = getImmediateType().resolve() } } diff --git a/swift/ql/lib/codeql/swift/generated/type/PlaceholderType.qll b/swift/ql/lib/codeql/swift/generated/type/PlaceholderType.qll index ac145a7f2e1..5323a76084e 100644 --- a/swift/ql/lib/codeql/swift/generated/type/PlaceholderType.qll +++ b/swift/ql/lib/codeql/swift/generated/type/PlaceholderType.qll @@ -3,6 +3,8 @@ private import codeql.swift.generated.Synth private import codeql.swift.generated.Raw import codeql.swift.elements.type.Type -class PlaceholderTypeBase extends Synth::TPlaceholderType, Type { - override string getAPrimaryQlClass() { result = "PlaceholderType" } +module Generated { + class PlaceholderType extends Synth::TPlaceholderType, Type { + override string getAPrimaryQlClass() { result = "PlaceholderType" } + } } diff --git a/swift/ql/lib/codeql/swift/generated/type/PrimaryArchetypeType.qll b/swift/ql/lib/codeql/swift/generated/type/PrimaryArchetypeType.qll index 997b7fec15d..eaa6f2f4d16 100644 --- a/swift/ql/lib/codeql/swift/generated/type/PrimaryArchetypeType.qll +++ b/swift/ql/lib/codeql/swift/generated/type/PrimaryArchetypeType.qll @@ -3,6 +3,8 @@ private import codeql.swift.generated.Synth private import codeql.swift.generated.Raw import codeql.swift.elements.type.ArchetypeType -class PrimaryArchetypeTypeBase extends Synth::TPrimaryArchetypeType, ArchetypeType { - override string getAPrimaryQlClass() { result = "PrimaryArchetypeType" } +module Generated { + class PrimaryArchetypeType extends Synth::TPrimaryArchetypeType, ArchetypeType { + override string getAPrimaryQlClass() { result = "PrimaryArchetypeType" } + } } diff --git a/swift/ql/lib/codeql/swift/generated/type/ProtocolCompositionType.qll b/swift/ql/lib/codeql/swift/generated/type/ProtocolCompositionType.qll index b38339f8c62..93e945b85cd 100644 --- a/swift/ql/lib/codeql/swift/generated/type/ProtocolCompositionType.qll +++ b/swift/ql/lib/codeql/swift/generated/type/ProtocolCompositionType.qll @@ -3,19 +3,21 @@ private import codeql.swift.generated.Synth private import codeql.swift.generated.Raw import codeql.swift.elements.type.Type -class ProtocolCompositionTypeBase extends Synth::TProtocolCompositionType, Type { - override string getAPrimaryQlClass() { result = "ProtocolCompositionType" } +module Generated { + class ProtocolCompositionType extends Synth::TProtocolCompositionType, Type { + override string getAPrimaryQlClass() { result = "ProtocolCompositionType" } - Type getImmediateMember(int index) { - result = - Synth::convertTypeFromRaw(Synth::convertProtocolCompositionTypeToRaw(this) - .(Raw::ProtocolCompositionType) - .getMember(index)) + Type getImmediateMember(int index) { + result = + Synth::convertTypeFromRaw(Synth::convertProtocolCompositionTypeToRaw(this) + .(Raw::ProtocolCompositionType) + .getMember(index)) + } + + final Type getMember(int index) { result = getImmediateMember(index).resolve() } + + final Type getAMember() { result = getMember(_) } + + final int getNumberOfMembers() { result = count(getAMember()) } } - - final Type getMember(int index) { result = getImmediateMember(index).resolve() } - - final Type getAMember() { result = getMember(_) } - - final int getNumberOfMembers() { result = count(getAMember()) } } diff --git a/swift/ql/lib/codeql/swift/generated/type/ProtocolType.qll b/swift/ql/lib/codeql/swift/generated/type/ProtocolType.qll index c3271ca0492..4de96f6181d 100644 --- a/swift/ql/lib/codeql/swift/generated/type/ProtocolType.qll +++ b/swift/ql/lib/codeql/swift/generated/type/ProtocolType.qll @@ -3,6 +3,8 @@ private import codeql.swift.generated.Synth private import codeql.swift.generated.Raw import codeql.swift.elements.type.NominalType -class ProtocolTypeBase extends Synth::TProtocolType, NominalType { - override string getAPrimaryQlClass() { result = "ProtocolType" } +module Generated { + class ProtocolType extends Synth::TProtocolType, NominalType { + override string getAPrimaryQlClass() { result = "ProtocolType" } + } } diff --git a/swift/ql/lib/codeql/swift/generated/type/ReferenceStorageType.qll b/swift/ql/lib/codeql/swift/generated/type/ReferenceStorageType.qll index 2be6511f9da..54d3c68248c 100644 --- a/swift/ql/lib/codeql/swift/generated/type/ReferenceStorageType.qll +++ b/swift/ql/lib/codeql/swift/generated/type/ReferenceStorageType.qll @@ -3,13 +3,15 @@ private import codeql.swift.generated.Synth private import codeql.swift.generated.Raw import codeql.swift.elements.type.Type -class ReferenceStorageTypeBase extends Synth::TReferenceStorageType, Type { - Type getImmediateReferentType() { - result = - Synth::convertTypeFromRaw(Synth::convertReferenceStorageTypeToRaw(this) - .(Raw::ReferenceStorageType) - .getReferentType()) - } +module Generated { + class ReferenceStorageType extends Synth::TReferenceStorageType, Type { + Type getImmediateReferentType() { + result = + Synth::convertTypeFromRaw(Synth::convertReferenceStorageTypeToRaw(this) + .(Raw::ReferenceStorageType) + .getReferentType()) + } - final Type getReferentType() { result = getImmediateReferentType().resolve() } + final Type getReferentType() { result = getImmediateReferentType().resolve() } + } } diff --git a/swift/ql/lib/codeql/swift/generated/type/SequenceArchetypeType.qll b/swift/ql/lib/codeql/swift/generated/type/SequenceArchetypeType.qll index 17cd0802fe8..6621b6f53fe 100644 --- a/swift/ql/lib/codeql/swift/generated/type/SequenceArchetypeType.qll +++ b/swift/ql/lib/codeql/swift/generated/type/SequenceArchetypeType.qll @@ -3,6 +3,8 @@ private import codeql.swift.generated.Synth private import codeql.swift.generated.Raw import codeql.swift.elements.type.ArchetypeType -class SequenceArchetypeTypeBase extends Synth::TSequenceArchetypeType, ArchetypeType { - override string getAPrimaryQlClass() { result = "SequenceArchetypeType" } +module Generated { + class SequenceArchetypeType extends Synth::TSequenceArchetypeType, ArchetypeType { + override string getAPrimaryQlClass() { result = "SequenceArchetypeType" } + } } diff --git a/swift/ql/lib/codeql/swift/generated/type/SilBlockStorageType.qll b/swift/ql/lib/codeql/swift/generated/type/SilBlockStorageType.qll index 949659eb672..faf1a6da3b4 100644 --- a/swift/ql/lib/codeql/swift/generated/type/SilBlockStorageType.qll +++ b/swift/ql/lib/codeql/swift/generated/type/SilBlockStorageType.qll @@ -3,6 +3,8 @@ private import codeql.swift.generated.Synth private import codeql.swift.generated.Raw import codeql.swift.elements.type.Type -class SilBlockStorageTypeBase extends Synth::TSilBlockStorageType, Type { - override string getAPrimaryQlClass() { result = "SilBlockStorageType" } +module Generated { + class SilBlockStorageType extends Synth::TSilBlockStorageType, Type { + override string getAPrimaryQlClass() { result = "SilBlockStorageType" } + } } diff --git a/swift/ql/lib/codeql/swift/generated/type/SilBoxType.qll b/swift/ql/lib/codeql/swift/generated/type/SilBoxType.qll index 2187f49841e..b2547ff56ce 100644 --- a/swift/ql/lib/codeql/swift/generated/type/SilBoxType.qll +++ b/swift/ql/lib/codeql/swift/generated/type/SilBoxType.qll @@ -3,6 +3,8 @@ private import codeql.swift.generated.Synth private import codeql.swift.generated.Raw import codeql.swift.elements.type.Type -class SilBoxTypeBase extends Synth::TSilBoxType, Type { - override string getAPrimaryQlClass() { result = "SilBoxType" } +module Generated { + class SilBoxType extends Synth::TSilBoxType, Type { + override string getAPrimaryQlClass() { result = "SilBoxType" } + } } diff --git a/swift/ql/lib/codeql/swift/generated/type/SilFunctionType.qll b/swift/ql/lib/codeql/swift/generated/type/SilFunctionType.qll index d92fb07123c..9eb4299d745 100644 --- a/swift/ql/lib/codeql/swift/generated/type/SilFunctionType.qll +++ b/swift/ql/lib/codeql/swift/generated/type/SilFunctionType.qll @@ -3,6 +3,8 @@ private import codeql.swift.generated.Synth private import codeql.swift.generated.Raw import codeql.swift.elements.type.Type -class SilFunctionTypeBase extends Synth::TSilFunctionType, Type { - override string getAPrimaryQlClass() { result = "SilFunctionType" } +module Generated { + class SilFunctionType extends Synth::TSilFunctionType, Type { + override string getAPrimaryQlClass() { result = "SilFunctionType" } + } } diff --git a/swift/ql/lib/codeql/swift/generated/type/SilTokenType.qll b/swift/ql/lib/codeql/swift/generated/type/SilTokenType.qll index 7ddaaf0bccd..0d55383c4fc 100644 --- a/swift/ql/lib/codeql/swift/generated/type/SilTokenType.qll +++ b/swift/ql/lib/codeql/swift/generated/type/SilTokenType.qll @@ -3,6 +3,8 @@ private import codeql.swift.generated.Synth private import codeql.swift.generated.Raw import codeql.swift.elements.type.Type -class SilTokenTypeBase extends Synth::TSilTokenType, Type { - override string getAPrimaryQlClass() { result = "SilTokenType" } +module Generated { + class SilTokenType extends Synth::TSilTokenType, Type { + override string getAPrimaryQlClass() { result = "SilTokenType" } + } } diff --git a/swift/ql/lib/codeql/swift/generated/type/StructType.qll b/swift/ql/lib/codeql/swift/generated/type/StructType.qll index 5dcddee975f..1008828e4ef 100644 --- a/swift/ql/lib/codeql/swift/generated/type/StructType.qll +++ b/swift/ql/lib/codeql/swift/generated/type/StructType.qll @@ -3,6 +3,8 @@ private import codeql.swift.generated.Synth private import codeql.swift.generated.Raw import codeql.swift.elements.type.NominalType -class StructTypeBase extends Synth::TStructType, NominalType { - override string getAPrimaryQlClass() { result = "StructType" } +module Generated { + class StructType extends Synth::TStructType, NominalType { + override string getAPrimaryQlClass() { result = "StructType" } + } } diff --git a/swift/ql/lib/codeql/swift/generated/type/SubstitutableType.qll b/swift/ql/lib/codeql/swift/generated/type/SubstitutableType.qll index 4c6dc09d571..fa262b7d463 100644 --- a/swift/ql/lib/codeql/swift/generated/type/SubstitutableType.qll +++ b/swift/ql/lib/codeql/swift/generated/type/SubstitutableType.qll @@ -3,4 +3,6 @@ private import codeql.swift.generated.Synth private import codeql.swift.generated.Raw import codeql.swift.elements.type.Type -class SubstitutableTypeBase extends Synth::TSubstitutableType, Type { } +module Generated { + class SubstitutableType extends Synth::TSubstitutableType, Type { } +} diff --git a/swift/ql/lib/codeql/swift/generated/type/SugarType.qll b/swift/ql/lib/codeql/swift/generated/type/SugarType.qll index 647c49a5bce..e6d7d8cbc2a 100644 --- a/swift/ql/lib/codeql/swift/generated/type/SugarType.qll +++ b/swift/ql/lib/codeql/swift/generated/type/SugarType.qll @@ -3,4 +3,6 @@ private import codeql.swift.generated.Synth private import codeql.swift.generated.Raw import codeql.swift.elements.type.Type -class SugarTypeBase extends Synth::TSugarType, Type { } +module Generated { + class SugarType extends Synth::TSugarType, Type { } +} diff --git a/swift/ql/lib/codeql/swift/generated/type/SyntaxSugarType.qll b/swift/ql/lib/codeql/swift/generated/type/SyntaxSugarType.qll index eaebf032868..9667fddd608 100644 --- a/swift/ql/lib/codeql/swift/generated/type/SyntaxSugarType.qll +++ b/swift/ql/lib/codeql/swift/generated/type/SyntaxSugarType.qll @@ -3,4 +3,6 @@ private import codeql.swift.generated.Synth private import codeql.swift.generated.Raw import codeql.swift.elements.type.SugarType -class SyntaxSugarTypeBase extends Synth::TSyntaxSugarType, SugarType { } +module Generated { + class SyntaxSugarType extends Synth::TSyntaxSugarType, SugarType { } +} diff --git a/swift/ql/lib/codeql/swift/generated/type/TupleType.qll b/swift/ql/lib/codeql/swift/generated/type/TupleType.qll index e4518680260..ad36a79dee7 100644 --- a/swift/ql/lib/codeql/swift/generated/type/TupleType.qll +++ b/swift/ql/lib/codeql/swift/generated/type/TupleType.qll @@ -3,25 +3,27 @@ private import codeql.swift.generated.Synth private import codeql.swift.generated.Raw import codeql.swift.elements.type.Type -class TupleTypeBase extends Synth::TTupleType, Type { - override string getAPrimaryQlClass() { result = "TupleType" } +module Generated { + class TupleType extends Synth::TTupleType, Type { + override string getAPrimaryQlClass() { result = "TupleType" } - Type getImmediateType(int index) { - result = - Synth::convertTypeFromRaw(Synth::convertTupleTypeToRaw(this).(Raw::TupleType).getType(index)) + Type getImmediateType(int index) { + result = + Synth::convertTypeFromRaw(Synth::convertTupleTypeToRaw(this).(Raw::TupleType).getType(index)) + } + + final Type getType(int index) { result = getImmediateType(index).resolve() } + + final Type getAType() { result = getType(_) } + + final int getNumberOfTypes() { result = count(getAType()) } + + string getName(int index) { + result = Synth::convertTupleTypeToRaw(this).(Raw::TupleType).getName(index) + } + + final string getAName() { result = getName(_) } + + final int getNumberOfNames() { result = count(getAName()) } } - - final Type getType(int index) { result = getImmediateType(index).resolve() } - - final Type getAType() { result = getType(_) } - - final int getNumberOfTypes() { result = count(getAType()) } - - string getName(int index) { - result = Synth::convertTupleTypeToRaw(this).(Raw::TupleType).getName(index) - } - - final string getAName() { result = getName(_) } - - final int getNumberOfNames() { result = count(getAName()) } } diff --git a/swift/ql/lib/codeql/swift/generated/type/Type.qll b/swift/ql/lib/codeql/swift/generated/type/Type.qll index c19e60e0f07..1c081a26154 100644 --- a/swift/ql/lib/codeql/swift/generated/type/Type.qll +++ b/swift/ql/lib/codeql/swift/generated/type/Type.qll @@ -2,14 +2,16 @@ private import codeql.swift.generated.Synth private import codeql.swift.generated.Raw import codeql.swift.elements.Element -import codeql.swift.elements.type.Type -class TypeBase extends Synth::TType, Element { - string getName() { result = Synth::convertTypeToRaw(this).(Raw::Type).getName() } +module Generated { + class Type extends Synth::TType, Element { + string getName() { result = Synth::convertTypeToRaw(this).(Raw::Type).getName() } - Type getImmediateCanonicalType() { - result = Synth::convertTypeFromRaw(Synth::convertTypeToRaw(this).(Raw::Type).getCanonicalType()) + Type getImmediateCanonicalType() { + result = + Synth::convertTypeFromRaw(Synth::convertTypeToRaw(this).(Raw::Type).getCanonicalType()) + } + + final Type getCanonicalType() { result = getImmediateCanonicalType().resolve() } } - - final Type getCanonicalType() { result = getImmediateCanonicalType().resolve() } } diff --git a/swift/ql/lib/codeql/swift/generated/type/TypeAliasType.qll b/swift/ql/lib/codeql/swift/generated/type/TypeAliasType.qll index 0c194b3499b..00ba8011925 100644 --- a/swift/ql/lib/codeql/swift/generated/type/TypeAliasType.qll +++ b/swift/ql/lib/codeql/swift/generated/type/TypeAliasType.qll @@ -4,15 +4,17 @@ private import codeql.swift.generated.Raw import codeql.swift.elements.type.SugarType import codeql.swift.elements.decl.TypeAliasDecl -class TypeAliasTypeBase extends Synth::TTypeAliasType, SugarType { - override string getAPrimaryQlClass() { result = "TypeAliasType" } +module Generated { + class TypeAliasType extends Synth::TTypeAliasType, SugarType { + override string getAPrimaryQlClass() { result = "TypeAliasType" } - TypeAliasDecl getImmediateDecl() { - result = - Synth::convertTypeAliasDeclFromRaw(Synth::convertTypeAliasTypeToRaw(this) - .(Raw::TypeAliasType) - .getDecl()) + TypeAliasDecl getImmediateDecl() { + result = + Synth::convertTypeAliasDeclFromRaw(Synth::convertTypeAliasTypeToRaw(this) + .(Raw::TypeAliasType) + .getDecl()) + } + + final TypeAliasDecl getDecl() { result = getImmediateDecl().resolve() } } - - final TypeAliasDecl getDecl() { result = getImmediateDecl().resolve() } } diff --git a/swift/ql/lib/codeql/swift/generated/type/TypeRepr.qll b/swift/ql/lib/codeql/swift/generated/type/TypeRepr.qll index 10c7008ceae..23f43f3bc41 100644 --- a/swift/ql/lib/codeql/swift/generated/type/TypeRepr.qll +++ b/swift/ql/lib/codeql/swift/generated/type/TypeRepr.qll @@ -4,12 +4,15 @@ private import codeql.swift.generated.Raw import codeql.swift.elements.AstNode import codeql.swift.elements.type.Type -class TypeReprBase extends Synth::TTypeRepr, AstNode { - override string getAPrimaryQlClass() { result = "TypeRepr" } +module Generated { + class TypeRepr extends Synth::TTypeRepr, AstNode { + override string getAPrimaryQlClass() { result = "TypeRepr" } - Type getImmediateType() { - result = Synth::convertTypeFromRaw(Synth::convertTypeReprToRaw(this).(Raw::TypeRepr).getType()) + Type getImmediateType() { + result = + Synth::convertTypeFromRaw(Synth::convertTypeReprToRaw(this).(Raw::TypeRepr).getType()) + } + + final Type getType() { result = getImmediateType().resolve() } } - - final Type getType() { result = getImmediateType().resolve() } } diff --git a/swift/ql/lib/codeql/swift/generated/type/TypeVariableType.qll b/swift/ql/lib/codeql/swift/generated/type/TypeVariableType.qll index 074c69782e0..526e156daaf 100644 --- a/swift/ql/lib/codeql/swift/generated/type/TypeVariableType.qll +++ b/swift/ql/lib/codeql/swift/generated/type/TypeVariableType.qll @@ -3,6 +3,8 @@ private import codeql.swift.generated.Synth private import codeql.swift.generated.Raw import codeql.swift.elements.type.Type -class TypeVariableTypeBase extends Synth::TTypeVariableType, Type { - override string getAPrimaryQlClass() { result = "TypeVariableType" } +module Generated { + class TypeVariableType extends Synth::TTypeVariableType, Type { + override string getAPrimaryQlClass() { result = "TypeVariableType" } + } } diff --git a/swift/ql/lib/codeql/swift/generated/type/UnarySyntaxSugarType.qll b/swift/ql/lib/codeql/swift/generated/type/UnarySyntaxSugarType.qll index bd66d71eb08..c26d2bed6ca 100644 --- a/swift/ql/lib/codeql/swift/generated/type/UnarySyntaxSugarType.qll +++ b/swift/ql/lib/codeql/swift/generated/type/UnarySyntaxSugarType.qll @@ -4,13 +4,15 @@ private import codeql.swift.generated.Raw import codeql.swift.elements.type.SyntaxSugarType import codeql.swift.elements.type.Type -class UnarySyntaxSugarTypeBase extends Synth::TUnarySyntaxSugarType, SyntaxSugarType { - Type getImmediateBaseType() { - result = - Synth::convertTypeFromRaw(Synth::convertUnarySyntaxSugarTypeToRaw(this) - .(Raw::UnarySyntaxSugarType) - .getBaseType()) - } +module Generated { + class UnarySyntaxSugarType extends Synth::TUnarySyntaxSugarType, SyntaxSugarType { + Type getImmediateBaseType() { + result = + Synth::convertTypeFromRaw(Synth::convertUnarySyntaxSugarTypeToRaw(this) + .(Raw::UnarySyntaxSugarType) + .getBaseType()) + } - final Type getBaseType() { result = getImmediateBaseType().resolve() } + final Type getBaseType() { result = getImmediateBaseType().resolve() } + } } diff --git a/swift/ql/lib/codeql/swift/generated/type/UnboundGenericType.qll b/swift/ql/lib/codeql/swift/generated/type/UnboundGenericType.qll index 5782032a796..c269998cc2e 100644 --- a/swift/ql/lib/codeql/swift/generated/type/UnboundGenericType.qll +++ b/swift/ql/lib/codeql/swift/generated/type/UnboundGenericType.qll @@ -3,6 +3,8 @@ private import codeql.swift.generated.Synth private import codeql.swift.generated.Raw import codeql.swift.elements.type.AnyGenericType -class UnboundGenericTypeBase extends Synth::TUnboundGenericType, AnyGenericType { - override string getAPrimaryQlClass() { result = "UnboundGenericType" } +module Generated { + class UnboundGenericType extends Synth::TUnboundGenericType, AnyGenericType { + override string getAPrimaryQlClass() { result = "UnboundGenericType" } + } } diff --git a/swift/ql/lib/codeql/swift/generated/type/UnmanagedStorageType.qll b/swift/ql/lib/codeql/swift/generated/type/UnmanagedStorageType.qll index 8761a57ae69..7cfab9c3a89 100644 --- a/swift/ql/lib/codeql/swift/generated/type/UnmanagedStorageType.qll +++ b/swift/ql/lib/codeql/swift/generated/type/UnmanagedStorageType.qll @@ -3,6 +3,8 @@ private import codeql.swift.generated.Synth private import codeql.swift.generated.Raw import codeql.swift.elements.type.ReferenceStorageType -class UnmanagedStorageTypeBase extends Synth::TUnmanagedStorageType, ReferenceStorageType { - override string getAPrimaryQlClass() { result = "UnmanagedStorageType" } +module Generated { + class UnmanagedStorageType extends Synth::TUnmanagedStorageType, ReferenceStorageType { + override string getAPrimaryQlClass() { result = "UnmanagedStorageType" } + } } diff --git a/swift/ql/lib/codeql/swift/generated/type/UnownedStorageType.qll b/swift/ql/lib/codeql/swift/generated/type/UnownedStorageType.qll index 8ca213218d2..bb9fdb60381 100644 --- a/swift/ql/lib/codeql/swift/generated/type/UnownedStorageType.qll +++ b/swift/ql/lib/codeql/swift/generated/type/UnownedStorageType.qll @@ -3,6 +3,8 @@ private import codeql.swift.generated.Synth private import codeql.swift.generated.Raw import codeql.swift.elements.type.ReferenceStorageType -class UnownedStorageTypeBase extends Synth::TUnownedStorageType, ReferenceStorageType { - override string getAPrimaryQlClass() { result = "UnownedStorageType" } +module Generated { + class UnownedStorageType extends Synth::TUnownedStorageType, ReferenceStorageType { + override string getAPrimaryQlClass() { result = "UnownedStorageType" } + } } diff --git a/swift/ql/lib/codeql/swift/generated/type/UnresolvedType.qll b/swift/ql/lib/codeql/swift/generated/type/UnresolvedType.qll index f89759e7df7..4cad38bace3 100644 --- a/swift/ql/lib/codeql/swift/generated/type/UnresolvedType.qll +++ b/swift/ql/lib/codeql/swift/generated/type/UnresolvedType.qll @@ -4,6 +4,8 @@ private import codeql.swift.generated.Raw import codeql.swift.elements.type.Type import codeql.swift.elements.UnresolvedElement -class UnresolvedTypeBase extends Synth::TUnresolvedType, Type, UnresolvedElement { - override string getAPrimaryQlClass() { result = "UnresolvedType" } +module Generated { + class UnresolvedType extends Synth::TUnresolvedType, Type, UnresolvedElement { + override string getAPrimaryQlClass() { result = "UnresolvedType" } + } } diff --git a/swift/ql/lib/codeql/swift/generated/type/VariadicSequenceType.qll b/swift/ql/lib/codeql/swift/generated/type/VariadicSequenceType.qll index 23318dbd9f3..a4c22d3be93 100644 --- a/swift/ql/lib/codeql/swift/generated/type/VariadicSequenceType.qll +++ b/swift/ql/lib/codeql/swift/generated/type/VariadicSequenceType.qll @@ -3,6 +3,8 @@ private import codeql.swift.generated.Synth private import codeql.swift.generated.Raw import codeql.swift.elements.type.UnarySyntaxSugarType -class VariadicSequenceTypeBase extends Synth::TVariadicSequenceType, UnarySyntaxSugarType { - override string getAPrimaryQlClass() { result = "VariadicSequenceType" } +module Generated { + class VariadicSequenceType extends Synth::TVariadicSequenceType, UnarySyntaxSugarType { + override string getAPrimaryQlClass() { result = "VariadicSequenceType" } + } } diff --git a/swift/ql/lib/codeql/swift/generated/type/WeakStorageType.qll b/swift/ql/lib/codeql/swift/generated/type/WeakStorageType.qll index 2579b745e2e..9ee54ce1e5b 100644 --- a/swift/ql/lib/codeql/swift/generated/type/WeakStorageType.qll +++ b/swift/ql/lib/codeql/swift/generated/type/WeakStorageType.qll @@ -3,6 +3,8 @@ private import codeql.swift.generated.Synth private import codeql.swift.generated.Raw import codeql.swift.elements.type.ReferenceStorageType -class WeakStorageTypeBase extends Synth::TWeakStorageType, ReferenceStorageType { - override string getAPrimaryQlClass() { result = "WeakStorageType" } +module Generated { + class WeakStorageType extends Synth::TWeakStorageType, ReferenceStorageType { + override string getAPrimaryQlClass() { result = "WeakStorageType" } + } } diff --git a/swift/ql/src/queries/Security/CWE-312/CleartextStoragePreferences.qhelp b/swift/ql/src/queries/Security/CWE-312/CleartextStoragePreferences.qhelp new file mode 100644 index 00000000000..89f473c74c9 --- /dev/null +++ b/swift/ql/src/queries/Security/CWE-312/CleartextStoragePreferences.qhelp @@ -0,0 +1,31 @@ + + + + +

    Sensitive information that is stored unencrypted in an application preference store, such as the user defaults database or the iCloud-backed ubiquitous key-value store, is accessible to an attacker who gains access to that data store. For example, the information could be accessed by any process or user in a rooted device, by compromised app extensions, or could be exposed through another vulnerability.

    + +     + + +

    Either store the data in an encrypted database, or ensure that each piece of sensitive information is encrypted before being stored. In general, decrypt sensitive information only at the point where it is necessary for it to be used in cleartext. Avoid storing sensitive information at all if you do not need to keep it.

    + +     + + +

    The following example shows three cases of storing information using UserDefaults. In the 'BAD' case, the data that is stored is sensitive (a credit card number) and is not encrypted. In the 'GOOD' cases, the data is either not sensitive, or is protected with encryption.

    + + + +     + + +
  • + OWASP Top 10:2021: + A02:2021 — Cryptographic Failures. +
    • +
  • +Apple Developer Documentation: UserDefaults, NSUbiquitousKeyValueStore +
    • + +     +     diff --git a/swift/ql/src/queries/Security/CWE-312/CleartextStoragePreferences.ql b/swift/ql/src/queries/Security/CWE-312/CleartextStoragePreferences.ql new file mode 100644 index 00000000000..4c0ebb5d9fa --- /dev/null +++ b/swift/ql/src/queries/Security/CWE-312/CleartextStoragePreferences.ql @@ -0,0 +1,106 @@ +/** + * @name Cleartext storage of sensitive information in an application preference store + * @description Storing sensitive information in a non-encrypted store can expose it to an attacker. + * @kind path-problem + * @problem.severity warning + * @security-severity 7.5 + * @precision medium + * @id swift/cleartext-storage-preferences + * @tags security + * external/cwe/cwe-312 + */ + +import swift +import codeql.swift.security.SensitiveExprs +import codeql.swift.dataflow.DataFlow +import codeql.swift.dataflow.TaintTracking +import DataFlow::PathGraph + +/** + * A `DataFlow::Node` of something that gets stored in an application preference store. + */ +abstract class Stored extends DataFlow::Node { + abstract string getStoreName(); +} + +/** The `DataFlow::Node` of an expression that gets written to the user defaults database */ +class UserDefaultsStore extends Stored { + UserDefaultsStore() { + exists(ClassDecl c, AbstractFunctionDecl f, CallExpr call | + c.getName() = "UserDefaults" and + c.getAMember() = f and + f.getName() = "set(_:forKey:)" and + call.getStaticTarget() = f and + call.getArgument(0).getExpr() = this.asExpr() + ) + } + + override string getStoreName() { result = "the user defaults database" } +} + +/** The `DataFlow::Node` of an expression that gets written to the iCloud-backed NSUbiquitousKeyValueStore */ +class NSUbiquitousKeyValueStore extends Stored { + NSUbiquitousKeyValueStore() { + exists(ClassDecl c, AbstractFunctionDecl f, CallExpr call | + c.getName() = "NSUbiquitousKeyValueStore" and + c.getAMember() = f and + f.getName() = "set(_:forKey:)" and + call.getStaticTarget() = f and + call.getArgument(0).getExpr() = this.asExpr() + ) + } + + override string getStoreName() { result = "iCloud" } +} + +/** + * A more complicated case, this is a macOS-only way of writing to + * NSUserDefaults by modifying the `NSUserDefaultsController.values: Any` + * object via reflection (`perform(Selector)`) or the `NSKeyValueCoding`, + * `NSKeyValueBindingCreation` APIs. (TODO) + */ +class NSUserDefaultsControllerStore extends Stored { + NSUserDefaultsControllerStore() { none() } + + override string getStoreName() { result = "the user defaults database" } +} + +/** + * A taint configuration from sensitive information to expressions that are + * stored as preferences. + */ +class CleartextStorageConfig extends TaintTracking::Configuration { + CleartextStorageConfig() { this = "CleartextStorageConfig" } + + override predicate isSource(DataFlow::Node node) { node.asExpr() instanceof SensitiveExpr } + + override predicate isSink(DataFlow::Node node) { node instanceof Stored } + + override predicate isSanitizerIn(DataFlow::Node node) { + // make sources barriers so that we only report the closest instance + this.isSource(node) + } + + override predicate isSanitizer(DataFlow::Node node) { + // encryption barrier + node.asExpr() instanceof EncryptedExpr + } +} + +/** + * Gets a prettier node to use in the results. + */ +DataFlow::Node cleanupNode(DataFlow::Node n) { + result = n.(DataFlow::PostUpdateNode).getPreUpdateNode() + or + not n instanceof DataFlow::PostUpdateNode and + result = n +} + +from CleartextStorageConfig config, DataFlow::PathNode sourceNode, DataFlow::PathNode sinkNode +where config.hasFlowPath(sourceNode, sinkNode) +select cleanupNode(sinkNode.getNode()), sourceNode, sinkNode, + "This operation stores '" + sinkNode.getNode().toString() + "' in " + + sinkNode.getNode().(Stored).getStoreName() + + ". It may contain unencrypted sensitive data from $@.", sourceNode, + sourceNode.getNode().toString() diff --git a/swift/ql/src/queries/Security/CWE-312/CleartextStoragePreferences.swift b/swift/ql/src/queries/Security/CWE-312/CleartextStoragePreferences.swift new file mode 100644 index 00000000000..98df511802b --- /dev/null +++ b/swift/ql/src/queries/Security/CWE-312/CleartextStoragePreferences.swift @@ -0,0 +1,15 @@ + +func storeMyData(faveSong : String, creditCardNo : String) { + // ... + + // GOOD: not sensitive information + UserDefaults.standard.set(faveSong, forKey: "myFaveSong") + + // BAD: sensitive information saved in cleartext + UserDefaults.standard.set(creditCardNo, forKey: "myCreditCardNo") + + // GOOD: encrypted sensitive information saved + UserDefaults.standard.set(encrypt(creditCardNo), forKey: "myCreditCardNo") + + // ... +} diff --git a/swift/ql/src/queries/Security/CWE-321/HardcodedEncryptionKey.qhelp b/swift/ql/src/queries/Security/CWE-321/HardcodedEncryptionKey.qhelp new file mode 100644 index 00000000000..eb91742f7f9 --- /dev/null +++ b/swift/ql/src/queries/Security/CWE-321/HardcodedEncryptionKey.qhelp @@ -0,0 +1,17 @@ + + + +

    Hardcoded keys should not be used for creating encryption ciphers. Data encrypted using hardcoded keys are more vulnerable to the possibility of recovering them.

    +     + + +

    Use randomly generated key material to initialize the encryption cipher.

    +     + + +

    The following example shows a few cases of instantiating a cipher with various encryption keys. In the 'BAD' cases, the key material is hardcoded, making the encrypted data vulnerable to recovery. In the 'GOOD' cases, the key material is randomly generated and not hardcoded, which protects the encrypted data against recovery.

    + +     +     diff --git a/swift/ql/src/queries/Security/CWE-321/HardcodedEncryptionKey.ql b/swift/ql/src/queries/Security/CWE-321/HardcodedEncryptionKey.ql new file mode 100644 index 00000000000..ef195d8e3ac --- /dev/null +++ b/swift/ql/src/queries/Security/CWE-321/HardcodedEncryptionKey.ql @@ -0,0 +1,68 @@ +/** + * @name Hard-coded encryption key + * @description Using hardcoded keys for encryption is not secure, because potential attackers can easily guess them. + * @kind path-problem + * @problem.severity error + * @security-severity 8.1 + * @precision high + * @id swift/hardcoded-key + * @tags security + * external/cwe/cwe-321 + */ + +import swift +import codeql.swift.dataflow.DataFlow +import DataFlow::PathGraph + +/** + * An `Expr` that is used to initialize a key. + */ +abstract class KeySource extends Expr { } + +/** + * A literal byte array is a key source. + */ +class ByteArrayLiteralSource extends KeySource { + ByteArrayLiteralSource() { this = any(ArrayExpr arr | arr.getType().getName() = "Array") } +} + +/** + * A string literal is a key source. + */ +class StringLiteralSource extends KeySource instanceof StringLiteralExpr { } + +/** + * A class for all ways to set a key. + */ +class EncryptionKeySink extends Expr { + EncryptionKeySink() { + // `key` arg in `init` is a sink + exists(ClassDecl c, AbstractFunctionDecl f, CallExpr call | + c.getName() = ["AES", "HMAC", "ChaCha20", "CBCMAC", "CMAC", "Poly1305", "Blowfish", "Rabbit"] and + c.getAMember() = f and + f.getName().matches("init(key:%") and + call.getStaticTarget() = f and + call.getArgument(0).getExpr() = this + ) + } +} + +/** + * A dataflow configuration from the key source to expressions that use + * it to initialize a cipher. + */ +class HardcodedKeyConfig extends DataFlow::Configuration { + HardcodedKeyConfig() { this = "HardcodedKeyConfig" } + + override predicate isSource(DataFlow::Node node) { node.asExpr() instanceof KeySource } + + override predicate isSink(DataFlow::Node node) { node.asExpr() instanceof EncryptionKeySink } +} + +// The query itself +from HardcodedKeyConfig config, DataFlow::PathNode sourceNode, DataFlow::PathNode sinkNode +where config.hasFlowPath(sourceNode, sinkNode) +select sinkNode.getNode(), sourceNode, sinkNode, + "The key '" + sinkNode.getNode().toString() + + "' has been initialized with hard-coded values from $@.", sourceNode, + sourceNode.getNode().toString() diff --git a/swift/ql/src/queries/Security/CWE-321/HardcodedEncryptionKey.swift b/swift/ql/src/queries/Security/CWE-321/HardcodedEncryptionKey.swift new file mode 100644 index 00000000000..82ffaf3a94a --- /dev/null +++ b/swift/ql/src/queries/Security/CWE-321/HardcodedEncryptionKey.swift @@ -0,0 +1,25 @@ + +func encrypt(padding : Padding) { + // ... + + // BAD: Using hardcoded keys for encryption + let key: Array = [0x2a, 0x3a, 0x80, 0x05] + let keyString = "this is a constant string" + let ivString = getRandomIV() + _ = try AES(key: key, blockMode: CBC(), padding: padding) + _ = try AES(key: keyString, iv: ivString) + _ = try Blowfish(key: key, blockMode: CBC(), padding: padding) + _ = try Blowfish(key: keyString, iv: ivString) + + + // GOOD: Using randomly generated keys for encryption + let key = (0..<10).map({ _ in UInt8.random(in: 0...UInt8.max) }) + let keyString = String(cString: key) + let ivString = getRandomIV() + _ = try AES(key: key, blockMode: CBC(), padding: padding) + _ = try AES(key: keyString, iv: ivString) + _ = try Blowfish(key: key, blockMode: CBC(), padding: padding) + _ = try Blowfish(key: keyString, iv: ivString) + + // ... +} diff --git a/swift/ql/test/extractor-tests/generated/File/File.expected b/swift/ql/test/extractor-tests/generated/File/File.expected index 73437ea7a92..fa9ef19db64 100644 --- a/swift/ql/test/extractor-tests/generated/File/File.expected +++ b/swift/ql/test/extractor-tests/generated/File/File.expected @@ -1,3 +1,3 @@ -| empty.swift:0:0:0:0 | empty.swift | getName: | empty.swift | -| file://:0:0:0:0 | | getName: | | -| non_empty.swift:0:0:0:0 | non_empty.swift | getName: | non_empty.swift | +| empty.swift:0:0:0:0 | empty.swift | DbFile | getName: | empty.swift | +| file://:0:0:0:0 | | UnknownFile | getName: | | +| non_empty.swift:0:0:0:0 | non_empty.swift | DbFile | getName: | non_empty.swift | diff --git a/swift/ql/test/extractor-tests/generated/File/File.ql b/swift/ql/test/extractor-tests/generated/File/File.ql index 158dca707f5..17a8e7552a6 100644 --- a/swift/ql/test/extractor-tests/generated/File/File.ql +++ b/swift/ql/test/extractor-tests/generated/File/File.ql @@ -7,4 +7,4 @@ where toBeTested(x) and not x.isUnknown() and getName = x.getName() -select x, "getName:", getName +select x, x.getPrimaryQlClasses(), "getName:", getName diff --git a/swift/ql/test/extractor-tests/generated/expr/AnyHashableErasureExpr/MISSING_SOURCE.txt b/swift/ql/test/extractor-tests/generated/expr/AnyHashableErasureExpr/MISSING_SOURCE.txt deleted file mode 100644 index 0d319d9a669..00000000000 --- a/swift/ql/test/extractor-tests/generated/expr/AnyHashableErasureExpr/MISSING_SOURCE.txt +++ /dev/null @@ -1,4 +0,0 @@ -// generated by codegen/codegen.py - -After a swift source file is added in this directory and codegen/codegen.py is run again, test queries -will appear and this file will be deleted diff --git a/swift/ql/test/extractor-tests/generated/expr/ArchetypeToSuperExpr/MISSING_SOURCE.txt b/swift/ql/test/extractor-tests/generated/expr/ArchetypeToSuperExpr/MISSING_SOURCE.txt deleted file mode 100644 index 0d319d9a669..00000000000 --- a/swift/ql/test/extractor-tests/generated/expr/ArchetypeToSuperExpr/MISSING_SOURCE.txt +++ /dev/null @@ -1,4 +0,0 @@ -// generated by codegen/codegen.py - -After a swift source file is added in this directory and codegen/codegen.py is run again, test queries -will appear and this file will be deleted diff --git a/swift/ql/test/extractor-tests/generated/expr/ArrayToPointerExpr/MISSING_SOURCE.txt b/swift/ql/test/extractor-tests/generated/expr/ArrayToPointerExpr/MISSING_SOURCE.txt deleted file mode 100644 index 0d319d9a669..00000000000 --- a/swift/ql/test/extractor-tests/generated/expr/ArrayToPointerExpr/MISSING_SOURCE.txt +++ /dev/null @@ -1,4 +0,0 @@ -// generated by codegen/codegen.py - -After a swift source file is added in this directory and codegen/codegen.py is run again, test queries -will appear and this file will be deleted diff --git a/swift/ql/test/extractor-tests/generated/expr/ClassMetatypeToObjectExpr/MISSING_SOURCE.txt b/swift/ql/test/extractor-tests/generated/expr/ClassMetatypeToObjectExpr/MISSING_SOURCE.txt deleted file mode 100644 index 0d319d9a669..00000000000 --- a/swift/ql/test/extractor-tests/generated/expr/ClassMetatypeToObjectExpr/MISSING_SOURCE.txt +++ /dev/null @@ -1,4 +0,0 @@ -// generated by codegen/codegen.py - -After a swift source file is added in this directory and codegen/codegen.py is run again, test queries -will appear and this file will be deleted diff --git a/swift/ql/test/extractor-tests/generated/expr/CollectionUpcastConversionExpr/MISSING_SOURCE.txt b/swift/ql/test/extractor-tests/generated/expr/CollectionUpcastConversionExpr/MISSING_SOURCE.txt deleted file mode 100644 index 0d319d9a669..00000000000 --- a/swift/ql/test/extractor-tests/generated/expr/CollectionUpcastConversionExpr/MISSING_SOURCE.txt +++ /dev/null @@ -1,4 +0,0 @@ -// generated by codegen/codegen.py - -After a swift source file is added in this directory and codegen/codegen.py is run again, test queries -will appear and this file will be deleted diff --git a/swift/ql/test/extractor-tests/generated/expr/CovariantFunctionConversionExpr/MISSING_SOURCE.txt b/swift/ql/test/extractor-tests/generated/expr/CovariantFunctionConversionExpr/MISSING_SOURCE.txt deleted file mode 100644 index 0d319d9a669..00000000000 --- a/swift/ql/test/extractor-tests/generated/expr/CovariantFunctionConversionExpr/MISSING_SOURCE.txt +++ /dev/null @@ -1,4 +0,0 @@ -// generated by codegen/codegen.py - -After a swift source file is added in this directory and codegen/codegen.py is run again, test queries -will appear and this file will be deleted diff --git a/swift/ql/test/extractor-tests/generated/expr/CovariantReturnConversionExpr/MISSING_SOURCE.txt b/swift/ql/test/extractor-tests/generated/expr/CovariantReturnConversionExpr/MISSING_SOURCE.txt deleted file mode 100644 index 0d319d9a669..00000000000 --- a/swift/ql/test/extractor-tests/generated/expr/CovariantReturnConversionExpr/MISSING_SOURCE.txt +++ /dev/null @@ -1,4 +0,0 @@ -// generated by codegen/codegen.py - -After a swift source file is added in this directory and codegen/codegen.py is run again, test queries -will appear and this file will be deleted diff --git a/swift/ql/test/extractor-tests/generated/expr/DerivedToBaseExpr/MISSING_SOURCE.txt b/swift/ql/test/extractor-tests/generated/expr/DerivedToBaseExpr/MISSING_SOURCE.txt deleted file mode 100644 index 0d319d9a669..00000000000 --- a/swift/ql/test/extractor-tests/generated/expr/DerivedToBaseExpr/MISSING_SOURCE.txt +++ /dev/null @@ -1,4 +0,0 @@ -// generated by codegen/codegen.py - -After a swift source file is added in this directory and codegen/codegen.py is run again, test queries -will appear and this file will be deleted diff --git a/swift/ql/test/extractor-tests/generated/expr/DestructureTupleExpr/MISSING_SOURCE.txt b/swift/ql/test/extractor-tests/generated/expr/DestructureTupleExpr/MISSING_SOURCE.txt deleted file mode 100644 index 0d319d9a669..00000000000 --- a/swift/ql/test/extractor-tests/generated/expr/DestructureTupleExpr/MISSING_SOURCE.txt +++ /dev/null @@ -1,4 +0,0 @@ -// generated by codegen/codegen.py - -After a swift source file is added in this directory and codegen/codegen.py is run again, test queries -will appear and this file will be deleted diff --git a/swift/ql/test/extractor-tests/generated/expr/DifferentiableFunctionExpr/MISSING_SOURCE.txt b/swift/ql/test/extractor-tests/generated/expr/DifferentiableFunctionExpr/MISSING_SOURCE.txt deleted file mode 100644 index 0d319d9a669..00000000000 --- a/swift/ql/test/extractor-tests/generated/expr/DifferentiableFunctionExpr/MISSING_SOURCE.txt +++ /dev/null @@ -1,4 +0,0 @@ -// generated by codegen/codegen.py - -After a swift source file is added in this directory and codegen/codegen.py is run again, test queries -will appear and this file will be deleted diff --git a/swift/ql/test/extractor-tests/generated/expr/DifferentiableFunctionExtractOriginalExpr/MISSING_SOURCE.txt b/swift/ql/test/extractor-tests/generated/expr/DifferentiableFunctionExtractOriginalExpr/MISSING_SOURCE.txt deleted file mode 100644 index 0d319d9a669..00000000000 --- a/swift/ql/test/extractor-tests/generated/expr/DifferentiableFunctionExtractOriginalExpr/MISSING_SOURCE.txt +++ /dev/null @@ -1,4 +0,0 @@ -// generated by codegen/codegen.py - -After a swift source file is added in this directory and codegen/codegen.py is run again, test queries -will appear and this file will be deleted diff --git a/swift/ql/test/extractor-tests/generated/expr/ErasureExpr/MISSING_SOURCE.txt b/swift/ql/test/extractor-tests/generated/expr/ErasureExpr/MISSING_SOURCE.txt deleted file mode 100644 index 0d319d9a669..00000000000 --- a/swift/ql/test/extractor-tests/generated/expr/ErasureExpr/MISSING_SOURCE.txt +++ /dev/null @@ -1,4 +0,0 @@ -// generated by codegen/codegen.py - -After a swift source file is added in this directory and codegen/codegen.py is run again, test queries -will appear and this file will be deleted diff --git a/swift/ql/test/extractor-tests/generated/expr/ExistentialMetatypeToObjectExpr/MISSING_SOURCE.txt b/swift/ql/test/extractor-tests/generated/expr/ExistentialMetatypeToObjectExpr/MISSING_SOURCE.txt deleted file mode 100644 index 0d319d9a669..00000000000 --- a/swift/ql/test/extractor-tests/generated/expr/ExistentialMetatypeToObjectExpr/MISSING_SOURCE.txt +++ /dev/null @@ -1,4 +0,0 @@ -// generated by codegen/codegen.py - -After a swift source file is added in this directory and codegen/codegen.py is run again, test queries -will appear and this file will be deleted diff --git a/swift/ql/test/extractor-tests/generated/expr/ForeignObjectConversionExpr/MISSING_SOURCE.txt b/swift/ql/test/extractor-tests/generated/expr/ForeignObjectConversionExpr/MISSING_SOURCE.txt deleted file mode 100644 index 0d319d9a669..00000000000 --- a/swift/ql/test/extractor-tests/generated/expr/ForeignObjectConversionExpr/MISSING_SOURCE.txt +++ /dev/null @@ -1,4 +0,0 @@ -// generated by codegen/codegen.py - -After a swift source file is added in this directory and codegen/codegen.py is run again, test queries -will appear and this file will be deleted diff --git a/swift/ql/test/extractor-tests/generated/expr/FunctionConversionExpr/MISSING_SOURCE.txt b/swift/ql/test/extractor-tests/generated/expr/FunctionConversionExpr/MISSING_SOURCE.txt deleted file mode 100644 index 0d319d9a669..00000000000 --- a/swift/ql/test/extractor-tests/generated/expr/FunctionConversionExpr/MISSING_SOURCE.txt +++ /dev/null @@ -1,4 +0,0 @@ -// generated by codegen/codegen.py - -After a swift source file is added in this directory and codegen/codegen.py is run again, test queries -will appear and this file will be deleted diff --git a/swift/ql/test/extractor-tests/generated/expr/ImplicitConversionExpr/ImplicitConversionExpr.expected b/swift/ql/test/extractor-tests/generated/expr/ImplicitConversionExpr/ImplicitConversionExpr.expected new file mode 100644 index 00000000000..2fb20ad740c --- /dev/null +++ b/swift/ql/test/extractor-tests/generated/expr/ImplicitConversionExpr/ImplicitConversionExpr.expected @@ -0,0 +1,3 @@ +| implicit_conversions.swift:2:3:2:3 | (UnsafePointer) ... | StringToPointerExpr | getSubExpr: | implicit_conversions.swift:2:3:2:3 | Hello | +| implicit_conversions.swift:4:16:4:16 | (Int?) ... | InjectIntoOptionalExpr | getSubExpr: | implicit_conversions.swift:4:16:4:16 | 42 | +| implicit_conversions.swift:5:25:5:25 | (Equatable) ... | ErasureExpr | getSubExpr: | implicit_conversions.swift:5:25:5:25 | 42 | diff --git a/swift/ql/test/extractor-tests/generated/expr/ImplicitConversionExpr/ImplicitConversionExpr.ql b/swift/ql/test/extractor-tests/generated/expr/ImplicitConversionExpr/ImplicitConversionExpr.ql new file mode 100644 index 00000000000..61fbedd343a --- /dev/null +++ b/swift/ql/test/extractor-tests/generated/expr/ImplicitConversionExpr/ImplicitConversionExpr.ql @@ -0,0 +1,10 @@ +// generated by codegen/codegen.py +import codeql.swift.elements +import TestUtils + +from ImplicitConversionExpr x, Expr getSubExpr +where + toBeTested(x) and + not x.isUnknown() and + getSubExpr = x.getSubExpr() +select x, x.getPrimaryQlClasses(), "getSubExpr:", getSubExpr diff --git a/swift/ql/test/extractor-tests/generated/expr/ImplicitConversionExpr/ImplicitConversionExpr_getType.expected b/swift/ql/test/extractor-tests/generated/expr/ImplicitConversionExpr/ImplicitConversionExpr_getType.expected new file mode 100644 index 00000000000..470228364ae --- /dev/null +++ b/swift/ql/test/extractor-tests/generated/expr/ImplicitConversionExpr/ImplicitConversionExpr_getType.expected @@ -0,0 +1,3 @@ +| implicit_conversions.swift:2:3:2:3 | (UnsafePointer) ... | UnsafePointer | +| implicit_conversions.swift:4:16:4:16 | (Int?) ... | Int? | +| implicit_conversions.swift:5:25:5:25 | (Equatable) ... | Equatable | diff --git a/swift/ql/test/extractor-tests/generated/expr/ImplicitConversionExpr/ImplicitConversionExpr_getType.ql b/swift/ql/test/extractor-tests/generated/expr/ImplicitConversionExpr/ImplicitConversionExpr_getType.ql new file mode 100644 index 00000000000..257ffe67d3d --- /dev/null +++ b/swift/ql/test/extractor-tests/generated/expr/ImplicitConversionExpr/ImplicitConversionExpr_getType.ql @@ -0,0 +1,7 @@ +// generated by codegen/codegen.py +import codeql.swift.elements +import TestUtils + +from ImplicitConversionExpr x +where toBeTested(x) and not x.isUnknown() +select x, x.getType() diff --git a/swift/ql/test/extractor-tests/generated/expr/ImplicitConversionExpr/implicit_conversions.swift b/swift/ql/test/extractor-tests/generated/expr/ImplicitConversionExpr/implicit_conversions.swift new file mode 100644 index 00000000000..62a5197d420 --- /dev/null +++ b/swift/ql/test/extractor-tests/generated/expr/ImplicitConversionExpr/implicit_conversions.swift @@ -0,0 +1,5 @@ +func f(_: UnsafePointer) {} +f("Hello") // StringToPointerExpr + +let a : Int? = 42 // InjectIntoOptionalExpr +let b : any Equatable = 42 // ErasureExpr diff --git a/swift/ql/test/extractor-tests/generated/expr/InOutToPointerExpr/MISSING_SOURCE.txt b/swift/ql/test/extractor-tests/generated/expr/InOutToPointerExpr/MISSING_SOURCE.txt deleted file mode 100644 index 0d319d9a669..00000000000 --- a/swift/ql/test/extractor-tests/generated/expr/InOutToPointerExpr/MISSING_SOURCE.txt +++ /dev/null @@ -1,4 +0,0 @@ -// generated by codegen/codegen.py - -After a swift source file is added in this directory and codegen/codegen.py is run again, test queries -will appear and this file will be deleted diff --git a/swift/ql/test/extractor-tests/generated/expr/InjectIntoOptionalExpr/MISSING_SOURCE.txt b/swift/ql/test/extractor-tests/generated/expr/InjectIntoOptionalExpr/MISSING_SOURCE.txt deleted file mode 100644 index 0d319d9a669..00000000000 --- a/swift/ql/test/extractor-tests/generated/expr/InjectIntoOptionalExpr/MISSING_SOURCE.txt +++ /dev/null @@ -1,4 +0,0 @@ -// generated by codegen/codegen.py - -After a swift source file is added in this directory and codegen/codegen.py is run again, test queries -will appear and this file will be deleted diff --git a/swift/ql/test/extractor-tests/generated/expr/LinearFunctionExpr/MISSING_SOURCE.txt b/swift/ql/test/extractor-tests/generated/expr/LinearFunctionExpr/MISSING_SOURCE.txt deleted file mode 100644 index 0d319d9a669..00000000000 --- a/swift/ql/test/extractor-tests/generated/expr/LinearFunctionExpr/MISSING_SOURCE.txt +++ /dev/null @@ -1,4 +0,0 @@ -// generated by codegen/codegen.py - -After a swift source file is added in this directory and codegen/codegen.py is run again, test queries -will appear and this file will be deleted diff --git a/swift/ql/test/extractor-tests/generated/expr/LinearFunctionExtractOriginalExpr/MISSING_SOURCE.txt b/swift/ql/test/extractor-tests/generated/expr/LinearFunctionExtractOriginalExpr/MISSING_SOURCE.txt deleted file mode 100644 index 0d319d9a669..00000000000 --- a/swift/ql/test/extractor-tests/generated/expr/LinearFunctionExtractOriginalExpr/MISSING_SOURCE.txt +++ /dev/null @@ -1,4 +0,0 @@ -// generated by codegen/codegen.py - -After a swift source file is added in this directory and codegen/codegen.py is run again, test queries -will appear and this file will be deleted diff --git a/swift/ql/test/extractor-tests/generated/expr/LinearToDifferentiableFunctionExpr/MISSING_SOURCE.txt b/swift/ql/test/extractor-tests/generated/expr/LinearToDifferentiableFunctionExpr/MISSING_SOURCE.txt deleted file mode 100644 index 0d319d9a669..00000000000 --- a/swift/ql/test/extractor-tests/generated/expr/LinearToDifferentiableFunctionExpr/MISSING_SOURCE.txt +++ /dev/null @@ -1,4 +0,0 @@ -// generated by codegen/codegen.py - -After a swift source file is added in this directory and codegen/codegen.py is run again, test queries -will appear and this file will be deleted diff --git a/swift/ql/test/extractor-tests/generated/expr/LoadExpr/MISSING_SOURCE.txt b/swift/ql/test/extractor-tests/generated/expr/LoadExpr/MISSING_SOURCE.txt deleted file mode 100644 index 0d319d9a669..00000000000 --- a/swift/ql/test/extractor-tests/generated/expr/LoadExpr/MISSING_SOURCE.txt +++ /dev/null @@ -1,4 +0,0 @@ -// generated by codegen/codegen.py - -After a swift source file is added in this directory and codegen/codegen.py is run again, test queries -will appear and this file will be deleted diff --git a/swift/ql/test/extractor-tests/generated/expr/MetatypeConversionExpr/MISSING_SOURCE.txt b/swift/ql/test/extractor-tests/generated/expr/MetatypeConversionExpr/MISSING_SOURCE.txt deleted file mode 100644 index 0d319d9a669..00000000000 --- a/swift/ql/test/extractor-tests/generated/expr/MetatypeConversionExpr/MISSING_SOURCE.txt +++ /dev/null @@ -1,4 +0,0 @@ -// generated by codegen/codegen.py - -After a swift source file is added in this directory and codegen/codegen.py is run again, test queries -will appear and this file will be deleted diff --git a/swift/ql/test/extractor-tests/generated/expr/PointerToPointerExpr/MISSING_SOURCE.txt b/swift/ql/test/extractor-tests/generated/expr/PointerToPointerExpr/MISSING_SOURCE.txt deleted file mode 100644 index 0d319d9a669..00000000000 --- a/swift/ql/test/extractor-tests/generated/expr/PointerToPointerExpr/MISSING_SOURCE.txt +++ /dev/null @@ -1,4 +0,0 @@ -// generated by codegen/codegen.py - -After a swift source file is added in this directory and codegen/codegen.py is run again, test queries -will appear and this file will be deleted diff --git a/swift/ql/test/extractor-tests/generated/expr/ProtocolMetatypeToObjectExpr/MISSING_SOURCE.txt b/swift/ql/test/extractor-tests/generated/expr/ProtocolMetatypeToObjectExpr/MISSING_SOURCE.txt deleted file mode 100644 index 0d319d9a669..00000000000 --- a/swift/ql/test/extractor-tests/generated/expr/ProtocolMetatypeToObjectExpr/MISSING_SOURCE.txt +++ /dev/null @@ -1,4 +0,0 @@ -// generated by codegen/codegen.py - -After a swift source file is added in this directory and codegen/codegen.py is run again, test queries -will appear and this file will be deleted diff --git a/swift/ql/test/extractor-tests/generated/expr/ReifyPackExpr/MISSING_SOURCE.txt b/swift/ql/test/extractor-tests/generated/expr/ReifyPackExpr/MISSING_SOURCE.txt deleted file mode 100644 index 0d319d9a669..00000000000 --- a/swift/ql/test/extractor-tests/generated/expr/ReifyPackExpr/MISSING_SOURCE.txt +++ /dev/null @@ -1,4 +0,0 @@ -// generated by codegen/codegen.py - -After a swift source file is added in this directory and codegen/codegen.py is run again, test queries -will appear and this file will be deleted diff --git a/swift/ql/test/extractor-tests/generated/expr/StringToPointerExpr/MISSING_SOURCE.txt b/swift/ql/test/extractor-tests/generated/expr/StringToPointerExpr/MISSING_SOURCE.txt deleted file mode 100644 index 0d319d9a669..00000000000 --- a/swift/ql/test/extractor-tests/generated/expr/StringToPointerExpr/MISSING_SOURCE.txt +++ /dev/null @@ -1,4 +0,0 @@ -// generated by codegen/codegen.py - -After a swift source file is added in this directory and codegen/codegen.py is run again, test queries -will appear and this file will be deleted diff --git a/swift/ql/test/extractor-tests/generated/expr/UnderlyingToOpaqueExpr/MISSING_SOURCE.txt b/swift/ql/test/extractor-tests/generated/expr/UnderlyingToOpaqueExpr/MISSING_SOURCE.txt deleted file mode 100644 index 0d319d9a669..00000000000 --- a/swift/ql/test/extractor-tests/generated/expr/UnderlyingToOpaqueExpr/MISSING_SOURCE.txt +++ /dev/null @@ -1,4 +0,0 @@ -// generated by codegen/codegen.py - -After a swift source file is added in this directory and codegen/codegen.py is run again, test queries -will appear and this file will be deleted diff --git a/swift/ql/test/extractor-tests/generated/expr/UnevaluatedInstanceExpr/MISSING_SOURCE.txt b/swift/ql/test/extractor-tests/generated/expr/UnevaluatedInstanceExpr/MISSING_SOURCE.txt deleted file mode 100644 index 0d319d9a669..00000000000 --- a/swift/ql/test/extractor-tests/generated/expr/UnevaluatedInstanceExpr/MISSING_SOURCE.txt +++ /dev/null @@ -1,4 +0,0 @@ -// generated by codegen/codegen.py - -After a swift source file is added in this directory and codegen/codegen.py is run again, test queries -will appear and this file will be deleted diff --git a/swift/ql/test/extractor-tests/generated/type/BuiltinType/BuiltinType.expected b/swift/ql/test/extractor-tests/generated/type/BuiltinType/BuiltinType.expected index ba77afccac6..5d5639084c3 100644 --- a/swift/ql/test/extractor-tests/generated/type/BuiltinType/BuiltinType.expected +++ b/swift/ql/test/extractor-tests/generated/type/BuiltinType/BuiltinType.expected @@ -1,9 +1,9 @@ -| Builtin.BridgeObject | getName: | Builtin.BridgeObject | getCanonicalType: | Builtin.BridgeObject | -| Builtin.Executor | getName: | Builtin.Executor | getCanonicalType: | Builtin.Executor | -| Builtin.FPIEEE32 | getName: | Builtin.FPIEEE32 | getCanonicalType: | Builtin.FPIEEE32 | -| Builtin.FPIEEE64 | getName: | Builtin.FPIEEE64 | getCanonicalType: | Builtin.FPIEEE64 | -| Builtin.IntLiteral | getName: | Builtin.IntLiteral | getCanonicalType: | Builtin.IntLiteral | -| Builtin.Job | getName: | Builtin.Job | getCanonicalType: | Builtin.Job | -| Builtin.NativeObject | getName: | Builtin.NativeObject | getCanonicalType: | Builtin.NativeObject | -| Builtin.RawPointer | getName: | Builtin.RawPointer | getCanonicalType: | Builtin.RawPointer | -| Builtin.RawUnsafeContinuation | getName: | Builtin.RawUnsafeContinuation | getCanonicalType: | Builtin.RawUnsafeContinuation | +| Builtin.BridgeObject | BuiltinBridgeObjectType | getName: | Builtin.BridgeObject | getCanonicalType: | Builtin.BridgeObject | +| Builtin.Executor | BuiltinExecutorType | getName: | Builtin.Executor | getCanonicalType: | Builtin.Executor | +| Builtin.FPIEEE32 | BuiltinFloatType | getName: | Builtin.FPIEEE32 | getCanonicalType: | Builtin.FPIEEE32 | +| Builtin.FPIEEE64 | BuiltinFloatType | getName: | Builtin.FPIEEE64 | getCanonicalType: | Builtin.FPIEEE64 | +| Builtin.IntLiteral | BuiltinIntegerLiteralType | getName: | Builtin.IntLiteral | getCanonicalType: | Builtin.IntLiteral | +| Builtin.Job | BuiltinJobType | getName: | Builtin.Job | getCanonicalType: | Builtin.Job | +| Builtin.NativeObject | BuiltinNativeObjectType | getName: | Builtin.NativeObject | getCanonicalType: | Builtin.NativeObject | +| Builtin.RawPointer | BuiltinRawPointerType | getName: | Builtin.RawPointer | getCanonicalType: | Builtin.RawPointer | +| Builtin.RawUnsafeContinuation | BuiltinRawUnsafeContinuationType | getName: | Builtin.RawUnsafeContinuation | getCanonicalType: | Builtin.RawUnsafeContinuation | diff --git a/swift/ql/test/extractor-tests/generated/type/BuiltinType/BuiltinType.ql b/swift/ql/test/extractor-tests/generated/type/BuiltinType/BuiltinType.ql index d6b019a4a6d..8501ae9f9ce 100644 --- a/swift/ql/test/extractor-tests/generated/type/BuiltinType/BuiltinType.ql +++ b/swift/ql/test/extractor-tests/generated/type/BuiltinType/BuiltinType.ql @@ -8,4 +8,4 @@ where not x.isUnknown() and getName = x.getName() and getCanonicalType = x.getCanonicalType() -select x, "getName:", getName, "getCanonicalType:", getCanonicalType +select x, x.getPrimaryQlClasses(), "getName:", getName, "getCanonicalType:", getCanonicalType diff --git a/swift/ql/test/library-tests/controlflow/graph/Cfg.ql b/swift/ql/test/library-tests/controlflow/graph/Cfg.ql index 4922359ca90..09fc28999a6 100644 --- a/swift/ql/test/library-tests/controlflow/graph/Cfg.ql +++ b/swift/ql/test/library-tests/controlflow/graph/Cfg.ql @@ -11,7 +11,7 @@ class MyRelevantNode extends RelevantNode { private AstNode asAstNode() { result = this.getNode().asAstNode() } - override string getOrderDisambuigation() { + override string getOrderDisambiguation() { result = this.asAstNode().getPrimaryQlClasses() or not exists(this.asAstNode()) and result = "" diff --git a/swift/ql/test/library-tests/dataflow/flowsources/FlowSources.expected b/swift/ql/test/library-tests/dataflow/flowsources/FlowSources.expected index 615c8b80776..d6c2f338008 100644 --- a/swift/ql/test/library-tests/dataflow/flowsources/FlowSources.expected +++ b/swift/ql/test/library-tests/dataflow/flowsources/FlowSources.expected @@ -1,3 +1,6 @@ +| customurlschemes.swift:17:44:17:54 | url | external | +| customurlschemes.swift:20:52:20:68 | url | external | +| customurlschemes.swift:23:52:23:62 | url | external | | string.swift:27:21:27:21 | call to init(contentsOf:) | external | | string.swift:27:21:27:44 | call to init(contentsOf:) | external | | url.swift:53:15:53:19 | .resourceBytes | external | diff --git a/swift/ql/test/library-tests/dataflow/flowsources/customurlschemes.swift b/swift/ql/test/library-tests/dataflow/flowsources/customurlschemes.swift new file mode 100644 index 00000000000..210a5977d49 --- /dev/null +++ b/swift/ql/test/library-tests/dataflow/flowsources/customurlschemes.swift @@ -0,0 +1,26 @@ +// --- stubs --- +class UIApplication { + struct OpenURLOptionsKey {} +} + +struct URL {} + +protocol UIApplicationDelegate { + optional func application(_ app: UIApplication, open url: URL, options: [UIApplication.OpenURLOptionsKey : Any]) -> Bool + optional func application(_ application: UIApplication, handleOpen url: URL) -> Bool + optional func application(_ application: UIApplication, open url: URL, sourceApplication: String?, annotation: Any) -> Bool +} + +// --- tests --- + +class AppDelegate: UIApplicationDelegate { + func application(_ app: UIApplication, open url: URL, options: [UIApplication.OpenURLOptionsKey : Any]) -> Bool { // SOURCE + } + + func application(_ application: UIApplication, handleOpen url: URL) -> Bool { // SOURCE + } + + func application(_ application: UIApplication, open url: URL, sourceApplication: String?, annotation: Any) -> Bool { // SOURCE + } + +} \ No newline at end of file diff --git a/swift/ql/test/library-tests/dataflow/taint/LocalTaint.expected b/swift/ql/test/library-tests/dataflow/taint/LocalTaint.expected index 504e4ca636b..ca70b1216bf 100644 --- a/swift/ql/test/library-tests/dataflow/taint/LocalTaint.expected +++ b/swift/ql/test/library-tests/dataflow/taint/LocalTaint.expected @@ -123,3 +123,41 @@ | string.swift:39:13:39:19 | ... .+(_:_:) ... | string.swift:39:13:39:29 | ... .+(_:_:) ... | | string.swift:39:19:39:19 | tainted | string.swift:39:13:39:19 | ... .+(_:_:) ... | | string.swift:39:29:39:29 | < | string.swift:39:13:39:29 | ... .+(_:_:) ... | +| subscript.swift:13:10:13:17 | call to source() | subscript.swift:13:10:13:20 | ...[...] | +| subscript.swift:14:10:14:18 | call to source2() | subscript.swift:14:10:14:21 | ...[...] | +| url.swift:64:12:64:12 | urlTainted | url.swift:64:12:64:23 | .absoluteURL | +| url.swift:65:12:65:12 | urlTainted | url.swift:65:12:65:23 | .baseURL | +| url.swift:66:15:66:15 | urlTainted | url.swift:66:15:66:26 | .fragment | +| url.swift:67:15:67:15 | urlTainted | url.swift:67:15:67:26 | .host | +| url.swift:68:15:68:15 | urlTainted | url.swift:68:15:68:26 | .lastPathComponent | +| url.swift:69:15:69:15 | urlTainted | url.swift:69:15:69:26 | .path | +| url.swift:70:15:70:15 | urlTainted | url.swift:70:15:70:26 | .pathComponents | +| url.swift:70:15:70:26 | .pathComponents | url.swift:70:15:70:42 | ...[...] | +| url.swift:71:15:71:15 | urlTainted | url.swift:71:15:71:26 | .pathExtension | +| url.swift:72:12:72:12 | urlTainted | url.swift:72:12:72:23 | .port | +| url.swift:73:15:73:15 | urlTainted | url.swift:73:15:73:26 | .query | +| url.swift:74:15:74:15 | urlTainted | url.swift:74:15:74:26 | .relativePath | +| url.swift:75:15:75:15 | urlTainted | url.swift:75:15:75:26 | .relativeString | +| url.swift:76:15:76:15 | urlTainted | url.swift:76:15:76:26 | .scheme | +| url.swift:77:12:77:12 | urlTainted | url.swift:77:12:77:23 | .standardized | +| url.swift:78:12:78:12 | urlTainted | url.swift:78:12:78:23 | .standardizedFileURL | +| url.swift:79:15:79:15 | urlTainted | url.swift:79:15:79:26 | .user | +| url.swift:80:15:80:15 | urlTainted | url.swift:80:15:80:26 | .password | +| url.swift:86:12:86:54 | ...! | url.swift:86:12:86:56 | .absoluteURL | +| url.swift:87:12:87:54 | ...! | url.swift:87:12:87:56 | .baseURL | +| url.swift:88:15:88:57 | ...! | url.swift:88:15:88:59 | .fragment | +| url.swift:89:15:89:57 | ...! | url.swift:89:15:89:59 | .host | +| url.swift:90:15:90:57 | ...! | url.swift:90:15:90:59 | .lastPathComponent | +| url.swift:91:15:91:57 | ...! | url.swift:91:15:91:59 | .path | +| url.swift:92:15:92:57 | ...! | url.swift:92:15:92:59 | .pathComponents | +| url.swift:92:15:92:59 | .pathComponents | url.swift:92:15:92:75 | ...[...] | +| url.swift:93:15:93:57 | ...! | url.swift:93:15:93:59 | .pathExtension | +| url.swift:94:12:94:54 | ...! | url.swift:94:12:94:56 | .port | +| url.swift:95:15:95:57 | ...! | url.swift:95:15:95:59 | .query | +| url.swift:96:15:96:57 | ...! | url.swift:96:15:96:59 | .relativePath | +| url.swift:97:15:97:57 | ...! | url.swift:97:15:97:59 | .relativeString | +| url.swift:98:15:98:57 | ...! | url.swift:98:15:98:59 | .scheme | +| url.swift:99:12:99:54 | ...! | url.swift:99:12:99:56 | .standardized | +| url.swift:100:12:100:54 | ...! | url.swift:100:12:100:56 | .standardizedFileURL | +| url.swift:101:15:101:57 | ...! | url.swift:101:15:101:59 | .user | +| url.swift:102:15:102:57 | ...! | url.swift:102:15:102:59 | .password | diff --git a/swift/ql/test/library-tests/dataflow/taint/Taint.expected b/swift/ql/test/library-tests/dataflow/taint/Taint.expected index 5670d7ddd70..b0d5643f705 100644 --- a/swift/ql/test/library-tests/dataflow/taint/Taint.expected +++ b/swift/ql/test/library-tests/dataflow/taint/Taint.expected @@ -1,5 +1,5 @@ edges -| file://:0:0:0:0 | [summary] to write: argument 1.parameter 0 in dataTask(with:completionHandler:) : | url.swift:67:61:67:61 | data : | +| file://:0:0:0:0 | [summary] to write: argument 1.parameter 0 in dataTask(with:completionHandler:) : | url.swift:120:61:120:61 | data : | | string.swift:5:11:5:18 | call to source() : | string.swift:7:13:7:13 | "..." | | string.swift:5:11:5:18 | call to source() : | string.swift:9:13:9:13 | "..." | | string.swift:5:11:5:18 | call to source() : | string.swift:11:13:11:13 | "..." | @@ -10,6 +10,8 @@ edges | string.swift:28:17:28:25 | call to source2() : | string.swift:35:13:35:23 | ... .+(_:_:) ... | | string.swift:28:17:28:25 | call to source2() : | string.swift:36:13:36:23 | ... .+(_:_:) ... | | string.swift:28:17:28:25 | call to source2() : | string.swift:39:13:39:29 | ... .+(_:_:) ... | +| subscript.swift:13:10:13:17 | call to source() : | subscript.swift:13:10:13:20 | ...[...] | +| subscript.swift:14:10:14:18 | call to source2() : | subscript.swift:14:10:14:21 | ...[...] | | try.swift:9:17:9:24 | call to source() : | try.swift:9:13:9:24 | try ... | | try.swift:15:17:15:24 | call to source() : | try.swift:15:12:15:24 | try! ... | | try.swift:18:18:18:25 | call to source() : | try.swift:18:12:18:27 | ...! | @@ -19,32 +21,129 @@ edges | url.swift:9:2:9:43 | [summary param] 1 in init(string:relativeTo:) : | file://:0:0:0:0 | [summary] to write: return (return) in init(string:relativeTo:) : | | url.swift:9:8:9:16 | string : | file://:0:0:0:0 | [summary] to write: return (return) in init(string:relativeTo:) : | | url.swift:9:24:9:39 | relativeTo : | file://:0:0:0:0 | [summary] to write: return (return) in init(string:relativeTo:) : | -| url.swift:26:2:29:55 | [summary param] 0 in dataTask(with:completionHandler:) : | file://:0:0:0:0 | [summary] to write: argument 1.parameter 0 in dataTask(with:completionHandler:) : | -| url.swift:27:5:27:15 | url : | file://:0:0:0:0 | [summary] to write: argument 1.parameter 0 in dataTask(with:completionHandler:) : | -| url.swift:39:16:39:23 | call to source() : | url.swift:41:31:41:31 | tainted : | -| url.swift:39:16:39:23 | call to source() : | url.swift:47:24:47:24 | tainted : | -| url.swift:39:16:39:23 | call to source() : | url.swift:64:28:64:28 | tainted : | -| url.swift:41:19:41:38 | call to init(string:) : | url.swift:44:12:44:12 | urlTainted | -| url.swift:41:19:41:38 | call to init(string:) : | url.swift:49:43:49:43 | urlTainted : | -| url.swift:41:19:41:38 | call to init(string:) : | url.swift:67:46:67:46 | urlTainted : | -| url.swift:41:31:41:31 | tainted : | url.swift:8:2:8:25 | [summary param] 0 in init(string:) : | -| url.swift:41:31:41:31 | tainted : | url.swift:8:8:8:16 | string : | -| url.swift:41:31:41:31 | tainted : | url.swift:41:19:41:38 | call to init(string:) : | -| url.swift:47:12:47:48 | call to init(string:relativeTo:) : | url.swift:47:12:47:49 | ...! | -| url.swift:47:24:47:24 | tainted : | url.swift:9:2:9:43 | [summary param] 0 in init(string:relativeTo:) : | -| url.swift:47:24:47:24 | tainted : | url.swift:9:8:9:16 | string : | -| url.swift:47:24:47:24 | tainted : | url.swift:47:12:47:48 | call to init(string:relativeTo:) : | -| url.swift:49:12:49:53 | call to init(string:relativeTo:) : | url.swift:49:12:49:54 | ...! | -| url.swift:49:43:49:43 | urlTainted : | url.swift:9:2:9:43 | [summary param] 1 in init(string:relativeTo:) : | -| url.swift:49:43:49:43 | urlTainted : | url.swift:9:24:9:39 | relativeTo : | -| url.swift:49:43:49:43 | urlTainted : | url.swift:49:12:49:53 | call to init(string:relativeTo:) : | -| url.swift:64:16:64:35 | call to init(string:) : | url.swift:65:12:65:12 | ...! | -| url.swift:64:28:64:28 | tainted : | url.swift:8:2:8:25 | [summary param] 0 in init(string:) : | -| url.swift:64:28:64:28 | tainted : | url.swift:8:8:8:16 | string : | -| url.swift:64:28:64:28 | tainted : | url.swift:64:16:64:35 | call to init(string:) : | -| url.swift:67:46:67:46 | urlTainted : | url.swift:26:2:29:55 | [summary param] 0 in dataTask(with:completionHandler:) : | -| url.swift:67:46:67:46 | urlTainted : | url.swift:27:5:27:15 | url : | -| url.swift:67:61:67:61 | data : | url.swift:68:15:68:19 | ...! | +| url.swift:43:2:46:55 | [summary param] 0 in dataTask(with:completionHandler:) : | file://:0:0:0:0 | [summary] to write: argument 1.parameter 0 in dataTask(with:completionHandler:) : | +| url.swift:44:5:44:15 | url : | file://:0:0:0:0 | [summary] to write: argument 1.parameter 0 in dataTask(with:completionHandler:) : | +| url.swift:57:16:57:23 | call to source() : | url.swift:59:31:59:31 | tainted : | +| url.swift:57:16:57:23 | call to source() : | url.swift:83:24:83:24 | tainted : | +| url.swift:57:16:57:23 | call to source() : | url.swift:117:28:117:28 | tainted : | +| url.swift:59:19:59:38 | call to init(string:) : | url.swift:62:12:62:12 | urlTainted | +| url.swift:59:19:59:38 | call to init(string:) : | url.swift:64:12:64:23 | .absoluteURL | +| url.swift:59:19:59:38 | call to init(string:) : | url.swift:65:12:65:23 | .baseURL | +| url.swift:59:19:59:38 | call to init(string:) : | url.swift:66:15:66:34 | ...! | +| url.swift:59:19:59:38 | call to init(string:) : | url.swift:67:15:67:30 | ...! | +| url.swift:59:19:59:38 | call to init(string:) : | url.swift:68:15:68:26 | .lastPathComponent | +| url.swift:59:19:59:38 | call to init(string:) : | url.swift:69:15:69:26 | .path | +| url.swift:59:19:59:38 | call to init(string:) : | url.swift:70:15:70:42 | ...[...] | +| url.swift:59:19:59:38 | call to init(string:) : | url.swift:71:15:71:26 | .pathExtension | +| url.swift:59:19:59:38 | call to init(string:) : | url.swift:72:12:72:27 | ...! | +| url.swift:59:19:59:38 | call to init(string:) : | url.swift:73:15:73:31 | ...! | +| url.swift:59:19:59:38 | call to init(string:) : | url.swift:74:15:74:26 | .relativePath | +| url.swift:59:19:59:38 | call to init(string:) : | url.swift:75:15:75:26 | .relativeString | +| url.swift:59:19:59:38 | call to init(string:) : | url.swift:76:15:76:32 | ...! | +| url.swift:59:19:59:38 | call to init(string:) : | url.swift:77:12:77:23 | .standardized | +| url.swift:59:19:59:38 | call to init(string:) : | url.swift:78:12:78:23 | .standardizedFileURL | +| url.swift:59:19:59:38 | call to init(string:) : | url.swift:79:15:79:30 | ...! | +| url.swift:59:19:59:38 | call to init(string:) : | url.swift:80:15:80:34 | ...! | +| url.swift:59:19:59:38 | call to init(string:) : | url.swift:86:43:86:43 | urlTainted : | +| url.swift:59:19:59:38 | call to init(string:) : | url.swift:87:43:87:43 | urlTainted : | +| url.swift:59:19:59:38 | call to init(string:) : | url.swift:88:46:88:46 | urlTainted : | +| url.swift:59:19:59:38 | call to init(string:) : | url.swift:89:46:89:46 | urlTainted : | +| url.swift:59:19:59:38 | call to init(string:) : | url.swift:90:46:90:46 | urlTainted : | +| url.swift:59:19:59:38 | call to init(string:) : | url.swift:91:46:91:46 | urlTainted : | +| url.swift:59:19:59:38 | call to init(string:) : | url.swift:92:46:92:46 | urlTainted : | +| url.swift:59:19:59:38 | call to init(string:) : | url.swift:93:46:93:46 | urlTainted : | +| url.swift:59:19:59:38 | call to init(string:) : | url.swift:94:43:94:43 | urlTainted : | +| url.swift:59:19:59:38 | call to init(string:) : | url.swift:95:46:95:46 | urlTainted : | +| url.swift:59:19:59:38 | call to init(string:) : | url.swift:96:46:96:46 | urlTainted : | +| url.swift:59:19:59:38 | call to init(string:) : | url.swift:97:46:97:46 | urlTainted : | +| url.swift:59:19:59:38 | call to init(string:) : | url.swift:98:46:98:46 | urlTainted : | +| url.swift:59:19:59:38 | call to init(string:) : | url.swift:99:43:99:43 | urlTainted : | +| url.swift:59:19:59:38 | call to init(string:) : | url.swift:100:43:100:43 | urlTainted : | +| url.swift:59:19:59:38 | call to init(string:) : | url.swift:101:46:101:46 | urlTainted : | +| url.swift:59:19:59:38 | call to init(string:) : | url.swift:102:46:102:46 | urlTainted : | +| url.swift:59:19:59:38 | call to init(string:) : | url.swift:120:46:120:46 | urlTainted : | +| url.swift:59:31:59:31 | tainted : | url.swift:8:2:8:25 | [summary param] 0 in init(string:) : | +| url.swift:59:31:59:31 | tainted : | url.swift:8:8:8:16 | string : | +| url.swift:59:31:59:31 | tainted : | url.swift:59:19:59:38 | call to init(string:) : | +| url.swift:83:12:83:48 | call to init(string:relativeTo:) : | url.swift:83:12:83:49 | ...! | +| url.swift:83:24:83:24 | tainted : | url.swift:9:2:9:43 | [summary param] 0 in init(string:relativeTo:) : | +| url.swift:83:24:83:24 | tainted : | url.swift:9:8:9:16 | string : | +| url.swift:83:24:83:24 | tainted : | url.swift:83:12:83:48 | call to init(string:relativeTo:) : | +| url.swift:86:12:86:53 | call to init(string:relativeTo:) : | url.swift:86:12:86:56 | .absoluteURL | +| url.swift:86:43:86:43 | urlTainted : | url.swift:9:2:9:43 | [summary param] 1 in init(string:relativeTo:) : | +| url.swift:86:43:86:43 | urlTainted : | url.swift:9:24:9:39 | relativeTo : | +| url.swift:86:43:86:43 | urlTainted : | url.swift:86:12:86:53 | call to init(string:relativeTo:) : | +| url.swift:87:12:87:53 | call to init(string:relativeTo:) : | url.swift:87:12:87:56 | .baseURL | +| url.swift:87:43:87:43 | urlTainted : | url.swift:9:2:9:43 | [summary param] 1 in init(string:relativeTo:) : | +| url.swift:87:43:87:43 | urlTainted : | url.swift:9:24:9:39 | relativeTo : | +| url.swift:87:43:87:43 | urlTainted : | url.swift:87:12:87:53 | call to init(string:relativeTo:) : | +| url.swift:88:15:88:56 | call to init(string:relativeTo:) : | url.swift:88:15:88:67 | ...! | +| url.swift:88:46:88:46 | urlTainted : | url.swift:9:2:9:43 | [summary param] 1 in init(string:relativeTo:) : | +| url.swift:88:46:88:46 | urlTainted : | url.swift:9:24:9:39 | relativeTo : | +| url.swift:88:46:88:46 | urlTainted : | url.swift:88:15:88:56 | call to init(string:relativeTo:) : | +| url.swift:89:15:89:56 | call to init(string:relativeTo:) : | url.swift:89:15:89:63 | ...! | +| url.swift:89:46:89:46 | urlTainted : | url.swift:9:2:9:43 | [summary param] 1 in init(string:relativeTo:) : | +| url.swift:89:46:89:46 | urlTainted : | url.swift:9:24:9:39 | relativeTo : | +| url.swift:89:46:89:46 | urlTainted : | url.swift:89:15:89:56 | call to init(string:relativeTo:) : | +| url.swift:90:15:90:56 | call to init(string:relativeTo:) : | url.swift:90:15:90:59 | .lastPathComponent | +| url.swift:90:46:90:46 | urlTainted : | url.swift:9:2:9:43 | [summary param] 1 in init(string:relativeTo:) : | +| url.swift:90:46:90:46 | urlTainted : | url.swift:9:24:9:39 | relativeTo : | +| url.swift:90:46:90:46 | urlTainted : | url.swift:90:15:90:56 | call to init(string:relativeTo:) : | +| url.swift:91:15:91:56 | call to init(string:relativeTo:) : | url.swift:91:15:91:59 | .path | +| url.swift:91:46:91:46 | urlTainted : | url.swift:9:2:9:43 | [summary param] 1 in init(string:relativeTo:) : | +| url.swift:91:46:91:46 | urlTainted : | url.swift:9:24:9:39 | relativeTo : | +| url.swift:91:46:91:46 | urlTainted : | url.swift:91:15:91:56 | call to init(string:relativeTo:) : | +| url.swift:92:15:92:56 | call to init(string:relativeTo:) : | url.swift:92:15:92:75 | ...[...] | +| url.swift:92:46:92:46 | urlTainted : | url.swift:9:2:9:43 | [summary param] 1 in init(string:relativeTo:) : | +| url.swift:92:46:92:46 | urlTainted : | url.swift:9:24:9:39 | relativeTo : | +| url.swift:92:46:92:46 | urlTainted : | url.swift:92:15:92:56 | call to init(string:relativeTo:) : | +| url.swift:93:15:93:56 | call to init(string:relativeTo:) : | url.swift:93:15:93:59 | .pathExtension | +| url.swift:93:46:93:46 | urlTainted : | url.swift:9:2:9:43 | [summary param] 1 in init(string:relativeTo:) : | +| url.swift:93:46:93:46 | urlTainted : | url.swift:9:24:9:39 | relativeTo : | +| url.swift:93:46:93:46 | urlTainted : | url.swift:93:15:93:56 | call to init(string:relativeTo:) : | +| url.swift:94:12:94:53 | call to init(string:relativeTo:) : | url.swift:94:12:94:60 | ...! | +| url.swift:94:43:94:43 | urlTainted : | url.swift:9:2:9:43 | [summary param] 1 in init(string:relativeTo:) : | +| url.swift:94:43:94:43 | urlTainted : | url.swift:9:24:9:39 | relativeTo : | +| url.swift:94:43:94:43 | urlTainted : | url.swift:94:12:94:53 | call to init(string:relativeTo:) : | +| url.swift:95:15:95:56 | call to init(string:relativeTo:) : | url.swift:95:15:95:64 | ...! | +| url.swift:95:46:95:46 | urlTainted : | url.swift:9:2:9:43 | [summary param] 1 in init(string:relativeTo:) : | +| url.swift:95:46:95:46 | urlTainted : | url.swift:9:24:9:39 | relativeTo : | +| url.swift:95:46:95:46 | urlTainted : | url.swift:95:15:95:56 | call to init(string:relativeTo:) : | +| url.swift:96:15:96:56 | call to init(string:relativeTo:) : | url.swift:96:15:96:59 | .relativePath | +| url.swift:96:46:96:46 | urlTainted : | url.swift:9:2:9:43 | [summary param] 1 in init(string:relativeTo:) : | +| url.swift:96:46:96:46 | urlTainted : | url.swift:9:24:9:39 | relativeTo : | +| url.swift:96:46:96:46 | urlTainted : | url.swift:96:15:96:56 | call to init(string:relativeTo:) : | +| url.swift:97:15:97:56 | call to init(string:relativeTo:) : | url.swift:97:15:97:59 | .relativeString | +| url.swift:97:46:97:46 | urlTainted : | url.swift:9:2:9:43 | [summary param] 1 in init(string:relativeTo:) : | +| url.swift:97:46:97:46 | urlTainted : | url.swift:9:24:9:39 | relativeTo : | +| url.swift:97:46:97:46 | urlTainted : | url.swift:97:15:97:56 | call to init(string:relativeTo:) : | +| url.swift:98:15:98:56 | call to init(string:relativeTo:) : | url.swift:98:15:98:65 | ...! | +| url.swift:98:46:98:46 | urlTainted : | url.swift:9:2:9:43 | [summary param] 1 in init(string:relativeTo:) : | +| url.swift:98:46:98:46 | urlTainted : | url.swift:9:24:9:39 | relativeTo : | +| url.swift:98:46:98:46 | urlTainted : | url.swift:98:15:98:56 | call to init(string:relativeTo:) : | +| url.swift:99:12:99:53 | call to init(string:relativeTo:) : | url.swift:99:12:99:56 | .standardized | +| url.swift:99:43:99:43 | urlTainted : | url.swift:9:2:9:43 | [summary param] 1 in init(string:relativeTo:) : | +| url.swift:99:43:99:43 | urlTainted : | url.swift:9:24:9:39 | relativeTo : | +| url.swift:99:43:99:43 | urlTainted : | url.swift:99:12:99:53 | call to init(string:relativeTo:) : | +| url.swift:100:12:100:53 | call to init(string:relativeTo:) : | url.swift:100:12:100:56 | .standardizedFileURL | +| url.swift:100:43:100:43 | urlTainted : | url.swift:9:2:9:43 | [summary param] 1 in init(string:relativeTo:) : | +| url.swift:100:43:100:43 | urlTainted : | url.swift:9:24:9:39 | relativeTo : | +| url.swift:100:43:100:43 | urlTainted : | url.swift:100:12:100:53 | call to init(string:relativeTo:) : | +| url.swift:101:15:101:56 | call to init(string:relativeTo:) : | url.swift:101:15:101:63 | ...! | +| url.swift:101:46:101:46 | urlTainted : | url.swift:9:2:9:43 | [summary param] 1 in init(string:relativeTo:) : | +| url.swift:101:46:101:46 | urlTainted : | url.swift:9:24:9:39 | relativeTo : | +| url.swift:101:46:101:46 | urlTainted : | url.swift:101:15:101:56 | call to init(string:relativeTo:) : | +| url.swift:102:15:102:56 | call to init(string:relativeTo:) : | url.swift:102:15:102:67 | ...! | +| url.swift:102:46:102:46 | urlTainted : | url.swift:9:2:9:43 | [summary param] 1 in init(string:relativeTo:) : | +| url.swift:102:46:102:46 | urlTainted : | url.swift:9:24:9:39 | relativeTo : | +| url.swift:102:46:102:46 | urlTainted : | url.swift:102:15:102:56 | call to init(string:relativeTo:) : | +| url.swift:117:16:117:35 | call to init(string:) : | url.swift:118:12:118:12 | ...! | +| url.swift:117:28:117:28 | tainted : | url.swift:8:2:8:25 | [summary param] 0 in init(string:) : | +| url.swift:117:28:117:28 | tainted : | url.swift:8:8:8:16 | string : | +| url.swift:117:28:117:28 | tainted : | url.swift:117:16:117:35 | call to init(string:) : | +| url.swift:120:46:120:46 | urlTainted : | url.swift:43:2:46:55 | [summary param] 0 in dataTask(with:completionHandler:) : | +| url.swift:120:46:120:46 | urlTainted : | url.swift:44:5:44:15 | url : | +| url.swift:120:61:120:61 | data : | url.swift:121:15:121:19 | ...! | nodes | file://:0:0:0:0 | [summary] to write: argument 1.parameter 0 in dataTask(with:completionHandler:) : | semmle.label | [summary] to write: argument 1.parameter 0 in dataTask(with:completionHandler:) : | | file://:0:0:0:0 | [summary] to write: return (return) in init(string:) : | semmle.label | [summary] to write: return (return) in init(string:) : | @@ -65,6 +164,10 @@ nodes | string.swift:35:13:35:23 | ... .+(_:_:) ... | semmle.label | ... .+(_:_:) ... | | string.swift:36:13:36:23 | ... .+(_:_:) ... | semmle.label | ... .+(_:_:) ... | | string.swift:39:13:39:29 | ... .+(_:_:) ... | semmle.label | ... .+(_:_:) ... | +| subscript.swift:13:10:13:17 | call to source() : | semmle.label | call to source() : | +| subscript.swift:13:10:13:20 | ...[...] | semmle.label | ...[...] | +| subscript.swift:14:10:14:18 | call to source2() : | semmle.label | call to source2() : | +| subscript.swift:14:10:14:21 | ...[...] | semmle.label | ...[...] | | try.swift:9:13:9:24 | try ... | semmle.label | try ... | | try.swift:9:17:9:24 | call to source() : | semmle.label | call to source() : | | try.swift:15:12:15:24 | try! ... | semmle.label | try! ... | @@ -77,33 +180,130 @@ nodes | url.swift:9:2:9:43 | [summary param] 1 in init(string:relativeTo:) : | semmle.label | [summary param] 1 in init(string:relativeTo:) : | | url.swift:9:8:9:16 | string : | semmle.label | string : | | url.swift:9:24:9:39 | relativeTo : | semmle.label | relativeTo : | -| url.swift:26:2:29:55 | [summary param] 0 in dataTask(with:completionHandler:) : | semmle.label | [summary param] 0 in dataTask(with:completionHandler:) : | -| url.swift:27:5:27:15 | url : | semmle.label | url : | -| url.swift:39:16:39:23 | call to source() : | semmle.label | call to source() : | -| url.swift:41:19:41:38 | call to init(string:) : | semmle.label | call to init(string:) : | -| url.swift:41:31:41:31 | tainted : | semmle.label | tainted : | -| url.swift:44:12:44:12 | urlTainted | semmle.label | urlTainted | -| url.swift:47:12:47:48 | call to init(string:relativeTo:) : | semmle.label | call to init(string:relativeTo:) : | -| url.swift:47:12:47:49 | ...! | semmle.label | ...! | -| url.swift:47:24:47:24 | tainted : | semmle.label | tainted : | -| url.swift:49:12:49:53 | call to init(string:relativeTo:) : | semmle.label | call to init(string:relativeTo:) : | -| url.swift:49:12:49:54 | ...! | semmle.label | ...! | -| url.swift:49:43:49:43 | urlTainted : | semmle.label | urlTainted : | -| url.swift:64:16:64:35 | call to init(string:) : | semmle.label | call to init(string:) : | -| url.swift:64:28:64:28 | tainted : | semmle.label | tainted : | -| url.swift:65:12:65:12 | ...! | semmle.label | ...! | -| url.swift:67:46:67:46 | urlTainted : | semmle.label | urlTainted : | -| url.swift:67:61:67:61 | data : | semmle.label | data : | -| url.swift:68:15:68:19 | ...! | semmle.label | ...! | +| url.swift:43:2:46:55 | [summary param] 0 in dataTask(with:completionHandler:) : | semmle.label | [summary param] 0 in dataTask(with:completionHandler:) : | +| url.swift:44:5:44:15 | url : | semmle.label | url : | +| url.swift:57:16:57:23 | call to source() : | semmle.label | call to source() : | +| url.swift:59:19:59:38 | call to init(string:) : | semmle.label | call to init(string:) : | +| url.swift:59:31:59:31 | tainted : | semmle.label | tainted : | +| url.swift:62:12:62:12 | urlTainted | semmle.label | urlTainted | +| url.swift:64:12:64:23 | .absoluteURL | semmle.label | .absoluteURL | +| url.swift:65:12:65:23 | .baseURL | semmle.label | .baseURL | +| url.swift:66:15:66:34 | ...! | semmle.label | ...! | +| url.swift:67:15:67:30 | ...! | semmle.label | ...! | +| url.swift:68:15:68:26 | .lastPathComponent | semmle.label | .lastPathComponent | +| url.swift:69:15:69:26 | .path | semmle.label | .path | +| url.swift:70:15:70:42 | ...[...] | semmle.label | ...[...] | +| url.swift:71:15:71:26 | .pathExtension | semmle.label | .pathExtension | +| url.swift:72:12:72:27 | ...! | semmle.label | ...! | +| url.swift:73:15:73:31 | ...! | semmle.label | ...! | +| url.swift:74:15:74:26 | .relativePath | semmle.label | .relativePath | +| url.swift:75:15:75:26 | .relativeString | semmle.label | .relativeString | +| url.swift:76:15:76:32 | ...! | semmle.label | ...! | +| url.swift:77:12:77:23 | .standardized | semmle.label | .standardized | +| url.swift:78:12:78:23 | .standardizedFileURL | semmle.label | .standardizedFileURL | +| url.swift:79:15:79:30 | ...! | semmle.label | ...! | +| url.swift:80:15:80:34 | ...! | semmle.label | ...! | +| url.swift:83:12:83:48 | call to init(string:relativeTo:) : | semmle.label | call to init(string:relativeTo:) : | +| url.swift:83:12:83:49 | ...! | semmle.label | ...! | +| url.swift:83:24:83:24 | tainted : | semmle.label | tainted : | +| url.swift:86:12:86:53 | call to init(string:relativeTo:) : | semmle.label | call to init(string:relativeTo:) : | +| url.swift:86:12:86:56 | .absoluteURL | semmle.label | .absoluteURL | +| url.swift:86:43:86:43 | urlTainted : | semmle.label | urlTainted : | +| url.swift:87:12:87:53 | call to init(string:relativeTo:) : | semmle.label | call to init(string:relativeTo:) : | +| url.swift:87:12:87:56 | .baseURL | semmle.label | .baseURL | +| url.swift:87:43:87:43 | urlTainted : | semmle.label | urlTainted : | +| url.swift:88:15:88:56 | call to init(string:relativeTo:) : | semmle.label | call to init(string:relativeTo:) : | +| url.swift:88:15:88:67 | ...! | semmle.label | ...! | +| url.swift:88:46:88:46 | urlTainted : | semmle.label | urlTainted : | +| url.swift:89:15:89:56 | call to init(string:relativeTo:) : | semmle.label | call to init(string:relativeTo:) : | +| url.swift:89:15:89:63 | ...! | semmle.label | ...! | +| url.swift:89:46:89:46 | urlTainted : | semmle.label | urlTainted : | +| url.swift:90:15:90:56 | call to init(string:relativeTo:) : | semmle.label | call to init(string:relativeTo:) : | +| url.swift:90:15:90:59 | .lastPathComponent | semmle.label | .lastPathComponent | +| url.swift:90:46:90:46 | urlTainted : | semmle.label | urlTainted : | +| url.swift:91:15:91:56 | call to init(string:relativeTo:) : | semmle.label | call to init(string:relativeTo:) : | +| url.swift:91:15:91:59 | .path | semmle.label | .path | +| url.swift:91:46:91:46 | urlTainted : | semmle.label | urlTainted : | +| url.swift:92:15:92:56 | call to init(string:relativeTo:) : | semmle.label | call to init(string:relativeTo:) : | +| url.swift:92:15:92:75 | ...[...] | semmle.label | ...[...] | +| url.swift:92:46:92:46 | urlTainted : | semmle.label | urlTainted : | +| url.swift:93:15:93:56 | call to init(string:relativeTo:) : | semmle.label | call to init(string:relativeTo:) : | +| url.swift:93:15:93:59 | .pathExtension | semmle.label | .pathExtension | +| url.swift:93:46:93:46 | urlTainted : | semmle.label | urlTainted : | +| url.swift:94:12:94:53 | call to init(string:relativeTo:) : | semmle.label | call to init(string:relativeTo:) : | +| url.swift:94:12:94:60 | ...! | semmle.label | ...! | +| url.swift:94:43:94:43 | urlTainted : | semmle.label | urlTainted : | +| url.swift:95:15:95:56 | call to init(string:relativeTo:) : | semmle.label | call to init(string:relativeTo:) : | +| url.swift:95:15:95:64 | ...! | semmle.label | ...! | +| url.swift:95:46:95:46 | urlTainted : | semmle.label | urlTainted : | +| url.swift:96:15:96:56 | call to init(string:relativeTo:) : | semmle.label | call to init(string:relativeTo:) : | +| url.swift:96:15:96:59 | .relativePath | semmle.label | .relativePath | +| url.swift:96:46:96:46 | urlTainted : | semmle.label | urlTainted : | +| url.swift:97:15:97:56 | call to init(string:relativeTo:) : | semmle.label | call to init(string:relativeTo:) : | +| url.swift:97:15:97:59 | .relativeString | semmle.label | .relativeString | +| url.swift:97:46:97:46 | urlTainted : | semmle.label | urlTainted : | +| url.swift:98:15:98:56 | call to init(string:relativeTo:) : | semmle.label | call to init(string:relativeTo:) : | +| url.swift:98:15:98:65 | ...! | semmle.label | ...! | +| url.swift:98:46:98:46 | urlTainted : | semmle.label | urlTainted : | +| url.swift:99:12:99:53 | call to init(string:relativeTo:) : | semmle.label | call to init(string:relativeTo:) : | +| url.swift:99:12:99:56 | .standardized | semmle.label | .standardized | +| url.swift:99:43:99:43 | urlTainted : | semmle.label | urlTainted : | +| url.swift:100:12:100:53 | call to init(string:relativeTo:) : | semmle.label | call to init(string:relativeTo:) : | +| url.swift:100:12:100:56 | .standardizedFileURL | semmle.label | .standardizedFileURL | +| url.swift:100:43:100:43 | urlTainted : | semmle.label | urlTainted : | +| url.swift:101:15:101:56 | call to init(string:relativeTo:) : | semmle.label | call to init(string:relativeTo:) : | +| url.swift:101:15:101:63 | ...! | semmle.label | ...! | +| url.swift:101:46:101:46 | urlTainted : | semmle.label | urlTainted : | +| url.swift:102:15:102:56 | call to init(string:relativeTo:) : | semmle.label | call to init(string:relativeTo:) : | +| url.swift:102:15:102:67 | ...! | semmle.label | ...! | +| url.swift:102:46:102:46 | urlTainted : | semmle.label | urlTainted : | +| url.swift:117:16:117:35 | call to init(string:) : | semmle.label | call to init(string:) : | +| url.swift:117:28:117:28 | tainted : | semmle.label | tainted : | +| url.swift:118:12:118:12 | ...! | semmle.label | ...! | +| url.swift:120:46:120:46 | urlTainted : | semmle.label | urlTainted : | +| url.swift:120:61:120:61 | data : | semmle.label | data : | +| url.swift:121:15:121:19 | ...! | semmle.label | ...! | subpaths -| url.swift:41:31:41:31 | tainted : | url.swift:8:2:8:25 | [summary param] 0 in init(string:) : | file://:0:0:0:0 | [summary] to write: return (return) in init(string:) : | url.swift:41:19:41:38 | call to init(string:) : | -| url.swift:41:31:41:31 | tainted : | url.swift:8:8:8:16 | string : | file://:0:0:0:0 | [summary] to write: return (return) in init(string:) : | url.swift:41:19:41:38 | call to init(string:) : | -| url.swift:47:24:47:24 | tainted : | url.swift:9:2:9:43 | [summary param] 0 in init(string:relativeTo:) : | file://:0:0:0:0 | [summary] to write: return (return) in init(string:relativeTo:) : | url.swift:47:12:47:48 | call to init(string:relativeTo:) : | -| url.swift:47:24:47:24 | tainted : | url.swift:9:8:9:16 | string : | file://:0:0:0:0 | [summary] to write: return (return) in init(string:relativeTo:) : | url.swift:47:12:47:48 | call to init(string:relativeTo:) : | -| url.swift:49:43:49:43 | urlTainted : | url.swift:9:2:9:43 | [summary param] 1 in init(string:relativeTo:) : | file://:0:0:0:0 | [summary] to write: return (return) in init(string:relativeTo:) : | url.swift:49:12:49:53 | call to init(string:relativeTo:) : | -| url.swift:49:43:49:43 | urlTainted : | url.swift:9:24:9:39 | relativeTo : | file://:0:0:0:0 | [summary] to write: return (return) in init(string:relativeTo:) : | url.swift:49:12:49:53 | call to init(string:relativeTo:) : | -| url.swift:64:28:64:28 | tainted : | url.swift:8:2:8:25 | [summary param] 0 in init(string:) : | file://:0:0:0:0 | [summary] to write: return (return) in init(string:) : | url.swift:64:16:64:35 | call to init(string:) : | -| url.swift:64:28:64:28 | tainted : | url.swift:8:8:8:16 | string : | file://:0:0:0:0 | [summary] to write: return (return) in init(string:) : | url.swift:64:16:64:35 | call to init(string:) : | +| url.swift:59:31:59:31 | tainted : | url.swift:8:2:8:25 | [summary param] 0 in init(string:) : | file://:0:0:0:0 | [summary] to write: return (return) in init(string:) : | url.swift:59:19:59:38 | call to init(string:) : | +| url.swift:59:31:59:31 | tainted : | url.swift:8:8:8:16 | string : | file://:0:0:0:0 | [summary] to write: return (return) in init(string:) : | url.swift:59:19:59:38 | call to init(string:) : | +| url.swift:83:24:83:24 | tainted : | url.swift:9:2:9:43 | [summary param] 0 in init(string:relativeTo:) : | file://:0:0:0:0 | [summary] to write: return (return) in init(string:relativeTo:) : | url.swift:83:12:83:48 | call to init(string:relativeTo:) : | +| url.swift:83:24:83:24 | tainted : | url.swift:9:8:9:16 | string : | file://:0:0:0:0 | [summary] to write: return (return) in init(string:relativeTo:) : | url.swift:83:12:83:48 | call to init(string:relativeTo:) : | +| url.swift:86:43:86:43 | urlTainted : | url.swift:9:2:9:43 | [summary param] 1 in init(string:relativeTo:) : | file://:0:0:0:0 | [summary] to write: return (return) in init(string:relativeTo:) : | url.swift:86:12:86:53 | call to init(string:relativeTo:) : | +| url.swift:86:43:86:43 | urlTainted : | url.swift:9:24:9:39 | relativeTo : | file://:0:0:0:0 | [summary] to write: return (return) in init(string:relativeTo:) : | url.swift:86:12:86:53 | call to init(string:relativeTo:) : | +| url.swift:87:43:87:43 | urlTainted : | url.swift:9:2:9:43 | [summary param] 1 in init(string:relativeTo:) : | file://:0:0:0:0 | [summary] to write: return (return) in init(string:relativeTo:) : | url.swift:87:12:87:53 | call to init(string:relativeTo:) : | +| url.swift:87:43:87:43 | urlTainted : | url.swift:9:24:9:39 | relativeTo : | file://:0:0:0:0 | [summary] to write: return (return) in init(string:relativeTo:) : | url.swift:87:12:87:53 | call to init(string:relativeTo:) : | +| url.swift:88:46:88:46 | urlTainted : | url.swift:9:2:9:43 | [summary param] 1 in init(string:relativeTo:) : | file://:0:0:0:0 | [summary] to write: return (return) in init(string:relativeTo:) : | url.swift:88:15:88:56 | call to init(string:relativeTo:) : | +| url.swift:88:46:88:46 | urlTainted : | url.swift:9:24:9:39 | relativeTo : | file://:0:0:0:0 | [summary] to write: return (return) in init(string:relativeTo:) : | url.swift:88:15:88:56 | call to init(string:relativeTo:) : | +| url.swift:89:46:89:46 | urlTainted : | url.swift:9:2:9:43 | [summary param] 1 in init(string:relativeTo:) : | file://:0:0:0:0 | [summary] to write: return (return) in init(string:relativeTo:) : | url.swift:89:15:89:56 | call to init(string:relativeTo:) : | +| url.swift:89:46:89:46 | urlTainted : | url.swift:9:24:9:39 | relativeTo : | file://:0:0:0:0 | [summary] to write: return (return) in init(string:relativeTo:) : | url.swift:89:15:89:56 | call to init(string:relativeTo:) : | +| url.swift:90:46:90:46 | urlTainted : | url.swift:9:2:9:43 | [summary param] 1 in init(string:relativeTo:) : | file://:0:0:0:0 | [summary] to write: return (return) in init(string:relativeTo:) : | url.swift:90:15:90:56 | call to init(string:relativeTo:) : | +| url.swift:90:46:90:46 | urlTainted : | url.swift:9:24:9:39 | relativeTo : | file://:0:0:0:0 | [summary] to write: return (return) in init(string:relativeTo:) : | url.swift:90:15:90:56 | call to init(string:relativeTo:) : | +| url.swift:91:46:91:46 | urlTainted : | url.swift:9:2:9:43 | [summary param] 1 in init(string:relativeTo:) : | file://:0:0:0:0 | [summary] to write: return (return) in init(string:relativeTo:) : | url.swift:91:15:91:56 | call to init(string:relativeTo:) : | +| url.swift:91:46:91:46 | urlTainted : | url.swift:9:24:9:39 | relativeTo : | file://:0:0:0:0 | [summary] to write: return (return) in init(string:relativeTo:) : | url.swift:91:15:91:56 | call to init(string:relativeTo:) : | +| url.swift:92:46:92:46 | urlTainted : | url.swift:9:2:9:43 | [summary param] 1 in init(string:relativeTo:) : | file://:0:0:0:0 | [summary] to write: return (return) in init(string:relativeTo:) : | url.swift:92:15:92:56 | call to init(string:relativeTo:) : | +| url.swift:92:46:92:46 | urlTainted : | url.swift:9:24:9:39 | relativeTo : | file://:0:0:0:0 | [summary] to write: return (return) in init(string:relativeTo:) : | url.swift:92:15:92:56 | call to init(string:relativeTo:) : | +| url.swift:93:46:93:46 | urlTainted : | url.swift:9:2:9:43 | [summary param] 1 in init(string:relativeTo:) : | file://:0:0:0:0 | [summary] to write: return (return) in init(string:relativeTo:) : | url.swift:93:15:93:56 | call to init(string:relativeTo:) : | +| url.swift:93:46:93:46 | urlTainted : | url.swift:9:24:9:39 | relativeTo : | file://:0:0:0:0 | [summary] to write: return (return) in init(string:relativeTo:) : | url.swift:93:15:93:56 | call to init(string:relativeTo:) : | +| url.swift:94:43:94:43 | urlTainted : | url.swift:9:2:9:43 | [summary param] 1 in init(string:relativeTo:) : | file://:0:0:0:0 | [summary] to write: return (return) in init(string:relativeTo:) : | url.swift:94:12:94:53 | call to init(string:relativeTo:) : | +| url.swift:94:43:94:43 | urlTainted : | url.swift:9:24:9:39 | relativeTo : | file://:0:0:0:0 | [summary] to write: return (return) in init(string:relativeTo:) : | url.swift:94:12:94:53 | call to init(string:relativeTo:) : | +| url.swift:95:46:95:46 | urlTainted : | url.swift:9:2:9:43 | [summary param] 1 in init(string:relativeTo:) : | file://:0:0:0:0 | [summary] to write: return (return) in init(string:relativeTo:) : | url.swift:95:15:95:56 | call to init(string:relativeTo:) : | +| url.swift:95:46:95:46 | urlTainted : | url.swift:9:24:9:39 | relativeTo : | file://:0:0:0:0 | [summary] to write: return (return) in init(string:relativeTo:) : | url.swift:95:15:95:56 | call to init(string:relativeTo:) : | +| url.swift:96:46:96:46 | urlTainted : | url.swift:9:2:9:43 | [summary param] 1 in init(string:relativeTo:) : | file://:0:0:0:0 | [summary] to write: return (return) in init(string:relativeTo:) : | url.swift:96:15:96:56 | call to init(string:relativeTo:) : | +| url.swift:96:46:96:46 | urlTainted : | url.swift:9:24:9:39 | relativeTo : | file://:0:0:0:0 | [summary] to write: return (return) in init(string:relativeTo:) : | url.swift:96:15:96:56 | call to init(string:relativeTo:) : | +| url.swift:97:46:97:46 | urlTainted : | url.swift:9:2:9:43 | [summary param] 1 in init(string:relativeTo:) : | file://:0:0:0:0 | [summary] to write: return (return) in init(string:relativeTo:) : | url.swift:97:15:97:56 | call to init(string:relativeTo:) : | +| url.swift:97:46:97:46 | urlTainted : | url.swift:9:24:9:39 | relativeTo : | file://:0:0:0:0 | [summary] to write: return (return) in init(string:relativeTo:) : | url.swift:97:15:97:56 | call to init(string:relativeTo:) : | +| url.swift:98:46:98:46 | urlTainted : | url.swift:9:2:9:43 | [summary param] 1 in init(string:relativeTo:) : | file://:0:0:0:0 | [summary] to write: return (return) in init(string:relativeTo:) : | url.swift:98:15:98:56 | call to init(string:relativeTo:) : | +| url.swift:98:46:98:46 | urlTainted : | url.swift:9:24:9:39 | relativeTo : | file://:0:0:0:0 | [summary] to write: return (return) in init(string:relativeTo:) : | url.swift:98:15:98:56 | call to init(string:relativeTo:) : | +| url.swift:99:43:99:43 | urlTainted : | url.swift:9:2:9:43 | [summary param] 1 in init(string:relativeTo:) : | file://:0:0:0:0 | [summary] to write: return (return) in init(string:relativeTo:) : | url.swift:99:12:99:53 | call to init(string:relativeTo:) : | +| url.swift:99:43:99:43 | urlTainted : | url.swift:9:24:9:39 | relativeTo : | file://:0:0:0:0 | [summary] to write: return (return) in init(string:relativeTo:) : | url.swift:99:12:99:53 | call to init(string:relativeTo:) : | +| url.swift:100:43:100:43 | urlTainted : | url.swift:9:2:9:43 | [summary param] 1 in init(string:relativeTo:) : | file://:0:0:0:0 | [summary] to write: return (return) in init(string:relativeTo:) : | url.swift:100:12:100:53 | call to init(string:relativeTo:) : | +| url.swift:100:43:100:43 | urlTainted : | url.swift:9:24:9:39 | relativeTo : | file://:0:0:0:0 | [summary] to write: return (return) in init(string:relativeTo:) : | url.swift:100:12:100:53 | call to init(string:relativeTo:) : | +| url.swift:101:46:101:46 | urlTainted : | url.swift:9:2:9:43 | [summary param] 1 in init(string:relativeTo:) : | file://:0:0:0:0 | [summary] to write: return (return) in init(string:relativeTo:) : | url.swift:101:15:101:56 | call to init(string:relativeTo:) : | +| url.swift:101:46:101:46 | urlTainted : | url.swift:9:24:9:39 | relativeTo : | file://:0:0:0:0 | [summary] to write: return (return) in init(string:relativeTo:) : | url.swift:101:15:101:56 | call to init(string:relativeTo:) : | +| url.swift:102:46:102:46 | urlTainted : | url.swift:9:2:9:43 | [summary param] 1 in init(string:relativeTo:) : | file://:0:0:0:0 | [summary] to write: return (return) in init(string:relativeTo:) : | url.swift:102:15:102:56 | call to init(string:relativeTo:) : | +| url.swift:102:46:102:46 | urlTainted : | url.swift:9:24:9:39 | relativeTo : | file://:0:0:0:0 | [summary] to write: return (return) in init(string:relativeTo:) : | url.swift:102:15:102:56 | call to init(string:relativeTo:) : | +| url.swift:117:28:117:28 | tainted : | url.swift:8:2:8:25 | [summary param] 0 in init(string:) : | file://:0:0:0:0 | [summary] to write: return (return) in init(string:) : | url.swift:117:16:117:35 | call to init(string:) : | +| url.swift:117:28:117:28 | tainted : | url.swift:8:8:8:16 | string : | file://:0:0:0:0 | [summary] to write: return (return) in init(string:) : | url.swift:117:16:117:35 | call to init(string:) : | #select | string.swift:7:13:7:13 | "..." | string.swift:5:11:5:18 | call to source() : | string.swift:7:13:7:13 | "..." | result | | string.swift:9:13:9:13 | "..." | string.swift:5:11:5:18 | call to source() : | string.swift:9:13:9:13 | "..." | result | @@ -115,11 +315,46 @@ subpaths | string.swift:35:13:35:23 | ... .+(_:_:) ... | string.swift:28:17:28:25 | call to source2() : | string.swift:35:13:35:23 | ... .+(_:_:) ... | result | | string.swift:36:13:36:23 | ... .+(_:_:) ... | string.swift:28:17:28:25 | call to source2() : | string.swift:36:13:36:23 | ... .+(_:_:) ... | result | | string.swift:39:13:39:29 | ... .+(_:_:) ... | string.swift:28:17:28:25 | call to source2() : | string.swift:39:13:39:29 | ... .+(_:_:) ... | result | +| subscript.swift:13:10:13:20 | ...[...] | subscript.swift:13:10:13:17 | call to source() : | subscript.swift:13:10:13:20 | ...[...] | result | +| subscript.swift:14:10:14:21 | ...[...] | subscript.swift:14:10:14:18 | call to source2() : | subscript.swift:14:10:14:21 | ...[...] | result | | try.swift:9:13:9:24 | try ... | try.swift:9:17:9:24 | call to source() : | try.swift:9:13:9:24 | try ... | result | | try.swift:15:12:15:24 | try! ... | try.swift:15:17:15:24 | call to source() : | try.swift:15:12:15:24 | try! ... | result | | try.swift:18:12:18:27 | ...! | try.swift:18:18:18:25 | call to source() : | try.swift:18:12:18:27 | ...! | result | -| url.swift:44:12:44:12 | urlTainted | url.swift:39:16:39:23 | call to source() : | url.swift:44:12:44:12 | urlTainted | result | -| url.swift:47:12:47:49 | ...! | url.swift:39:16:39:23 | call to source() : | url.swift:47:12:47:49 | ...! | result | -| url.swift:49:12:49:54 | ...! | url.swift:39:16:39:23 | call to source() : | url.swift:49:12:49:54 | ...! | result | -| url.swift:65:12:65:12 | ...! | url.swift:39:16:39:23 | call to source() : | url.swift:65:12:65:12 | ...! | result | -| url.swift:68:15:68:19 | ...! | url.swift:39:16:39:23 | call to source() : | url.swift:68:15:68:19 | ...! | result | +| url.swift:62:12:62:12 | urlTainted | url.swift:57:16:57:23 | call to source() : | url.swift:62:12:62:12 | urlTainted | result | +| url.swift:64:12:64:23 | .absoluteURL | url.swift:57:16:57:23 | call to source() : | url.swift:64:12:64:23 | .absoluteURL | result | +| url.swift:65:12:65:23 | .baseURL | url.swift:57:16:57:23 | call to source() : | url.swift:65:12:65:23 | .baseURL | result | +| url.swift:66:15:66:34 | ...! | url.swift:57:16:57:23 | call to source() : | url.swift:66:15:66:34 | ...! | result | +| url.swift:67:15:67:30 | ...! | url.swift:57:16:57:23 | call to source() : | url.swift:67:15:67:30 | ...! | result | +| url.swift:68:15:68:26 | .lastPathComponent | url.swift:57:16:57:23 | call to source() : | url.swift:68:15:68:26 | .lastPathComponent | result | +| url.swift:69:15:69:26 | .path | url.swift:57:16:57:23 | call to source() : | url.swift:69:15:69:26 | .path | result | +| url.swift:70:15:70:42 | ...[...] | url.swift:57:16:57:23 | call to source() : | url.swift:70:15:70:42 | ...[...] | result | +| url.swift:71:15:71:26 | .pathExtension | url.swift:57:16:57:23 | call to source() : | url.swift:71:15:71:26 | .pathExtension | result | +| url.swift:72:12:72:27 | ...! | url.swift:57:16:57:23 | call to source() : | url.swift:72:12:72:27 | ...! | result | +| url.swift:73:15:73:31 | ...! | url.swift:57:16:57:23 | call to source() : | url.swift:73:15:73:31 | ...! | result | +| url.swift:74:15:74:26 | .relativePath | url.swift:57:16:57:23 | call to source() : | url.swift:74:15:74:26 | .relativePath | result | +| url.swift:75:15:75:26 | .relativeString | url.swift:57:16:57:23 | call to source() : | url.swift:75:15:75:26 | .relativeString | result | +| url.swift:76:15:76:32 | ...! | url.swift:57:16:57:23 | call to source() : | url.swift:76:15:76:32 | ...! | result | +| url.swift:77:12:77:23 | .standardized | url.swift:57:16:57:23 | call to source() : | url.swift:77:12:77:23 | .standardized | result | +| url.swift:78:12:78:23 | .standardizedFileURL | url.swift:57:16:57:23 | call to source() : | url.swift:78:12:78:23 | .standardizedFileURL | result | +| url.swift:79:15:79:30 | ...! | url.swift:57:16:57:23 | call to source() : | url.swift:79:15:79:30 | ...! | result | +| url.swift:80:15:80:34 | ...! | url.swift:57:16:57:23 | call to source() : | url.swift:80:15:80:34 | ...! | result | +| url.swift:83:12:83:49 | ...! | url.swift:57:16:57:23 | call to source() : | url.swift:83:12:83:49 | ...! | result | +| url.swift:86:12:86:56 | .absoluteURL | url.swift:57:16:57:23 | call to source() : | url.swift:86:12:86:56 | .absoluteURL | result | +| url.swift:87:12:87:56 | .baseURL | url.swift:57:16:57:23 | call to source() : | url.swift:87:12:87:56 | .baseURL | result | +| url.swift:88:15:88:67 | ...! | url.swift:57:16:57:23 | call to source() : | url.swift:88:15:88:67 | ...! | result | +| url.swift:89:15:89:63 | ...! | url.swift:57:16:57:23 | call to source() : | url.swift:89:15:89:63 | ...! | result | +| url.swift:90:15:90:59 | .lastPathComponent | url.swift:57:16:57:23 | call to source() : | url.swift:90:15:90:59 | .lastPathComponent | result | +| url.swift:91:15:91:59 | .path | url.swift:57:16:57:23 | call to source() : | url.swift:91:15:91:59 | .path | result | +| url.swift:92:15:92:75 | ...[...] | url.swift:57:16:57:23 | call to source() : | url.swift:92:15:92:75 | ...[...] | result | +| url.swift:93:15:93:59 | .pathExtension | url.swift:57:16:57:23 | call to source() : | url.swift:93:15:93:59 | .pathExtension | result | +| url.swift:94:12:94:60 | ...! | url.swift:57:16:57:23 | call to source() : | url.swift:94:12:94:60 | ...! | result | +| url.swift:95:15:95:64 | ...! | url.swift:57:16:57:23 | call to source() : | url.swift:95:15:95:64 | ...! | result | +| url.swift:96:15:96:59 | .relativePath | url.swift:57:16:57:23 | call to source() : | url.swift:96:15:96:59 | .relativePath | result | +| url.swift:97:15:97:59 | .relativeString | url.swift:57:16:57:23 | call to source() : | url.swift:97:15:97:59 | .relativeString | result | +| url.swift:98:15:98:65 | ...! | url.swift:57:16:57:23 | call to source() : | url.swift:98:15:98:65 | ...! | result | +| url.swift:99:12:99:56 | .standardized | url.swift:57:16:57:23 | call to source() : | url.swift:99:12:99:56 | .standardized | result | +| url.swift:100:12:100:56 | .standardizedFileURL | url.swift:57:16:57:23 | call to source() : | url.swift:100:12:100:56 | .standardizedFileURL | result | +| url.swift:101:15:101:63 | ...! | url.swift:57:16:57:23 | call to source() : | url.swift:101:15:101:63 | ...! | result | +| url.swift:102:15:102:67 | ...! | url.swift:57:16:57:23 | call to source() : | url.swift:102:15:102:67 | ...! | result | +| url.swift:118:12:118:12 | ...! | url.swift:57:16:57:23 | call to source() : | url.swift:118:12:118:12 | ...! | result | +| url.swift:121:15:121:19 | ...! | url.swift:57:16:57:23 | call to source() : | url.swift:121:15:121:19 | ...! | result | diff --git a/swift/ql/test/library-tests/dataflow/taint/subscript.swift b/swift/ql/test/library-tests/dataflow/taint/subscript.swift new file mode 100644 index 00000000000..d41b755a978 --- /dev/null +++ b/swift/ql/test/library-tests/dataflow/taint/subscript.swift @@ -0,0 +1,15 @@ +class SubscriptTest { + subscript(index: Int) -> String { + get { return "" } + set(newValue) {} + } +} + +func source() -> Array { return [""] } +func source2() -> SubscriptTest { return SubscriptTest() } +func sink(arg: String) {} + +func test() { + sink(source()[0]) // $ tainted=13 + sink(source2()[0]) // $ tainted=14 +} diff --git a/swift/ql/test/library-tests/dataflow/taint/url.swift b/swift/ql/test/library-tests/dataflow/taint/url.swift index c6839bd79ca..ecabb4e0cfb 100644 --- a/swift/ql/test/library-tests/dataflow/taint/url.swift +++ b/swift/ql/test/library-tests/dataflow/taint/url.swift @@ -7,6 +7,23 @@ struct URL { init?(string: String) {} init?(string: String, relativeTo: URL?) {} + var absoluteURL: URL { get {return URL(string: "")!} } + var baseURL: URL { get {return URL(string: "")!} } + var fragment: String? { get {return nil} } + var host: String? { get {return nil} } + var lastPathComponent: String { get {return ""} } + var path: String { get {return ""} } + var pathComponents: [String] { get {return [""]} } + var pathExtension: String { get {return ""} } + var port: Int? { get {return nil} } + var query: String? { get {return nil} } + var relativePath: String { get {return ""} } + var relativeString: String { get {return ""} } + var scheme: String? { get {return nil} } + var standardized: URL { get {return URL(string: "")!} } + var standardizedFileURL: URL { get {return URL(string: "")!} } + var user: String? { get {return nil} } + var password: String? { get {return nil} } } class Data @@ -33,6 +50,7 @@ func source() -> String { return "" } func sink(arg: URL) {} func sink(data: Data) {} func sink(string: String) {} +func sink(int: Int) {} func taintThroughURL() { let clean = "http://example.com/" @@ -41,19 +59,54 @@ func taintThroughURL() { let urlTainted = URL(string: tainted)! sink(arg: urlClean) - sink(arg: urlTainted) // $ tainted=39 + sink(arg: urlTainted) // $ tainted=57 + // Fields + sink(arg: urlTainted.absoluteURL) // $ tainted=57 + sink(arg: urlTainted.baseURL) // $ SPURIOUS: $ tainted=57 + sink(string: urlTainted.fragment!) // $ tainted=57 + sink(string: urlTainted.host!) // $ tainted=57 + sink(string: urlTainted.lastPathComponent) // $ tainted=57 + sink(string: urlTainted.path) // $ tainted=57 + sink(string: urlTainted.pathComponents[0]) // $ tainted=57 + sink(string: urlTainted.pathExtension) // $ tainted=57 + sink(int: urlTainted.port!) // $ tainted=57 + sink(string: urlTainted.query!) // $ tainted=57 + sink(string: urlTainted.relativePath) // $ tainted=57 + sink(string: urlTainted.relativeString) // $ tainted=57 + sink(string: urlTainted.scheme!) // $ tainted=57 + sink(arg: urlTainted.standardized) // $ tainted=57 + sink(arg: urlTainted.standardizedFileURL) // $ tainted=57 + sink(string: urlTainted.user!) // $ tainted=57 + sink(string: urlTainted.password!) // $ tainted=57 sink(arg: URL(string: clean, relativeTo: nil)!) - sink(arg: URL(string: tainted, relativeTo: nil)!) // $ tainted=39 + sink(arg: URL(string: tainted, relativeTo: nil)!) // $ tainted=57 sink(arg: URL(string: clean, relativeTo: urlClean)!) - sink(arg: URL(string: clean, relativeTo: urlTainted)!) // $ tainted=39 + // Fields (assuming `clean` was a relative path instead of a full URL) + sink(arg: URL(string: clean, relativeTo: urlTainted)!.absoluteURL) // $ tainted=57 + sink(arg: URL(string: clean, relativeTo: urlTainted)!.baseURL) // $ tainted=57 + sink(string: URL(string: clean, relativeTo: urlTainted)!.fragment!) // $ SPURIOUS: $ tainted=57 + sink(string: URL(string: clean, relativeTo: urlTainted)!.host!) // $ tainted=57 + sink(string: URL(string: clean, relativeTo: urlTainted)!.lastPathComponent) // $ SPURIOUS: $ tainted=57 + sink(string: URL(string: clean, relativeTo: urlTainted)!.path) // $ SPURIOUS: $ tainted=57 + sink(string: URL(string: clean, relativeTo: urlTainted)!.pathComponents[0]) // $ SPURIOUS: $ tainted=57 + sink(string: URL(string: clean, relativeTo: urlTainted)!.pathExtension) // $ SPURIOUS: $ tainted=57 + sink(int: URL(string: clean, relativeTo: urlTainted)!.port!) // $ tainted=57 + sink(string: URL(string: clean, relativeTo: urlTainted)!.query!) // $ SPURIOUS: $ tainted=57 + sink(string: URL(string: clean, relativeTo: urlTainted)!.relativePath) // $ SPURIOUS: $ tainted=57 + sink(string: URL(string: clean, relativeTo: urlTainted)!.relativeString) // $ SPURIOUS: $ tainted=57 + sink(string: URL(string: clean, relativeTo: urlTainted)!.scheme!) // $ tainted=57 + sink(arg: URL(string: clean, relativeTo: urlTainted)!.standardized) // $ tainted=57 + sink(arg: URL(string: clean, relativeTo: urlTainted)!.standardizedFileURL) // $ tainted=57 + sink(string: URL(string: clean, relativeTo: urlTainted)!.user!) // $ tainted=57 + sink(string: URL(string: clean, relativeTo: urlTainted)!.password!) // $ tainted=57 if let x = URL(string: clean) { sink(arg: x) } if let y = URL(string: tainted) { - sink(arg: y) // $ MISSING: tainted=39 + sink(arg: y) // $ MISSING: tainted=57 } var urlClean2 : URL! @@ -62,9 +115,9 @@ func taintThroughURL() { var urlTainted2 : URL! urlTainted2 = URL(string: tainted) - sink(arg: urlTainted2) // $ tainted=39 + sink(arg: urlTainted2) // $ tainted=57 let task = URLSession.shared.dataTask(with: urlTainted) { (data, response, error) in - sink(data: data!) // $ tainted=39 + sink(data: data!) // $ tainted=57 } } diff --git a/swift/ql/test/library-tests/elements/location/location.expected b/swift/ql/test/library-tests/elements/location/location.expected new file mode 100644 index 00000000000..85c6381c638 --- /dev/null +++ b/swift/ql/test/library-tests/elements/location/location.expected @@ -0,0 +1,4 @@ +| file://:0:0:0:0 | UnknownLocation | +| location.swift:2:1:3:1 | location.swift:2:1:3:1 | +| location.swift:2:11:2:14 | location.swift:2:11:2:14 | +| location.swift:2:19:3:1 | location.swift:2:19:3:1 | diff --git a/swift/ql/test/library-tests/elements/location/location.ql b/swift/ql/test/library-tests/elements/location/location.ql new file mode 100644 index 00000000000..1d0b80f6bc1 --- /dev/null +++ b/swift/ql/test/library-tests/elements/location/location.ql @@ -0,0 +1,4 @@ +import swift + +from Location l +select l diff --git a/swift/ql/test/library-tests/elements/location/location.swift b/swift/ql/test/library-tests/elements/location/location.swift new file mode 100644 index 00000000000..3f50ef39770 --- /dev/null +++ b/swift/ql/test/library-tests/elements/location/location.swift @@ -0,0 +1,3 @@ + +func test(x: Int) { +} diff --git a/swift/ql/test/query-tests/Security/CWE-312/CleartextStoragePreferences.expected b/swift/ql/test/query-tests/Security/CWE-312/CleartextStoragePreferences.expected new file mode 100644 index 00000000000..035453270ae --- /dev/null +++ b/swift/ql/test/query-tests/Security/CWE-312/CleartextStoragePreferences.expected @@ -0,0 +1,52 @@ +edges +| testNSUbiquitousKeyValueStore.swift:41:24:41:24 | x : | testNSUbiquitousKeyValueStore.swift:42:40:42:40 | x | +| testNSUbiquitousKeyValueStore.swift:44:10:44:22 | call to getPassword() : | testNSUbiquitousKeyValueStore.swift:45:40:45:40 | y | +| testNSUbiquitousKeyValueStore.swift:55:10:55:10 | passwd : | testNSUbiquitousKeyValueStore.swift:59:40:59:40 | x | +| testNSUbiquitousKeyValueStore.swift:56:10:56:10 | passwd : | testNSUbiquitousKeyValueStore.swift:60:40:60:40 | y | +| testNSUbiquitousKeyValueStore.swift:57:10:57:10 | passwd : | testNSUbiquitousKeyValueStore.swift:61:40:61:40 | z | +| testUserDefaults.swift:41:24:41:24 | x : | testUserDefaults.swift:42:28:42:28 | x | +| testUserDefaults.swift:44:10:44:22 | call to getPassword() : | testUserDefaults.swift:45:28:45:28 | y | +| testUserDefaults.swift:55:10:55:10 | passwd : | testUserDefaults.swift:59:28:59:28 | x | +| testUserDefaults.swift:56:10:56:10 | passwd : | testUserDefaults.swift:60:28:60:28 | y | +| testUserDefaults.swift:57:10:57:10 | passwd : | testUserDefaults.swift:61:28:61:28 | z | +nodes +| testNSUbiquitousKeyValueStore.swift:28:12:28:12 | password | semmle.label | password | +| testNSUbiquitousKeyValueStore.swift:41:24:41:24 | x : | semmle.label | x : | +| testNSUbiquitousKeyValueStore.swift:42:40:42:40 | x | semmle.label | x | +| testNSUbiquitousKeyValueStore.swift:44:10:44:22 | call to getPassword() : | semmle.label | call to getPassword() : | +| testNSUbiquitousKeyValueStore.swift:45:40:45:40 | y | semmle.label | y | +| testNSUbiquitousKeyValueStore.swift:49:40:49:42 | .password | semmle.label | .password | +| testNSUbiquitousKeyValueStore.swift:55:10:55:10 | passwd : | semmle.label | passwd : | +| testNSUbiquitousKeyValueStore.swift:56:10:56:10 | passwd : | semmle.label | passwd : | +| testNSUbiquitousKeyValueStore.swift:57:10:57:10 | passwd : | semmle.label | passwd : | +| testNSUbiquitousKeyValueStore.swift:59:40:59:40 | x | semmle.label | x | +| testNSUbiquitousKeyValueStore.swift:60:40:60:40 | y | semmle.label | y | +| testNSUbiquitousKeyValueStore.swift:61:40:61:40 | z | semmle.label | z | +| testUserDefaults.swift:28:15:28:15 | password | semmle.label | password | +| testUserDefaults.swift:41:24:41:24 | x : | semmle.label | x : | +| testUserDefaults.swift:42:28:42:28 | x | semmle.label | x | +| testUserDefaults.swift:44:10:44:22 | call to getPassword() : | semmle.label | call to getPassword() : | +| testUserDefaults.swift:45:28:45:28 | y | semmle.label | y | +| testUserDefaults.swift:49:28:49:30 | .password | semmle.label | .password | +| testUserDefaults.swift:55:10:55:10 | passwd : | semmle.label | passwd : | +| testUserDefaults.swift:56:10:56:10 | passwd : | semmle.label | passwd : | +| testUserDefaults.swift:57:10:57:10 | passwd : | semmle.label | passwd : | +| testUserDefaults.swift:59:28:59:28 | x | semmle.label | x | +| testUserDefaults.swift:60:28:60:28 | y | semmle.label | y | +| testUserDefaults.swift:61:28:61:28 | z | semmle.label | z | +subpaths +#select +| testNSUbiquitousKeyValueStore.swift:28:12:28:12 | password | testNSUbiquitousKeyValueStore.swift:28:12:28:12 | password | testNSUbiquitousKeyValueStore.swift:28:12:28:12 | password | This operation stores 'password' in iCloud. It may contain unencrypted sensitive data from $@. | testNSUbiquitousKeyValueStore.swift:28:12:28:12 | password | password | +| testNSUbiquitousKeyValueStore.swift:42:40:42:40 | x | testNSUbiquitousKeyValueStore.swift:41:24:41:24 | x : | testNSUbiquitousKeyValueStore.swift:42:40:42:40 | x | This operation stores 'x' in iCloud. It may contain unencrypted sensitive data from $@. | testNSUbiquitousKeyValueStore.swift:41:24:41:24 | x : | x | +| testNSUbiquitousKeyValueStore.swift:45:40:45:40 | y | testNSUbiquitousKeyValueStore.swift:44:10:44:22 | call to getPassword() : | testNSUbiquitousKeyValueStore.swift:45:40:45:40 | y | This operation stores 'y' in iCloud. It may contain unencrypted sensitive data from $@. | testNSUbiquitousKeyValueStore.swift:44:10:44:22 | call to getPassword() : | call to getPassword() | +| testNSUbiquitousKeyValueStore.swift:49:40:49:42 | .password | testNSUbiquitousKeyValueStore.swift:49:40:49:42 | .password | testNSUbiquitousKeyValueStore.swift:49:40:49:42 | .password | This operation stores '.password' in iCloud. It may contain unencrypted sensitive data from $@. | testNSUbiquitousKeyValueStore.swift:49:40:49:42 | .password | .password | +| testNSUbiquitousKeyValueStore.swift:59:40:59:40 | x | testNSUbiquitousKeyValueStore.swift:55:10:55:10 | passwd : | testNSUbiquitousKeyValueStore.swift:59:40:59:40 | x | This operation stores 'x' in iCloud. It may contain unencrypted sensitive data from $@. | testNSUbiquitousKeyValueStore.swift:55:10:55:10 | passwd : | passwd | +| testNSUbiquitousKeyValueStore.swift:60:40:60:40 | y | testNSUbiquitousKeyValueStore.swift:56:10:56:10 | passwd : | testNSUbiquitousKeyValueStore.swift:60:40:60:40 | y | This operation stores 'y' in iCloud. It may contain unencrypted sensitive data from $@. | testNSUbiquitousKeyValueStore.swift:56:10:56:10 | passwd : | passwd | +| testNSUbiquitousKeyValueStore.swift:61:40:61:40 | z | testNSUbiquitousKeyValueStore.swift:57:10:57:10 | passwd : | testNSUbiquitousKeyValueStore.swift:61:40:61:40 | z | This operation stores 'z' in iCloud. It may contain unencrypted sensitive data from $@. | testNSUbiquitousKeyValueStore.swift:57:10:57:10 | passwd : | passwd | +| testUserDefaults.swift:28:15:28:15 | password | testUserDefaults.swift:28:15:28:15 | password | testUserDefaults.swift:28:15:28:15 | password | This operation stores 'password' in the user defaults database. It may contain unencrypted sensitive data from $@. | testUserDefaults.swift:28:15:28:15 | password | password | +| testUserDefaults.swift:42:28:42:28 | x | testUserDefaults.swift:41:24:41:24 | x : | testUserDefaults.swift:42:28:42:28 | x | This operation stores 'x' in the user defaults database. It may contain unencrypted sensitive data from $@. | testUserDefaults.swift:41:24:41:24 | x : | x | +| testUserDefaults.swift:45:28:45:28 | y | testUserDefaults.swift:44:10:44:22 | call to getPassword() : | testUserDefaults.swift:45:28:45:28 | y | This operation stores 'y' in the user defaults database. It may contain unencrypted sensitive data from $@. | testUserDefaults.swift:44:10:44:22 | call to getPassword() : | call to getPassword() | +| testUserDefaults.swift:49:28:49:30 | .password | testUserDefaults.swift:49:28:49:30 | .password | testUserDefaults.swift:49:28:49:30 | .password | This operation stores '.password' in the user defaults database. It may contain unencrypted sensitive data from $@. | testUserDefaults.swift:49:28:49:30 | .password | .password | +| testUserDefaults.swift:59:28:59:28 | x | testUserDefaults.swift:55:10:55:10 | passwd : | testUserDefaults.swift:59:28:59:28 | x | This operation stores 'x' in the user defaults database. It may contain unencrypted sensitive data from $@. | testUserDefaults.swift:55:10:55:10 | passwd : | passwd | +| testUserDefaults.swift:60:28:60:28 | y | testUserDefaults.swift:56:10:56:10 | passwd : | testUserDefaults.swift:60:28:60:28 | y | This operation stores 'y' in the user defaults database. It may contain unencrypted sensitive data from $@. | testUserDefaults.swift:56:10:56:10 | passwd : | passwd | +| testUserDefaults.swift:61:28:61:28 | z | testUserDefaults.swift:57:10:57:10 | passwd : | testUserDefaults.swift:61:28:61:28 | z | This operation stores 'z' in the user defaults database. It may contain unencrypted sensitive data from $@. | testUserDefaults.swift:57:10:57:10 | passwd : | passwd | diff --git a/swift/ql/test/query-tests/Security/CWE-312/CleartextStoragePreferences.qlref b/swift/ql/test/query-tests/Security/CWE-312/CleartextStoragePreferences.qlref new file mode 100644 index 00000000000..574e0e17232 --- /dev/null +++ b/swift/ql/test/query-tests/Security/CWE-312/CleartextStoragePreferences.qlref @@ -0,0 +1 @@ +queries/Security/CWE-312/CleartextStoragePreferences.ql diff --git a/swift/ql/test/query-tests/Security/CWE-312/testNSUbiquitousKeyValueStore.swift b/swift/ql/test/query-tests/Security/CWE-312/testNSUbiquitousKeyValueStore.swift new file mode 100644 index 00000000000..20627a6483b --- /dev/null +++ b/swift/ql/test/query-tests/Security/CWE-312/testNSUbiquitousKeyValueStore.swift @@ -0,0 +1,70 @@ + +// --- stubs --- + +class NSObject +{ +} + +class NSUbiquitousKeyValueStore : NSObject +{ + class var `default`: NSUbiquitousKeyValueStore { + return NSUbiquitousKeyValueStore() + } + + func set(_ anObject: Any?, forKey aKey: String) {} +} + +func encrypt(_ data: String) -> String { return data } +func hash(data: inout String) { } + +func getPassword() -> String { return "" } +func doSomething(password: String) { } + +// --- tests --- + +func test1(password: String, passwordHash : String) { + let store = NSUbiquitousKeyValueStore.default + + store.set(password, forKey: "myKey") // BAD + store.set(passwordHash, forKey: "myKey") // GOOD (not sensitive) +} + +class MyClass { + var harmless = "abc" + var password = "123" +} + +func test3(x: String) { + // alternative evidence of sensitivity... + + NSUbiquitousKeyValueStore.default.set(x, forKey: "myKey") // BAD [NOT REPORTED] + doSomething(password: x); + NSUbiquitousKeyValueStore.default.set(x, forKey: "myKey") // BAD + + let y = getPassword(); + NSUbiquitousKeyValueStore.default.set(y, forKey: "myKey") // BAD + + let z = MyClass() + NSUbiquitousKeyValueStore.default.set(z.harmless, forKey: "myKey") // GOOD (not sensitive) + NSUbiquitousKeyValueStore.default.set(z.password, forKey: "myKey") // BAD +} + +func test4(passwd: String) { + // sanitizers... + + var x = passwd; + var y = passwd; + var z = passwd; + + NSUbiquitousKeyValueStore.default.set(x, forKey: "myKey") // BAD + NSUbiquitousKeyValueStore.default.set(y, forKey: "myKey") // BAD + NSUbiquitousKeyValueStore.default.set(z, forKey: "myKey") // BAD + + x = encrypt(x); + hash(data: &y); + z = ""; + + NSUbiquitousKeyValueStore.default.set(x, forKey: "myKey") // GOOD (not sensitive) + NSUbiquitousKeyValueStore.default.set(y, forKey: "myKey") // GOOD (not sensitive) + NSUbiquitousKeyValueStore.default.set(z, forKey: "myKey") // GOOD (not sensitive) +} diff --git a/swift/ql/test/query-tests/Security/CWE-312/testUserDefaults.swift b/swift/ql/test/query-tests/Security/CWE-312/testUserDefaults.swift new file mode 100644 index 00000000000..343b5a9f0a1 --- /dev/null +++ b/swift/ql/test/query-tests/Security/CWE-312/testUserDefaults.swift @@ -0,0 +1,70 @@ + +// --- stubs --- + +class NSObject +{ +} + +class UserDefaults : NSObject +{ + class var standard: UserDefaults { + return UserDefaults() + } + + func set(_ value: Any?, forKey defaultName: String) {} +} + +func encrypt(_ data: String) -> String { return data } +func hash(data: inout String) { } + +func getPassword() -> String { return "" } +func doSomething(password: String) { } + +// --- tests --- + +func test1(password: String, passwordHash : String) { + let defaults = UserDefaults.standard + + defaults.set(password, forKey: "myKey") // BAD + defaults.set(passwordHash, forKey: "myKey") // GOOD (not sensitive) +} + +class MyClass { + var harmless = "abc" + var password = "123" +} + +func test3(x: String) { + // alternative evidence of sensitivity... + + UserDefaults.standard.set(x, forKey: "myKey") // BAD [NOT REPORTED] + doSomething(password: x); + UserDefaults.standard.set(x, forKey: "myKey") // BAD + + let y = getPassword(); + UserDefaults.standard.set(y, forKey: "myKey") // BAD + + let z = MyClass() + UserDefaults.standard.set(z.harmless, forKey: "myKey") // GOOD (not sensitive) + UserDefaults.standard.set(z.password, forKey: "myKey") // BAD +} + +func test4(passwd: String) { + // sanitizers... + + var x = passwd; + var y = passwd; + var z = passwd; + + UserDefaults.standard.set(x, forKey: "myKey") // BAD + UserDefaults.standard.set(y, forKey: "myKey") // BAD + UserDefaults.standard.set(z, forKey: "myKey") // BAD + + x = encrypt(x); + hash(data: &y); + z = ""; + + UserDefaults.standard.set(x, forKey: "myKey") // GOOD (not sensitive) + UserDefaults.standard.set(y, forKey: "myKey") // GOOD (not sensitive) + UserDefaults.standard.set(z, forKey: "myKey") // GOOD (not sensitive) +} diff --git a/swift/ql/test/query-tests/Security/CWE-321/HardcodedEncryptionKey.expected b/swift/ql/test/query-tests/Security/CWE-321/HardcodedEncryptionKey.expected new file mode 100644 index 00000000000..74d135c89b2 --- /dev/null +++ b/swift/ql/test/query-tests/Security/CWE-321/HardcodedEncryptionKey.expected @@ -0,0 +1,65 @@ +edges +| test.swift:76:3:76:3 | this string is constant : | test.swift:92:18:92:36 | call to getConstantString() : | +| test.swift:90:26:90:121 | [...] : | test.swift:117:22:117:22 | key | +| test.swift:90:26:90:121 | [...] : | test.swift:118:22:118:22 | key | +| test.swift:90:26:90:121 | [...] : | test.swift:128:26:128:26 | key | +| test.swift:90:26:90:121 | [...] : | test.swift:135:25:135:25 | key | +| test.swift:90:26:90:121 | [...] : | test.swift:140:25:140:25 | key | +| test.swift:90:26:90:121 | [...] : | test.swift:145:26:145:26 | key | +| test.swift:90:26:90:121 | [...] : | test.swift:150:26:150:26 | key | +| test.swift:90:26:90:121 | [...] : | test.swift:151:26:151:26 | key | +| test.swift:90:26:90:121 | [...] : | test.swift:161:24:161:24 | key | +| test.swift:90:26:90:121 | [...] : | test.swift:163:24:163:24 | key | +| test.swift:92:18:92:36 | call to getConstantString() : | test.swift:108:21:108:21 | keyString | +| test.swift:92:18:92:36 | call to getConstantString() : | test.swift:109:21:109:21 | keyString | +| test.swift:92:18:92:36 | call to getConstantString() : | test.swift:119:22:119:22 | keyString | +| test.swift:92:18:92:36 | call to getConstantString() : | test.swift:120:22:120:22 | keyString | +| test.swift:92:18:92:36 | call to getConstantString() : | test.swift:129:26:129:26 | keyString | +| test.swift:92:18:92:36 | call to getConstantString() : | test.swift:152:26:152:26 | keyString | +| test.swift:92:18:92:36 | call to getConstantString() : | test.swift:153:26:153:26 | keyString | +| test.swift:92:18:92:36 | call to getConstantString() : | test.swift:162:24:162:24 | keyString | +| test.swift:92:18:92:36 | call to getConstantString() : | test.swift:164:24:164:24 | keyString | +nodes +| test.swift:76:3:76:3 | this string is constant : | semmle.label | this string is constant : | +| test.swift:90:26:90:121 | [...] : | semmle.label | [...] : | +| test.swift:92:18:92:36 | call to getConstantString() : | semmle.label | call to getConstantString() : | +| test.swift:108:21:108:21 | keyString | semmle.label | keyString | +| test.swift:109:21:109:21 | keyString | semmle.label | keyString | +| test.swift:117:22:117:22 | key | semmle.label | key | +| test.swift:118:22:118:22 | key | semmle.label | key | +| test.swift:119:22:119:22 | keyString | semmle.label | keyString | +| test.swift:120:22:120:22 | keyString | semmle.label | keyString | +| test.swift:128:26:128:26 | key | semmle.label | key | +| test.swift:129:26:129:26 | keyString | semmle.label | keyString | +| test.swift:135:25:135:25 | key | semmle.label | key | +| test.swift:140:25:140:25 | key | semmle.label | key | +| test.swift:145:26:145:26 | key | semmle.label | key | +| test.swift:150:26:150:26 | key | semmle.label | key | +| test.swift:151:26:151:26 | key | semmle.label | key | +| test.swift:152:26:152:26 | keyString | semmle.label | keyString | +| test.swift:153:26:153:26 | keyString | semmle.label | keyString | +| test.swift:161:24:161:24 | key | semmle.label | key | +| test.swift:162:24:162:24 | keyString | semmle.label | keyString | +| test.swift:163:24:163:24 | key | semmle.label | key | +| test.swift:164:24:164:24 | keyString | semmle.label | keyString | +subpaths +#select +| test.swift:108:21:108:21 | keyString | test.swift:76:3:76:3 | this string is constant : | test.swift:108:21:108:21 | keyString | The key 'keyString' has been initialized with hard-coded values from $@. | test.swift:76:3:76:3 | this string is constant : | this string is constant | +| test.swift:109:21:109:21 | keyString | test.swift:76:3:76:3 | this string is constant : | test.swift:109:21:109:21 | keyString | The key 'keyString' has been initialized with hard-coded values from $@. | test.swift:76:3:76:3 | this string is constant : | this string is constant | +| test.swift:117:22:117:22 | key | test.swift:90:26:90:121 | [...] : | test.swift:117:22:117:22 | key | The key 'key' has been initialized with hard-coded values from $@. | test.swift:90:26:90:121 | [...] : | [...] | +| test.swift:118:22:118:22 | key | test.swift:90:26:90:121 | [...] : | test.swift:118:22:118:22 | key | The key 'key' has been initialized with hard-coded values from $@. | test.swift:90:26:90:121 | [...] : | [...] | +| test.swift:119:22:119:22 | keyString | test.swift:76:3:76:3 | this string is constant : | test.swift:119:22:119:22 | keyString | The key 'keyString' has been initialized with hard-coded values from $@. | test.swift:76:3:76:3 | this string is constant : | this string is constant | +| test.swift:120:22:120:22 | keyString | test.swift:76:3:76:3 | this string is constant : | test.swift:120:22:120:22 | keyString | The key 'keyString' has been initialized with hard-coded values from $@. | test.swift:76:3:76:3 | this string is constant : | this string is constant | +| test.swift:128:26:128:26 | key | test.swift:90:26:90:121 | [...] : | test.swift:128:26:128:26 | key | The key 'key' has been initialized with hard-coded values from $@. | test.swift:90:26:90:121 | [...] : | [...] | +| test.swift:129:26:129:26 | keyString | test.swift:76:3:76:3 | this string is constant : | test.swift:129:26:129:26 | keyString | The key 'keyString' has been initialized with hard-coded values from $@. | test.swift:76:3:76:3 | this string is constant : | this string is constant | +| test.swift:135:25:135:25 | key | test.swift:90:26:90:121 | [...] : | test.swift:135:25:135:25 | key | The key 'key' has been initialized with hard-coded values from $@. | test.swift:90:26:90:121 | [...] : | [...] | +| test.swift:140:25:140:25 | key | test.swift:90:26:90:121 | [...] : | test.swift:140:25:140:25 | key | The key 'key' has been initialized with hard-coded values from $@. | test.swift:90:26:90:121 | [...] : | [...] | +| test.swift:145:26:145:26 | key | test.swift:90:26:90:121 | [...] : | test.swift:145:26:145:26 | key | The key 'key' has been initialized with hard-coded values from $@. | test.swift:90:26:90:121 | [...] : | [...] | +| test.swift:150:26:150:26 | key | test.swift:90:26:90:121 | [...] : | test.swift:150:26:150:26 | key | The key 'key' has been initialized with hard-coded values from $@. | test.swift:90:26:90:121 | [...] : | [...] | +| test.swift:151:26:151:26 | key | test.swift:90:26:90:121 | [...] : | test.swift:151:26:151:26 | key | The key 'key' has been initialized with hard-coded values from $@. | test.swift:90:26:90:121 | [...] : | [...] | +| test.swift:152:26:152:26 | keyString | test.swift:76:3:76:3 | this string is constant : | test.swift:152:26:152:26 | keyString | The key 'keyString' has been initialized with hard-coded values from $@. | test.swift:76:3:76:3 | this string is constant : | this string is constant | +| test.swift:153:26:153:26 | keyString | test.swift:76:3:76:3 | this string is constant : | test.swift:153:26:153:26 | keyString | The key 'keyString' has been initialized with hard-coded values from $@. | test.swift:76:3:76:3 | this string is constant : | this string is constant | +| test.swift:161:24:161:24 | key | test.swift:90:26:90:121 | [...] : | test.swift:161:24:161:24 | key | The key 'key' has been initialized with hard-coded values from $@. | test.swift:90:26:90:121 | [...] : | [...] | +| test.swift:162:24:162:24 | keyString | test.swift:76:3:76:3 | this string is constant : | test.swift:162:24:162:24 | keyString | The key 'keyString' has been initialized with hard-coded values from $@. | test.swift:76:3:76:3 | this string is constant : | this string is constant | +| test.swift:163:24:163:24 | key | test.swift:90:26:90:121 | [...] : | test.swift:163:24:163:24 | key | The key 'key' has been initialized with hard-coded values from $@. | test.swift:90:26:90:121 | [...] : | [...] | +| test.swift:164:24:164:24 | keyString | test.swift:76:3:76:3 | this string is constant : | test.swift:164:24:164:24 | keyString | The key 'keyString' has been initialized with hard-coded values from $@. | test.swift:76:3:76:3 | this string is constant : | this string is constant | \ No newline at end of file diff --git a/swift/ql/test/query-tests/Security/CWE-321/HardcodedEncryptionKey.qlref b/swift/ql/test/query-tests/Security/CWE-321/HardcodedEncryptionKey.qlref new file mode 100644 index 00000000000..92bca37534a --- /dev/null +++ b/swift/ql/test/query-tests/Security/CWE-321/HardcodedEncryptionKey.qlref @@ -0,0 +1 @@ +queries/Security/CWE-321/HardcodedEncryptionKey.ql diff --git a/swift/ql/test/query-tests/Security/CWE-321/test.swift b/swift/ql/test/query-tests/Security/CWE-321/test.swift new file mode 100644 index 00000000000..edc92821bd2 --- /dev/null +++ b/swift/ql/test/query-tests/Security/CWE-321/test.swift @@ -0,0 +1,170 @@ + +// --- stubs --- + +// These stubs roughly follows the same structure as classes from CryptoSwift +class AES +{ + init(key: Array, blockMode: BlockMode, padding: Padding) { } + init(key: Array, blockMode: BlockMode) { } + init(key: String, iv: String) { } + init(key: String, iv: String, padding: Padding) { } +} + +class Blowfish +{ + init(key: Array, blockMode: BlockMode, padding: Padding) { } + init(key: Array, blockMode: BlockMode) { } + init(key: String, iv: String) { } + init(key: String, iv: String, padding: Padding) { } +} + +class HMAC +{ + init(key: Array) { } + init(key: Array, variant: Variant) { } + init(key: String) { } + init(key: String, variant: Variant) { } +} + +class ChaCha20 +{ + init(key: Array, iv: Array) { } + init(key: String, iv: String) { } +} + +class CBCMAC +{ + init(key: Array) { } +} + +class CMAC +{ + init(key: Array) { } +} + +class Poly1305 +{ + init(key: Array) { } +} + +class Rabbit +{ + init(key: Array) { } + init(key: String) { } + init(key: Array, iv: Array) { } + init(key: String, iv: String) { } +} + +enum Variant { + case md5, sha1, sha2, sha3 +} + +protocol BlockMode { } + +struct CBC: BlockMode { + init() { } +} + +protocol PaddingProtocol { } + +enum Padding: PaddingProtocol { + case noPadding, zeroPadding, pkcs7, pkcs5, eme_pkcs1v15, emsa_pkcs1v15, iso78164, iso10126 +} + +// Helper functions +func getConstantString() -> String { + "this string is constant" +} + +func getConstantArray() -> Array { + [UInt8](getConstantString().utf8) +} + +func getRandomArray() -> Array { + (0..<10).map({ _ in UInt8.random(in: 0...UInt8.max) }) +} + +// --- tests --- + +func test() { + let key: Array = [0x2a, 0x3a, 0x80, 0x05, 0xaf, 0x46, 0x58, 0x2d, 0x66, 0x52, 0x10, 0xae, 0x86, 0xd3, 0x8e, 0x8f] + let key2 = getConstantArray() + let keyString = getConstantString() + + let randomArray = getRandomArray() + let randomKey = getRandomArray() + let randomKeyString = String(cString: getRandomArray()) + + let blockMode = CBC() + let padding = Padding.noPadding + let variant = Variant.sha2 + + let iv = getRandomArray() + let ivString = String(cString: iv) + + // AES test cases + let ab1 = AES(key: key2, blockMode: blockMode, padding: padding) // BAD [NOT DETECTED] + let ab2 = AES(key: key2, blockMode: blockMode) // BAD [NOT DETECTED] + let ab3 = AES(key: keyString, iv: ivString) // BAD + let ab4 = AES(key: keyString, iv: ivString, padding: padding) // BAD + + let ag1 = AES(key: randomKey, blockMode: blockMode, padding: padding) // GOOD + let ag2 = AES(key: randomKey, blockMode: blockMode) // GOOD + let ag3 = AES(key: randomKeyString, iv: ivString) // GOOD + let ag4 = AES(key: randomKeyString, iv: ivString, padding: padding) // GOOD + + // HMAC test cases + let hb1 = HMAC(key: key) // BAD + let hb2 = HMAC(key: key, variant: variant) // BAD + let hb3 = HMAC(key: keyString) // BAD + let hb4 = HMAC(key: keyString, variant: variant) // BAD + + let hg1 = HMAC(key: randomKey) // GOOD + let hg2 = HMAC(key: randomKey, variant: variant) // GOOD + let hg3 = HMAC(key: randomKeyString) // GOOD + let hg4 = HMAC(key: randomKeyString, variant: variant) // GOOD + + // ChaCha20 test cases + let cb1 = ChaCha20(key: key, iv: iv) // BAD + let cb2 = ChaCha20(key: keyString, iv: ivString) // BAD + + let cg1 = ChaCha20(key: randomKey, iv: iv) // GOOD + let cg2 = ChaCha20(key: randomKeyString, iv: ivString) // GOOD + + // CBCMAC test cases + let cmb1 = CBCMAC(key: key) // BAD + + let cmg1 = CBCMAC(key: randomKey) // GOOD + + // CMAC test cases + let cmacb1 = CMAC(key: key) // BAD + + let cmacg1 = CMAC(key: randomKey) // GOOD + + // Poly1305 test cases + let pb1 = Poly1305(key: key) // BAD + + let pg1 = Poly1305(key: randomKey) // GOOD + + // Blowfish test cases + let bb1 = Blowfish(key: key, blockMode: blockMode, padding: padding) // BAD + let bb2 = Blowfish(key: key, blockMode: blockMode) // BAD + let bb3 = Blowfish(key: keyString, iv: ivString) // BAD + let bb4 = Blowfish(key: keyString, iv: ivString, padding: padding) // BAD + + let bg1 = Blowfish(key: randomKey, blockMode: blockMode, padding: padding) // GOOD + let bg2 = Blowfish(key: randomKey, blockMode: blockMode) // GOOD + let bg3 = Blowfish(key: randomKeyString, iv: ivString) // GOOD + let bg4 = Blowfish(key: randomKeyString, iv: ivString, padding: padding) // GOOD + + // Rabbit + let rb1 = Rabbit(key: key) // BAD + let rb2 = Rabbit(key: keyString) // BAD + let rb3 = Rabbit(key: key, iv: iv) // BAD + let rb4 = Rabbit(key: keyString, iv: ivString) // BAD + + let rg1 = Rabbit(key: randomKey) // GOOD + let rg2 = Rabbit(key: randomKeyString) // GOOD + let rg3 = Rabbit(key: randomKey, iv: iv) // GOOD + let rg4 = Rabbit(key: randomKeyString, iv: ivString) // GOOD +} diff --git a/swift/schema.py b/swift/schema.py index 0f7bbced493..e1483e6555c 100644 --- a/swift/schema.py +++ b/swift/schema.py @@ -310,6 +310,7 @@ class IfExpr(Expr): then_expr: Expr | child else_expr: Expr | child +@qltest.collapse_hierarchy class ImplicitConversionExpr(Expr): sub_expr: Expr | child diff --git a/swift/tools/autobuild.sh b/swift/tools/autobuild.sh new file mode 100755 index 00000000000..e16f2153656 --- /dev/null +++ b/swift/tools/autobuild.sh @@ -0,0 +1,8 @@ +#!/bin/bash + +if [[ "$OSTYPE" == "darwin"* ]]; then + exec "${CODEQL_EXTRACTOR_SWIFT_ROOT}/tools/${CODEQL_PLATFORM}/xcode-autobuilder" +else + echo "Not implemented yet" + exit 1 +fi diff --git a/swift/tools/qltest.sh b/swift/tools/qltest.sh index 2232350c5b0..07a4da9d078 100755 --- a/swift/tools/qltest.sh +++ b/swift/tools/qltest.sh @@ -10,5 +10,7 @@ for src in *.swift; do opts=(-sdk "$CODEQL_EXTRACTOR_SWIFT_ROOT/qltest/$CODEQL_PLATFORM/sdk" -c -primary-file $src) opts+=($(sed -n '1 s=//codeql-extractor-options:==p' $src)) echo -e "calling extractor with flags: ${opts[@]}\n" >> $QLTEST_LOG - "$CODEQL_EXTRACTOR_SWIFT_ROOT/tools/$CODEQL_PLATFORM/extractor" "${opts[@]}" >> $QLTEST_LOG 2>&1 + "$CODEQL_EXTRACTOR_SWIFT_ROOT/tools/$CODEQL_PLATFORM/extractor" "${opts[@]}" >> $QLTEST_LOG 2>&1 || FAILED=1 done + +[ -z "$FAILED" ] || cat "$QLTEST_LOG" # Show compiler errors on extraction failure diff --git a/swift/tools/tracing-config.lua b/swift/tools/tracing-config.lua index d9343285099..3c090fa15b2 100644 --- a/swift/tools/tracing-config.lua +++ b/swift/tools/tracing-config.lua @@ -12,7 +12,7 @@ function RegisterExtractorPack(id) return nil end - -- removes upsupported CLI arg including the following how_many args + -- removes unsupported CLI arg including the following how_many args function strip_unsupported_arg(args, arg, how_many) local index = indexOf(args, arg) if index then diff --git a/swift/xcode-autobuilder/BUILD.bazel b/swift/xcode-autobuilder/BUILD.bazel new file mode 100644 index 00000000000..116d11cbfab --- /dev/null +++ b/swift/xcode-autobuilder/BUILD.bazel @@ -0,0 +1,22 @@ +load("//swift:rules.bzl", "swift_cc_binary") +load("//misc/bazel/cmake:cmake.bzl", "generate_cmake") + +swift_cc_binary( + name = "xcode-autobuilder", + srcs = glob([ + "*.cpp", + "*.h", + ]), + visibility = ["//swift:__subpackages__"], + linkopts = [ + "-lxml2", + "-framework CoreFoundation", + ], + target_compatible_with = ["@platforms//os:macos"], +) + +generate_cmake( + name = "cmake", + targets = [":xcode-autobuilder"], + visibility = ["//visibility:public"], +) diff --git a/swift/xcode-autobuilder/CFHelpers.cpp b/swift/xcode-autobuilder/CFHelpers.cpp new file mode 100644 index 00000000000..7ca19c7b2b2 --- /dev/null +++ b/swift/xcode-autobuilder/CFHelpers.cpp @@ -0,0 +1,41 @@ +#include "swift/xcode-autobuilder/CFHelpers.h" + +#include + +typedef CFTypeID (*cf_get_type_id)(); + +template +CFType cf_cast(const void* ptr) { + if (!ptr) { + return nullptr; + } + if (CFGetTypeID(ptr) != get_type_id()) { + std::cerr << "Unexpected type: "; + CFShow(ptr); + abort(); + } + return static_cast(ptr); +} + +CFStringRef cf_string_ref(const void* ptr) { + return cf_cast(ptr); +} + +CFArrayRef cf_array_ref(const void* ptr) { + return cf_cast(ptr); +} +CFDictionaryRef cf_dictionary_ref(const void* ptr) { + return cf_cast(ptr); +} + +std::string stringValueForKey(CFDictionaryRef dict, CFStringRef key) { + auto cfValue = cf_string_ref(CFDictionaryGetValue(dict, key)); + if (cfValue) { + const int bufferSize = 256; + char buf[bufferSize]; + if (CFStringGetCString(cfValue, buf, bufferSize, kCFStringEncodingUTF8)) { + return {buf}; + } + } + return {}; +} diff --git a/swift/xcode-autobuilder/CFHelpers.h b/swift/xcode-autobuilder/CFHelpers.h new file mode 100644 index 00000000000..012f7d6983b --- /dev/null +++ b/swift/xcode-autobuilder/CFHelpers.h @@ -0,0 +1,24 @@ +#pragma once + +#include +#include +#include + +CFStringRef cf_string_ref(const void* ptr); +CFArrayRef cf_array_ref(const void* ptr); +CFDictionaryRef cf_dictionary_ref(const void* ptr); + +std::string stringValueForKey(CFDictionaryRef dict, CFStringRef key); + +struct CFKeyValues { + static CFKeyValues fromDictionary(CFDictionaryRef dict) { + auto size = CFDictionaryGetCount(dict); + CFKeyValues ret(size); + CFDictionaryGetKeysAndValues(dict, ret.keys.data(), ret.values.data()); + return ret; + } + explicit CFKeyValues(size_t size) : size(size), keys(size), values(size) {} + size_t size; + std::vector keys; + std::vector values; +}; diff --git a/swift/xcode-autobuilder/XcodeBuildRunner.cpp b/swift/xcode-autobuilder/XcodeBuildRunner.cpp new file mode 100644 index 00000000000..cbc99592d24 --- /dev/null +++ b/swift/xcode-autobuilder/XcodeBuildRunner.cpp @@ -0,0 +1,65 @@ +#include "swift/xcode-autobuilder/XcodeBuildRunner.h" + +#include +#include +#include + +static int waitpid_status(pid_t child) { + int status; + while (waitpid(child, &status, 0) == -1) { + if (errno != EINTR) break; + } + return status; +} + +extern char** environ; + +static bool exec(const std::vector& argv) { + const char** c_argv = (const char**)calloc(argv.size() + 1, sizeof(char*)); + for (size_t i = 0; i < argv.size(); i++) { + c_argv[i] = argv[i].c_str(); + } + c_argv[argv.size()] = nullptr; + + pid_t pid = 0; + if (posix_spawn(&pid, argv.front().c_str(), nullptr, nullptr, (char* const*)c_argv, environ) != + 0) { + std::cerr << "[xcode autobuilder] posix_spawn failed: " << strerror(errno) << "\n"; + free(c_argv); + return false; + } + free(c_argv); + int status = waitpid_status(pid); + if (!WIFEXITED(status) || WEXITSTATUS(status) != 0) { + return false; + } + return true; +} + +void buildTarget(Target& target, bool dryRun) { + std::vector argv({"/usr/bin/xcodebuild", "build"}); + if (!target.workspace.empty()) { + argv.push_back("-workspace"); + argv.push_back(target.workspace); + argv.push_back("-scheme"); + } else { + argv.push_back("-project"); + argv.push_back(target.project); + argv.push_back("-target"); + } + argv.push_back(target.name); + argv.push_back("CODE_SIGNING_REQUIRED=NO"); + argv.push_back("CODE_SIGNING_ALLOWED=NO"); + + if (dryRun) { + for (auto& arg : argv) { + std::cout << arg + " "; + } + std::cout << "\n"; + } else { + if (!exec(argv)) { + std::cerr << "Build failed\n"; + exit(1); + } + } +} diff --git a/swift/xcode-autobuilder/XcodeBuildRunner.h b/swift/xcode-autobuilder/XcodeBuildRunner.h new file mode 100644 index 00000000000..6994b8ba175 --- /dev/null +++ b/swift/xcode-autobuilder/XcodeBuildRunner.h @@ -0,0 +1,5 @@ +#pragma once + +#include "swift/xcode-autobuilder/XcodeTarget.h" + +void buildTarget(Target& target, bool dryRun); diff --git a/swift/xcode-autobuilder/XcodeProjectParser.cpp b/swift/xcode-autobuilder/XcodeProjectParser.cpp new file mode 100644 index 00000000000..5fb20ad625a --- /dev/null +++ b/swift/xcode-autobuilder/XcodeProjectParser.cpp @@ -0,0 +1,273 @@ +#include "swift/xcode-autobuilder/XcodeProjectParser.h" +#include "swift/xcode-autobuilder/XcodeWorkspaceParser.h" +#include "swift/xcode-autobuilder/CFHelpers.h" + +#include +#include +#include +#include +#include +#include + +namespace fs = std::filesystem; + +struct TargetData { + std::string workspace; + std::string project; + std::string type; +}; + +typedef std::unordered_map Targets; +typedef std::unordered_map> Dependencies; +typedef std::unordered_map>> + BuildFiles; + +static size_t totalFilesCount(const std::string& target, + const Dependencies& dependencies, + const BuildFiles& buildFiles) { + size_t sum = buildFiles.at(target).size(); + for (auto& dep : dependencies.at(target)) { + sum += totalFilesCount(dep, dependencies, buildFiles); + } + return sum; +} + +static bool objectIsTarget(CFDictionaryRef object) { + auto isa = cf_string_ref(CFDictionaryGetValue(object, CFSTR("isa"))); + if (isa) { + for (auto target : + {CFSTR("PBXAggregateTarget"), CFSTR("PBXNativeTarget"), CFSTR("PBXLegacyTarget")}) { + if (CFStringCompare(isa, target, 0) == kCFCompareEqualTo) { + return true; + } + } + } + return false; +} + +static void mapTargetsToSourceFiles(CFDictionaryRef objects, + std::unordered_map& fileCounts) { + Targets targets; + Dependencies dependencies; + BuildFiles buildFiles; + + auto kv = CFKeyValues::fromDictionary(objects); + for (size_t i = 0; i < kv.size; i++) { + auto object = cf_dictionary_ref(kv.values[i]); + if (objectIsTarget(object)) { + auto name = stringValueForKey(object, CFSTR("name")); + dependencies[name] = {}; + buildFiles[name] = {}; + targets.emplace(name, object); + } + } + + for (auto& [targetName, targetObject] : targets) { + auto deps = cf_array_ref(CFDictionaryGetValue(targetObject, CFSTR("dependencies"))); + auto size = CFArrayGetCount(deps); + for (CFIndex i = 0; i < size; i++) { + auto dependencyID = cf_string_ref(CFArrayGetValueAtIndex(deps, i)); + auto dependency = cf_dictionary_ref(CFDictionaryGetValue(objects, dependencyID)); + auto targetID = cf_string_ref(CFDictionaryGetValue(dependency, CFSTR("target"))); + if (!targetID) { + // Skipping non-targets (e.g., productRef) + continue; + } + auto targetDependency = cf_dictionary_ref(CFDictionaryGetValue(objects, targetID)); + auto dependencyName = stringValueForKey(targetDependency, CFSTR("name")); + if (!dependencyName.empty()) { + dependencies[targetName].push_back(dependencyName); + } + } + } + + for (auto& [targetName, targetObject] : targets) { + auto buildPhases = cf_array_ref(CFDictionaryGetValue(targetObject, CFSTR("buildPhases"))); + auto buildPhaseCount = CFArrayGetCount(buildPhases); + for (CFIndex buildPhaseIndex = 0; buildPhaseIndex < buildPhaseCount; buildPhaseIndex++) { + auto buildPhaseID = cf_string_ref(CFArrayGetValueAtIndex(buildPhases, buildPhaseIndex)); + auto buildPhase = cf_dictionary_ref(CFDictionaryGetValue(objects, buildPhaseID)); + auto fileRefs = cf_array_ref(CFDictionaryGetValue(buildPhase, CFSTR("files"))); + if (!fileRefs) { + continue; + } + auto fileRefsCount = CFArrayGetCount(fileRefs); + for (CFIndex fileRefIndex = 0; fileRefIndex < fileRefsCount; fileRefIndex++) { + auto fileRefID = cf_string_ref(CFArrayGetValueAtIndex(fileRefs, fileRefIndex)); + auto fileRef = cf_dictionary_ref(CFDictionaryGetValue(objects, fileRefID)); + auto fileID = cf_string_ref(CFDictionaryGetValue(fileRef, CFSTR("fileRef"))); + if (!fileID) { + // FileRef is not a reference to a file (e.g., PBXBuildFile) + continue; + } + auto file = cf_dictionary_ref(CFDictionaryGetValue(objects, fileID)); + if (!file) { + // Sometimes the references file belongs to another project, which is not present for + // various reasons + continue; + } + auto isa = stringValueForKey(file, CFSTR("isa")); + if (isa != "PBXFileReference") { + // Skipping anything that is not a 'file', e.g. PBXVariantGroup + continue; + } + auto fileType = stringValueForKey(file, CFSTR("lastKnownFileType")); + auto path = stringValueForKey(file, CFSTR("path")); + if (fileType == "sourcecode.swift" && !path.empty()) { + buildFiles[targetName].emplace_back(path, file); + } + } + } + } + + for (auto& [targetName, _] : targets) { + fileCounts[targetName] = totalFilesCount(targetName, dependencies, buildFiles); + } +} + +static CFDictionaryRef xcodeProjectObjects(const std::string& xcodeProject) { + auto allocator = CFAllocatorGetDefault(); + auto pbxproj = fs::path(xcodeProject) / "project.pbxproj"; + if (!fs::exists(pbxproj)) { + return CFDictionaryCreate(allocator, nullptr, nullptr, 0, nullptr, nullptr); + } + std::ifstream ifs(pbxproj, std::ios::in); + std::string content((std::istreambuf_iterator(ifs)), (std::istreambuf_iterator())); + auto data = CFDataCreate(allocator, reinterpret_cast(content.data()), content.size()); + CFErrorRef error = nullptr; + auto plist = CFPropertyListCreateWithData(allocator, data, 0, nullptr, &error); + if (error) { + std::cerr << "[xcode autobuilder] Cannot read Xcode project: "; + CFShow(error); + std::cerr << ": " << pbxproj << "\n"; + return CFDictionaryCreate(allocator, nullptr, nullptr, 0, nullptr, nullptr); + } + + return cf_dictionary_ref(CFDictionaryGetValue((CFDictionaryRef)plist, CFSTR("objects"))); +} + +// Maps each target to the number of Swift source files it contains transitively +static std::unordered_map mapTargetsToSourceFiles( + const std::unordered_map>& workspaces) { + std::unordered_map fileCounts; + for (auto& [workspace, projects] : workspaces) { + // All targets/dependencies should be resolved in the context of the same workspace + // As different projects in the same workspace may reference each other for dependencies + auto allocator = CFAllocatorGetDefault(); + auto allObjects = CFDictionaryCreateMutable(allocator, 0, nullptr, nullptr); + for (auto& project : projects) { + CFDictionaryRef objects = xcodeProjectObjects(project); + auto kv = CFKeyValues::fromDictionary(objects); + for (size_t i = 0; i < kv.size; i++) { + CFDictionaryAddValue(allObjects, kv.keys[i], kv.values[i]); + } + } + mapTargetsToSourceFiles(allObjects, fileCounts); + } + return fileCounts; +} + +static std::vector> readTargets(const std::string& project) { + auto objects = xcodeProjectObjects(project); + std::vector> targets; + auto kv = CFKeyValues::fromDictionary(objects); + for (size_t i = 0; i < kv.size; i++) { + auto object = (CFDictionaryRef)kv.values[i]; + if (objectIsTarget(object)) { + auto name = stringValueForKey(object, CFSTR("name")); + auto type = stringValueForKey(object, CFSTR("productType")); + targets.emplace_back(name, type.empty() ? "" : type); + } + } + return targets; +} + +static std::unordered_map mapTargetsToWorkspace( + const std::unordered_map>& workspaces) { + std::unordered_map targetMapping; + for (auto& [workspace, projects] : workspaces) { + for (auto& project : projects) { + auto targets = readTargets(project); + for (auto& [target, type] : targets) { + targetMapping[target] = TargetData{workspace, project, type}; + } + } + } + return targetMapping; +} + +static std::vector collectFiles(const std::string& workingDir) { + fs::path workDir(workingDir); + std::vector files; + auto iterator = fs::recursive_directory_iterator(workDir); + auto end = fs::recursive_directory_iterator(); + for (; iterator != end; iterator++) { + auto filename = iterator->path().filename(); + if (filename == "DerivedData" || filename == ".git" || filename == "build") { + // Skip these folders + iterator.disable_recursion_pending(); + continue; + } + auto dirEntry = *iterator; + if (!dirEntry.is_directory()) { + continue; + } + if (dirEntry.path().extension() != fs::path(".xcodeproj") && + dirEntry.path().extension() != fs::path(".xcworkspace")) { + continue; + } + files.push_back(dirEntry.path()); + } + return files; +} + +static std::unordered_map> collectWorkspaces( + const std::string& workingDir) { + // Here we are collecting list of all workspaces and Xcode projects corresponding to them + // Projects without workspaces go into the same "empty-workspace" bucket + std::unordered_map> workspaces; + std::unordered_set projectsBelongingToWorkspace; + std::vector files = collectFiles(workingDir); + for (auto& path : files) { + if (path.extension() == ".xcworkspace") { + auto projects = readProjectsFromWorkspace(path.string()); + for (auto& project : projects) { + projectsBelongingToWorkspace.insert(project.string()); + workspaces[path.string()].push_back(project.string()); + } + } + } + // Collect all projects not belonging to any workspace into a separate empty bucket + for (auto& path : files) { + if (path.extension() == ".xcodeproj") { + if (projectsBelongingToWorkspace.count(path.string())) { + continue; + } + workspaces[std::string()].push_back(path.string()); + } + } + return workspaces; +} + +std::vector collectTargets(const std::string& workingDir) { + // Getting a list of workspaces and the project that belong to them + auto workspaces = collectWorkspaces(workingDir); + if (workspaces.empty()) { + std::cerr << "[xcode autobuilder] Xcode project or workspace not found\n"; + exit(1); + } + + // Mapping each target to the workspace/project it belongs to + auto targetMapping = mapTargetsToWorkspace(workspaces); + + // Mapping each target to the number of source files it contains + auto targetFilesMapping = mapTargetsToSourceFiles(workspaces); + + std::vector targets; + + for (auto& [targetName, data] : targetMapping) { + targets.push_back(Target{data.workspace, data.project, targetName, data.type, + targetFilesMapping[targetName]}); + } + return targets; +} diff --git a/swift/xcode-autobuilder/XcodeProjectParser.h b/swift/xcode-autobuilder/XcodeProjectParser.h new file mode 100644 index 00000000000..d2cc9e6a10b --- /dev/null +++ b/swift/xcode-autobuilder/XcodeProjectParser.h @@ -0,0 +1,7 @@ +#pragma once + +#include "swift/xcode-autobuilder/XcodeTarget.h" +#include +#include + +std::vector collectTargets(const std::string& workingDir); diff --git a/swift/xcode-autobuilder/XcodeTarget.h b/swift/xcode-autobuilder/XcodeTarget.h new file mode 100644 index 00000000000..a656b3b0076 --- /dev/null +++ b/swift/xcode-autobuilder/XcodeTarget.h @@ -0,0 +1,11 @@ +#pragma once + +#include + +struct Target { + std::string workspace; + std::string project; + std::string name; + std::string type; + size_t fileCount; +}; diff --git a/swift/xcode-autobuilder/XcodeWorkspaceParser.cpp b/swift/xcode-autobuilder/XcodeWorkspaceParser.cpp new file mode 100644 index 00000000000..c315ba3831b --- /dev/null +++ b/swift/xcode-autobuilder/XcodeWorkspaceParser.cpp @@ -0,0 +1,62 @@ +#include +#include +#include +#include "swift/xcode-autobuilder/XcodeWorkspaceParser.h" + +/* +Extracts FileRef locations from an XML of the following form: + + + + + + + + */ +std::vector readProjectsFromWorkspace(const std::string& workspace) { + fs::path workspacePath(workspace); + auto workspaceData = workspacePath / "contents.xcworkspacedata"; + if (!fs::exists(workspaceData)) { + std::cerr << "[xcode autobuilder] Cannot read workspace: file does not exist '" << workspaceData + << "\n"; + return {}; + } + + auto xmlDoc = xmlParseFile(workspaceData.c_str()); + if (!xmlDoc) { + std::cerr << "[xcode autobuilder] Cannot parse workspace file '" << workspaceData << "\n"; + return {}; + } + auto root = xmlDocGetRootElement(xmlDoc); + auto first = xmlFirstElementChild(root); + auto last = xmlLastElementChild(root); + std::vector children; + for (; first != last; first = xmlNextElementSibling(first)) { + children.push_back(first); + } + children.push_back(first); + std::vector locations; + for (auto child : children) { + if (child) { + auto prop = xmlGetProp(child, xmlCharStrdup("location")); + if (prop) { + locations.emplace_back((char*)prop); + } + } + } + xmlFreeDoc(xmlDoc); + + std::vector projects; + for (auto& location : locations) { + auto colon = location.find(':'); + if (colon != std::string::npos) { + auto project = location.substr(colon + 1); + if (!project.empty()) { + auto fullPath = workspacePath.parent_path() / project; + projects.push_back(fullPath); + } + } + } + + return projects; +} diff --git a/swift/xcode-autobuilder/XcodeWorkspaceParser.h b/swift/xcode-autobuilder/XcodeWorkspaceParser.h new file mode 100644 index 00000000000..78dd4de0fc3 --- /dev/null +++ b/swift/xcode-autobuilder/XcodeWorkspaceParser.h @@ -0,0 +1,9 @@ +#pragma once + +#include +#include +#include + +namespace fs = std::filesystem; + +std::vector readProjectsFromWorkspace(const std::string& workspace); diff --git a/swift/xcode-autobuilder/tests/.gitignore b/swift/xcode-autobuilder/tests/.gitignore new file mode 100644 index 00000000000..82cb4a684b9 --- /dev/null +++ b/swift/xcode-autobuilder/tests/.gitignore @@ -0,0 +1,4 @@ +xcuserdata +build +*.actual +IDEWorkspaceChecks.plist diff --git a/swift/xcode-autobuilder/tests/BUILD.bazel b/swift/xcode-autobuilder/tests/BUILD.bazel new file mode 100644 index 00000000000..579f96546cd --- /dev/null +++ b/swift/xcode-autobuilder/tests/BUILD.bazel @@ -0,0 +1,21 @@ +[ + py_test( + name = test_dir + '-test', + size = "small", + srcs = ['autobuild_tester.py'], + main = 'autobuild_tester.py', + data = [ + "//swift/xcode-autobuilder", + test_dir, + ] + glob([test_dir + '/**/*']), + args = [ + '$(location //swift/xcode-autobuilder)', + '$(location %s)' % test_dir, + ] + ) + for test_dir in glob(["*"], exclude_directories=0, exclude=['*.*', '.*']) +] + +test_suite( + name='tests' +) diff --git a/swift/xcode-autobuilder/tests/autobuild_tester.py b/swift/xcode-autobuilder/tests/autobuild_tester.py new file mode 100755 index 00000000000..6a909c97d61 --- /dev/null +++ b/swift/xcode-autobuilder/tests/autobuild_tester.py @@ -0,0 +1,22 @@ +#!/usr/bin/env python3 + +import sys +import subprocess +import pathlib +import os + +autobuilder = pathlib.Path(sys.argv[1]).absolute() +test_dir = pathlib.Path(sys.argv[2]) + +expected = test_dir / 'commands.expected' +actual = pathlib.Path('commands.actual') + +with open(actual, 'wb') as out: + ret = subprocess.run([str(autobuilder), '-dry-run', '.'], capture_output=True, check=True, cwd=test_dir) + for line in ret.stdout.splitlines(): + out.write(line.rstrip()) + out.write(b'\n') + +subprocess.run(['diff', '-u', expected, actual], check=True) + +print("SUCCESS!") diff --git a/swift/xcode-autobuilder/tests/hello-autobuilder/commands.expected b/swift/xcode-autobuilder/tests/hello-autobuilder/commands.expected new file mode 100644 index 00000000000..9d2be19b9c4 --- /dev/null +++ b/swift/xcode-autobuilder/tests/hello-autobuilder/commands.expected @@ -0,0 +1 @@ +/usr/bin/xcodebuild build -project ./hello-autobuilder.xcodeproj -target hello-autobuilder CODE_SIGNING_REQUIRED=NO CODE_SIGNING_ALLOWED=NO diff --git a/swift/xcode-autobuilder/tests/hello-autobuilder/hello-autobuilder.xcodeproj/project.pbxproj b/swift/xcode-autobuilder/tests/hello-autobuilder/hello-autobuilder.xcodeproj/project.pbxproj new file mode 100644 index 00000000000..cd83d68ec33 --- /dev/null +++ b/swift/xcode-autobuilder/tests/hello-autobuilder/hello-autobuilder.xcodeproj/project.pbxproj @@ -0,0 +1,361 @@ +// !$*UTF8*$! +{ + archiveVersion = 1; + classes = { + }; + objectVersion = 56; + objects = { + +/* Begin PBXBuildFile section */ + 461725B129002F56000C6B39 /* AppDelegate.swift in Sources */ = {isa = PBXBuildFile; fileRef = 461725B029002F56000C6B39 /* AppDelegate.swift */; }; + 461725B329002F56000C6B39 /* SceneDelegate.swift in Sources */ = {isa = PBXBuildFile; fileRef = 461725B229002F56000C6B39 /* SceneDelegate.swift */; }; + 461725B529002F56000C6B39 /* ViewController.swift in Sources */ = {isa = PBXBuildFile; fileRef = 461725B429002F56000C6B39 /* ViewController.swift */; }; + 461725B829002F56000C6B39 /* Main.storyboard in Resources */ = {isa = PBXBuildFile; fileRef = 461725B629002F56000C6B39 /* Main.storyboard */; }; + 461725BA29002F59000C6B39 /* Assets.xcassets in Resources */ = {isa = PBXBuildFile; fileRef = 461725B929002F59000C6B39 /* Assets.xcassets */; }; + 461725BD29002F59000C6B39 /* LaunchScreen.storyboard in Resources */ = {isa = PBXBuildFile; fileRef = 461725BB29002F59000C6B39 /* LaunchScreen.storyboard */; }; +/* End PBXBuildFile section */ + +/* Begin PBXFileReference section */ + 461725AD29002F56000C6B39 /* hello-autobuilder.app */ = {isa = PBXFileReference; explicitFileType = wrapper.application; includeInIndex = 0; path = "hello-autobuilder.app"; sourceTree = BUILT_PRODUCTS_DIR; }; + 461725B029002F56000C6B39 /* AppDelegate.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = AppDelegate.swift; sourceTree = ""; }; + 461725B229002F56000C6B39 /* SceneDelegate.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = SceneDelegate.swift; sourceTree = ""; }; + 461725B429002F56000C6B39 /* ViewController.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = ViewController.swift; sourceTree = ""; }; + 461725B729002F56000C6B39 /* Base */ = {isa = PBXFileReference; lastKnownFileType = file.storyboard; name = Base; path = Base.lproj/Main.storyboard; sourceTree = ""; }; + 461725B929002F59000C6B39 /* Assets.xcassets */ = {isa = PBXFileReference; lastKnownFileType = folder.assetcatalog; path = Assets.xcassets; sourceTree = ""; }; + 461725BC29002F59000C6B39 /* Base */ = {isa = PBXFileReference; lastKnownFileType = file.storyboard; name = Base; path = Base.lproj/LaunchScreen.storyboard; sourceTree = ""; }; + 461725BE29002F59000C6B39 /* Info.plist */ = {isa = PBXFileReference; lastKnownFileType = text.plist.xml; path = Info.plist; sourceTree = ""; }; +/* End PBXFileReference section */ + +/* Begin PBXFrameworksBuildPhase section */ + 461725AA29002F56000C6B39 /* Frameworks */ = { + isa = PBXFrameworksBuildPhase; + buildActionMask = 2147483647; + files = ( + ); + runOnlyForDeploymentPostprocessing = 0; + }; +/* End PBXFrameworksBuildPhase section */ + +/* Begin PBXGroup section */ + 461725A429002F56000C6B39 = { + isa = PBXGroup; + children = ( + 461725AF29002F56000C6B39 /* hello-autobuilder */, + 461725AE29002F56000C6B39 /* Products */, + ); + sourceTree = ""; + }; + 461725AE29002F56000C6B39 /* Products */ = { + isa = PBXGroup; + children = ( + 461725AD29002F56000C6B39 /* hello-autobuilder.app */, + ); + name = Products; + sourceTree = ""; + }; + 461725AF29002F56000C6B39 /* hello-autobuilder */ = { + isa = PBXGroup; + children = ( + 461725B029002F56000C6B39 /* AppDelegate.swift */, + 461725B229002F56000C6B39 /* SceneDelegate.swift */, + 461725B429002F56000C6B39 /* ViewController.swift */, + 461725B629002F56000C6B39 /* Main.storyboard */, + 461725B929002F59000C6B39 /* Assets.xcassets */, + 461725BB29002F59000C6B39 /* LaunchScreen.storyboard */, + 461725BE29002F59000C6B39 /* Info.plist */, + ); + path = "hello-autobuilder"; + sourceTree = ""; + }; +/* End PBXGroup section */ + +/* Begin PBXNativeTarget section */ + 461725AC29002F56000C6B39 /* hello-autobuilder */ = { + isa = PBXNativeTarget; + buildConfigurationList = 461725C129002F59000C6B39 /* Build configuration list for PBXNativeTarget "hello-autobuilder" */; + buildPhases = ( + 461725A929002F56000C6B39 /* Sources */, + 461725AA29002F56000C6B39 /* Frameworks */, + 461725AB29002F56000C6B39 /* Resources */, + ); + buildRules = ( + ); + dependencies = ( + ); + name = "hello-autobuilder"; + productName = "hello-autobuilder"; + productReference = 461725AD29002F56000C6B39 /* hello-autobuilder.app */; + productType = "com.apple.product-type.application"; + }; +/* End PBXNativeTarget section */ + +/* Begin PBXProject section */ + 461725A529002F56000C6B39 /* Project object */ = { + isa = PBXProject; + attributes = { + BuildIndependentTargetsInParallel = 1; + LastSwiftUpdateCheck = 1400; + LastUpgradeCheck = 1400; + TargetAttributes = { + 461725AC29002F56000C6B39 = { + CreatedOnToolsVersion = 14.0; + }; + }; + }; + buildConfigurationList = 461725A829002F56000C6B39 /* Build configuration list for PBXProject "hello-autobuilder" */; + compatibilityVersion = "Xcode 14.0"; + developmentRegion = en; + hasScannedForEncodings = 0; + knownRegions = ( + en, + Base, + ); + mainGroup = 461725A429002F56000C6B39; + productRefGroup = 461725AE29002F56000C6B39 /* Products */; + projectDirPath = ""; + projectRoot = ""; + targets = ( + 461725AC29002F56000C6B39 /* hello-autobuilder */, + ); + }; +/* End PBXProject section */ + +/* Begin PBXResourcesBuildPhase section */ + 461725AB29002F56000C6B39 /* Resources */ = { + isa = PBXResourcesBuildPhase; + buildActionMask = 2147483647; + files = ( + 461725BD29002F59000C6B39 /* LaunchScreen.storyboard in Resources */, + 461725BA29002F59000C6B39 /* Assets.xcassets in Resources */, + 461725B829002F56000C6B39 /* Main.storyboard in Resources */, + ); + runOnlyForDeploymentPostprocessing = 0; + }; +/* End PBXResourcesBuildPhase section */ + +/* Begin PBXSourcesBuildPhase section */ + 461725A929002F56000C6B39 /* Sources */ = { + isa = PBXSourcesBuildPhase; + buildActionMask = 2147483647; + files = ( + 461725B529002F56000C6B39 /* ViewController.swift in Sources */, + 461725B129002F56000C6B39 /* AppDelegate.swift in Sources */, + 461725B329002F56000C6B39 /* SceneDelegate.swift in Sources */, + ); + runOnlyForDeploymentPostprocessing = 0; + }; +/* End PBXSourcesBuildPhase section */ + +/* Begin PBXVariantGroup section */ + 461725B629002F56000C6B39 /* Main.storyboard */ = { + isa = PBXVariantGroup; + children = ( + 461725B729002F56000C6B39 /* Base */, + ); + name = Main.storyboard; + sourceTree = ""; + }; + 461725BB29002F59000C6B39 /* LaunchScreen.storyboard */ = { + isa = PBXVariantGroup; + children = ( + 461725BC29002F59000C6B39 /* Base */, + ); + name = LaunchScreen.storyboard; + sourceTree = ""; + }; +/* End PBXVariantGroup section */ + +/* Begin XCBuildConfiguration section */ + 461725BF29002F59000C6B39 /* Debug */ = { + isa = XCBuildConfiguration; + buildSettings = { + ALWAYS_SEARCH_USER_PATHS = NO; + CLANG_ANALYZER_NONNULL = YES; + CLANG_ANALYZER_NUMBER_OBJECT_CONVERSION = YES_AGGRESSIVE; + CLANG_CXX_LANGUAGE_STANDARD = "gnu++20"; + CLANG_ENABLE_MODULES = YES; + CLANG_ENABLE_OBJC_ARC = YES; + CLANG_ENABLE_OBJC_WEAK = YES; + CLANG_WARN_BLOCK_CAPTURE_AUTORELEASING = YES; + CLANG_WARN_BOOL_CONVERSION = YES; + CLANG_WARN_COMMA = YES; + CLANG_WARN_CONSTANT_CONVERSION = YES; + CLANG_WARN_DEPRECATED_OBJC_IMPLEMENTATIONS = YES; + CLANG_WARN_DIRECT_OBJC_ISA_USAGE = YES_ERROR; + CLANG_WARN_DOCUMENTATION_COMMENTS = YES; + CLANG_WARN_EMPTY_BODY = YES; + CLANG_WARN_ENUM_CONVERSION = YES; + CLANG_WARN_INFINITE_RECURSION = YES; + CLANG_WARN_INT_CONVERSION = YES; + CLANG_WARN_NON_LITERAL_NULL_CONVERSION = YES; + CLANG_WARN_OBJC_IMPLICIT_RETAIN_SELF = YES; + CLANG_WARN_OBJC_LITERAL_CONVERSION = YES; + CLANG_WARN_OBJC_ROOT_CLASS = YES_ERROR; + CLANG_WARN_QUOTED_INCLUDE_IN_FRAMEWORK_HEADER = YES; + CLANG_WARN_RANGE_LOOP_ANALYSIS = YES; + CLANG_WARN_STRICT_PROTOTYPES = YES; + CLANG_WARN_SUSPICIOUS_MOVE = YES; + CLANG_WARN_UNGUARDED_AVAILABILITY = YES_AGGRESSIVE; + CLANG_WARN_UNREACHABLE_CODE = YES; + CLANG_WARN__DUPLICATE_METHOD_MATCH = YES; + COPY_PHASE_STRIP = NO; + DEBUG_INFORMATION_FORMAT = dwarf; + ENABLE_STRICT_OBJC_MSGSEND = YES; + ENABLE_TESTABILITY = YES; + GCC_C_LANGUAGE_STANDARD = gnu11; + GCC_DYNAMIC_NO_PIC = NO; + GCC_NO_COMMON_BLOCKS = YES; + GCC_OPTIMIZATION_LEVEL = 0; + GCC_PREPROCESSOR_DEFINITIONS = ( + "DEBUG=1", + "$(inherited)", + ); + GCC_WARN_64_TO_32_BIT_CONVERSION = YES; + GCC_WARN_ABOUT_RETURN_TYPE = YES_ERROR; + GCC_WARN_UNDECLARED_SELECTOR = YES; + GCC_WARN_UNINITIALIZED_AUTOS = YES_AGGRESSIVE; + GCC_WARN_UNUSED_FUNCTION = YES; + GCC_WARN_UNUSED_VARIABLE = YES; + IPHONEOS_DEPLOYMENT_TARGET = 16.0; + MTL_ENABLE_DEBUG_INFO = INCLUDE_SOURCE; + MTL_FAST_MATH = YES; + ONLY_ACTIVE_ARCH = YES; + SDKROOT = iphoneos; + SWIFT_ACTIVE_COMPILATION_CONDITIONS = DEBUG; + SWIFT_OPTIMIZATION_LEVEL = "-Onone"; + }; + name = Debug; + }; + 461725C029002F59000C6B39 /* Release */ = { + isa = XCBuildConfiguration; + buildSettings = { + ALWAYS_SEARCH_USER_PATHS = NO; + CLANG_ANALYZER_NONNULL = YES; + CLANG_ANALYZER_NUMBER_OBJECT_CONVERSION = YES_AGGRESSIVE; + CLANG_CXX_LANGUAGE_STANDARD = "gnu++20"; + CLANG_ENABLE_MODULES = YES; + CLANG_ENABLE_OBJC_ARC = YES; + CLANG_ENABLE_OBJC_WEAK = YES; + CLANG_WARN_BLOCK_CAPTURE_AUTORELEASING = YES; + CLANG_WARN_BOOL_CONVERSION = YES; + CLANG_WARN_COMMA = YES; + CLANG_WARN_CONSTANT_CONVERSION = YES; + CLANG_WARN_DEPRECATED_OBJC_IMPLEMENTATIONS = YES; + CLANG_WARN_DIRECT_OBJC_ISA_USAGE = YES_ERROR; + CLANG_WARN_DOCUMENTATION_COMMENTS = YES; + CLANG_WARN_EMPTY_BODY = YES; + CLANG_WARN_ENUM_CONVERSION = YES; + CLANG_WARN_INFINITE_RECURSION = YES; + CLANG_WARN_INT_CONVERSION = YES; + CLANG_WARN_NON_LITERAL_NULL_CONVERSION = YES; + CLANG_WARN_OBJC_IMPLICIT_RETAIN_SELF = YES; + CLANG_WARN_OBJC_LITERAL_CONVERSION = YES; + CLANG_WARN_OBJC_ROOT_CLASS = YES_ERROR; + CLANG_WARN_QUOTED_INCLUDE_IN_FRAMEWORK_HEADER = YES; + CLANG_WARN_RANGE_LOOP_ANALYSIS = YES; + CLANG_WARN_STRICT_PROTOTYPES = YES; + CLANG_WARN_SUSPICIOUS_MOVE = YES; + CLANG_WARN_UNGUARDED_AVAILABILITY = YES_AGGRESSIVE; + CLANG_WARN_UNREACHABLE_CODE = YES; + CLANG_WARN__DUPLICATE_METHOD_MATCH = YES; + COPY_PHASE_STRIP = NO; + DEBUG_INFORMATION_FORMAT = "dwarf-with-dsym"; + ENABLE_NS_ASSERTIONS = NO; + ENABLE_STRICT_OBJC_MSGSEND = YES; + GCC_C_LANGUAGE_STANDARD = gnu11; + GCC_NO_COMMON_BLOCKS = YES; + GCC_WARN_64_TO_32_BIT_CONVERSION = YES; + GCC_WARN_ABOUT_RETURN_TYPE = YES_ERROR; + GCC_WARN_UNDECLARED_SELECTOR = YES; + GCC_WARN_UNINITIALIZED_AUTOS = YES_AGGRESSIVE; + GCC_WARN_UNUSED_FUNCTION = YES; + GCC_WARN_UNUSED_VARIABLE = YES; + IPHONEOS_DEPLOYMENT_TARGET = 16.0; + MTL_ENABLE_DEBUG_INFO = NO; + MTL_FAST_MATH = YES; + SDKROOT = iphoneos; + SWIFT_COMPILATION_MODE = wholemodule; + SWIFT_OPTIMIZATION_LEVEL = "-O"; + VALIDATE_PRODUCT = YES; + }; + name = Release; + }; + 461725C229002F59000C6B39 /* Debug */ = { + isa = XCBuildConfiguration; + buildSettings = { + ASSETCATALOG_COMPILER_APPICON_NAME = AppIcon; + ASSETCATALOG_COMPILER_GLOBAL_ACCENT_COLOR_NAME = AccentColor; + CODE_SIGN_STYLE = Automatic; + CURRENT_PROJECT_VERSION = 1; + GENERATE_INFOPLIST_FILE = YES; + INFOPLIST_FILE = "hello-autobuilder/Info.plist"; + INFOPLIST_KEY_UIApplicationSupportsIndirectInputEvents = YES; + INFOPLIST_KEY_UILaunchStoryboardName = LaunchScreen; + INFOPLIST_KEY_UIMainStoryboardFile = Main; + INFOPLIST_KEY_UISupportedInterfaceOrientations_iPad = "UIInterfaceOrientationPortrait UIInterfaceOrientationPortraitUpsideDown UIInterfaceOrientationLandscapeLeft UIInterfaceOrientationLandscapeRight"; + INFOPLIST_KEY_UISupportedInterfaceOrientations_iPhone = "UIInterfaceOrientationPortrait UIInterfaceOrientationLandscapeLeft UIInterfaceOrientationLandscapeRight"; + LD_RUNPATH_SEARCH_PATHS = ( + "$(inherited)", + "@executable_path/Frameworks", + ); + MARKETING_VERSION = 1.0; + PRODUCT_BUNDLE_IDENTIFIER = "com.github.hello-autobuilder"; + PRODUCT_NAME = "$(TARGET_NAME)"; + SWIFT_EMIT_LOC_STRINGS = YES; + SWIFT_VERSION = 5.0; + TARGETED_DEVICE_FAMILY = "1,2"; + }; + name = Debug; + }; + 461725C329002F59000C6B39 /* Release */ = { + isa = XCBuildConfiguration; + buildSettings = { + ASSETCATALOG_COMPILER_APPICON_NAME = AppIcon; + ASSETCATALOG_COMPILER_GLOBAL_ACCENT_COLOR_NAME = AccentColor; + CODE_SIGN_STYLE = Automatic; + CURRENT_PROJECT_VERSION = 1; + GENERATE_INFOPLIST_FILE = YES; + INFOPLIST_FILE = "hello-autobuilder/Info.plist"; + INFOPLIST_KEY_UIApplicationSupportsIndirectInputEvents = YES; + INFOPLIST_KEY_UILaunchStoryboardName = LaunchScreen; + INFOPLIST_KEY_UIMainStoryboardFile = Main; + INFOPLIST_KEY_UISupportedInterfaceOrientations_iPad = "UIInterfaceOrientationPortrait UIInterfaceOrientationPortraitUpsideDown UIInterfaceOrientationLandscapeLeft UIInterfaceOrientationLandscapeRight"; + INFOPLIST_KEY_UISupportedInterfaceOrientations_iPhone = "UIInterfaceOrientationPortrait UIInterfaceOrientationLandscapeLeft UIInterfaceOrientationLandscapeRight"; + LD_RUNPATH_SEARCH_PATHS = ( + "$(inherited)", + "@executable_path/Frameworks", + ); + MARKETING_VERSION = 1.0; + PRODUCT_BUNDLE_IDENTIFIER = "com.github.hello-autobuilder"; + PRODUCT_NAME = "$(TARGET_NAME)"; + SWIFT_EMIT_LOC_STRINGS = YES; + SWIFT_VERSION = 5.0; + TARGETED_DEVICE_FAMILY = "1,2"; + }; + name = Release; + }; +/* End XCBuildConfiguration section */ + +/* Begin XCConfigurationList section */ + 461725A829002F56000C6B39 /* Build configuration list for PBXProject "hello-autobuilder" */ = { + isa = XCConfigurationList; + buildConfigurations = ( + 461725BF29002F59000C6B39 /* Debug */, + 461725C029002F59000C6B39 /* Release */, + ); + defaultConfigurationIsVisible = 0; + defaultConfigurationName = Release; + }; + 461725C129002F59000C6B39 /* Build configuration list for PBXNativeTarget "hello-autobuilder" */ = { + isa = XCConfigurationList; + buildConfigurations = ( + 461725C229002F59000C6B39 /* Debug */, + 461725C329002F59000C6B39 /* Release */, + ); + defaultConfigurationIsVisible = 0; + defaultConfigurationName = Release; + }; +/* End XCConfigurationList section */ + }; + rootObject = 461725A529002F56000C6B39 /* Project object */; +} diff --git a/swift/xcode-autobuilder/tests/hello-autobuilder/hello-autobuilder.xcodeproj/project.xcworkspace/contents.xcworkspacedata b/swift/xcode-autobuilder/tests/hello-autobuilder/hello-autobuilder.xcodeproj/project.xcworkspace/contents.xcworkspacedata new file mode 100644 index 00000000000..919434a6254 --- /dev/null +++ b/swift/xcode-autobuilder/tests/hello-autobuilder/hello-autobuilder.xcodeproj/project.xcworkspace/contents.xcworkspacedata @@ -0,0 +1,7 @@ + + + + + diff --git a/swift/xcode-autobuilder/tests/hello-workspace/Hello.xcworkspace/contents.xcworkspacedata b/swift/xcode-autobuilder/tests/hello-workspace/Hello.xcworkspace/contents.xcworkspacedata new file mode 100644 index 00000000000..e2673cf5a25 --- /dev/null +++ b/swift/xcode-autobuilder/tests/hello-workspace/Hello.xcworkspace/contents.xcworkspacedata @@ -0,0 +1,7 @@ + + + + + diff --git a/swift/xcode-autobuilder/tests/hello-workspace/commands.expected b/swift/xcode-autobuilder/tests/hello-workspace/commands.expected new file mode 100644 index 00000000000..ad85eb8c24b --- /dev/null +++ b/swift/xcode-autobuilder/tests/hello-workspace/commands.expected @@ -0,0 +1 @@ +/usr/bin/xcodebuild build -workspace ./Hello.xcworkspace -scheme hello-workspace CODE_SIGNING_REQUIRED=NO CODE_SIGNING_ALLOWED=NO diff --git a/swift/xcode-autobuilder/tests/hello-workspace/hello-workspace.xcodeproj/project.pbxproj b/swift/xcode-autobuilder/tests/hello-workspace/hello-workspace.xcodeproj/project.pbxproj new file mode 100644 index 00000000000..d286ee8baa9 --- /dev/null +++ b/swift/xcode-autobuilder/tests/hello-workspace/hello-workspace.xcodeproj/project.pbxproj @@ -0,0 +1,361 @@ +// !$*UTF8*$! +{ + archiveVersion = 1; + classes = { + }; + objectVersion = 56; + objects = { + +/* Begin PBXBuildFile section */ + 4612C555290039E500FD51FB /* AppDelegate.swift in Sources */ = {isa = PBXBuildFile; fileRef = 4612C554290039E500FD51FB /* AppDelegate.swift */; }; + 4612C557290039E600FD51FB /* SceneDelegate.swift in Sources */ = {isa = PBXBuildFile; fileRef = 4612C556290039E600FD51FB /* SceneDelegate.swift */; }; + 4612C559290039E600FD51FB /* ViewController.swift in Sources */ = {isa = PBXBuildFile; fileRef = 4612C558290039E600FD51FB /* ViewController.swift */; }; + 4612C55C290039E600FD51FB /* Main.storyboard in Resources */ = {isa = PBXBuildFile; fileRef = 4612C55A290039E600FD51FB /* Main.storyboard */; }; + 4612C55E290039E700FD51FB /* Assets.xcassets in Resources */ = {isa = PBXBuildFile; fileRef = 4612C55D290039E700FD51FB /* Assets.xcassets */; }; + 4612C561290039E700FD51FB /* LaunchScreen.storyboard in Resources */ = {isa = PBXBuildFile; fileRef = 4612C55F290039E700FD51FB /* LaunchScreen.storyboard */; }; +/* End PBXBuildFile section */ + +/* Begin PBXFileReference section */ + 4612C551290039E500FD51FB /* hello-workspace.app */ = {isa = PBXFileReference; explicitFileType = wrapper.application; includeInIndex = 0; path = "hello-workspace.app"; sourceTree = BUILT_PRODUCTS_DIR; }; + 4612C554290039E500FD51FB /* AppDelegate.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = AppDelegate.swift; sourceTree = ""; }; + 4612C556290039E600FD51FB /* SceneDelegate.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = SceneDelegate.swift; sourceTree = ""; }; + 4612C558290039E600FD51FB /* ViewController.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = ViewController.swift; sourceTree = ""; }; + 4612C55B290039E600FD51FB /* Base */ = {isa = PBXFileReference; lastKnownFileType = file.storyboard; name = Base; path = Base.lproj/Main.storyboard; sourceTree = ""; }; + 4612C55D290039E700FD51FB /* Assets.xcassets */ = {isa = PBXFileReference; lastKnownFileType = folder.assetcatalog; path = Assets.xcassets; sourceTree = ""; }; + 4612C560290039E700FD51FB /* Base */ = {isa = PBXFileReference; lastKnownFileType = file.storyboard; name = Base; path = Base.lproj/LaunchScreen.storyboard; sourceTree = ""; }; + 4612C562290039E700FD51FB /* Info.plist */ = {isa = PBXFileReference; lastKnownFileType = text.plist.xml; path = Info.plist; sourceTree = ""; }; +/* End PBXFileReference section */ + +/* Begin PBXFrameworksBuildPhase section */ + 4612C54E290039E500FD51FB /* Frameworks */ = { + isa = PBXFrameworksBuildPhase; + buildActionMask = 2147483647; + files = ( + ); + runOnlyForDeploymentPostprocessing = 0; + }; +/* End PBXFrameworksBuildPhase section */ + +/* Begin PBXGroup section */ + 4612C548290039E500FD51FB = { + isa = PBXGroup; + children = ( + 4612C553290039E500FD51FB /* hello-workspace */, + 4612C552290039E500FD51FB /* Products */, + ); + sourceTree = ""; + }; + 4612C552290039E500FD51FB /* Products */ = { + isa = PBXGroup; + children = ( + 4612C551290039E500FD51FB /* hello-workspace.app */, + ); + name = Products; + sourceTree = ""; + }; + 4612C553290039E500FD51FB /* hello-workspace */ = { + isa = PBXGroup; + children = ( + 4612C554290039E500FD51FB /* AppDelegate.swift */, + 4612C556290039E600FD51FB /* SceneDelegate.swift */, + 4612C558290039E600FD51FB /* ViewController.swift */, + 4612C55A290039E600FD51FB /* Main.storyboard */, + 4612C55D290039E700FD51FB /* Assets.xcassets */, + 4612C55F290039E700FD51FB /* LaunchScreen.storyboard */, + 4612C562290039E700FD51FB /* Info.plist */, + ); + path = "hello-workspace"; + sourceTree = ""; + }; +/* End PBXGroup section */ + +/* Begin PBXNativeTarget section */ + 4612C550290039E500FD51FB /* hello-workspace */ = { + isa = PBXNativeTarget; + buildConfigurationList = 4612C565290039E700FD51FB /* Build configuration list for PBXNativeTarget "hello-workspace" */; + buildPhases = ( + 4612C54D290039E500FD51FB /* Sources */, + 4612C54E290039E500FD51FB /* Frameworks */, + 4612C54F290039E500FD51FB /* Resources */, + ); + buildRules = ( + ); + dependencies = ( + ); + name = "hello-workspace"; + productName = "hello-workspace"; + productReference = 4612C551290039E500FD51FB /* hello-workspace.app */; + productType = "com.apple.product-type.application"; + }; +/* End PBXNativeTarget section */ + +/* Begin PBXProject section */ + 4612C549290039E500FD51FB /* Project object */ = { + isa = PBXProject; + attributes = { + BuildIndependentTargetsInParallel = 1; + LastSwiftUpdateCheck = 1400; + LastUpgradeCheck = 1400; + TargetAttributes = { + 4612C550290039E500FD51FB = { + CreatedOnToolsVersion = 14.0; + }; + }; + }; + buildConfigurationList = 4612C54C290039E500FD51FB /* Build configuration list for PBXProject "hello-workspace" */; + compatibilityVersion = "Xcode 14.0"; + developmentRegion = en; + hasScannedForEncodings = 0; + knownRegions = ( + en, + Base, + ); + mainGroup = 4612C548290039E500FD51FB; + productRefGroup = 4612C552290039E500FD51FB /* Products */; + projectDirPath = ""; + projectRoot = ""; + targets = ( + 4612C550290039E500FD51FB /* hello-workspace */, + ); + }; +/* End PBXProject section */ + +/* Begin PBXResourcesBuildPhase section */ + 4612C54F290039E500FD51FB /* Resources */ = { + isa = PBXResourcesBuildPhase; + buildActionMask = 2147483647; + files = ( + 4612C561290039E700FD51FB /* LaunchScreen.storyboard in Resources */, + 4612C55E290039E700FD51FB /* Assets.xcassets in Resources */, + 4612C55C290039E600FD51FB /* Main.storyboard in Resources */, + ); + runOnlyForDeploymentPostprocessing = 0; + }; +/* End PBXResourcesBuildPhase section */ + +/* Begin PBXSourcesBuildPhase section */ + 4612C54D290039E500FD51FB /* Sources */ = { + isa = PBXSourcesBuildPhase; + buildActionMask = 2147483647; + files = ( + 4612C559290039E600FD51FB /* ViewController.swift in Sources */, + 4612C555290039E500FD51FB /* AppDelegate.swift in Sources */, + 4612C557290039E600FD51FB /* SceneDelegate.swift in Sources */, + ); + runOnlyForDeploymentPostprocessing = 0; + }; +/* End PBXSourcesBuildPhase section */ + +/* Begin PBXVariantGroup section */ + 4612C55A290039E600FD51FB /* Main.storyboard */ = { + isa = PBXVariantGroup; + children = ( + 4612C55B290039E600FD51FB /* Base */, + ); + name = Main.storyboard; + sourceTree = ""; + }; + 4612C55F290039E700FD51FB /* LaunchScreen.storyboard */ = { + isa = PBXVariantGroup; + children = ( + 4612C560290039E700FD51FB /* Base */, + ); + name = LaunchScreen.storyboard; + sourceTree = ""; + }; +/* End PBXVariantGroup section */ + +/* Begin XCBuildConfiguration section */ + 4612C563290039E700FD51FB /* Debug */ = { + isa = XCBuildConfiguration; + buildSettings = { + ALWAYS_SEARCH_USER_PATHS = NO; + CLANG_ANALYZER_NONNULL = YES; + CLANG_ANALYZER_NUMBER_OBJECT_CONVERSION = YES_AGGRESSIVE; + CLANG_CXX_LANGUAGE_STANDARD = "gnu++20"; + CLANG_ENABLE_MODULES = YES; + CLANG_ENABLE_OBJC_ARC = YES; + CLANG_ENABLE_OBJC_WEAK = YES; + CLANG_WARN_BLOCK_CAPTURE_AUTORELEASING = YES; + CLANG_WARN_BOOL_CONVERSION = YES; + CLANG_WARN_COMMA = YES; + CLANG_WARN_CONSTANT_CONVERSION = YES; + CLANG_WARN_DEPRECATED_OBJC_IMPLEMENTATIONS = YES; + CLANG_WARN_DIRECT_OBJC_ISA_USAGE = YES_ERROR; + CLANG_WARN_DOCUMENTATION_COMMENTS = YES; + CLANG_WARN_EMPTY_BODY = YES; + CLANG_WARN_ENUM_CONVERSION = YES; + CLANG_WARN_INFINITE_RECURSION = YES; + CLANG_WARN_INT_CONVERSION = YES; + CLANG_WARN_NON_LITERAL_NULL_CONVERSION = YES; + CLANG_WARN_OBJC_IMPLICIT_RETAIN_SELF = YES; + CLANG_WARN_OBJC_LITERAL_CONVERSION = YES; + CLANG_WARN_OBJC_ROOT_CLASS = YES_ERROR; + CLANG_WARN_QUOTED_INCLUDE_IN_FRAMEWORK_HEADER = YES; + CLANG_WARN_RANGE_LOOP_ANALYSIS = YES; + CLANG_WARN_STRICT_PROTOTYPES = YES; + CLANG_WARN_SUSPICIOUS_MOVE = YES; + CLANG_WARN_UNGUARDED_AVAILABILITY = YES_AGGRESSIVE; + CLANG_WARN_UNREACHABLE_CODE = YES; + CLANG_WARN__DUPLICATE_METHOD_MATCH = YES; + COPY_PHASE_STRIP = NO; + DEBUG_INFORMATION_FORMAT = dwarf; + ENABLE_STRICT_OBJC_MSGSEND = YES; + ENABLE_TESTABILITY = YES; + GCC_C_LANGUAGE_STANDARD = gnu11; + GCC_DYNAMIC_NO_PIC = NO; + GCC_NO_COMMON_BLOCKS = YES; + GCC_OPTIMIZATION_LEVEL = 0; + GCC_PREPROCESSOR_DEFINITIONS = ( + "DEBUG=1", + "$(inherited)", + ); + GCC_WARN_64_TO_32_BIT_CONVERSION = YES; + GCC_WARN_ABOUT_RETURN_TYPE = YES_ERROR; + GCC_WARN_UNDECLARED_SELECTOR = YES; + GCC_WARN_UNINITIALIZED_AUTOS = YES_AGGRESSIVE; + GCC_WARN_UNUSED_FUNCTION = YES; + GCC_WARN_UNUSED_VARIABLE = YES; + IPHONEOS_DEPLOYMENT_TARGET = 16.0; + MTL_ENABLE_DEBUG_INFO = INCLUDE_SOURCE; + MTL_FAST_MATH = YES; + ONLY_ACTIVE_ARCH = YES; + SDKROOT = iphoneos; + SWIFT_ACTIVE_COMPILATION_CONDITIONS = DEBUG; + SWIFT_OPTIMIZATION_LEVEL = "-Onone"; + }; + name = Debug; + }; + 4612C564290039E700FD51FB /* Release */ = { + isa = XCBuildConfiguration; + buildSettings = { + ALWAYS_SEARCH_USER_PATHS = NO; + CLANG_ANALYZER_NONNULL = YES; + CLANG_ANALYZER_NUMBER_OBJECT_CONVERSION = YES_AGGRESSIVE; + CLANG_CXX_LANGUAGE_STANDARD = "gnu++20"; + CLANG_ENABLE_MODULES = YES; + CLANG_ENABLE_OBJC_ARC = YES; + CLANG_ENABLE_OBJC_WEAK = YES; + CLANG_WARN_BLOCK_CAPTURE_AUTORELEASING = YES; + CLANG_WARN_BOOL_CONVERSION = YES; + CLANG_WARN_COMMA = YES; + CLANG_WARN_CONSTANT_CONVERSION = YES; + CLANG_WARN_DEPRECATED_OBJC_IMPLEMENTATIONS = YES; + CLANG_WARN_DIRECT_OBJC_ISA_USAGE = YES_ERROR; + CLANG_WARN_DOCUMENTATION_COMMENTS = YES; + CLANG_WARN_EMPTY_BODY = YES; + CLANG_WARN_ENUM_CONVERSION = YES; + CLANG_WARN_INFINITE_RECURSION = YES; + CLANG_WARN_INT_CONVERSION = YES; + CLANG_WARN_NON_LITERAL_NULL_CONVERSION = YES; + CLANG_WARN_OBJC_IMPLICIT_RETAIN_SELF = YES; + CLANG_WARN_OBJC_LITERAL_CONVERSION = YES; + CLANG_WARN_OBJC_ROOT_CLASS = YES_ERROR; + CLANG_WARN_QUOTED_INCLUDE_IN_FRAMEWORK_HEADER = YES; + CLANG_WARN_RANGE_LOOP_ANALYSIS = YES; + CLANG_WARN_STRICT_PROTOTYPES = YES; + CLANG_WARN_SUSPICIOUS_MOVE = YES; + CLANG_WARN_UNGUARDED_AVAILABILITY = YES_AGGRESSIVE; + CLANG_WARN_UNREACHABLE_CODE = YES; + CLANG_WARN__DUPLICATE_METHOD_MATCH = YES; + COPY_PHASE_STRIP = NO; + DEBUG_INFORMATION_FORMAT = "dwarf-with-dsym"; + ENABLE_NS_ASSERTIONS = NO; + ENABLE_STRICT_OBJC_MSGSEND = YES; + GCC_C_LANGUAGE_STANDARD = gnu11; + GCC_NO_COMMON_BLOCKS = YES; + GCC_WARN_64_TO_32_BIT_CONVERSION = YES; + GCC_WARN_ABOUT_RETURN_TYPE = YES_ERROR; + GCC_WARN_UNDECLARED_SELECTOR = YES; + GCC_WARN_UNINITIALIZED_AUTOS = YES_AGGRESSIVE; + GCC_WARN_UNUSED_FUNCTION = YES; + GCC_WARN_UNUSED_VARIABLE = YES; + IPHONEOS_DEPLOYMENT_TARGET = 16.0; + MTL_ENABLE_DEBUG_INFO = NO; + MTL_FAST_MATH = YES; + SDKROOT = iphoneos; + SWIFT_COMPILATION_MODE = wholemodule; + SWIFT_OPTIMIZATION_LEVEL = "-O"; + VALIDATE_PRODUCT = YES; + }; + name = Release; + }; + 4612C566290039E700FD51FB /* Debug */ = { + isa = XCBuildConfiguration; + buildSettings = { + ASSETCATALOG_COMPILER_APPICON_NAME = AppIcon; + ASSETCATALOG_COMPILER_GLOBAL_ACCENT_COLOR_NAME = AccentColor; + CODE_SIGN_STYLE = Automatic; + CURRENT_PROJECT_VERSION = 1; + GENERATE_INFOPLIST_FILE = YES; + INFOPLIST_FILE = "hello-workspace/Info.plist"; + INFOPLIST_KEY_UIApplicationSupportsIndirectInputEvents = YES; + INFOPLIST_KEY_UILaunchStoryboardName = LaunchScreen; + INFOPLIST_KEY_UIMainStoryboardFile = Main; + INFOPLIST_KEY_UISupportedInterfaceOrientations_iPad = "UIInterfaceOrientationPortrait UIInterfaceOrientationPortraitUpsideDown UIInterfaceOrientationLandscapeLeft UIInterfaceOrientationLandscapeRight"; + INFOPLIST_KEY_UISupportedInterfaceOrientations_iPhone = "UIInterfaceOrientationPortrait UIInterfaceOrientationLandscapeLeft UIInterfaceOrientationLandscapeRight"; + LD_RUNPATH_SEARCH_PATHS = ( + "$(inherited)", + "@executable_path/Frameworks", + ); + MARKETING_VERSION = 1.0; + PRODUCT_BUNDLE_IDENTIFIER = "com.github.hello-workspace"; + PRODUCT_NAME = "$(TARGET_NAME)"; + SWIFT_EMIT_LOC_STRINGS = YES; + SWIFT_VERSION = 5.0; + TARGETED_DEVICE_FAMILY = "1,2"; + }; + name = Debug; + }; + 4612C567290039E700FD51FB /* Release */ = { + isa = XCBuildConfiguration; + buildSettings = { + ASSETCATALOG_COMPILER_APPICON_NAME = AppIcon; + ASSETCATALOG_COMPILER_GLOBAL_ACCENT_COLOR_NAME = AccentColor; + CODE_SIGN_STYLE = Automatic; + CURRENT_PROJECT_VERSION = 1; + GENERATE_INFOPLIST_FILE = YES; + INFOPLIST_FILE = "hello-workspace/Info.plist"; + INFOPLIST_KEY_UIApplicationSupportsIndirectInputEvents = YES; + INFOPLIST_KEY_UILaunchStoryboardName = LaunchScreen; + INFOPLIST_KEY_UIMainStoryboardFile = Main; + INFOPLIST_KEY_UISupportedInterfaceOrientations_iPad = "UIInterfaceOrientationPortrait UIInterfaceOrientationPortraitUpsideDown UIInterfaceOrientationLandscapeLeft UIInterfaceOrientationLandscapeRight"; + INFOPLIST_KEY_UISupportedInterfaceOrientations_iPhone = "UIInterfaceOrientationPortrait UIInterfaceOrientationLandscapeLeft UIInterfaceOrientationLandscapeRight"; + LD_RUNPATH_SEARCH_PATHS = ( + "$(inherited)", + "@executable_path/Frameworks", + ); + MARKETING_VERSION = 1.0; + PRODUCT_BUNDLE_IDENTIFIER = "com.github.hello-workspace"; + PRODUCT_NAME = "$(TARGET_NAME)"; + SWIFT_EMIT_LOC_STRINGS = YES; + SWIFT_VERSION = 5.0; + TARGETED_DEVICE_FAMILY = "1,2"; + }; + name = Release; + }; +/* End XCBuildConfiguration section */ + +/* Begin XCConfigurationList section */ + 4612C54C290039E500FD51FB /* Build configuration list for PBXProject "hello-workspace" */ = { + isa = XCConfigurationList; + buildConfigurations = ( + 4612C563290039E700FD51FB /* Debug */, + 4612C564290039E700FD51FB /* Release */, + ); + defaultConfigurationIsVisible = 0; + defaultConfigurationName = Release; + }; + 4612C565290039E700FD51FB /* Build configuration list for PBXNativeTarget "hello-workspace" */ = { + isa = XCConfigurationList; + buildConfigurations = ( + 4612C566290039E700FD51FB /* Debug */, + 4612C567290039E700FD51FB /* Release */, + ); + defaultConfigurationIsVisible = 0; + defaultConfigurationName = Release; + }; +/* End XCConfigurationList section */ + }; + rootObject = 4612C549290039E500FD51FB /* Project object */; +} diff --git a/swift/xcode-autobuilder/tests/hello-workspace/hello-workspace.xcodeproj/project.xcworkspace/contents.xcworkspacedata b/swift/xcode-autobuilder/tests/hello-workspace/hello-workspace.xcodeproj/project.xcworkspace/contents.xcworkspacedata new file mode 100644 index 00000000000..919434a6254 --- /dev/null +++ b/swift/xcode-autobuilder/tests/hello-workspace/hello-workspace.xcodeproj/project.xcworkspace/contents.xcworkspacedata @@ -0,0 +1,7 @@ + + + + + diff --git a/swift/xcode-autobuilder/xcode-autobuilder.cpp b/swift/xcode-autobuilder/xcode-autobuilder.cpp new file mode 100644 index 00000000000..8c6650094ba --- /dev/null +++ b/swift/xcode-autobuilder/xcode-autobuilder.cpp @@ -0,0 +1,62 @@ +#include +#include +#include +#include "swift/xcode-autobuilder/XcodeTarget.h" +#include "swift/xcode-autobuilder/XcodeBuildRunner.h" +#include "swift/xcode-autobuilder/XcodeProjectParser.h" + +static const char* Application = "com.apple.product-type.application"; +static const char* Framework = "com.apple.product-type.framework"; + +struct CLIArgs { + std::string workingDir; + bool dryRun; +}; + +static void autobuild(const CLIArgs& args) { + auto targets = collectTargets(args.workingDir); + + // Filter out non-application/framework targets + targets.erase(std::remove_if(std::begin(targets), std::end(targets), + [&](Target& t) -> bool { + return t.type != Application && t.type != Framework; + }), + std::end(targets)); + + // Sort targets by the amount of files in each + std::sort(std::begin(targets), std::end(targets), + [](Target& lhs, Target& rhs) { return lhs.fileCount > rhs.fileCount; }); + + for (auto& t : targets) { + std::cerr << t.workspace << " " << t.project << " " << t.type << " " << t.name << " " + << t.fileCount << "\n"; + } + if (targets.empty()) { + std::cerr << "[xcode autobuilder] Suitable targets not found\n"; + exit(1); + } + + buildTarget(targets.front(), args.dryRun); +} + +static CLIArgs parseCLIArgs(int argc, char** argv) { + bool dryRun = false; + std::string path; + if (argc == 3) { + path = argv[2]; + if (std::string(argv[1]) == "-dry-run") { + dryRun = true; + } + } else if (argc == 2) { + path = argv[1]; + } else { + path = std::filesystem::current_path(); + } + return CLIArgs{path, dryRun}; +} + +int main(int argc, char** argv) { + auto args = parseCLIArgs(argc, argv); + autobuild(args); + return 0; +}